last executing test programs: 6.061431143s ago: executing program 4 (id=12432): pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) setsockopt$inet_tcp_int(r1, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0xcc, 0x30, 0xffff, 0x0, 0x0, {}, [{0xb8, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x48, 0x2, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x8}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xcc}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r6 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$inet6_int(r6, 0x29, 0x50, 0x0, &(0x7f0000000080)=0x1c) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0xc880) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="050003000000fedbdf390f08d716fe0de72f426dd690000000", @ANYRES32=r5, @ANYBLOB], 0x1c}}, 0x0) r7 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r7, &(0x7f00000000c0), 0x10) sendmsg$can_bcm(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x2, 0x24, 0x4, {}, {}, {0x4, 0x1, 0x1}, 0x1, @can={{0x1, 0x1, 0x1}, 0x5, 0x2, 0x0, 0x0, "1c16338a1f503ff0"}}, 0x48}, 0x1, 0x0, 0x0, 0x4008800}, 0x4008001) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x1000001, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r9 = accept4(r8, 0x0, 0x0, 0x0) sendmmsg$alg(r9, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg$can_bcm(r9, &(0x7f0000001880)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000001680)=""/196, 0xc4}], 0x1}, 0x40000061) r10 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_ERR_FILTER(r10, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4) connect$inet(r1, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0xf) sendto$inet(r1, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0) splice(r1, 0x0, r0, 0x0, 0x7ffff000, 0xa) 5.85595298s ago: executing program 4 (id=12435): ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(0xffffffffffffffff, 0x4048587b, &(0x7f0000000480)={{0xffffffffffffffff, 0x0, 0x10802, &(0x7f0000000040)={@_ha_fsid={[0x8, 0x9]}, {0xda, 0xac, 0xead, 0x7fffffffffffffff}}, 0x6, 0x0, 0x0}, 0x0, 0x0}) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0108000400000000f7ff0a00000008000300", @ANYRES32=r2, @ANYBLOB="0a000600080211000001000030005080110001004abee33908f8eef1f16f10ccf4000000"], 0x58}}, 0x0) 3.846571542s ago: executing program 4 (id=12442): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_mreqsrc(r0, 0x0, 0x0, &(0x7f0000000000)={@local, @local, @loopback}, 0xc) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000040)=ANY=[@ANYRES16=r0, @ANYRES16=r0, @ANYRES8=r0, @ANYRESOCT=r0, @ANYRES16=r0, @ANYRES32=0x0], 0x590) setsockopt$inet_group_source_req(r0, 0x0, 0x2c, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @empty}}}, 0x108) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x8001, 0xfffffff9, 0x57, 0x1bc4, 0x1, 0x4, 0x5, 0x400, 0x36}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000016c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_route={{0xa}, {0x14, 0x2, [@TCA_ROUTE4_FROM={0x8, 0x3, 0xb9}, @TCA_ROUTE4_IIF={0x8, 0x4, r3}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) setsockopt$inet_group_source_req(r1, 0x0, 0x2c, &(0x7f0000000240)={0xfde2, {{0x2, 0x4e23, @local}}, {{0x2, 0x4e24, @private=0xa010100}}}, 0x108) 3.238874584s ago: executing program 4 (id=12448): r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket$kcm(0x11, 0x3, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r4) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}, [@TCA_NETEM_CORRUPT={0xc, 0x4, {0xfffffff8, 0x1815}}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r3, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x8, r7, 0x17}, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)='\'', 0x1}], 0x1}, 0x4) r8 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r8, &(0x7f00000001c0)={0x18, 0x0, {0x4, @empty, 'ip6gre0\x00'}}, 0x1e) r9 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r9, &(0x7f0000000080)={0x18, 0x0, {0x1, @local, 'ip6gretap0\x00'}}, 0x1e) connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x4, @multicast, 'lo\x00'}}, 0x1e) close(r8) 2.891503807s ago: executing program 4 (id=12454): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) unshare(0x28000600) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x15, 0x3, &(0x7f0000000900)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000bdc5072e4c75223f007e6ca306000000000000009c91420b66f0980e90dc0a9900d145243692fe648adf4cbc1dc631c378820861eccfa60822e798d6526600eea6c33dd5b2a7762091bffe56a9440bf23deb4dc8947d2bafec88ae3708013fdc5b2a1dbc7d50fcb6d9a01d03491c35fee5ff00002e40db34dea1063eaf2e3d6959435775943a5a7090b1c08454a248811ed0850a0e16793732f7c9af95af00100000955133044fd041b55379c29cc8ca9e1e5223ceb6f2e4980e5be2d3f36ae968af01953b6e4b3aa3fe0c375b2e17019ccdf4b9b5caccc4722cf3e6cfa6567c5a8e01bf465f0a27e54911827c4fa432ca89bf5ac89effedbe12b66ce9643697ac0e12a966dcea592613f479d71eb2597dd9000000000000000000000000001d5bdafcd419016b45507fedc616a94a06268d9b21e956eabc"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport}, 0x48) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x4) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r2) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum={0x0, 0x0, 0x0, 0x13}]}}, 0x0, 0x26}, 0x20) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x9, 0x4, 0x4, 0x2, 0x80, 0x1, 0x0, '\x00', 0x0, r3, 0x1, 0x1}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000dd0000000a"], 0x50) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000084ffffffff000000000300000000000000000000000200000000000000000000000000000a03000000000000000000001302"], 0x0, 0x56}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000000000000000000000000001850000000000020000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffff0, 0x0, 0x0, 0x0, &(0x7f0000000080)}, 0x9a) r5 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r5, 0x1, 0x34, &(0x7f0000009000)=r1, 0x4) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x1, 0x0, 0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0xfffc}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}]}, @NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_DATA={0x10, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xe0}}, 0x0) 2.603744235s ago: executing program 4 (id=12457): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100)) ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x8eb6}]}) close(r0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000007640)=@deltfilter={0x1660, 0x2d, 0x400, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xf, 0x6}, {0x2, 0x3}, {0xb, 0xfff2}}, [@filter_kind_options=@f_flow={{0x9}, {0x1630, 0x2, [@TCA_FLOW_ACT={0x11bc, 0x9, 0x0, 0x1, [@m_simple={0x1050, 0x0, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x400000, 0x4, 0x6, 0x2, 0x1}}, @TCA_DEF_DATA={0x6, 0x3, '[\x00'}]}, {0x1004, 0x6, "211b87f01deb7f9aec2ac97204a2055aaf678542fdb0b777ee045b78966e68db98b5ebf91ce1a181fa8aeaa304eeed16ab8faca9935873ff1fced04f282de64e6852c653232cdd213a1e3b8b15a677a064d42950ed6a45a111dc365ae75b80a9533de220a685e44340245bdd932fea9574079d2b0b37f97dd63186db3861efaaa04d9b480493f580fa6449699c9fbf888fcc832aaa4e90574ff53861b7fdcb274a7d3520986f4a0f263d53257773d3428dd1d85c9c2c78db734cb5f7cc112ec2b794f2ffdb650e852d10891f06c746ed96dfefffdaa04995b4a4e22633c354f1e8b9a95b18ae0601116ecf2bf932341f10ecf1a003744b8a76294206ac575564d6e6ac13ac692773e2f120f3c3331c9d221113ca12f1c0c8c096c64975ce97398a5d4c6ddf0893c1d99d645417f9645ef35ca3aad1d4a62073fd6412d1ee05eff5d554cff9653a05cf2dcf5cdc1f4887c44f0d465c0a9fd2e8843257e11742c23c5d5f2d43dd2c7de1b1772469421657321abe22a1cc627d8f630ebb896b7b95c6d7e5f44fc5b88ba5bf5640d3259df40da2b6b59362598e49dd07cd371c6353024b8a771d43af045098f473dd31665c5bbc1e451cae9aa5c486bfeb1d129d7a79774869121a4383e8708884f820271fa580d8b5b9e74b065fa630de7ae0baee155fef554e199b32c43bfe4778fc9796807eb6c7952ef4b135f1e8b8086ea699b71bb2d780d27506de425d58402226b40a683f0099f3ecbc001a3db649aa77d6f8003ae8f0a1d20a837aa9fea787b5bafc02954d6abf26a05e3c18663b041d453c3db87bc446a2a0309c37aebf1adab4b38ad7ce8299254afaa2b730b62e9a69a24b3f2b32dca58bfdb1f636fae771f129c2a05ddefb551a823c290e93d11dae0d1d13da04434e5c087a0713a9768226257281784cc2c5d759760f7f6eb9730547d3f6d9e1718393ac84681d73afbcc8282b9b78e163e4c1e186f3dbcf5ddbba993dddc5ca01f1dbca2063521b08a8118216a254a00c9819b46f4bc1e5e7cbc86d40c9dd49ae68456aa90fcc7d3a6849ba98899aa3df70eb28fd9db6444423e114b59e4f37e03d1bee8916602bdbb0336a8f784f04f8ade852943929696ee4de49fc681b66a87819cd8a39447d8f970db5e80015893a3787ae66a1ddc2fc799d73a55eadfb70c0380f2e68119970232d322eddbcef10d119c973a2e406157eb19a5f9d8338a90c083c1a957b64d3ccbc7ab616521df2a56521c3fb6c049220fb4e76307f6571bc2eb8e6904007f830110bb0c8e5afaa63c1596d8dd901ae6677fc79417bde87c8940528d3ec9eb6403755541a53e381436b18dedc4a34b571f9268859de550ee0c57358ab5c1de6b50dd558607e922c7f803fd8dbedbd979e6ee9670af11959973ed90baf1ee683dcd96b23f65c3fa33cb222717647e9e18e6a944510a7dd53e3c1841c717be7aaa07f9e33fbbbfdd18602a1ad753472c95629aab3f98b6a477c9658db18324a918e895f22b22103b1aed8bffe68b424377ead6da43e4e2e256cfcc3adad19d95992f91c296df4dbef22f62af8e6707f3f09da49e4065e8e6417b05b26cce3062cca881ada60377624660d2279d0de26dba9c5bcb59f07f3f0fd29e0cac2a2f4ba4c1dfee4c39a3f8c121b6bd04ccc45253e6d4ec42c8d2c524b945d911b4cf3dc631902d348c41404d1c237bc598a1b3820e38394804c2f880c401d0e15d631a6a69bbcc6e537d9ab2962029d673f2d3b94c22be83264c1e18887fb47eb856340bec3e16be056b4de30f0b4e98a1ed85a8923ac61fcd8cec236e8378b8fe9f6a6aab69530bdf20ac215c44777f741d8c2653abc7bf9c5bceead50220500903c1bdad93f4d079a9702603105a39cfe1a155afbca28fffbcf6cf71881cfcbe6ee8c813946f73ee22e9f1094fa6063f15efd3ba7afba78a4d5190a10804058124c3073746ac1330a563c4d6a4494503651eb0b138582f6c6dfef3e34975cbe4e6ebde95eaebdca29412a77ab8f81a7849e6d58bfc35d91be0b00c52249d3e1e63c6952709b2c801b9dfd6b140800762162728dfe799f57806d210c0ddccc38be5de8f59b9999e69d3fd4ee2d04187b1a6952a2f511ed464ba996d9e14993de6e385e4ca073f3cee20f24a2e2f58820ed34cab7ba3d23e6bfdd7c72361988d529d51991de78c7b4df59112e4fc613d5c39f68a0d03fee0f1300eb87891df3d315278ed03a931df98bf23b6fec29fef2be28db8ac4404a3f21f32f403a3cb5c28381f6eec51ec1853e9f0b1e1a8af717b5c77df6167e569e1c35116094b16bdb4b9cff7cd9dbaa7576765b1bacbef575cbdba35a1d27644c9e51d2d3a5455cc69ac7df756a3537a4f9788dc7fd330010e286ec6b5603ec0cf94eae263a593c9b81dd316774e931526dae2df6ef1a3044612545449c55a18a0f80b5aec73bd4e37d4e2cfaa7d9d9d7cda5d42e2f87adab5e9906aeb25138a0d98d3cfdcef8c6bb6fd4b570a0d9d48785d8bcb244b1965f249476cb9b649f80fa345ab9007410d514c998e4b98e85e7fbc4af3fa9f27312f162f6fc1472f814e36865524b5edcea076a46035c962426e9be294e8a2684330150bc51fb23c681ba6c7bc36a33158456fee69f6b2f21a0f4ff2420f523c7d49add0a1a9b261a9a5301d6f455a519e10e5b72348c473b48a9de4bd6a80ba8adb40e013a3954d470326424ac3eb1bf86b1e7b67c9a6b2ffee4a0b203d949e25be1b021da4092353373666fa548cdfee6ff6f0725b14d41ce3a985e42209bbd2ef97e19d9162e62d62787b93e77307342909298baae5d89ace04bce1ff25c8c0a346859407f2acfa0b6bce308c68b46fb191c83655c6f1c61e10404e88d50a04b5add2c7534fe6b9392859ddefc17927c9c8de6e767c7e5bb1ef89f6fc100ea32378657965d59e506551cd0bc1b762b316fd9579195ae589653b856935764d9f6535a0c3b1449dd70d080970b971d04f36b5f9d5dc4eff1a890df0f5eb8f35402b820b6a0dc8e16e17d71725a397df9f1a9b46fe89363dbfaf3642f25bb697bdd8176fb42737b574f499466d4f39cdebed542de3ccd564e60626ed310d53ca47dae8d717abde4ab50f213e1ec408f0c66ddd79fe7f9011773d27f84892f40e5b3ae7c661ea307ec5d044bf9f3f48c7708cbf8faf2b4c0a4d84d82a266fc6ca53f1d34edb6e113aa27fdb21f74654f2327d214ddc376b7cec9184383e13cc69b28820687da68497c15b08f2b3f42c9eb21298c44a05f6550d842c07c8df82c5bf4a1e2d1823d0851f43cd4a667ab95e467806481ff6f3730b3ac294b0044c92289cb76870ae3ce4e322390b6258b1e2048ca09caad14e9d162488c33dcbc2d7d2887e22a38c1646fecdceb980fd2c9c869cc5005702f627611a52cb01c4dad90eb539fb0845b8c77bf6259b77b8397538347c77958d998a2400d73e3f1fb78cfdf0f9293da5f93d809cddd313e44ebc0fa7c942cdcaadf859f501633d6100763a744e7f23b0d139b6b75a874d92e4922f30e20b0f365df50953c5022a1fe9c3a2b17cd3333478930d73d712ee117bbf35726d3b1872211118fc8afb6f8bd48aa04d7f3ee1d56abea422f88e9ccaf3aad9a988a2c3828a918b6ae0ed24cdafff8e59f42655acfc23c7860fcfef4bd6b6eec863a9c80e0c6b532400af399c337a019d0daa401293ed8e76f9032128b8ac53ba64edbe479ff303037287943752c697a26f77fffab7f7d64e8e66a2ff44faa1ab66ec99100a6208ee47c5a5910bdfb00ef23e763c91469cb2e76e9cc9378de00c4ab314633b422ca78b9ec0ee05c8da7dd53038ea2b70872c1a57e7a0e006b3a3facef58c9513b68e8dd3bea3199ee791b3235096bc1c00310c2716d540af90c5bb4d0859ee90d8fcfa4cd2f43aa27a3690a63236ebc2f992aa324153ddd5b0f6ef509008a95e993451082041dbb39a1e4974e6e6ccd6104a2a99cf687caaf87db77dae71f6e1ebdc2b311190d94ee5c17fea8d04014071c02a701c6d95108c3de9a341a1b749b89fa0262fa6063ab8c2173f17e938beeb2e55f7e59e9e65e722dae9e1ab8f808f02bf3726ed927b347422d29442df515e0c06267bb0d614d92066a98df65fc58bf246573625b50434bfc87f1069a529b5c628be305eff4257c647022569afac715f57a762e95b502aa764cb5141481e6465b2ede782d00a558b1a8011777731951fef4823aa88c29f31c69e5b0bd393d185481ec0eb3fa02baca20a2646be2d3652fc1dfbe1ae4f64cac0b392c1115a870e8872050c7962d6e6be2623dbc10fd3c0c0d94208e0cbd6aa202cf6894629eb771774fc6f0deb6b5361174f94df16db11bd67fadfeeb71f36fceb2e8fbbbd99365368d40632f88fd7dc7f10db090aa446d24480063137d1f9011ce7ca34c4cd8fb29e37ab653bbd160d2fb148fa51bb6629b573ca194ea36661cccf4c5a33b377915c021a986c24bd16e6651ee45acc3ef93af41ba0647edd56cc467a1a174b8bc225931ceca3cca869908d2cd4f84db675625a63c8f0ef55608714b9572e137a5288c01b95bf1a8f952312f1444b21e6ed47254a4967acb4f31a7ac97f5d702376823768a52a6df62e6fbe657ddc72294aedbfdcbaffaf2ddb2836c78d4ae01db198d7236f9e4bbf8de516ce033e02029d59600ad543e0bc26e7104f4c582bee28b88a320f947fc16915b98bad0cb8794ac618160de58d1e76b1ae0ba0ef57e748c44d3b8f7f8cda8405351d2094aa9383366d0ea8ad3f107e0eb60cadf2ad4e7923986debe23ec149a1258118cdf91e97d2e0136eff59f69af4067e1f1a9be60ff92df06501cc6ad4104eb63e460fdeb8a2ecdb697e2d94a7a3fa666f662ae6bf1598893c2ca26880986e0dc3d2b6ebb1e1dba9479565e3d78179b5ebc02693ae6af0e8d9b013ba4f4232a449e630d2b189765296ca333d622975e2529257280d69080b6f2298136e7100ca8f0b4fc68aacb7fc6ce9ea36753ed9638f23a2aae78b3caf2f12b5f62ff081e6640eaa47c5248232739a45b07adf266eec7793c4f074ec30152acefb3c386e9780e1681b264c6302f49ed6466fc4218d1f7e81f0880bb157b629923f289cf85c38e74243f534a5eb8ae44a4d9e16c65667a79323159832d6718f83ed46a1ea871c71c36e27cb2c8939b28c5efe403a6bab043500839441ee0eca42bb0dea88e594fa2c494dfad91cb78448b94602900a63d77c53479cb91fc3f9460a03c88ef36103ad0d2b4f1bd9b11e15a385686292c281626989f99d30e4f4bb730398ca74079736405922351a277d2685870e9e8cd7fd6dd22eb3a41ecebb875a23c7485a4d1ed14052f184a86fddffeedfb4fb2ae1ca8711fc2db9a4a0398243c6f26bbe6bccda181d31ff05900e78168d44b9e91487790cd0854017e18e19dad38dc06aba0e5e811c25cf25a7b1efc205b701ede50114ee9d6db5082d5284f4b61e39af6991a7dcde37e86c4765476d576f6485a7190503eccc581589c693c822b4d4d99479ba308c7593182a623bbad456f136df386fec26a1fd2c1da973f564b7dbd768538d8fd6abaa4fd39be8c97cbbe639d4ecd1751d8b36589c346eccce8b1fb09f1e6b0f89a4ab51ccf309c408c9d52ce61e522620c3acf7cbffdf6f54aaf98b60cba00a3c7a0cfc304efb46671a16e98ea37d36497722aa2be3e7fa95c5b4ccc2d7cc26751b8f1d9cfc403efe1e2da7b078058055fb8ab0d5123670873db2cefd98b648f3c7c7014a161d69d540a8477"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_skbedit={0x168, 0x11, 0x0, 0x0, {{0xc}, {0x6c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x9, 0x4, 0x7, 0x0, 0x9cb}}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x4}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x1ff, 0x1, 0x20000000, 0xfffffffa, 0xe0}}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0xf, 0x3, 0x8, 0x2, 0x1080000}}, @TCA_SKBEDIT_PTYPE={0x6}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0xfff9}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xfff2, 0xfff3}}]}, {0xd1, 0x6, "6aa584eddaf8f16948fa5dc339e8e681bc6730a0920e00fabd3bafccb311293da2e64ad2e0d35c028944f3b03b32e3b5306e2f653f77d019eab5d7520cf71d54bcefac5bbe8e9c08540600240329108ac05f58920f29fb4bfeea4d2b9bab8285245ec393fb5e74cc0f13d2788de2a65b682696eef334ca3cd31de51896d6ecc910c581ea4f32e31635b7046c3bd44fa0a5b645b5fec9f3ded85ad2459c157208705f723e8cc27c27a500d5e215f6876d059b9aa5aac67c3ddbfafb94ad0749e4d6a22bb732ef520d3832d15e0f"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}, @TCA_FLOW_EMATCHES={0x4}, @TCA_FLOW_POLICE={0x464, 0xa, 0x0, 0x1, [@TCA_POLICE_RATE64={0xc, 0x8, 0x400}, @TCA_POLICE_RATE64={0xc, 0x8, 0xd03c}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x4, 0x5, 0x9, 0x5, 0x573d, 0x9, 0xb, 0x3, 0x4000000, 0x0, 0x8001, 0x5f, 0x80000000, 0x0, 0x1, 0x4dbc899f, 0xe20c, 0x0, 0x2, 0x392, 0x8, 0x6, 0x6, 0x346b, 0xfffffff9, 0x8, 0x5, 0x15c, 0x9, 0x3, 0x5, 0x9, 0x8, 0x80000000, 0xfffffffc, 0x0, 0x0, 0x4, 0x7, 0x2, 0x8001, 0x3, 0x8, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x3, 0x347, 0x2, 0x7, 0x4, 0x0, 0xf, 0xded, 0x100, 0x3, 0x9, 0x17, 0x2, 0xffffffff, 0xfffffc01, 0x7, 0x2, 0x10, 0x0, 0x90a, 0x9, 0x5, 0x2, 0x7, 0xfffffff7, 0x5, 0x3ff, 0x85, 0x6, 0x3, 0x5, 0x3, 0xb561, 0x16000000, 0x5, 0x3, 0x9, 0x6, 0x3, 0x400, 0x3, 0xb676, 0x8, 0xffff, 0xeb, 0x400, 0xa701, 0x7, 0x2, 0x3, 0x2, 0x10001, 0x3, 0xa, 0x7fff, 0x3d, 0x5, 0xfff, 0x640, 0x14, 0x4, 0x3, 0x5c, 0x101, 0xffff, 0xb816, 0x8, 0xb, 0x6, 0x8000, 0x2, 0x556c, 0x1, 0x3, 0x4, 0x1, 0x7ff, 0x7e, 0x595, 0xa18a, 0x3, 0x3, 0x4, 0x3, 0x6, 0x2, 0x5, 0x797385b, 0x800, 0x7, 0x73, 0x3dd, 0x9, 0x6817, 0xe28, 0x7, 0x5, 0x200, 0x6, 0x1e, 0x4, 0x1, 0x7, 0x6, 0x3, 0x8, 0x1, 0x5, 0x6, 0xfffffffc, 0x4, 0x0, 0x3, 0x80000000, 0x7ff, 0x7768, 0xfffffff6, 0x0, 0x6, 0x3, 0x6, 0x8, 0x3, 0x4, 0x7, 0x0, 0xf31, 0x4, 0x0, 0x7, 0xa52, 0x80, 0x1, 0x7, 0x7, 0x3, 0x6, 0x9, 0x3ff, 0x200, 0xa, 0xfffffff5, 0xb, 0x4, 0xe, 0x401, 0x6e6, 0x5, 0x7f, 0x8001, 0x3000, 0x6d86, 0x9, 0x1, 0x81, 0x200, 0x1, 0x8, 0x1, 0xfffffffe, 0x1, 0x6000, 0x3, 0xa, 0x5, 0x39d8f70c, 0x2, 0x80, 0x393d, 0x3, 0x0, 0x3, 0x5, 0x100, 0x8000, 0x4, 0x5, 0xa01, 0x6, 0x401, 0x6e7d, 0x64, 0x81, 0xfffffffb, 0x8, 0x7fff, 0xb, 0x3, 0x100, 0x2, 0x9, 0x100, 0x0, 0x8, 0x952, 0xffffffff, 0x1, 0x265, 0x1, 0xb, 0x8, 0xff, 0x4, 0x100, 0x80, 0x7f, 0xf]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x1, 0x4, 0x8528, 0x27f, 0xfffffffc, {0xf4, 0x1, 0x6, 0x3, 0x8, 0x8}, {0x9, 0x2, 0xd4e7, 0x81, 0x5, 0x80000000}, 0x8, 0xfffffff8, 0x9}}, @TCA_POLICE_RESULT={0x8, 0x5, 0x7fff}]}, @TCA_FLOW_XOR={0x8, 0x7, 0x8001}]}}]}, 0x1660}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB="0000391645ab34df79e8dd757364980b00"/34, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x18, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000e50003000000000085100000fcffffff25000600ffffffff7a0a18001000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850100000c000000b7000000000000009507000000000000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000050000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01080000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d65746100000000140002800800014000000012080002400000002214000000110001"], 0xd8}, 0x1, 0x0, 0x0, 0x4000880}, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x5, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x824, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c0000001000000300000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="00f2a828c910654e3efae92e87000000000002022c0012a19a83b58cffffff6467595f736c617665000000001400058005001d00"], 0x4c}, 0x1, 0x0, 0x0, 0x34041043}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840) bpf$ENABLE_STATS(0x20, 0x0, 0x0) syz_genetlink_get_family_id$gtp(0x0, 0xffffffffffffffff) socket(0x10, 0x803, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r7, &(0x7f00000002c0)='cgroup.procs\x00', 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r9 = openat$cgroup_procs(r8, &(0x7f0000000400)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r9, &(0x7f0000000c40), 0x12) r10 = openat$cgroup_procs(r8, &(0x7f0000000480)='cgroup.threads\x00', 0x2, 0x0) pread64(r10, &(0x7f0000001840)=""/4096, 0x1000, 0x80000002) 1.754483651s ago: executing program 3 (id=12472): r0 = socket(0x10, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000180)=0x4, 0x4) setsockopt$MRT_DEL_MFC(r2, 0x0, 0xcd, &(0x7f00000000c0)={@private=0xa010101, @remote, 0x7, "46af12eec5c9b330a8f6344ad72a39e07c4675cbe2803d34878fe3037be5e73d", 0x4, 0x2, 0xd, 0xfe3}, 0x3c) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x8001, 0xfffffff9, 0x57, 0x1bc4, 0x1, 0x4, 0x5, 0x400, 0x36}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=@newtfilter={0x3c, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0x0, 0x7}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_TO={0x8, 0x2, 0x4b}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) r6 = socket$inet_sctp(0x2, 0x1, 0x84) r7 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r7, &(0x7f00000008c0)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) connect$netrom(r7, 0x0, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58) r9 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$netrom_NETROM_T2(r9, 0x103, 0x2, &(0x7f0000000040)=0x22, 0x4) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000040)="4dc07f947163300c", 0x8) r10 = accept4(r8, 0x0, 0x0, 0x0) sendmmsg(r10, &(0x7f00000002c0)=[{{0x0, 0x0, &(0x7f0000003f40)=[{&(0x7f0000000340)="790a8e027549ef861c2fff96ef84980724143aa002958e6ac3570dcd10be0b3ad94cecc3b22f0e21263f272d5c9d0d43eb62b518586c3112644e1e96e98e7f472c20ba55ed530d0b36e3f5f01b578603c3441cbb1ea0d568ec76f44cebe000e1b1946f05254a377e859d566906e0e5e936cc8e2ae5987468484054cfb372c589c7b5ada906dde72d940d66dd4bf52ac505c89844c0855cd58b62367c14e3a6d5d75bdbe2cf730916ffab13152ca4cd8b464a21753f618f832a6618fbdea3909fa66f8cce55bdda222d3d276db720ecc562035edd68b09dc7a44b43d0999f5128c6cdb85959296232abbdf336b10856ba40b8f7986a19", 0xf6}], 0x1}}], 0x1, 0x0) r11 = socket(0x2a, 0x2, 0x0) getsockname$packet(r11, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(r11, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70b52a, 0x2001, {0x0, 0x0, 0x0, r12, {0x7}, {0xffff, 0xffff}, {0x5, 0xffe0}}}, 0x24}}, 0x0) r13 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r13, &(0x7f00000002c0), 0x40000000000009f, 0x0) ioctl$sock_qrtr_TIOCINQ(r10, 0x541b, &(0x7f0000000040)) sendto$inet(r6, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) listen(r6, 0xfff) 1.752198878s ago: executing program 1 (id=12474): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) ioctl$FITRIM(r0, 0x40305829, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x13, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000079103000000000007b0a00ff000000009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x8}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) (async) ioctl$FITRIM(r0, 0x40305829, 0x0) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x13, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000079103000000000007b0a00ff000000009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x8}, 0x94) (async) 1.65155918s ago: executing program 1 (id=12475): r0 = socket(0x200000000000011, 0x4000000000080002, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) bind$packet(r0, &(0x7f0000001100)={0x11, 0x18, 0x0, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x14) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000ac0)={0x3, 0x7}, 0x4) r2 = socket$netlink(0x10, 0x3, 0x0) writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r2, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000002140)=ANY=[@ANYBLOB="5c00000002060104000000000000000000000000140007800800114000000000050015000c0000000900020073797a31000000000500050002000000050004000000000005000100070000000d000300686173683a6e6574"], 0x5c}}, 0x0) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000040)=0x0) r5 = gettid() r6 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x25, 0x1c, @void}, 0x10) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000380)={r6, 0xffffffffffffffff, 0x4, r2}, 0x10) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000140)=0x0) sendmsg$netlink(r0, &(0x7f00000002c0)={&(0x7f0000000000)=@proc={0x10, 0x0, 0x25dfdbfb, 0x8000}, 0xc, &(0x7f0000000240)=[{&(0x7f0000000400)={0x1c0, 0x29, 0x410, 0x70bd28, 0x25dfdbff, "", [@nested={0x14, 0x9c, 0x0, 0x1, [@nested={0x4, 0x148}, @typed={0xc, 0x113, 0x0, 0x0, @u64=0x7fff}]}, @generic="fe2019268b19056f7ada9bbc547abb7b53fc74bedaa6769a9eecdd3a778fa643b331f882dbb9d62f7c933cdbcd5e663eeddb377ae501e59b6ebd7e1bcaab1dc8d661e189d1f298fb65a4a9ca6e348432faebb0ded09ca9db2f267f28970605af85261cacb120f9df9bed97adb99281876ec78892e7f19b2def5a9fc1f0c223af23e056005229a050e05f39d0c7ccb056494d3454da4a57df3e59e627b305c53c01d7a96fa45a4820f57cbc09784273dd32de9042bd1d3238ccb741e4", @typed={0x8, 0xba, 0x0, 0x0, @pid=0xffffffffffffffff}, @generic="abe1347d21c31de0465d43c69867808a8a545ad7bd379eaa6136872bc30146023ca2c800661b2055b5b8eba99e5e4545479b9559cbb9c8a6cb4a36af45d2b2214dd6715593fc632c91dfe812f98d65f94f98fa799a236406f06684b35af78fd99c77c03d019d8ca62536a67735f0d3da288959d34f1d4d500e4f3e84751fa801543947d132267f42540724de9bfa03dd0376f6862c61049f5ef24c81330f9ac0808a004eec7b27655df29d", @nested={0x24, 0x4b, 0x0, 0x1, [@typed={0x8, 0x48, 0x0, 0x0, @ipv4=@remote}, @typed={0x8, 0x101, 0x0, 0x0, @fd=r2}, @nested={0x4, 0x104}, @nested={0x4, 0x6}, @typed={0x8, 0x63, 0x0, 0x0, @ipv4=@empty}]}, @typed={0x8, 0x2, 0x0, 0x0, @u32=0xf0}]}, 0x1c0}, {&(0x7f00000005c0)={0x148, 0x34, 0x10, 0x70bd28, 0x25dfdbfc, "", [@nested={0x3e, 0x133, 0x0, 0x1, [@generic="c97335a7a90ba8572da707a89468c758fe7574955b1839c790bad2feeb3ed697126b6dfbefdfd999c6b6509b2723601131eb", @nested={0x4, 0x8b}, @nested={0x4, 0x1e}]}, @nested={0x1d, 0xc, 0x0, 0x1, [@typed={0x8, 0x109, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0xc}}, @generic="9c7c2e043500b22c92", @typed={0x8, 0x12a, 0x0, 0x0, @pid=r4}]}, @typed={0x8, 0xa2, 0x0, 0x0, @fd=r1}, @generic="3ca18658c7e13f429c56107cc071387cb50fda21f298ae11e19645796273de9cc6dbd3ce91c18185b0e765ed61a43f68118b3096e9600acf855b76c3238e1f21c7cee68a1542f3134f3ceb546f7b00270ece266cc7624e33c2904fab060ad9c5730444284f46ed0b179c3499ef12322abe00284804d45b9b92b3b1a373d9044b733c9b077b0d01f47758c9b1c187465a23510bab73e55afebc9322122db06b04ea37e9ec5410e119ad946d9866aefa478ceb1e0c7121448b6ec3262871511057b0930a8caf3dbf0ffb74b4a5227c053f"]}, 0x148}, {&(0x7f0000000080)={0x98, 0x2e, 0x2, 0x70bd2a, 0x25dfdbfb, "", [@generic="7b1739ff029d0fd73dff5f32f31f21fcb732c0b591b9297fac32be5000ad40187ddef34244e2fb495dfef381d33d3699db6fdf14d6763e88e2acc097d2bc252946c560a73ed80d08a1d69de730e5db1d5902b76b1422544cd1d443ecf00b76ba98a3d9", @generic="c74dd866cf855de136e1232d40962be5ba6b54c31a3ecda6a568164e", @typed={0x5, 0x74, 0x0, 0x0, @str='\x00'}]}, 0x98}, {&(0x7f0000000740)={0x2f4, 0x25, 0x400, 0x70bd2d, 0x25dfdbfd, "", [@typed={0x8, 0xb5, 0x0, 0x0, @pid=r5}, @nested={0x14, 0x141, 0x0, 0x1, [@nested={0x4, 0xf0}, @nested={0x4, 0x13d}, @nested={0x4, 0x12d}, @nested={0x4, 0x54}]}, @generic="008c13f9237b393c063dac1e66e6deb906db01f7de90d1e37ba5ee78273a7ba67ade8e9866763a02240dce08df32ba291251fcdec110ff7e5db0201449b78c545850086bcb3b02b96cbb5534acdf69132879ada8c6d788f2b421bab5f3553caae7142d408caaa96f27d113299292cf8179e31c53092c440e4a9f4c3a6dbb58d4bcdc5177c12b33cdc8a2b705a87a73f9d8d0b9e7cb14", @typed={0x103, 0x65, 0x0, 0x0, @binary="6a0e4abb67a484958214c6ce3188e395bb84c7c75afbbfda67343f4db3bedbcb1e61035ba0c406e72854b670079dab112b5a47c17c2b29d63ac42918dc9888cfd40cf6b186cb5b45f58cddad8a0d03cc7a4b2a441a322bcb56391d01051783fd53797ee5adba818779612b7216d8a7e2a6c08d9013a0eb0185380984f24fda4a666fba04b942358cfd9e0c32c62ae339ee890d1b1b5c7e294cd70f56b1aed5cb280c6ba4c3b70e55f1254337f1200f72bed7e7f6a53e1ee79ec4fa0f5a804d287b4bb89e148751e714dad6f00c6f6a9da6e6690c57db2e77d2c169ab10ad74bc27fe4f52894202cb7389710697c7b3d0b2c8b64a0de08e5f74732ad2c03859"}, @typed={0x8, 0xb1, 0x0, 0x0, @ipv4=@multicast1}, @nested={0x122, 0xcc, 0x0, 0x1, [@nested={0x4, 0x3a}, @nested={0x4, 0x159}, @generic="71f7041b6faf63df45b4cff91e8656d1e1f5da3a9576742c4c426b78c3c0d03312bf19b077a8fc2ba73ddd32504d2cb638585551b688f472513c7d81147a820222705e6d3ce1ba1d6239a44079d63af7ea8d33a3c9a7b7aff12a75cb9d386788558d67511286f9ec4e2e0f219e2891b0b70b69f27dbfa05894f54331b3f4540292b6eba7f875e02c86487a50c6cef2ad236ce1522032ab7cca0604aad8c8615c4e1f5adb8982902c40603b145296874ef9350c5da40e7be9fd7fb1f324d422ff719ae90f4ed1e7f222e0bd41fd5aef18bc3b7d03b903799be394215294e6e9b10728d5687dc66bc607f65ba44dbfa36169b3a0370c06b30dfb9a19205a01", @nested={0x4, 0x62}, @typed={0x8, 0x139, 0x0, 0x0, @uid=0xffffffffffffffff}, @typed={0x8, 0xab, 0x0, 0x0, @fd=r0}, @nested={0x4, 0x96}]}]}, 0x2f4}, {&(0x7f0000000200)={0x18, 0x28, 0x100, 0x70bd2c, 0x25dfdbff, "", [@typed={0x8, 0x14f, 0x0, 0x0, @pid=r7}]}, 0x18}], 0x5, 0x0, 0x0, 0x8000040}, 0x20000810) 1.553084268s ago: executing program 0 (id=12476): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197bcb66fd5606c63e3389ee9e8552381646365066ef9a36a449c96485c22ad1aa423b7b89efbc6cd54000bb0ea5f4f1e8773144fb6ac9a44d43593d77e66aa7ed7f3d4e7b211590c738888d02b2dbb0b2ba73ec72e1d8d7360a128499dd19e1e7b9b0671f4f58515b45ecb9964f3c4ddb8234391d514f8d996d8d6dd7f8fadfee2d7a0035638ce27c2936cb04b30a0eb0cde0000000000000040000000ec3c12ecee8fc3a40000000000000000e215b00ce2570b930723cbadb4033d1b8aaa2cfb3fb89e4a6e89737fd6232218a9e0c099d1eb59d60b3cca089785642f327139bc4394fb6d547a9b3c22599e780c1da7433fb47615d372e3fffe9703e37d5c87d513165278650738efcc04d27b766cf7f60066edd292f6c8a2174f391ed164bb1816819ceb3e378e776d422bc946cd9501accebeac3a5b31d8abc68ae537cd44a04e6bc21c35a7beab2610c51e593676bf635a20f597f4631b91454d182f826071f5210bd6d93173589929b23801e63c2266fde13b5a04b8d48be057c752bc415a756ea9b4d34156c4f73dd5e5924ef101a5fcdaf37c7ba2c4a9de9b000000000000000000000000000000a73b862e4b63c245616b522345587d0ee65a6902bdd0abd941e8aba37510b222ae544f395edd1b92ad53fc68f08ea00edc5e10d768836169dd296d56b306e8b75778c37571792a6c3d8b02ef378ebd59422cdd008bef6f80a80a68641ea5ed4f1126bb676098c10bf663eb3fb8c839364d28fd046dc64b35f9c3397ce6f4ad357b0000000000090000000088c7a8e2638f650a6f04a6f33a090f59414d6ebcbc687e66d600000000bd0a58ea6d36fc2cf9b9a71c137a2a22adb1006f371d4faf47285fd66fe0389afb96854bb360edcdf11b4ff6dd578bba93e949d240cde9b5836cb46032484dc19c93db7b6e5afa10547c78e76a3111557346e52566df196fd630561bb908fff4d2e19562aabd43742a26a43799f8636fa04ceb40c9e4ca1cfbbc7b949cd245a3ee118fd0d4f639444539af8766028d4ac4d4c548e290199e0dacbb4f6796b39bf32934d941ba2f88e3ebd0cf8e24f99eca86e4ca9b2cd2b54044a7fc4631572a6378a32df288785f146275c1f548e2a0c1016744e05f9de5044373d7650125027547eefe7b2d8c8871bb65395fae99d8456883705bfdfb00001854b2e5efa8aaf25827d659f592b1575281ec125de7fb91cd81d91dcb19f5cdf1e1e2b4a8a1389753a09110538689e38e07fb2dc72bd4fd11d7bc16aac5d85c6101bb722895248e463a5fb45ce0e564e90cb19d5993b471687ae4165e29cf2f58082115f5f8569896eedfd798733223e6d6584997510c374912ab798bd4af4654c01bb2c411bc36468ddd62b4eba5cfc8953526e0e5b1359797956152d0098ce47c62c3fe5a23219389622b7f65bf03527d25c3941b9cf1ffeedf6d99082bb57ea871c12213cc40900f83033bc18c529171fae324c315bc6ce358831d0230412212acfd5fc8d5cb0d028cf568e8bb40e27befe2ff01f7c6674a4d86d900633ea36641e0a781ea0ea7f2d928b8b22e2f97dd13348927375baea6863bef4acf4299096ada5cdd2a0eaafaa760a79d102d1e0c0000000000000000007926653b8d79ce16a432f124786a0bc3c5b7d196822492ae1ccf91aeac16406ad6f9cd3d96d57fceba8360ae49f73351814c9c2972f11064aaf3739d9100f9c0e4d0cb17d50c82e305ba7d62cf1cc6da26e34982a8c74dd8122cf5b5e7c34fd2712a0cef05e4d8ec7dd363219676bd9b19943185b132eb35a695e208dfa5cecdb1d6425c8879063c0f11bd64291a4209ee6dc1d9e9010013f6148c603e6a335e298efd6ab5cccc47a2c568c6afec54f8251bd840752addf200371361c9eedf05ed98585cf6d99e9e56055064bda2d373369761238c278147cd0eb7799f6b9c9fcaa3fd282154994f5b25420c86db9b6401e885de1c615a719a1c83e8fbbb181282dbaf3313a4e4a4877e9f37607e2cd6da0cf6371ec06a75f5a4206b2418ad8897ae149085d63f01f22eca44033234b3930b4d5da756669a1d59d69e7de54abf439988ed7ec33c2d0a901bb0985a24878984d8a4340fa9a356d100926fb5f2ef9976366a61b8cc2bcb1c072b0e9c564852388e1edff10d75b3832792e471cc15b40380f94d834243080158603fbc9134d6983c540525447478984611c0d9666941bfc0a30db47a8828b6e5c51aee2094599b4ce52795750e1764f1657ca8c5633c71287239dddf5c651496f7bbd148c937f083d2e4e0197dbc6ff0649c749707b17399b1d7efad23abb8b40b38704737e15662ae4913a4a001cd3b71c7af75b5ffad9780650c800a40ca80ddc41987919142fd28dbf22db5f4c435415a03455e1d55d1783ccef97d7e4655cf839d06f06e137bbe462a03b3100231914b19739dd57b4f12d026ad0c7fd3"], &(0x7f00002bf000)='GPL\x00', 0x4, 0xb7, &(0x7f0000000040)=""/183}, 0x94) sendmmsg$inet(0xffffffffffffffff, &(0x7f00000028c0)=[{{&(0x7f00000001c0)={0x2, 0x4e20, @rand_addr=0x64010101}, 0x10, 0x0}}, {{&(0x7f0000001400)={0x2, 0x4e21, @broadcast}, 0x10, 0x0}}], 0x2, 0x40) close(0xffffffffffffffff) socket$inet6_icmp(0xa, 0x2, 0x3a) write(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8983, &(0x7f00000015c0)={0x6, 'wg1\x00', {0x392}, 0x1}) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x2, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000001d7118ba0000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'vlan0\x00', 0x0}) r3 = gettid() r4 = socket(0x10, 0x803, 0x0) shutdown(0xffffffffffffffff, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x403, 0xfffffff9, 0x25dfdbfe, {0x0, 0x0, 0x74, r2, 0x59808, 0x55007}, [@IFLA_NET_NS_PID={0x8, 0x13, r3}, @IFLA_ALT_IFNAME={0x14, 0x35, 'veth0_macvtap\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4802}, 0x4000010) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x600}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 1.463894324s ago: executing program 1 (id=12477): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000080)=ANY=[], 0x10448) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000700)={0x1000, 0x0}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000001700)=ANY=[@ANYBLOB="85000000070000004d0000000000000045000000000000009500000000000000", @ANYRESHEX=r0, @ANYRES16=r0, @ANYRES64, @ANYRES32=r1, @ANYRES64=0x0], &(0x7f0000000100)='syzkaller\x00', 0x7, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r1}, 0x94) r2 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x4020940d, &(0x7f0000000000)={'vcan0\x00'}) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000940)=ANY=[@ANYBLOB="b40800000000000073110e00000000008510000002000000b7000000000000009500c200000000009500001200000000830345f5b3f42590c416b734596006d9dec99bdcb359ce8c"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x70) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$pptp(0x18, 0x1, 0x2) setsockopt$IP_VS_SO_SET_EDIT(0xffffffffffffffff, 0x0, 0x483, &(0x7f0000000240)={0x6c, @multicast1, 0x4e24, 0x0, 'wrr\x00', 0x21, 0x5, 0x6b}, 0x2c) bind$pptp(r4, &(0x7f0000000000)={0x18, 0x2, {0x0, @local}}, 0x1e) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000280)={0x4, 0x6ff5, 0x410c, 0xf, 0x40, 0x5, 0x1}, 0x20) connect$pptp(r4, &(0x7f0000000080)={0x18, 0x2, {0x0, @rand_addr=0x64010102}}, 0x1e) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1500000078000100000000000000000007"], 0x18}, 0x1, 0x5502000000000000}, 0x0) r7 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$netrom_NETROM_T4(r7, 0x103, 0x6, &(0x7f00000006c0)=0x4, 0x4) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000016c0)=@delqdisc={0x2c, 0x25, 0x200, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, r5, {0xffe0, 0xfff2}, {0xa, 0x3}, {0x10, 0x5}}, [@TCA_EGRESS_BLOCK={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x4002) r8 = socket$inet_sctp(0x2, 0x5, 0x84) sendmmsg$inet_sctp(r8, &(0x7f0000008800)=[{&(0x7f0000000080)=@in={0x2, 0x4e22, @local}, 0x10, &(0x7f0000000400)=[{&(0x7f00000002c0)="776b08de", 0x4}], 0x1, &(0x7f00000003c0)=ANY=[@ANYBLOB="200000000000000084000000020000000a000800080000000f000000", @ANYRES32=0x0, @ANYBLOB="18069ccf93040e00000000000000840000000500009939fe8926986ef2c6"], 0x38, 0x4040000}], 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="620ac4ff00000000711066000000000095000000000000002bab0e19f3a9ef7d5e7d89ab3afbc4d26d1436e1a909697be077630dde6e124df7936ff6a5cda7551d5473eeb795a394401d868cbb7cd404d18a30927b374f7a083ecc55d8db0b2ca56af55faf7c61d98407b5f4ef85880b2783a1c1abf050ef73d85178c781df069315c1d6a3fe6dfcd9c67071c446a2f49d64349266b91d8802723e23790ee4cd9ae8b3f61c136c97b381d186d90e002986ff4090d9510129630b650b1758b5844fad47ac8b08947f22dea56d64c3d8a4358e850831e9bc9b"], &(0x7f0000000480)='GPL\x00'}, 0x90) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f0000000140)=0x68, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0xfffffffffffffeef, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0xfffffffd}, 0x50) 1.457806985s ago: executing program 2 (id=12478): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x9, 0x1, 0x80}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x90) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000002540)=@base={0x6, 0x4, 0x240, 0x7}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000380), 0xfff, r1, 0x0, 0xa0028000}, 0x38) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000007c0)={0x14, 0x15, 0x301, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) (async) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910700004f78d4c1a0731cccff"], 0x1c}}, 0x0) recvmmsg$unix(r2, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000001380)=""/4096, 0x1000}], 0x1}}], 0x14, 0x0, 0x0) (async) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f00000001c0)={0x2, [0x0, 0x0]}, &(0x7f0000000380)=0xc) (async) syz_emit_ethernet(0x7a, &(0x7f0000000400)={@broadcast, @remote, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "fec000", 0x40, 0x3a, 0xff, @private0, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "10b1a0", 0x0, 0x0, 0x0, @empty, @local, [@srh={0x2b, 0x0, 0x4, 0x0, 0x4, 0x8, 0xadaa}], "fafb17c133d11e59"}}}}}}}, 0x0) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r3) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x20, r4, 0xd7b825ccd16be7b5, 0x70bd29, 0x25dfdbfe, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20004810}, 0x2000c800) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$cgroup_int(r5, &(0x7f0000000200), 0xffffffc1) (async) r6 = socket(0x10, 0x803, 0x0) sendfile(r6, r5, &(0x7f0000000000)=0x10, 0x1000) (async) syz_emit_ethernet(0x4e, &(0x7f00000003c0)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0xb, 0x0, 0x0, 0x0, 0x0, {[@mss, @sack_perm={0x4, 0x2}, @generic={0x0, 0xfffffffffffffc7e, "a2898405704bcf372ce6"}]}}}}}}}, 0x0) (async) r7 = socket$inet6(0xa, 0x1, 0x8010000000000084) listen(r7, 0x7) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) listen(r8, 0x100) (async) r9 = socket$inet(0xa, 0x801, 0x84) listen(r9, 0x1) r10 = socket$inet6(0xa, 0x1, 0x8010000000000084) listen(r10, 0x7) r11 = socket$inet6_sctp(0xa, 0x1, 0x84) listen(r11, 0x100) (async) r12 = socket$inet(0xa, 0x801, 0x84) listen(r12, 0x8) 1.376447585s ago: executing program 0 (id=12479): syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/time\x00') (async) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/time\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000001080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000300)="c99bfa", 0x3) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0x8004b707, 0x0) 1.330312056s ago: executing program 2 (id=12480): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x213) r1 = socket(0x2, 0x3, 0xff) setsockopt$sock_int(r1, 0x1, 0x29, &(0x7f0000000000)=0x97b, 0x4) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000100)=0x6422, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) sendmsg$key(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001c40)=ANY=[], 0x18}}, 0x4020) syz_genetlink_get_family_id$devlink(&(0x7f0000000580), 0xffffffffffffffff) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000003c0007010000000000000000010900001c1b355d7f6f4621cb7876f2dc554beeb1a9215bdb357bde305fa6f7f717edddff028289b1e1022a1916ae727245adaecb14e9e75b"], 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0xc000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='blkio.bfq.dequeue\x00', 0x275a, 0x0) write$cgroup_subtree(r2, &(0x7f0000000080)=ANY=[], 0x10448) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40002042, &(0x7f0000000740)={0x77359400}) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x22483, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket$kcm(0x11, 0x3, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x103000, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newtfilter={0x40, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r7, {0x0, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flower={{0xb}, {0x10, 0x2, [@TCA_FLOWER_KEY_ETH_SRC={0xa}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0xc804}, 0x2) close(r5) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) setsockopt$sock_attach_bpf(r4, 0x107, 0xf, &(0x7f0000000600), 0x56) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) 1.310007048s ago: executing program 0 (id=12481): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x1410, 0x110, 0x70bd25, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_RES_LQPN={0x8}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x0) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x4) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000100)={r3, 0x100}, 0xc) (async) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0xe, 0x13, &(0x7f0000000300)=@raw=[@btf_id={0x18, 0xb, 0x3, 0x0, 0x5}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @map_idx={0x18, 0x6, 0x5, 0x0, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @jmp={0x5, 0x1, 0x1, 0x9, 0x6, 0x20, 0xffffffffffffffff}], &(0x7f00000003c0)='GPL\x00', 0xf50, 0x3e, &(0x7f00000004c0)=""/62, 0x41100, 0x2b, '\x00', 0x0, @sk_skb=0x26, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x6, &(0x7f0000000540)=[0xffffffffffffffff, 0xffffffffffffffff, 0x1], &(0x7f0000000580)=[{0x3, 0x4, 0x3, 0x4}, {0x4, 0x5, 0x2, 0xb}, {0x1, 0x1, 0x7, 0x7}, {0xe69, 0x3, 0x10, 0x4}, {0x1, 0x1, 0x7, 0xb}, {0x3, 0x4, 0xe, 0xb}], 0x10, 0x8}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001980)={r4, 0x0, 0xb2, 0xf9, &(0x7f00000006c0)="a2a43ed4af4258008c7f3413a130e1dc6650b722a09142323ee267bb6b396e5c15b637429644faaff15a9123328f8afab46a5fa91878cde44bc02fef5843a65e4734a33e10868d44bbb2d9fc404ddfb4949b0ede4601cba9340b0c6a4655e297e9f5c312fc870087dfa9504734d92a009f024c5ec35f95609b7edc3e8d95b0a329726263e4e5ce2ddcb8a109395993329665c1e02dd5f13492a49de25fc58afae42e0b4c647ad4d40e6afaf113c568af2444", &(0x7f0000000780)=""/249, 0xe, 0x0, 0x1000, 0xe5, &(0x7f0000000880)="d33150a626a55cef2e68e04021f3d9d182a53ee29391afd7d68bfd62c67fbf329805a670ee4257e421549cf3abc4286dfc24a501e20db22389c6fcf50eaf007b52cda563932647c3249eb96fa5c50cebc5fba87d175eeb808e629665a85b55ed9ce630b3cfeb0560861fd49840af9259812a7b27f65e03719e40bdd88c2e72c91fbaebceea66e71f3c9f14e44e10a372103c4420f01286929e44fe88935e1d8213b5b66d2600af4c80b982d0292d63d1cd23afe1a144aef0bbe867f75de8f3fff3901ca4af1bcbe46e24567bf37f1b15baf4e820dff0992491984742dd875c6b2cee45e775e894d64c81057d24e91dc7e725680a30a551c1b7930131e57e3452df349eea8ccefc290c1fc775465aa5c0a26edda551475e17e2940330ddad4160cb4e419b1779519f8d1033b2a623bb7318de50176a8bcdf7fcfdcee80ec83387a8121ff2abd10b279ec9c4d3ef2359e884d4a001c38542635677b908539399c8b48253eda0ea91ac5b94e1145d5d90bc2a59be0eb8782a46af1beb32049c0d43831f98bef3ff32b90879e1aa25d48c12042a57ae39a93f30839d454e82cb8b5a24b2e082f5a054df922bc4339b348ffe5e7a056e90c692f27fbe9cea8c9466d22ee2d9e6243789a9a0ad42f91b90777dfaa8fa7b4dc79499c9b9e4866b4bc3c27302288c5fef7627684d4b203e1ed43b20c08953c5bcea607f818d11e86a3fff5ed01b2c1d2c2c5248963d52791a575f527e37eb494f2e918aa89da4b4d3f05664cbe14009362d2d44be4ca5391607d49362b4027c454e42d420b4d09505e9466efd0c5b64ce06a2cc0b67c9da218e9c36cd56cbbfa472d62558040f70c5902c19d47bc6a7207470cb37b8dbfb2c641c6df364e77f4fc2673758f6a7931c8f29c2d1c9ad510f5c4c9a4b0f97f62d090a6729217bcca622bb80056ef05a2650dee0a98dead4806d64ce3c0ceb138eb65055cd30f8e1e021e24128906d8ef0212be58f2dd45a962718115356dd9a1eede8fca90ad04527a928ea5d86cf278e599737e677e5e235e6d139dd9e32960ebed3feb823199ee581156c67d5de7f5ba0e8f0d72eaf5475096a1a0251b63f4c3c0c230db2bd71cb1de83ab08d9b3a6c194bef6f23e60615339db5e1239023cfe8aa4a4cebc030a25abec58c012a2c968233c2d84929ea101c9ac4d99ed8bab2cdd06bd6083c01b590bd36ce3d4d470f746dd0d5b8e299bbce7ff6edce4a6a1686329bf77acd0e06375704cf6895883c8c306aae8f7c60d1ef4f786a0b9dcb4f90a80712e834391f07594969341d602ab5b11c871ccd4dd8cec18444d85d13b30ed4b380ab517016e3c4dc87445f7eac566ad2a9bad0e3728c7c76233cedca1fad4c85a49ee54d84dcd634fd855b79a86171079568fecf77e1b2a1cb08aca3b3a05dc28f95b08f2265696e7e2b20fe2169e386de3a18b9f3c51440319a71130e5aff62f646be76e6678829b7edde4ba51e6aeffdf3d6f5fa75be957ca9a92bb2ea14f3eaeb71ad9baefc569a678edce6925cac73d94ab0a7cac30c11ad3f4801d1a3f44c2b0ee6d4719c1c51eb8643f9b22ba1870225692d07d9537320b6679f6ec6ec07c00132c84c58279391821d5b6ceafd7c3784043b337c165175a2ac90111f921eb00bc2ae14c3702c3ba0a3b495fea6146e4c033fc2d465b1320e3feec6ec7f7252db71c0aef41988544923a3e028a92e475271e587affb9462408ce3c8c35d37903a20a5dac4d46dcad00a5a48701e4f51eff5a9d0772244957c8982b2c89b291134a4f23261b710bb63d2f392810750796a31fc8633a67b693eaeb472bfb0b7d71bf9dad5073dd19e2962353a3f8e90cba0549eff79db809488fc398d1b14f9cd39fe9f225f1b1c4bd137844a21fa6acfcda6946de8daf4cdfd9c9aba9014cf8c783032bc372be1ef2c9ae8eac27a22fc8084ef3f8c9f6e072ad28006d538544574f187164189e10e5a2281ea5d360fedc716656502394b24b5520605b737e93c68275efaf908177ba2382fc4d4f8db489a1cdf49d89c0e05f653708501d5ae516f0293fdf8a2a2ff7a1db35c96c13755ec97403fa5e1e8d2be5fa9d57b2024fc5558a93c8c7f642aeb7d19133272edb4f10b0ff4522fe00a961f9b03508206838b0ffd031ae05662f5a63e34cf4fb7f65e0c72b3b7a5906dce16e1c84502b2a1e98015c062baebdae8eb051f45686b88ba8e86564c2a7abf69480f81c0e32c7618243074347661db0d315eab95b07cf79db0df51c32a24c8ef85d8e20cb18f1b5fef0bfedb670514cb1f067e406f4fe8466bf546fc68c653033bf4e74db9c0e07266eb7868448c4c53cff1eaf6d22c2a3a6e6645acbe338a3a0d0d95de4721809b62c562bb9ca0d9019be462b22a1133ed0ff122060ab556c3a309d2b82023ea2e6f8d7b6529879449ef059b2789d8d3bb9d096c506cc25867198b7a489e813887b4e3986739736af019cc94d3f758a800918c2552def406d67b8e39a55122f8779f1fd3647e6b80ad4bb599a964f15387cad1d268cc1264a1e46c2ab341a292681ebb67cd3ffad99171f6097274490412ce08c5bcf71d2b67ccb3c97c7df9a6a85f684a2bb9f54ac9c3917fa00f351c6bc2f5a797780bde6490e32746bfc1b19c8fe34108d3e5879ae31759e95c2af94c5b763ea556d044c37f92c52ef8466be12040fc84ce07efb538763476dd84603511666454e8d815498c5d0cfef0a06628d990c561c80a04c1bf572e904917ee2730cfad3db0699e769b55747782b789641fcb284de8fae2f1ac8ecc4dda1ca36e1eae1a1ad331b167c9f6dad47bce4cc443b34bf6317b1d7be804e9b0588c484fed1ae5d2b25d28bdf61f83ccbc34c1cf5f8b852e6a59963e063f63318099bd1456e9f870738461d31ed0b66f57b660551bc7ca740bcc8d81554003ebea968e29a85e6148b512b8393b47722a96719f5dbc0b9544202109a880dfe63b6932eab1b853ba7a0bc48b6a64c7e102a693c02c69c51088edda0184a3c5b277fdb520be0f439ae79941b39e7bac5c5b9bfe147a611cd9f99031b930c99ed72e9a8000f967778d27fe8d7038c4ba3618a2539d8565869adbb5c4e646a737f3bd7be73e17082b54ef8590fa899aa164df206477de322fab1442c534bd7c1996e4c66bfdf45965c891143bfe1ee694db850dbb8f0a5996165ea720848158b3ecad01a508ba2b88600929bcb52a887ee331d1d927ab1550d682738c5ec4a159d2aeddf021d0c1829290e4c01d3a48d9f883556ac82da2d14f21f707cd51d9b9f83f482b72fd5f881836376333a70dd089a26d231e430d41c59abb2002d205d01b6a823e7130e9e25d733927f78437b985375d62a98ad18bb839e58c72d620fe7046f3fa1a8bfe3b2edd9b527ce5f1cd78f4198f1d3f7a7610dae173d32594851ed1a5a011e38326d9d017bc9885e3921b552840285f62b2a3471c495634c9445a454ebebf5f7b0d1d13e79329762acf7db27f2c84cdfa493428d50d2bdda1f38ac10a1ab1d25571d402e58789b44f42488e2a314d1e3556e9969904f036941a0ab90a6ef0a070beebff37bc6911df65b2dc4e67cee24bf0ea28142e7e7482b70f2c48c000587bc28d86eb1102fa1916d054656754419cead07a8bc7b1c9c91526d3a0f9d9e7dbbcec2353a96f9747b38e730d94f0b5b1aa7e4ab155df1cabf680e22eb5720c5df31378f8e4ddf9f2899cd79f440ed1bc6f11c7ccd066fec49aea06d11b76ff74c9fb2bbd465f90a7d76ec8fc54503553c8b039a928d4d226f5b8638ba7b9c69ddbbfc6ed9aac0e6d07b0b54245fdcdee186bfaf120641865cacd858713f2e1b31c2cae0ba8b4bbfbab4701d90eea29258b960beee818cc3cdd467a67a0ea94109531cd6989aba789fe4f26bf1f9513ef2f6b64339fb752532770e30f2a2bb496c27ee8230a3cb5f1ca32ac0ca7f356260b9aa0c41d031148d2232dc48c7fd70d9fe06fb90eb81815e7972f91bf9f338727d7d04c20cf7f14b0fa96c0635baea6657ce4b589e5975da59b338e2f03327ef21b9343d82ac74b34619019164f1b3e11b4a807677f689b8f2752bb5661875c3375860457a87e52c4377ac8c014cf534efff588ea0baed7bd1e3f719a4818d1c3ebf3338b98384a9f16b6f36f51afbd6cfee89ddccfe1a2b0972586aaebc70863757be6f06cb2de887133f4b476e6af4c8ba421e9a59cd1eb012be7319dc46d6c55113a7e7fd4ba6cf13bfcf39ae9645369315d6ace0a99b4d2600a85df650a217012403dae402ca8cff4c6d002183ac9ff8220cc249be56e7c9924388a8d6739099b317a3e06fa4c10806bcc076f64441f8134ed942de1c684a35a495a792141c7b57ce4eb590ca0a8a24a4392f5a45b29bd58d5d41ec25d3f24c80d82900590fb15e8a6c079b2675ea5a27fd074f169f2524face90a2dfd11aff8e7f99a0b283ac8d785db0220aabc7013bcaedd4ae9ba61980751c29522199de21c02b1ba23c88bbd3ab3d4c4fd90be394a8124d5bde63e9da223e0ecd913244ae32403593cb6b03d7cf97bd82392c6dbf9b648ba1bdb6d5fc4e95f3b7b60107702853255c014587488e86a36bcf1d3475e31118e699813589a0f27ab2834ee8f4c29edb1158d125a313cf40052185d08c44c7c40cae75eaced4b1c47dc5d113ac39ef131a5c3f1a385e48a65b3f404ac17193daa94e81544e5353ab1424de98f56f52cfafa4f0d6a4dbad00a2740ec4345dd6b0f520f313e288b75575bc667c1df5682240fbf5c5d1028274533414e4ff4c2185383791f1f255cb144e5146b4c96d6f7808b0ab67052be31dc502bd63b77bf073aec98f3d78f9ef1e9b7da4d30b3ef360422ba0681678766728fb9d9003dcba81636087e14a2d211795f311fee3d7d0016f1512916c86a6e144d692c3b9afe62140ee4bd17bde5940aff754e1c3d81127c30a2dfc407433b2373f628d18bd2d98155b69d428036bf2755fc636d8f7702d57a5dcc9ff0d35ac6c2de285de0fbe759b0fd2aef2913dfa597789f07f38b54dfb545cd4e19a02aa5b81051c6b0a94d3ebc4ae5db4821b67567dfdc364adb87aa00a52394c3baf0a6a27d4add293f5a80642cac7738575485dc874b7222aae88c8064506eed68b81e27508d38c4f7904b2392e02881ab0e96c2cc6586d98229525d1faa995e2b56fd54657f3753053a3c9f0d3fa404809ff861f3851f96f1e04902a115d8c3e9aa92925a2490c3a894912de012dc568649c4b2b381e683ced039124bf025d51c8479d704d49fbfb26f690843a1d600d2986c26fd611434350a8b4ed7bc43f3bf053ec770890bcb1accfc36913be616c9d85d3c10d845d33d8cfd4ae074d7f654fbbdb81335adefb34dc0bbb9fa6fc2d0c033dae6290c82e4552310613aa7e8a5eb02375e5498be3b4670ba22a4913778dca506c987534ce2fe0e5314bf6dc3b35873673a263a675b6af04213febea3ea6518db900c960617f06f0d7686deb42d57a79d3a900fbf9feab273de113eba09af957b398a50d6b628360f1535650d0c11c18bc7787ca0172cbd3a726390cf98dc994b3df5d52c8000358bac778c5ed48bc7384e37cbfd0101325834df3d6339410659f91b04e745cca4518a3d22057dcc7c05000376a89c2254b3316a168186616a8d42516a75b732fb73bfb3f49532aee897fc38d8d33b70f62342ae4be1e4a9bd1914a13cfa011eefb73d13a26d7d3c6716161116107c53c205c8f417aa07ce5aefd702722befca3e11e4cfc2d931e50e9c0622", &(0x7f0000001880)="f86308ce78f78c7db0eb78867b911ad0b776139ae7acd4729c4f9c2e9b1326256454c5f0573fa483daad6fcaa8b6b26a31e44d0eb3ef92fdb127f604eeed92ed71a16d3866b0f193d2ef1f3c42839b137e9ff8412d2bdee4af68a5ccff3afa23f4e580f5f07e87c48278a067fdc25827c22c635d06264abf3f7f16951a1f14870064613824b0e4b35a684f84c05975e58d8197a9a3cda51b576857e631e0fc7891f03732b3bfce13148e486a87ddf8d2ee7f735ecbc841d884b5cf0c7aa56fb0f3d208b263b874342a0fdc1d1bcecab4847298391a71348c763b173ea564e58f934ccfc919", 0x1, 0x0, 0x6}, 0x50) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="1400000010000100f7000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc08000340000000144c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a3100000000200003801c0000800c00018006000100d10300000c000440000000000000000114000000110001"], 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x4000044) (async) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002f40)=ANY=[@ANYBLOB="40000000210a010900000000000000000a0000010900020073797a31000000000900010073797a31"], 0x40}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) 1.147551233s ago: executing program 1 (id=12482): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) (async) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x100, 0xe}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x0) socket(0x26, 0x4, 0x0) socket(0x400000000010, 0x3, 0x0) (async) r4 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) (async) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000027c0)=@newtfilter={0x4ac, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0x5, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x478, 0x2, [@TCA_MATCHALL_ACT={0x474, 0x2, [@m_police={0x470, 0x1, 0x0, 0x0, {{0xb}, {0x444, 0x2, 0x0, 0x1, [[@TCA_POLICE_RATE={0x404, 0x2, [0x1ff, 0x3, 0x10000, 0x81, 0x7f, 0x5, 0x4, 0x2, 0x4, 0x5, 0x2234, 0x83, 0x81b, 0x7fe, 0x8, 0x0, 0x3, 0x7ed53619, 0x1, 0x2, 0x9644, 0x800004, 0x58b, 0x85a, 0x3ff, 0x46, 0x2, 0x1, 0x0, 0x80000000, 0x10001, 0x790, 0x5, 0x1, 0xfffffff9, 0x1a77, 0x9, 0x3, 0x400, 0x63c, 0x0, 0xffffffff, 0x1, 0x3, 0x3, 0x5b1f, 0x7b0, 0x3, 0x100, 0xfffffffe, 0xd, 0xff, 0x3, 0xfffc, 0x6, 0x10a4, 0x11ff, 0x80, 0x4, 0x7, 0x3, 0xa14, 0x3, 0x2, 0x9, 0x81, 0x7, 0x8, 0x5, 0x10001, 0x8f7, 0x3, 0xfffffef9, 0x9, 0x4, 0x8, 0xfff, 0x3, 0xffffca9a, 0x6, 0x7, 0x8, 0x100, 0xc0000000, 0x0, 0x6, 0x6, 0x8, 0x80000001, 0x8, 0x1d24, 0x2, 0x7, 0x80000000, 0x7f, 0x7, 0x9, 0xff, 0x24, 0x5, 0x8, 0x6, 0x10007e, 0x8, 0x0, 0x5, 0x470, 0x7f, 0xe, 0x0, 0x1, 0x0, 0x4, 0x10009, 0x61, 0x200, 0x9, 0x2, 0x2, 0x6, 0x3ff, 0x8, 0x7, 0x11, 0xda56, 0x7ffffffe, 0x180, 0x2f0cb955, 0x7, 0x8, 0xf, 0x6ae, 0x9, 0x0, 0x9, 0x8001, 0x0, 0xec000, 0x0, 0x1, 0x2, 0x9, 0x7, 0x6, 0x4, 0x1, 0xffffcf1b, 0x282, 0x5517bc7b, 0x3, 0x4, 0xb6b, 0x5, 0xf7800000, 0x40ac, 0x8, 0x3, 0x10, 0x9, 0x8, 0x80000001, 0x0, 0x74, 0x2, 0x7fffffff, 0x3, 0xa, 0x6, 0xffffffff, 0x8, 0x2, 0x7, 0x7f, 0x5, 0x3, 0xa, 0x1, 0x0, 0xa, 0x300, 0x5, 0x3, 0x6, 0xffffffff, 0xffb, 0xff, 0x3, 0x8, 0x3, 0x2, 0x9, 0xb, 0x399d, 0x5, 0x8ab6, 0x18000, 0x2, 0xfffffff9, 0x2, 0x2, 0x528c, 0x205, 0x200, 0xac, 0xf, 0xd05, 0x9a2ce73, 0x4, 0x6, 0xe074, 0x6b10, 0x5, 0x1, 0x6, 0xb, 0xa26, 0xaf6, 0x0, 0xec, 0x6, 0xde16, 0xc418, 0xffffffff, 0xffffffff, 0x9, 0x400, 0x80001, 0x5, 0x354d, 0x4, 0x2, 0x1, 0x200, 0x0, 0x8, 0x7, 0x0, 0x80, 0x5, 0x8, 0x1, 0x9, 0xe7b, 0x0, 0x7, 0x42bf, 0x10000, 0x9, 0x9, 0x6, 0x4b75, 0x80000001, 0x1000, 0x5915, 0x10001, 0x1]}], [@TCA_POLICE_TBF={0x3c, 0x1, {0xfffffe00, 0xc7a9694b94481158, 0x5, 0x1, 0xdbec, {0x8, 0x0, 0xb55, 0x5, 0x7, 0xb}, {0x6, 0x1, 0xd, 0x800, 0x1}, 0x2, 0x0, 0x6}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x4ac}, 0x1, 0x0, 0x0, 0x10}, 0x0) 1.064310983s ago: executing program 0 (id=12483): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000400)="390000001300090468fe070000000000000eac3736000000480100100000000004002b000a00010014a4ee1ee438d2fd00000000000000720896bba4b0ac43109cd34e9d7dc51dcf26960026404e7a5ef4b249cab8526efda284634ae585a109c012c40676d7d60ebd142af34706d1166b6e66b47ad55be0ed6b1a6f8ee46ad14ab46c", 0x83}, {0x0}, {0x0}], 0x3) sendmsg$TCPDIAG_GETSOCK(r1, &(0x7f0000000280)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000780)={0x1ec, 0x12, 0x404, 0x70bd2b, 0x25dfdbfd, {0x2, 0x1, 0x5, 0x5, {0x4e23, 0x4e22, [0x2, 0x0, 0x3, 0x81], [0x3d9fbe4b, 0x9, 0x9, 0x2], 0x0, [0x3, 0x2]}, 0x0, 0x9}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x1, "bc4a9aca"}, @INET_DIAG_REQ_BYTECODE={0x69, 0x1, "6d941d7fcc97cc2f2692048c0c4b071f95cf303b25aeff0fc8f811dd79cbc959940c3dbefb799dd2d96d3e7c35a73b6f44c0ce6f87922981ca19cbd1f132b4b6337a12ac686385cf646bf3350f2a11a47e9395dd34c4efed548695a4722b84ba4f359f2e03"}, @INET_DIAG_REQ_BYTECODE={0x1f, 0x1, "1d1e4b96b1a3f7844beb5667c9914fcf79d753a785965d25ac88b3"}, @INET_DIAG_REQ_BYTECODE={0x9d, 0x1, "2e3a975baffeba0a394abc0ed36c532bbff7ab6f83b64718a53af6ee1c89e8d444cfc63346034f99c079955daf32510325b7209941b6a4620d3e13ed2493ef5935c9611247d6e1e722a9594317c40f1ab64c4426c8d9f645f86eb54c95bea42433b907cd4cbc94ae6207f00f2f894e93916bbec6fd69820cff40d7d7a3b38181fd07444fea7d08151ab4296cb2f27de1206270cf7cf93b0f9e"}, @INET_DIAG_REQ_BYTECODE={0x6b, 0x1, "0b99526a7152a94327331450271d8cbfe1b6feff0afd9485b689c8d27f0a3285b83bcc39ed33e21a13b57958fff5d81110f8f53087176dadb5272e48e6b70506d375208c6f9138304fb0e635ef3181f1972caf15ac2811cede54223a6f5b16250fbe60da4edb53"}]}, 0x1ec}}, 0x4000800) socket$inet(0x2, 0x2, 0x3) unshare(0x22020400) bpf$TOKEN_CREATE(0x24, &(0x7f0000000080)={0x0, r1}, 0x8) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x3, 0x3, &(0x7f0000000100)=ANY=[@ANYRESHEX=0x0], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd7e}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r2, 0xe0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8a85009a10d943a, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xffffffffffffff81, 0x14, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x64) r3 = socket$pptp(0x18, 0x1, 0x2) recvfrom$inet(r0, 0x0, 0x0, 0x40000000, &(0x7f0000000040)={0x2, 0x4e21, @rand_addr=0x64010102}, 0x10) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) bind$pptp(r3, &(0x7f0000000000)={0x18, 0x2, {0x1, @local}}, 0x1e) bpf$MAP_CREATE(0x0, 0x0, 0x0) 1.063571083s ago: executing program 1 (id=12484): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000012c0)=@newtaction={0x18, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x20040804) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)) connect$can_bcm(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000280)=0xc9, 0x4) readv(0xffffffffffffffff, 0x0, 0x0) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x80}}, 0x0) r1 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="500000000206030000000000000000000d0000000c000300686173683a69700005000400000000000900020073797a31000000000c000780080008400000005d05000500020000000500010006"], 0x50}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)=ANY=[@ANYBLOB="40000000090601020000000000000000000000000900020073797a31000000010500010007000000180007800c00018008000140fffffffe050003000800"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) recvmsg(r4, &(0x7f0000001700)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) write(r1, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/27, 0x1b) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000006680)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000001c80)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000340)=ANY=[@ANYRES32=r5, @ANYRES32=r6, @ANYBLOB='/\x00\x00', @ANYRES32, @ANYBLOB="73993be5a233705951fe64a2a9449236e2a1a1664a04d93f33e322b48a50c4ceec7e619a629b19cc36356a6a398a52ddd2d5fac63dd8d696a5bd3c6131e18d4f567eb44f27b8e22d2ca642d4276b6a491322d3eeb567e6df7a00"/102], 0x20) close(0x4) 1.007678204s ago: executing program 2 (id=12485): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xc, 0x16, &(0x7f0000000240)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000570600000fff07006706000002000000070600000ee60000bf150000000000003d650000000000006507000002000000070700004c0000001f750000000000006154000000000000070400000400f9ffad43010000000000950000000000000005000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffff28}, 0x48) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vxcan1\x00', 0x0}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{0x1, 0xffffffffffffffff}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="2001000012001307"], 0x120}}, 0x0) recvmmsg(r3, &(0x7f0000002640)=[{{0x0, 0x0, 0x0}, 0x81}], 0x1, 0x10020, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001380)={0x18, 0x3, &(0x7f0000000000)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0x2}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x3}], &(0x7f0000000040)='syzkaller\x00', 0xfffffffe, 0x1000, &(0x7f0000000300)=""/4096, 0x41000, 0x29, '\x00', r1, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000000c0)={0x1, 0x5}, 0x8, 0x10, &(0x7f0000000140)={0x0, 0x9, 0x3, 0x200}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000001300)=[r2], &(0x7f0000001340)=[{0x4, 0x5, 0xa, 0x7}, {0x2, 0x5, 0x10, 0x3}], 0x10, 0x7}, 0x94) 899.124259ms ago: executing program 2 (id=12486): r0 = socket$netlink(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000000)) (async) pipe(&(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000890438000000000095000072"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) socket$unix(0x1, 0x1, 0x0) (async) socket$unix(0x1, 0x1, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket$kcm(0x11, 0x3, 0x0) (async) socket$kcm(0x11, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$netlink(0x10, 0x3, 0xb) (async) socket$netlink(0x10, 0x3, 0xb) socket$inet_udplite(0x2, 0x2, 0x88) (async) socket$inet_udplite(0x2, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) socket(0x400000000010, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000680)={0x0, 0xfffffe2f, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r2, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r1], 0x38}}, 0x10) (async) sendmsg$nl_route(r2, &(0x7f0000000680)={0x0, 0xfffffe2f, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r2, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r1], 0x38}}, 0x10) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r4, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000001940)={0x0, 0xf4}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000) syz_emit_ethernet(0x4a, &(0x7f0000000680)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x33, 0x0, @remote, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0xa, 0x0, 0x0, 0x0, 0x0, {[@md5sig={0x13, 0x12, "91d785d58954605c802acf9f965fe399"}]}}}}}}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x54, 0x10, 0xffffff1f, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x34080}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}, @IFLA_GRE_ENCAP_FLAGS={0x6, 0xf, 0x7}, @IFLA_GRE_REMOTE={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x28}}]}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x54}}, 0x0) 839.260101ms ago: executing program 1 (id=12487): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="2876d8d950c19b8d5760d35691b825403b0353ba50b7bf75eda270aecb7b0d14a83f741d867f94778620d2d39418b6bf6d376bab1921c938b969626e", @ANYRES16, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r1, @ANYBLOB="0800050002000000"], 0x24}}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r1, @ANYBLOB="11002a00dd0b6162636465666768696a6b00000010002d800a000000020202020202cd53"], 0x40}}, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = socket$inet(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={0xffffffffffffffff, &(0x7f00000001c0), &(0x7f00000004c0)=@udp=r2}, 0x20) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) nanosleep(&(0x7f0000000080)={0x0, 0x4c4b40}, &(0x7f00000000c0)) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newtaction={0x6c, 0x30, 0x48b, 0x0, 0x0, {}, [{0x58, 0x1, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{}, @multicast2, @remote}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x800) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=ANY=[@ANYBLOB="50000000ffffff08021100000008021100000000000000000000000000640001000006020202020202010882848b960c121824000000"], 0x36) gettid() 728.561655ms ago: executing program 3 (id=12488): r0 = socket$nl_rdma(0x10, 0x3, 0x14) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000280)={'veth0\x00', &(0x7f0000000700)=@ethtool_channels={0x3d, 0x7fff, 0x0, 0x1, 0x408, 0x1, 0x9, 0x2, 0x33}}) (async) r1 = socket(0x2b, 0x80801, 0x1) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x10000, @loopback, 0x1}, 0x1c) shutdown(r1, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) (async) r2 = socket$inet6(0xa, 0x3, 0x3) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x24}}}, 0x1c) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180000002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 702.744931ms ago: executing program 2 (id=12489): r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f00000001c0)={0x18, 0x0, {0x4, @empty, 'ip6gre0\x00'}}, 0x1e) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="bd838681401cc190000067f0ff0008000300", @ANYRES32, @ANYBLOB="0800c300741300000800c4"], 0x30}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r4) sendmsg$NL80211_CMD_REQ_SET_REG(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000540)={0x1c, r5, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040080}, 0x20000090) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWRULE={0x38, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0xa, 0x7, 0x1, 0x0, "10c998226244"}]}], {0x14}}, 0x60}}, 0x0) sendmsg$NL80211_CMD_FLUSH_PMKSA(r3, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x28, r5, 0x10, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x36}}}}, ["", "", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x2}, 0x4084093) r7 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r7, &(0x7f0000000080)={0x18, 0x0, {0x1, @local, 'ip6gretap0\x00'}}, 0x1e) connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x4, @multicast, 'lo\x00'}}, 0x1e) close(r1) 698.345686ms ago: executing program 3 (id=12490): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0xfffffdd7) getsockname$packet(r0, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c000000100039042abd70000000000000000000", @ANYRES32=r1, @ANYBLOB="01180200031100002c0012800e00010069703665727370616e0000001800028008001500a8bc0d00040012"], 0x4c}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000180)=ANY=[@ANYBLOB="540000001000010428bd70000300000000000000", @ANYRES32=r1, @ANYBLOB="00000000051c0000340012800e00010069703665727370616e0000002000028004001200050016000100000008000100", @ANYRES32=r1], 0x54}, 0x1, 0x0, 0x0, 0x10}, 0x12) 564.895189ms ago: executing program 2 (id=12491): r0 = socket$kcm(0x10, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40040, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r7 = socket(0x23, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0x1}, {0xffff, 0xffff}, {0x5, 0x9}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xb, 0xfff3}, {}, {0x7, 0x1}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xf, 0xfff3}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20040810}, 0x0) r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r10) r11 = socket(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r12, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000002300)="81", 0x1}], 0x1}, 0x4) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r13 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYRESDEC], 0x80}, 0x1, 0x0, 0x0, 0x8000}, 0x0) syz_emit_ethernet(0x1e, &(0x7f0000000500)={@broadcast, @remote, @void, {@can={0xc, {{0x2, 0x1, 0x1}, 0x0, 0x0, 0x0, 0x0, "0fbb7ac2ec676ab1"}}}}, 0x0) r14 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r14, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x24044000, 0x0, 0x0) ioctl$XFS_IOC_OPEN_BY_HANDLE(r14, 0xc038586b, &(0x7f0000000640)={r0, &(0x7f0000000540)='set\x00', 0x105003, &(0x7f0000000580)={@align=0x15, {0x3000, 0x3, 0x0, 0xc}}, 0x5, &(0x7f00000005c0)={@_ha_fsid}, &(0x7f0000000600)=0x10}) setsockopt$IP6T_SO_SET_REPLACE(r14, 0x29, 0x40, &(0x7f0000000040)=@security={'security\x00', 0xe, 0x4, 0x438, 0xffffffff, 0x118, 0x200, 0x200, 0xffffffff, 0xffffffff, 0x368, 0x368, 0x368, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast2, [0x0, 0xffffffff, 0xff000000, 0xff], [0xffffff00, 0x0, 0xff000000, 0xffffff00], 'veth1_to_bridge\x00', 'veth1\x00', {0xff}, {0xff}, 0x33, 0x9, 0x2, 0x1c}, 0x0, 0xd8, 0x118, 0x0, {}, [@common=@frag={{0x30}, {[0x0, 0xd], 0x400, 0x0, 0x1}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0xfffffff4, 0x80000000, 0x2, 0x10000, 0x7, 0x2, 0x400, 0x9]}}}, {{@ipv6={@private1={0xfc, 0x1, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [0x0, 0xffffff00, 0xffffff00], [0xffffff00, 0xff, 0xffffffff, 0xffffffff], 'ip6gretap0\x00', 'vlan0\x00', {0xff}, {}, 0x88, 0x5, 0x2, 0x20}, 0x0, 0xa8, 0xe8}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x7, 0x7f, 0x400, 0x100, 0xc2f, 0xffff, 0x9, 0x800]}}}, {{@ipv6={@loopback, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x15}}, [0xffffffff, 0xffffffff, 0xff000000, 0xff000000], [0x0, 0xffffff00, 0x0, 0xffffffff], 'veth0_to_hsr\x00', 'veth0_virt_wifi\x00', {0xff}, {0xff}, 0x2c, 0x5, 0x1}, 0x0, 0x120, 0x168, 0x0, {}, [@common=@ipv6header={{0x28}, {0x33, 0x2}}, @common=@inet=@set3={{0x50}, {{0xffffffffffffffff, 0x1, 0x4}, {0x4, 0x4}, {0x6, 0x7}, 0x4}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x0, 0xc45d, {0x9}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x498) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r11, 0x81f8943c, &(0x7f0000000780)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r13, 0xc400941d, &(0x7f0000000a40)={0x0, 0x7, 0x10000, 0x1}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f0000002340)={{r10}, r15, 0x0, @inherit={0x98, &(0x7f0000000980)={0x0, 0xa, 0x200, 0x6, {0xa, 0x8, 0x8, 0x277e, 0x33}, [0x0, 0x2, 0xe4, 0x1, 0x3, 0x7, 0x2, 0x6, 0x4, 0x9]}}, @devid=r16}) 564.192257ms ago: executing program 3 (id=12492): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58) (async) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x11, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x8b24}, [@alu={0x7, 0x0, 0x5, 0x2, 0x7, 0x0, 0x4}, @tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}, @map_idx={0x18, 0xb, 0x5, 0x0, 0x8}, @map_idx={0x18, 0x3, 0x5, 0x0, 0x2}, @map_val={0x18, 0x7, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1}, @alu={0x4, 0x1, 0x2, 0x0, 0x2, 0x18}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x29, &(0x7f0000000280)=""/41, 0x40f00, 0x77, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x4, 0x5}, 0x8, 0x10, &(0x7f0000000300)={0x3, 0xc, 0x0, 0x4}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000000340)=[0x1], &(0x7f00000003c0)=[{0x3, 0x5, 0x2, 0x3}, {0x5, 0x1, 0x1, 0x9}, {0x2, 0x4, 0x8, 0x2}, {0x0, 0x3, 0x0, 0xb}, {0x1, 0x1, 0xb, 0x1}], 0x10, 0x4}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000740)={r1, 0x0, 0x1d, 0x28, &(0x7f0000000500)="3e535f5bb072f7d238039481c6f562855bb5b9a4e5da6f214f710f08c6", &(0x7f0000000540)=""/40, 0x7fffffff, 0x0, 0xc7, 0xa7, &(0x7f0000000580)="2562138ebec72e19d32548c6578c13196addca6ee240ed33ad45a03828f20469b5e30277ffc1da597213a20ebb334f44e6fe9d16cae0e253a0529ba03c87d46390641cb705c51f00b63841eae3bb4f83d3b2596a88a0d2e41be26465d9a5d7ff77864661cb397015e975c961a958d4407af89dbd586c9719b12bbc40ffe250403407932008a691509c05edcc33d4550e0aaec86f83abee1f802e7d9a9f2a4cc85d95d34a0e2dd1fa4e8cf07eae775f52c6690f80ec3fca50da2032bf2daf0432010f9d98c72fb9", &(0x7f0000000680)="6f9d9c8e1f18e88c310706fa4aadf045d7a2527a59cc0c1df16dee4168c680058f6408e82f6af92176f77f6912fbd97c2078ded482884c701a2474c5f164c5d173ee882b5845dca7685708d821879a56bd1e9ede7b0d4655837ab8a699044adfb374b43feb5e5f03d49637d87e8a035ed5973c6dcc1afce801ea688f93d1b3c951e8f4916957c3747ac6769edee1d9ebb6ac5bbbf74e6c566691560c1003ef43d63c56114f1bb1", 0x2, 0x0, 0x8}, 0x50) (async) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$TIPC_GROUP_LEAVE(r2, 0x10f, 0x88) sendmsg$IPVS_CMD_DEL_DAEMON(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001780)=ANY=[], 0xb0}, 0x1, 0x0, 0x0, 0x24000884}, 0x48041) (async, rerun: 64) shutdown(r0, 0x0) (async, rerun: 64) accept$alg(r2, 0x0, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0xf, &(0x7f0000000000)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x52}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 523.902547ms ago: executing program 3 (id=12493): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000034c0)=ANY=[@ANYBLOB="240000003f0007010300000000000000027c0000100003800c0008"], 0x24}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) (async) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000034c0)=ANY=[@ANYBLOB="240000003f0007010300000000000000027c0000100003800c0008"], 0x24}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={0xffffffffffffffff, 0x18000000000002a0, 0x12, 0x0, &(0x7f0000000000)="b9fe0307681f5c8c989a14f088a8657988a8", 0x0, 0x9e, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000004c0)=ANY=[@ANYBLOB="280000005f00013caf23b8000000000008"], 0x28}], 0x1}, 0x0) r3 = syz_genetlink_get_family_id$nbd(&(0x7f00000026c0), r1) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000002700)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000027c0)={&(0x7f0000002740)={0x3c, r3, 0x79964d8cba2f455d, 0xa070bd28, 0x25dfdbfe, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1}, @NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r4}}]}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0xfffffffffffffff6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040005}, 0x20000000) r5 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000180)={@loopback, 0x800, 0x0, 0x3, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f00000001c0)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x800, 0x1, 0x1}, 0x20) (async) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f00000001c0)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x800, 0x1, 0x1}, 0x20) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000000), 0xffffffffffffffff) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'syzkaller1\x00'}) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) write$tun(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0x4b) (async) write$tun(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0x4b) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000000380)=@ethtool_link_settings={0x4d, 0x32, 0xf7, 0x3, 0xc0, 0x7, 0xc2, 0x4, 0x66, 0x4, [0x20044, 0x81, 0x10, 0x40, 0x6, 0x8, 0x2001, 0x2174]}}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet_sctp_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f0000000300)={0x6, [0x7741, 0x9, 0x9, 0xce, 0x200, 0x3ff]}, 0x10) sendmsg$NBD_CMD_RECONFIGURE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010026bd7000fedbdf25030040000800010000000000100007800c00018008000100", @ANYRES8=r6], 0x2c}, 0x1, 0x0, 0x0, 0x150}, 0x20008040) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="00022cbd7000fddbdf25020000000c00080065daa9d8ffffffff05000a000000000005000ab1700000000c0005000000000000000000080001000000000005000a00000000000c0003004700000000000000"], 0x58}, 0x1, 0x0, 0x0, 0x880}, 0x40080) (async) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="00022cbd7000fddbdf25020000000c00080065daa9d8ffffffff05000a000000000005000ab1700000000c0005000000000000000000080001000000000005000a00000000000c0003004700000000000000"], 0x58}, 0x1, 0x0, 0x0, 0x880}, 0x40080) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) (async) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r10, &(0x7f0000000200), 0x806000) (async) write$cgroup_int(r10, &(0x7f0000000200), 0x806000) sendmsg$IPCTNL_MSG_CT_GET(r9, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4342b85a82aa84b4}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x7c, 0x1, 0x1, 0x301, 0x0, 0x0, {0x7, 0x0, 0x7}, [@CTA_TUPLE_REPLY={0x68, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x24}}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x20004000}, 0x20044884) (async) sendmsg$IPCTNL_MSG_CT_GET(r9, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4342b85a82aa84b4}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x7c, 0x1, 0x1, 0x301, 0x0, 0x0, {0x7, 0x0, 0x7}, [@CTA_TUPLE_REPLY={0x68, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x24}}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x20004000}, 0x20044884) ioctl$FS_IOC_RESVSP(r10, 0x40305829, &(0x7f0000000380)={0x0, 0x1, 0x40000, 0x8000000009ffffc}) (async) ioctl$FS_IOC_RESVSP(r10, 0x40305829, &(0x7f0000000380)={0x0, 0x1, 0x40000, 0x8000000009ffffc}) 260.289744ms ago: executing program 3 (id=12494): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a1202, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r2) sendmsg$nl_generic(r2, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000ac0)=ANY=[@ANYRESHEX=r2], 0x18}, 0x1, 0x0, 0x0, 0x20004888}, 0x24044080) r3 = socket$netlink(0x10, 0x3, 0x9) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000000)={'veth0\x00', &(0x7f0000001340)=@ethtool_cmd={0x21, 0x1ff, 0xffff38ce, 0x5, 0x6, 0x7f, 0x2, 0x3, 0x3, 0x3, 0x9, 0x2, 0x6, 0xb6, 0x3, 0xa, [0x9, 0x1]}}) recvmsg(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)=""/232, 0xe8}, {&(0x7f0000000240)=""/182, 0xb6}, {&(0x7f0000001380)=""/99, 0x63}, {&(0x7f00000000c0)=""/47, 0x2f}, {&(0x7f0000001400)=""/4082, 0xff2}, {&(0x7f0000002700)=""/36, 0x24}, {&(0x7f00000004c0)=""/248, 0xf8}, {&(0x7f0000002540)=""/209, 0xd1}], 0x8}, 0x22120) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r2, &(0x7f0000000840)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f00000005c0)={0x250, 0x0, 0x200, 0x70bd27, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x5, 0x8e, 0x2}, {0xc}, {0xc, 0x90, 0x7fff}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x5}, {0xc, 0x90, 0x7}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x8000000000000001}, {0xc, 0x90, 0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}, {0xc, 0x8f, 0xffffffffffff8001}, {0x3, 0x90, 0xffffffffffffffff}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc}, {0xc, 0x90, 0x2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc, 0x8f, 0xfffffffffffffff8}, {0xc, 0x90, 0x8000000000000001}}, {@nsim={{0xfffffffffffffe20}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x9}, {0xc, 0x90, 0x1}}, {@pci, {0x8}, {0xc, 0x8f, 0xfffffffffffffacb}, {0xc, 0x90, 0x8000}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x1}, {0xc, 0x8f, 0x1}, {0xc, 0x90, 0x4}}]}, 0x250}, 0x1, 0x0, 0x0, 0x800}, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000880)={r1, 0x1, 0xffffffffffff8000, 0xee}) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000900), r2) ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000940)={'wg0\x00', 0x0}) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000a40)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000a00)={&(0x7f0000000980)={0x50, r5, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_TOKEN={0x8}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x1}, @MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r6}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1e}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x5}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x40}]}, 0x50}, 0x1, 0x0, 0x0, 0x800}, 0x8000) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101}) r9 = socket$unix(0x1, 0x1, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r11, {}, {0x2, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$TUNSETQUEUE(r7, 0x400454d9, &(0x7f0000000080)={'veth0_to_bridge\x00', 0x400}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r2) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x401, 0x70bd26, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_PEER_NOTIF_DELAY={0x8, 0x1c, 0x2}]}}}]}, 0x3c}}, 0x4008000) 126.516687ms ago: executing program 0 (id=12496): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}, @NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x5, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}]}], {0x14, 0x14}}, 0x98}}, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000001000)="ad4308a803a93ae832cfe6d5ef23337e0f698efa258fa9d3bc1c9df29b8749c5ffd0074397d4b10c19ca158b9169fc747e0ce81800f6ab54701b60db0d358f0341b17544b7edabe88d90fc5a63b52a5eee75baf1278b9c106f3c728d86482d41a1b38f52ef3ad9e716e77953d785625a2279cf4fd6266ccaba213de2e35c65a01968cf04d00a1ca520baf750b816fafde164d33bfafb0fee4aae07b55527d4d61deda8a79a1be0238b8309d25f34019a61f0363bd8bdf6bae02edd9d34b01b8157e510898a6e7d7217224d331981b5c2bb14d88bdc317c7a88eb04c5ef7be4021f8dbbf25c65b82d0f787de0c0b87c2d51c21e948c9c8f8077e0341b04c4ff0c0f3e7a48fae5ca15222bc350f59307d42d0670f91610d4dec94cfbbbe3b383decd29515965a3059d4b2cbed6a77948d374d320ef04b9fd74c87eef26125b3e3418aca9bd8e98db179d57611d0f85528116cae7b18393dd78c7528c45e7a8d64db9adb31bb95564d75ff0dc06fb71fc52ee5c02779cb166d93180cbd74ab3fb7e19b3509381c4e2b6e9cb7953347d0993c3d7445d201aa1e11c8eace70bc364fb0572af4c00f9c53d1a8fa4702a792ff9a83eef082e90a18dadd9dcbbc808b8887be9f1b74d8bd5de8adf", 0x1ca}], 0x1, 0x0, 0x0, 0x81}, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x21, &(0x7f0000000540), 0x4) sendmsg$tipc(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x800) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="2c00000015000100000000000000000002000000", @ANYRES32, @ANYBLOB="1400030076657468315f746f5fb0e7e13ed58465"], 0x2c}}, 0x0) sendmsg$tipc(r1, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) 0s ago: executing program 0 (id=12497): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000012c0)=@newtaction={0x18, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x20040804) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000000)) connect$can_bcm(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000280)=0xc9, 0x4) readv(0xffffffffffffffff, 0x0, 0x0) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x80}}, 0x0) r1 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="500000000206030000000000000000000d0000000c000300686173683a69700005000400000000000900020073797a31000000000c000780080008400000005d05000500020000000500010006"], 0x50}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)=ANY=[@ANYBLOB="40000000090601020000000000000000000000000900020073797a31000000010500010007000000180007800c00018008000140fffffffe050003000800"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) recvmsg(r4, &(0x7f0000001700)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) write(r1, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/27, 0x1b) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000006680)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000001c80)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000340)=ANY=[@ANYRES32=r5, @ANYRES32=r6, @ANYBLOB='/\x00\x00', @ANYRES32, @ANYBLOB="73993be5a233705951fe64a2a9449236e2a1a1664a04d93f33e322b48a50c4ceec7e619a629b19cc36356a6a398a52ddd2d5fac63dd8d696a5bd3c6131e18d4f567eb44f27b8e22d2ca642d4276b6a491322d3eeb567e6df7a00"/102], 0x20) close(0x4) kernel console output (not intermixed with test programs): nk: 17344 bytes leftover after parsing attributes in process `syz.2.11108'. [ 1154.280314][T14064] openvswitch: netlink: Flow key attr not present in new flow. [ 1154.504330][T14079] netlink: 'syz.3.11114': attribute type 1 has an invalid length. [ 1154.518728][T14079] netlink: 96 bytes leftover after parsing attributes in process `syz.3.11114'. [ 1154.788748][T14092] netlink: 'syz.2.11115': attribute type 1 has an invalid length. [ 1154.797057][T14092] netlink: 'syz.2.11115': attribute type 7 has an invalid length. [ 1154.805272][T14092] netlink: 'syz.2.11115': attribute type 8 has an invalid length. [ 1154.816157][T14092] NCSI netlink: No device for ifindex 65584 [ 1154.893875][T14095] pim6reg: entered allmulticast mode [ 1155.313486][T14113] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1155.320830][T14113] IPv6: NLM_F_CREATE should be set when creating new route [ 1155.588632][T14132] __nla_validate_parse: 6 callbacks suppressed [ 1155.588655][T14132] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11129'. [ 1155.605745][T14132] netlink: 24 bytes leftover after parsing attributes in process `syz.0.11129'. [ 1155.618025][T14135] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11129'. [ 1155.619396][T14129] netlink: 104 bytes leftover after parsing attributes in process `syz.2.11127'. [ 1155.640080][T14133] netlink: 20 bytes leftover after parsing attributes in process `syz.3.11125'. [ 1155.654421][T14135] netlink: 24 bytes leftover after parsing attributes in process `syz.0.11129'. [ 1155.767977][T14138] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1155.945226][T14153] bridge: RTM_NEWNEIGH with invalid state 0x8 [ 1155.995333][T14155] netlink: 'syz.1.11135': attribute type 8 has an invalid length. [ 1156.400354][T14180] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11142'. [ 1156.413087][T14177] sch_tbf: peakrate 4294967295 is lower than or equals to rate 3448039857780302149 ! [ 1156.453006][T14182] netlink: 24 bytes leftover after parsing attributes in process `syz.2.11143'. [ 1156.648111][T14188] syzkaller1: entered promiscuous mode [ 1156.672437][T14188] syzkaller1: entered allmulticast mode [ 1156.890332][T14206] netlink: 16 bytes leftover after parsing attributes in process `syz.2.11152'. [ 1157.060435][T14215] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11155'. [ 1157.228712][T14224] netlink: 'syz.4.11158': attribute type 10 has an invalid length. [ 1157.257370][T14229] syzkaller0: entered promiscuous mode [ 1157.264036][T14229] syzkaller0: entered allmulticast mode [ 1157.325042][T14224] team0: Port device vxcan1 added [ 1157.666575][T14246] syzkaller0: entered promiscuous mode [ 1157.691937][T14246] syzkaller0: entered allmulticast mode [ 1157.723715][T14252] netlink: 'syz.2.11164': attribute type 1 has an invalid length. [ 1157.741547][T14252] netlink: 'syz.2.11164': attribute type 3 has an invalid length. [ 1157.932596][T14263] netlink: 'syz.0.11168': attribute type 33 has an invalid length. [ 1158.087035][T14275] sctp: [Deprecated]: syz.3.11172 (pid 14275) Use of int in max_burst socket option. [ 1158.087035][T14275] Use struct sctp_assoc_value instead [ 1158.269578][T14285] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 1158.573803][T14305] x_tables: duplicate underflow at hook 2 [ 1158.579786][T14307] x_tables: duplicate underflow at hook 2 [ 1158.916633][T14327] openvswitch: netlink: Flow key attr not present in new flow. [ 1159.101884][ T5890] syz_tun: tun_net_xmit 90 [ 1159.231885][T10417] syz_tun: tun_net_xmit 90 [ 1159.499458][T14364] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1159.724645][T14377] netlink: 'syz.0.11203': attribute type 2 has an invalid length. [ 1159.862304][T14381] netlink: 'syz.0.11203': attribute type 2 has an invalid length. [ 1159.920172][T14389] netlink: 'syz.2.11207': attribute type 1 has an invalid length. [ 1159.938149][T14389] netlink: 'syz.2.11207': attribute type 2 has an invalid length. [ 1159.983096][T14388] syzkaller0: entered promiscuous mode [ 1160.002714][T14388] syzkaller0: entered allmulticast mode [ 1160.101791][T10417] syz_tun: tun_net_xmit 90 [ 1160.219418][T14400] atm:do_vcc_ioctl: ATM_SETSC is obsolete; used by syz.3.11211:14400 [ 1160.873701][T14400] __nla_validate_parse: 17 callbacks suppressed [ 1160.873725][T14400] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11211'. [ 1160.922989][T14400] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11211'. [ 1160.972698][T14400] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11211'. [ 1161.024132][T14400] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11211'. [ 1161.139901][T14463] netlink: 'syz.4.11226': attribute type 33 has an invalid length. [ 1161.159128][T14464] netlink: 'syz.4.11226': attribute type 33 has an invalid length. [ 1161.306357][T14463] bond5: option broadcast_neighbor: mode dependency failed, not supported in mode balance-rr(0) [ 1161.357787][T14463] bond5 (unregistering): Released all slaves [ 1161.424632][T14464] bond5: option broadcast_neighbor: mode dependency failed, not supported in mode balance-rr(0) [ 1161.446307][T14464] bond5 (unregistering): Released all slaves [ 1161.887802][T14499] 8021q: adding VLAN 0 to HW filter on device bond10 [ 1162.060261][T14518] gre0: entered promiscuous mode [ 1162.065541][T14518] gre0: entered allmulticast mode [ 1162.132431][T14523] Unsupported ieee802154 address type: 0 [ 1162.138943][T14526] netlink: 172 bytes leftover after parsing attributes in process `syz.0.11244'. [ 1162.153385][T14526] NCSI netlink: No device for ifindex 813332851 [ 1162.247911][T14527] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11242'. [ 1162.281992][T14525] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11242'. [ 1162.589900][T14547] netlink: 27 bytes leftover after parsing attributes in process `syz.2.11251'. [ 1163.059796][T14594] openvswitch: netlink: Duplicate key (type 2). [ 1163.433178][T14602] netlink: 12 bytes leftover after parsing attributes in process `syz.4.11264'. [ 1165.576874][T14555] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1165.884033][T14622] veth0_to_bond: entered allmulticast mode [ 1165.920727][T14626] validate_nla: 3 callbacks suppressed [ 1165.928898][T14626] netlink: 'syz.0.11270': attribute type 1 has an invalid length. [ 1167.356380][T14713] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11305'. [ 1168.416180][T14781] netlink: 60 bytes leftover after parsing attributes in process `syz.4.11337'. [ 1168.451556][T14781] netlink: 60 bytes leftover after parsing attributes in process `syz.4.11337'. [ 1168.587105][T14788] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11339'. [ 1168.662724][T14788] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1168.680595][T14788] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1168.696122][T14788] bond0 (unregistering): Released all slaves [ 1168.911210][T14810] syzkaller1: entered promiscuous mode [ 1168.916817][T14810] syzkaller1: entered allmulticast mode [ 1169.427823][T14835] netlink: 48 bytes leftover after parsing attributes in process `syz.2.11360'. [ 1169.647566][T14849] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11365'. [ 1169.685112][T14851] netlink: 'syz.1.11368': attribute type 6 has an invalid length. [ 1169.950055][T14868] netlink: 'syz.0.11375': attribute type 3 has an invalid length. [ 1170.121646][T14880] netlink: 12 bytes leftover after parsing attributes in process `syz.1.11381'. [ 1170.177850][T14883] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11382'. [ 1170.358303][T14891] tipc: Enabled bearer , priority 0 [ 1170.375152][T14891] syzkaller0: entered promiscuous mode [ 1170.380690][T14891] syzkaller0: entered allmulticast mode [ 1170.424582][T14891] tipc: Resetting bearer [ 1170.441806][T14890] tipc: Resetting bearer [ 1170.460638][T14890] tipc: Disabling bearer [ 1170.613782][T14899] batadv0: entered promiscuous mode [ 1170.619837][T14899] vlan3: entered promiscuous mode [ 1171.002529][T14922] netlink: 12 bytes leftover after parsing attributes in process `syz.0.11401'. [ 1171.106207][T14922] 8021q: adding VLAN 0 to HW filter on device bond9 [ 1171.166218][T14928] 8021q: adding VLAN 0 to HW filter on device macvlan7 [ 1171.210055][T14928] team0: Port device macvlan7 added [ 1171.980122][T14961] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input10 [ 1172.229472][T14974] netlink: 4 bytes leftover after parsing attributes in process `syz.4.11419'. [ 1172.554871][T14994] __nla_validate_parse: 2 callbacks suppressed [ 1172.554893][T14994] netlink: 12 bytes leftover after parsing attributes in process `syz.0.11428'. [ 1172.687856][T15004] netlink: 4 bytes leftover after parsing attributes in process `syz.4.11433'. [ 1172.952305][T15018] netlink: 28 bytes leftover after parsing attributes in process `syz.1.11440'. [ 1172.987217][T15018] netlink: 28 bytes leftover after parsing attributes in process `syz.1.11440'. [ 1173.184157][T15029] netlink: 28 bytes leftover after parsing attributes in process `syz.1.11445'. [ 1173.210305][T15029] netlink: 28 bytes leftover after parsing attributes in process `syz.1.11445'. [ 1173.406342][T15045] C: left promiscuous mode [ 1173.465458][T15045] tunl0: left promiscuous mode [ 1173.484385][T15045] gre0: left promiscuous mode [ 1173.552412][T15045] gretap0: left promiscuous mode [ 1173.561400][T15045] erspan0: left promiscuous mode [ 1173.568994][T15045] ip_vti0: left promiscuous mode [ 1173.585801][T15045] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1173.612676][T15693] syz_tun: tun_net_xmit 110 [ 1173.762099][T15693] syz_tun: tun_net_xmit 110 [ 1173.819270][T15065] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11462'. [ 1173.939850][T15071] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11465'. [ 1173.988328][T15075] netlink: 'syz.4.11467': attribute type 5 has an invalid length. [ 1174.306133][T15094] tipc: Enabled bearer , priority 0 [ 1174.314969][T15094] syzkaller0: entered promiscuous mode [ 1174.320524][T15094] syzkaller0: entered allmulticast mode [ 1174.339791][T15097] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11478'. [ 1174.360194][T15094] tipc: Resetting bearer [ 1174.373435][T15093] tipc: Resetting bearer [ 1174.421707][T15093] tipc: Disabling bearer [ 1174.449285][T15101] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11479'. [ 1174.885556][T15124] 8021q: adding VLAN 0 to HW filter on device team0 [ 1174.918695][T15124] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1175.218309][T15145] batman_adv: batadv0: Adding interface: dummy0 [ 1175.233488][T15145] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1175.303671][T15145] batman_adv: batadv0: Interface activated: dummy0 [ 1175.343161][T15148] batadv0: mtu less than device minimum [ 1175.358859][T15148] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1175.371225][T15148] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1175.383047][T15148] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1175.395014][T15148] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1175.406883][T15148] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1175.418709][T15148] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1175.430663][T15148] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1176.202745][T15191] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 1177.460174][T15269] nbd: illegal input index -16777216 [ 1178.047606][T15300] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1178.198320][T15314] __nla_validate_parse: 7 callbacks suppressed [ 1178.198341][T15314] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11573'. [ 1178.216078][T15314] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11573'. [ 1178.313151][T15316] Cannot find add_set index 1 as target [ 1178.352426][T15316] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11575'. [ 1178.380432][T15316] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 1178.401135][T15316] team0: Failed to send port change of device batadv1 via netlink (err -105) [ 1178.410135][T15316] team0: Failed to send options change via netlink (err -105) [ 1178.419102][T15316] team0: Port device batadv1 added [ 1178.737265][T15351] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11586'. [ 1178.748417][T15348] netlink: 'syz.0.11585': attribute type 16 has an invalid length. [ 1178.757399][T15348] netlink: 'syz.0.11585': attribute type 17 has an invalid length. [ 1178.773570][T15348] erspan0: left promiscuous mode [ 1178.778876][T15351] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11586'. [ 1178.825548][T15348] net_ratelimit: 12 callbacks suppressed [ 1178.825561][T15348] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1178.865011][T15357] netlink: 144 bytes leftover after parsing attributes in process `syz.1.11588'. [ 1178.930644][T15359] netlink: 332 bytes leftover after parsing attributes in process `syz.3.11589'. [ 1179.073718][T15367] xt_hashlimit: size too large, truncated to 1048576 [ 1179.213066][T15377] netlink: 'syz.2.11590': attribute type 12 has an invalid length. [ 1179.227001][T15377] netlink: 'syz.2.11590': attribute type 29 has an invalid length. [ 1179.261494][T15377] netlink: 148 bytes leftover after parsing attributes in process `syz.2.11590'. [ 1179.309607][T15371] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.11590'. [ 1179.314841][T15377] netlink: 'syz.2.11590': attribute type 2 has an invalid length. [ 1179.362025][T15387] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1179.392070][T15377] netlink: 23 bytes leftover after parsing attributes in process `syz.2.11590'. [ 1179.410057][T15380] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1179.718988][T15400] x_tables: duplicate underflow at hook 1 [ 1179.811797][T15409] bond1: (slave lo): Releasing backup interface [ 1179.829641][T15409] bond1: (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed [ 1179.856980][T15409] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 1179.909479][T15409] team0: No ports can be present during mode change [ 1180.353042][T15444] veth0: entered promiscuous mode [ 1180.444284][T15441] veth0: left promiscuous mode [ 1180.845112][T15455] bond5: (slave gre0): Device is not bonding slave [ 1180.852547][T15455] bond5: option active_slave: invalid value (gre0) [ 1180.863431][T15455] bond5 (unregistering): Released all slaves [ 1181.004427][T15465] netlink: 'syz.1.11626': attribute type 21 has an invalid length. [ 1181.234951][T15477] syzkaller0: entered allmulticast mode [ 1181.269151][T15477] syzkaller0 (unregistering): left allmulticast mode [ 1181.317072][T15481] netlink: 'syz.1.11632': attribute type 11 has an invalid length. [ 1181.545066][T15483] syzkaller0: entered promiscuous mode [ 1181.552144][T15483] syzkaller0: entered allmulticast mode [ 1181.583291][T15505] netlink: 'syz.4.11637': attribute type 1 has an invalid length. [ 1181.794816][T15519] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1183.336688][T15505] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR [ 1185.162590][T15544] tipc: Enabled bearer , priority 10 [ 1185.246135][T15547] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1185.316884][T15556] netlink: 'syz.4.11653': attribute type 1 has an invalid length. [ 1185.339861][T15556] __nla_validate_parse: 7 callbacks suppressed [ 1185.339881][T15556] netlink: 4 bytes leftover after parsing attributes in process `syz.4.11653'. [ 1185.401549][T15556] netlink: 4 bytes leftover after parsing attributes in process `syz.4.11653'. [ 1185.648774][T15578] netlink: 'syz.1.11660': attribute type 4 has an invalid length. [ 1185.699964][T15583] netlink: 165 bytes leftover after parsing attributes in process `syz.3.11661'. [ 1185.837683][T15593] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0001 with DS=0x2 [ 1185.989952][T15600] netlink: 24 bytes leftover after parsing attributes in process `syz.0.11665'. [ 1186.045976][T15603] netlink: 'syz.1.11666': attribute type 4 has an invalid length. [ 1186.138152][T15607] netlink: 44 bytes leftover after parsing attributes in process `syz.3.11668'. [ 1186.418779][T15626] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1186.448457][T15626] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1186.635717][T15632] netlink: 'syz.0.11676': attribute type 8 has an invalid length. [ 1187.214299][T15659] netlink: 36 bytes leftover after parsing attributes in process `syz.1.11683'. [ 1187.674902][T15687] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11689'. [ 1187.711166][T15690] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11688'. [ 1187.753769][T15691] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11688'. [ 1187.765151][T15692] netlink: 14 bytes leftover after parsing attributes in process `syz.0.11688'. [ 1187.838736][T15692] bond0 (unregistering): left promiscuous mode [ 1187.846388][T15692] bond_slave_0: left promiscuous mode [ 1187.853251][T15692] bond_slave_1: left promiscuous mode [ 1187.858993][T15692] bridge0: left promiscuous mode [ 1187.868061][T15692] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1187.887738][T15692] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1187.903083][T15692] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 1187.913036][T15692] bridge0: port 2(bridge_slave_1) entered disabled state [ 1187.920452][T15692] bridge0: port 1(bridge_slave_0) entered disabled state [ 1187.930999][T15692] bond0 (unregistering): Released all slaves [ 1187.963233][T15691] vlan3: entered allmulticast mode [ 1187.968441][T15691] bond5: entered allmulticast mode [ 1187.993506][T15700] veth1_to_team: mtu less than device minimum [ 1188.141060][T15707] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1188.190310][T15706] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1188.395287][T15722] netlink: 'syz.1.11699': attribute type 1 has an invalid length. [ 1188.548677][T15730] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1188.773012][T15742] IPVS: set_ctl: invalid protocol: 33 10.1.1.2:20000 [ 1189.248542][T15770] netlink: 'syz.3.11713': attribute type 1 has an invalid length. [ 1189.299946][T15770] 8021q: adding VLAN 0 to HW filter on device bond11 [ 1189.508503][T15786] pim6reg527: entered allmulticast mode [ 1189.561971][T15787] netlink: 'syz.3.11717': attribute type 1 has an invalid length. [ 1189.734059][T15798] netlink: 'syz.2.11723': attribute type 17 has an invalid length. [ 1189.824861][T15798] gretap0: entered promiscuous mode [ 1189.857767][T15798] gretap0: left promiscuous mode [ 1190.019372][ T5293] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1190.032273][ T5293] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1190.041365][ T5293] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1190.051850][ T5293] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1190.065391][ T5293] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1190.429356][T15819] __nla_validate_parse: 8 callbacks suppressed [ 1190.429378][T15819] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11726'. [ 1190.555967][ T36] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1190.632494][ T36] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1190.684300][T15827] netlink: 4 bytes leftover after parsing attributes in process `syz.4.11729'. [ 1190.711636][T15827] openvswitch: netlink: Flow actions attr not present in new flow. [ 1190.788418][ T36] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1190.838594][ T36] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1191.047204][ T36] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1191.070651][ T36] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1191.196423][T15809] chnl_net:caif_netlink_parms(): no params data found [ 1191.252501][ T36] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1191.294973][ T36] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1191.345304][T15854] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11734'. [ 1191.707706][T26601] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1191.755415][T15795] Set syz1 is full, maxelem 65536 reached [ 1191.796826][T22663] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1191.835280][T15809] bridge0: port 1(bridge_slave_0) entered blocking state [ 1191.854040][T15809] bridge0: port 1(bridge_slave_0) entered disabled state [ 1191.864393][T15809] bridge_slave_0: entered allmulticast mode [ 1191.879818][T15809] bridge_slave_0: entered promiscuous mode [ 1191.959267][ T86] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1191.989080][T15809] bridge0: port 2(bridge_slave_1) entered blocking state [ 1192.005310][T15809] bridge0: port 2(bridge_slave_1) entered disabled state [ 1192.018586][T15809] bridge_slave_1: entered allmulticast mode [ 1192.035795][T15879] netlink: 'syz.1.11739': attribute type 1 has an invalid length. [ 1192.043957][T15809] bridge_slave_1: entered promiscuous mode [ 1192.052682][T15867] syzkaller0: entered promiscuous mode [ 1192.063566][T15867] syzkaller0: entered allmulticast mode [ 1192.073907][T15874] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11739'. [ 1192.100950][ T51] Bluetooth: hci4: command tx timeout [ 1192.133008][T15874] hsr_slave_0 (unregistering): left promiscuous mode [ 1192.330037][T15809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1192.349581][T26601] netdevsim netdevsim0 eth4: set [0, 0] type 1 family 0 port 8472 - 0 [ 1192.370092][ T36] bridge_slave_1: left allmulticast mode [ 1192.378275][ T36] bridge_slave_1: left promiscuous mode [ 1192.395190][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 1192.457064][ T36] bridge_slave_0: left allmulticast mode [ 1192.476088][ T36] bridge_slave_0: left promiscuous mode [ 1192.518916][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 1192.687414][T15903] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11742'. [ 1192.973631][ T36] bond3 (unregistering): (slave ip6erspan0): Releasing active interface [ 1193.171018][ T36] gretap0 (unregistering): left promiscuous mode [ 1193.228636][ T36] bond6 (unregistering): (slave gretap1): Releasing active interface [ 1193.407353][ T36] bond4 (unregistering): (slave bridge2): Releasing backup interface [ 1193.418269][ T36] bridge2 (unregistering): left promiscuous mode [ 1193.566909][ T36] bond7 (unregistering): (slave bridge5): Releasing backup interface [ 1193.578109][ T36] bridge5 (unregistering): left promiscuous mode [ 1193.627650][ T36] bond1 (unregistering): Released all slaves [ 1193.649752][ T36] bond2 (unregistering): Released all slaves [ 1193.673602][ T36] bond3 (unregistering): Released all slaves [ 1193.694961][ T36] bond4 (unregistering): Released all slaves [ 1193.727119][ T36] bond5 (unregistering): Released all slaves [ 1193.749967][ T36] bond6 (unregistering): Released all slaves [ 1193.766424][ T36] bond7 (unregistering): Released all slaves [ 1193.788585][ T36] bond8 (unregistering): Released all slaves [ 1193.809828][ T36] team0: Port device macvlan7 removed [ 1193.821453][ T36] bond9 (unregistering): Released all slaves [ 1193.840626][T15809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1194.027394][ T36] tipc: Left network mode [ 1194.063036][T15809] team0: Port device team_slave_0 added [ 1194.145593][T15933] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11752'. [ 1194.192246][ T51] Bluetooth: hci4: command tx timeout [ 1194.208568][T15809] team0: Port device team_slave_1 added [ 1194.345856][T15940] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11753'. [ 1194.371177][T15940] openvswitch: netlink: Flow actions attr not present in new flow. [ 1194.429633][T15948] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11757'. [ 1194.475732][T15942] netlink: 'syz.1.11754': attribute type 10 has an invalid length. [ 1194.550075][T15809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1194.580008][T15809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1194.630011][T15809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1194.786554][T15809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1194.817229][T15809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1194.866104][T15809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1194.933929][T15973] netlink: 'syz.2.11762': attribute type 2 has an invalid length. [ 1195.071409][T15976] netlink: 44 bytes leftover after parsing attributes in process `syz.2.11762'. [ 1195.164353][T15981] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11764'. [ 1195.182479][T15809] hsr_slave_0: entered promiscuous mode [ 1195.189531][T15809] hsr_slave_1: entered promiscuous mode [ 1195.591710][T16006] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11770'. [ 1195.769629][T16016] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1195.826511][T16008] smc: net device team0 applied user defined pnetid SYZ2 [ 1195.985831][T16024] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11778'. [ 1195.995230][T16024] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11778'. [ 1196.014259][T16024] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11778'. [ 1196.194793][ T36] hsr_slave_0: left promiscuous mode [ 1196.205541][ T36] hsr_slave_1: left promiscuous mode [ 1196.222107][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1196.232271][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1196.264275][ T51] Bluetooth: hci4: command tx timeout [ 1196.306518][ T36] veth1_macvtap: left promiscuous mode [ 1196.336964][ T36] veth0_macvtap: left promiscuous mode [ 1196.349279][ T36] º: left promiscuous mode [ 1196.359389][ T36] veth0_vlan: left promiscuous mode [ 1196.490706][T16055] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11784'. [ 1196.909971][ T36] team0 (unregistering): Port device team_slave_1 removed [ 1196.927890][T16070] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1196.945760][ T36] team0 (unregistering): Port device team_slave_0 removed [ 1197.087798][T15809] netdevsim netdevsim0 eth4 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1197.265632][T15809] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1197.529044][T16087] netlink: 16 bytes leftover after parsing attributes in process `syz.1.11794'. [ 1197.644249][T15809] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1197.698082][T16086] C: renamed from lo (while UP) [ 1197.718480][T16086] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 1197.789343][T16106] netlink: 40 bytes leftover after parsing attributes in process `syz.3.11799'. [ 1197.801502][T15809] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1197.817314][T16106] netlink: 24 bytes leftover after parsing attributes in process `syz.3.11799'. [ 1197.979887][ T36] IPVS: stop unused estimator thread 0... [ 1198.067798][T16122] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11801'. [ 1198.351692][T15809] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1198.361244][ T51] Bluetooth: hci4: command tx timeout [ 1198.377624][T15809] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1198.407611][T15809] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1198.430319][T16126] batman_adv: batadv0: Local translation table size (116) exceeds maximum packet size (-320); Ignoring new local tt entry: 02:04:00:bf:05:00 [ 1198.473263][T16131] netlink: 'syz.4.11802': attribute type 10 has an invalid length. [ 1198.513723][T16131] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1198.539923][T16131] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 1198.555192][T15809] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1198.581621][T10412] batman_adv: batadv0: Local translation table size (116) exceeds maximum packet size (-320); Ignoring new local tt entry: 02:04:00:bf:05:00 [ 1198.644427][T16146] netlink: 'syz.1.11808': attribute type 1 has an invalid length. [ 1198.691296][T16146] netlink: 224 bytes leftover after parsing attributes in process `syz.1.11808'. [ 1199.023833][T15809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1199.096284][T15809] 8021q: adding VLAN 0 to HW filter on device team0 [ 1199.138263][T26592] bridge0: port 1(bridge_slave_0) entered blocking state [ 1199.145524][T26592] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1199.206125][T26601] bridge0: port 2(bridge_slave_1) entered blocking state [ 1199.213342][T26601] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1199.830145][T15809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1199.925974][T15809] veth0_vlan: entered promiscuous mode [ 1199.948375][T15809] veth1_vlan: entered promiscuous mode [ 1199.988322][T15809] veth0_macvtap: entered promiscuous mode [ 1200.002813][T15809] veth1_macvtap: entered promiscuous mode [ 1200.027803][T15809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1200.048151][T15809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1200.066982][ T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1200.098466][ T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1200.109910][ T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1200.137098][ T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1201.689869][T16158] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1201.924745][T26592] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1201.961235][T26592] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1202.138220][T16256] __nla_validate_parse: 1 callbacks suppressed [ 1202.138244][T16256] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11820'. [ 1202.304217][T16244] syzkaller0: entered promiscuous mode [ 1202.307799][T16262] netlink: 20 bytes leftover after parsing attributes in process `syz.3.11820'. [ 1202.310065][T16244] syzkaller0: entered allmulticast mode [ 1202.389335][T26594] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1202.399840][T26594] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1202.901044][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1203.011728][T16295] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11829'. [ 1204.712141][T16300] ip6t_srh: unknown srh match flags 4000 [ 1204.753672][T16300] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 1204.828401][ T5293] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1204.864092][ T5293] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1204.881126][ T5293] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1204.895290][ T5293] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1204.909437][ T5293] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1205.483936][T16315] chnl_net:caif_netlink_parms(): no params data found [ 1205.628435][T16341] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11843'. [ 1205.841196][ T6400] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1205.884721][T16349] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11845'. [ 1205.887157][T16356] syzkaller0: entered promiscuous mode [ 1205.923814][T16356] syzkaller0: entered allmulticast mode [ 1205.961590][T16315] bridge0: port 1(bridge_slave_0) entered blocking state [ 1205.979168][T16315] bridge0: port 1(bridge_slave_0) entered disabled state [ 1205.994974][T16359] FAULT_INJECTION: forcing a failure. [ 1205.994974][T16359] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1206.004564][T16315] bridge_slave_0: entered allmulticast mode [ 1206.014946][T16359] CPU: 0 UID: 0 PID: 16359 Comm: syz.4.11846 Not tainted syzkaller #0 PREEMPT(full) [ 1206.014975][T16359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1206.014990][T16359] Call Trace: [ 1206.014999][T16359] [ 1206.015009][T16359] dump_stack_lvl+0xe8/0x150 [ 1206.015045][T16359] should_fail_ex+0x412/0x560 [ 1206.015079][T16359] _copy_from_user+0x2d/0xb0 [ 1206.015114][T16359] ___sys_sendmsg+0x1c6/0x360 [ 1206.015144][T16359] ? __pfx____sys_sendmsg+0x10/0x10 [ 1206.015205][T16359] ? __fget_files+0x2a/0x420 [ 1206.015238][T16359] ? __fget_files+0x3a0/0x420 [ 1206.015281][T16359] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1206.015306][T16359] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1206.015340][T16359] ? __pfx_ksys_write+0x10/0x10 [ 1206.015377][T16359] do_syscall_64+0x14d/0xf80 [ 1206.015398][T16359] ? trace_irq_disable+0x3b/0x150 [ 1206.015430][T16359] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1206.015453][T16359] ? clear_bhb_loop+0x40/0x90 [ 1206.015480][T16359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1206.015502][T16359] RIP: 0033:0x7f7bc3d9c799 [ 1206.015523][T16359] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1206.015542][T16359] RSP: 002b:00007f7bc4c26028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1206.015565][T16359] RAX: ffffffffffffffda RBX: 00007f7bc4015fa0 RCX: 00007f7bc3d9c799 [ 1206.015581][T16359] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000003 [ 1206.015596][T16359] RBP: 00007f7bc4c26090 R08: 0000000000000000 R09: 0000000000000000 [ 1206.015609][T16359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1206.015623][T16359] R13: 00007f7bc4016038 R14: 00007f7bc4015fa0 R15: 00007ffcb7034368 [ 1206.015658][T16359] [ 1206.075599][T16315] bridge_slave_0: entered promiscuous mode [ 1206.289279][T16315] bridge0: port 2(bridge_slave_1) entered blocking state [ 1206.301233][T16315] bridge0: port 2(bridge_slave_1) entered disabled state [ 1206.308601][T16315] bridge_slave_1: entered allmulticast mode [ 1206.324132][T16315] bridge_slave_1: entered promiscuous mode [ 1206.390066][T16315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1206.418291][T16315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1206.432261][ T6400] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 1206.477071][T16315] team0: Port device team_slave_0 added [ 1206.494431][T16315] team0: Port device team_slave_1 added [ 1206.576196][T16370] netlink: 28 bytes leftover after parsing attributes in process `syz.3.11851'. [ 1206.594016][T16315] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1206.601874][T16315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1206.628932][T16315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1206.653696][T16315] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1206.660718][T16315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1206.733818][T16315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1206.848044][T16393] netlink: 210960 bytes leftover after parsing attributes in process `syz.3.11857'. [ 1206.915230][T16315] hsr_slave_0: entered promiscuous mode [ 1206.928124][T16395] xt_hashlimit: size too large, truncated to 1048576 [ 1206.940629][T16315] hsr_slave_1: entered promiscuous mode [ 1206.967277][T16315] debugfs: 'hsr0' already exists in 'hsr' [ 1206.979324][T16396] xt_hashlimit: overflow, try lower: 18446744073709551613/4 [ 1206.986813][T16315] Cannot create hsr debugfs directory [ 1206.986925][ T5293] Bluetooth: hci0: command tx timeout [ 1207.495715][T16315] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1207.522403][T16315] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1207.669790][T16315] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1207.696318][T16315] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1207.862422][T16315] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1207.877853][T16315] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1207.983752][T16315] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1208.030968][T16315] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1208.465637][T16315] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1208.468738][T16434] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1208.500251][T16315] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1208.523518][T16315] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1208.547573][T16315] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1208.782522][T16315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1208.835207][T16315] 8021q: adding VLAN 0 to HW filter on device team0 [ 1208.867529][T26594] bridge0: port 1(bridge_slave_0) entered blocking state [ 1208.874743][T26594] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1208.912565][T22665] bridge0: port 2(bridge_slave_1) entered blocking state [ 1208.919798][T22665] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1209.033978][T16464] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11880'. [ 1209.059244][T16468] syzkaller1: entered promiscuous mode [ 1209.065545][T16468] syzkaller1: entered allmulticast mode [ 1209.374347][T16477] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11883'. [ 1209.937840][T16315] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1210.083037][T16315] veth0_vlan: entered promiscuous mode [ 1210.112079][T16511] batman_adv: batadv0: Adding interface: dummy0 [ 1210.134004][T16511] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1210.161694][T16511] batman_adv: batadv0: Interface activated: dummy0 [ 1210.178415][T16315] veth1_vlan: entered promiscuous mode [ 1210.224802][T16511] batadv0: mtu less than device minimum [ 1210.232378][T16511] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1210.244243][T16511] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1210.256090][T16511] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1210.267651][T16511] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1210.279567][T16511] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1210.291405][T16511] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1210.303218][T16511] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1210.314982][T16511] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1210.326770][T16511] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1210.376325][T16518] netlink: 'syz.4.11893': attribute type 2 has an invalid length. [ 1210.387636][T16518] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11893'. [ 1210.574162][T16523] netlink: 24 bytes leftover after parsing attributes in process `syz.3.11895'. [ 1210.604465][T16315] veth0_macvtap: entered promiscuous mode [ 1210.713043][T16315] veth1_macvtap: entered promiscuous mode [ 1210.730165][T16527] netlink: 72 bytes leftover after parsing attributes in process `syz.0.11897'. [ 1210.856781][T16315] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1210.918663][T16537] netlink: 'syz.1.11899': attribute type 4 has an invalid length. [ 1210.945479][T16315] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1210.963212][T16537] netlink: 240 bytes leftover after parsing attributes in process `syz.1.11899'. [ 1210.996228][ T6583] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1211.012584][ T6583] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1211.045901][ T6583] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1211.081332][ T6583] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1211.347611][T16555] FAULT_INJECTION: forcing a failure. [ 1211.347611][T16555] name failslab, interval 1, probability 0, space 0, times 0 [ 1211.366491][T16553] netlink: 48 bytes leftover after parsing attributes in process `syz.3.11906'. [ 1211.396683][T26601] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1211.422617][T16555] CPU: 0 UID: 0 PID: 16555 Comm: syz.4.11907 Not tainted syzkaller #0 PREEMPT(full) [ 1211.422646][T16555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1211.422661][T16555] Call Trace: [ 1211.422670][T16555] [ 1211.422680][T16555] dump_stack_lvl+0xe8/0x150 [ 1211.422717][T16555] should_fail_ex+0x412/0x560 [ 1211.422752][T16555] should_failslab+0xa8/0x100 [ 1211.422783][T16555] __kmalloc_node_track_caller_noprof+0xeb/0x7b0 [ 1211.422811][T16555] ? kobject_set_name_vargs+0x61/0x110 [ 1211.422844][T16555] kvasprintf+0xeb/0x1a0 [ 1211.422869][T16555] ? __pfx_kvasprintf+0x10/0x10 [ 1211.422893][T16555] ? lruvec_stat_mod_folio+0x70/0x4b0 [ 1211.422929][T16555] ? kvasprintf_const+0xe1/0x240 [ 1211.422955][T16555] kobject_set_name_vargs+0x61/0x110 [ 1211.422982][T16555] dev_set_name+0xe2/0x140 [ 1211.423012][T16555] ? rcu_is_watching+0x15/0xb0 [ 1211.423050][T16555] ? __pfx_dev_set_name+0x10/0x10 [ 1211.423083][T16555] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 1211.423108][T16555] ? __kmalloc_noprof+0x37d/0x760 [ 1211.423132][T16555] ? wiphy_new_nm+0x625/0x19e0 [ 1211.423158][T16555] ? is_bpf_text_address+0x26/0x2b0 [ 1211.423194][T16555] wiphy_new_nm+0x7a1/0x19e0 [ 1211.423221][T16555] ? ieee80211_alloc_hw_nm+0x912/0x1f60 [ 1211.423248][T16555] ? __pfx_ieee80211_emulate_remove_chanctx+0x10/0x10 [ 1211.423271][T16555] ieee80211_alloc_hw_nm+0x3f3/0x1f60 [ 1211.423296][T16555] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 1211.423329][T16555] mac80211_hwsim_new_radio+0x1dc/0x5330 [ 1211.423366][T16555] ? stack_trace_save+0xa9/0x100 [ 1211.423389][T16555] ? __pfx_stack_trace_save+0x10/0x10 [ 1211.423417][T16555] ? stack_depot_save_flags+0x33/0x810 [ 1211.423453][T16555] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1211.423476][T16555] ? __kasan_kmalloc+0x93/0xb0 [ 1211.423511][T16555] hwsim_new_radio_nl+0xf35/0x1bd0 [ 1211.423560][T16555] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1211.423594][T16555] ? rcu_is_watching+0x15/0xb0 [ 1211.423623][T16555] ? trace_kmalloc+0x2a/0x110 [ 1211.423657][T16555] ? __nla_parse+0x40/0x60 [ 1211.423692][T16555] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 1211.423727][T16555] genl_family_rcv_msg_doit+0x22a/0x330 [ 1211.423760][T16555] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1211.423798][T16555] ? bpf_lsm_capable+0x9/0x20 [ 1211.423827][T16555] ? security_capable+0x7e/0x2c0 [ 1211.423862][T16555] genl_rcv_msg+0x61c/0x7a0 [ 1211.423892][T16555] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1211.423913][T16555] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1211.423938][T16555] ? __lock_acquire+0x6b5/0x2cf0 [ 1211.423979][T16555] netlink_rcv_skb+0x232/0x4b0 [ 1211.424010][T16555] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1211.424034][T16555] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1211.424085][T16555] ? down_read+0x272/0x2e0 [ 1211.424106][T16555] ? genl_rcv+0xd/0x40 [ 1211.424130][T16555] genl_rcv+0x28/0x40 [ 1211.424150][T16555] netlink_unicast+0x80f/0x9b0 [ 1211.424195][T16555] ? __pfx_netlink_unicast+0x10/0x10 [ 1211.424225][T16555] ? netlink_sendmsg+0x650/0xb40 [ 1211.424252][T16555] ? skb_put+0x11b/0x210 [ 1211.424290][T16555] netlink_sendmsg+0x813/0xb40 [ 1211.424332][T16555] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1211.424366][T16555] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1211.424397][T16555] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1211.424426][T16555] ____sys_sendmsg+0x972/0x9f0 [ 1211.424459][T16555] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1211.424492][T16555] ? import_iovec+0x73/0xa0 [ 1211.424531][T16555] ___sys_sendmsg+0x2a5/0x360 [ 1211.424560][T16555] ? __pfx____sys_sendmsg+0x10/0x10 [ 1211.424624][T16555] ? __fget_files+0x2a/0x420 [ 1211.424656][T16555] ? __fget_files+0x3a0/0x420 [ 1211.424702][T16555] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1211.424728][T16555] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1211.424762][T16555] ? __pfx_ksys_write+0x10/0x10 [ 1211.424800][T16555] do_syscall_64+0x14d/0xf80 [ 1211.424821][T16555] ? trace_irq_disable+0x3b/0x150 [ 1211.424852][T16555] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1211.424876][T16555] ? clear_bhb_loop+0x40/0x90 [ 1211.424903][T16555] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1211.424926][T16555] RIP: 0033:0x7f7bc3d9c799 [ 1211.424968][T16555] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1211.424987][T16555] RSP: 002b:00007f7bc4c26028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1211.425011][T16555] RAX: ffffffffffffffda RBX: 00007f7bc4015fa0 RCX: 00007f7bc3d9c799 [ 1211.425027][T16555] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000003 [ 1211.425041][T16555] RBP: 00007f7bc4c26090 R08: 0000000000000000 R09: 0000000000000000 [ 1211.425055][T16555] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1211.425068][T16555] R13: 00007f7bc4016038 R14: 00007f7bc4015fa0 R15: 00007ffcb7034368 [ 1211.425105][T16555] [ 1211.426764][T16561] gre0: entered promiscuous mode [ 1211.436249][T26601] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1211.448701][T16561] gre0: entered allmulticast mode [ 1212.093733][T16561] netlink: 92 bytes leftover after parsing attributes in process `syz.0.11909'. [ 1212.106679][T26601] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1212.115141][T26601] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1212.222004][T16576] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1212.307894][T16580] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1212.330669][T16585] netlink: 36 bytes leftover after parsing attributes in process `syz.2.11832'. [ 1213.231841][T16615] FAULT_INJECTION: forcing a failure. [ 1213.231841][T16615] name failslab, interval 1, probability 0, space 0, times 0 [ 1213.294326][T16615] CPU: 0 UID: 0 PID: 16615 Comm: syz.4.11926 Not tainted syzkaller #0 PREEMPT(full) [ 1213.294358][T16615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1213.294374][T16615] Call Trace: [ 1213.294383][T16615] [ 1213.294393][T16615] dump_stack_lvl+0xe8/0x150 [ 1213.294431][T16615] should_fail_ex+0x412/0x560 [ 1213.294467][T16615] should_failslab+0xa8/0x100 [ 1213.294499][T16615] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 1213.294526][T16615] ? __alloc_skb+0x1d0/0x7d0 [ 1213.294556][T16615] ? __local_bh_enable_ip+0xd0/0x130 [ 1213.294591][T16615] __alloc_skb+0x1d0/0x7d0 [ 1213.294623][T16615] ? netlink_ack_tlv_len+0x6c/0x210 [ 1213.294657][T16615] netlink_ack+0x146/0xa50 [ 1213.294683][T16615] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1213.294713][T16615] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1213.294735][T16615] ? __pfx_nl80211_post_doit+0x10/0x10 [ 1213.294759][T16615] ? __lock_acquire+0x6b5/0x2cf0 [ 1213.294797][T16615] netlink_rcv_skb+0x2b6/0x4b0 [ 1213.294827][T16615] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1213.294851][T16615] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1213.294898][T16615] ? down_read+0x272/0x2e0 [ 1213.294922][T16615] ? genl_rcv+0xd/0x40 [ 1213.294944][T16615] genl_rcv+0x28/0x40 [ 1213.294964][T16615] netlink_unicast+0x80f/0x9b0 [ 1213.295000][T16615] ? __pfx_netlink_unicast+0x10/0x10 [ 1213.295029][T16615] ? netlink_sendmsg+0x650/0xb40 [ 1213.295058][T16615] ? skb_put+0x11b/0x210 [ 1213.295095][T16615] netlink_sendmsg+0x813/0xb40 [ 1213.295135][T16615] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1213.295170][T16615] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1213.295202][T16615] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1213.295230][T16615] ____sys_sendmsg+0x972/0x9f0 [ 1213.295264][T16615] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1213.295296][T16615] ? import_iovec+0x73/0xa0 [ 1213.295334][T16615] ___sys_sendmsg+0x2a5/0x360 [ 1213.295363][T16615] ? __pfx____sys_sendmsg+0x10/0x10 [ 1213.295426][T16615] ? __fget_files+0x2a/0x420 [ 1213.295458][T16615] ? __fget_files+0x3a0/0x420 [ 1213.295500][T16615] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1213.295526][T16615] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1213.295560][T16615] ? __pfx_ksys_write+0x10/0x10 [ 1213.295598][T16615] do_syscall_64+0x14d/0xf80 [ 1213.295618][T16615] ? trace_irq_disable+0x3b/0x150 [ 1213.295650][T16615] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1213.295672][T16615] ? clear_bhb_loop+0x40/0x90 [ 1213.295709][T16615] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1213.295732][T16615] RIP: 0033:0x7f7bc3d9c799 [ 1213.295754][T16615] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1213.295773][T16615] RSP: 002b:00007f7bc4c26028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1213.295797][T16615] RAX: ffffffffffffffda RBX: 00007f7bc4015fa0 RCX: 00007f7bc3d9c799 [ 1213.295814][T16615] RDX: 0000000020004880 RSI: 0000200000000500 RDI: 0000000000000003 [ 1213.295829][T16615] RBP: 00007f7bc4c26090 R08: 0000000000000000 R09: 0000000000000000 [ 1213.295842][T16615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1213.295855][T16615] R13: 00007f7bc4016038 R14: 00007f7bc4015fa0 R15: 00007ffcb7034368 [ 1213.295891][T16615] [ 1213.658298][T16621] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11927'. [ 1213.722952][ T5293] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1213.736207][ T5293] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1213.745558][ T5293] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1213.760659][ T5293] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1213.777481][ T5293] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1213.851469][T16629] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1214.461577][T16622] chnl_net:caif_netlink_parms(): no params data found [ 1214.546755][T16622] bridge0: port 1(bridge_slave_0) entered blocking state [ 1214.554598][T16622] bridge0: port 1(bridge_slave_0) entered disabled state [ 1214.564626][T16622] bridge_slave_0: entered allmulticast mode [ 1214.572542][T16622] bridge_slave_0: entered promiscuous mode [ 1214.581391][T16622] bridge0: port 2(bridge_slave_1) entered blocking state [ 1214.588815][T16622] bridge0: port 2(bridge_slave_1) entered disabled state [ 1214.596384][T16622] bridge_slave_1: entered allmulticast mode [ 1214.604439][T16622] bridge_slave_1: entered promiscuous mode [ 1214.641534][T16622] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1214.654220][T16622] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1214.691657][T16622] team0: Port device team_slave_0 added [ 1214.700593][T16622] team0: Port device team_slave_1 added [ 1214.733215][T16622] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1214.740208][T16622] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1214.766510][T16622] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1214.779249][T16622] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1214.788301][T16622] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1214.814901][T16622] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1214.867550][T16622] hsr_slave_0: entered promiscuous mode [ 1214.874429][T16622] hsr_slave_1: entered promiscuous mode [ 1214.880973][T16622] debugfs: 'hsr0' already exists in 'hsr' [ 1214.886823][T16622] Cannot create hsr debugfs directory [ 1215.076884][T16622] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1215.096606][T16622] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1215.107013][T16622] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1215.117617][T16622] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 20004 - 0 [ 1215.203745][T16622] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1215.214838][T16622] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1215.226384][T16622] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1215.238918][T16622] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 20004 - 0 [ 1215.317795][T16622] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1215.328394][T16622] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1215.342966][T16622] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1215.354117][T16622] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 20004 - 0 [ 1215.446778][T16622] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1215.457964][T16622] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1215.468512][T16622] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1215.479049][T16622] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 2] type 2 family 0 port 20004 - 0 [ 1215.861032][ T5293] Bluetooth: hci1: command tx timeout [ 1217.252772][T16649] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1217.306522][T16622] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1217.388952][T16622] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1217.427481][T16622] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1217.452921][T16672] __nla_validate_parse: 1 callbacks suppressed [ 1217.452945][T16672] netlink: 60 bytes leftover after parsing attributes in process `syz.1.11944'. [ 1217.495057][T16622] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1217.502254][T16672] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11944'. [ 1217.521471][T16672] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11944'. [ 1217.530483][T16672] netlink: 'syz.1.11944': attribute type 12 has an invalid length. [ 1217.562531][T16672] netlink: 'syz.1.11944': attribute type 11 has an invalid length. [ 1217.850636][T16622] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1217.909427][T16622] 8021q: adding VLAN 0 to HW filter on device team0 [ 1217.930181][T16700] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11951'. [ 1217.941112][ T5293] Bluetooth: hci1: command tx timeout [ 1217.944814][ T86] bridge0: port 1(bridge_slave_0) entered blocking state [ 1217.953712][ T86] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1217.997964][T26592] bridge0: port 2(bridge_slave_1) entered blocking state [ 1218.005205][T26592] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1218.099831][T16622] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1218.111951][T16622] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1218.516213][T16622] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1218.630220][T16622] veth0_vlan: entered promiscuous mode [ 1218.652857][T16622] veth1_vlan: entered promiscuous mode [ 1218.715613][T16622] veth0_macvtap: entered promiscuous mode [ 1218.758335][T16622] veth1_macvtap: entered promiscuous mode [ 1218.796969][T16622] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1218.838070][T16737] netlink: 45 bytes leftover after parsing attributes in process `syz.0.11962'. [ 1218.849178][T16622] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1218.898533][T26601] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1218.927019][T26601] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1218.949135][T16737] netlink: 16 bytes leftover after parsing attributes in process `syz.0.11962'. [ 1218.962564][T26601] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1218.996923][T26592] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1219.191082][T22665] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1219.198966][T22665] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1219.254915][T16745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1219.268611][T26592] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1219.284473][T26592] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1219.694332][T16770] netlink: 28 bytes leftover after parsing attributes in process `syz.4.11974'. [ 1219.916551][T16790] netlink: 'syz.0.11981': attribute type 12 has an invalid length. [ 1220.021695][ T5293] Bluetooth: hci1: command tx timeout [ 1220.056935][T16796] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.11983'. [ 1220.212615][T16806] netlink: 'syz.2.11987': attribute type 2 has an invalid length. [ 1220.231459][T16806] netlink: 244 bytes leftover after parsing attributes in process `syz.2.11987'. [ 1220.365491][T16807] syzkaller1: entered promiscuous mode [ 1220.386555][T16807] syzkaller1: entered allmulticast mode [ 1220.429839][T16815] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1220.698360][T16828] xt_bpf: check failed: parse error [ 1220.709234][T16828] netlink: 216 bytes leftover after parsing attributes in process `syz.1.11996'. [ 1220.718968][T16828] netlink: 'syz.1.11996': attribute type 2 has an invalid length. [ 1220.803422][T16830] net_ratelimit: 12 callbacks suppressed [ 1220.803444][T16830] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1221.251851][T16844] hsr_slave_1: left promiscuous mode [ 1221.536431][T16863] netlink: 'syz.4.12011': attribute type 3 has an invalid length. [ 1221.556229][T16868] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 1221.587510][T16868] netlink: 'syz.3.12010': attribute type 21 has an invalid length. [ 1221.588947][T16867] openvswitch: netlink: IP tunnel dst address not specified [ 1221.604898][T16868] netlink: ct family unspecified [ 1221.826083][T16882] netlink: 'syz.0.12016': attribute type 9 has an invalid length. [ 1222.085034][T16895] openvswitch: netlink: Geneve opt len 3 is not a multiple of 4. [ 1222.112585][ T5293] Bluetooth: hci1: command tx timeout [ 1222.161768][T16900] Bluetooth: MGMT ver 1.23 [ 1222.181174][T16900] netem: incorrect gi model size [ 1222.187267][T16900] netem: change failed [ 1222.663152][T16935] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 1222.690356][T16935] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 1222.699464][T16935] gretap1: entered promiscuous mode [ 1222.705082][T16935] gretap1: entered allmulticast mode [ 1222.712749][T16939] __nla_validate_parse: 14 callbacks suppressed [ 1222.712769][T16939] netlink: 96 bytes leftover after parsing attributes in process `syz.4.12034'. [ 1222.762541][T16942] FAULT_INJECTION: forcing a failure. [ 1222.762541][T16942] name failslab, interval 1, probability 0, space 0, times 0 [ 1222.787720][T16942] CPU: 0 UID: 0 PID: 16942 Comm: syz.0.12037 Not tainted syzkaller #0 PREEMPT(full) [ 1222.787751][T16942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1222.787765][T16942] Call Trace: [ 1222.787775][T16942] [ 1222.787785][T16942] dump_stack_lvl+0xe8/0x150 [ 1222.787822][T16942] should_fail_ex+0x412/0x560 [ 1222.787859][T16942] should_failslab+0xa8/0x100 [ 1222.787889][T16942] __kvmalloc_node_noprof+0x178/0x8a0 [ 1222.787917][T16942] ? rhashtable_init_noprof+0x52e/0xa70 [ 1222.787949][T16942] ? rhashtable_init_noprof+0x12d/0xa70 [ 1222.787987][T16942] rhashtable_init_noprof+0x52e/0xa70 [ 1222.788018][T16942] ? __init_waitqueue_head+0xa9/0x150 [ 1222.788048][T16942] rhltable_init_noprof+0x1e/0x60 [ 1222.788080][T16942] sta_info_init+0x54/0x130 [ 1222.788114][T16942] ieee80211_alloc_hw_nm+0x818/0x1f60 [ 1222.788138][T16942] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 1222.788172][T16942] mac80211_hwsim_new_radio+0x1dc/0x5330 [ 1222.788210][T16942] ? stack_trace_save+0xa9/0x100 [ 1222.788234][T16942] ? __pfx_stack_trace_save+0x10/0x10 [ 1222.788261][T16942] ? stack_depot_save_flags+0x33/0x810 [ 1222.788298][T16942] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1222.788329][T16942] ? __kasan_kmalloc+0x93/0xb0 [ 1222.788367][T16942] hwsim_new_radio_nl+0xf35/0x1bd0 [ 1222.788418][T16942] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1222.788453][T16942] ? rcu_is_watching+0x15/0xb0 [ 1222.788485][T16942] ? trace_kmalloc+0x2a/0x110 [ 1222.788514][T16942] ? __nla_parse+0x40/0x60 [ 1222.788550][T16942] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 1222.788585][T16942] genl_family_rcv_msg_doit+0x22a/0x330 [ 1222.788618][T16942] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1222.788657][T16942] ? bpf_lsm_capable+0x9/0x20 [ 1222.788687][T16942] ? security_capable+0x7e/0x2c0 [ 1222.788723][T16942] genl_rcv_msg+0x61c/0x7a0 [ 1222.788754][T16942] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1222.788777][T16942] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1222.788802][T16942] ? __lock_acquire+0x6b5/0x2cf0 [ 1222.788844][T16942] netlink_rcv_skb+0x232/0x4b0 [ 1222.788875][T16942] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1222.788900][T16942] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1222.788950][T16942] ? down_read+0x272/0x2e0 [ 1222.788974][T16942] ? genl_rcv+0xd/0x40 [ 1222.788998][T16942] genl_rcv+0x28/0x40 [ 1222.789017][T16942] netlink_unicast+0x80f/0x9b0 [ 1222.789054][T16942] ? __pfx_netlink_unicast+0x10/0x10 [ 1222.789083][T16942] ? netlink_sendmsg+0x650/0xb40 [ 1222.789111][T16942] ? skb_put+0x11b/0x210 [ 1222.789150][T16942] netlink_sendmsg+0x813/0xb40 [ 1222.789191][T16942] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1222.789226][T16942] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1222.789257][T16942] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1222.789286][T16942] ____sys_sendmsg+0x972/0x9f0 [ 1222.789326][T16942] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1222.789360][T16942] ? import_iovec+0x73/0xa0 [ 1222.789399][T16942] ___sys_sendmsg+0x2a5/0x360 [ 1222.789428][T16942] ? __pfx____sys_sendmsg+0x10/0x10 [ 1222.789494][T16942] ? __fget_files+0x2a/0x420 [ 1222.789525][T16942] ? __fget_files+0x3a0/0x420 [ 1222.789570][T16942] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1222.789597][T16942] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1222.789631][T16942] ? __pfx_ksys_write+0x10/0x10 [ 1222.789670][T16942] do_syscall_64+0x14d/0xf80 [ 1222.789690][T16942] ? trace_irq_disable+0x3b/0x150 [ 1222.789723][T16942] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1222.789746][T16942] ? clear_bhb_loop+0x40/0x90 [ 1222.789775][T16942] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1222.789797][T16942] RIP: 0033:0x7fdd2d99c799 [ 1222.789819][T16942] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1222.789839][T16942] RSP: 002b:00007fdd2e933028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1222.789863][T16942] RAX: ffffffffffffffda RBX: 00007fdd2dc15fa0 RCX: 00007fdd2d99c799 [ 1222.789880][T16942] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000003 [ 1222.789894][T16942] RBP: 00007fdd2e933090 R08: 0000000000000000 R09: 0000000000000000 [ 1222.789908][T16942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1222.789921][T16942] R13: 00007fdd2dc16038 R14: 00007fdd2dc15fa0 R15: 00007fff37aef378 [ 1222.789959][T16942] [ 1222.844970][T16939] vlan3: entered allmulticast mode [ 1223.270695][T16939] erspan0: entered allmulticast mode [ 1223.369453][T16949] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1223.404840][T16945] FAULT_INJECTION: forcing a failure. [ 1223.404840][T16945] name failslab, interval 1, probability 0, space 0, times 0 [ 1223.421403][T16945] CPU: 1 UID: 0 PID: 16945 Comm: syz.2.12038 Not tainted syzkaller #0 PREEMPT(full) [ 1223.421437][T16945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1223.421452][T16945] Call Trace: [ 1223.421463][T16945] [ 1223.421474][T16945] dump_stack_lvl+0xe8/0x150 [ 1223.421514][T16945] should_fail_ex+0x412/0x560 [ 1223.421553][T16945] should_failslab+0xa8/0x100 [ 1223.421587][T16945] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 1223.421614][T16945] ? __alloc_skb+0x186/0x7d0 [ 1223.421648][T16945] ? __alloc_skb+0x1d0/0x7d0 [ 1223.421680][T16945] ? __local_bh_enable_ip+0xd0/0x130 [ 1223.421718][T16945] __alloc_skb+0x1d0/0x7d0 [ 1223.421760][T16945] netlink_sendmsg+0x5d4/0xb40 [ 1223.421815][T16945] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1223.421855][T16945] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1223.421889][T16945] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1223.421920][T16945] ____sys_sendmsg+0x972/0x9f0 [ 1223.421955][T16945] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1223.421991][T16945] ? import_iovec+0x73/0xa0 [ 1223.422033][T16945] ___sys_sendmsg+0x2a5/0x360 [ 1223.422064][T16945] ? __pfx____sys_sendmsg+0x10/0x10 [ 1223.422131][T16945] ? __fget_files+0x2a/0x420 [ 1223.422166][T16945] ? __fget_files+0x3a0/0x420 [ 1223.422215][T16945] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1223.422244][T16945] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1223.422282][T16945] ? __pfx_ksys_write+0x10/0x10 [ 1223.422323][T16945] do_syscall_64+0x14d/0xf80 [ 1223.422347][T16945] ? trace_irq_disable+0x3b/0x150 [ 1223.422382][T16945] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1223.422407][T16945] ? clear_bhb_loop+0x40/0x90 [ 1223.422438][T16945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1223.422462][T16945] RIP: 0033:0x7f699859c799 [ 1223.422486][T16945] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1223.422507][T16945] RSP: 002b:00007f699946a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1223.422532][T16945] RAX: ffffffffffffffda RBX: 00007f6998815fa0 RCX: 00007f699859c799 [ 1223.422550][T16945] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 1223.422567][T16945] RBP: 00007f699946a090 R08: 0000000000000000 R09: 0000000000000000 [ 1223.422582][T16945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1223.422596][T16945] R13: 00007f6998816038 R14: 00007f6998815fa0 R15: 00007ffce36597e8 [ 1223.422635][T16945] [ 1223.789660][T16954] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12040'. [ 1223.893726][T16958] syzkaller0: entered promiscuous mode [ 1223.899288][T16958] syzkaller0: entered allmulticast mode [ 1224.051129][T16963] netlink: 'syz.0.12044': attribute type 1 has an invalid length. [ 1224.107083][T16963] netlink: 476 bytes leftover after parsing attributes in process `syz.0.12044'. [ 1224.141120][T16963] netlink: 1041 bytes leftover after parsing attributes in process `syz.0.12044'. [ 1224.162028][T16963] netlink: 'syz.0.12044': attribute type 1 has an invalid length. [ 1224.169909][T16963] netlink: 476 bytes leftover after parsing attributes in process `syz.0.12044'. [ 1224.270910][T16963] netlink: 1041 bytes leftover after parsing attributes in process `syz.0.12044'. [ 1224.285111][T16963] netlink: 'syz.0.12044': attribute type 1 has an invalid length. [ 1224.300348][T16963] netlink: 476 bytes leftover after parsing attributes in process `syz.0.12044'. [ 1224.318732][T16963] netlink: 1041 bytes leftover after parsing attributes in process `syz.0.12044'. [ 1224.396020][T16979] xt_hashlimit: invalid interval [ 1224.432202][T16981] gre2: entered promiscuous mode [ 1224.437238][T16981] gre2: entered allmulticast mode [ 1224.520655][T16963] netlink: 'syz.0.12044': attribute type 1 has an invalid length. [ 1224.529159][T16963] netlink: 476 bytes leftover after parsing attributes in process `syz.0.12044'. [ 1224.541946][T16963] netlink: 1041 bytes leftover after parsing attributes in process `syz.0.12044'. [ 1224.562265][T16989] FAULT_INJECTION: forcing a failure. [ 1224.562265][T16989] name failslab, interval 1, probability 0, space 0, times 0 [ 1224.581321][T16989] CPU: 1 UID: 0 PID: 16989 Comm: syz.1.12051 Not tainted syzkaller #0 PREEMPT(full) [ 1224.581351][T16989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1224.581366][T16989] Call Trace: [ 1224.581375][T16989] [ 1224.581385][T16989] dump_stack_lvl+0xe8/0x150 [ 1224.581421][T16989] should_fail_ex+0x412/0x560 [ 1224.581457][T16989] should_failslab+0xa8/0x100 [ 1224.581489][T16989] __kmalloc_node_track_caller_noprof+0xeb/0x7b0 [ 1224.581516][T16989] ? kasprintf+0xe2/0x140 [ 1224.581550][T16989] kvasprintf+0xeb/0x1a0 [ 1224.581574][T16989] ? __pfx_kvasprintf+0x10/0x10 [ 1224.581610][T16989] kasprintf+0xe2/0x140 [ 1224.581630][T16989] ? pcpu_alloc+0x10/0x360 [ 1224.581663][T16989] ? __pfx_kasprintf+0x10/0x10 [ 1224.581693][T16989] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1224.581745][T16989] ieee80211_alloc_led_names+0xa4/0x2b0 [ 1224.581775][T16989] ieee80211_alloc_hw_nm+0x18f2/0x1f60 [ 1224.581811][T16989] mac80211_hwsim_new_radio+0x1dc/0x5330 [ 1224.581847][T16989] ? stack_trace_save+0xa9/0x100 [ 1224.581869][T16989] ? __pfx_stack_trace_save+0x10/0x10 [ 1224.581896][T16989] ? stack_depot_save_flags+0x33/0x810 [ 1224.581950][T16989] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1224.581973][T16989] ? __kasan_kmalloc+0x93/0xb0 [ 1224.582011][T16989] hwsim_new_radio_nl+0xf35/0x1bd0 [ 1224.582061][T16989] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1224.582097][T16989] ? rcu_is_watching+0x15/0xb0 [ 1224.582129][T16989] ? trace_kmalloc+0x2a/0x110 [ 1224.582160][T16989] ? __nla_parse+0x40/0x60 [ 1224.582197][T16989] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 1224.582232][T16989] genl_family_rcv_msg_doit+0x22a/0x330 [ 1224.582264][T16989] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1224.582303][T16989] ? bpf_lsm_capable+0x9/0x20 [ 1224.582333][T16989] ? security_capable+0x7e/0x2c0 [ 1224.582372][T16989] genl_rcv_msg+0x61c/0x7a0 [ 1224.582403][T16989] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1224.582426][T16989] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1224.582452][T16989] ? __lock_acquire+0x6b5/0x2cf0 [ 1224.582494][T16989] netlink_rcv_skb+0x232/0x4b0 [ 1224.582526][T16989] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1224.582559][T16989] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1224.582609][T16989] ? down_read+0x272/0x2e0 [ 1224.582632][T16989] ? genl_rcv+0xd/0x40 [ 1224.582656][T16989] genl_rcv+0x28/0x40 [ 1224.582677][T16989] netlink_unicast+0x80f/0x9b0 [ 1224.582714][T16989] ? __pfx_netlink_unicast+0x10/0x10 [ 1224.582744][T16989] ? netlink_sendmsg+0x650/0xb40 [ 1224.582772][T16989] ? skb_put+0x11b/0x210 [ 1224.582809][T16989] netlink_sendmsg+0x813/0xb40 [ 1224.582852][T16989] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1224.582887][T16989] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1224.582918][T16989] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1224.582947][T16989] ____sys_sendmsg+0x972/0x9f0 [ 1224.582981][T16989] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1224.583015][T16989] ? import_iovec+0x73/0xa0 [ 1224.583053][T16989] ___sys_sendmsg+0x2a5/0x360 [ 1224.583084][T16989] ? __pfx____sys_sendmsg+0x10/0x10 [ 1224.583147][T16989] ? __fget_files+0x2a/0x420 [ 1224.583179][T16989] ? __fget_files+0x3a0/0x420 [ 1224.583224][T16989] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1224.583250][T16989] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1224.583284][T16989] ? __pfx_ksys_write+0x10/0x10 [ 1224.583323][T16989] do_syscall_64+0x14d/0xf80 [ 1224.583344][T16989] ? trace_irq_disable+0x3b/0x150 [ 1224.583376][T16989] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1224.583399][T16989] ? clear_bhb_loop+0x40/0x90 [ 1224.583427][T16989] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1224.583450][T16989] RIP: 0033:0x7f325539c799 [ 1224.583472][T16989] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1224.583492][T16989] RSP: 002b:00007f32535ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1224.583516][T16989] RAX: ffffffffffffffda RBX: 00007f3255615fa0 RCX: 00007f325539c799 [ 1224.583533][T16989] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000003 [ 1224.583555][T16989] RBP: 00007f32535ee090 R08: 0000000000000000 R09: 0000000000000000 [ 1224.583569][T16989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1224.583583][T16989] R13: 00007f3255616038 R14: 00007f3255615fa0 R15: 00007ffe5383e958 [ 1224.583621][T16989] [ 1225.094278][T16963] netlink: 'syz.0.12044': attribute type 1 has an invalid length. [ 1225.207036][T16998] netlink: 'syz.4.12055': attribute type 5 has an invalid length. [ 1225.258519][T17006] netlink: 'syz.3.12057': attribute type 4 has an invalid length. [ 1225.464456][T10412] IPVS: starting estimator thread 0... [ 1225.561183][T17023] IPVS: using max 30 ests per chain, 72000 per kthread [ 1225.830567][T17043] FAULT_INJECTION: forcing a failure. [ 1225.830567][T17043] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1225.843935][T17043] CPU: 1 UID: 0 PID: 17043 Comm: syz.1.12068 Not tainted syzkaller #0 PREEMPT(full) [ 1225.843964][T17043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1225.843977][T17043] Call Trace: [ 1225.843986][T17043] [ 1225.843996][T17043] dump_stack_lvl+0xe8/0x150 [ 1225.844033][T17043] should_fail_ex+0x412/0x560 [ 1225.844066][T17043] _copy_from_iter+0x1d3/0x1670 [ 1225.844100][T17043] ? rcu_is_watching+0x15/0xb0 [ 1225.844138][T17043] ? __pfx__copy_from_iter+0x10/0x10 [ 1225.844176][T17043] ? netlink_sendmsg+0x650/0xb40 [ 1225.844205][T17043] ? skb_put+0x11b/0x210 [ 1225.844240][T17043] netlink_sendmsg+0x6c0/0xb40 [ 1225.844280][T17043] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1225.844313][T17043] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1225.844343][T17043] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1225.844372][T17043] ____sys_sendmsg+0x972/0x9f0 [ 1225.844403][T17043] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1225.844436][T17043] ? import_iovec+0x73/0xa0 [ 1225.844473][T17043] ___sys_sendmsg+0x2a5/0x360 [ 1225.844512][T17043] ? __pfx____sys_sendmsg+0x10/0x10 [ 1225.844572][T17043] ? __fget_files+0x2a/0x420 [ 1225.844605][T17043] ? __fget_files+0x3a0/0x420 [ 1225.844648][T17043] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1225.844673][T17043] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1225.844706][T17043] ? __pfx_ksys_write+0x10/0x10 [ 1225.844744][T17043] do_syscall_64+0x14d/0xf80 [ 1225.844765][T17043] ? trace_irq_disable+0x3b/0x150 [ 1225.844797][T17043] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1225.844820][T17043] ? clear_bhb_loop+0x40/0x90 [ 1225.844848][T17043] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1225.844870][T17043] RIP: 0033:0x7f325539c799 [ 1225.844891][T17043] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1225.844911][T17043] RSP: 002b:00007f32535ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1225.844934][T17043] RAX: ffffffffffffffda RBX: 00007f3255615fa0 RCX: 00007f325539c799 [ 1225.844950][T17043] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 1225.844964][T17043] RBP: 00007f32535ee090 R08: 0000000000000000 R09: 0000000000000000 [ 1225.844977][T17043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1225.844991][T17043] R13: 00007f3255616038 R14: 00007f3255615fa0 R15: 00007ffe5383e958 [ 1225.845026][T17043] [ 1226.675980][T26592] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 20002 - 0 [ 1226.692794][T26592] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 20002 - 0 [ 1226.719560][T26592] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 20002 - 0 [ 1226.755940][T26592] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 20002 - 0 [ 1227.075240][T17086] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1227.092663][T17088] netlink: 'syz.4.12086': attribute type 2 has an invalid length. [ 1227.101154][T17088] netlink: 'syz.4.12086': attribute type 1 has an invalid length. [ 1227.109017][T17088] netlink: 'syz.4.12086': attribute type 1 has an invalid length. [ 1227.223959][T17095] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 1227.767911][T17120] delete_channel: no stack [ 1228.260002][T17147] __nla_validate_parse: 12 callbacks suppressed [ 1228.260025][T17147] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12106'. [ 1228.341673][T17148] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12106'. [ 1228.640520][T17157] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1229.095085][T17183] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12114'. [ 1229.109027][T17180] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12113'. [ 1229.155137][ T36] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1229.166312][ T36] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1229.199954][ T36] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1229.211646][T17187] netlink: 212340 bytes leftover after parsing attributes in process `syz.3.12113'. [ 1229.225840][ T36] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1229.375739][T17190] tun0: tun_chr_ioctl cmd 1074025675 [ 1229.383732][T17190] tun0: persist disabled [ 1229.391916][T17190] netlink: 4 bytes leftover after parsing attributes in process `syz.2.12116'. [ 1229.407630][T17203] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc. [ 1229.464521][T17203] IPVS: ip_vs_add_dest(): server weight less than zero [ 1229.484165][ T7970] IPVS: starting estimator thread 0... [ 1229.582027][T17206] IPVS: using max 27 ests per chain, 64800 per kthread [ 1229.709510][T17217] netlink: 'syz.1.12125': attribute type 11 has an invalid length. [ 1229.718699][T17217] netlink: 'syz.1.12125': attribute type 11 has an invalid length. [ 1229.729840][T17217] netlink: 140 bytes leftover after parsing attributes in process `syz.1.12125'. [ 1229.759214][T17219] FAULT_INJECTION: forcing a failure. [ 1229.759214][T17219] name failslab, interval 1, probability 0, space 0, times 0 [ 1229.823889][T17219] CPU: 1 UID: 0 PID: 17219 Comm: syz.4.12126 Not tainted syzkaller #0 PREEMPT(full) [ 1229.823921][T17219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1229.823936][T17219] Call Trace: [ 1229.823946][T17219] [ 1229.823956][T17219] dump_stack_lvl+0xe8/0x150 [ 1229.823994][T17219] should_fail_ex+0x412/0x560 [ 1229.824030][T17219] should_failslab+0xa8/0x100 [ 1229.824061][T17219] __kmalloc_cache_noprof+0x88/0x660 [ 1229.824088][T17219] ? device_create+0x13d/0x300 [ 1229.824119][T17219] device_create+0x13d/0x300 [ 1229.824156][T17219] ? timer_init_key+0x161/0x2f0 [ 1229.824183][T17219] ? __pfx_device_create+0x10/0x10 [ 1229.824209][T17219] ? ieee80211_alloc_hw_nm+0x18fa/0x1f60 [ 1229.824245][T17219] mac80211_hwsim_new_radio+0x3f5/0x5330 [ 1229.824285][T17219] ? __pfx_stack_trace_save+0x10/0x10 [ 1229.824311][T17219] ? stack_depot_save_flags+0x33/0x810 [ 1229.824347][T17219] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1229.824369][T17219] ? __kasan_kmalloc+0x93/0xb0 [ 1229.824405][T17219] hwsim_new_radio_nl+0xf35/0x1bd0 [ 1229.824455][T17219] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1229.824491][T17219] ? rcu_is_watching+0x15/0xb0 [ 1229.824522][T17219] ? trace_kmalloc+0x2a/0x110 [ 1229.824551][T17219] ? __nla_parse+0x40/0x60 [ 1229.824588][T17219] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 1229.824623][T17219] genl_family_rcv_msg_doit+0x22a/0x330 [ 1229.824656][T17219] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1229.824695][T17219] ? bpf_lsm_capable+0x9/0x20 [ 1229.824726][T17219] ? security_capable+0x7e/0x2c0 [ 1229.824762][T17219] genl_rcv_msg+0x61c/0x7a0 [ 1229.824793][T17219] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1229.824816][T17219] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1229.824842][T17219] ? __lock_acquire+0x6b5/0x2cf0 [ 1229.824884][T17219] netlink_rcv_skb+0x232/0x4b0 [ 1229.824915][T17219] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1229.824940][T17219] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1229.824990][T17219] ? down_read+0x272/0x2e0 [ 1229.825013][T17219] ? genl_rcv+0xd/0x40 [ 1229.825038][T17219] genl_rcv+0x28/0x40 [ 1229.825058][T17219] netlink_unicast+0x80f/0x9b0 [ 1229.825094][T17219] ? __pfx_netlink_unicast+0x10/0x10 [ 1229.825123][T17219] ? netlink_sendmsg+0x650/0xb40 [ 1229.825158][T17219] ? skb_put+0x11b/0x210 [ 1229.825195][T17219] netlink_sendmsg+0x813/0xb40 [ 1229.825236][T17219] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1229.825270][T17219] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1229.825301][T17219] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1229.825330][T17219] ____sys_sendmsg+0x972/0x9f0 [ 1229.825363][T17219] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1229.825395][T17219] ? import_iovec+0x73/0xa0 [ 1229.825433][T17219] ___sys_sendmsg+0x2a5/0x360 [ 1229.825461][T17219] ? __pfx____sys_sendmsg+0x10/0x10 [ 1229.825524][T17219] ? __fget_files+0x2a/0x420 [ 1229.825556][T17219] ? __fget_files+0x3a0/0x420 [ 1229.825601][T17219] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1229.825628][T17219] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1229.825662][T17219] ? __pfx_ksys_write+0x10/0x10 [ 1229.825701][T17219] do_syscall_64+0x14d/0xf80 [ 1229.825722][T17219] ? trace_irq_disable+0x3b/0x150 [ 1229.825754][T17219] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1229.825777][T17219] ? clear_bhb_loop+0x40/0x90 [ 1229.825806][T17219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1229.825829][T17219] RIP: 0033:0x7f7bc3d9c799 [ 1229.825850][T17219] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1229.825870][T17219] RSP: 002b:00007f7bc4c26028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1229.825894][T17219] RAX: ffffffffffffffda RBX: 00007f7bc4015fa0 RCX: 00007f7bc3d9c799 [ 1229.825911][T17219] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000003 [ 1229.825926][T17219] RBP: 00007f7bc4c26090 R08: 0000000000000000 R09: 0000000000000000 [ 1229.825940][T17219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1229.825954][T17219] R13: 00007f7bc4016038 R14: 00007f7bc4015fa0 R15: 00007ffcb7034368 [ 1229.825989][T17219] [ 1230.304479][T17228] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12130'. [ 1230.314346][T17228] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12130'. [ 1230.353385][T17226] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1230.422164][ C1] batman_adv: batadv0: Local translation table size (92) exceeds maximum packet size (-320); Ignoring new local tt entry: 02:04:00:bf:05:00 [ 1230.710709][T17253] 0: reclassify loop, rule prio 0, protocol 700 [ 1230.835496][T17262] FAULT_INJECTION: forcing a failure. [ 1230.835496][T17262] name failslab, interval 1, probability 0, space 0, times 0 [ 1230.848591][T17262] CPU: 0 UID: 0 PID: 17262 Comm: syz.4.12142 Not tainted syzkaller #0 PREEMPT(full) [ 1230.848622][T17262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1230.848636][T17262] Call Trace: [ 1230.848647][T17262] [ 1230.848656][T17262] dump_stack_lvl+0xe8/0x150 [ 1230.848693][T17262] should_fail_ex+0x412/0x560 [ 1230.848729][T17262] should_failslab+0xa8/0x100 [ 1230.848760][T17262] __kmalloc_cache_noprof+0x88/0x660 [ 1230.848785][T17262] ? rcu_is_watching+0x15/0xb0 [ 1230.848816][T17262] ? device_add+0xbe/0xb70 [ 1230.848844][T17262] device_add+0xbe/0xb70 [ 1230.848873][T17262] device_create+0x269/0x300 [ 1230.848902][T17262] ? timer_init_key+0x161/0x2f0 [ 1230.848929][T17262] ? __pfx_device_create+0x10/0x10 [ 1230.848957][T17262] ? ieee80211_alloc_hw_nm+0x18fa/0x1f60 [ 1230.848993][T17262] mac80211_hwsim_new_radio+0x3f5/0x5330 [ 1230.849042][T17262] ? __pfx_stack_trace_save+0x10/0x10 [ 1230.849070][T17262] ? stack_depot_save_flags+0x33/0x810 [ 1230.849107][T17262] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1230.849130][T17262] ? __kasan_kmalloc+0x93/0xb0 [ 1230.849169][T17262] hwsim_new_radio_nl+0xf35/0x1bd0 [ 1230.849219][T17262] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1230.849256][T17262] ? rcu_is_watching+0x15/0xb0 [ 1230.849287][T17262] ? trace_kmalloc+0x2a/0x110 [ 1230.849318][T17262] ? __nla_parse+0x40/0x60 [ 1230.849354][T17262] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 1230.849389][T17262] genl_family_rcv_msg_doit+0x22a/0x330 [ 1230.849421][T17262] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1230.849460][T17262] ? bpf_lsm_capable+0x9/0x20 [ 1230.849489][T17262] ? security_capable+0x7e/0x2c0 [ 1230.849525][T17262] genl_rcv_msg+0x61c/0x7a0 [ 1230.849556][T17262] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1230.849579][T17262] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1230.849603][T17262] ? __lock_acquire+0x6b5/0x2cf0 [ 1230.849646][T17262] netlink_rcv_skb+0x232/0x4b0 [ 1230.849678][T17262] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1230.849702][T17262] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1230.849753][T17262] ? down_read+0x272/0x2e0 [ 1230.849776][T17262] ? genl_rcv+0xd/0x40 [ 1230.849799][T17262] genl_rcv+0x28/0x40 [ 1230.849819][T17262] netlink_unicast+0x80f/0x9b0 [ 1230.849856][T17262] ? __pfx_netlink_unicast+0x10/0x10 [ 1230.849885][T17262] ? netlink_sendmsg+0x650/0xb40 [ 1230.849914][T17262] ? skb_put+0x11b/0x210 [ 1230.849952][T17262] netlink_sendmsg+0x813/0xb40 [ 1230.849993][T17262] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1230.850036][T17262] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1230.850067][T17262] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1230.850096][T17262] ____sys_sendmsg+0x972/0x9f0 [ 1230.850130][T17262] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1230.850164][T17262] ? import_iovec+0x73/0xa0 [ 1230.850203][T17262] ___sys_sendmsg+0x2a5/0x360 [ 1230.850234][T17262] ? __pfx____sys_sendmsg+0x10/0x10 [ 1230.850299][T17262] ? __fget_files+0x2a/0x420 [ 1230.850331][T17262] ? __fget_files+0x3a0/0x420 [ 1230.850376][T17262] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1230.850402][T17262] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1230.850438][T17262] ? __pfx_ksys_write+0x10/0x10 [ 1230.850476][T17262] do_syscall_64+0x14d/0xf80 [ 1230.850496][T17262] ? trace_irq_disable+0x3b/0x150 [ 1230.850528][T17262] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1230.850551][T17262] ? clear_bhb_loop+0x40/0x90 [ 1230.850579][T17262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1230.850604][T17262] RIP: 0033:0x7f7bc3d9c799 [ 1230.850626][T17262] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1230.850646][T17262] RSP: 002b:00007f7bc4c26028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1230.850669][T17262] RAX: ffffffffffffffda RBX: 00007f7bc4015fa0 RCX: 00007f7bc3d9c799 [ 1230.850686][T17262] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000003 [ 1230.850700][T17262] RBP: 00007f7bc4c26090 R08: 0000000000000000 R09: 0000000000000000 [ 1230.850714][T17262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1230.850730][T17262] R13: 00007f7bc4016038 R14: 00007f7bc4015fa0 R15: 00007ffcb7034368 [ 1230.850766][T17262] [ 1231.438659][T17268] netlink: 96 bytes leftover after parsing attributes in process `syz.1.12144'. [ 1231.939301][T17299] bond0: entered promiscuous mode [ 1231.946329][T17300] FAULT_INJECTION: forcing a failure. [ 1231.946329][T17300] name failslab, interval 1, probability 0, space 0, times 0 [ 1231.961126][T17299] bond_slave_0: entered promiscuous mode [ 1231.969676][T17299] bond_slave_1: entered promiscuous mode [ 1231.979818][T17300] CPU: 1 UID: 0 PID: 17300 Comm: syz.1.12156 Not tainted syzkaller #0 PREEMPT(full) [ 1231.979847][T17300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1231.979861][T17300] Call Trace: [ 1231.979870][T17300] [ 1231.979880][T17300] dump_stack_lvl+0xe8/0x150 [ 1231.979917][T17300] should_fail_ex+0x412/0x560 [ 1231.979960][T17300] should_failslab+0xa8/0x100 [ 1231.979991][T17300] __kmalloc_cache_noprof+0x88/0x660 [ 1231.980016][T17300] ? rcu_is_watching+0x15/0xb0 [ 1231.980044][T17300] ? device_add+0xbe/0xb70 [ 1231.980072][T17300] device_add+0xbe/0xb70 [ 1231.980100][T17300] device_create+0x269/0x300 [ 1231.980127][T17300] ? timer_init_key+0x161/0x2f0 [ 1231.980154][T17300] ? __pfx_device_create+0x10/0x10 [ 1231.980180][T17300] ? ieee80211_alloc_hw_nm+0x18fa/0x1f60 [ 1231.980216][T17300] mac80211_hwsim_new_radio+0x3f5/0x5330 [ 1231.980256][T17300] ? __pfx_stack_trace_save+0x10/0x10 [ 1231.980284][T17300] ? stack_depot_save_flags+0x33/0x810 [ 1231.980320][T17300] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1231.980342][T17300] ? __kasan_kmalloc+0x93/0xb0 [ 1231.980378][T17300] hwsim_new_radio_nl+0xf35/0x1bd0 [ 1231.980426][T17300] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1231.980462][T17300] ? rcu_is_watching+0x15/0xb0 [ 1231.980492][T17300] ? trace_kmalloc+0x2a/0x110 [ 1231.980522][T17300] ? __nla_parse+0x40/0x60 [ 1231.980558][T17300] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 1231.980590][T17300] genl_family_rcv_msg_doit+0x22a/0x330 [ 1231.980620][T17300] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1231.980657][T17300] ? bpf_lsm_capable+0x9/0x20 [ 1231.980686][T17300] ? security_capable+0x7e/0x2c0 [ 1231.980723][T17300] genl_rcv_msg+0x61c/0x7a0 [ 1231.980752][T17300] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1231.980775][T17300] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1231.980799][T17300] ? __lock_acquire+0x6b5/0x2cf0 [ 1231.980839][T17300] netlink_rcv_skb+0x232/0x4b0 [ 1231.980867][T17300] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1231.980890][T17300] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1231.980945][T17300] ? down_read+0x272/0x2e0 [ 1231.980965][T17300] ? genl_rcv+0xd/0x40 [ 1231.980987][T17300] genl_rcv+0x28/0x40 [ 1231.981005][T17300] netlink_unicast+0x80f/0x9b0 [ 1231.981039][T17300] ? __pfx_netlink_unicast+0x10/0x10 [ 1231.981065][T17300] ? netlink_sendmsg+0x650/0xb40 [ 1231.981091][T17300] ? skb_put+0x11b/0x210 [ 1231.981125][T17300] netlink_sendmsg+0x813/0xb40 [ 1231.981162][T17300] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1231.981194][T17300] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1231.981223][T17300] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1231.981249][T17300] ____sys_sendmsg+0x972/0x9f0 [ 1231.981279][T17300] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1231.981309][T17300] ? import_iovec+0x73/0xa0 [ 1231.981344][T17300] ___sys_sendmsg+0x2a5/0x360 [ 1231.981371][T17300] ? __pfx____sys_sendmsg+0x10/0x10 [ 1231.981428][T17300] ? __fget_files+0x2a/0x420 [ 1231.981459][T17300] ? __fget_files+0x3a0/0x420 [ 1231.981504][T17300] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1231.981530][T17300] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1231.981563][T17300] ? __pfx_ksys_write+0x10/0x10 [ 1231.981601][T17300] do_syscall_64+0x14d/0xf80 [ 1231.981621][T17300] ? trace_irq_disable+0x3b/0x150 [ 1231.981652][T17300] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1231.981676][T17300] ? clear_bhb_loop+0x40/0x90 [ 1231.981704][T17300] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1231.981725][T17300] RIP: 0033:0x7f325539c799 [ 1231.981746][T17300] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1231.981764][T17300] RSP: 002b:00007f32535ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1231.981787][T17300] RAX: ffffffffffffffda RBX: 00007f3255615fa0 RCX: 00007f325539c799 [ 1231.981802][T17300] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000003 [ 1231.981816][T17300] RBP: 00007f32535ee090 R08: 0000000000000000 R09: 0000000000000000 [ 1231.981830][T17300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1231.981843][T17300] R13: 00007f3255616038 R14: 00007f3255615fa0 R15: 00007ffe5383e958 [ 1231.981881][T17300] [ 1232.539719][T17304] validate_nla: 3 callbacks suppressed [ 1232.539741][T17304] netlink: 'syz.2.12159': attribute type 1 has an invalid length. [ 1232.568853][T17311] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1232.956075][T17342] lo: entered promiscuous mode [ 1232.989903][T17342] netlink: 'syz.2.12167': attribute type 2 has an invalid length. [ 1233.023298][T17342] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1233.437215][T17359] netlink: 'syz.3.12174': attribute type 11 has an invalid length. [ 1233.458741][T17359] __nla_validate_parse: 7 callbacks suppressed [ 1233.458764][T17359] netlink: 199788 bytes leftover after parsing attributes in process `syz.3.12174'. [ 1233.495216][T17363] netlink: 20 bytes leftover after parsing attributes in process `syz.3.12174'. [ 1233.600320][T17359] netlink: 20 bytes leftover after parsing attributes in process `syz.3.12174'. [ 1233.674567][T17359] nbd: device at index 64 is going down [ 1233.709144][T17372] netlink: 12 bytes leftover after parsing attributes in process `syz.1.12177'. [ 1233.831870][T17378] netlink: 'syz.4.12179': attribute type 10 has an invalid length. [ 1233.886472][T17205] udevd[17205]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 1233.908625][T17382] netlink: 'syz.4.12179': attribute type 1 has an invalid length. [ 1233.931141][T17378] smc: removing net device team0 with user defined pnetid SYZ2 [ 1233.948638][T17378] team0 (unregistering): Port device vxcan1 removed [ 1234.185841][T17390] netlink: 'syz.3.12182': attribute type 9 has an invalid length. [ 1234.337693][T17398] netlink: 4 bytes leftover after parsing attributes in process `syz.4.12186'. [ 1234.388600][ T30] audit: type=1107 audit(1773422935.136:15): pid=17404 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='â0.ý~”|ò¢¤ì'7ÎÉÔ¶YcHÙ [ 1234.388600][ T30] ÈCûÆ°’ëO©ÈBÃa#?Ý=T?¦Ñ0-%z.É¥ùó¿Õ' [ 1234.549375][T17416] netlink: 'syz.3.12193': attribute type 11 has an invalid length. [ 1234.563822][T17416] netlink: 'syz.3.12193': attribute type 11 has an invalid length. [ 1234.572482][T17416] netlink: 224 bytes leftover after parsing attributes in process `syz.3.12193'. [ 1234.584099][T17413] openvswitch: netlink: IP tunnel TTL not specified. [ 1235.670282][T17469] vxcan1 speed is unknown, defaulting to 1000 [ 1235.724857][T17469] vxcan1 speed is unknown, defaulting to 1000 [ 1235.751775][T17469] vxcan1 speed is unknown, defaulting to 1000 [ 1236.232303][T17494] syzkaller0: entered promiscuous mode [ 1236.264365][T17494] syzkaller0: entered allmulticast mode [ 1236.645897][T17469] infiniband syz2: set active [ 1236.650898][T15693] vxcan1 speed is unknown, defaulting to 1000 [ 1236.671195][T17469] infiniband syz2: added vxcan1 [ 1236.722324][T17525] netlink: 248 bytes leftover after parsing attributes in process `syz.1.12221'. [ 1236.792008][T17528] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1236.815357][T17530] netlink: 'syz.1.12221': attribute type 12 has an invalid length. [ 1236.826076][T17469] RDS/IB: syz2: added [ 1236.838459][T17469] smc: adding ib device syz2 with port count 1 [ 1236.867141][T17528] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12222'. [ 1236.877045][T17469] smc: ib device syz2 port 1 has pnetid SYZ1 (user defined) [ 1236.972029][T17538] netlink: 20 bytes leftover after parsing attributes in process `syz.2.12222'. [ 1236.981536][T17538] netlink: 32 bytes leftover after parsing attributes in process `syz.2.12222'. [ 1237.078536][T10413] vxcan1 speed is unknown, defaulting to 1000 [ 1237.141335][T17469] vxcan1 speed is unknown, defaulting to 1000 [ 1237.576554][T17558] mac80211_hwsim hwsim104 syzkaller0: Caught tx_queue_len zero misconfig [ 1237.753745][T17565] bridge0: port 1(bridge_slave_0) entered disabled state [ 1237.799964][T17567] syzkaller1: entered promiscuous mode [ 1237.814794][T17567] syzkaller1: entered allmulticast mode [ 1237.888050][T17469] vxcan1 speed is unknown, defaulting to 1000 [ 1238.137040][T17583] netlink: 'syz.2.12237': attribute type 1 has an invalid length. [ 1238.293298][T17590] tipc: Failed to remove unknown binding: 66,0,0/0:2926553441/2926553442 [ 1238.330510][T17590] tipc: Failed to remove unknown binding: 66,0,0/0:2926553441/2926553442 [ 1238.359980][T17594] syzkaller0: entered promiscuous mode [ 1238.384391][T17594] syzkaller0: entered allmulticast mode [ 1238.666770][T17469] vxcan1 speed is unknown, defaulting to 1000 [ 1238.952558][T17621] FAULT_INJECTION: forcing a failure. [ 1238.952558][T17621] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1239.016382][T17621] CPU: 1 UID: 0 PID: 17621 Comm: syz.4.12248 Not tainted syzkaller #0 PREEMPT(full) [ 1239.016414][T17621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1239.016428][T17621] Call Trace: [ 1239.016437][T17621] [ 1239.016447][T17621] dump_stack_lvl+0xe8/0x150 [ 1239.016483][T17621] should_fail_ex+0x412/0x560 [ 1239.016518][T17621] _copy_from_iter+0x1d3/0x1670 [ 1239.016554][T17621] ? rcu_is_watching+0x15/0xb0 [ 1239.016591][T17621] ? __pfx__copy_from_iter+0x10/0x10 [ 1239.016631][T17621] ? netlink_sendmsg+0x650/0xb40 [ 1239.016661][T17621] ? skb_put+0x11b/0x210 [ 1239.016698][T17621] netlink_sendmsg+0x6c0/0xb40 [ 1239.016739][T17621] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1239.016773][T17621] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1239.016804][T17621] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1239.016834][T17621] ____sys_sendmsg+0x972/0x9f0 [ 1239.016866][T17621] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1239.016899][T17621] ? import_iovec+0x73/0xa0 [ 1239.016936][T17621] ___sys_sendmsg+0x2a5/0x360 [ 1239.016966][T17621] ? __pfx____sys_sendmsg+0x10/0x10 [ 1239.017026][T17621] ? __fget_files+0x2a/0x420 [ 1239.017058][T17621] ? __fget_files+0x3a0/0x420 [ 1239.017101][T17621] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1239.017126][T17621] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1239.017160][T17621] ? __pfx_ksys_write+0x10/0x10 [ 1239.017196][T17621] do_syscall_64+0x14d/0xf80 [ 1239.017217][T17621] ? trace_irq_disable+0x3b/0x150 [ 1239.017248][T17621] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1239.017270][T17621] ? clear_bhb_loop+0x40/0x90 [ 1239.017298][T17621] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1239.017320][T17621] RIP: 0033:0x7f7bc3d9c799 [ 1239.017341][T17621] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1239.017368][T17621] RSP: 002b:00007f7bc4c26028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1239.017391][T17621] RAX: ffffffffffffffda RBX: 00007f7bc4015fa0 RCX: 00007f7bc3d9c799 [ 1239.017408][T17621] RDX: 0000000024000040 RSI: 0000200000000200 RDI: 0000000000000003 [ 1239.017423][T17621] RBP: 00007f7bc4c26090 R08: 0000000000000000 R09: 0000000000000000 [ 1239.017437][T17621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1239.017450][T17621] R13: 00007f7bc4016038 R14: 00007f7bc4015fa0 R15: 00007ffcb7034368 [ 1239.017485][T17621] [ 1239.401674][T17631] __nla_validate_parse: 3 callbacks suppressed [ 1239.401697][T17631] netlink: 16 bytes leftover after parsing attributes in process `syz.0.12252'. [ 1239.609198][ T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1239.624671][ T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1239.632229][T17469] vxcan1 speed is unknown, defaulting to 1000 [ 1239.638562][ T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1239.661291][ T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1239.679641][ T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1240.031621][T17653] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1240.464975][T17469] vxcan1 speed is unknown, defaulting to 1000 [ 1240.644680][T17672] FAULT_INJECTION: forcing a failure. [ 1240.644680][T17672] name failslab, interval 1, probability 0, space 0, times 0 [ 1240.694262][T17672] CPU: 0 UID: 0 PID: 17672 Comm: syz.0.12261 Not tainted syzkaller #0 PREEMPT(full) [ 1240.694294][T17672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1240.694309][T17672] Call Trace: [ 1240.694318][T17672] [ 1240.694328][T17672] dump_stack_lvl+0xe8/0x150 [ 1240.694366][T17672] should_fail_ex+0x412/0x560 [ 1240.694402][T17672] should_failslab+0xa8/0x100 [ 1240.694434][T17672] __kmalloc_noprof+0xe8/0x760 [ 1240.694459][T17672] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 1240.694493][T17672] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 1240.694527][T17672] genl_family_rcv_msg_doit+0xd9/0x330 [ 1240.694558][T17672] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1240.694593][T17672] ? apparmor_capable+0x126/0x170 [ 1240.694630][T17672] ? bpf_lsm_capable+0x9/0x20 [ 1240.694660][T17672] ? security_capable+0x7e/0x2c0 [ 1240.694695][T17672] genl_rcv_msg+0x61c/0x7a0 [ 1240.694725][T17672] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1240.694747][T17672] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1240.694769][T17672] ? __pfx_nl80211_join_mesh+0x10/0x10 [ 1240.694799][T17672] ? __pfx_nl80211_post_doit+0x10/0x10 [ 1240.694822][T17672] ? __lock_acquire+0x6b5/0x2cf0 [ 1240.694863][T17672] netlink_rcv_skb+0x232/0x4b0 [ 1240.694895][T17672] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1240.694920][T17672] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1240.694971][T17672] ? down_read+0x272/0x2e0 [ 1240.694994][T17672] ? genl_rcv+0xd/0x40 [ 1240.695018][T17672] genl_rcv+0x28/0x40 [ 1240.695039][T17672] netlink_unicast+0x80f/0x9b0 [ 1240.695076][T17672] ? __pfx_netlink_unicast+0x10/0x10 [ 1240.695106][T17672] ? netlink_sendmsg+0x650/0xb40 [ 1240.695134][T17672] ? skb_put+0x11b/0x210 [ 1240.695179][T17672] netlink_sendmsg+0x813/0xb40 [ 1240.695220][T17672] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1240.695255][T17672] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1240.695285][T17672] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1240.695314][T17672] ____sys_sendmsg+0x972/0x9f0 [ 1240.695347][T17672] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1240.695376][T17672] ? import_iovec+0x73/0xa0 [ 1240.695413][T17672] ___sys_sendmsg+0x2a5/0x360 [ 1240.695444][T17672] ? __pfx____sys_sendmsg+0x10/0x10 [ 1240.695507][T17672] ? __fget_files+0x2a/0x420 [ 1240.695539][T17672] ? __fget_files+0x3a0/0x420 [ 1240.695584][T17672] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1240.695611][T17672] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1240.695645][T17672] ? __pfx_ksys_write+0x10/0x10 [ 1240.695682][T17672] do_syscall_64+0x14d/0xf80 [ 1240.695703][T17672] ? trace_irq_disable+0x3b/0x150 [ 1240.695734][T17672] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1240.695757][T17672] ? clear_bhb_loop+0x40/0x90 [ 1240.695786][T17672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1240.695808][T17672] RIP: 0033:0x7fdd2d99c799 [ 1240.695829][T17672] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1240.695849][T17672] RSP: 002b:00007fdd2e933028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1240.695872][T17672] RAX: ffffffffffffffda RBX: 00007fdd2dc15fa0 RCX: 00007fdd2d99c799 [ 1240.695889][T17672] RDX: 0000000024000040 RSI: 0000200000000200 RDI: 0000000000000003 [ 1240.695903][T17672] RBP: 00007fdd2e933090 R08: 0000000000000000 R09: 0000000000000000 [ 1240.695917][T17672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1240.695931][T17672] R13: 00007fdd2dc16038 R14: 00007fdd2dc15fa0 R15: 00007fff37aef378 [ 1240.695967][T17672] [ 1241.193793][T17684] block nbd0: reconnected socket [ 1241.193815][ T5293] block nbd0: Receive control failed (result -107) [ 1241.209405][T17685] netlink: 24 bytes leftover after parsing attributes in process `syz.0.12263'. [ 1241.360447][T17685] netlink: 24 bytes leftover after parsing attributes in process `syz.0.12263'. [ 1241.414662][T17640] vxcan1 speed is unknown, defaulting to 1000 [ 1241.726834][T17704] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1241.780938][ T5293] Bluetooth: hci5: command tx timeout [ 1241.831655][T17469] vxcan1 speed is unknown, defaulting to 1000 [ 1242.062532][T17712] netlink: 40 bytes leftover after parsing attributes in process `syz.2.12273'. [ 1242.171209][T17469] vxcan1 speed is unknown, defaulting to 1000 [ 1242.217439][T17640] chnl_net:caif_netlink_parms(): no params data found [ 1242.359940][T17718] netlink: 44 bytes leftover after parsing attributes in process `syz.1.12274'. [ 1242.378401][T17719] syzkaller0: entered promiscuous mode [ 1242.384114][T17719] syzkaller0: entered allmulticast mode [ 1242.409923][T17718] netlink: 43 bytes leftover after parsing attributes in process `syz.1.12274'. [ 1242.419512][T17718] netlink: 'syz.1.12274': attribute type 6 has an invalid length. [ 1242.428871][T17718] netlink: 'syz.1.12274': attribute type 5 has an invalid length. [ 1242.437300][T17718] netlink: 43 bytes leftover after parsing attributes in process `syz.1.12274'. [ 1242.630644][T17728] netlink: 'syz.0.12276': attribute type 1 has an invalid length. [ 1242.638910][T17728] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12276'. [ 1242.666194][T17640] bridge0: port 1(bridge_slave_0) entered blocking state [ 1242.696033][T17640] bridge0: port 1(bridge_slave_0) entered disabled state [ 1242.711687][T17640] bridge_slave_0: entered allmulticast mode [ 1242.729014][T17640] bridge_slave_0: entered promiscuous mode [ 1242.744973][T17640] bridge0: port 2(bridge_slave_1) entered blocking state [ 1242.765142][T17640] bridge0: port 2(bridge_slave_1) entered disabled state [ 1242.788092][T17640] bridge_slave_1: entered allmulticast mode [ 1242.807073][T17640] bridge_slave_1: entered promiscuous mode [ 1242.919336][T17640] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1242.942109][T17469] vxcan1 speed is unknown, defaulting to 1000 [ 1242.954704][T17640] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1243.040278][T17640] team0: Port device team_slave_0 added [ 1243.066372][T17640] team0: Port device team_slave_1 added [ 1243.094797][T17734] Cannot find add_set index 0 as target [ 1243.274370][T17739] netlink: 24 bytes leftover after parsing attributes in process `syz.1.12280'. [ 1243.308430][T17640] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1243.323232][T17640] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1243.357771][T17740] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12280'. [ 1243.380690][T17640] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1243.398575][T17640] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1243.406403][T17640] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1243.439795][T17640] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1243.501466][T17469] vxcan1 speed is unknown, defaulting to 1000 [ 1243.654051][T17640] hsr_slave_0: entered promiscuous mode [ 1243.663920][T17640] hsr_slave_1: entered promiscuous mode [ 1243.670635][T17640] debugfs: 'hsr0' already exists in 'hsr' [ 1243.676751][T17640] Cannot create hsr debugfs directory [ 1243.691530][T17752] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1243.866475][ T5293] Bluetooth: hci5: command tx timeout [ 1244.057374][T17640] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1244.110640][T17469] vxcan1 speed is unknown, defaulting to 1000 [ 1244.154417][T17640] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1244.242985][T17640] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1244.315992][T17757] FAULT_INJECTION: forcing a failure. [ 1244.315992][T17757] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1244.391433][T17757] CPU: 0 UID: 0 PID: 17757 Comm: syz.0.12286 Not tainted syzkaller #0 PREEMPT(full) [ 1244.391464][T17757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1244.391479][T17757] Call Trace: [ 1244.391488][T17757] [ 1244.391498][T17757] dump_stack_lvl+0xe8/0x150 [ 1244.391536][T17757] should_fail_ex+0x412/0x560 [ 1244.391572][T17757] _copy_from_user+0x2d/0xb0 [ 1244.391606][T17757] kstrtouint_from_user+0xd6/0x180 [ 1244.391637][T17757] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1244.391683][T17757] proc_fail_nth_write+0x8e/0x210 [ 1244.391716][T17757] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1244.391754][T17757] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1244.391788][T17757] vfs_write+0x29a/0xb90 [ 1244.391821][T17757] ? __pfx_vfs_write+0x10/0x10 [ 1244.391856][T17757] ? __fget_files+0x2a/0x420 [ 1244.391893][T17757] ? __fget_files+0x3a0/0x420 [ 1244.391923][T17757] ? __fget_files+0x2a/0x420 [ 1244.391966][T17757] ksys_write+0x150/0x270 [ 1244.391992][T17757] ? __pfx_ksys_write+0x10/0x10 [ 1244.392029][T17757] do_syscall_64+0x14d/0xf80 [ 1244.392050][T17757] ? trace_irq_disable+0x3b/0x150 [ 1244.392080][T17757] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1244.392103][T17757] ? clear_bhb_loop+0x40/0x90 [ 1244.392131][T17757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1244.392153][T17757] RIP: 0033:0x7fdd2d95cfce [ 1244.392174][T17757] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1244.392194][T17757] RSP: 002b:00007fdd2e932fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1244.392218][T17757] RAX: ffffffffffffffda RBX: 00007fdd2e9336c0 RCX: 00007fdd2d95cfce [ 1244.392234][T17757] RDX: 0000000000000001 RSI: 00007fdd2e9330a0 RDI: 0000000000000004 [ 1244.392248][T17757] RBP: 00007fdd2e933090 R08: 0000000000000000 R09: 0000000000000000 [ 1244.392262][T17757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1244.392275][T17757] R13: 00007fdd2dc16038 R14: 00007fdd2dc15fa0 R15: 00007fff37aef378 [ 1244.392312][T17757] [ 1244.407506][T17640] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1244.954567][T17768] FAULT_INJECTION: forcing a failure. [ 1244.954567][T17768] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1244.969966][T17768] CPU: 1 UID: 0 PID: 17768 Comm: syz.3.12290 Not tainted syzkaller #0 PREEMPT(full) [ 1244.969997][T17768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1244.970011][T17768] Call Trace: [ 1244.970020][T17768] [ 1244.970029][T17768] dump_stack_lvl+0xe8/0x150 [ 1244.970065][T17768] should_fail_ex+0x412/0x560 [ 1244.970097][T17768] _copy_to_user+0x31/0xb0 [ 1244.970120][T17768] simple_read_from_buffer+0xe1/0x170 [ 1244.970154][T17768] proc_fail_nth_read+0x1bb/0x230 [ 1244.970188][T17768] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1244.970222][T17768] ? rw_verify_area+0x2a6/0x4d0 [ 1244.970245][T17768] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1244.970277][T17768] vfs_read+0x20c/0xa70 [ 1244.970307][T17768] ? fdget_pos+0x246/0x320 [ 1244.970344][T17768] ? __pfx___mutex_lock+0x10/0x10 [ 1244.970368][T17768] ? __pfx_vfs_read+0x10/0x10 [ 1244.970392][T17768] ? __fget_files+0x2a/0x420 [ 1244.970427][T17768] ? __fget_files+0x3a0/0x420 [ 1244.970457][T17768] ? __fget_files+0x2a/0x420 [ 1244.970498][T17768] ksys_read+0x150/0x270 [ 1244.970523][T17768] ? __pfx_ksys_read+0x10/0x10 [ 1244.970560][T17768] do_syscall_64+0x14d/0xf80 [ 1244.970580][T17768] ? trace_irq_disable+0x3b/0x150 [ 1244.970611][T17768] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1244.970633][T17768] ? clear_bhb_loop+0x40/0x90 [ 1244.970661][T17768] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1244.970682][T17768] RIP: 0033:0x7f50bfb5cfce [ 1244.970703][T17768] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1244.970725][T17768] RSP: 002b:00007f50c0a5cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1244.970748][T17768] RAX: ffffffffffffffda RBX: 00007f50c0a5d6c0 RCX: 00007f50bfb5cfce [ 1244.970764][T17768] RDX: 000000000000000f RSI: 00007f50c0a5d0a0 RDI: 0000000000000006 [ 1244.970778][T17768] RBP: 00007f50c0a5d090 R08: 0000000000000000 R09: 0000000000000000 [ 1244.970792][T17768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1244.970805][T17768] R13: 00007f50bfe16038 R14: 00007f50bfe15fa0 R15: 00007ffcd6f99688 [ 1244.970841][T17768] [ 1245.259970][T17777] __nla_validate_parse: 1 callbacks suppressed [ 1245.259991][T17777] netlink: 12 bytes leftover after parsing attributes in process `syz.2.12291'. [ 1245.356683][T17640] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1245.385653][T17640] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1245.405603][T17640] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1245.456721][T17640] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1245.651888][T17789] openvswitch: netlink: Tunnel attr 78 out of range max 16 [ 1245.827878][T17640] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1245.882907][T17640] 8021q: adding VLAN 0 to HW filter on device team0 [ 1245.899220][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 1245.906473][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1245.917522][T17810] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12299'. [ 1245.942817][ T5293] Bluetooth: hci5: command tx timeout [ 1245.945919][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 1245.955450][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1246.004855][T17816] netlink: 16 bytes leftover after parsing attributes in process `syz.2.12299'. [ 1246.015126][T17815] netlink: 16 bytes leftover after parsing attributes in process `syz.2.12299'. [ 1246.415077][T17834] netlink: 32 bytes leftover after parsing attributes in process `syz.3.12308'. [ 1246.438307][T17837] netlink: 'syz.1.12307': attribute type 1 has an invalid length. [ 1246.456624][T17837] netlink: 24 bytes leftover after parsing attributes in process `syz.1.12307'. [ 1246.597172][T17640] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1246.639170][T17848] IPVS: set_ctl: invalid protocol: 92 224.0.0.2:20003 [ 1246.646854][T10411] IPVS: starting estimator thread 0... [ 1246.653121][T17849] netlink: 28 bytes leftover after parsing attributes in process `syz.3.12312'. [ 1246.663118][T17848] IPVS: nq: FWM 3 0x00000003 - no destination available [ 1246.750861][T17850] IPVS: using max 26 ests per chain, 62400 per kthread [ 1247.151943][T17875] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12320'. [ 1247.194255][T17875] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12320'. [ 1247.414464][T17640] veth0_vlan: entered promiscuous mode [ 1247.438293][T17640] veth1_vlan: entered promiscuous mode [ 1247.523119][T17640] veth0_macvtap: entered promiscuous mode [ 1247.537953][T17640] veth1_macvtap: entered promiscuous mode [ 1247.586717][T17640] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1247.644466][T17640] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1247.688939][T26594] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1247.727486][T26594] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1247.740008][T26594] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1247.772754][T26594] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1247.931703][T22665] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1247.960697][T22665] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1248.020910][ T5293] Bluetooth: hci5: command tx timeout [ 1248.067305][T22665] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1248.088220][T22665] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1248.163831][T17912] openvswitch: netlink: Missing valid actions attribute. [ 1248.194810][T17912] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1248.436412][T17926] bond1: (slave vlan0): Enslaving as a backup interface with an up link [ 1248.449279][T17926] bond1: option mode: unable to set because the bond device has slaves [ 1248.479792][T17933] xt_hashlimit: size too large, truncated to 1048576 [ 1248.890688][T17947] team0 (unregistering): Port device team_slave_0 removed [ 1248.907710][T17952] netlink: 7064 bytes leftover after parsing attributes in process `syz.4.12341'. [ 1248.919416][T17952] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 1248.938313][T17947] team0 (unregistering): Port device team_slave_1 removed [ 1250.328778][T18034] __nla_validate_parse: 2 callbacks suppressed [ 1250.328800][T18034] netlink: 165 bytes leftover after parsing attributes in process `syz.2.12362'. [ 1250.631237][T18047] netlink: 24 bytes leftover after parsing attributes in process `syz.3.12367'. [ 1250.883844][T18056] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12368'. [ 1251.549278][T18079] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12375'. [ 1252.172946][T18095] netlink: 24 bytes leftover after parsing attributes in process `syz.4.12379'. [ 1252.349286][T18107] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12382'. [ 1252.553524][T18117] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.12388'. [ 1252.643934][T18123] openvswitch: netlink: Unknown key attributes 2 [ 1252.749224][T18125] pim6reg: left allmulticast mode [ 1252.798515][T18129] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12393'. [ 1252.829098][T18129] netlink: 176 bytes leftover after parsing attributes in process `syz.0.12393'. [ 1252.857714][T18129] netlink: 24 bytes leftover after parsing attributes in process `syz.0.12393'. [ 1253.008817][T10413] IPVS: starting estimator thread 0... [ 1253.113830][T18143] IPVS: using max 30 ests per chain, 72000 per kthread [ 1253.668379][T18189] "syz.4.12408" (18189) uses obsolete ecb(arc4) skcipher [ 1253.800853][T18193] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1254.919096][T18257] netlink: 'syz.1.12425': attribute type 1 has an invalid length. [ 1254.925233][T18253] macvtap1: entered allmulticast mode [ 1254.962636][T18253] veth0_macvtap: entered allmulticast mode [ 1255.079312][T18261] bond7: (slave gretap2): making interface the new active one [ 1255.087892][T18261] bond7: (slave gretap2): Enslaving as an active interface with an up link [ 1255.481760][T18287] __nla_validate_parse: 7 callbacks suppressed [ 1255.481780][T18287] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12432'. [ 1256.289105][T18302] netlink: 'syz.0.12437': attribute type 1 has an invalid length. [ 1256.297655][T18302] netlink: 'syz.0.12437': attribute type 4 has an invalid length. [ 1256.309351][T18302] netlink: 9422 bytes leftover after parsing attributes in process `syz.0.12437'. [ 1256.447454][T18305] netlink: 'syz.0.12438': attribute type 1 has an invalid length. [ 1257.461187][ T5293] Bluetooth: hci2: command 0x0405 tx timeout [ 1257.574090][T18297] netlink: 16 bytes leftover after parsing attributes in process `syz.4.12435'. [ 1257.585964][T18305] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 1257.920044][T18331] netlink: 'syz.0.12445': attribute type 1 has an invalid length. [ 1258.165493][T18325] : entered promiscuous mode [ 1258.205372][T18331] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 1258.235178][T18339] bond1: option arp_interval: mode dependency failed, not supported in mode 802.3ad(4) [ 1258.265143][T18339] bond1 (unregistering): Released all slaves [ 1258.393653][T18343] syzkaller0: entered promiscuous mode [ 1258.399529][T18343] syzkaller0: entered allmulticast mode [ 1258.519887][T18356] netlink: 16 bytes leftover after parsing attributes in process `syz.0.12452'. [ 1258.665543][T18366] netlink: 16215 bytes leftover after parsing attributes in process `syz.2.12451'. [ 1258.724521][T18353] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12451'. [ 1258.749833][T18353] bridge0: port 2(bridge_slave_1) entered disabled state [ 1259.006896][T18384] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12459'. [ 1259.039735][T18384] netlink: 12 bytes leftover after parsing attributes in process `syz.2.12459'. [ 1259.202611][T18398] netlink: 16 bytes leftover after parsing attributes in process `syz.1.12462'. [ 1259.333048][T18406] : renamed from bridge0 (while UP) [ 1259.484827][T18412] netlink: 'syz.1.12467': attribute type 39 has an invalid length. [ 1259.574763][T10417] syz1: Port: 1 Link DOWN [ 1259.904334][T18439] netlink: 'syz.1.12475': attribute type 4 has an invalid length. [ 1259.932199][T18439] netlink: 'syz.1.12475': attribute type 4 has an invalid length. [ 1260.241809][T18461] sctp: [Deprecated]: syz.0.12481 (pid 18461) Use of int in max_burst socket option. [ 1260.241809][T18461] Use struct sctp_assoc_value instead [ 1260.286222][T18461] netlink: 20 bytes leftover after parsing attributes in process `syz.0.12481'. [ 1260.520048][T18477] __nla_validate_parse: 1 callbacks suppressed [ 1260.520072][T18477] netlink: 272 bytes leftover after parsing attributes in process `syz.2.12485'. [ 1260.631764][T18483] netlink: 'syz.2.12486': attribute type 1 has an invalid length. [ 1260.728966][T18487] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1260.813944][T18494] netlink: 4 bytes leftover after parsing attributes in process `syz.2.12489'. [ 1260.829078][T18495] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12490'. [ 1260.839605][T18495] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12490'. [ 1260.972152][T18497] syzkaller0: entered promiscuous mode [ 1260.977759][T18497] syzkaller0: entered allmulticast mode [ 1260.983913][T18503] netlink: 'syz.3.12493': attribute type 8 has an invalid length. [ 1260.983971][T18505] netlink: 'syz.3.12493': attribute type 8 has an invalid length. [ 1261.107815][T18505] block nbd0: reconnected socket [ 1261.120984][ T51] block nbd0: Receive control failed (result -107) [ 1261.187733][ T5293] block nbd1: Receive control failed (result -32) [ 1261.393722][T18513] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12496'. [ 1261.545658][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1261.556099][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1261.566153][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1261.593346][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1261.601439][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1262.260048][T14969] ================================================================== [ 1262.268247][T14969] BUG: KASAN: use-after-free in __mutex_lock+0x812/0x1300 [ 1262.275394][T14969] Read of size 8 at addr ffff8880478880a8 by task khidpd_00065508/14969 [ 1262.283756][T14969] [ 1262.286120][T14969] CPU: 1 UID: 0 PID: 14969 Comm: khidpd_00065508 Not tainted syzkaller #0 PREEMPT(full) [ 1262.286146][T14969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1262.286158][T14969] Call Trace: [ 1262.286168][T14969] [ 1262.286178][T14969] dump_stack_lvl+0xe8/0x150 [ 1262.286209][T14969] print_report+0xba/0x230 [ 1262.286231][T14969] ? __mutex_lock+0x812/0x1300 [ 1262.286250][T14969] kasan_report+0x117/0x150 [ 1262.286274][T14969] ? __mutex_lock+0x812/0x1300 [ 1262.286296][T14969] __mutex_lock+0x812/0x1300 [ 1262.286316][T14969] ? __mutex_lock+0x5ac/0x1300 [ 1262.286344][T14969] ? l2cap_unregister_user+0x6a/0x1b0 [ 1262.286365][T14969] ? __pfx___mutex_lock+0x10/0x10 [ 1262.286390][T14969] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1262.286416][T14969] ? lockdep_hardirqs_on+0x7a/0x110 [ 1262.286434][T14969] l2cap_unregister_user+0x6a/0x1b0 [ 1262.286455][T14969] hidp_session_thread+0x3cb/0x440 [ 1262.286478][T14969] ? __pfx_hidp_session_thread+0x10/0x10 [ 1262.286500][T14969] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 1262.286525][T14969] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 1262.286547][T14969] ? __kthread_parkme+0x7a/0x1f0 [ 1262.286573][T14969] ? __kthread_parkme+0x19c/0x1f0 [ 1262.286601][T14969] kthread+0x388/0x470 [ 1262.286618][T14969] ? __pfx_hidp_session_thread+0x10/0x10 [ 1262.286639][T14969] ? __pfx_kthread+0x10/0x10 [ 1262.286656][T14969] ret_from_fork+0x51e/0xb90 [ 1262.286681][T14969] ? __pfx_ret_from_fork+0x10/0x10 [ 1262.286704][T14969] ? __switch_to+0xc7d/0x1450 [ 1262.286726][T14969] ? __pfx_kthread+0x10/0x10 [ 1262.286743][T14969] ret_from_fork_asm+0x1a/0x30 [ 1262.286779][T14969] [ 1262.286787][T14969] [ 1262.448703][T14969] The buggy address belongs to the physical page: [ 1262.455128][T14969] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x47888 [ 1262.463924][T14969] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1262.472439][T14969] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1262.480023][T14969] page_type: f5(slab) [ 1262.484027][T14969] raw: 00fff00000000040 ffff88813fea8c80 dead000000000100 dead000000000122 [ 1262.492637][T14969] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 1262.501285][T14969] head: 00fff00000000040 ffff88813fea8c80 dead000000000100 dead000000000122 [ 1262.509981][T14969] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 1262.518677][T14969] head: 00fff00000000002 ffffea00011e2201 00000000ffffffff 00000000ffffffff [ 1262.527362][T14969] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 1262.536041][T14969] page dumped because: kasan: bad access detected [ 1262.542510][T14969] page_owner tracks the page as allocated [ 1262.548242][T14969] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 18521, tgid 18520 (syz.0.12497), ts 1262295742900, free_ts 1262243377188 [ 1262.569450][T14969] post_alloc_hook+0x231/0x280 [ 1262.574245][T14969] get_page_from_freelist+0x24dc/0x2580 [ 1262.579815][T14969] __alloc_frozen_pages_noprof+0x18d/0x380 [ 1262.585641][T14969] allocate_slab+0x77/0x660 [ 1262.590166][T14969] refill_objects+0x331/0x3c0 [ 1262.594888][T14969] __pcs_replace_empty_main+0x2f9/0x5e0 [ 1262.600470][T14969] __kmalloc_noprof+0x474/0x760 [ 1262.605346][T14969] hash_ip4_add+0x18ba/0x1ee0 [ 1262.610055][T14969] hash_ip4_uadt+0x664/0x860 [ 1262.614673][T14969] call_ad+0x398/0xb60 [ 1262.618771][T14969] ip_set_ad+0x824/0x9d0 [ 1262.623036][T14969] nfnetlink_rcv_msg+0xc00/0x12c0 [ 1262.628088][T14969] netlink_rcv_skb+0x232/0x4b0 [ 1262.633130][T14969] nfnetlink_rcv+0x2c0/0x27b0 [ 1262.637830][T14969] netlink_unicast+0x80f/0x9b0 [ 1262.642623][T14969] netlink_sendmsg+0x813/0xb40 [ 1262.647419][T14969] page last free pid 7967 tgid 7967 stack trace: [ 1262.653856][T14969] __free_frozen_pages+0xc2b/0xdb0 [ 1262.658986][T14969] bt_host_release+0x82/0x90 [ 1262.663599][T14969] device_release+0x9e/0x1d0 [ 1262.668340][T14969] kobject_put+0x228/0x560 [ 1262.672783][T14969] vhci_release+0x15a/0x1a0 [ 1262.677313][T14969] __fput+0x44f/0xa70 [ 1262.681411][T14969] task_work_run+0x1d9/0x270 [ 1262.686102][T14969] do_exit+0x70f/0x23c0 [ 1262.690273][T14969] do_group_exit+0x21b/0x2d0 [ 1262.694882][T14969] get_signal+0x1284/0x1330 [ 1262.699429][T14969] arch_do_signal_or_restart+0xbc/0x830 [ 1262.704997][T14969] exit_to_user_mode_loop+0x86/0x480 [ 1262.710302][T14969] do_syscall_64+0x32d/0xf80 [ 1262.714922][T14969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1262.720941][T14969] [ 1262.723290][T14969] Memory state around the buggy address: [ 1262.728935][T14969] ffff888047887f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1262.737109][T14969] ffff888047888000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1262.745186][T14969] >ffff888047888080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1262.753271][T14969] ^ [ 1262.758656][T14969] ffff888047888100: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 1262.766738][T14969] ffff888047888180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1262.774814][T14969] ================================================================== [ 1262.786174][T14969] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1262.793437][T14969] CPU: 1 UID: 0 PID: 14969 Comm: khidpd_00065508 Not tainted syzkaller #0 PREEMPT(full) [ 1262.803280][T14969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1262.813373][T14969] Call Trace: [ 1262.816684][T14969] [ 1262.819638][T14969] vpanic+0x56c/0xa60 [ 1262.823662][T14969] ? __pfx_vpanic+0x10/0x10 [ 1262.828215][T14969] panic+0xc5/0xd0 [ 1262.831983][T14969] ? __pfx_panic+0x10/0x10 [ 1262.836526][T14969] ? __mutex_lock+0x812/0x1300 [ 1262.841328][T14969] ? __mutex_lock+0x812/0x1300 [ 1262.846126][T14969] check_panic_on_warn+0x89/0xb0 [ 1262.851111][T14969] ? __mutex_lock+0x812/0x1300 [ 1262.855904][T14969] end_report+0x73/0x180 [ 1262.860188][T14969] ? __mutex_lock+0x812/0x1300 [ 1262.864987][T14969] kasan_report+0x128/0x150 [ 1262.869528][T14969] ? __mutex_lock+0x812/0x1300 [ 1262.874332][T14969] __mutex_lock+0x812/0x1300 [ 1262.878953][T14969] ? __mutex_lock+0x5ac/0x1300 [ 1262.883751][T14969] ? l2cap_unregister_user+0x6a/0x1b0 [ 1262.889161][T14969] ? __pfx___mutex_lock+0x10/0x10 [ 1262.894229][T14969] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1262.900086][T14969] ? lockdep_hardirqs_on+0x7a/0x110 [ 1262.905319][T14969] l2cap_unregister_user+0x6a/0x1b0 [ 1262.910562][T14969] hidp_session_thread+0x3cb/0x440 [ 1262.915713][T14969] ? __pfx_hidp_session_thread+0x10/0x10 [ 1262.921386][T14969] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 1262.927769][T14969] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 1262.934075][T14969] ? __kthread_parkme+0x7a/0x1f0 [ 1262.939054][T14969] ? __kthread_parkme+0x19c/0x1f0 [ 1262.944129][T14969] kthread+0x388/0x470 [ 1262.948230][T14969] ? __pfx_hidp_session_thread+0x10/0x10 [ 1262.953907][T14969] ? __pfx_kthread+0x10/0x10 [ 1262.958528][T14969] ret_from_fork+0x51e/0xb90 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1262.963167][T14969] ? __pfx_ret_from_fork+0x10/0x10 [ 1262.968322][T14969] ? __switch_to+0xc7d/0x1450 [ 1262.973041][T14969] ? __pfx_kthread+0x10/0x10 [ 1262.977661][T14969] ret_from_fork_asm+0x1a/0x30 [ 1262.982478][T14969] [ 1262.986123][T14969] Kernel Offset: disabled [ 1262.990454][T14969] Rebooting in 86400 seconds..