last executing test programs: 2.705284517s ago: executing program 0 (id=4230): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)=0x2) bpf$ENABLE_STATS(0x20, 0x0, 0x0) syz_emit_ethernet(0xaf, &(0x7f0000000140)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb0008c64b17db9eb569b6798cdb8304000000d7d3e266bd69c311764b58a993a2ba7e02206e3ec09e5fc944783f94e9786a048c3eeb1724120fa53599a2186666f995df12081d7e16cdecf86e281c27f249a623d98a6e0a7ac394092ed9449eccb5caa6844538196f473d51f7b542cb3982d3c604"], 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000680)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000000c0)}}], 0x2, 0x4040040) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r2, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) bind$unix(r4, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r4, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) connect$unix(r6, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000002640)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000340)="b2", 0x1}], 0x1, &(0x7f00000006c0)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r5], 0x18, 0x8800}}], 0x1, 0x0) r7 = accept(r4, 0x0, 0x0) recvmsg$kcm(r7, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x40000122) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x8, 0x3, 0x278, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x328, 0xffffffff, 0xffffffff, 0x328, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x18}}, [], [], 'wg1\x00', 'caif0\x00', {}, {}, 0x62}, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0x0, 0x0, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x2d8) ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000140)={0x1, &(0x7f0000000080)=[{0x6, 0xfc}]}) write(r0, &(0x7f0000000280)="4591", 0x2) r8 = socket(0x10, 0x3, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000a80)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="953a04"], 0x24}}, 0x0) recvmmsg$unix(r8, &(0x7f0000002a40)=[{{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f00000008c0)=""/200, 0xc8}, {&(0x7f0000000640)=""/249, 0xf9}, {&(0x7f0000004480)=""/4098, 0x1002}, {&(0x7f00000007c0)=""/97, 0x61}, {&(0x7f00000001c0)=""/104, 0x68}, {&(0x7f0000000300)=""/25, 0x19}, {&(0x7f0000000540)=""/130, 0x82}, {&(0x7f00000009c0)=""/133, 0x85}], 0x8}}], 0x1, 0x2080, 0x0) write(r8, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14) setsockopt$inet6_tcp_TLS_TX(r8, 0x11a, 0x1, &(0x7f0000000000)=@gcm_256={{0x303}, "c4c3ff152b168224", "079977e61b3dabb5a6cba7e0f3dc4b56ebac0eb923bd46592e83ec159474730c", "c343497b", "c481def765182e94"}, 0x38) 2.084531891s ago: executing program 2 (id=4240): r0 = socket$nl_route(0x10, 0x3, 0x0) (async) bpf$ENABLE_STATS(0x20, &(0x7f0000000040), 0x4) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@ipmr_getroute={0x1c, 0x1a, 0x100, 0x70bd2b, 0x25dfdbfe, {0x80, 0x14, 0x10, 0x2, 0xfd, 0x4, 0xfe, 0xa, 0x200}, ["", "", "", "", "", ""]}, 0x1c}}, 0x0) (async) bpf$ENABLE_STATS(0x20, &(0x7f0000000080), 0x4) 1.951877591s ago: executing program 2 (id=4244): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DEAUTHENTICATE(r1, &(0x7f0000002a00)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000029c0)={&(0x7f0000002940)={0x70, r2, 0x0, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x1, 0x55}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @random="b31de23ab07f"}, @NL80211_ATTR_SSID={0x1a, 0x34, @random="c4b6029257d9315af437316b7272f83336057948f46f"}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@broadcast}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}]}, 0x70}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) clock_gettime(0x0, &(0x7f00000028c0)={0x0, 0x0}) recvmmsg$unix(r0, &(0x7f0000002780)=[{{&(0x7f0000000140), 0x6e, &(0x7f00000003c0)=[{&(0x7f00000001c0)=""/192, 0xc0}, {&(0x7f0000000280)=""/208, 0xd0}, {&(0x7f0000000380)=""/35, 0x23}], 0x3, &(0x7f0000000400)=[@cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x78}}, {{&(0x7f0000000500)=@abs, 0x6e, &(0x7f0000000a80)=[{&(0x7f0000000580)=""/205, 0xcd}, {&(0x7f0000000680)=""/5, 0x5}, {&(0x7f00000006c0)=""/119, 0x77}, {&(0x7f0000000740)=""/46, 0x2e}, {&(0x7f0000000780)=""/84, 0x54}, {&(0x7f0000000800)=""/79, 0x4f}, {&(0x7f0000000880)=""/216, 0xd8}, {&(0x7f0000000980)=""/178, 0xb2}, {&(0x7f0000000a40)=""/53, 0x35}], 0x9, &(0x7f0000000b40)=[@cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0xd0}}, {{&(0x7f0000000c40)=@abs, 0x6e, &(0x7f0000000fc0)=[{&(0x7f0000000cc0)=""/115, 0x73}, {&(0x7f0000000d40)=""/189, 0xbd}, {&(0x7f0000000e00)=""/217, 0xd9}, {&(0x7f0000000f00)=""/38, 0x26}, {&(0x7f0000000f40)=""/125, 0x7d}], 0x5, &(0x7f0000001040)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x170}}, {{0x0, 0x0, &(0x7f00000022c0)=[{&(0x7f00000011c0)=""/196, 0xc4}, {&(0x7f00000012c0)=""/4096, 0x1000}], 0x2}}, {{&(0x7f0000002300)=@abs, 0x6e, &(0x7f0000002600)=[{&(0x7f0000002380)=""/126, 0x7e}, {&(0x7f0000002400)=""/93, 0x5d}, {&(0x7f0000002480)=""/104, 0x68}, {&(0x7f0000002500)=""/64, 0x40}, {&(0x7f0000002540)=""/39, 0x27}, {&(0x7f0000002580)=""/97, 0x61}], 0x6, &(0x7f0000002680)=[@cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xd8}}], 0x5, 0x40000100, &(0x7f0000002900)={r4, r5+10000000}) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@flushpolicy={0x10, 0x1d, 0x525}, 0x10}}, 0x10) connect$inet(r6, &(0x7f0000002a40)={0x2, 0x4e22, @multicast1}, 0x10) 1.845560782s ago: executing program 1 (id=4245): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000001c00)={&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/251, 0xfb, 0x0, &(0x7f0000000c00)=""/4096, 0x1000}, &(0x7f0000001c40)=0x40) getsockopt$inet6_buf(r0, 0x29, 0x16, 0x0, &(0x7f0000000240)) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x40, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_INFO={0x18, 0x3, "c6a41d10ff0000f500e906000000000001070000"}, @NFTA_MATCH_NAME={0xa, 0x1, 'owner\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x4048010) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$wireguard(&(0x7f00000001c0), r2) sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a80)=ANY=[@ANYBLOB="4c020000", @ANYRES16=r3, @ANYBLOB="01002dbd7000fddbdf25010000001400020077673200000000000000000000000000240003000000000000000000000000000000000000000000000000000000000000000000000208805400008024000200935fcc0d76a5bcfce584052ea21b4b2622057154ff788c325f3b596e54307c08080003000200000024000100d1732899f611cd8994034d7f413dc957630e5493c285aca40065cb6311be696ba80100802400010004000000000000004f020211456727082f5cebee8b1bf5eb7337341b459b392208000a00010000007801098040000080060001000200000008000200640101010500030003000000060001000800000014000200fe880000000000000000000000000101050003000300000064000080060001000200000008000200e00000020500030003000000060001000200000008000200000000000500030002000000060001000200000008000200ffffffff05000300030000000600010002000000080002007f000001050003"], 0x24c}, 0x1, 0x0, 0x0, 0xc004}, 0x4004040) r4 = socket(0x23, 0x5, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x5, 0xb90, 0x0, &(0x7f0000000140)="259a00f271a76d1708fff74588a8", 0x0, 0xd11, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) ioctl$sock_inet6_tcp_SIOCINQ(r4, 0x541b, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x12, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b40800000000000073114200000000008510000002000000b7000000001a00009500c200000000009500001200000000"], &(0x7f00000001c0)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x10, '\x00', 0x0, @cgroup_sock_addr=0x9}, 0x94) r5 = socket$inet6(0xa, 0x1, 0x16f) getpeername$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000300)=0x1c) connect$phonet_pipe(r4, &(0x7f0000000180)={0x23, 0x9, 0x0, 0x9}, 0x10) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{0x1}, &(0x7f0000000040), &(0x7f00000000c0)='%pS \x00'}, 0x20) 1.656804204s ago: executing program 4 (id=4247): r0 = accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x80000) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000040)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000000c0)={r1, 0x5, 0x0, 0x4}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000140)={r2, 0x2, 0x0, 0x6, 0x7}, &(0x7f0000000180)=0x18) r3 = openat$cgroup(0xffffffffffffffff, &(0x7f00000001c0)='syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_ro(r3, &(0x7f0000000200)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000280)={'sit0\x00', &(0x7f0000000240)={'erspan0\x00', 0x0, 0x8, 0x80, 0x0, 0x0, {{0x6, 0x4, 0x2, 0x3a, 0x18, 0x67, 0x0, 0x8, 0x6, 0x0, @loopback, @remote, {[@ra={0x94, 0x4}]}}}}}) r6 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r4, r5, 0x25, 0x4, @void}, 0x10) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r4, 0x84, 0xa, &(0x7f0000000300)={0x8ea1, 0x7f, 0x8000, 0x3ff, 0xd, 0xfffffffe, 0x80aa, 0x3, r1}, &(0x7f0000000340)=0x20) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000380)={r7, 0xfff7, 0x30, 0xc, 0x6}, &(0x7f00000003c0)=0x18) r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r8, &(0x7f0000000400)={0x24, @short={0x2, 0x0, 0xaaa0}}, 0x14) ioctl$sock_inet_SIOCSIFDSTADDR(r4, 0x8918, &(0x7f0000000440)={'team_slave_0\x00', {0x2, 0x4e20, @local}}) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000500)={r7, 0x68, &(0x7f0000000480)=[@in={0x2, 0x4e23, @rand_addr=0x64010102}, @in={0x2, 0x4e20, @private=0xa010102}, @in={0x2, 0x4e20, @rand_addr=0x64010100}, @in6={0xa, 0x4e24, 0x8, @private1={0xfc, 0x1, '\x00', 0x1}}, @in6={0xa, 0x4e22, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}}]}, &(0x7f0000000540)=0x10) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000680)={@cgroup=0xffffffffffffffff, 0x31, 0x0, 0x4, &(0x7f0000000580)=[0x0], 0x1, 0x0, &(0x7f00000005c0)=[0x0], &(0x7f0000000600)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000640)=[0x0], 0x0}, 0x40) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000006c0)={@fallback=r8, r4, 0x7, 0x0, r4, @void, @value=r4, @void, @void, r10}, 0x20) ioctl$XFS_IOC_START_COMMIT(r9, 0x80585882, &(0x7f0000000700)={0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r11, 0x84, 0x73, &(0x7f0000000780)={r1, 0x2, 0x10, 0x72, 0x5}, &(0x7f00000007c0)=0x18) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r4, 0x84, 0x1a, &(0x7f0000000800)={r7, 0xa7, "77e39417c18fee5b75920fac26f1944d5b2c77512a7c6540ceffc58f44905771015a0a355a27103fc557e97e9867ef342058df15b12895367677e2a9a085ae831cad734c24c6e4af3ff8ad3bcf2231b645b844643788a5ac5eb8de98b4058fc948aca0b87b589e0ecb189a9aff8df2eb5bf9e132e4977c6ee41b76096179f73c3b0045a57a23d189bb8a0e4baebaa78e2392265212c1af7c1b7496b88c0e13dfaf1bc533900ce3"}, &(0x7f00000008c0)=0xaf) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r11, 0x84, 0xa, &(0x7f0000000900)={0x8, 0x7, 0x8002, 0xd2, 0xe, 0x6, 0x3, 0x9, r12}, &(0x7f0000000940)=0x20) syz_genetlink_get_family_id$nfc(&(0x7f0000000980), 0xffffffffffffffff) sendmsg$802154_dgram(r8, &(0x7f0000000a80)={&(0x7f00000009c0)={0x24, @long={0x3, 0x3, {0xaaaaaaaaaaaa0302}}}, 0x14, &(0x7f0000000a40)={&(0x7f0000000a00)="de36fc11bd8c7c83468105", 0xb}, 0x1, 0x0, 0x0, 0x84}, 0x200080d0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000ac0)={r4, r11, 0xb, 0x0, @void}, 0x10) write$nci(r11, &(0x7f0000000b00)=@NCI_OP_RF_DEACTIVATE_NTF={0x1, 0x1, 0x3, 0x6, 0x7, {0x10, 0x9}}, 0x5) pwritev(r6, &(0x7f0000001d80)=[{&(0x7f0000000b40)="093cbccf36639dadccf1352cb2fb9c979cb1588ba49ea0298823ba5ab402b12fa9e6d3048cad199bd2adf4552319b7146f269f528db941b1205740917615f6bf22c9f9825632eeb8d45a11a28247e75a089f8fc8edc9c25c8839c208a2523159ea4bfa78ccca7b9400a9c16f865dbb03b9637b6e6141e93355b3d9da65c074d3e616ea39b5c1051aed089f9b714a7a995599f69d65f4a3e78b5ac522a96a394d73443c454643333b0b09e8f40f18ad8cc3069621c816bc0088c99b3f85cd3c7a33e4b2085ba178cce218064ca74dac90be61b3b653cf922ea2207dbb320c37379bef5e54cfd21f3dcb8aa87744fcb7142f6db57a98dbb537fd56c34a0f378c50fd1800ab170e904d627e9265bc13cf334fa0667976dedb8042e4b3c41a0e712fa749d74920f2f9cca0d94e37bff5d1b0f4382b645bfdaf73a607071b6663de0ffeedbe0742c1d9999036096826ad8c6da2cb6a7e30da4e9b2c217ed8873287e007436eb1f9a30e7ba0ec714bae4fb1e9378200000896122834b824190d9529d39d536308604d9ce31588977157d4a49049f0776331f1fc065f9283c36dfb0605a7a047b045f317360ede6d86d12685aee32bd04a5825f34e013f99f4d88ad6dc4b18ef1609714674eba3c3b4a1287426202c086b88571d688fa97a295ae18db63d976c92ec4fe14fba1fa4c33c38d889a61439bfdb74c8c95ceb8821c4ce7a3acebe4a918f599c4691901dcc3157552239156b83a333080df0501890645043bd8ae72fe909348e943907f2de830cd164c257ca211152d4a36f5eec3e8ce65988d3046e997197fd8160eef3696e79e88272b46d6baed9c95186eb270de1e32595a95e9ba0e1ce871b8c614e31d423ca23915fcf134f99cd969e5b47264d5f7e5ad00a878cad2131e4d5280e4833c5aa98fa3da6f1c1a2febd3b55190e864d94c7594272ce961faad1607134060b55550ea4376935790750a06fd1e70fd9037f6ffadea49d14d4b9f3f8c2ae2052938e9040c6865157f2a59c27c57d297416fb5b3d0b66bd2c8d710b702f45eb74d47ae24f3335d28690376daa80414d2e76854bcee2597f030fb0d4d244e0983a715b3d4065df13a84b5a25102dd0a29a6dd28806eb1ec6251bffeb26f69cc0de10e1011f3d9e82b99b6231b5b7c225ebbb436d5421ac9af43090a02d17d5303a44fa89f6897e077427cffbd8243902a1fbcae59a726085793e262bd01951e320b117753510d8117ebd4eca004026683f4553716c69a9ef0649666e6fec93061b1f0f7292fb6fe2895d95d7ebdd4474ac12d5a985b844e8b39b3b8ff344be40bc13bb3692c4c1a3a8e4bad6f3df4abc3892355d5213e862d98783f18de11d955e8aecb7f2fadead3326fdeeac1ddcbcb67b672ce4a4cfe79ef4d6ba24be36d5fd19a6454bb46f98af2993d09ef4f3b3e67ada228397e47ac69dc6454c17071374b32469769f2db1a5f65db1136c39b923114ea656307be984eec045c8d3e271ca0e94f3b50e56a61e43848f95a020f7a16bc71f998bd08ad19aeb1d51597bff5dc345ea828ee0880fbdf9ed8bb63999ffb47fc947401b0d61116e618cf5f16a5af61d04fb06f603b9814c167be8aab634636fa15d65fae1450d5188d1f21ea97411aa16c9378bbb42dbecd6cc5b2a1fed75a7e3770195e07a87dff5c6df47b3ee9494475ef323f2c27cecc27b1b51a023e2a865952d64a3713000473841101ee002b6c7bd222738fca61e214dd4076af5dde5bcc279868bcf650bd217ba660f81611461698a9591899db111103ecdbd2292e0ff88be8305b85afaf442d3fafe083c897f59edcc5d82163d36173327e116f4221f471b3d42865fea5673c18d8c4db1a18f6ddd81d3dc298be70a46fc5688c66ad1fe1ccc83348f4ff5beda8c94cb1c4e1653ce5e561b0807969e92a6a975e20e13cddb0de497bf91cc316c4e740b5af2bf2e2754c359bb367e8f5c988bd82c7f24ef19cd1c1fb86c720d18a988c616658edffbe7b37da83f063f94170964b87ffe3776d27fecd37b1aeea28c6564e8ff9d6df5080a084983b71affe2e8aeb97a2fbabe799d31e8a7bcdbcdff72523a57de756e3fe360c0fb00875ea94f643374233067112d8163158e0ee0db238a055077b8315b10e9643df6b05b2f1221570b9a1aae73482cc52ca555ce7f89d0dec973c34a612bea7330eed38c8f33913e99db924250a5e50508ca1734c9866b03ab151925c87068834d96744f7e4407b4dd85333dc420c7b2e3afa6411bfa702e0cb5866db47bacc860ede9b28d730fa63fd2ad374924f3e14e53aea5a61b5c9a4c85b2fa8db3daf571a5396b2571855a0148f0a911d8b21a00fe5271ce639a6d1f343346c0eb60a34801122d0f4bf48d35fe1aaf85b94d68c6905fba9374cca9a2018c18fee13de6c006d0273c8b1ae3b147de8803691b76ab0fad0b693cdfccbd7535b1c1321f7efe22a5868334d5c1dcb4436f5085f1b148ccf2a6071e600f4a3d5bbc2354086d39e2ea3900c89931e8c7794e11d598c85a03d6f70e1ea7b69e698e3ea135c41987a8c0a76fa36b79435fa028edd25ceaba692fe4ab6f36470657feba7b4d4c0327569f1f9fbe6351c06d8e9fb198d674566451da5f00a51c164710c9ce4ebd79c3f4ee73ff3e8d502e957309726cd5a7bca2c0e3b096af982599bf7a94cb3b31176587d587bc0f7fb993a0ef3c1312c54be467c6f7722327ea6f25717ced023d010b444fc8562a043e1d50ffc9f47aaf9807dc9fc2db6843a488cd7805a0c255fe642306630957dbbc6fdc9afc95a0cfb2f2731f9c48e60da3df6f324b5d2551f53a6b469642685ef0ad8f02cde1eb8bf00c3b4f0e4a4a3b50bcaf2b22cd2d31b888610aaf6cd6df0d81b32d3c0f2883882785769f64b098ce56bc82581a1f1b807403b8e0bdd821e6582707dbd31d6cd66375bf19c1dec357b9cde00c4d9257eb42c7d93410a3aa6b37be0fe7fdb0619236377a4329c3b3c8789eeab09afc146a06c081ed8157b0b630f58312fb14ea1e19c26dfdcf1c56c3f2dfd4355ce00695902f4f1642d54974b7dc0f207ad143fc2f9a505bf2bfbb94d3b96960a596605cc034e50aff2700ac1dacea92449fe5eca74d5f4a388437b9c58b057b76bcda9c81b96a12d181a81552c0169cf98211a9ac0ac921c0a4a3606f69694ed78a1174ec5e989121a3e8569389800bfe77265047ac39a930af889223f350ed2e84338d03394b9a02d8803a6b6b35e57036f4c21743f57e7c1578e19a9ab20e79f5e88a584fc102ba4761e0acdec0eb7490ca2a2d7f6df4bf8a96971b09e939fa511c8f7ce9f9f4ef83ba779b291e65feffdb24dee9cff7951fede8c6f3e164f06aea437c703743dc5aac7a42c7b0bf4863561841fecfa09437f51a446e96b8d7159c92dec03110694860b5641bcda791479a70c575dbbf4c89dba07271575c6c7ef89a9b4f390ebf447f2823726b023719ecc5ae9a94e5b01b3d47bde77a394fbd62d9db1b4c9ed788b3cc2dcefd72511d797d5d646a01c16aa741d5cc54e1d72b9a773182918631405e37015fa67c619cd6f6dcb2550bb4498d577c05066d0d3b783195967490d435eea5e323bc4468dd1c3b6aa2fb2603457c0907e371d6a8c63459e51da7ffd557d2e8bd359747af49a8dbfd78eb0ae8c7ea414fdf2a1d11c68505967316af5d1d7a43271ed7ca24864128cacbf8433e2ad37627c74cec9330b76485e8983bce752d6f9cf32ff18c73f312c8f20f9cf375290237c420cbdf63e3cb1bf9de8d79b51e4d414c4a69d643ebff089edaf3ee2ca01a8345281b3ae833dd389ea9eb62f7f4135f8259540dce102fd1159262d2720cf8c70d2306ff4b84f3852f88153d61d26e3d40f9764d39dc7c9c48181bba2d4ca5ac02045a5258b30aadad7bacd60bde5f1ee5ecceb21b27c91181de8445ecd431f06bc04c13c1f9962bc2bd5432b4f6ab0366974a0df328207ef4e0ac150befb330e89e3201437a9df4d5b4cda8ab5bcfc91d806b58b970e164af3f68a379b8425126836ed2c1be943996090dadd01d7ecad0ea28953716cdb1cf1d475ee5b09e36770c054f581445621566fa1bbf643fe25cadbc2288f2cfa87a6715504756c7094e01a9e775fe4c618af4c9e35555d6e1f7b0945baa8e104a88ed9e170f4d3a572b8645bbf3d267e90192c976a9a43c43a1ab261a160d11c607963e0a4fdfbb0641e749bff8128c9f09596fbd7eed4fbf78cc6b695663c5f155d01c4d327b17ddd3f9d08be9ccbb3cce5882641be2b1c079a995a2edc8787f886cc836b2ac51d17542594cabb6c2194a909dc8c515f7a45b6df7650087a731c0a86d706ffcb3927ea0e60870cd033bcb93b835c8d81c822e5aef507bc1d7025fd676374fed319c1dfe5896f230a164f53571a802b0baa1f8a3e50ba9b79a478ea1be573b289983d03ef7640e68ab642660f17c4c8b93c2f3bb75e26b937fe85e3c694098c86c225333558357e1d8ed4f793d6d232f13fda095b1f28f51fcc44d95dd91ce97a5b50b15c15be1af248460384bbb925374582ef6aaccfd1c9d33e144d1f44a1fcc048f8d3e56d27a92fa5f4364b337be7bae363274bdb20adb7eafa54ce4e6802413df43accf4c217fbfcfe249d26b80bd63273dd01476e9d45916c147ae053566f6e894e47ed5ca00162973cebf2bc50bd32aca50275dda87d8acad6210d5bddd04c7616c43eaf30dd7b9d6e5ce42dd39f38cf4ee20e4ec694c54e64de5816d841f8689ac4803856e847e0cac8116ae0b1688ecb174bebc4223427a7b5d7d33a1256144b7a60440e35c04e3d3734de62b001a1a4bea8d2ee7a045d275fc6b00bc7b6026bdb85d0988549d2be4149b689189a3bf8b0ef33945872cb81db62565813a810f6872b0248a93ce5b42aeae4c61759f34aaf871ae61f4a1a796316c308aeb65334503e0427eb39adc609059890129b14cb0c749a1220d617594ac09ffc8c9b0df19e9bcfe6c65737889a239bc611cc3749f565e5d6b07ad6df9591fa6d7e8e96cf8c3e6ded3d5ece038f053427907a10faffa8ce79108ad677d1e9ee6cb4dbb748a4839e97a90311b6ae1fd257d55d133cbc2a7b0e562a8d524174959bb0ded5c7fd7eca02938a5d64b69c8322dfdc91c2b99107c05f6f146425e2d677f8159e2395d2a81d68db4e043407374d8fd9359aab72eac71a4047254436f0079aaa00123bbb7906ab233fd083dd48882ebd650763879340ce72a13633401cc04af87fb567e3f959d3bbc9d601f67e00779de661b112a4b6c19348db27ed648cf31b39799b8611d1288549324e3bcfff37da6da16b1965f2adcef031cf958c5ac555c06d007a8218e72869ee2b7db1dfd695f61d2a93ab8c3bafb500a5739de716d3184cf810682e2cc40f8298bac93fe06df9439f5df8412b41abed583101f460995e06681741ee1f14b111bb5dc1995027f2f313d53156829367eff506222385d997d0318e4266fb544f1a8909806bde24abd70f6c1c0fa3ffaec85519f2e291692ad9b006410932e69bf056e23393baa4ba9099738b25a823a17f019fe5079a05f009c94ab3b832b7aea419621a9f4059e8e2108a821ddbf9981e289aa59a7097482987abee7b98af3d69579e30de38c9c3970143b82b9dfb637fbdd53080668be950d20510da771fd080000640148ea4cff8226e749be575aca8f8fe4797b53a4649373ba1eb4c808d418b861ea4e5015e715c440eea8bb2ba355081c5d587e79c7d382cec54c92153effb8a49b5411", 0x1000}, {&(0x7f0000001b40)="412f68778474d62995bc377e643a249719385e37ac907b4f2f0d1248f85545a7af22972b4266dfbd25b5a5e346e19918ee3bbf7bdca2bf21390cc33efbd239d36175502e1c233e4bc73670efa64f438157d49496e62033ddd9931836ca2541a727e7f6194096e7dda355ef86f61ed5f24380b2438c9ea5f8ee3e7ca64b", 0x7d}, {&(0x7f0000001bc0)="4345919d2b019e018af0dcb6e2621e660da8d1598296e5ebabbcd85670269f1ca8f6c3deaad13635c3e1628e3c6ed5979a96110f6dbffa786e522b0699c2684d3bccc3b1ace3514b7001deabe9eb70ba3ab752fbf25562076417666451a41b9c0ca8c706dedb6b091a856599d64c6b665559dd2a65588bc3bce823d636e594d9fecd3bdf801fc8bcd50174cd07a93b94de5f42f0cc1798bae695afb5253e50d52e79633a27afad74a7f4ba68a4fe254c50d0b10ab2e149969943b20f42a7b44353a7ff", 0xc3}, {&(0x7f0000001cc0)="ac175b187e316f80a1badae4581c6e154ccaf85b3476cf3a883861dce749b1a5f6b6edf9da21cbab8bc21c46c9", 0x2d}, {&(0x7f0000001d00)="b29dbabdeaf1062550124558e9dc790a9ef55a1076d940c9d742a76ab446e21da92e9a91adbe01a0d21428cea211546f1c368ad9e6eee91dc1a080b989f2486ad6a458fc1d0dd9e6786dcf4df0944984b013", 0x52}], 0x5, 0x5, 0x0) ioctl$AUTOFS_IOC_EXPIRE_MULTI(r3, 0x40049366, &(0x7f0000001e00)=0x2) recvfrom(r11, &(0x7f0000001e40)=""/228, 0xe4, 0x20, &(0x7f0000001f40)=@ax25={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x3}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}, 0x80) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r4, 0x84, 0x12, &(0x7f0000001fc0)=0x3a, 0x4) r13 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r13, 0x84, 0x6, &(0x7f0000002000)={r1, @in6={{0xa, 0x4e20, 0x9, @dev={0xfe, 0x80, '\x00', 0x34}, 0x80000000}}}, &(0x7f00000020c0)=0x84) 1.641883683s ago: executing program 4 (id=4248): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="640000002f0009002cbd7000000000000500000050001180"], 0x64}, 0x1, 0x0, 0x0, 0x42804}, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)={0x14, r2, 0x601, 0x70bd25}, 0x14}}, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x8000000, &(0x7f0000000680)=[{&(0x7f0000000000)="5c00000015006b05c84e21000ab16d6e230675f802000000440002005817d30461bc24eeb556a705251e6182149a36c23d3b48dfd8cdbf9367b098fa51f60a64c9f408000000e786a6d0bdd70000b6c0504bb9189d9193e9bd1c1b78", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) syz_emit_ethernet(0x317, &(0x7f0000000180)=ANY=[@ANYRES64=r3], 0x0) r4 = socket$netlink(0x10, 0x3, 0x10) ioctl$BTRFS_IOC_QGROUP_LIMIT(0xffffffffffffffff, 0x8030942b, &(0x7f0000000100)={0x9dad, {0x4, 0x43d2, 0x9, 0xfd6, 0x8}}) sendmsg$IPSET_CMD_FLUSH(r4, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="280000000406010280000000000000000700000a0900020073797a32000000000500010007000000"], 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x0) 1.600026241s ago: executing program 1 (id=4249): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="140100002f00010000000000fcdbdf2504d6f22d6b0018"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) bind$bt_hci(r0, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$netlink_NETLINK_NO_ENOBUFS(r1, 0x10e, 0x5, &(0x7f0000000280)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth0\x00', 0x0}) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000040)={r3, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x9}}, 0x10) r4 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r4, &(0x7f0000000040), 0x10) listen(r4, 0x0) r5 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r5, &(0x7f0000000080), 0x10) connect$vsock_stream(r5, &(0x7f00000002c0)={0x28, 0x0, 0x2711, @hyper}, 0x10) r6 = accept4$unix(r4, 0x0, 0x0, 0x0) recvfrom$unix(r6, &(0x7f0000000140)=""/263, 0x107, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x60, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, 0xe59bca127d81b0fa, 0xc574450d1af3b5bc}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x14, 0x5, 0x0, 0x1, [@IFLA_BRPORT_MULTICAST_ROUTER={0x5, 0x19, 0x3}, @IFLA_BRPORT_STATE={0x5, 0x1, 0x3}]}}}, @IFLA_IFNAME={0x14, 0x3, 'bridge_slave_0\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x20044010}, 0x4040) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x0, 0xb4a02fe0ce239f93, '\x00', 0x0, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r8], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x59, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, r9, 0x0, 0x0, 0x0, 0x0}, 0x94) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r10, 0x2000000, 0xe, 0xffffffffffffff94, &(0x7f0000000040)="630b008646dc3f0adf33c9f7b986", 0x0, 0xcf25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x80}, 0x50) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f00000004c0)={r3, 0x3, 0x6, @remote}, 0x10) setsockopt$packet_drop_memb(r2, 0x107, 0x2, &(0x7f0000000100)={r3, 0x1, 0x6, @local}, 0x10) write(r0, &(0x7f0000000040)="09000000010001", 0x7) 1.484536874s ago: executing program 0 (id=4251): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x4, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000018000000bca3000000000000240300f840feffff720af0ff0000000071a4f1ff000000001f030000000000002e0a0200000000002600030008ff000e61148c00000000001d430000000000007a0a00fe00581c1f61144f0000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58d"], 0x0}, 0x94) r1 = openat$cgroup_devices(r0, &(0x7f0000000240)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r1, &(0x7f0000000280)=ANY=[@ANYBLOB='b *:* rr'], 0x9) r2 = socket(0x10, 0x3, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @empty}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r3, 0x84, 0x17, &(0x7f0000000080)=ANY=[@ANYRES32=r4, @ANYBLOB="00005500bdddb2e4ee2964f5c800e06fa305a9a471f00d7b340175b765cf7300e6188419e5a902659bf17aeba42218cb37e0701dffbc571b5d497208eea2b50c033ae243b32a7ce4f280da5a00"/89], 0x5d) setsockopt(r2, 0xfffffff8, 0x1, &(0x7f0000000180)="925ea077ae5e83a4c6d1b75a7850b43b11a87526fb617d6a6a677cbd5fb100e1185472c23c939ed639919326b671de307304f2774e199dbf25a51d5ad18fe9d23f610c3e87f977e12a4b5c3f5328366e08b8316c5003c33da36462e723082f62ab97fb09fb786308fcb9c660df09a826bc9341be8070f4e337cb94e864261e", 0x7f) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000004c0)={'dummy0\x00', 0x0}) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xffff}, {0xffff, 0xffff}}}, 0x24}}, 0x20000000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000940)={0x6, 0x10, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000021bf0000000000000500000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000db090000a1000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x6}, 0x94) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x38, 0x24, 0xd0f, 0xfffffffd, 0x25dfdbfe, {0x60, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pie={{0x8}, {0xc, 0x2, [@TCA_PIE_TUPDATE={0x8, 0x8, 0xffffffff}]}}]}, 0x38}}, 0x0) 1.467145742s ago: executing program 4 (id=4252): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="5000000010000d040400"/20, @ANYRES32=0x0, @ANYBLOB="00000000195000001c0012800c0001006d6163766c616e000c0002800800010008000000140035006d6163766cd96e300000000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x0) (async) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="5000000010000d040400"/20, @ANYRES32=0x0, @ANYBLOB="00000000195000001c0012800c0001006d6163766c616e000c0002800800010008000000140035006d6163766cd96e300000000000000000"], 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x0) 1.307611939s ago: executing program 4 (id=4254): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x24008004) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', 0x0}) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000040)="39000000120003474cbb65e1c3e4ffff07000d0001", 0x15}], 0x1) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f00000047c0)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="180000007a"], 0x18}], 0x1}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x6}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x28, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0xd, 0x7, 0x1, 0x3d3b, 0x0, 0xfff, 0xb709, 0x58f, [{0x0, 0x20008000, 0x4, 0x1}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084) recvmmsg$unix(r1, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1}}], 0x1, 0x60, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="ff07056b", @ANYRES16=0x0, @ANYBLOB="010002000000fedbdf250000000008000100", @ANYRES32=0x0, @ANYBLOB="0800080001", @ANYRES32=r2], 0x2c}, 0x1, 0x0, 0x0, 0x4004054}, 0x4000044) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x2000}, 0x4004084) r4 = socket(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f0000000000), 0x4000000000001f2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="5800000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="3c8403000000001d46003526b912800e00010069703667726574617000000018000280140007000000779cde222796651aaaaaaaaa000000831937b8b1987eea2300db69d382475a0f368c8ef38a7c6eb43ba25bf0e11e1c604194610a0f643da09f90a28ffb8d231766c6e1aaf87d47cd802a1f85ce63bb0f34245c26877d370000000000006caba68ad3f8badfb43a4e244d5fc76a4b4d3b66813408c3b5c0693b3e6baaa2d681a66a0703e6f09f424445b4a8f3683a6681e14889058927d6f12b1894dd8cc5df0baf5fdb57a558f4b0eb3bcc6e101adc09ee2a87476bb33d5ae961c2af3a1d0a37578b980ffb3eaa39bd2d6eb7ba1cfa28e2a4574f247e217684f38c3cb41a9ca632f7dbfeacc32b0fe36139c800b1cb09d4a64af5425a451784be41"], 0x58}}, 0x80) 1.305669697s ago: executing program 0 (id=4255): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newsa={0x198, 0x10, 0x713, 0x0, 0x0, {{@in6=@local, @in6=@local}, {@in6=@private1, 0x0, 0x33}, @in6=@local, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}, @algo_auth={0x59, 0x1, {{'cmac(aes)\x00'}, 0x88, "b6f3e543e3ff15c934decfda52def2c9f2"}}]}, 0x198}}, 0x0) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800110000000000000000000000ca6c9500000000000000ffdb360734076d08000d0ba8897489c522ba66c5439753d3e0c9b47bef3c2879fc55ce1649fcc6cff6b7eddc1ae3947efadabc0399ee4099902841e1c394783c541a69c0b2af1dcd8598b5c388992876d8e7858aed8e2f5308e47d9b93e38f092f022e25a098b85645ea1b65d5b5e38355cb7d53cb83ed9d6bc2756c81b8692e12b1b572660c0d83d23e57f5ffa19bad8b1feca88786116725e92d6d6e399a37a38899d361337c02c04a0dbda849dc41b918a60e7830677446f3280ea4f0e5"], &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0xc, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffd1}, 0x90) 1.210724868s ago: executing program 4 (id=4256): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) write$tun(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="000086dd0001110004000060a60c6eec00be00442fd3fe8000000000000000000000000000aaff020000000000000000000000000001042088be"], 0xfdef) 1.136571466s ago: executing program 0 (id=4257): ioctl$XFS_IOC_PATH_TO_FSHANDLE(0xffffffffffffffff, 0xc0385868, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f00000000c0)='\xbe-\r[)@$^\x00', 0x80800, &(0x7f0000000100)={@align=0xfffffffffffffff8, {0x3, 0x3, 0x1, 0x2}}, 0x4, &(0x7f0000000140), &(0x7f0000000180)=0x800}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000002a00)=ANY=[@ANYBLOB="180200000000000000000000000000008500000018000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000080)='GPL\x00'}, 0x94) r1 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'pimreg\x00', 0x0}) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000040)={@empty, r2}, 0x14) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000027c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000002700)="e0b9547ed387dbe9abc86f5b7de8", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.089213055s ago: executing program 3 (id=4259): bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000003702000020febfff7a0af0fff8ff00f869a4f0ff00000000b70600001218d1fe2d640500000000002404000000ffffffd404000020000000b704000010000020620700fe00000000850000002f000000b70000000a00000095000000000000006458c2c62fca868f0399d909a63396c113943219aab9d607000000cb3924b611f5969f62c28b22edf3cf393d14c46cc4f79fd2b316da4f0de8163f6242fa8a23f1740637c48468766af54043000000ec44631ac2622cdcae18c3d14bfbe96dd87235b44174f7c034318508f49f09781dc7a2cfbb9a0f119e31975f551557f05dc2dc2739e2e735d0ab961dac07f4f6d8aa1c3f16765d427c0e01000000fe4c16737d50d2a4bfc463450d524eacf2b734b0289c7a3a16eeca71296746681d61af491e4fa734318e0d72b8dbbc2b2b869af2f87903000000b6ecc7de09a2257e908cd92e664fa7aba7f07474863333c460e34caf0806a7e2575a56fba3eadd8efbd5dae6c024585d972b1bf8c4e872bba38160be9e92b6ddb90fc51b894917b50876b5708e64e70f7d8225da90ce9bc019084873ed07c0c59c4ba053fe77e0d37ccc3318da2e9fefaf025527e734ed1de5d12b4c56ca3b03dc121086061d1f26821a428d28eefa22ead6a3dab9388da53263b81ebe6be197a48a63440000a356240c4e2df57457000100000000000000000000008d2516510b29804b3cc034c19cef0d773f01064709edd63a185cbab8456c25283b9514b220fe401503ff536478088eb9fd932a0703a7bf9ea40429b2d49177824f210a69f8e5227fd32e7d5a2c7ecf57ac64509224090000000000000096e5a55d2c805bf725b9d14756c8cfa292aae0872866cf9fe063317741a0db9081d4393a7f9bcc0917d60a11b4a9ece831660ce625de441cef915eba31255d163f7033045ceb97f8ea006efc5b84f75ca1fb74c9faef444eb12f46b435de87feb2f7f2d7fb659395e4b38178b5c67e6ac100000000000000001b2e77bd5de136fa1bec1a26c622bb9662d9ee70147acc5605aa2318855cb8b918000000c5f265dcb5dce05f94ea051c4e8dcdf37d01ad7aff64f84ce32b841c799f47c2949725285fc50f1dd3f5e264023082eec752704c1f598151aa7d29e0d79522df196278acf327a74777d1f658f50c27020198770ff8ebef9df1b750d56d4d195ad7a267c46b3348b0e03ed33b5bca13cafc304dc6da78d20f029742d8d2f36acfdd331081ca00c1d5c8b7bed2ef603d6e7f1764246aab2d7d531559a971939a038055ac28625ec837f824ff537cd67993a3589be73a18680da50287b9e962b1a0235c290346a21ca5de55c49c78e411c791617000ef8df75411a5d300000000000000e0ffffff004deb8d49806823655735bd6deb49edb2e42f4ed9e6e9080366660b847bf03c144f6796920726dcf29e9a6c808459e82cbb0000000000000000000000000000000000006b5530865aaa7aa6171f66f2bca881a4201588427bb65ed3d5e7a74e9b5ece44067d4a9875a310bc7ec42b844b9eb3c9083560ef5c92b8a01188d615efbf70893d2eaf76517e990021fa5020a71023bca1194ad87cade480ba3dce8f57294e31ca24a8d181210bb6d18ff2c58293c2e314a7447ed3a1c870908aa8e3b33e6a94c7381bce9fa71dcbb758451f247e38d80d66e03d7564a5cddfaf06574b05cefb2670f30c2d501ee625ce3ffc08f15b53d28ce552c1807bc6866f06098a0e5517068aa48f2a82496fe83ee85218fe7f52b48742c7055f2a144c13e9c54be60b0a4f979ef7eb216897875946dc6ca1571930b1cf7c93de103f5289f782ae538e02612c717a76c787a873936eb8dcf1bfe581cc8ef965a0424bc140939e3274e251e519d188f6af680402c49458065dccfcb4f0d4f2ec9cf6fb3cf0a1807e34fb8d0108007734c1d2bc6a9d32d2560a88bad976b6000100002b712e632eeca810fb73fc8aaef94acf8bde18b9149cadc688254eabbe91f943592ccf68e717bcc6852828bd621e3a9dcb1cc6f1a6d1915200d95087838c2dc0a002c3aa554f725b965714144652cdc14761b0236f1a05b7f50f4149057e63d713103b5a6c2919161efc165a2e6981d76d29c95ad9f180135fb8962f59495fd33be3a6d35274941790bc1bd9da5e9c67c39de2c9f6fe35b8f528edbd8ea2a77dccdc3fe247feb121d9440a3ea9012a9d23a7e3110b0f25c5f8bf803d688de4d92b5dfdbd69fb8b426b55c10ba01b5f18b10cce8de3369300000000"], &(0x7f0000000000)='GPL\x00'}, 0x94) 1.013707765s ago: executing program 0 (id=4260): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r1, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random="d2c651b101fa"}, 0x10) unshare(0x22020600) poll(&(0x7f0000000080)=[{r1, 0x4000}], 0x1, 0xff) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={0x0}}, 0x2004c085) getsockopt$inet6_mptcp_buf(r2, 0x11c, 0x2, &(0x7f0000000000)=""/31, &(0x7f0000000040)=0x1f) setsockopt$inet6_tcp_int(r0, 0x6, 0x8, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000200)=0x8, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r4, &(0x7f0000000140)={0xa, 0x4e22, 0xfffffffc}, 0x1c) r5 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r5, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) 940.924035ms ago: executing program 3 (id=4261): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, 0x0, 0x0) r1 = socket(0x10, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="b4050000000000006110780000000000630122000000000095000000000000008f6a138c9e4eb32e71d7754e127d8d87525e8d57dc3c002fa721249c4cdfd87788947190b59b5af99eaaecbf2ba57aa6ffd750ffd3bef751c89264a6a9ec3b188b69dc1b6a12211cbf01e697342cf987ca2161e2a58904"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x48) r2 = socket$inet6(0xa, 0x5, 0x0) r3 = epoll_create1(0x0) r4 = socket(0xa, 0x3, 0x2) r5 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r5, &(0x7f0000000100)={0xa000000d}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000000)) r6 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x6, &(0x7f0000000000)=0x2, 0x4) getsockopt$inet_tcp_int(r6, 0x6, 0x6, 0x0, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000180)={0x88000008}) sendto$inet6(r1, &(0x7f0000000000)="7800000018002507b9409b14ffff00000202be04020506050e130204430009003f0020480a0000000d0085a168d0bf46d32345653600648d27000b000a00000049935ade4a460c89b6ec0cff3959547f509058ba86c902000000004a3200040016000b000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0xc084, 0x0, 0xfffffffffffffd33) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000001c0)={0x1b, 0x0, 0x0, 0x8001, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x3}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x5}, [@jmp={0x5, 0x0, 0x0, 0x7, 0x6, 0x18, 0x1}]}, &(0x7f00000000c0)='syzkaller\x00', 0x10001, 0x0, 0xfffffffffffffffe, 0x41100, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x6, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000240)=[0x1, r7, 0x1], &(0x7f0000000280)=[{0x5, 0x2, 0xd, 0x4}, {0x4, 0x1, 0x6, 0x6}], 0x10, 0x5}, 0x94) 937.379894ms ago: executing program 2 (id=4262): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x1d, 0x5, 0x628, 0x0, 0x488, 0xffffffff, 0x0, 0x268, 0x558, 0x558, 0xffffffff, 0x558, 0x558, 0x5, 0x0, {[{{@uncond, 0x0, 0x220, 0x268, 0x0, {}, [@common=@rt={{0x138}, {0x4, [0x3, 0x800], 0x0, 0xf23d8cefb056ae2b, 0x7, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, @private0, @private1={0xfc, 0x1, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @remote}, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @remote, @mcast2, @private0={0xfc, 0x0, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, @empty, @dev={0xfe, 0x80, '\x00', 0x2b}, @dev={0xfe, 0x80, '\x00', 0x39}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote], 0x9}}, @common=@unspec=@connlimit={{0x40}, {[0x0, 0xffffffff, 0xffffffff, 0xff000000], 0xffffff7f, 0x1, {0x4}}}]}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv4=@empty, @ipv6=@remote}}}, {{@ipv6={@dev, @loopback, [], [], 'batadv0\x00', 'veth1_vlan\x00'}, 0x0, 0xe8, 0x130, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv4=@loopback, @ipv6=@private0, @icmp_id, @icmp_id}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0x1b}, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @gre_key, @gre_key}}}, {{@ipv6={@remote, @mcast1, [0x0, 0xff000000], [], 'ipvlan0\x00', 'pim6reg\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x688) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x10e) 873.100445ms ago: executing program 3 (id=4263): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) sendmsg$sock(r1, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@mark={{0x14, 0x1, 0x51, 0x1}}], 0x18}, 0x80) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x80108906, 0x0) ioctl$XFS_IOC_PATH_TO_HANDLE(r2, 0xc0385869, &(0x7f0000000140)={r2, &(0x7f0000000040)='k\\#\x00', 0xa2082, &(0x7f0000000080)={@align=0x40, {0xd, 0x1ff, 0x9, 0xff}}, 0x9, &(0x7f00000000c0)={@_ha_fsid}, &(0x7f0000000100)=0x7f}) ioctl$TUNSETVNETBE(r3, 0x400454de, &(0x7f0000000180)) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48) (async) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) sendmsg$sock(r1, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@mark={{0x14, 0x1, 0x51, 0x1}}], 0x18}, 0x80) (async) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) (async) ioctl$SIOCSIFHWADDR(r2, 0x80108906, 0x0) (async) ioctl$XFS_IOC_PATH_TO_HANDLE(r2, 0xc0385869, &(0x7f0000000140)={r2, &(0x7f0000000040)='k\\#\x00', 0xa2082, &(0x7f0000000080)={@align=0x40, {0xd, 0x1ff, 0x9, 0xff}}, 0x9, &(0x7f00000000c0)={@_ha_fsid}, &(0x7f0000000100)=0x7f}) (async) ioctl$TUNSETVNETBE(r3, 0x400454de, &(0x7f0000000180)) (async) 734.87299ms ago: executing program 3 (id=4264): r0 = socket$kcm(0x29, 0x5, 0x0) sendmmsg$inet(r0, 0x0, 0x0, 0x4880) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/62, 0x328000, 0x800, 0x9, 0x3}, 0x20) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f00000000c0)=0xc20, 0x4) socket$nl_route(0x10, 0x3, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x1, 0x0, 0x2}}}}}}, 0x0) syz_emit_ethernet(0x5e, &(0x7f0000002e40)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x39}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "7428dd", 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_na={0x89, 0x0, 0x0, 0x0, '\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [{0x0, 0x2, "122b472e41e24b11f34b608816e5"}]}}}}}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x600}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 708.690922ms ago: executing program 4 (id=4265): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00', 0x0}) sendmsg$ETHTOOL_MSG_PAUSE_GET(r1, &(0x7f00000004c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000480)={&(0x7f00000003c0)={0x98, r2, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [@HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6tnl0\x00'}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r0}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x4000040}, 0x20004080) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r4) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r6, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0x100, @private1, 0x8ea}], 0x1c) setsockopt(r6, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r6, 0x84, 0xc, &(0x7f0000000100), 0x4) recvmsg(r6, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r4, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000081000000004000060000090800040000000000080500007f00000108000000000014bb5fb04c56df9bde96a2847171877f7a60dfbb55db4a7032c71210a407e5aa5aad5657695bb2b31997155c"], 0xf}, 0x2, 0x34005, 0x0, 0x1}, 0x4000) syz_emit_ethernet(0x66, &(0x7f0000000140)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "170100", 0x30, 0x2b, 0x0, @remote, @local, {[@dstopts={0x89, 0x1, '\x00', [@generic={0x40}, @calipso={0x7, 0x8, {0x1, 0x0, 0x1, 0x80}}]}], {0x0, 0x0, 0x18, 0x0, @wg=@data}}}}}}, 0x0) socket$kcm(0x29, 0x0, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r7, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) ioctl$sock_inet_tcp_SIOCINQ(r7, 0x541b, &(0x7f0000000680)) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r0, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_LIMIT={0x8, 0x1, 0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c) 662.233207ms ago: executing program 1 (id=4266): r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000000300)=[{&(0x7f0000000180)="580000001400192340834b80040d8c560a117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100050c100000000000224e0000d982eb3b97d995e6f4c3f08c6d9b7faf5866a5f37026e16a0025211c1979c423139a4e1771e0208c93efbf0dd6689b507e234f54612b2df477ee1d0e04bdbc5ac21e51878d05be1cee0e4b2d7f51e07c3ba72538ea9bfca627f1b8e016d2d09f10b64b6bd4a22df248751fd316c9c86fd9", 0xc9}, {&(0x7f0000000280)="fd5e7aeb03bc71717e1693ed7e7e83a2fadd41422032c6e0dac9cdc7da7894718eef169365f64ef507019b720d3365fb37ee74c84b460d3999e5d75732e5d888273b69d170e61ddfc975dd5520b6f40c0527b770f1a200fe750e084a1a", 0x5d}], 0x2) (async) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1400992683e5196c0e3c47000023000100000000"], 0x14}}, 0x0) (async) sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x74, 0x0, 0x200, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}]}, @TIPC_NLA_NODE={0x44, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3f, 0x4, {'gcm(aes)\x00', 0x17, "f69831126f948e7f263687aede0f5f6eec68ae667d6c2f"}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x8800}, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) 551.21138ms ago: executing program 1 (id=4267): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000340)={0x3, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @loopback}}}, 0x108) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000480)={0x5, {{0x2, 0x0, @multicast1}}, {{0x2, 0xffff, @rand_addr=0x64010101}}}, 0x108) getsockopt$inet_buf(r0, 0x0, 0x30, &(0x7f0000000340)=""/225, &(0x7f0000000180)=0xe1) r1 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x1}}}}]}, 0x44}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001300)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {}, {0x1, 0xfff1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x40, 0x2, [@TCA_CGROUP_EMATCHES={0x3c, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x2c, 0x1, 0x0, 0x0, {{0x3, 0x9, 0x80}, [@TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x7}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x4}, @TCA_EM_IPT_MATCH_DATA={0x4}]}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}]}]}}]}, 0x70}}, 0x1) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) socket$inet_udp(0x2, 0x2, 0x0) (async) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000340)={0x3, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @loopback}}}, 0x108) (async) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000480)={0x5, {{0x2, 0x0, @multicast1}}, {{0x2, 0xffff, @rand_addr=0x64010101}}}, 0x108) (async) getsockopt$inet_buf(r0, 0x0, 0x30, &(0x7f0000000340)=""/225, &(0x7f0000000180)=0xe1) (async) socket(0x2a, 0x2, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) (async) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x1}}}}]}, 0x44}}, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001300)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {}, {0x1, 0xfff1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x40, 0x2, [@TCA_CGROUP_EMATCHES={0x3c, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x2c, 0x1, 0x0, 0x0, {{0x3, 0x9, 0x80}, [@TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x7}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0x4}, @TCA_EM_IPT_MATCH_DATA={0x4}]}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}]}]}}]}, 0x70}}, 0x1) (async) socket$netlink(0x10, 0x3, 0x0) (async) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async) 550.68839ms ago: executing program 2 (id=4268): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000002b40), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x54, r1, 0x400, 0x70bd2a, 0xfffffffe, {0x6}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x40000}}, {0x8, 0xb, 0x958}, {0x6, 0x16, 0x9}, {0x5, 0x12, 0x1}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4048011}, 0xc800) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=@allocspi={0x104, 0x16, 0x1, 0x0, 0x0, {{{@in6=@local, @in=@multicast1}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, @in=@broadcast, {0x0, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x1}, 0x0, 0x0, 0xa}}, [@mark={0xc, 0x15, {0x35075b, 0xfffffffa}}]}, 0x104}}, 0x0) r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18030000000000000000000000000000851000000600000018100000", @ANYRES32=r3, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000260300000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90) sendmsg$nl_xfrm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000580)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ff01000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe88000000000000000000003300000000000000000000000000ffffac14142900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000400000000000000000000000000000000007fc6eef349d39800eff67caa45ae8592e26c4bbad1712d5dec1325b62398532387d0e3c9511c73e5b9f3834b3b0fade7d08ce967abb2103fc2a40831c325c0923889ca23b7c53fe1c60d53dc84a0e1963f250ab5dc48b86c5f802d6560966d7779e20c874c7f83f544e9a6e67e8f1ac3e0ba53ff2426e371facaa3106f0e704c50e045c2851f9dbcb6d90097ab43ccbb41002592998f570be4fbea385d5607ee03484d8d291e4c68d6aabdc3ad7f7eeef01b400172bb6b2e7dd9805f60ed6fbbece8281f2a4358d7536ffbc89874fe9120a7324e598fb0bb4103a9b1e6a4314510a5b94ceeaa9a135ba953432e42307307000000594f6c7f7b712326c33bd0b7d0a2d1e8ee5da2a1329326ca16e469898d0bcd296a58b65a238d17516a32032855fa199361453171a056601e9369b7751bf6e1f841f2e95747f59d1ba368282ea2357817032072c3e5477e7a269f3d7ea396ac1dbac9605b024ab81986cec16b5263abbc2bd5a45785142696d9de338824374e6870d9cd8b"], 0xf8}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x68, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x58, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x34, 0x5, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x56}, @NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0xb9}, @NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xc0}}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) setsockopt$bt_BT_SECURITY(r6, 0x112, 0x4, &(0x7f0000000080)={0x4}, 0x2) socket$unix(0x1, 0x2, 0x0) bind$bt_hci(r4, &(0x7f00000000c0)={0x1f, 0x1, 0xd}, 0x6) r7 = openat$cgroup_type(r6, &(0x7f00000014c0), 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000001480)={&(0x7f0000000180)=@l2tp6={0xa, 0x0, 0xd6b, @dev={0xfe, 0x80, '\x00', 0x38}, 0x200}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000200)="a790e112b7f9174d6f99a28e", 0xc}], 0x1, &(0x7f0000001500)=ANY=[@ANYBLOB="10100000000000000301000006000000bd86e7def6d07fa4c2d96f062f55c23b9cb6b639f74662cb0a04cb59d375497568eb132cfb3178b5068e9ce21f1c7f8946aec39bf6dd6bbbc418c7ca6259bffe8f954f83c8c4a1c61db4f228fca09a101b7de7e007a391cbec6fd1ec528fac996f8ee83dbce421a766637048e4bc22cd7a9d9a49c3c06bca26689771f1e9c043f04f617a35d2e5ed948fe140897c0fa0cc611893b9566df774f8ad64ea6f843a0c124a89255f4b30868e8e385ffe8579b04681a5b9eef9665ed845ed854bae60189025f988ac04b915a2e52a70159ab250760663f30456786458a0f4ecf9f64e9f2e50a96c7ff6bcae608f6451241cadf021b40a40c3331c73373aba842946d8bc680bec661181ccc0e31a540f90fa6831cfea23350e4b0175825c61b3c5ab3b07db4bfbb749850e1473fa9b2342a942334afdb30676095e5c7a7d6389e1bee65853cf9b85661a77461aee4424c7917a3a1a84dd530750e04b87d208ddd6eae83fe137aa8cfb63d05267d3a115e487c4c62743720cdea14c31329ff5114d8a29816054b5068673f52a3a502dcf008c738f5629c730828088f18848c736347b34b2aad747723f1c953d4ce2dd59d7e1abc80d6d28c26b4432ce494d60aa2e11f479da6e3f7137ff30eb896eae875b724f11285abb67bd45654fbf4003b4ff2d0981916ba300864dfd6054ffeb196d6186fd14dee855122c95b41b3acd89df81fddc3f6edbe3415429acbd09dd45fb60b8646a6d3a6bc96a4eafcad1453bc48ac8b19750a40a6f5af80787dc60dc5798daab56adff756be4c7b2a4ee955c6fdd891f3b40095b96571b155691ca0823834c16f2a394b10215c9ca630f1e0269ba4e0022f97aadd3ac12b9ba8e015d9f12879ff61b2ff1eec66dd51ec0a6175e59f0afd9543fa38494a7dbce14be1191d7d1d844fc4a927141370ef104b3868efe1c48dfdaf18cd2489d3de3b14567d14496b29a38346c0571503ab04b290de313ab963e91311ccdfb8c9114243100dc01259982fb6097479f639e72a3908d4daadaf530ffca80c49ffa6b992425f96d7ec1f50db8ea5b9da76e98479d0448a142b32343549acb0f5931445ee528cadca7b301f1ab8f29f45b78498a63f6e66f8380f094f5425bd577da3fb8fb44a860e8be50a87cc859d2a63709fc001a7e6c27922741093fba791cceabd44680cc8fb3ca524f1116f31afc40b521df09a632cfd5ade5b71eaffdd1ec1eeb452e89f9d42295161b41c709db1a62eaf2d27977fddbe0d0b9e3e9c1a18c3aac8d5bb5ace2f12259329ea0d0772f25a7df82b0ade88852fd36287a18093936ccbc2df9dcb393250feb8e1b51b98477ea4516d94dd45d70d8b04d19f4c937787d235708ae3045dd3633a37fa7f67dede5ca2ab874d22c60e9afca6024ba2ebac73ad4120dd59b623ef736fefbf852a442e196641603bb0dd7eb12c23c496f7b056f5f6f8cd411fc70a3ffc8dd03d20cb29e5760c90c923d70a032ea9b436da0a345cbb32cd5d23f3198a94288def96bab5bfbcaf55e481350949636bb58a34be8e4552cab01dcae610e931f3b76f90e1ab029c221b85f885c2c561153d261aa235b4ad310807ea07f2af2e339c583846e8f509ee4f2dca97276f8985fe3867010ea683d5d3eaf80cf661552c74ac1c87ab6e9f10cc8f747b32305c1241d8d22c83b9084c676b3eb611b389235660a5b30476a00a5ef6d4eb311492d2ed9597a931a3605a0bbaa7b307ec8ac72e47911cdbcc6dc9c560c13f2f545345679cec1e9305d9cf9abe11d649d36595f40020d94b8c6a65aab137e14835e084292aaec2f20cb9a6f1f08cb450c5717338d8320c72f7c4383386a4f8ea2c0ccc46995e730e39e3461efa51538d0377a89ffe2e04433d3195d07cb033ffb186de282499390d0556949b75356cc3bef33de29f0eae9ec2cf76f5f251f03fcd9a2786dba57f4427a0669d4b95134eb554a6dcc1ceb0e1942ba5690701395c186c75b14053c7fb338b186a34284263bcfca3e97ed82712b68d465f065f08a0f208e6f95f6950ffb8378a5d71b4758c9171fbd64d2af01d2e1c3539b2399a380ca35642184f5a15ed163d5c885836af5d95209483b436c6593ae037b9b7a341468894eff1f259e287272bf8d786545919515ab869e76a16be10a8482fdde548d184e629877cfcac2b1a359eed0226aa29fb0c2c609953245f9196fcd90e17c93264ce16a0601431e372b74c815a183312168c341577bb15b9b12068d4f8fc402315c34b8b9a91a1846e0eff86a09fb75f9136534278b7426356c6c05c42b41defd2c7d4ea4f65a495bb9cb815b96c303c4b7a54b796cf64ba24413fc112af167d6f18eda6dc031d9cc6f9029d0a1ab3e040ea55480b0987a7d2e0fcfb69318bc718a23e1e3d567c75814d6429ec7ff1d2e5b0568a4104538bda43005607773afdb6af21f0ef60b4ba5f243d23ca3c4956403fbe8a6f385f1fdb555b172f7f9628e39368fb94c2dd4a3f0ecb3fc6ae04a672fd40fc899dc881a7e3bb7d52c894b52b93339a867b232f0a781386e5ff98c204db56cf4a71735c25792c73d8434b3d0cd891b419daf684b99d41a48c060443f99305a7cd3be0afbd48281db0896c96677e1910341ab0ef795bee8abb42dfb5c909d37c64d62e1bfa18b02777e8c597d3ca5102156ac3fc1a58b75d0093899f530ba016e6c25d78ddff136d0ea3884cf88213b32a950957f0434b9124afa29e160f070bbb1f404f32a765b2d0f9dc3abe691efe71080ede3c7e5632682ce08f04fb314cccdc194bec873fc62a2c3d9bfa6c8c0c09852c03f2779ea569463c9fa48370e0a1d0f4e06fb83b4e5d1654a5dbf18002425a6bea3835898369833c82dcdd123122a7796a908e051a4867900d9d6c5caa5d7955f00bf5656fe2ef6a06a101e05e9a93994f54443a5d112dfc4c2856f3a629506e8999820184aa87a0d06d916c55fae0242174f1570947dd5c8ce8e9850801bfb307dba62fae721992bde12fd8007a4ac8c197c18bcc6ff424549be291407910f148419905c25e1202c0a3f03afa5539ca55931721b564c9c5ee5d79bc002b28b5d0301a707d7541c59ec92c978b6e404eca786928448d74d2c851519aa19d5ca3ae4e223e064288496d6111bb87b5b37b55950ccaa8f6760cb346e9d580a27161d4e8949cf9225a5879065f1412db6e4f50552248b1447fb3aba8823a4cf3bf6dcbd9625535690106959031398b0bd9f24ecb2530f2c4e55a45350afb5f97af1d0aa804b7f18a3a3a85cde3e69daeb10530331c4b6cd72ddd10a5d2f2dfcf4f5de8639167f4895a843c8be6d152de887039eef499210430a08473c69d0128d83a532030211db75c83cf7a29d61e95ca316afb8713727706cece5124ca6e7b9d79d349ab4861bc08c6392ff2b1dbc1ec6d26c17e0cde15994f0f9935b444c55bce83f2d4bbbdcb691dcf716311794c0bc8632858382106d1d82d1ce24cdb961f2fc82666f3d3975d2a9bc224de0f87cb68adb70e49a5ff08102d37c213d0f279bf95ae5c59cb3c70156fcee6f0cc430fea3fc40c01ab9cba97510b1a024eb7d4b64f9390b36d50f70dc9aabf8de55c33fe90634f25263f354bc50eaf3faa931aa83ebd2167991fa5746f406647b82bb0eb0981e7cad21db7c624e249fff022dac4f7b7d1c1b4b303bd71a416c3a4a0c43fcda0aeefb51ade00502e0bf923bd4a62a87f6877f2a430c38d518607bfb89232cae1355a7975576a113bc6d43397fbba4d5050e6f661d10d7fd0318354f204dcde1773f8698fa844fe802398eb3c2075f6a8c2f2b755b679aca1059baf34f97d337559ee038b17f5f6a9066b2338ff1394094806aa4aa99fc94cf4f2c7166ee0b789a22353d7bbb1c67e637547108903ba46bcd097b801d8b42d62cc790abccf42acd011ce95026e62d98af72bf4f8e01a5a447976ed5249608da2a5608f06af3ea8bbe540d223bf6f2b45611b420fd24cc2915567ae88a2bcd6ba36e55e0e704d3b87ca5e1f2c68cb4925f6fa399d85d3ae1ed0fd3c7630cc84066ccb5e623b1a1a0083163466af6603de63b7641e80092ff5d448c611639091579704fdbf993ddda05b4ce80e7608884cd59f5ec59ceadfa926e4a3afdd27f5126472f49d2bfd69abcdbe143ef1b342d30142a45ffd406f7f7871c403e4c0d561867763bc6a54eb41e3f6f8063aed733e06b4776f4cad73a67795501ee760108f2500ed6a5a0f1b2cca7da10967e0ee07536e6480323a62d213df6cadf4d1b9304f37338dafc538539ae631071161f9d1b781c4d930c227688ddd37a2c1efd5fb043337bd6c086282758058c58f6642ca7e3b8fbecec5a59c9f7c9e0cbf8193f944e8e6babd995b1c47447fcea5da7efa9b395f1d942ea9954306ce248c37b249e239fa13cd59dfafba6da7c3c73be6864514a014a1cebacd6dd40d32305a2581b3bfeb62bef348552c138e11d6724fc1022a1fa5ee565f35497af26c6dc67ed005014049df2ec29a7b449c79d4cf71f512875db994d3cf2b6080c1d1b095da1677b206d41d9def5f34834fc46402dcde8533c1c664d9cd63449837cb839c737aedbf56ba3a3dd2ce1fecfcba201336e4b2bcfca7b7ba6ff2232c5ebe894822616c5573415e59ae5b3ba387a1ac8505521b7b67a97458982b0af09cbab3b2778580ec7b420cb62c056c18f52d996ae6411e3d324b516550793cb029f89ecc5b358184aa70665877c8f077384fc33de509406561ea64f4462bb3ff464882d34d3b7395e62e5040febb63d8093c9765c2a965d732da3e279e4926a7cfe13444de9bf6d42b4f535a8a900e4007bca15b9f86ad05cfcdaf7194adbcca9c20cebd3c86a660288ff329de299358976b27b6ec65ca3e9ed61d7d3da397a7badd4658c5eeb070e998d3aee4523194f77137b4743dcdebc086dd4d93c3a80aa4b364f56a63d372e35b04428a28a03c96bdc41be9591a4c84f39509d709a2c39cc9e225359b67a74a289511663db0476b5061cc1b33b400a56081cdd926dd0fb76c7281e68bc97f37d1fe6faa7c21f2f6d7a826e08e39f85bc7ef705c93aacc27ec9db9fa0b420ba79c4a7c922af6edc981d98cd3bea3e614ecaad92a8ba85d152d218c6e244073e311bf9d47e111e4f657ba7cb4f4cd386f26e077b97c989b8adb1c6d60d6ecad949ee2a0ba03d98f7d4f57870f4cd77682ea14f8f72a1cac5cc74e3554e46f83b07d570a8ddbe23c9931fb4da7c7bff57dccae9ccf2120517d2392d9f0deafc4525c2fed2ce8013f7b82192cef1af350859b578e7c42264ed727db6d4637fdb94e7f8a2592bfd7261c7b35a4c67c8de328d1b16387d3939299047432ebee5a5a96541267a4525e4f3d7189541a4822c560ef0c644cc6be82192bf63be292e5bad4c2fe712d0daa2cd42b7f4f506bcf8b459cbbbbd2ef0469be8a641ba1de4d80b28605c24e6c70977647ffc4aeacc84ea35f56ba6eb547459c42da0bfe4004172773364924662f200ec1a236de79afb81d676a47c842d1be9faa0a31f235e1488a7bdd0c8d25959db9244602be8f041ef8e6044319e6c3f3780c1ba2bc90d171e6f9428cc1e79144fc1ff5234e9549c17e2561ad3631cb38751c1548891b5da623ce1dad582309399e0499657366a5e2ae8083ce36439fd120afc6e7c8d5ef2eafe8e5e22e8a923e0b78837ae3e33dbd76fde11ec35f8a6346eb28622b6cdcb6731bfb8f8d1b2c3afdb0bb60a8b62ce920b3d1400b3c0a091c73ca5f32cab90c5180000000000000004010000f5eb0000eb641b2008244c0098000000000000003100000000000000d3560165412674860bce82efcb2a5fe1ee54fa240b977b9411f7ff175e69c714388b297f8d78a1bc714c3fa45d88647d0fab03c3e3d0069fc29a027e1cd7a56ee301df08abbab4352966e00d48d855198ff516086f66e91c27d086a44b6722dac63578f192cd32dc2b98e4826c1903f88ca3d4653cccd0445c719f0be8404aa71fa3c50044a7180080000000000000008400000009000000634905c7208b4d1ed0c4b36eef549bdd85f4366ee3addf87eeab58c13a54228d029eb625a7321b8cab0bd7ca95e908abc3f587a7f455090fe381c6b758b35a0a96a362b4ea7b5c30a32ecbd32cddebe26925769cd25cbe7a3422beb34da15dde7563107077497ad57197815b4a00000058000000000000001201000077000000f2a306d8eeabc877d82ebb4f173acad8396a115de9c39f188356d257c763a6e2d2a2e4a020bc093f482233e7445d7aa03d853f452fa5372c8fdbce0e3063c3a9610cf600000000004547adcf74726844d758afc6ff6c66baa618af02e8ede489a10c2fcbf8e77b84aad2089407496033b193c1ae3671602436b5b4193c4ad80330efa6cfc7d9914d503ac7b2eb0b5fdf13fba8aa1eb8781862890cf00edb9f70abdf8060e22d53b190fc92ed731c7ed9c25522d697f5954db279da7f194c51acaf2cc8f32100000000000000"], 0x1198}, 0x1) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup.net/syz0\x00', 0x200002, 0x0) r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r9 = socket$netlink(0x10, 0x3, 0x0) r10 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000080)=0xc) sendmsg$netlink(r9, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000000c0)={0x24, 0x2c, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid=r11}, @nested={0xb, 0x0, 0x0, 0x1, [@generic="976b64087c6030"]}]}, 0x24}], 0x1}, 0x84) openat$cgroup_ro(r8, &(0x7f0000000440)='blkio.bfq.io_wait_time_recursive\x00', 0x0, 0x0) ioctl$BTRFS_IOC_START_SYNC(r7, 0x80089418, &(0x7f0000000100)) syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), r4) 380.443785ms ago: executing program 2 (id=4269): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {0x7}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x70}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x58}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0xf, 0x4}}]}}]}, 0x3c}}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c00000013000100000000000000000007000001", @ANYRES32=r2, @ANYBLOB="00000000000000001c001a801800048014000580080002"], 0x3c}}, 0x0) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r4) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r5 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r5, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000200)={0x0, 0x0}, 0x8) r7 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f00000002c0)=r6, 0x4) bpf$LINK_DETACH(0x22, &(0x7f0000000340)=r7, 0x4) r8 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000)=r6, 0x4) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000500)={r8, r5, 0x0, r4}, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'geneve0\x00'}) r9 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r9, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r9) 355.13768ms ago: executing program 1 (id=4270): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000880), r0) sendmsg$IEEE802154_LLSEC_DEL_DEV(r0, &(0x7f0000000980)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000940)={&(0x7f0000000000)={0x20, r1, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x20}}, 0x20040804) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r2, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000003a00), r3) sendmsg$NLBL_CALIPSO_C_REMOVE(r3, &(0x7f0000003ac0)={0x0, 0x0, &(0x7f0000003a80)={&(0x7f0000003a40)={0x14, r4, 0x1, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4014000}, 0x800) r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) sendmsg$NLBL_CIPSOV4_C_REMOVE(r3, &(0x7f00000004c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000480)={&(0x7f0000000300)={0x154, r5, 0x200, 0x70bd26, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_MLSCATLST={0x114, 0xc, 0x0, 0x1, [{0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1051}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5284496c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6c1b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x39e0}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xdb6e}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2f42c685}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x671334f1}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3432}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1bd2e8c8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe1e7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x528d33e3}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8384}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5871ba6d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4826be84}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x34de214b}]}, {0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x27fcf78c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5658103e}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x52aa9897}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xc2d}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3615ea4e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9968}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x25bbc370}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6ec4ee96}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd9f1}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4277fc31}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2f918b92}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x32fd}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x15dd}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x174a}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x24, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x5}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x7}]}]}, 0x154}, 0x1, 0x0, 0x0, 0x1}, 0x4000000) r6 = socket$inet6(0xa, 0x3, 0x84) setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000080)={{{@in6=@local, @in=@local, 0xfffc, 0x3, 0x4e1f, 0x0, 0x2}, {0xfffffffffffbfffd, 0xb, 0x4, 0x400, 0x8001, 0x4, 0x0, 0xd3d}, {0x0, 0x5, 0x0, 0x3}, 0x7fffffff, 0x6e6bb9}, {{@in6=@mcast2, 0x4d6, 0x3c}, 0x2, @in=@local, 0x3502, 0x0, 0x0, 0x0, 0x48, 0x2c19, 0x3}}, 0xe8) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r7, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000003100), r8) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r8, &(0x7f0000003240)={0x0, 0x0, &(0x7f0000003200)={&(0x7f0000000040)={0x58, r9, 0x1, 0x0, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private0}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'veth1_virt_wifi\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @empty}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, 0x58}}, 0x0) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r7, 0x84, 0x8, &(0x7f0000000180)=0xb, 0x4) syz_emit_ethernet(0x4a, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa0bd80c60ed7d298b000000000000000000000000000000bbfe80000000000000009c74c7b17c8a5e0f22000001800000aa2c0000000000000000000000000000000004000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) 276.421238ms ago: executing program 3 (id=4271): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x3, 0x4, &(0x7f0000000b40)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@call={0x85, 0x0, 0x0, 0x2e}]}, &(0x7f0000000680)='syzkaller\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r1, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) listen(r1, 0x7) connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @tproxy={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_TPROXY_FAMILY={0x8, 0x1, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x4000881}, 0xc005) 264.339369ms ago: executing program 1 (id=4272): bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x13, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x6, 0xb) bpf$ENABLE_STATS(0x20, 0x0, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffff00000000000086dd61"], 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r2, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x0, 0x353a, 0x1}}, 0x20) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000003c0)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0x50, 0x0, &(0x7f0000000000)="ff", 0x0, 0x36, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r7, &(0x7f0000000280)=ANY=[@ANYBLOB="0000080001"], 0x4e) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) r9 = socket$inet_udp(0x2, 0x2, 0x0) r10 = socket$pppl2tp(0x18, 0x1, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x20040054) connect$pppl2tp(r10, &(0x7f0000000140)=@pppol2tpin6={0x18, 0x1, {0x0, r9, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x4000000, @mcast1}}}, 0x32) sendmmsg(r10, &(0x7f0000004380)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0) sendmsg$nl_xfrm(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@newspdinfo={0x1c, 0x24, 0x1, 0x0, 0x0, 0x0, [@XFRMA_SPD_IPV4_HTHRESH={0x6, 0x3, {0x0, 0x60}}]}, 0x1c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x44}}, 0x0) 217.250275ms ago: executing program 2 (id=4273): r0 = socket$inet6_udp(0xa, 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mkdirat$cgroup(r1, &(0x7f0000000080)='syz0\x00', 0x1ff) openat$cgroup(r1, &(0x7f0000000200)='syz1\x00', 0x200002, 0x0) openat$cgroup_pressure(r1, &(0x7f0000000140)='cpu.pressure\x00', 0x2, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xfffffffd, {0x0, 0x0, 0x0, r6, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10, 0x1, {0x0, 0x4, 0xc52d}}}}]}, 0x44}}, 0x4c850) sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=@newtfilter={0x48, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xfff3, 0xfff3}, {0x0, 0xfff3}, {0xd, 0x8}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_INDEV={0x14, 0x2, 'vxcan1\x00'}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20041004}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=@newtfilter={0x94, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xb, 0xfff3}, {}, {0x7, 0x1e}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x54, 0x2, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x7, 0x9, 0x5, 0xbbf, 0x401}}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x2}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x4, 0x4}}]}, 0x94}, 0x1, 0x0, 0x0, 0x810}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000004c0)={'ip6gre0\x00', &(0x7f00000003c0)={'syztnl1\x00', r4, 0x2f, 0x3, 0x0, 0x5, 0xa, @ipv4={'\x00', '\xff\xff', @multicast1}, @remote, 0x1, 0x8, 0x0, 0x9}}) bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="0e00000042770000060000000300000010000200", @ANYRES32, @ANYBLOB="ebf700"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="03000000030000000500000000000000000000930000000000000000f549f99d530495d0c433331624624a88e136a5fc9bfe52740b6c81c4c7eaf4202eaa457841fa9d36eaaaa03e531fa8a7fb20d5e2f6910da24dbe7c6ab30bd129c5a7ac61878c47947c0aae75e443366af6dddd1bd7a46ebe2f02da0f8aeded6a2e8a5ed4e77b2eaf32e2dbd1ac8d1be75ca9ec430a36928f0b6c"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) nanosleep(&(0x7f0000000280)={r7, r8+10000000}, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r10 = socket(0x28, 0x1, 0x0) sendmsg$nl_route_sched(r10, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d80)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021"], 0x0, 0x40, 0x0, 0x0, 0x0, 0xb4a02fe0ce239f93, '\x00', 0x0, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r9], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x59, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, r11, 0x0, 0x0, 0x0, 0x0}, 0x94) r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r12, 0x2000000, 0xe, 0x0, &(0x7f0000000040)="630b008646dc3f0adf33c9f7b986", 0x0, 0xcf24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x80}, 0xa5) r13 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r13, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00', 0x6) socket(0x2, 0x80805, 0x0) 339.815µs ago: executing program 0 (id=4274): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x4, 0xa9, &(0x7f0000000180)=""/169}, 0x80) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newtaction={0x74, 0x30, 0x9, 0x0, 0x0, {}, [{0x60, 0x1, [@m_mpls={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{}, 0x2}}, @TCA_MPLS_PROTO={0x6}, @TCA_MPLS_LABEL={0x8}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x74}}, 0x0) r1 = socket$inet6(0xa, 0x805, 0x0) ioctl$sock_SIOCBRDELBR(r1, 0x89a1, &(0x7f0000000040)='bridge0\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_REQ_SET_REG(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010000000000deff00001b20000008009a00"], 0x1c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r5, &(0x7f0000000400)={0x1f, @none}, 0x8) socket$inet6_sctp(0xa, 0x5, 0x84) r6 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_buf(r6, 0x29, 0x39, &(0x7f0000000240)="ff02040000b5fffffffffffff3ff2f2be82db1af00000000", 0x18) getsockopt$inet6_opts(r6, 0x29, 0x3b, 0x0, &(0x7f00000000c0)) r7 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r7, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x4, {{@in6=@private0={0xfc, 0x0, '\x00', 0x2}, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0xfffffffffffffffc}, {}, 0x400}}, 0xb8}}, 0x4c050) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r7, 0x0) r9 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet6(r9, &(0x7f0000000140)={&(0x7f0000000000)={0xa, 0x4e22, 0xfffffffb, @mcast2, 0x9}, 0x1c, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="280000000000000029000000040000002b011002ff00030003"], 0x28}, 0x4004004) setsockopt$inet_tcp_TCP_MD5SIG(r5, 0x6, 0x13, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000040)={'syztnl1\x00', r10, 0x29, 0x2, 0x10, 0xfffffffa, 0x11, @remote, @private0={0xfc, 0x0, '\x00', 0x1}, 0x80, 0x700, 0xfff, 0x800}}) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@bridge_getlink={0x54, 0x12, 0x20, 0x70bd28, 0x25dfdbfd, {0x7, 0x0, 0x0, r11, 0x10011, 0x200}, [@IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x7}, @IFLA_EXT_MASK={0x8}, @IFLA_TARGET_NETNSID={0x8, 0x2e, 0x4}, @IFLA_LINK={0x8, 0x5, r10}, @IFLA_ALT_IFNAME={0x14, 0x35, 'vcan0\x00'}]}, 0x54}}, 0x0) 0s ago: executing program 3 (id=4275): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) write$tun(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="000086dd00011100040000f5a60c6eec00be00442fd3fe8000000000000000000000000000aaff020000000000000000000000000001042088be"], 0xfdef) kernel console output (not intermixed with test programs): ength. [ 459.122920][T17171] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3020'. [ 459.343279][T16757] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 459.648906][T17189] ieee802154 phy0 wpan0: encryption failed: -22 [ 463.204544][T17223] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 464.066597][T17253] netlink: 'syz.4.3038': attribute type 3 has an invalid length. [ 466.448518][T17217] lo speed is unknown, defaulting to 1000 [ 466.489875][T17217] xfrm0 speed is unknown, defaulting to 1000 [ 466.627768][T16757] veth0_vlan: entered promiscuous mode [ 466.679649][T16757] veth1_vlan: entered promiscuous mode [ 466.701335][T17259] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3039'. [ 466.800373][T17265] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3041'. [ 466.835385][T16757] veth0_macvtap: entered promiscuous mode [ 466.887233][T16757] veth1_macvtap: entered promiscuous mode [ 466.945023][T16757] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 467.003734][T16757] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 467.090158][ T7915] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 467.160890][ T7918] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 467.208098][ T7918] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 467.296868][ T7918] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 467.768702][ T7918] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 467.813783][ T7918] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 468.008730][ T9996] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 468.051443][ T9996] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 468.063847][T17217] lo speed is unknown, defaulting to 1000 [ 468.237633][T17299] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3047'. [ 468.438320][T17309] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3049'. [ 468.791757][T17312] netlink: 'syz.2.3051': attribute type 1 has an invalid length. [ 469.085045][ T4944] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 469.105512][ T4944] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 469.119454][ T4944] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 469.134490][ T4944] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 469.150917][ T4944] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 469.222974][T17312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 469.663806][T17335] tipc: New replicast peer: 0.0.0.0 [ 469.746213][T17335] tipc: Enabled bearer , priority 10 [ 469.806738][T17335] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3055'. [ 469.870352][ T5643] syz_tun (unregistering): left allmulticast mode [ 469.910856][T17336] tipc: Enabling of bearer rejected, already enabled [ 470.262544][T17351] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3060'. [ 470.319500][T17354] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3061'. [ 470.336852][T17350] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3060'. [ 470.465307][T17321] lo speed is unknown, defaulting to 1000 [ 470.522050][T17321] xfrm0 speed is unknown, defaulting to 1000 [ 470.612063][T17371] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3063'. [ 470.868814][T17381] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.3067'. [ 471.236900][ T5637] Bluetooth: hci0: command tx timeout [ 471.307551][T17321] lo speed is unknown, defaulting to 1000 [ 471.807747][T17405] __nla_validate_parse: 2 callbacks suppressed [ 471.807766][T17405] netlink: 260 bytes leftover after parsing attributes in process `syz.1.3076'. [ 471.807950][T17410] syz_tun: entered allmulticast mode [ 471.874917][T17407] syz_tun: left allmulticast mode [ 472.012520][T17416] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3078'. [ 472.689824][T17440] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3083'. [ 472.690724][T17321] bridge0: port 1(bridge_slave_0) entered blocking state [ 472.741599][T17435] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3084'. [ 472.784600][T17321] bridge0: port 1(bridge_slave_0) entered disabled state [ 472.799918][T17321] bridge_slave_0: entered allmulticast mode [ 472.806241][T17435] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3084'. [ 472.833279][T17321] bridge_slave_0: entered promiscuous mode [ 472.851006][T17440] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3083'. [ 472.859054][T17321] bridge0: port 2(bridge_slave_1) entered blocking state [ 472.871888][T17321] bridge0: port 2(bridge_slave_1) entered disabled state [ 472.881685][T17321] bridge_slave_1: entered allmulticast mode [ 472.910314][T17321] bridge_slave_1: entered promiscuous mode [ 472.956914][T17440] netlink: 'syz.1.3083': attribute type 4 has an invalid length. [ 472.985956][T17440] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3083'. [ 472.997548][T17440] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3083'. [ 473.050794][T17445] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3086'. [ 473.072512][T17445] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3086'. [ 473.085078][T17451] nbd: must specify a device to reconfigure [ 473.115856][T17445] netlink: 'syz.3.3086': attribute type 6 has an invalid length. [ 473.259860][T17321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 473.281447][T17443] syzkaller1: entered allmulticast mode [ 473.311320][T17321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 473.316375][ T5637] Bluetooth: hci0: command tx timeout [ 473.367834][T17457] netlink: 'syz.1.3089': attribute type 1 has an invalid length. [ 473.387847][T17321] team0: Port device team_slave_0 added [ 473.414147][T17321] team0: Port device team_slave_1 added [ 473.612958][T17467] openvswitch: netlink: Tunnel attr 3 has unexpected len 8 expected 1 [ 473.792362][T17321] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 473.830401][T17321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 473.877570][T17321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 473.892146][T17321] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 473.906532][T17321] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 473.946394][T17321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 474.213944][T17321] hsr_slave_0: entered promiscuous mode [ 474.228658][T17321] hsr_slave_1: entered promiscuous mode [ 474.247444][T17321] debugfs: 'hsr0' already exists in 'hsr' [ 474.262268][T17321] Cannot create hsr debugfs directory [ 474.374191][T17481] bond11: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 474.392392][T17481] bond11 (unregistering): Released all slaves [ 475.130993][T17498] netlink: 'syz.2.3102': attribute type 83 has an invalid length. [ 475.172557][T17498] Cannot find del_set index 3 as target [ 475.396464][ T5637] Bluetooth: hci0: command tx timeout [ 475.543252][T17321] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 475.600817][T17321] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 475.630258][T17321] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 475.759518][T17519] netlink: 'syz.3.3107': attribute type 2 has an invalid length. [ 475.809126][T17519] netlink: 'syz.3.3107': attribute type 2 has an invalid length. [ 476.064412][T17528] veth0: entered promiscuous mode [ 476.187329][T17321] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 476.232128][T17321] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 476.332925][T17321] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 476.494813][T17527] veth0: left promiscuous mode [ 476.849485][T17321] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 476.901254][T17321] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 476.953484][T17321] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 476.993757][T17542] __nla_validate_parse: 8 callbacks suppressed [ 476.993773][T17542] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3112'. [ 477.023980][T17554] netlink: 'syz.2.3115': attribute type 1 has an invalid length. [ 477.070860][T17554] netlink: 228 bytes leftover after parsing attributes in process `syz.2.3115'. [ 477.114708][T17542] nbd: device at index 64 is going down [ 477.288057][T17543] vlan2: entered promiscuous mode [ 477.324366][T17543] bridge0: entered promiscuous mode [ 477.476908][ T5637] Bluetooth: hci0: command tx timeout [ 477.622008][T17291] udevd[17291]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 477.710250][T17321] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 477.745948][T17291] udevd[17291]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 477.776322][T17321] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 477.808121][T17321] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 477.851056][T17570] netlink: 'syz.2.3120': attribute type 12 has an invalid length. [ 478.200031][T17578] netlink: 'syz.3.3122': attribute type 1 has an invalid length. [ 478.208441][T17575] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3121'. [ 478.252838][T17580] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3122'. [ 478.299683][T17580] netlink: 'syz.3.3122': attribute type 5 has an invalid length. [ 478.522050][T17586] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 478.602324][ T9996] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 478.619617][ T9996] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 478.633357][ T9996] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 478.644483][T17590] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_tx_wq": -EINTR [ 478.688975][ T9996] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 479.102949][T17607] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3126'. [ 479.221919][T17614] netlink: 'syz.1.3131': attribute type 1 has an invalid length. [ 479.230827][T17321] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 479.243998][T17614] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3131'. [ 479.270111][T17321] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 479.338695][T17611] bridge9: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms) [ 479.391508][T17321] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 479.466159][T17321] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 479.488019][T17321] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 479.512022][T17321] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 479.534224][T17321] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 479.571092][T17321] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 479.713886][T17622] netlink: 'syz.1.3135': attribute type 1 has an invalid length. [ 480.077940][T17636] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3138'. [ 480.338886][T17640] xt_CT: You must specify a L4 protocol and not use inversions on it [ 480.647312][T17321] 8021q: adding VLAN 0 to HW filter on device bond0 [ 480.779543][T17321] 8021q: adding VLAN 0 to HW filter on device team0 [ 480.833316][ T9996] bridge0: port 1(bridge_slave_0) entered blocking state [ 480.840547][ T9996] bridge0: port 1(bridge_slave_0) entered forwarding state [ 480.927261][T17662] netlink: 120 bytes leftover after parsing attributes in process `syz.2.3146'. [ 480.968135][ T9996] bridge0: port 2(bridge_slave_1) entered blocking state [ 480.975323][ T9996] bridge0: port 2(bridge_slave_1) entered forwarding state [ 481.559822][ C1] bridge0: port 1(bridge_slave_0) entered learning state [ 481.568801][ C1] bridge0: port 2(bridge_slave_1) entered learning state [ 481.577824][ C1] bridge0: port 4(gretap0) entered learning state [ 481.822389][T17689] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3152'. [ 482.603953][T17711] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3158'. [ 483.073208][T17727] netlink: 156 bytes leftover after parsing attributes in process `syz.2.3164'. [ 483.472206][T17736] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3167'. [ 483.610677][T17321] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 484.043945][T17761] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3172'. [ 484.386372][T17773] veth0: entered promiscuous mode [ 484.402545][T17780] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3177'. [ 484.457030][T17772] veth0: left promiscuous mode [ 484.609252][T17788] netlink: 'syz.3.3179': attribute type 33 has an invalid length. [ 484.721024][T17788] bond7: option broadcast_neighbor: mode dependency failed, not supported in mode balance-rr(0) [ 484.737208][T17788] bond7 (unregistering): Released all slaves [ 484.745101][T17794] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3180'. [ 485.039345][T17798] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3180'. [ 485.200535][T17807] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3184'. [ 485.269422][T17321] veth0_vlan: entered promiscuous mode [ 485.305397][T17811] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3185'. [ 485.332235][T17321] veth1_vlan: entered promiscuous mode [ 485.489846][T17321] veth0_macvtap: entered promiscuous mode [ 485.544649][T17321] veth1_macvtap: entered promiscuous mode [ 485.624412][T17321] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 485.683609][T17321] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 485.745043][ T9999] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.771205][ T9999] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.789363][ T9999] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.791607][T17821] netlink: zone id is out of range [ 485.819866][ T9999] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 485.835242][T17821] netlink: del zone limit has 4 unknown bytes [ 485.852784][T17821] bond0: option ad_select: unable to set because the bond device is up [ 486.231995][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 486.293404][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 486.435248][T17839] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3196'. [ 486.497102][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 486.550544][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 486.927761][T17852] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 487.718737][T17880] __nla_validate_parse: 1 callbacks suppressed [ 487.718788][T17880] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3207'. [ 487.859853][T17888] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3208'. [ 487.873201][ T4944] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 487.891631][ T4944] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 487.901799][ T4944] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 487.912257][ T4944] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 487.925550][ T4944] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 487.944234][T17887] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3210'. [ 488.177103][T17898] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3211'. [ 488.351028][T17904] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3213'. [ 488.421809][T17904] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3213'. [ 488.655413][ T4944] block nbd3: Receive control failed (result -32) [ 488.907810][T17919] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3216'. [ 489.321306][T17929] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3221'. [ 489.468829][T17933] dummy0: entered allmulticast mode [ 489.724692][T17889] lo speed is unknown, defaulting to 1000 [ 489.739169][T17936] sctp: [Deprecated]: syz.2.3223 (pid 17936) Use of int in maxseg socket option. [ 489.739169][T17936] Use struct sctp_assoc_value instead [ 489.764144][T17889] xfrm0 speed is unknown, defaulting to 1000 [ 489.821738][T17936] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3223'. [ 489.862145][T17940] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3225'. [ 490.057627][ T4944] Bluetooth: hci4: command tx timeout [ 490.644907][T17889] lo speed is unknown, defaulting to 1000 [ 490.794753][T17955] Bluetooth: MGMT ver 1.23 [ 491.348722][T17968] netlink: 'syz.1.3235': attribute type 8 has an invalid length. [ 491.929684][T17889] bridge0: port 1(bridge_slave_0) entered blocking state [ 491.938288][T17889] bridge0: port 1(bridge_slave_0) entered disabled state [ 491.949538][T17889] bridge_slave_0: entered allmulticast mode [ 491.967532][T17889] bridge_slave_0: entered promiscuous mode [ 491.996525][T17889] bridge0: port 2(bridge_slave_1) entered blocking state [ 492.010445][T17889] bridge0: port 2(bridge_slave_1) entered disabled state [ 492.019025][T17889] bridge_slave_1: entered allmulticast mode [ 492.027965][T17889] bridge_slave_1: entered promiscuous mode [ 492.117855][ T4944] Bluetooth: hci4: command tx timeout [ 492.188716][T17889] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 492.247830][T17889] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 492.364940][T18009] tc_dump_action: action bad kind [ 492.427295][T17889] team0: Port device team_slave_0 added [ 492.438964][T17889] team0: Port device team_slave_1 added [ 492.574934][T17889] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 492.589313][T17889] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 492.617897][T17889] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 492.671721][T17889] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 492.685131][T17889] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 492.712855][T17889] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 492.853192][T17889] hsr_slave_0: entered promiscuous mode [ 492.872972][T17889] hsr_slave_1: entered promiscuous mode [ 492.915159][T17889] debugfs: 'hsr0' already exists in 'hsr' [ 492.942996][T17889] Cannot create hsr debugfs directory [ 493.043835][T18014] lo speed is unknown, defaulting to 1000 [ 493.111270][T18014] xfrm0 speed is unknown, defaulting to 1000 [ 493.345101][T17889] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 36850 - 0 [ 493.371934][T17889] netdevsim netdevsim0 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 493.534145][T17889] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 36850 - 0 [ 493.565565][T17889] netdevsim netdevsim0 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 493.605291][T18014] lo speed is unknown, defaulting to 1000 [ 493.678983][T17889] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 36850 - 0 [ 493.690415][T17889] netdevsim netdevsim0 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 493.874517][T17889] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 36850 - 0 [ 493.891565][T17889] netdevsim netdevsim0 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 494.200818][ T4944] Bluetooth: hci4: command tx timeout [ 494.303673][T17968] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 494.755085][T18030] debugfs: '1ùà^!' already exists in 'ieee80211' [ 494.982859][T17889] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 495.034340][T17889] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 495.071638][T17889] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 495.178486][T17889] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 495.214698][T17889] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 495.256018][T17889] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 495.304491][T18049] __nla_validate_parse: 5 callbacks suppressed [ 495.304525][T18049] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3254'. [ 495.315230][T18047] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 495.402599][T17889] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 495.428059][T17889] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 495.796655][T18069] netlink: 'syz.4.3260': attribute type 11 has an invalid length. [ 495.928830][T18072] netlink: 124 bytes leftover after parsing attributes in process `syz.1.3261'. [ 495.993659][T18080] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3262'. [ 496.029937][T18081] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3262'. [ 496.136689][T18083] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 496.199833][T18083] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 496.277597][ T4944] Bluetooth: hci4: command tx timeout [ 496.309005][T17889] 8021q: adding VLAN 0 to HW filter on device bond0 [ 496.358569][T17889] 8021q: adding VLAN 0 to HW filter on device team0 [ 496.390223][T18094] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3266'. [ 496.421289][ T7918] bridge0: port 1(bridge_slave_0) entered blocking state [ 496.429310][ T7918] bridge0: port 1(bridge_slave_0) entered forwarding state [ 496.562698][ T9996] bridge0: port 2(bridge_slave_1) entered blocking state [ 496.569911][ T9996] bridge0: port 2(bridge_slave_1) entered forwarding state [ 496.800818][T18107] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3270'. [ 496.865386][T18109] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3269'. [ 497.338166][T18124] netlink: 'syz.2.3275': attribute type 8 has an invalid length. [ 497.392073][T18124] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3275'. [ 497.559169][T18126] syzkaller0: entered promiscuous mode [ 497.594068][T18126] syzkaller0: entered allmulticast mode [ 497.642820][T18134] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3276'. [ 497.771570][T18145] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3277'. [ 501.347292][T18174] bond0: entered allmulticast mode [ 501.355414][T18174] bond_slave_0: entered allmulticast mode [ 501.364529][T18174] bond_slave_1: entered allmulticast mode [ 501.381148][ T5290] veth0_vlan: left promiscuous mode [ 501.401604][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.454633][ T6683] veth0_vlan: entered promiscuous mode [ 502.303810][T18211] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3292'. [ 503.188864][T17889] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 503.617230][T18258] mac80211_hwsim hwsim11 syzkaller0: entered promiscuous mode [ 503.647772][T18266] netlink: 'syz.1.3305': attribute type 8 has an invalid length. [ 503.664529][T18258] mac80211_hwsim hwsim11 syzkaller0: entered allmulticast mode [ 503.860252][T17889] veth0_vlan: entered promiscuous mode [ 503.951600][T17889] veth1_vlan: entered promiscuous mode [ 504.209893][T17889] veth0_macvtap: entered promiscuous mode [ 504.293206][T17889] veth1_macvtap: entered promiscuous mode [ 504.583515][T18301] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3311'. [ 504.606009][T18301] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3311'. [ 504.622137][T17889] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 504.753317][T17889] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 504.875475][ T7918] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 504.913636][ T7918] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 504.999863][ T7918] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 505.013920][T18319] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3316'. [ 505.044860][ T7918] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 505.060834][T18319] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3316'. [ 505.117127][T18323] xt_recent: Unsupported userspace flags (000000b1) [ 505.298515][T18324] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 505.318479][T18324] CPU: 1 UID: 0 PID: 18324 Comm: syz.3.3317 Not tainted syzkaller #0 PREEMPT(full) [ 505.318509][T18324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 505.318521][T18324] Call Trace: [ 505.318530][T18324] [ 505.318539][T18324] dump_stack_lvl+0xe8/0x150 [ 505.318570][T18324] sysfs_warn_dup+0x8e/0xa0 [ 505.318649][T18324] sysfs_do_create_link_sd+0xc0/0x110 [ 505.318673][T18324] device_add_class_symlinks+0x1cf/0x240 [ 505.318790][T18324] device_add+0x467/0xb80 [ 505.318817][T18324] wiphy_register+0x1fc8/0x2ff0 [ 505.318932][T18324] ? __pfx_wiphy_register+0x10/0x10 [ 505.318961][T18324] ? __pfx_netdev_run_todo+0x10/0x10 [ 505.319055][T18324] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 505.319127][T18324] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 505.319217][T18324] ieee80211_register_hw+0x3d3d/0x4a50 [ 505.319309][T18324] ? ieee80211_register_hw+0x1961/0x4a50 [ 505.319369][T18324] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 505.319404][T18324] ? __asan_memset+0x22/0x50 [ 505.319431][T18324] ? __hrtimer_setup+0x1b7/0x260 [ 505.319473][T18324] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 505.319548][T18324] mac80211_hwsim_new_radio+0x3238/0x5680 [ 505.319599][T18324] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 505.319618][T18324] ? kstrndup+0xbd/0x160 [ 505.319655][T18324] ? kstrndup+0xbd/0x160 [ 505.319677][T18324] hwsim_new_radio_nl+0xd8b/0xf90 [ 505.319749][T18324] genl_family_rcv_msg_doit+0x233/0x340 [ 505.319854][T18324] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 505.319896][T18324] ? bpf_lsm_capable+0x9/0x20 [ 505.319914][T18324] ? security_capable+0x7e/0x2c0 [ 505.319988][T18324] genl_rcv_msg+0x614/0x7a0 [ 505.320031][T18324] ? __pfx_genl_rcv_msg+0x10/0x10 [ 505.320057][T18324] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 505.320089][T18324] ? __pfx_ref_tracker_free+0x10/0x10 [ 505.320130][T18324] netlink_rcv_skb+0x226/0x4a0 [ 505.320155][T18324] ? __pfx_genl_rcv_msg+0x10/0x10 [ 505.320183][T18324] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 505.320220][T18324] ? down_read+0x2be/0x330 [ 505.320277][T18324] genl_rcv+0x28/0x40 [ 505.320301][T18324] netlink_unicast+0x7bb/0x940 [ 505.320330][T18324] netlink_sendmsg+0x813/0xb40 [ 505.320358][T18324] ? __pfx_netlink_sendmsg+0x10/0x10 [ 505.320384][T18324] ? aa_sock_msg_perm+0xf1/0x1b0 [ 505.320414][T18324] ? __pfx_netlink_sendmsg+0x10/0x10 [ 505.320434][T18324] sock_sendmsg_nosec+0x13a/0x180 [ 505.320502][T18324] ____sys_sendmsg+0x54e/0x850 [ 505.320529][T18324] ? __pfx_____sys_sendmsg+0x10/0x10 [ 505.320561][T18324] ? import_iovec+0x73/0xa0 [ 505.320632][T18324] ___sys_sendmsg+0x2a5/0x360 [ 505.320653][T18324] ? __lock_acquire+0x683/0x2cf0 [ 505.320686][T18324] ? __pfx____sys_sendmsg+0x10/0x10 [ 505.320710][T18324] ? futex_wait+0x2a2/0x390 [ 505.320786][T18324] ? __fget_files+0x2a/0x420 [ 505.320814][T18324] ? __fget_files+0x3a2/0x420 [ 505.320846][T18324] __x64_sys_sendmsg+0x1b1/0x290 [ 505.320870][T18324] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 505.320910][T18324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.320931][T18324] do_syscall_64+0x174/0x580 [ 505.320950][T18324] ? trace_irq_disable+0x3b/0x140 [ 505.320974][T18324] ? clear_bhb_loop+0x40/0x90 [ 505.320999][T18324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.321018][T18324] RIP: 0033:0x7fabbfd9ce59 [ 505.321044][T18324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 505.321061][T18324] RSP: 002b:00007fabc0cc6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 505.321082][T18324] RAX: ffffffffffffffda RBX: 00007fabc0015fa0 RCX: 00007fabbfd9ce59 [ 505.321096][T18324] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 505.321108][T18324] RBP: 00007fabbfe32e6f R08: 0000000000000000 R09: 0000000000000000 [ 505.321120][T18324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 505.321131][T18324] R13: 00007fabc0016038 R14: 00007fabc0015fa0 R15: 00007ffcc2e560d8 [ 505.321166][T18324] [ 505.986018][ T9996] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 505.993868][ T9996] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 506.056917][ T9999] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 506.070596][ T9999] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 506.503536][T18349] netlink: 'syz.2.3324': attribute type 1 has an invalid length. [ 506.576273][T18349] netlink: 'syz.2.3324': attribute type 1 has an invalid length. [ 506.587103][T18349] netlink: 'syz.2.3324': attribute type 1 has an invalid length. [ 506.625266][T18349] netlink: 'syz.2.3324': attribute type 2 has an invalid length. [ 506.683832][T18349] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3324'. [ 506.964592][ T5637] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 506.979883][ T5637] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 506.991305][ T5637] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 507.003583][ T5637] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 507.012310][ T5637] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 507.535449][T18396] xt_hashlimit: size too large, truncated to 1048576 [ 507.575223][T18400] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3337'. [ 507.597878][T18399] netlink: 264 bytes leftover after parsing attributes in process `syz.2.3338'. [ 507.952621][T18409] tc action pedit offset must be on 32 bit boundaries [ 507.984781][T18409] netlink: 'syz.2.3340': attribute type 1 has an invalid length. [ 508.016462][T18363] lo speed is unknown, defaulting to 1000 [ 508.032193][T18363] xfrm0 speed is unknown, defaulting to 1000 [ 508.257089][T18422] debugfs: '1ùà^!' already exists in 'ieee80211' [ 508.344646][T18422] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3344'. [ 508.465252][T18422] tap0: tun_chr_ioctl cmd 1074025676 [ 508.484472][T18422] tap0: owner set to 0 [ 508.582340][T18432] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3349'. [ 508.649190][T18363] lo speed is unknown, defaulting to 1000 [ 508.828001][T18444] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3353'. [ 509.008159][T18453] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3355'. [ 509.078524][ T5637] Bluetooth: hci2: command tx timeout [ 509.294017][T18464] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3359'. [ 509.314430][T18464] xt_l2tp: wrong L2TP version: 0 [ 509.403734][T18432] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 509.411047][T18363] bridge0: port 1(bridge_slave_0) entered blocking state [ 509.418606][T18363] bridge0: port 1(bridge_slave_0) entered disabled state [ 509.427323][T18363] bridge_slave_0: entered allmulticast mode [ 509.435130][T18363] bridge_slave_0: entered promiscuous mode [ 509.444464][T18363] bridge0: port 2(bridge_slave_1) entered blocking state [ 509.454492][T18363] bridge0: port 2(bridge_slave_1) entered disabled state [ 509.462517][T18363] bridge_slave_1: entered allmulticast mode [ 509.470840][T18363] bridge_slave_1: entered promiscuous mode [ 509.512566][T18363] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 509.525759][T18363] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 509.648717][T18473] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3360'. [ 509.650202][T18363] team0: Port device team_slave_0 added [ 509.727560][T18363] team0: Port device team_slave_1 added [ 509.848297][T18473] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3360'. [ 509.859206][T18363] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 509.895034][T18363] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 509.921512][T18363] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 509.967280][T18363] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 509.974316][T18363] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 510.000885][T18363] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 510.066677][T18487] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3363'. [ 510.303171][T18363] hsr_slave_0: entered promiscuous mode [ 510.331334][T18363] hsr_slave_1: entered promiscuous mode [ 510.337963][T18363] debugfs: 'hsr0' already exists in 'hsr' [ 510.343714][T18363] Cannot create hsr debugfs directory [ 510.652507][T18512] netlink: 'syz.1.3372': attribute type 1 has an invalid length. [ 510.723784][T18512] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 510.809877][T18363] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 510.874644][T18363] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.884940][T18363] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 511.156428][ T5637] Bluetooth: hci2: command tx timeout [ 511.716220][ C1] bridge0: port 4(gretap0) entered forwarding state [ 511.722868][ C1] bridge0: topology change detected, propagating [ 511.729651][ C1] bridge0: port 2(bridge_slave_1) entered forwarding state [ 511.736881][ C1] bridge0: topology change detected, propagating [ 511.743415][ C1] bridge0: port 1(bridge_slave_0) entered forwarding state [ 511.750632][ C1] bridge0: topology change detected, propagating [ 511.772265][T18363] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 511.782563][T18363] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 511.792836][T18363] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 512.095479][T18583] FAULT_INJECTION: forcing a failure. [ 512.095479][T18583] name failslab, interval 1, probability 0, space 0, times 1 [ 512.108119][T18583] CPU: 1 UID: 0 PID: 18583 Comm: syz.1.3385 Not tainted syzkaller #0 PREEMPT(full) [ 512.108146][T18583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 512.108156][T18583] Call Trace: [ 512.108163][T18583] [ 512.108170][T18583] dump_stack_lvl+0xe8/0x150 [ 512.108199][T18583] should_fail_ex+0x40c/0x560 [ 512.108317][T18583] should_failslab+0xa8/0x100 [ 512.108343][T18583] kmem_cache_alloc_node_noprof+0xb3/0x610 [ 512.108371][T18583] ? local_lock_release+0x9c/0x160 [ 512.108441][T18583] ? __alloc_skb+0x1d7/0x7a0 [ 512.108455][T18583] ? __alloc_skb+0x1d7/0x7a0 [ 512.108479][T18583] __alloc_skb+0x1d7/0x7a0 [ 512.108501][T18583] netlink_sendmsg+0x5d4/0xb40 [ 512.108531][T18583] ? __pfx_netlink_sendmsg+0x10/0x10 [ 512.108555][T18583] ? aa_sock_msg_perm+0xf1/0x1b0 [ 512.108581][T18583] ? __pfx_netlink_sendmsg+0x10/0x10 [ 512.108600][T18583] sock_sendmsg_nosec+0x13a/0x180 [ 512.108627][T18583] ____sys_sendmsg+0x54e/0x850 [ 512.108652][T18583] ? __pfx_____sys_sendmsg+0x10/0x10 [ 512.108679][T18583] ? import_iovec+0x73/0xa0 [ 512.108709][T18583] ___sys_sendmsg+0x2a5/0x360 [ 512.108727][T18583] ? __lock_acquire+0x683/0x2cf0 [ 512.108749][T18583] ? __pfx____sys_sendmsg+0x10/0x10 [ 512.108802][T18583] ? __fget_files+0x2a/0x420 [ 512.108820][T18583] ? __fget_files+0x3a2/0x420 [ 512.108846][T18583] __x64_sys_sendmsg+0x1b1/0x290 [ 512.108870][T18583] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 512.108909][T18583] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.108929][T18583] do_syscall_64+0x174/0x580 [ 512.108949][T18583] ? trace_irq_disable+0x3b/0x140 [ 512.108968][T18583] ? clear_bhb_loop+0x40/0x90 [ 512.108988][T18583] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 512.109006][T18583] RIP: 0033:0x7f4e0999ce59 [ 512.109024][T18583] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 512.109040][T18583] RSP: 002b:00007f4e0a7b8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 512.109058][T18583] RAX: ffffffffffffffda RBX: 00007f4e09c15fa0 RCX: 00007f4e0999ce59 [ 512.109071][T18583] RDX: 0000000000040000 RSI: 0000200000000100 RDI: 0000000000000004 [ 512.109082][T18583] RBP: 00007f4e0a7b8090 R08: 0000000000000000 R09: 0000000000000000 [ 512.109092][T18583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 512.109102][T18583] R13: 00007f4e09c16038 R14: 00007f4e09c15fa0 R15: 00007ffe396aaae8 [ 512.109130][T18583] [ 512.612303][T18363] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 512.622959][T18363] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 512.668554][T18363] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 512.792401][T18603] netlink: 'syz.1.3392': attribute type 17 has an invalid length. [ 512.820654][T18603] __nla_validate_parse: 11 callbacks suppressed [ 512.820671][T18603] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3392'. [ 512.835799][T18603] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3392'. [ 512.877069][T18603] gretap0: entered promiscuous mode [ 512.900448][T18603] gretap0: left promiscuous mode [ 512.982216][T18611] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3396'. [ 513.070615][T18616] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3398'. [ 513.215535][T18363] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 513.225838][T18363] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 513.236058][ T5637] Bluetooth: hci2: command tx timeout [ 513.250662][T18363] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 513.433622][T18630] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3402'. [ 513.633874][T18643] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3405'. [ 513.662714][T18644] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3404'. [ 513.755322][T18650] RDS: rds_bind could not find a transport for ::ffff:172.30.0.3, load rds_tcp or rds_rdma? [ 513.892579][T18644] bond0: (slave bond_slave_1): Error: Device is in use and cannot be enslaved [ 514.068036][T18658] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3410'. [ 514.119525][T18658] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3410'. [ 514.149950][T18363] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 514.159289][T18363] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 514.168091][T18363] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 514.210465][T18363] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 514.219266][T18661] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3411'. [ 514.229108][T18363] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 514.238059][T18363] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 514.245829][ T3310] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 514.253886][ T3310] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 514.261948][T18363] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 514.286329][ T6684] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 514.298141][T18363] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 514.369646][T18363] 8021q: adding VLAN 0 to HW filter on device bond0 [ 514.402295][T18363] 8021q: adding VLAN 0 to HW filter on device team0 [ 514.424109][ T3310] bridge0: port 1(bridge_slave_0) entered blocking state [ 514.431263][ T3310] bridge0: port 1(bridge_slave_0) entered forwarding state [ 514.441714][ T3310] bridge0: port 2(bridge_slave_1) entered blocking state [ 514.448909][ T3310] bridge0: port 2(bridge_slave_1) entered forwarding state [ 514.656948][T18673] netlink: 'syz.0.3414': attribute type 1 has an invalid length. [ 514.866093][ T6683] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 514.945935][ T6684] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 515.001786][T18692] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 515.317048][ T5637] Bluetooth: hci2: command tx timeout [ 515.674477][T18733] debugfs: '1ùà^!' already exists in 'ieee80211' [ 515.785015][T18363] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 516.346056][T18743] IPVS: persistence engine module ip_vs_pe_• not found [ 516.355681][T18363] veth0_vlan: entered promiscuous mode [ 516.422337][T18363] veth1_vlan: entered promiscuous mode [ 516.647768][T18363] veth0_macvtap: entered promiscuous mode [ 516.711628][T18363] veth1_macvtap: entered promiscuous mode [ 516.871252][T18363] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 516.898938][T18363] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 516.932147][ T9998] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 516.974285][ T9998] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.049306][ T9998] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.064938][ T9998] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.138231][T18775] netlink: 'syz.4.3436': attribute type 1 has an invalid length. [ 517.244457][T18775] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 517.288353][ T8344] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 517.304956][ T8344] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 517.523358][ T1353] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 517.577601][ T1353] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 517.844065][T18687] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 517.956379][T18813] netlink: 'syz.4.3444': attribute type 1 has an invalid length. [ 517.964142][T18813] __nla_validate_parse: 7 callbacks suppressed [ 517.964156][T18813] netlink: 16130 bytes leftover after parsing attributes in process `syz.4.3444'. [ 518.404858][T18837] netlink: 'syz.4.3447': attribute type 3 has an invalid length. [ 518.436533][T18836] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3448'. [ 518.455675][T18836] macsec2: entered promiscuous mode [ 518.461230][T18836] bridge0: entered promiscuous mode [ 518.468327][T18836] macsec2: entered allmulticast mode [ 518.473638][T18836] bridge0: entered allmulticast mode [ 518.504986][T18836] bridge0: port 3(macsec2) entered blocking state [ 518.551776][ T7915] nci: nci_ntf_packet: unsupported ntf opcode 0xf05 [ 518.580466][T18836] bridge0: port 3(macsec2) entered disabled state [ 518.639422][T18844] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3442'. [ 518.661723][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 518.729931][ T4944] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 518.742271][ T4944] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 518.754235][ T4944] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 518.766556][ T4944] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 518.776025][ T4944] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 518.827946][T18836] bridge0: left allmulticast mode [ 518.868537][ T6685] bridge0: left promiscuous mode [ 519.299126][T18846] lo speed is unknown, defaulting to 1000 [ 519.309429][T18846] xfrm0 speed is unknown, defaulting to 1000 [ 519.539138][T18846] lo speed is unknown, defaulting to 1000 [ 519.650187][T18877] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3450'. [ 519.662775][T18877] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3450'. [ 519.726706][T18879] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3451'. [ 519.782861][T18879] x_tables: unsorted entry at hook 1 [ 519.871751][T18846] bridge0: port 1(bridge_slave_0) entered blocking state [ 519.879634][T18846] bridge0: port 1(bridge_slave_0) entered disabled state [ 519.887622][T18846] bridge_slave_0: entered allmulticast mode [ 519.906574][T18846] bridge_slave_0: entered promiscuous mode [ 519.915380][T18846] bridge0: port 2(bridge_slave_1) entered blocking state [ 519.922543][T18846] bridge0: port 2(bridge_slave_1) entered disabled state [ 519.929782][T18846] bridge_slave_1: entered allmulticast mode [ 519.937540][T18846] bridge_slave_1: entered promiscuous mode [ 519.965459][T18846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 519.977026][T18846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 520.028328][T18846] team0: Port device team_slave_0 added [ 520.036950][T18846] team0: Port device team_slave_1 added [ 520.083334][T18846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 520.090322][T18846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 520.125976][T18846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 520.138210][T18846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 520.145150][T18846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 520.171005][T18846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 520.210403][T18846] hsr_slave_0: entered promiscuous mode [ 520.217311][T18846] hsr_slave_1: entered promiscuous mode [ 520.234088][T18846] debugfs: 'hsr0' already exists in 'hsr' [ 520.239853][T18846] Cannot create hsr debugfs directory [ 520.378462][T18846] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 520.579442][T18846] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 520.707612][T18846] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 520.804089][T18846] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 520.835805][ T4944] Bluetooth: hci3: command tx timeout [ 520.989411][T18818] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 521.089281][T18846] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 521.192118][T18846] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 521.244741][T18846] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 521.260357][T18893] netlink: 'syz.4.3453': attribute type 1 has an invalid length. [ 521.352938][T18846] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 521.420938][T18899] bond0: (slave bond_slave_0): Releasing backup interface [ 521.596920][T18915] IPv6: NLM_F_CREATE should be specified when creating new route [ 522.023215][T18893] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 522.024401][T18846] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 522.133727][T18846] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 522.301932][T18846] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 522.423281][T18846] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 522.702744][T18966] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3465'. [ 522.840285][T18971] netlink: 256 bytes leftover after parsing attributes in process `syz.0.3467'. [ 522.862333][T18965] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3464'. [ 522.916814][ T4944] Bluetooth: hci3: command tx timeout [ 522.948489][T18846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 522.957562][T18965] syzkaller0: entered promiscuous mode [ 522.964699][T18965] syzkaller0: entered allmulticast mode [ 523.032501][T18846] 8021q: adding VLAN 0 to HW filter on device team0 [ 523.041335][T18978] syzkaller0: entered promiscuous mode [ 523.058476][T18978] syzkaller0: entered allmulticast mode [ 523.131302][T18978] netlink: 144 bytes leftover after parsing attributes in process `syz.4.3470'. [ 523.409294][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 523.418161][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 523.435371][ T57] bridge0: port 2(bridge_slave_1) entered blocking state [ 523.442544][ T57] bridge0: port 2(bridge_slave_1) entered forwarding state [ 523.638632][T18999] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3473'. [ 523.949201][T19011] tipc: Failed to remove unknown binding: 66,1,1/0:2121647867/2121647869 [ 524.297715][T19022] syzkaller0: entered promiscuous mode [ 524.321225][T19022] syzkaller0: entered allmulticast mode [ 524.605082][T19045] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3482'. [ 524.662734][T18846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 524.671738][T19045] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3482'. [ 524.682028][T19045] netlink: 2 bytes leftover after parsing attributes in process `syz.1.3482'. [ 524.692139][T19045] veth1_to_bridge: entered allmulticast mode [ 524.699413][T19045] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3482'. [ 524.708906][T19045] netlink: 2 bytes leftover after parsing attributes in process `syz.1.3482'. [ 524.960702][T18846] veth0_vlan: entered promiscuous mode [ 524.996351][ T4944] Bluetooth: hci3: command tx timeout [ 525.016432][T18846] veth1_vlan: entered promiscuous mode [ 525.092559][T18846] veth0_macvtap: entered promiscuous mode [ 525.134341][T18846] veth1_macvtap: entered promiscuous mode [ 525.264305][T18846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 525.333091][T18846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 525.418406][T19068] netlink: 'syz.1.3489': attribute type 2 has an invalid length. [ 525.427934][T19056] lo speed is unknown, defaulting to 1000 [ 525.429769][ T9999] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 525.445533][ T9999] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 525.456499][T19068] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3489'. [ 525.532971][T19056] xfrm0 speed is unknown, defaulting to 1000 [ 525.532992][ T9999] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 525.599229][ T57] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 525.737751][ T9999] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 525.745602][ T9999] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 525.871657][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 525.884854][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 525.991153][T19062] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3485'. [ 526.122452][T19062] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3485'. [ 526.332303][T19056] lo speed is unknown, defaulting to 1000 [ 526.403212][T19104] Bluetooth: MGMT ver 1.23 [ 527.000107][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 527.076695][ T4944] Bluetooth: hci3: command tx timeout [ 527.393547][T19109] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 527.589823][T19134] netlink: 'syz.2.3507': attribute type 1 has an invalid length. [ 527.973745][T19153] veth0_to_bond: entered allmulticast mode [ 528.491118][T19180] openvswitch: netlink: Tunnel attr 768 out of range max 16 [ 528.828790][T19196] netlink: 'syz.2.3528': attribute type 1 has an invalid length. [ 528.830481][T19186] bond1: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 528.860419][T19193] openvswitch: netlink: VXLAN extension message has 8 unknown bytes. [ 528.945515][T19186] bond1 (unregistering): Released all slaves [ 529.070696][T19204] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 529.219310][T19206] syzkaller0: entered promiscuous mode [ 529.224833][T19206] syzkaller0: entered allmulticast mode [ 529.278495][T19214] __nla_validate_parse: 5 callbacks suppressed [ 529.278515][T19214] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3533'. [ 529.335777][T19214] netlink: 25 bytes leftover after parsing attributes in process `syz.4.3533'. [ 529.482418][T19223] ieee802154 phy0 wpan0: encryption failed: -22 [ 529.775726][T19237] FAULT_INJECTION: forcing a failure. [ 529.775726][T19237] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 529.836824][T19237] CPU: 0 UID: 0 PID: 19237 Comm: syz.0.3541 Not tainted syzkaller #0 PREEMPT(full) [ 529.836851][T19237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 529.836863][T19237] Call Trace: [ 529.836870][T19237] [ 529.836877][T19237] dump_stack_lvl+0xe8/0x150 [ 529.836907][T19237] should_fail_ex+0x40c/0x560 [ 529.836933][T19237] _copy_from_iter+0x1d3/0x1660 [ 529.837047][T19237] ? unwind_next_frame+0x8f/0x2550 [ 529.837083][T19237] ? __lock_acquire+0x683/0x2cf0 [ 529.837099][T19237] ? __pfx__copy_from_iter+0x10/0x10 [ 529.837133][T19237] tun_get_user+0x259/0x4370 [ 529.837233][T19237] ? aa_file_perm+0x18b/0x15f0 [ 529.837256][T19237] ? aa_file_perm+0x4ed/0x15f0 [ 529.837274][T19237] ? __pfx_tun_get_user+0x10/0x10 [ 529.837297][T19237] ? __lock_acquire+0x683/0x2cf0 [ 529.837315][T19237] ? kstrtoull+0x12f/0x1d0 [ 529.837362][T19237] ? ref_tracker_alloc+0x341/0x4b0 [ 529.837383][T19237] ? get_pid_task+0x20/0x1f0 [ 529.837405][T19237] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 529.837427][T19237] ? tun_get+0x1c/0x2f0 [ 529.837448][T19237] ? tun_get+0x1c/0x2f0 [ 529.837474][T19237] ? tun_get+0x1c/0x2f0 [ 529.837495][T19237] ? tun_get+0x1c/0x2f0 [ 529.837519][T19237] tun_chr_write_iter+0x113/0x200 [ 529.837543][T19237] vfs_write+0x612/0xba0 [ 529.837572][T19237] ? __pfx_vfs_write+0x10/0x10 [ 529.837597][T19237] ? __fget_files+0x2a/0x420 [ 529.837618][T19237] ksys_write+0x150/0x270 [ 529.837638][T19237] ? __pfx_ksys_write+0x10/0x10 [ 529.837664][T19237] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.837681][T19237] do_syscall_64+0x174/0x580 [ 529.837696][T19237] ? trace_irq_disable+0x3b/0x140 [ 529.837710][T19237] ? clear_bhb_loop+0x40/0x90 [ 529.837728][T19237] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.837743][T19237] RIP: 0033:0x7fa4ea99ce59 [ 529.837759][T19237] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 529.837772][T19237] RSP: 002b:00007fa4eb7d0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 529.837788][T19237] RAX: ffffffffffffffda RBX: 00007fa4eac15fa0 RCX: 00007fa4ea99ce59 [ 529.837799][T19237] RDX: 000000000000fdef RSI: 0000200000000440 RDI: 0000000000000003 [ 529.837809][T19237] RBP: 00007fa4eb7d0090 R08: 0000000000000000 R09: 0000000000000000 [ 529.837818][T19237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 529.837827][T19237] R13: 00007fa4eac16038 R14: 00007fa4eac15fa0 R15: 00007ffe54b67d28 [ 529.837851][T19237] [ 530.196844][T19240] xt_hl: Unknown Hop Limit match mode: 206 [ 530.280051][T19243] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3543'. [ 530.418017][T19240] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3542'. [ 530.657664][T19270] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3551'. [ 530.864631][T19282] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3552'. [ 530.985075][T19287] tipc: Enabling of bearer rejected, failed to enable media [ 531.070234][T19291] netlink: 'syz.3.3553': attribute type 9 has an invalid length. [ 531.379805][T19300] can: request_module (can-proto-0) failed. [ 531.451462][T19304] FAULT_INJECTION: forcing a failure. [ 531.451462][T19304] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 531.457060][T19307] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3560'. [ 531.538518][T19304] CPU: 1 UID: 0 PID: 19304 Comm: syz.4.3559 Not tainted syzkaller #0 PREEMPT(full) [ 531.538545][T19304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 531.538556][T19304] Call Trace: [ 531.538563][T19304] [ 531.538571][T19304] dump_stack_lvl+0xe8/0x150 [ 531.538599][T19304] should_fail_ex+0x40c/0x560 [ 531.538630][T19304] _copy_from_iter+0x1d3/0x1660 [ 531.538662][T19304] ? unwind_next_frame+0x8f/0x2550 [ 531.538689][T19304] ? __lock_acquire+0x683/0x2cf0 [ 531.538707][T19304] ? __pfx__copy_from_iter+0x10/0x10 [ 531.538744][T19304] tun_get_user+0x50c/0x4370 [ 531.538784][T19304] ? aa_file_perm+0x18b/0x15f0 [ 531.538810][T19304] ? aa_file_perm+0x4ed/0x15f0 [ 531.538831][T19304] ? __pfx_tun_get_user+0x10/0x10 [ 531.538860][T19304] ? __lock_acquire+0x683/0x2cf0 [ 531.538880][T19304] ? kstrtoull+0x12f/0x1d0 [ 531.538912][T19304] ? ref_tracker_alloc+0x341/0x4b0 [ 531.538936][T19304] ? get_pid_task+0x20/0x1f0 [ 531.538957][T19304] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 531.538985][T19304] ? tun_get+0x1c/0x2f0 [ 531.539010][T19304] ? tun_get+0x1c/0x2f0 [ 531.539041][T19304] ? tun_get+0x1c/0x2f0 [ 531.539064][T19304] ? tun_get+0x1c/0x2f0 [ 531.539093][T19304] tun_chr_write_iter+0x113/0x200 [ 531.539120][T19304] vfs_write+0x612/0xba0 [ 531.539150][T19304] ? __pfx_vfs_write+0x10/0x10 [ 531.539180][T19304] ? __fget_files+0x2a/0x420 [ 531.539208][T19304] ksys_write+0x150/0x270 [ 531.539241][T19304] ? __pfx_ksys_write+0x10/0x10 [ 531.539269][T19304] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.539288][T19304] do_syscall_64+0x174/0x580 [ 531.539305][T19304] ? trace_irq_disable+0x3b/0x140 [ 531.539322][T19304] ? clear_bhb_loop+0x40/0x90 [ 531.539343][T19304] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 531.539362][T19304] RIP: 0033:0x7fb0c119ce59 [ 531.539381][T19304] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 531.539397][T19304] RSP: 002b:00007fb0c1fab028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 531.539418][T19304] RAX: ffffffffffffffda RBX: 00007fb0c1415fa0 RCX: 00007fb0c119ce59 [ 531.539432][T19304] RDX: 000000000000fdef RSI: 0000200000000440 RDI: 0000000000000003 [ 531.539444][T19304] RBP: 00007fb0c1fab090 R08: 0000000000000000 R09: 0000000000000000 [ 531.539455][T19304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 531.539467][T19304] R13: 00007fb0c1416038 R14: 00007fb0c1415fa0 R15: 00007fffd55ae758 [ 531.539497][T19304] [ 531.543848][T19307] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3560'. [ 532.103401][T19322] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3563'. [ 532.426274][T19330] tipc: Can't bind to reserved service type 0 [ 532.903443][T19368] FAULT_INJECTION: forcing a failure. [ 532.903443][T19368] name failslab, interval 1, probability 0, space 0, times 0 [ 532.916207][T19368] CPU: 1 UID: 0 PID: 19368 Comm: syz.0.3577 Not tainted syzkaller #0 PREEMPT(full) [ 532.916234][T19368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 532.916246][T19368] Call Trace: [ 532.916253][T19368] [ 532.916259][T19368] dump_stack_lvl+0xe8/0x150 [ 532.916288][T19368] should_fail_ex+0x40c/0x560 [ 532.916319][T19368] should_failslab+0xa8/0x100 [ 532.916341][T19368] kmem_cache_alloc_node_noprof+0xb3/0x610 [ 532.916368][T19368] ? local_lock_release+0x9c/0x160 [ 532.916398][T19368] ? __alloc_skb+0x1d7/0x7a0 [ 532.916413][T19368] ? __alloc_skb+0x1d7/0x7a0 [ 532.916436][T19368] __alloc_skb+0x1d7/0x7a0 [ 532.916457][T19368] alloc_skb_with_frags+0xc6/0x760 [ 532.916571][T19368] sock_alloc_send_pskb+0x878/0x990 [ 532.916610][T19368] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 532.916642][T19368] ? iov_iter_advance+0x8b/0x1c0 [ 532.916675][T19368] tun_get_user+0x9a6/0x4370 [ 532.916717][T19368] ? aa_file_perm+0x18b/0x15f0 [ 532.916743][T19368] ? aa_file_perm+0x4ed/0x15f0 [ 532.916764][T19368] ? __pfx_tun_get_user+0x10/0x10 [ 532.916799][T19368] ? __lock_acquire+0x683/0x2cf0 [ 532.916818][T19368] ? kstrtoull+0x12f/0x1d0 [ 532.916841][T19368] ? ref_tracker_alloc+0x341/0x4b0 [ 532.916858][T19368] ? get_pid_task+0x20/0x1f0 [ 532.916874][T19368] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 532.916893][T19368] ? tun_get+0x1c/0x2f0 [ 532.916913][T19368] ? tun_get+0x1c/0x2f0 [ 532.916937][T19368] ? tun_get+0x1c/0x2f0 [ 532.916955][T19368] ? tun_get+0x1c/0x2f0 [ 532.916977][T19368] tun_chr_write_iter+0x113/0x200 [ 532.916998][T19368] vfs_write+0x612/0xba0 [ 532.917022][T19368] ? __pfx_vfs_write+0x10/0x10 [ 532.917044][T19368] ? __fget_files+0x2a/0x420 [ 532.917065][T19368] ksys_write+0x150/0x270 [ 532.917083][T19368] ? __pfx_ksys_write+0x10/0x10 [ 532.917105][T19368] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 532.917121][T19368] do_syscall_64+0x174/0x580 [ 532.917134][T19368] ? trace_irq_disable+0x3b/0x140 [ 532.917147][T19368] ? clear_bhb_loop+0x40/0x90 [ 532.917165][T19368] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 532.917178][T19368] RIP: 0033:0x7fa4ea99ce59 [ 532.917193][T19368] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 532.917205][T19368] RSP: 002b:00007fa4eb7d0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 532.917221][T19368] RAX: ffffffffffffffda RBX: 00007fa4eac15fa0 RCX: 00007fa4ea99ce59 [ 532.917232][T19368] RDX: 000000000000fdef RSI: 0000200000000440 RDI: 0000000000000003 [ 532.917240][T19368] RBP: 00007fa4eb7d0090 R08: 0000000000000000 R09: 0000000000000000 [ 532.917248][T19368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 532.917257][T19368] R13: 00007fa4eac16038 R14: 00007fa4eac15fa0 R15: 00007ffe54b67d28 [ 532.917279][T19368] [ 533.353942][T19370] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3578'. [ 533.815242][T19383] ip6t_srh: unknown srh invflags 4000 [ 533.910844][T19392] netlink: 'syz.0.3584': attribute type 1 has an invalid length. [ 533.934400][T19397] netlink: 'syz.2.3585': attribute type 4 has an invalid length. [ 533.948385][T19392] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 533.965147][T19395] netlink: 'syz.2.3585': attribute type 4 has an invalid length. [ 534.180677][T19403] netlink: 'syz.3.3587': attribute type 1 has an invalid length. [ 534.242411][T19403] netlink: 'syz.3.3587': attribute type 4 has an invalid length. [ 534.273701][T19406] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 534.299034][T19403] __nla_validate_parse: 1 callbacks suppressed [ 534.299061][T19403] netlink: 17 bytes leftover after parsing attributes in process `syz.3.3587'. [ 534.415862][T19406] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3589'. [ 534.424848][T19406] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3589'. [ 534.648139][T19426] netlink: 'syz.3.3597': attribute type 1 has an invalid length. [ 534.658001][T19426] netlink: 'syz.3.3597': attribute type 4 has an invalid length. [ 534.673487][T19426] netlink: 9422 bytes leftover after parsing attributes in process `syz.3.3597'. [ 534.701315][T19426] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3597'. [ 535.150308][T19441] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3601'. [ 535.249356][T19452] netlink: 'syz.4.3604': attribute type 21 has an invalid length. [ 535.293352][T19446] syzkaller0: entered promiscuous mode [ 535.305508][T19446] syzkaller0: entered allmulticast mode [ 535.544131][T19460] bond1: option fail_over_mac: invalid value (16) [ 535.551964][T19465] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3606'. [ 535.562437][T19456] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3603'. [ 535.583694][T19465] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3606'. [ 535.592683][T19465] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3606'. [ 535.611104][T19460] bond1 (unregistering): Released all slaves [ 535.861686][T19458] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 535.968374][T19482] netlink: get zone limit has 8 unknown bytes [ 536.396084][T19458] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 536.700754][T19508] netlink: 'syz.1.3616': attribute type 1 has an invalid length. [ 536.727922][T19508] netlink: 'syz.1.3616': attribute type 11 has an invalid length. [ 537.010410][T19521] block nbd0: Unsupported socket: should be TCP or UNIX. [ 537.068929][T19458] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 537.255660][T19525] bond1: Removing last arp target with arp_interval on [ 537.598458][T19458] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 537.733553][T19571] netdevsim netdevsim0: Direct firmware load for  failed with error -2 [ 537.745311][T19571] netdevsim netdevsim0: Falling back to sysfs fallback for:  [ 537.921345][T19582] bridge0: port 2(bridge_slave_1) entered disabled state [ 537.928926][T19582] bridge0: port 1(bridge_slave_0) entered disabled state [ 538.043566][ T59] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 538.057857][ T8341] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 538.073080][ T8341] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 538.111074][ T8341] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 538.181019][T19591] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 539.118869][T19637] xt_NFQUEUE: number of queues (62232) out of range (got 67565) [ 539.138771][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.150466][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.175108][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.183591][T19637] team0 (unregistering): Port device team_slave_0 removed [ 539.230854][T19637] team0 (unregistering): Port device team_slave_1 removed [ 539.273273][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.284874][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.333375][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.344702][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.344729][T19648] netlink: 'syz.3.3647': attribute type 23 has an invalid length. [ 539.381600][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.394586][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.455360][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.480927][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.492287][T19650] syzkaller0: entered promiscuous mode [ 539.499404][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.504228][T19650] syzkaller0: entered allmulticast mode [ 539.530431][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.538817][T19652] __nla_validate_parse: 13 callbacks suppressed [ 539.538836][T19652] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3653'. [ 539.559219][T19652] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3653'. [ 539.563094][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.568275][T19652] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3653'. [ 539.582421][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.644708][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.704985][T19652] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 539.705162][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.711827][T19652] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 539.740599][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.753089][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.772265][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.801570][ T5637] Bluetooth: hci3: command 0x0405 tx timeout [ 539.845016][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.870169][T19654] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3654'. [ 539.888697][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.913978][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.923597][T19663] gtp0: entered promiscuous mode [ 539.928985][T19663] gtp0: entered allmulticast mode [ 539.938285][T19654] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3654'. [ 539.950669][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 539.984474][T19664] gtp1: entered promiscuous mode [ 540.003033][T19664] gtp1: entered allmulticast mode [ 540.012518][T19635] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.033285][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.059503][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.088794][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.100011][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.111286][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.135817][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.149288][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.160549][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.165953][T19667] netlink: 108 bytes leftover after parsing attributes in process `syz.0.3658'. [ 540.171753][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.273939][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.287193][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.318265][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.332326][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.353909][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.379074][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.396596][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.421538][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.435411][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.468395][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.517661][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.551723][T19684] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3663'. [ 540.556925][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.575900][T19683] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3663'. [ 540.628652][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.672400][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.730575][T19641] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 540.800008][T19697] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3666'. [ 540.822403][T19695] debugfs: '1ùà^!' already exists in 'ieee80211' [ 541.014276][T19705] netlink: 7 bytes leftover after parsing attributes in process `syz.0.3670'. [ 541.166476][T19711] netlink: 'syz.2.3672': attribute type 11 has an invalid length. [ 541.262377][T19724] SET target dimension over the limit! [ 541.410099][T19726] netlink: 'syz.2.3676': attribute type 6 has an invalid length. [ 541.695662][T19741] netlink: 'syz.0.3680': attribute type 7 has an invalid length. [ 541.712544][ T7918] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 541.722822][ T7918] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 541.731606][ T7918] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 541.767222][T19741] netlink: 'syz.0.3680': attribute type 7 has an invalid length. [ 541.801003][ T7918] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 541.829276][T19745] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 541.845577][T19745] CPU: 0 UID: 0 PID: 19745 Comm: syz.1.3683 Not tainted syzkaller #0 PREEMPT(full) [ 541.845602][T19745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 541.845613][T19745] Call Trace: [ 541.845621][T19745] [ 541.845629][T19745] dump_stack_lvl+0xe8/0x150 [ 541.845658][T19745] sysfs_warn_dup+0x8e/0xa0 [ 541.845691][T19745] sysfs_do_create_link_sd+0xc0/0x110 [ 541.845714][T19745] device_add_class_symlinks+0x1cf/0x240 [ 541.845745][T19745] device_add+0x467/0xb80 [ 541.845772][T19745] wiphy_register+0x1fc8/0x2ff0 [ 541.845819][T19745] ? __pfx_wiphy_register+0x10/0x10 [ 541.845844][T19745] ? __pfx_netdev_run_todo+0x10/0x10 [ 541.845866][T19745] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 541.845897][T19745] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 541.845931][T19745] ieee80211_register_hw+0x3d3d/0x4a50 [ 541.845974][T19745] ? ieee80211_register_hw+0x1961/0x4a50 [ 541.846028][T19745] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 541.846062][T19745] ? __asan_memset+0x22/0x50 [ 541.846090][T19745] ? __hrtimer_setup+0x1b7/0x260 [ 541.846115][T19745] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 541.846140][T19745] mac80211_hwsim_new_radio+0x3238/0x5680 [ 541.846189][T19745] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 541.846207][T19745] ? kstrndup+0xbd/0x160 [ 541.846243][T19745] ? kstrndup+0xbd/0x160 [ 541.846264][T19745] hwsim_new_radio_nl+0xd8b/0xf90 [ 541.846309][T19745] genl_family_rcv_msg_doit+0x233/0x340 [ 541.846340][T19745] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 541.846381][T19745] ? bpf_lsm_capable+0x9/0x20 [ 541.846398][T19745] ? security_capable+0x7e/0x2c0 [ 541.846427][T19745] genl_rcv_msg+0x614/0x7a0 [ 541.846458][T19745] ? __pfx_genl_rcv_msg+0x10/0x10 [ 541.846481][T19745] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 541.846510][T19745] ? __pfx_ref_tracker_free+0x10/0x10 [ 541.846547][T19745] netlink_rcv_skb+0x226/0x4a0 [ 541.846570][T19745] ? __pfx_genl_rcv_msg+0x10/0x10 [ 541.846596][T19745] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 541.846631][T19745] ? down_read+0x2be/0x330 [ 541.846654][T19745] genl_rcv+0x28/0x40 [ 541.846675][T19745] netlink_unicast+0x7bb/0x940 [ 541.846705][T19745] netlink_sendmsg+0x813/0xb40 [ 541.846736][T19745] ? __pfx_netlink_sendmsg+0x10/0x10 [ 541.846762][T19745] ? aa_sock_msg_perm+0xf1/0x1b0 [ 541.846790][T19745] ? __pfx_netlink_sendmsg+0x10/0x10 [ 541.846810][T19745] sock_sendmsg_nosec+0x13a/0x180 [ 541.846840][T19745] ____sys_sendmsg+0x54e/0x850 [ 541.846868][T19745] ? __pfx_____sys_sendmsg+0x10/0x10 [ 541.846901][T19745] ? import_iovec+0x73/0xa0 [ 541.846924][T19745] ___sys_sendmsg+0x2a5/0x360 [ 541.846944][T19745] ? __lock_acquire+0x683/0x2cf0 [ 541.846970][T19745] ? __pfx____sys_sendmsg+0x10/0x10 [ 541.846995][T19745] ? futex_wait+0x2a2/0x390 [ 541.847054][T19745] ? __fget_files+0x2a/0x420 [ 541.847073][T19745] ? __fget_files+0x3a2/0x420 [ 541.847103][T19745] __x64_sys_sendmsg+0x1b1/0x290 [ 541.847128][T19745] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 541.847170][T19745] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.847193][T19745] do_syscall_64+0x174/0x580 [ 541.847211][T19745] ? trace_irq_disable+0x3b/0x140 [ 541.847237][T19745] ? clear_bhb_loop+0x40/0x90 [ 541.847263][T19745] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.847281][T19745] RIP: 0033:0x7f4e0999ce59 [ 541.847301][T19745] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 541.847318][T19745] RSP: 002b:00007f4e0a7b8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 541.847339][T19745] RAX: ffffffffffffffda RBX: 00007f4e09c15fa0 RCX: 00007f4e0999ce59 [ 541.847353][T19745] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 541.847365][T19745] RBP: 00007f4e09a32e6f R08: 0000000000000000 R09: 0000000000000000 [ 541.847377][T19745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 541.847388][T19745] R13: 00007f4e09c16038 R14: 00007f4e09c15fa0 R15: 00007ffe396aaae8 [ 541.847419][T19745] [ 542.795462][T19769] bridge2: entered promiscuous mode [ 542.819730][T19769] bridge2: entered allmulticast mode [ 542.829694][T19774] xt_TCPMSS: Only works on TCP SYN packets [ 542.849694][T19769] bridge3: entered promiscuous mode [ 542.855072][T19769] bridge3: entered allmulticast mode [ 542.901800][T19769] bridge4: entered promiscuous mode [ 542.907901][T19769] bridge4: entered allmulticast mode [ 542.944555][T19769] bridge5: entered promiscuous mode [ 542.951158][T19769] bridge5: entered allmulticast mode [ 543.003677][T19769] bridge6: entered promiscuous mode [ 543.008993][T19769] bridge6: entered allmulticast mode [ 543.035189][T19769] bridge7: entered promiscuous mode [ 543.040547][T19769] bridge7: entered allmulticast mode [ 543.116808][T19769] bridge8: entered promiscuous mode [ 543.131984][T19769] bridge8: entered allmulticast mode [ 543.148492][T19769] bridge9: entered promiscuous mode [ 543.153742][T19769] bridge9: entered allmulticast mode [ 543.168247][T19785] lo speed is unknown, defaulting to 1000 [ 543.196553][T19769] bridge10: entered promiscuous mode [ 543.201893][T19769] bridge10: entered allmulticast mode [ 543.217732][T19769] bridge11: entered promiscuous mode [ 543.223130][T19769] bridge11: entered allmulticast mode [ 543.242657][T19769] bridge12: entered promiscuous mode [ 543.248050][T19769] bridge12: entered allmulticast mode [ 543.263840][T19769] bridge13: entered promiscuous mode [ 543.270844][T19769] bridge13: entered allmulticast mode [ 543.324558][T19769] bridge14: entered promiscuous mode [ 543.353606][T19769] bridge14: entered allmulticast mode [ 543.376698][T19769] bridge15: entered promiscuous mode [ 543.382103][T19769] bridge15: entered allmulticast mode [ 543.402825][T19769] bridge16: entered promiscuous mode [ 543.435903][T19769] bridge16: entered allmulticast mode [ 543.499977][T19769] bridge17: entered promiscuous mode [ 543.514954][T19769] bridge17: entered allmulticast mode [ 543.742188][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 544.558932][T19818] __nla_validate_parse: 2 callbacks suppressed [ 544.558949][T19818] netlink: 180 bytes leftover after parsing attributes in process `syz.4.3703'. [ 544.674142][ T5823] IPVS: starting estimator thread 0... [ 544.776382][T19822] IPVS: using max 28 ests per chain, 67200 per kthread [ 544.809473][T19826] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3706'. [ 544.860979][T19826] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3706'. [ 544.870767][T19826] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3706'. [ 544.880008][T19826] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3706'. [ 544.931502][T19826] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3706'. [ 544.948866][T19826] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3706'. [ 544.959026][T19826] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3706'. [ 544.968318][T19826] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3706'. [ 544.978529][T19826] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3706'. [ 545.194938][T19842] Cannot find set identified by id 0 to match [ 545.216787][T19842] tc_dump_action: action bad kind [ 545.592268][T19854] netlink: 'syz.4.3714': attribute type 1 has an invalid length. [ 545.756404][T19854] bond1: (slave gretap1): making interface the new active one [ 545.782616][T19854] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 545.795529][T19865] 0ªX¹¦Dö»: renamed from gretap0 (while UP) [ 545.855203][T19865] 0ªX¹¦Dö»: entered allmulticast mode [ 546.941524][T19914] netlink: 'syz.4.3733': attribute type 12 has an invalid length. [ 546.984579][T19914] netlink: 'syz.4.3733': attribute type 29 has an invalid length. [ 547.696956][T19949] netlink: 'syz.3.3745': attribute type 21 has an invalid length. [ 547.705274][T19949] IPv6: NLM_F_CREATE should be specified when creating new route [ 547.713108][T19949] netlink: 'syz.3.3745': attribute type 1 has an invalid length. [ 548.013799][T19957] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 548.043540][T19957] CPU: 1 UID: 0 PID: 19957 Comm: syz.2.3749 Not tainted syzkaller #0 PREEMPT(full) [ 548.043566][T19957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 548.043578][T19957] Call Trace: [ 548.043585][T19957] [ 548.043593][T19957] dump_stack_lvl+0xe8/0x150 [ 548.043625][T19957] sysfs_warn_dup+0x8e/0xa0 [ 548.043656][T19957] sysfs_do_create_link_sd+0xc0/0x110 [ 548.043678][T19957] device_add_class_symlinks+0x1cf/0x240 [ 548.043707][T19957] device_add+0x467/0xb80 [ 548.043733][T19957] wiphy_register+0x1fc8/0x2ff0 [ 548.043781][T19957] ? __pfx_wiphy_register+0x10/0x10 [ 548.043818][T19957] ? __pfx_netdev_run_todo+0x10/0x10 [ 548.043842][T19957] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 548.043873][T19957] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 548.043907][T19957] ieee80211_register_hw+0x3d3d/0x4a50 [ 548.043950][T19957] ? ieee80211_register_hw+0x1961/0x4a50 [ 548.044004][T19957] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 548.044036][T19957] ? __asan_memset+0x22/0x50 [ 548.044061][T19957] ? __hrtimer_setup+0x1b7/0x260 [ 548.044084][T19957] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 548.044107][T19957] mac80211_hwsim_new_radio+0x3238/0x5680 [ 548.044153][T19957] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 548.044170][T19957] ? kstrndup+0xbd/0x160 [ 548.044196][T19957] ? kstrndup+0xbd/0x160 [ 548.044218][T19957] hwsim_new_radio_nl+0xd8b/0xf90 [ 548.044264][T19957] genl_family_rcv_msg_doit+0x233/0x340 [ 548.044298][T19957] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 548.044341][T19957] ? bpf_lsm_capable+0x9/0x20 [ 548.044358][T19957] ? security_capable+0x7e/0x2c0 [ 548.044386][T19957] genl_rcv_msg+0x614/0x7a0 [ 548.044422][T19957] ? __pfx_genl_rcv_msg+0x10/0x10 [ 548.044449][T19957] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 548.044480][T19957] ? __pfx_ref_tracker_free+0x10/0x10 [ 548.044518][T19957] netlink_rcv_skb+0x226/0x4a0 [ 548.044542][T19957] ? __pfx_genl_rcv_msg+0x10/0x10 [ 548.044572][T19957] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 548.044612][T19957] ? down_read+0x2be/0x330 [ 548.044637][T19957] genl_rcv+0x28/0x40 [ 548.044661][T19957] netlink_unicast+0x7bb/0x940 [ 548.044692][T19957] netlink_sendmsg+0x813/0xb40 [ 548.044724][T19957] ? __pfx_netlink_sendmsg+0x10/0x10 [ 548.044750][T19957] ? aa_sock_msg_perm+0xf1/0x1b0 [ 548.044779][T19957] ? __pfx_netlink_sendmsg+0x10/0x10 [ 548.044809][T19957] sock_sendmsg_nosec+0x13a/0x180 [ 548.044837][T19957] ____sys_sendmsg+0x54e/0x850 [ 548.044865][T19957] ? __pfx_____sys_sendmsg+0x10/0x10 [ 548.044898][T19957] ? import_iovec+0x73/0xa0 [ 548.044925][T19957] ___sys_sendmsg+0x2a5/0x360 [ 548.044945][T19957] ? __lock_acquire+0x683/0x2cf0 [ 548.044970][T19957] ? __pfx____sys_sendmsg+0x10/0x10 [ 548.044996][T19957] ? futex_wait+0x2a2/0x390 [ 548.045061][T19957] ? __fget_files+0x2a/0x420 [ 548.045080][T19957] ? __fget_files+0x3a2/0x420 [ 548.045111][T19957] __x64_sys_sendmsg+0x1b1/0x290 [ 548.045137][T19957] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 548.045181][T19957] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.045202][T19957] do_syscall_64+0x174/0x580 [ 548.045220][T19957] ? trace_irq_disable+0x3b/0x140 [ 548.045239][T19957] ? clear_bhb_loop+0x40/0x90 [ 548.045264][T19957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.045283][T19957] RIP: 0033:0x7fb73dd9ce59 [ 548.045301][T19957] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 548.045318][T19957] RSP: 002b:00007fb73ec36028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 548.045337][T19957] RAX: ffffffffffffffda RBX: 00007fb73e015fa0 RCX: 00007fb73dd9ce59 [ 548.045350][T19957] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 548.045362][T19957] RBP: 00007fb73de32e6f R08: 0000000000000000 R09: 0000000000000000 [ 548.045374][T19957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 548.045384][T19957] R13: 00007fb73e016038 R14: 00007fb73e015fa0 R15: 00007ffef599a088 [ 548.045417][T19957] [ 548.792989][T19976] openvswitch: netlink: Duplicate or invalid key (type 0). [ 548.800327][T19976] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 549.553131][T20007] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 549.559625][T20005] siw: device registration error -23 [ 549.561082][T20007] CPU: 1 UID: 0 PID: 20007 Comm: syz.2.3762 Not tainted syzkaller #0 PREEMPT(full) [ 549.561106][T20007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 549.561116][T20007] Call Trace: [ 549.561123][T20007] [ 549.561131][T20007] dump_stack_lvl+0xe8/0x150 [ 549.561164][T20007] sysfs_warn_dup+0x8e/0xa0 [ 549.561196][T20007] sysfs_do_create_link_sd+0xc0/0x110 [ 549.561218][T20007] device_add_class_symlinks+0x1cf/0x240 [ 549.561247][T20007] device_add+0x467/0xb80 [ 549.561273][T20007] wiphy_register+0x1fc8/0x2ff0 [ 549.561332][T20007] ? __pfx_wiphy_register+0x10/0x10 [ 549.561359][T20007] ? __pfx_netdev_run_todo+0x10/0x10 [ 549.561391][T20007] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 549.561430][T20007] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 549.561471][T20007] ieee80211_register_hw+0x3d3d/0x4a50 [ 549.561524][T20007] ? ieee80211_register_hw+0x1961/0x4a50 [ 549.561589][T20007] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 549.561622][T20007] ? __asan_memset+0x22/0x50 [ 549.561650][T20007] ? __hrtimer_setup+0x1b7/0x260 [ 549.561673][T20007] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 549.561703][T20007] mac80211_hwsim_new_radio+0x3238/0x5680 [ 549.561753][T20007] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 549.561771][T20007] ? kstrndup+0xbd/0x160 [ 549.561796][T20007] ? kstrndup+0xbd/0x160 [ 549.561818][T20007] hwsim_new_radio_nl+0xd8b/0xf90 [ 549.561864][T20007] genl_family_rcv_msg_doit+0x233/0x340 [ 549.561899][T20007] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 549.561940][T20007] ? bpf_lsm_capable+0x9/0x20 [ 549.561957][T20007] ? security_capable+0x7e/0x2c0 [ 549.561994][T20007] genl_rcv_msg+0x614/0x7a0 [ 549.562028][T20007] ? __pfx_genl_rcv_msg+0x10/0x10 [ 549.562053][T20007] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 549.562083][T20007] ? __pfx_ref_tracker_free+0x10/0x10 [ 549.562122][T20007] netlink_rcv_skb+0x226/0x4a0 [ 549.562145][T20007] ? __pfx_genl_rcv_msg+0x10/0x10 [ 549.562173][T20007] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 549.562210][T20007] ? down_read+0x2be/0x330 [ 549.562234][T20007] genl_rcv+0x28/0x40 [ 549.562258][T20007] netlink_unicast+0x7bb/0x940 [ 549.562289][T20007] netlink_sendmsg+0x813/0xb40 [ 549.562321][T20007] ? __pfx_netlink_sendmsg+0x10/0x10 [ 549.562348][T20007] ? aa_sock_msg_perm+0xf1/0x1b0 [ 549.562377][T20007] ? __pfx_netlink_sendmsg+0x10/0x10 [ 549.562396][T20007] sock_sendmsg_nosec+0x13a/0x180 [ 549.562426][T20007] ____sys_sendmsg+0x54e/0x850 [ 549.562452][T20007] ? __pfx_____sys_sendmsg+0x10/0x10 [ 549.562482][T20007] ? import_iovec+0x73/0xa0 [ 549.562506][T20007] ___sys_sendmsg+0x2a5/0x360 [ 549.562525][T20007] ? __lock_acquire+0x683/0x2cf0 [ 549.562550][T20007] ? __pfx____sys_sendmsg+0x10/0x10 [ 549.562575][T20007] ? futex_wait+0x2a2/0x390 [ 549.562633][T20007] ? __fget_files+0x2a/0x420 [ 549.562650][T20007] ? __fget_files+0x3a2/0x420 [ 549.562680][T20007] __x64_sys_sendmsg+0x1b1/0x290 [ 549.562704][T20007] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 549.562744][T20007] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.562765][T20007] do_syscall_64+0x174/0x580 [ 549.562782][T20007] ? trace_irq_disable+0x3b/0x140 [ 549.562799][T20007] ? clear_bhb_loop+0x40/0x90 [ 549.562823][T20007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.562842][T20007] RIP: 0033:0x7fb73dd9ce59 [ 549.562861][T20007] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 549.562877][T20007] RSP: 002b:00007fb73ec36028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 549.562897][T20007] RAX: ffffffffffffffda RBX: 00007fb73e015fa0 RCX: 00007fb73dd9ce59 [ 549.562916][T20007] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 549.562928][T20007] RBP: 00007fb73de32e6f R08: 0000000000000000 R09: 0000000000000000 [ 549.562940][T20007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 549.562952][T20007] R13: 00007fb73e016038 R14: 00007fb73e015fa0 R15: 00007ffef599a088 [ 549.562991][T20007] [ 549.923047][T20013] __nla_validate_parse: 134 callbacks suppressed [ 549.923067][T20013] netlink: 84 bytes leftover after parsing attributes in process `syz.1.3763'. [ 550.004433][T19984] openvswitch: netlink: Tunnel attr 768 out of range max 16 [ 550.031540][T20010] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3763'. [ 550.092476][T20015] bond1 (unregistering): Released all slaves [ 550.479697][T20029] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3768'. [ 550.495789][T20026] netlink: 'syz.3.3766': attribute type 49 has an invalid length. [ 550.601830][T20036] geneve2: entered promiscuous mode [ 550.663574][ T59] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 38790 - 0 [ 550.682609][T20038] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3770'. [ 550.697822][T20038] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3770'. [ 550.706703][T20038] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3770'. [ 550.715598][ T59] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 38790 - 0 [ 550.716577][T20044] xt_TPROXY: Can be used only with -p tcp or -p udp [ 550.771468][T20038] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3770'. [ 550.934063][ T59] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 38790 - 0 [ 550.943362][ T59] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 38790 - 0 [ 550.973085][T20052] sysfs: cannot create duplicate filename '/class/ieee80211/1ùà^!' [ 550.981076][T20052] CPU: 0 UID: 0 PID: 20052 Comm: syz.1.3774 Not tainted syzkaller #0 PREEMPT(full) [ 550.981093][T20052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 550.981100][T20052] Call Trace: [ 550.981105][T20052] [ 550.981110][T20052] dump_stack_lvl+0xe8/0x150 [ 550.981130][T20052] sysfs_warn_dup+0x8e/0xa0 [ 550.981148][T20052] sysfs_do_create_link_sd+0xc0/0x110 [ 550.981160][T20052] device_add_class_symlinks+0x1cf/0x240 [ 550.981177][T20052] device_add+0x467/0xb80 [ 550.981191][T20052] wiphy_register+0x1fc8/0x2ff0 [ 550.981217][T20052] ? __pfx_wiphy_register+0x10/0x10 [ 550.981231][T20052] ? __pfx_netdev_run_todo+0x10/0x10 [ 550.981246][T20052] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 550.981262][T20052] ? ieee80211_init_rate_ctrl_alg+0x55d/0x5d0 [ 550.981280][T20052] ieee80211_register_hw+0x3d3d/0x4a50 [ 550.981304][T20052] ? ieee80211_register_hw+0x1961/0x4a50 [ 550.981333][T20052] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 550.981351][T20052] ? __asan_memset+0x22/0x50 [ 550.981366][T20052] ? __hrtimer_setup+0x1b7/0x260 [ 550.981379][T20052] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 550.981391][T20052] mac80211_hwsim_new_radio+0x3238/0x5680 [ 550.981418][T20052] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 550.981427][T20052] ? kstrndup+0xbd/0x160 [ 550.981441][T20052] ? kstrndup+0xbd/0x160 [ 550.981452][T20052] hwsim_new_radio_nl+0xd8b/0xf90 [ 550.981476][T20052] genl_family_rcv_msg_doit+0x233/0x340 [ 550.981497][T20052] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 550.981519][T20052] ? bpf_lsm_capable+0x9/0x20 [ 550.981528][T20052] ? security_capable+0x7e/0x2c0 [ 550.981544][T20052] genl_rcv_msg+0x614/0x7a0 [ 550.981562][T20052] ? __pfx_genl_rcv_msg+0x10/0x10 [ 550.981575][T20052] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 550.981592][T20052] ? __pfx_ref_tracker_free+0x10/0x10 [ 550.981612][T20052] netlink_rcv_skb+0x226/0x4a0 [ 550.981625][T20052] ? __pfx_genl_rcv_msg+0x10/0x10 [ 550.981639][T20052] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 550.981659][T20052] ? down_read+0x2be/0x330 [ 550.981672][T20052] genl_rcv+0x28/0x40 [ 550.981685][T20052] netlink_unicast+0x7bb/0x940 [ 550.981702][T20052] netlink_sendmsg+0x813/0xb40 [ 550.981719][T20052] ? __pfx_netlink_sendmsg+0x10/0x10 [ 550.981733][T20052] ? aa_sock_msg_perm+0xf1/0x1b0 [ 550.981748][T20052] ? __pfx_netlink_sendmsg+0x10/0x10 [ 550.981759][T20052] sock_sendmsg_nosec+0x13a/0x180 [ 550.981775][T20052] ____sys_sendmsg+0x54e/0x850 [ 550.981790][T20052] ? __pfx_____sys_sendmsg+0x10/0x10 [ 550.981806][T20052] ? import_iovec+0x73/0xa0 [ 550.981819][T20052] ___sys_sendmsg+0x2a5/0x360 [ 550.981829][T20052] ? __lock_acquire+0x683/0x2cf0 [ 550.981843][T20052] ? __pfx____sys_sendmsg+0x10/0x10 [ 550.981856][T20052] ? futex_wait+0x2a2/0x390 [ 550.981894][T20052] ? __fget_files+0x2a/0x420 [ 550.981905][T20052] ? __fget_files+0x3a2/0x420 [ 550.981921][T20052] __x64_sys_sendmsg+0x1b1/0x290 [ 550.981934][T20052] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 550.981956][T20052] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.981968][T20052] do_syscall_64+0x174/0x580 [ 550.981977][T20052] ? trace_irq_disable+0x3b/0x140 [ 550.981987][T20052] ? clear_bhb_loop+0x40/0x90 [ 550.982000][T20052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.982010][T20052] RIP: 0033:0x7f4e0999ce59 [ 550.982021][T20052] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 550.982030][T20052] RSP: 002b:00007f4e0a7b8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 550.982042][T20052] RAX: ffffffffffffffda RBX: 00007f4e09c15fa0 RCX: 00007f4e0999ce59 [ 550.982050][T20052] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 550.982056][T20052] RBP: 00007f4e09a32e6f R08: 0000000000000000 R09: 0000000000000000 [ 550.982062][T20052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 550.982068][T20052] R13: 00007f4e09c16038 R14: 00007f4e09c15fa0 R15: 00007ffe396aaae8 [ 550.982086][T20052] [ 551.463151][T20055] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3775'. [ 551.894685][T20063] bridge0: port 2(bridge_slave_1) entered disabled state [ 552.055180][T20071] gretap0: entered promiscuous mode [ 552.069632][T20070] gretap0: left promiscuous mode [ 552.149055][T20074] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3782'. [ 552.157950][T20074] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3782'. [ 552.386819][T20088] netlink: 'syz.0.3786': attribute type 30 has an invalid length. [ 552.537674][T20088] bond1: option arp_missed_max: invalid value (0) [ 552.544394][T20088] bond1: option arp_missed_max: allowed values 1 - 255 [ 552.561871][T20088] bond1 (unregistering): Released all slaves [ 552.597227][T20090] debugfs: '1ùà^!' already exists in 'ieee80211' [ 552.796317][T20098] ip6t_srh: unknown srh invflags 4000 [ 553.005817][T20108] netlink: 'syz.2.3792': attribute type 2 has an invalid length. [ 553.039944][T20108] netlink: 'syz.2.3792': attribute type 2 has an invalid length. [ 553.325773][T20121] netlink: 'syz.3.3791': attribute type 10 has an invalid length. [ 553.606058][T20132] netlink: 'syz.1.3797': attribute type 1 has an invalid length. [ 553.711784][T20132] sch_tbf: burst 823 is lower than device syzkaller0 mtu (1514) ! [ 553.757195][T20132] syzkaller0: entered promiscuous mode [ 553.762707][T20132] syzkaller0: entered allmulticast mode [ 553.914374][T20141] netlink: 'syz.3.3801': attribute type 1 has an invalid length. [ 554.015253][T20141] 8021q: adding VLAN 0 to HW filter on device bond2 [ 554.143567][T20141] bond2: (slave geneve2): making interface the new active one [ 554.153330][T20141] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 554.591265][T20173] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 554.951503][T20168] __nla_validate_parse: 8 callbacks suppressed [ 554.951525][T20168] netlink: 2 bytes leftover after parsing attributes in process `syz.4.3809'. [ 555.170326][T20168] nbd4: detected capacity change from 0 to 63 [ 555.205381][ T4944] block nbd4: Receive control failed (result -32) [ 555.207469][ T5637] block nbd4: Receive control failed (result -32) [ 555.221846][ T4958] block nbd4: Dead connection, failed to find a fallback [ 555.229992][ T4958] block nbd4: shutting down sockets [ 555.230378][ T4958] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 555.230968][ T4958] Buffer I/O error on dev nbd4, logical block 0, async page read [ 555.233129][ T4958] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 555.267755][ T4958] Buffer I/O error on dev nbd4, logical block 1, async page read [ 555.277640][ T4958] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x0 phys_seg 2 prio class 2 [ 555.286841][ T4958] Buffer I/O error on dev nbd4, logical block 2, async page read [ 555.294890][ T4958] Buffer I/O error on dev nbd4, logical block 3, async page read [ 555.308123][ T4958] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2 [ 555.317417][ T4958] Buffer I/O error on dev nbd4, logical block 0, async page read [ 555.325214][ T4958] Buffer I/O error on dev nbd4, logical block 1, async page read [ 555.333190][ T4958] Buffer I/O error on dev nbd4, logical block 2, async page read [ 555.341688][ T4958] Buffer I/O error on dev nbd4, logical block 3, async page read [ 555.349910][ T4958] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2 [ 555.360038][ T4958] Buffer I/O error on dev nbd4, logical block 0, async page read [ 555.369223][ T4958] Buffer I/O error on dev nbd4, logical block 1, async page read [ 555.377481][ T4958] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2 [ 555.387061][ T4958] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2 [ 555.397139][ T4958] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2 [ 555.406758][ T4958] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 4 prio class 2 [ 555.416331][ T4958] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 555.429339][T17291] ldm_validate_partition_table(): Disk read failed. [ 555.456334][T17291] Dev nbd4: unable to read RDB block 0 [ 555.477855][T17291] nbd4: unable to read partition table [ 555.550698][T17291] ldm_validate_partition_table(): Disk read failed. [ 555.594424][T17291] Dev nbd4: unable to read RDB block 0 [ 555.603382][T17291] nbd4: unable to read partition table [ 555.918091][T20204] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3822'. [ 555.944665][ T6680] IPVS: starting estimator thread 0... [ 556.199713][T20220] xt_hashlimit: size too large, truncated to 1048576 [ 556.237193][T20208] IPVS: using max 30 ests per chain, 72000 per kthread [ 556.298435][T20226] netlink: 'syz.4.3828': attribute type 1 has an invalid length. [ 556.462710][T20234] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3828'. [ 556.476594][T20227] netlink: 'syz.1.3827': attribute type 11 has an invalid length. [ 556.485304][T20227] netlink: 'syz.1.3827': attribute type 4 has an invalid length. [ 556.511086][T20227] netlink: 92 bytes leftover after parsing attributes in process `syz.1.3827'. [ 556.521309][T20226] netlink: 'syz.4.3828': attribute type 1 has an invalid length. [ 556.529070][T20226] netlink: 'syz.4.3828': attribute type 3 has an invalid length. [ 556.536801][T20226] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3828'. [ 556.641453][T20226] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3828'. [ 556.952478][T20244] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3833'. [ 557.064052][ T30] audit: type=1107 audit(1782599204.586:4): pid=20251 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 557.225018][T20257] bridge1: entered promiscuous mode [ 557.353033][T20264] xt_hashlimit: size too large, truncated to 1048576 [ 557.370365][T20267] xt_l2tp: v2 sid > 0xffff: 1114112 [ 557.380123][T20268] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3839'. [ 557.409744][T20257] bridge1: entered allmulticast mode [ 557.420464][T20262] netlink: 'syz.3.3840': attribute type 1 has an invalid length. [ 557.815459][T20279] erspan0: entered promiscuous mode [ 557.823633][T20279] vlan2: entered promiscuous mode [ 558.155360][T20301] xt_l2tp: unknown flags: 10 [ 559.428001][T20350] netlink: 84 bytes leftover after parsing attributes in process `syz.3.3865'. [ 559.942660][T20369] 8021q: VLANs not supported on sit0 [ 560.089318][T20373] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3871'. [ 560.532504][T20386] xt_nat: multiple ranges no longer supported [ 560.654266][T20393] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3877'. [ 560.903384][T20398] syzkaller0: entered promiscuous mode [ 560.908899][T20398] syzkaller0: entered allmulticast mode [ 561.274189][T20415] netlink: 'syz.3.3884': attribute type 1 has an invalid length. [ 561.357791][T20415] 8021q: adding VLAN 0 to HW filter on device bond3 [ 561.547328][T20431] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3889'. [ 561.640611][T20431] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3889'. [ 561.757898][T20438] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3890'. [ 562.101264][T20445] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3893'. [ 562.174161][T20453] bridge_slave_1: left allmulticast mode [ 562.187108][T20453] bridge_slave_1: left promiscuous mode [ 562.193176][T20453] bridge0: port 2(bridge_slave_1) entered disabled state [ 562.252170][T20453] bridge_slave_0: left allmulticast mode [ 562.271008][T20453] bridge_slave_0: left promiscuous mode [ 562.294643][T20453] bridge0: port 1(bridge_slave_0) entered disabled state [ 562.619524][T20471] netlink: 'syz.0.3901': attribute type 8 has an invalid length. [ 562.882061][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 564.438105][T20424] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 564.686213][T20478] netlink: 'syz.3.3907': attribute type 13 has an invalid length. [ 564.696028][T20485] lo: entered promiscuous mode [ 564.731146][T20485] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 564.744869][T20486] netlink: 'syz.1.3906': attribute type 2 has an invalid length. [ 564.766846][T20478] veth1_macvtap: left promiscuous mode [ 564.772359][T20478] macsec0: entered allmulticast mode [ 564.779675][T20486] netlink: 'syz.1.3906': attribute type 2 has an invalid length. [ 564.787422][T20486] netlink: 67 bytes leftover after parsing attributes in process `syz.1.3906'. [ 564.913324][T20488] can: request_module (can-proto-0) failed. [ 564.951785][T20496] sctp: [Deprecated]: syz.0.3910 (pid 20496) Use of int in max_burst socket option. [ 564.951785][T20496] Use struct sctp_assoc_value instead [ 565.004804][T20497] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3906'. [ 565.273492][T20514] netlink: 'syz.0.3913': attribute type 1 has an invalid length. [ 565.368709][T20519] netlink: 108 bytes leftover after parsing attributes in process `syz.3.3915'. [ 565.375246][T20514] 8021q: adding VLAN 0 to HW filter on device bond1 [ 565.433472][T20521] syzkaller0: entered promiscuous mode [ 565.439006][T20521] syzkaller0: entered allmulticast mode [ 565.459952][T20521] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3917'. [ 565.535905][T20514] bond1: (slave gretap1): making interface the new active one [ 565.546295][T20514] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 565.594602][T20514] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 565.902578][T20541] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3922'. [ 566.194485][T20554] netlink: 'syz.2.3925': attribute type 10 has an invalid length. [ 566.764045][T20583] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3935'. [ 566.976415][T20586] lo speed is unknown, defaulting to 1000 [ 566.983878][T20586] xfrm0 speed is unknown, defaulting to 1000 [ 567.250833][T20597] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3937'. [ 567.272243][T20581] lo speed is unknown, defaulting to 1000 [ 567.307606][T20603] bridge18: entered allmulticast mode [ 567.577265][T20586] lo speed is unknown, defaulting to 1000 [ 567.577746][T20581] xfrm0 speed is unknown, defaulting to 1000 [ 568.183646][T20631] can: request_module (can-proto-0) failed. [ 568.329516][T20631] batman_adv: batadv0: Adding interface: dummy0 [ 568.335815][T20631] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 568.361014][T20631] batman_adv: batadv0: Interface activated: dummy0 [ 568.371524][T20643] netlink: 'syz.4.3949': attribute type 1 has an invalid length. [ 568.503146][T20640] batadv0: mtu less than device minimum [ 568.517307][T20640] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 568.529883][T20640] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 568.541569][T20640] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 568.553314][T20640] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 568.564931][T20640] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 568.576650][T20640] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 568.588435][T20640] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 568.612528][T20640] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 568.648989][T20581] lo speed is unknown, defaulting to 1000 [ 568.711038][T20643] 8021q: adding VLAN 0 to HW filter on device bond4 [ 568.808333][T20644] bond4: (slave syz_tun): Enslaving as a backup interface with an up link [ 568.992867][T20662] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3954'. [ 569.113120][T20662] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3954'. [ 569.122022][T20662] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3954'. [ 570.035869][T18367] Bluetooth: hci5: command 0x0406 tx timeout [ 570.985105][T20709] bridge0: port 1(bridge_slave_0) entered disabled state [ 571.148106][T20709] batman_adv: batadv0: Interface deactivated: dummy0 [ 571.180255][T20709] batman_adv: batadv0: Removing interface: dummy0 [ 571.738351][T20709] bridge_slave_0: left allmulticast mode [ 571.744337][T20709] bridge_slave_0: left promiscuous mode [ 571.757535][T20709] bridge0: port 1(bridge_slave_0) entered disabled state [ 571.784319][T20709] bridge_slave_1: left promiscuous mode [ 571.797012][T20709] bridge0: port 2(bridge_slave_1) entered disabled state [ 571.883376][T20709] bond0: (slave bond_slave_1): Releasing backup interface [ 571.926319][T20709] team0: Port device team_slave_0 removed [ 571.954109][T20709] team0: Port device team_slave_1 removed [ 571.970075][T20709] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 571.987771][T20709] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 572.003147][T20709] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 572.019914][T20709] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 572.050033][T20709] net_ratelimit: 11 callbacks suppressed [ 572.050138][T20709] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 572.218003][T20715] syzkaller0: entered promiscuous mode [ 572.231901][T20715] syzkaller0: entered allmulticast mode [ 575.664825][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 576.583144][T20803] netlink: 11 bytes leftover after parsing attributes in process `syz.0.3975'. [ 576.778325][T20809] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3977'. [ 577.366089][T20845] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3983'. [ 577.413118][T20845] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 577.420374][T20845] IPv6: NLM_F_CREATE should be set when creating new route [ 577.757042][T20871] xt_connbytes: Forcing CT accounting to be enabled [ 577.796781][T20871] xt_bpf: check failed: parse error [ 578.152510][T20892] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3990'. [ 578.168223][T20890] xt_ecn: cannot match TCP bits for non-tcp packets [ 578.510764][T20890] netlink: 'syz.0.3991': attribute type 1 has an invalid length. [ 578.645225][T20890] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3991'. [ 578.765409][T20916] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3991'. [ 578.876084][T20881] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3991'. [ 578.886529][T20881] x_tables: duplicate underflow at hook 1 [ 579.200409][T20940] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 580.953439][ T5637] block nbd5: Receive control failed (result -32) [ 581.343379][T21005] xt_hashlimit: size too large, truncated to 1048576 [ 581.400208][T21005] RDS: rds_bind could not find a transport for 400:0:1200:0:1030:0:ffff:ffff, load rds_tcp or rds_rdma? [ 581.458447][T21003] ip6gre1: entered promiscuous mode [ 582.133590][T21029] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4021'. [ 582.173775][T21029] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4021'. [ 582.333089][T21035] block nbd3: reconnected socket [ 582.391983][ T5637] block nbd3: Receive control failed (result -32) [ 582.431859][T21042] netlink: 'syz.2.4027': attribute type 10 has an invalid length. [ 582.512394][T21042] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 582.519853][T21042] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 582.534361][T21042] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 582.541774][T21042] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 582.657359][T21052] pimreg: entered allmulticast mode [ 582.675755][T21057] x_tables: duplicate entry at hook 3 [ 582.725286][T21058] x_tables: duplicate entry at hook 3 [ 582.731173][T21057] netlink: 80 bytes leftover after parsing attributes in process `syz.0.4031'. [ 582.742229][T21058] netlink: 80 bytes leftover after parsing attributes in process `syz.0.4031'. [ 583.445242][T21099] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1303 [ 583.618326][T21110] netlink: 'syz.4.4044': attribute type 1 has an invalid length. [ 583.628713][T21110] netlink: 224 bytes leftover after parsing attributes in process `syz.4.4044'. [ 583.800054][T21119] netlink: 168 bytes leftover after parsing attributes in process `syz.4.4048'. [ 583.874050][T21122] netlink: 'syz.4.4050': attribute type 1 has an invalid length. [ 584.052964][T21131] netlink: 'syz.0.4051': attribute type 3 has an invalid length. [ 584.071448][T21131] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4051'. [ 584.073743][T21133] geneve2: entered promiscuous mode [ 584.107752][T21133] geneve2: entered allmulticast mode [ 584.114553][ T59] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 19999 - 0 [ 584.145091][ T59] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 19999 - 0 [ 584.181906][ T59] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 19999 - 0 [ 584.202332][ T59] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 19999 - 0 [ 584.273379][T21136] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 584.281321][T21136] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 584.289244][T21136] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 584.297151][T21136] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 584.305074][T21136] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 584.312979][T21136] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 584.320884][T21136] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 584.328802][T21136] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 584.336713][T21136] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 584.344643][T21136] ICMPv6: RA: ndisc_router_discovery failed to add default route [ 584.508117][T21142] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4055'. [ 584.531278][T21146] netlink: 'syz.3.4056': attribute type 1 has an invalid length. [ 584.665111][T21146] 8021q: adding VLAN 0 to HW filter on device bond4 [ 584.708419][T21146] bond4: (slave geneve3): making interface the new active one [ 584.719765][T21146] bond4: (slave geneve3): Enslaving as an active interface with an up link [ 584.731236][T21146] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4056'. [ 584.755963][T21151] netlink: 52 bytes leftover after parsing attributes in process `syz.1.4057'. [ 588.104819][T21167] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 588.326282][T21201] netlink: 'syz.4.4073': attribute type 12 has an invalid length. [ 588.641666][T21214] __nla_validate_parse: 1 callbacks suppressed [ 588.641683][T21214] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4078'. [ 588.676677][T21214] netlink: 84 bytes leftover after parsing attributes in process `syz.3.4078'. [ 588.685672][T21214] netlink: 84 bytes leftover after parsing attributes in process `syz.3.4078'. [ 588.712799][T21212] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 588.723914][T21221] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 588.728414][T21220] bridge0: port 3(gretap0) entered blocking state [ 588.753665][T21229] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4080'. [ 588.762990][T21220] bridge0: port 3(gretap0) entered disabled state [ 588.763193][T21220] gretap0: entered allmulticast mode [ 588.764836][T21220] gretap0: entered promiscuous mode [ 588.788264][T21220] bridge0: port 3(gretap0) entered blocking state [ 588.794899][T21220] bridge0: port 3(gretap0) entered forwarding state [ 589.021842][T21239] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4082'. [ 589.048431][T21242] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4084'. [ 589.583587][T21270] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4090'. [ 590.198073][T21300] netlink: 'syz.1.4096': attribute type 12 has an invalid length. [ 590.338431][T21304] netlink: 64 bytes leftover after parsing attributes in process `syz.0.4097'. [ 590.407849][T21309] sctp: [Deprecated]: syz.2.4099 (pid 21309) Use of int in max_burst socket option deprecated. [ 590.407849][T21309] Use struct sctp_assoc_value instead [ 590.677536][T21320] veth0_vlan: entered allmulticast mode [ 590.785712][T21320] block nbd0: Unsupported socket: should be TCP or UNIX. [ 590.975650][T21334] netlink: 52 bytes leftover after parsing attributes in process `syz.4.4103'. [ 591.181426][T21345] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4106'. [ 591.209839][T21345] block nbd6: Unsupported socket: should be TCP or UNIX. [ 591.260390][T21352] ieee802154 phy0 wpan0: encryption failed: -90 [ 591.495381][T21369] bond5: entered promiscuous mode [ 592.929457][T21453] netlink: 'syz.2.4135': attribute type 2 has an invalid length. [ 592.948527][T21453] sctp: [Deprecated]: syz.2.4135 (pid 21453) Use of int in max_burst socket option. [ 592.948527][T21453] Use struct sctp_assoc_value instead [ 593.647984][T21488] bridge0: port 1(bridge_slave_0) entered disabled state [ 593.726998][T21488] bridge_slave_0 (unregistering): left allmulticast mode [ 593.761737][T21488] bridge_slave_0 (unregistering): left promiscuous mode [ 593.791178][T21488] bridge0: port 1(bridge_slave_0) entered disabled state [ 593.938674][T21496] __nla_validate_parse: 170 callbacks suppressed [ 593.938692][T21496] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4146'. [ 594.509246][T21532] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4154'. [ 594.656589][T21542] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4156'. [ 594.700441][T21540] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4156'. [ 595.198629][T21573] netlink: 'syz.0.4167': attribute type 1 has an invalid length. [ 595.331438][T21573] bond3: (slave gretap2): making interface the new active one [ 595.337344][T21581] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4169'. [ 595.355383][T21573] bond3: (slave gretap2): Enslaving as an active interface with an up link [ 595.407954][T21585] netlink: 'syz.4.4168': attribute type 12 has an invalid length. [ 595.431314][T21587] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4171'. [ 595.443993][T21585] netlink: 'syz.4.4168': attribute type 29 has an invalid length. [ 595.452023][T21587] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4171'. [ 595.473317][T21585] netlink: 148 bytes leftover after parsing attributes in process `syz.4.4168'. [ 595.486823][T21587] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4171'. [ 595.515840][T21585] netlink: 'syz.4.4168': attribute type 3 has an invalid length. [ 595.523602][T21585] netlink: 'syz.4.4168': attribute type 2 has an invalid length. [ 595.531857][T21585] netlink: 35 bytes leftover after parsing attributes in process `syz.4.4168'. [ 597.224540][T21650] bond2: entered promiscuous mode [ 597.230733][T21650] bond2: entered allmulticast mode [ 597.240215][T21650] 8021q: adding VLAN 0 to HW filter on device bond2 [ 597.654201][T21675] netlink: 'syz.4.4199': attribute type 5 has an invalid length. [ 598.535239][T21720] netlink: 'syz.1.4213': attribute type 4 has an invalid length. [ 598.817963][T21736] syzkaller0: entered promiscuous mode [ 598.852249][T21736] syzkaller0: entered allmulticast mode [ 599.009813][T21749] __nla_validate_parse: 7 callbacks suppressed [ 599.009830][T21749] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4220'. [ 599.015347][T21750] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4219'. [ 599.024951][T21749] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4220'. [ 599.120271][T21749] erspan0: entered promiscuous mode [ 599.130297][T21749] gretap0: entered promiscuous mode [ 599.145202][T21755] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4221'. [ 599.147817][T21759] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4223'. [ 599.169932][T21755] Bluetooth: MGMT ver 1.23 [ 599.310355][T21766] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4226'. [ 599.372021][T21768] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4227'. [ 599.383701][T21768] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4227'. [ 599.392773][T21768] netlink: 60 bytes leftover after parsing attributes in process `syz.2.4227'. [ 599.832995][T21791] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4234'. [ 599.843489][T21791] tipc: Invalid UDP bearer configuration [ 599.843544][T21791] tipc: Enabling of bearer rejected, failed to enable media [ 600.395779][T21818] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 600.416883][T21818] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 600.460673][T21818] bond0 (unregistering): Released all slaves [ 600.623721][T21830] netlink: 'syz.4.4248': attribute type 2 has an invalid length. [ 600.639222][T21832] veth0: entered promiscuous mode [ 601.450127][T21831] veth0: left promiscuous mode [ 602.258809][T21908] [ 602.261161][T21908] ====================================================== [ 602.268187][T21908] WARNING: possible circular locking dependency detected [ 602.275259][T21908] syzkaller #0 Not tainted [ 602.279691][T21908] ------------------------------------------------------ [ 602.286710][T21908] syz.0.4274/21908 is trying to acquire lock: [ 602.292762][T21908] ffff88801be9d180 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_remove+0x44/0x80 [ 602.302067][T21908] [ 602.302067][T21908] but task is already holding lock: [ 602.309436][T21908] ffff88801be9d2a0 (&root->kernfs_supers_rwsem){++++}-{4:4}, at: kernfs_remove+0x35/0x80 [ 602.319292][T21908] [ 602.319292][T21908] which lock already depends on the new lock. [ 602.319292][T21908] [ 602.329714][T21908] [ 602.329714][T21908] the existing dependency chain (in reverse order) is: [ 602.338720][T21908] [ 602.338720][T21908] -> #10 (&root->kernfs_supers_rwsem){++++}-{4:4}: [ 602.347514][T21908] down_read+0x4a/0x330 [ 602.352188][T21908] kernfs_remove_by_name_ns+0x3f/0x140 [ 602.358163][T21908] internal_create_group+0x58e/0x1180 [ 602.364055][T21908] sysfs_update_groups+0x60/0x130 [ 602.369592][T21908] pmu_dev_alloc+0x29b/0x300 [ 602.374695][T21908] perf_event_sysfs_init+0x76/0x100 [ 602.380537][T21908] do_one_initcall+0x250/0x870 [ 602.385815][T21908] do_initcall_level+0x10a/0x1a0 [ 602.391371][T21908] do_initcalls+0x59/0xa0 [ 602.396212][T21908] kernel_init_freeable+0x29d/0x3e0 [ 602.401922][T21908] kernel_init+0x1d/0x1d0 [ 602.406814][T21908] ret_from_fork+0x514/0xb70 [ 602.411943][T21908] ret_from_fork_asm+0x1a/0x30 [ 602.417216][T21908] [ 602.417216][T21908] -> #9 (pmus_lock){+.+.}-{4:4}: [ 602.424330][T21908] __mutex_lock+0x19d/0x1550 [ 602.429430][T21908] perf_event_init_cpu+0x1d1/0x7a0 [ 602.435056][T21908] cpuhp_invoke_callback+0x434/0x810 [ 602.440877][T21908] cpuhp_thread_fun+0x362/0x780 [ 602.446239][T21908] smpboot_thread_fn+0x57c/0xa80 [ 602.451694][T21908] kthread+0x388/0x470 [ 602.456272][T21908] ret_from_fork+0x514/0xb70 [ 602.461376][T21908] ret_from_fork_asm+0x1a/0x30 [ 602.466697][T21908] [ 602.466697][T21908] -> #8 (cpuhp_state-up){+.+.}-{0:0}: [ 602.474249][T21908] cpuhp_thread_fun+0x127/0x780 [ 602.479612][T21908] smpboot_thread_fn+0x57c/0xa80 [ 602.485066][T21908] kthread+0x388/0x470 [ 602.489646][T21908] ret_from_fork+0x514/0xb70 [ 602.494746][T21908] ret_from_fork_asm+0x1a/0x30 [ 602.500020][T21908] [ 602.500020][T21908] -> #7 (cpu_hotplug_lock){++++}-{0:0}: [ 602.507746][T21908] cpus_read_lock+0x42/0x160 [ 602.512851][T21908] static_key_slow_inc+0x12/0x30 [ 602.518299][T21908] nbd_genl_reconfigure+0x1301/0x1e80 [ 602.524224][T21908] genl_family_rcv_msg_doit+0x233/0x340 [ 602.530285][T21908] genl_rcv_msg+0x614/0x7a0 [ 602.535303][T21908] netlink_rcv_skb+0x226/0x4a0 [ 602.540578][T21908] genl_rcv+0x28/0x40 [ 602.545076][T21908] netlink_unicast+0x7bb/0x940 [ 602.550349][T21908] netlink_sendmsg+0x813/0xb40 [ 602.555623][T21908] sock_sendmsg_nosec+0x13a/0x180 [ 602.561255][T21908] ____sys_sendmsg+0x54e/0x850 [ 602.566538][T21908] ___sys_sendmsg+0x2a5/0x360 [ 602.571749][T21908] __x64_sys_sendmsg+0x1b1/0x290 [ 602.577197][T21908] do_syscall_64+0x174/0x580 [ 602.582300][T21908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.588707][T21908] [ 602.588707][T21908] -> #6 (&nsock->tx_lock){+.+.}-{4:4}: [ 602.596345][T21908] __mutex_lock+0x19d/0x1550 [ 602.601449][T21908] nbd_queue_rq+0x373/0x1150 [ 602.606552][T21908] blk_mq_dispatch_rq_list+0x499/0x1990 [ 602.612708][T21908] __blk_mq_sched_dispatch_requests+0xd36/0x1580 [ 602.619589][T21908] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 602.626096][T21908] blk_mq_run_work_fn+0x16c/0x300 [ 602.631652][T21908] process_scheduled_works+0xa8e/0x14e0 [ 602.637733][T21908] worker_thread+0xa47/0xfb0 [ 602.642851][T21908] kthread+0x388/0x470 [ 602.647428][T21908] ret_from_fork+0x514/0xb70 [ 602.652549][T21908] ret_from_fork_asm+0x1a/0x30 [ 602.657850][T21908] [ 602.657850][T21908] -> #5 (&cmd->lock){+.+.}-{4:4}: [ 602.665059][T21908] __mutex_lock+0x19d/0x1550 [ 602.670199][T21908] nbd_queue_rq+0xc1/0x1150 [ 602.675220][T21908] blk_mq_dispatch_rq_list+0x499/0x1990 [ 602.681282][T21908] __blk_mq_sched_dispatch_requests+0xd36/0x1580 [ 602.688124][T21908] blk_mq_sched_dispatch_requests+0xd7/0x190 [ 602.694614][T21908] blk_mq_run_work_fn+0x16c/0x300 [ 602.700147][T21908] process_scheduled_works+0xa8e/0x14e0 [ 602.706212][T21908] worker_thread+0xa47/0xfb0 [ 602.711316][T21908] kthread+0x388/0x470 [ 602.715891][T21908] ret_from_fork+0x514/0xb70 [ 602.721002][T21908] ret_from_fork_asm+0x1a/0x30 [ 602.726273][T21908] [ 602.726273][T21908] -> #4 (set->srcu){.+.+}-{0:0}: [ 602.733388][T21908] __synchronize_srcu+0xc9/0x2f0 [ 602.738876][T21908] elevator_switch+0x1e8/0x7b0 [ 602.744240][T21908] elevator_change+0x2fa/0x480 [ 602.749521][T21908] elevator_set_default+0x375/0x440 [ 602.755240][T21908] blk_register_queue+0x3f3/0x4e0 [ 602.760846][T21908] __add_disk+0x6cb/0xe30 [ 602.765720][T21908] add_disk_fwnode+0xfb/0x4b0 [ 602.770923][T21908] nbd_dev_add+0x733/0xb60 [ 602.775856][T21908] nbd_init+0x15f/0x1e0 [ 602.780643][T21908] do_one_initcall+0x250/0x870 [ 602.785931][T21908] do_initcall_level+0x10a/0x1a0 [ 602.791378][T21908] do_initcalls+0x59/0xa0 [ 602.796215][T21908] kernel_init_freeable+0x29d/0x3e0 [ 602.801925][T21908] kernel_init+0x1d/0x1d0 [ 602.806767][T21908] ret_from_fork+0x514/0xb70 [ 602.811868][T21908] ret_from_fork_asm+0x1a/0x30 [ 602.817143][T21908] [ 602.817143][T21908] -> #3 (&q->elevator_lock){+.+.}-{4:4}: [ 602.824958][T21908] __mutex_lock+0x19d/0x1550 [ 602.830052][T21908] elevator_change+0x1af/0x480 [ 602.835329][T21908] elevator_set_none+0xb5/0x140 [ 602.840693][T21908] blk_mq_update_nr_hw_queues+0x5ef/0x19f0 [ 602.847011][T21908] nbd_start_device+0x189/0xb30 [ 602.852369][T21908] nbd_genl_connect+0x1597/0x1c10 [ 602.857903][T21908] genl_family_rcv_msg_doit+0x233/0x340 [ 602.863968][T21908] genl_rcv_msg+0x614/0x7a0 [ 602.868985][T21908] netlink_rcv_skb+0x226/0x4a0 [ 602.874267][T21908] genl_rcv+0x28/0x40 [ 602.878765][T21908] netlink_unicast+0x7bb/0x940 [ 602.884035][T21908] netlink_sendmsg+0x813/0xb40 [ 602.889307][T21908] sock_sendmsg_nosec+0x13a/0x180 [ 602.894842][T21908] ____sys_sendmsg+0x54e/0x850 [ 602.900112][T21908] ___sys_sendmsg+0x2a5/0x360 [ 602.905303][T21908] __x64_sys_sendmsg+0x1b1/0x290 [ 602.910746][T21908] do_syscall_64+0x174/0x580 [ 602.915847][T21908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.922256][T21908] [ 602.922256][T21908] -> #2 (&q->q_usage_counter(io)#53){++++}-{0:0}: [ 602.930892][T21908] blk_alloc_queue+0x544/0x690 [ 602.936179][T21908] __blk_mq_alloc_disk+0x194/0x390 [ 602.941799][T21908] nbd_dev_add+0x494/0xb60 [ 602.946723][T21908] nbd_init+0x15f/0x1e0 [ 602.951398][T21908] do_one_initcall+0x250/0x870 [ 602.956762][T21908] do_initcall_level+0x10a/0x1a0 [ 602.962210][T21908] do_initcalls+0x59/0xa0 [ 602.967054][T21908] kernel_init_freeable+0x29d/0x3e0 [ 602.972783][T21908] kernel_init+0x1d/0x1d0 [ 602.977624][T21908] ret_from_fork+0x514/0xb70 [ 602.982724][T21908] ret_from_fork_asm+0x1a/0x30 [ 602.987998][T21908] [ 602.987998][T21908] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 602.995196][T21908] fs_reclaim_acquire+0x71/0x100 [ 603.000643][T21908] kmem_cache_alloc_lru_noprof+0x65/0x5f0 [ 603.006877][T21908] alloc_inode+0xb8/0x1b0 [ 603.011731][T21908] iget_locked+0x131/0x6a0 [ 603.016673][T21908] kernfs_get_inode+0x4f/0x770 [ 603.021963][T21908] kernfs_get_tree+0x5cd/0x980 [ 603.027246][T21908] vfs_get_tree+0x92/0x2a0 [ 603.032175][T21908] do_new_mount+0x319/0xdc0 [ 603.037191][T21908] __se_sys_mount+0x31d/0x420 [ 603.042371][T21908] do_syscall_64+0x174/0x580 [ 603.047476][T21908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.053877][T21908] [ 603.053877][T21908] -> #0 (&root->kernfs_rwsem){++++}-{4:4}: [ 603.061857][T21908] __lock_acquire+0x1520/0x2cf0 [ 603.067217][T21908] lock_acquire+0x106/0x350 [ 603.072234][T21908] down_write+0x96/0x200 [ 603.076996][T21908] kernfs_remove+0x44/0x80 [ 603.081926][T21908] __kobject_del+0xe0/0x310 [ 603.087026][T21908] kobject_put+0x23a/0x550 [ 603.091979][T21908] br_sysfs_delbr+0x44/0x70 [ 603.097078][T21908] br_dev_delete+0xe2/0x110 [ 603.102153][T21908] br_del_bridge+0xb1/0xf0 [ 603.107084][T21908] br_ioctl_stub+0x746/0xd60 [ 603.112186][T21908] sock_ioctl+0x4e1/0x7e0 [ 603.117033][T21908] __se_sys_ioctl+0xfc/0x170 [ 603.122134][T21908] do_syscall_64+0x174/0x580 [ 603.127231][T21908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.133632][T21908] [ 603.133632][T21908] other info that might help us debug this: [ 603.133632][T21908] [ 603.143842][T21908] Chain exists of: [ 603.143842][T21908] &root->kernfs_rwsem --> pmus_lock --> &root->kernfs_supers_rwsem [ 603.143842][T21908] [ 603.157725][T21908] Possible unsafe locking scenario: [ 603.157725][T21908] [ 603.165186][T21908] CPU0 CPU1 [ 603.170592][T21908] ---- ---- [ 603.175963][T21908] rlock(&root->kernfs_supers_rwsem); [ 603.181414][T21908] lock(pmus_lock); [ 603.187827][T21908] lock(&root->kernfs_supers_rwsem); [ 603.195712][T21908] lock(&root->kernfs_rwsem); [ 603.200470][T21908] [ 603.200470][T21908] *** DEADLOCK *** [ 603.200470][T21908] [ 603.208599][T21908] 3 locks held by syz.0.4274/21908: [ 603.213846][T21908] #0: ffffffff8fdcb960 (br_ioctl_mutex){+.+.}-{4:4}, at: sock_ioctl+0x4b8/0x7e0 [ 603.223030][T21908] #1: ffffffff8fdeac00 (rtnl_mutex){+.+.}-{4:4}, at: br_ioctl_stub+0x1a8/0xd60 [ 603.232069][T21908] #2: ffff88801be9d2a0 (&root->kernfs_supers_rwsem){++++}-{4:4}, at: kernfs_remove+0x35/0x80 [ 603.242330][T21908] [ 603.242330][T21908] stack backtrace: [ 603.248205][T21908] CPU: 1 UID: 0 PID: 21908 Comm: syz.0.4274 Not tainted syzkaller #0 PREEMPT(full) [ 603.248224][T21908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 603.248233][T21908] Call Trace: [ 603.248239][T21908] [ 603.248247][T21908] dump_stack_lvl+0xe8/0x150 [ 603.248269][T21908] print_circular_bug+0x2e1/0x300 [ 603.248290][T21908] check_noncircular+0x12e/0x150 [ 603.248311][T21908] __lock_acquire+0x1520/0x2cf0 [ 603.248328][T21908] ? lockdep_unlock+0x5d/0xd0 [ 603.248347][T21908] ? kernfs_remove+0x44/0x80 [ 603.248363][T21908] lock_acquire+0x106/0x350 [ 603.248377][T21908] ? kernfs_remove+0x44/0x80 [ 603.248397][T21908] down_write+0x96/0x200 [ 603.248413][T21908] ? kernfs_remove+0x44/0x80 [ 603.248428][T21908] ? __pfx_down_write+0x10/0x10 [ 603.248444][T21908] ? down_read+0x2be/0x330 [ 603.248459][T21908] kernfs_remove+0x44/0x80 [ 603.248475][T21908] __kobject_del+0xe0/0x310 [ 603.248492][T21908] kobject_put+0x23a/0x550 [ 603.248510][T21908] br_sysfs_delbr+0x44/0x70 [ 603.248527][T21908] br_dev_delete+0xe2/0x110 [ 603.248549][T21908] br_del_bridge+0xb1/0xf0 [ 603.248570][T21908] br_ioctl_stub+0x746/0xd60 [ 603.248590][T21908] ? trace_contention_end+0x3d/0x140 [ 603.248610][T21908] ? __mutex_lock+0x30d/0x1550 [ 603.248623][T21908] ? __pfx_br_ioctl_stub+0x10/0x10 [ 603.248638][T21908] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 603.248658][T21908] ? sock_ioctl+0x4b8/0x7e0 [ 603.248678][T21908] ? hook_file_ioctl+0x1f0/0x5f0 [ 603.248774][T21908] ? __pfx_br_ioctl_stub+0x10/0x10 [ 603.248787][T21908] sock_ioctl+0x4e1/0x7e0 [ 603.248806][T21908] ? __pfx_sock_ioctl+0x10/0x10 [ 603.248824][T21908] ? __fget_files+0x2a/0x420 [ 603.248837][T21908] ? __fget_files+0x3a2/0x420 [ 603.248850][T21908] ? __fget_files+0x2a/0x420 [ 603.248865][T21908] ? bpf_lsm_file_ioctl+0x9/0x20 [ 603.248886][T21908] ? __pfx_sock_ioctl+0x10/0x10 [ 603.248904][T21908] __se_sys_ioctl+0xfc/0x170 [ 603.248921][T21908] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.248937][T21908] do_syscall_64+0x174/0x580 [ 603.248951][T21908] ? trace_irq_disable+0x3b/0x140 [ 603.248965][T21908] ? clear_bhb_loop+0x40/0x90 [ 603.248982][T21908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.248997][T21908] RIP: 0033:0x7fa4ea99ce59 [ 603.249011][T21908] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 603.249025][T21908] RSP: 002b:00007fa4eb7d0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 603.249042][T21908] RAX: ffffffffffffffda RBX: 00007fa4eac15fa0 RCX: 00007fa4ea99ce59 [ 603.249053][T21908] RDX: 0000200000000040 RSI: 00000000000089a1 RDI: 0000000000000005 [ 603.249063][T21908] RBP: 00007fa4eaa32e6f R08: 0000000000000000 R09: 0000000000000000 [ 603.249073][T21908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 603.249082][T21908] R13: 00007fa4eac16038 R14: 00007fa4eac15fa0 R15: 00007ffe54b67d28 [ 603.249100][T21908] [ 610.995662][ T5637] Bluetooth: hci4: command 0x0406 tx timeout