last executing test programs: 2m8.150828781s ago: executing program 1 (id=78): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="7800000010000305000000000000000000cf0100", @ANYRES32=0x0, @ANYBLOB="83000000000000002000128008000100677265001400028008000700e000000208000600ac14"], 0x78}}, 0x0) 1m46.927838838s ago: executing program 1 (id=78): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="7800000010000305000000000000000000cf0100", @ANYRES32=0x0, @ANYBLOB="83000000000000002000128008000100677265001400028008000700e000000208000600ac14"], 0x78}}, 0x0) 1m29.406229765s ago: executing program 1 (id=78): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="7800000010000305000000000000000000cf0100", @ANYRES32=0x0, @ANYBLOB="83000000000000002000128008000100677265001400028008000700e000000208000600ac14"], 0x78}}, 0x0) 1m8.968783517s ago: executing program 1 (id=78): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="7800000010000305000000000000000000cf0100", @ANYRES32=0x0, @ANYBLOB="83000000000000002000128008000100677265001400028008000700e000000208000600ac14"], 0x78}}, 0x0) 50.916978607s ago: executing program 1 (id=78): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="7800000010000305000000000000000000cf0100", @ANYRES32=0x0, @ANYBLOB="83000000000000002000128008000100677265001400028008000700e000000208000600ac14"], 0x78}}, 0x0) 38.870872313s ago: executing program 4 (id=954): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) socket$packet(0x11, 0xa, 0x300) syz_emit_ethernet(0x5e, &(0x7f00000001c0)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x28, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@sack={0x1d, 0x2, [0x0, 0x0, 0x0, 0x0]}]}}}}}}}}, 0x0) sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b788061", 0x24, 0x0, &(0x7f0000000540)={0xc9, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_DEL_KEY(r1, &(0x7f0000001bc0)={0x0, 0x0, &(0x7f0000001b80)={0x0}, 0x1, 0x0, 0x0, 0x40000c4}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000026c0)=@flushpolicy={0x10, 0x12, 0x105}, 0x10}, 0x1, 0x0, 0x0, 0x20000001}, 0x20040810) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_KEY(r4, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="10000ebd7000fddbdf2509009e919700a2864aedda16b0006e39230e5d55d7fff0ea8edc82d2dd6d8ba7f0a7f7ef18bf06a5954b57c4999f858aebf3ee3b6e3fc07d356d2bea5a5c63e658b64504b535833e1fc1b77c22b11244f5eaa0ae430be7bf8a2ca813912fb3e6745dc045e6c8af0ef1c90614e1690b95f2d602accebc7ba76d85f7f967aa6053eda12211cb101bea9af6b7f55fb1ec67265ba07fcf9469ba5a987b2f52dcbba1"], 0x14}}, 0x20008000) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0xffffffff, @empty, 0x10001}, 0x1c) socket$inet6_tcp(0xa, 0x1, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x1014}, 0x48) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r7, 0x0) bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000a80)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), r8) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0) ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f0000000200)={'wpan0\x00', 0x0}) select(0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$NL802154_CMD_SET_PAN_ID(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00", @ANYRES16=r10, @ANYBLOB="010058a67000fedbdf250800000008000300", @ANYRES32=r11], 0x1c}, 0x1, 0x0, 0x0, 0x20}, 0x8840) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001240)={0x8, 0x0, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x9, 0x100b, &(0x7f0000001e40)=""/4107, 0x40f00, 0x0, '\x00', 0x0, 0x0, r7, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r6}, 0x50) 37.467821203s ago: executing program 4 (id=962): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000003"], 0x48) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'batadv0\x00', 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000300)={0x0, 0x0}, &(0x7f0000000340)=0xc) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000004c0)={{{@in6=@private0, @in=@remote, 0x4e22, 0x5, 0x4e22, 0x4, 0xa, 0x20, 0x0, 0x2c, r1, r2}, {0x3, 0x100000000, 0x5, 0x7f, 0xab, 0x6}, {0x212, 0x85, 0x6, 0xfff}, 0x49e04ade, 0x6e6bbc, 0x2, 0x0, 0x3, 0x3}, {{@in=@broadcast, 0x4d6, 0x3c}, 0xa, @in=@local, 0x34ff, 0x3, 0x0, 0x1, 0x1, 0x38, 0x6}}, 0xe8) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)=r3}, 0x20) r4 = socket$inet6(0x10, 0x3, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000120000002400000008000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f00000000c0)='rpc_request\x00', r5, 0x0, 0x5}, 0x18) r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r7}, 0x10) splice(r0, &(0x7f0000000180), r8, &(0x7f00000001c0)=0x16000000000, 0x8, 0x4) sendto$inet6(r4, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0) 36.966063896s ago: executing program 4 (id=966): r0 = socket$kcm(0x2, 0x1000000000000002, 0x0) sendmsg$inet(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x2, 0x4e1f, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000100)='\x00', 0x1}, {0x0, 0xfdff}], 0x2, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xb}, @multicast2}}}], 0x20}, 0x0) 36.814692392s ago: executing program 4 (id=968): socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000005c0)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="0200000002"], 0x10) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r2, r3, 0x2, 0x2}, 0x10) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$inet6(0xa, 0x80803, 0x87) syz_emit_ethernet(0x5e, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbbbb86dd603000bb00282b00fe800000000000000000000000000000fe8000000000000000000000000000aa87"], 0x0) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) r4 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x4e}, [@ldst={0x0, 0x0, 0x2, 0x0, 0x0, 0x74}]}, &(0x7f0000003ff6)='GPL\x00', 0x4, 0xb579, &(0x7f000000cf3d)=""/195}, 0x23) bind$bt_hci(r4, &(0x7f0000000000)={0x27}, 0x74) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r4, 0x118, 0x1, 0x0, 0x0) r5 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_FLUSH(r5, 0x0, 0xd4, &(0x7f0000000000)=0x1, 0x4) 36.499031743s ago: executing program 4 (id=970): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYRESHEX=r0], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000f39500000000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000080)={0x2, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020a10000200"/16], 0x10}}, 0x0) 36.055030142s ago: executing program 4 (id=973): r0 = socket$l2tp6(0xa, 0x2, 0x73) socket$kcm(0xa, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180600000000000000000000000000008540000022000000850000008b00000095"], 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) getsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x8, 0x0, &(0x7f0000000080)) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000480)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="0082890000000000667659608fbce082e41c5a1122611aae1dfe63077f000000000000001799130fa1a29d4c4b78ffb2885e8ae773ab15c1dde9d48d15b234ed79a4e10bb98aa526be11c7abbb56b91e6a8ec88a5b433993377e00771a03cec60ac770846da5f5c36bd5ab4115dc9b199653eb0e75a6a1746e36a2ed2c11692da4a192405ee386d888234ce983e21dbebe446ee962b77b1dba32843a6c8cfaed973899ad9d679e4f6e83ad798a24af2b403507f6", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20) bind$l2tp6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x20) socket$vsock_stream(0x28, 0x1, 0x0) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f00000000c0)={0x0, 0xac, "30f3454c5462d11e017577dc012f829dc1c29a1aa87a5ea61bf6a0a4f2413cb399ed4011524dbcd234382159a1c8365d3180abddf21bf70d1b150c72ff184fe90bfb5d9f0826df492a412b1e28062f0205a6994b5dc781c1a39f62de7240f1df9a69ee33c50a57e18729c98494fe17069e612ab31accfac87d71a18bbb4bebac1b7f8364d5d602e97a571a717dcd9f57eefbe1135629c43c43cd1971c830030786ff1c02e6f9bb7fa3c0b539"}, &(0x7f0000000240)=0xb4) syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60f91e2e00107300fc040000000000000000000000000000ff02000000000000000000000000000100000000ff"], 0x0) 34.036898389s ago: executing program 1 (id=78): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="7800000010000305000000000000000000cf0100", @ANYRES32=0x0, @ANYBLOB="83000000000000002000128008000100677265001400028008000700e000000208000600ac14"], 0x78}}, 0x0) 26.117711199s ago: executing program 2 (id=1003): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x3, 0x10004, 0x5}, 0x50) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x10, &(0x7f0000000100)=0xffff, 0x4) writev(r0, &(0x7f0000000cc0)=[{&(0x7f0000000780)="1e", 0x1}], 0x1) recvmmsg(r1, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0xffffffffffffff21, 0x0, 0x0, &(0x7f00000005c0)=""/108, 0x6c}, 0x7fff}], 0x3fffffffffffcbe, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) splice(r2, &(0x7f0000000000)=0x7, r2, &(0x7f0000000040)=0x9, 0x0, 0x4) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newtaction={0x48, 0x1e, 0x109, 0x100, 0x40000, {}, [{0x34, 0x1, [@m_mirred={0x30, 0x8, 0x0, 0x0, {{0xb, 0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x48}, 0x1, 0x2b1e}, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', 0x0}) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f00000000c0)={r5, 0x2, 0x6}, 0xfffffffffffffdd9) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0e0000000400000004"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000140)={r6, &(0x7f00000007c0), &(0x7f00000000c0)=""/79}, 0x20) r7 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r7, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'}) r8 = socket$inet(0x10, 0x3, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000b00)={0xffffffffffffffff, 0x20, &(0x7f0000000900)={&(0x7f0000000800)=""/221, 0xdd, 0x0, &(0x7f0000000a40)=""/171, 0xab}}, 0x10) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000bc0)={{}, &(0x7f0000000b40), &(0x7f0000000b80)='%+9llu \x00'}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r10 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x4c, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r9, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x1c, 0x2, [@TCA_CAKE_SPLIT_GSO={0x8}, @TCA_CAKE_MEMORY={0x8, 0xa, 0x32}, @TCA_CAKE_FWMARK={0x8, 0x12, 0x5c}]}}]}, 0x4c}}, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x48241, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) r11 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x20, 0x140e, 0xc3ef2dc4aaddb62c, 0x70bd2a, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4001}, 0x10) 20.926224067s ago: executing program 0 (id=1015): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYRESHEX=r0], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000f39500000000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x4040811}, 0x20042840) r2 = socket(0x10, 0x80002, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8b24, &(0x7f0000000000)={'wlan0\x00'}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000080)={0x2, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020a10000200"/16], 0x10}}, 0x0) recvmmsg(r3, &(0x7f0000000740)=[{{&(0x7f00000005c0)=@tipc, 0x80, &(0x7f0000000800)=[{&(0x7f0000001740)=""/4081, 0xff1}, {&(0x7f0000000640)=""/251, 0xfb}, {&(0x7f0000000380)=""/52, 0x34}, {&(0x7f0000000180)=""/51, 0x33}, {&(0x7f0000000240)=""/140, 0x8c}], 0x5}}], 0x1, 0x40000043, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(r3, 0x50009401, &(0x7f0000002740)={{r3}, "f45c27f6e1019f7906bbc4d730d2e680ea72d65f270325393dfb8178f9ff93718c78baf96c0d79951f153b64505b211c2e41b9a7b685e9b183b28819e8f4e9dc0d74d69e1ffd7b99971801a67fada58d7c4843770afbea756480e83bcc7de32fd1748d160ef7da8835e34d5d57195f29bf25ea025750c654c860115fa9148e88e6a3047856a1cb4f0dfc1d304005e7c7ca9d440e0bcb44fcd453e25e2dd64e28b139d01a1f5a192f7a0bbc5b8666b4a3a5f9d9e210610b21b1f0c8259638fb978eee8819a9edf0ee9ea7f1a64e0b27af1523c2e3440d81186ce38f1e6ab053318c153986dd918d3d0fc6419bf0b81ab94e8e7653c0f08d131c2492e7eae7b3d59f32e627fb76f3b281036e70a431be20a1f56a01367d7ccfe84040bf48a096820b460da0b37a2363f3733ee80723c795e17bdeb5ece94d20defae2fb5ec2ec4accc87075b3273954e8fcc5a07966778a596217c8695d914283466bfb754612ced17f511f9a631cfdd55200db808971e29b58199e4e7e2cd29d0e80cb3f46a72ae7aa41a7a93bd0212009f949ce217adbb0813419e2615d35df1f89a6e2b5c700bc6b2fc5281923c9f8f33601f39e9adecf3c919e9b7e7ad5c50ceaea235319f1128c98545392c5648c91403517c3ed2d7e358cd340bef103d9ed71775fe87d6a68ac01d41ddb2e121395bc55009b3ce9313f88b36484572b074936d247d340d7d0d10dc5674cff0a9d7c1585108c8612d6a28e93327f3790283ff9c373ac4d0458c97bce0d48ef20f6f6f586de128beb436580b565697326f9f3ef1e31cb39d29e7edc7a666b9268568c07d57d61928262bbd5a793f49dc43f308b2bdcb9d86ce78158f8ca08d697fd481d9bcd5cc7fd40a8de7923bf9d59f956cafadb13fbfd5a555186acc8134be7d873d0276163d66ba051f72d92ed53d3a922e23eb8fe884f861f53165efaf44ee0c5095487424448ffe339c1128e8749e12f027fd6cd6b525c539f967607b0b9136a4203837dd916fc8ff0a51ae68dc49ef0ea4aa64bd3d082ade2740b0efe00f61eb17d46af4707adba0da061d80366f5f3e92b4fc3ee230159a70d7db3d137c4a4bd39fb77e6d1a9b31e27736eb0fb65a2acbe0c2314015ebc3880226ed6371ae648ce9b5b63281bacc0db8f615c0486145f36324418017ceb5d47f2a783ed3a8fdfd64b85886115d19c6bf37eaf8de974f1bd303731b448e2d01d86a71ec7ada0305d9bd97a6252828f7546d8bfd83e07663c64ded2444e4891f3462291cc383fd21ea3a9dc79390b3d6ffae8f146cad4d19313ab309fdc16051e67e7d54f984a9b49b64358ea664e88b0a8a07e3ab9db3b50665614c4991e7e9ddd1064da4abdaf8cf0b969c46cfba21ec248a4be39dfa989abad658358a4392c753b0797bee7be0cc481fc54049c9043d141ed1e8a9d006745466cb33772e226c32ad1f79cf7e688c52d922bb5a0f525885378de22aec81153ed89736afe07b0ecd7fa413b9aba70ac3aa14a8d32fcf7722648c4a89146304c05c40f2af0c99c0aa175f1c1db15fa731c75578a2f50e19e1eafcc240dd6b2172255596fda38e86bfd1b2ca36f857d43420dd443dc15505517cf5ec17113ddaba03144de208fd86567ceb5cdc4e679c7502138c403adfb676d1c84bc56709e5775475a55b471a902633f7e4d9f513325950eeb7483aaf9bc2b2705dbc4275422222ad9425e1891873f9ec65854a997176496bca213423d3a3709bba44498c387ed13bf15f2a86a310e307d320a060aed811906d44fd2cb19c90fb1b9a125760a4cd0827458b2ee3dc68fcee493f188aa8a8f6b967034f5b54b74b2269f76bd563180ef7e55366b2c380c8c4865b24b8e2c0486025aa322977a9b983126e460bc7f0a24f870a6080571263ee25a0f8ce0930d71ca37902b740e076be4ab0664be623f77b1313dce9570567371e147d22afdf4ff0c8d02ac571cf881ce4f2d92a157446c917c5d37bf2b4ee9440940af390ec84df09efc1e39c16b54c92dfb19bddf529d23224a9fa3ea5a56149c2dbb23dfd75c2bf21f6528b2f029f33f5c816b574a57ce45a131a0daf3d4a60b22c22d9c857d5bd1d45e694618dccebf910e75eaa9e50534068960cc0442fa77623b6c63674dca5361a2532354fa51049d19b61d21f51cd96e39b3ee19a7fb55eadbb9623737d1fd095a8fbc0149aa1fe358dfbe4e288a150e12051925be70d62b6676bff5eceb2073f9b4d1f7466bf2ee5df9f4af5c2b3b86195d9e125a80f032a9e2b8d40fc088b47849f28fb1dce3c154d34c4744e3ac5d53554506a462cb33cc92508df517a657c5220d4e782239f29ac0b3705efd143def83515d341c88bfdacc43a2d29e8e73cf5d07eff67b8a398cb4fd1ef33dba3a07c0afb32c2fde286f353237dccd7404e9bd53b77e64ea4f44de7838463764db8a6344de939879bd9fc4782b8e33e396f6487038b446bae9cd625fe0649deba939c538fbe6a0b538585f97226de9b2306ef67c51c1986a15b9b1b4bebc013cfd640693a2a199a338c2afc5089579c7d32a64daf4f56b22aa0cfee43c7995e98f909a2d825a9e53b6fbbc767bf13ccc5249490fd4c9020999b2548a7e0bdf938ba507e44e295071fcdcdf12fa84acfd079fe36c4fcbfba6673cf6b33a49677377f23fd9c07344cd6c6bde62b7deb418a2139ec9f82d43d88889fd13400c4a4e1284fe2e9997ded58581c7c43973b8a136d4691fea8f5a00e97c59d6689a42459678408446d2518a171a20c26ee82acde5ae15c81a98d73643e6d275aae80e0a42995914c72860abbd7942d27745d4391032a65bc5ace3c60b5ef708e5bd0a911b552296597dbe866922dc2bacd1029a0ae3fb318cc5149ccef638b13446903452d45850d3655dc62638998810e9af21a12517f6bc96e0f625a319fa1dd7db1af8740557af9a018ee5d8a98462984b6948f8d6b30951192f622ce5665b80264355b3154e51ce4064440516bbd7495e4036dfc85bdea02eed8bb3f90008175e1a36bb8efd144b21e582219f2dea0c4770ce06ae41226a9228254b2a2d8b42f3c32aa82cc38768036f3fff49f2002b2dbd47c656f5750589cd327e75762165ae3fbb94737b796a808daacb342ee52922f6bee06bd03622b512deeb666706529588213bf41c6c7c630b02d5375f6ac18f66cf65a7a88de96152467d2db3317559122894840490e235a3a0d7a299db834b7d60795d128dd408f8131e1ffb1eea8b3da1ca93ae5dbca43c0c0328708d01ba951d0f270fcf3850ac0a04b0d2cf484e8aab056af58a550f9e95e91b458851ba721140e43e0cf655ea5b48378ae80084f5a30e31d199aa065288c1c308d4453356b14b30660fea39551ef6b9d478d9855ca53c726bfd784466b03a78029681de32459b9582f2806ecbf28106dba780f5d6006833309bc0be4924e2c1a61ec80e450c74b7018d8a719c219389c7fddfbfb9624eaaa41fc57686a9129170fbcd62b6de9e01c3477411e8c9a17e6f784d9c99e8fdb92c447bf0217ebd4e1e45bb6a379bbf05ec49b055ec94ffe9776cb40fa1eacd93413f6bbee7d40d426626ea1690e692b36e94ebe31e1ffaae0a331dc9e2f6a1fda3e4de5f201233e08de348b771ecb792ad4735f2e722de78d3599b0bfd2f7724ee382fe30d264dd72817a3825fbd526030a26d1c1afc8df2010292e2d5c733d63ebccb7cbe0c3873e45beb9a8ed99e3fbd97ae47d448c072f74e6479852b0a9c04cc6db05f8eb87fcabe28fa2782bd332f01de6f6909c93496d9729bd6a64bf3451df30e53a39c056874f2ea3ecfd71b3d81b5ef21750a481d26450b64f921c209d0ceefb6a2384f61105c20f5982baa89454db3013aa212998759e899716c9b150e6959930969cf687bbfbd6aa0963edc96d6a3156da9ebda60387e94e0c8838d544d1f94ebdef2e9a39a71566841c30946c838f166498463ccd529d1245a0e2cd915788de953299433561487c2617233c59af13d0c799ae6df79d1d9ace0d4ff29aa41f5bd593ee294e801db62d61fb1d89a822a8a5300089d71b5abf34157f112d711bdf29e27cd844d10424e24456313c4c390dd2c3392cee7283c596c4d9d7a3bea53d7713100f909f9979552196b3c1c1abb643e8a4e130db3a62cecb3be85107c0453250fbde793e4ac168b89003b72de6a9bdb26ed68f8e88d4c00a9b5e8870877e238121c625a9bbcaf2988d2f309240eac5c0cc73a96b9c5320b96a70289b3643cb3a4a91b658c2e3507ef8e957d344c140f4576e97195bed3d4c7da9c5520c8f82e4f09a26f7e8a0897c91117c6ea402775a5f0c86253d4a512e5e2cebd4fe103f8b980302e8c0770251d56a1eafd422f68c3a1e1d0f0fc857b8db6afb6bb70fb5a97e0a24ab16c99b1cc1daf7e97d6f4a6d1aa96a48aeca8f6185e1c97815638ccba27f3b4029c3da7b0ebdcf5f630b8a0a95beb4e3007e44cc82a4272e5d6c3bdb917db865815f3eb1994d36d220d314f448a9b0506280eb940529b202940093b66a2f2956c70f88d1c552ca22a79924626114fc969ace0edc946cbb830eaa20fc082d90286c12c8cbe40642f5b503855306081dbdfc6c64c2e543fa469b2c62c27cbf034be3b82663b978671f2bc2e70497e1bb63c3279294c0c82a4d1d8e81978b969d3b06496ef1249908c7695d2414c764eadd378accba19adf077c8d7976d6b64de858ecff4f9c2b2f82be8983169141da19c8fd740c3b2cbffb7e06abfed13f609f3a9193c458248c52cc2919e634f81920de91351c3f216bce1383b4e78f744508faf22d6bff5f275488e7a0bc3086fd1c8526f74cd48a015483e084e134dcb1ffd5f26956808ec433b0f14f5ea49990ac5f05f5c7eb433f1462df667032d9739de069ff2e6a19ec1d4ab4940a440414a84060b2507e2f2d3d5f1c17b914ab5f600cb7d02651dd0a8f480e16d6a18e69023edf2d7a29387b4e8333c26955296a7b737419e0b86a705a5fcdf0507b3ad8a3dbeb273524c0a7027646e13d2d3011006353be0329887f600e6db40e07e0b25160fc653fa5fad1980458cee45eaed0ea6983a2349d94a3031529e9863e104d06ad8bf795f69eb4e3e6fa3c28c0ada66647fd05639ad1aaf4479216f174bab0f65e0e655b9ef57aad1bc45768f0d76797aae628ff2d57e7550f3bf859d757d798dc9f05134ece1c77368cdf593c60b58924f54c14a27575fe97b248488316aca2fc5a6ef60c2f4480a3ac4ce73f46e34119f8b7c2e59ac2d7ea5786381ac97dfd8a8960188d87b06d7382814e3137b816457e07623c5b24246d18bdc014fff98f68f0039951934ff0650ccbd0ed7d15c21732cb470ffda69d5bb58307f3f12f71a4822d5a32538b9a9a680957f36dcf4513d378448b5062d27b088c084f7df97aac44408749f540b04bb17c7490e1e338128d89237f092a2de93daefe45e08aafb130cfd089dd390db6db5511512e450b4130f1322d7c10a7a0146b85a6dc63e398c12652701d757bcd2fac8fabde8d605bf4fd77a42e82f042ed06a3de3f843b0f57b2ca990d5e64e288b1cf10253f3084dcefa23f7e50da01baa3719a177a7d87980187416270f30543b01987e3b5e733901ec61b998210a9bd9381df5867c2d34e15f6e45069d55a9e3f15ac5fd278f0b8f46077b5db3955133fb1d52f543e3d3ccadced3db0a804f2f9f19dc6ffce82d147832715c700e1b46a706a7e2975c70dfab78a4e11097dc225b5e0668e0fdba4b098731e70"}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0x2, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x10, 0x9}, {0xffff, 0x10}, {0xe}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x810) socket(0x1e, 0x3, 0x5) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000003c0), r4) sendmsg$NLBL_CIPSOV4_C_LISTALL(r4, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000b80)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="fba70000e80000867f0004"], 0x14}}, 0x0) 20.701609843s ago: executing program 0 (id=1016): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r1, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a000000060001001700"], 0x1c}}, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="110000000400000004000000ff"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000980)={{r7}, &(0x7f0000000600), &(0x7f0000000940)}, 0x20) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000180)={0x84, @remote, 0x0, 0x0, 'lblc\x00'}, 0x2c) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xb, &(0x7f0000000180)=ANY=[@ANYRESOCT=r1], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='percpu_alloc_percpu\x00', r9}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x40, 0x6, 0x8}, 0x48) setsockopt$IP_VS_SO_SET_DEL(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000001280)={0x20000000000084, @remote, 0x0, 0x0, 'rr\x00'}, 0x2c) splice(r6, 0x0, r8, 0x0, 0xf3a, 0x0) write(r4, &(0x7f0000000240)="94", 0x1) tee(r3, r8, 0x8f5, 0x100000000000000) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r10, 0x0, 0x60800) write$cgroup_type(r8, &(0x7f0000000180), 0x9) write(r5, 0x0, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x64, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x2c}}, @time_exceeded={0x5, 0xea452954ff7d0934, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0xd, 0x1, 0x0, @local, @empty}, "001863714ab99043"}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000080850000008200000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) socket$inet6_tcp(0xa, 0x1, 0x0) 20.50281236s ago: executing program 2 (id=1018): r0 = bpf$ITER_CREATE(0x21, &(0x7f00000002c0), 0x8) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0}, 0x50) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004"], 0x48) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r1, 0x9) syz_emit_ethernet(0x4a, &(0x7f0000000040)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x14, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0xffff}}}}}}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000d40)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWOBJ={0x1c, 0x12, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x5}, @NFT_OBJECT_CT_EXPECT=@NFTA_OBJ_TYPE={0x8}}, @NFT_MSG_NEWSET={0x7c, 0x9, 0xa, 0x3, 0x0, 0x0, {0x3, 0x0, 0x9}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x9}, @NFTA_SET_EXPR={0x1c, 0x11, 0x0, 0x1, @lookup={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LOOKUP_FLAGS={0x8}]}}}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELOBJ={0x1c, 0x14, 0xa, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x9}]}, @NFT_MSG_DELCHAIN={0x24, 0x5, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x4}, [@NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x3}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffd}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x100}, 0x1, 0x0, 0x0, 0x20014840}, 0xc010) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}, 0x1, 0x0, 0x0, 0x4}, 0x0) 20.210799724s ago: executing program 2 (id=1020): r0 = epoll_create1(0x0) r1 = socket$unix(0x1, 0x1, 0x0) close(r1) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r2) sendmsg$NLBL_MGMT_C_ADDDEF(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000400000014000500fc0100000000000000000000ad000001080002000500000014000600ff020000000000a30885621a982b3c0106000b0002"], 0x4c}}, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0x80, 0x4) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0xa0028000}) 20.080325827s ago: executing program 0 (id=1021): bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000000c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)='%-010d \x00'}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000240)={{r0}, &(0x7f0000000140), &(0x7f0000000180)='%pS \x00'}, 0x20) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6) bind$inet6(r1, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r1, &(0x7f0000000380)="e8", 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x398, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='scalable\x00', 0x9) sendmsg$inet(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000100)="53ca", 0x2}], 0x1, &(0x7f00000007c0)=ANY=[@ANYBLOB="8000"], 0x80}, 0x40888) 19.960967283s ago: executing program 2 (id=1022): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[@ANYBLOB="440000001800010029bd7000fedbdf251d01050008000e00", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="150004000400000003030000918a76e1efa19e910500000008000900", @ANYRES32=0x0, @ANYBLOB="6b359e59a5a378b92c94f5270a4d89fa00d671adad6f21815141c1662b9d62ca308a20c52f81a374fb8882d59a02e720932103a3097569153a9e54792dcf018d0f4e3793bdbfb2cecc64f629a21cab4f10ea1bab8abbcc0135d974746f58d93d58c2467648047d6ce2b6ec9e1111837a0553d2f7c4ce3dfc18e034c8771f22175389a458a562f77ee2d8bb9395d26700cfab3bc1183adab7451059b9f0564ace177bdebe548942a89e544f30b443cf5c15b89a7b12f86e11a819f1d1121fe3fe8087db3f87bf6f42cb12553a78fab45292e26e04cb13130ee552122f22b24a512ad954563b96cee3fd6d0710a03cdb069337a828e533"], 0x44}}, 0x0) (async) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bond_slave_0\x00', 0x0}) (async) r4 = socket(0x10, 0x3, 0x0) (async) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000060a0b0400000000000000000200000054000480500001800a000100696e6e657200000040000280080002"], 0xa8}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xc}, {0xffff, 0xffff}, {0x4, 0xf}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_TARGET={0x8, 0x1, 0xa000}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x404c810}, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r6, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f0003"], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4) (async) sendmmsg(r4, &(0x7f0000000000), 0x400000000000235, 0x0) (async) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000009c0)=@newqdisc={0x58, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x4}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x7, 0x0, 0xd92, 0x10, 0x0, 0xe3, 0x3}}, {0x4}}]}]}, 0x58}}, 0x0) 19.692853946s ago: executing program 3 (id=1024): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newnexthop={0x24, 0x68, 0x1, 0x2, 0x7ffffffc, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x4, 0x0, 0xa00}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000) 19.63180832s ago: executing program 2 (id=1025): write(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_netrom_SIOCDELRT(r1, 0x890c, &(0x7f0000000080)={0x0, @default, @netrom={'nr', 0x0}, 0x3, 'syz0\x00', @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x2, 0x8, [@null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) r2 = socket(0x10, 0x803, 0x0) sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_mptcp(0x2, 0x1, 0x106) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="180500000000000000000000000000001836000005000000000000000600000095"], &(0x7f0000000540)='GPL\x00', 0x8, 0xdb, &(0x7f0000003e40)=""/219, 0x41100, 0x54, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'wp256\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x800) recvmmsg$unix(r4, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0) recvmmsg(r2, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {0x0}], 0x3}}], 0x1, 0x2040000, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c000b8018"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) r5 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x410, 0x120, 0x4c, 0x232, 0x0, 0x0, 0x340, 0x2e8, 0x2e8, 0x340, 0x2e8, 0x3, 0x0, {[{{@ipv6={@mcast2, @mcast2, [], [0x0, 0xff, 0xffffff00], 'bridge_slave_0\x00', 'ip6gre0\x00', {}, {}, 0x6, 0x0, 0x5, 0x4}, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x9}}, @inet=@rpfilter={{0x28}, {0x4}}]}, @common=@inet=@SYNPROXY={0x28}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x32}}, @private1, [], [0x0, 0xff, 0xff, 0xff], 'team_slave_0\x00', 'xfrm0\x00', {}, {}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xf8, 0x220, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@mh={{0x28}, {"b825", 0x1}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x6, 'u:r:untrusted_app:s0:c512,c768\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x470) 19.454809765s ago: executing program 3 (id=1026): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000100)={0xf9e5, 0xa32, 0x8, 0xb}, 0x8) r1 = socket(0x2, 0x80805, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000180), r1) sendmsg$FOU_CMD_DEL(r1, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x78, r3, 0x100, 0x70bd29, 0x25dfdbff, {}, [@FOU_ATTR_PEER_V4={0x8, 0x8, @rand_addr=0x64010101}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @remote}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e23}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0x2b}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0xc}, @FOU_ATTR_PEER_V6={0x14, 0x9, @ipv4={'\x00', '\xff\xff', @local}}, @FOU_ATTR_PEER_V4={0x8, 0x8, @dev={0xac, 0x14, 0x14, 0x2c}}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @private1={0xfc, 0x1, '\x00', 0x1}}]}, 0x78}, 0x1, 0x0, 0x0, 0x10}, 0x4) shutdown(r2, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e24, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x28) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r2, 0x84, 0x7a, &(0x7f0000000340)={r4, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) setsockopt(r1, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00\x00', 0x8) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$packet(0x11, 0x2, 0x300) r7 = socket$packet(0x11, 0x2, 0x300) r8 = socket$inet6(0xa, 0x2, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r5, 0xc020f509, &(0x7f0000000400)={r0, 0xf9, 0x7ff, 0x7}) r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000480), 0xffffffffffffffff) r11 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) sendmsg$DEVLINK_CMD_RELOAD(r9, &(0x7f0000000700)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x80, r10, 0x100, 0x70bd2c, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r11}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x3}}]}, 0x80}, 0x1, 0x0, 0x0, 0x8080}, 0x40040) ioctl$sock_SIOCETHTOOL(r8, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000680)=@ethtool_regs={0x12}}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000000c0)={'veth0_to_batadv\x00', 0x0}) sendto$packet(r7, &(0x7f0000000000)="bd2ebf3c13", 0x5, 0x20008801, &(0x7f0000000200)={0x11, 0x8100, r12, 0x1, 0x0, 0x6, @broadcast}, 0x14) readv(r6, &(0x7f00000006c0)=[{&(0x7f00000004c0)=""/217, 0xd9}], 0x1) 19.2616235s ago: executing program 3 (id=1027): r0 = socket$inet6(0xa, 0x3, 0x8000000003c) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0xf0b, 0x3, 0x25dfdbfc, {0x60, 0x0, 0x0, 0x0, {0xc, 0xffff}, {0xffe0, 0xffff}, {0xfff3, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_RAW={0x8, 0xc, 0x1}, @TCA_CAKE_MPU={0x8, 0xe, 0x80}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x44045}, 0x2000c0c1) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0xd, &(0x7f0000000000)=0x9, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000040)='htcp\x00', 0x5) setsockopt$inet6_tcp_int(r3, 0x6, 0x17, &(0x7f0000000000)=0x8, 0x4) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000001c0), 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0xc7ec}, 0x1c) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) ioctl$SIOCGIFHWADDR(r4, 0x8927, &(0x7f0000000200)={'wg2\x00'}) r5 = socket$igmp6(0xa, 0x3, 0x2) r6 = socket$rxrpc(0x21, 0x2, 0x2) bind$rxrpc(r6, &(0x7f0000000400)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x6e24, @empty}}, 0x24) close(r6) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) sendmsg(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 19.054921418s ago: executing program 0 (id=1028): r0 = socket$netlink(0x10, 0x3, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), r1) sendmsg$DEVLINK_CMD_RATE_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x30, r2, 0x1, 0x70bd2b, 0x0, {0x36}, [@handle=@pci={{0x8}, {0x11}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4040811}, 0x20042840) (async) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000014001fff27bd70000000000000082100819c1d978922539d7f9da0082c1d2604910b6c2bf7c4c1547ed3a46ae1f49da740", @ANYRESOCT, @ANYRESHEX=r0], 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) 18.618814866s ago: executing program 0 (id=1029): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x3, 0x10004, 0x5}, 0x50) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x10, &(0x7f0000000100)=0xffff, 0x4) writev(r0, &(0x7f0000000cc0)=[{&(0x7f0000000780)="1e", 0x1}], 0x1) recvmmsg(r1, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0xffffffffffffff21, 0x0, 0x0, &(0x7f00000005c0)=""/108, 0x6c}, 0x7fff}], 0x3fffffffffffcbe, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) splice(r2, &(0x7f0000000000)=0x7, r2, &(0x7f0000000040)=0x9, 0x0, 0x4) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newtaction={0x48, 0x1e, 0x109, 0x100, 0x40000, {}, [{0x34, 0x1, [@m_mirred={0x30, 0x8, 0x0, 0x0, {{0xb, 0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x48}, 0x1, 0x2b1e}, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', 0x0}) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f00000000c0)={r5, 0x2, 0x6}, 0xfffffffffffffdd9) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0e0000000400000004"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000140)={r6, &(0x7f00000007c0), &(0x7f00000000c0)=""/79}, 0x20) r7 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r7, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'}) r8 = socket$inet(0x10, 0x3, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000b00)={0xffffffffffffffff, 0x20, &(0x7f0000000900)={&(0x7f0000000800)=""/221, 0xdd, 0x0, &(0x7f0000000a40)=""/171, 0xab}}, 0x10) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000bc0)={{}, &(0x7f0000000b40), &(0x7f0000000b80)='%+9llu \x00'}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r10 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x4c, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r9, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x1c, 0x2, [@TCA_CAKE_SPLIT_GSO={0x8}, @TCA_CAKE_MEMORY={0x8, 0xa, 0x32}, @TCA_CAKE_FWMARK={0x8, 0x12, 0x5c}]}}]}, 0x4c}}, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x48241, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) r11 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x20, 0x140e, 0xc3ef2dc4aaddb62c, 0x70bd2a, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4001}, 0x10) 18.426924592s ago: executing program 3 (id=1030): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r1, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a000000060001001700"], 0x1c}}, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="110000000400000004000000ff"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000980)={{r6}, &(0x7f0000000600), &(0x7f0000000940)}, 0x20) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000180)={0x84, @remote, 0x0, 0x0, 'lblc\x00'}, 0x2c) bpf$PROG_LOAD(0x5, 0x0, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='percpu_alloc_percpu\x00', r8}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x40, 0x6, 0x8}, 0x48) setsockopt$IP_VS_SO_SET_DEL(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000001280)={0x20000000000084, @remote, 0x0, 0x0, 'rr\x00'}, 0x2c) write(r4, &(0x7f0000000240)="94", 0x1) tee(r3, r7, 0x8f5, 0x100000000000000) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000ffff00000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff050006"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x60800) write$cgroup_type(r7, &(0x7f0000000180), 0x9) write(r5, 0x0, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x64, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x2c}}, @time_exceeded={0x5, 0xea452954ff7d0934, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0xd, 0x1, 0x0, @local, @empty}, "001863714ab99043"}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000080850000008200000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) socket$inet6_tcp(0xa, 0x1, 0x0) 18.136754908s ago: executing program 3 (id=1031): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="30003300c0000000ffffffffffff080211000000505050505050000000008c10000031d48cd3fb111920f7073ef42f2f080057"], 0x54}}, 0x30000000) 17.875021979s ago: executing program 3 (id=1032): r0 = socket(0x10, 0x803, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) unshare(0x2040400) socket$inet(0xa, 0x801, 0x84) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'veth1\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0xa, 0x1, 0x7fff, 0x1, 0x4, 0x9, 0xa4, 0xffb, 0x7, 0xb69, 0xc1, 0x4, 0x1, 0x3, 0x5, 0x101, 0x1000, 0x9, 0x3, 0x3, 0x1, 0xfffffffa, 0x0, 0x6, 0x9, 0x4, 0x7, 0x1000005, 0x100000, 0x762, 0x3, 0xd, 0xe, 0x2b12, 0x100, 0x6, 0x1c00, 0xb, 0x7, 0xbed4, 0x8, 0x8000100, 0x3, 0x0, 0x11000, 0x8, 0x5, 0x79b, 0x2, 0x1, 0x7f, 0x4, 0x400, 0x7, 0xf, 0x101, 0xd7, 0x1fa0860a, 0x7, 0xaa, 0x81, 0x2, 0x180000, 0x4007, 0x8b, 0x5, 0x2af, 0xf7, 0x5, 0x2, 0x6, 0x9, 0x4, 0x7, 0x4009, 0x0, 0x4, 0x100002, 0x8, 0x752, 0x0, 0x3, 0x0, 0x10001, 0x82, 0xd, 0x6, 0x6, 0x9, 0x80000000, 0xfdffffff, 0x2, 0x2, 0x84, 0x100, 0x5, 0x252, 0x81, 0xb, 0x5, 0x20006, 0x5, 0x2, 0xb, 0x2, 0xd9a, 0x5, 0x2a2, 0xfff, 0x3, 0x2, 0x5, 0x8, 0x0, 0x4, 0x2, 0x40, 0x8, 0x4, 0x4, 0x401, 0x66cd, 0x8, 0x8, 0x1, 0x1fc, 0xc5c, 0xffffffff]}}) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_AVC(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x24000841}, 0x4008840) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}}) (fail_nth: 8) r3 = socket(0x10, 0x3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e00000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b710bb725cc6030000000000008500000071000000950000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r4, 0x0, 0x10, 0x10, &(0x7f0000000080)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x30) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=@bridge_getlink={0x28, 0x12, 0x1, 0x70bd29, 0x25dfdbfe, {0x7, 0x0, 0x0, 0x0, 0x886b, 0x956b4}, [@IFLA_TARGET_NETNSID={0x8, 0x2e, 0x3}]}, 0x28}}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10) sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a40)=@ipv6_getroute={0x24, 0x1a, 0x300, 0x0, 0x0, {}, [@RTA_OIF={0x8}]}, 0x24}}, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r3, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8008008}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x20, 0x140e, 0x100, 0x70bd28, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x4040880}, 0x1) bind$alg(r6, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f00000004c0)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x3fa1dc947ffe4b82}) 17.610977226s ago: executing program 2 (id=1033): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'gre0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000072009fb300000000fedbdf2507000000", @ANYRES32=r2, @ANYBLOB="080001"], 0x20}}, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r0, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r3, 0x0, 0x2e, &(0x7f0000000480)={0x5, {{0x2, 0x0, @multicast1}}, {{0x2, 0xffff, @rand_addr=0x64010101}}}, 0x108) 15.418948905s ago: executing program 0 (id=1034): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f00000006c0)=ANY=[@ANYRESHEX=r0, @ANYRESDEC=r1, @ANYRESHEX, @ANYBLOB="0c009900020000004e000000fc015a80cc00028016000100120005481618060b6c0c02051b0c040b1203000014000300300ffaff07000200ffff0600b192001400030009000900fffb19001000ff0304000900050007000200000014000300010000027f007100000006005b0c09004d00020053403811303a1e57241b2a1647572a4a1e4030110127270c360957304b212119541b2f2d001b332b1f42284a4c4e05571543573a3e4d35180d152f094624181a3c194a110844293b4400000014000500090007000800370006004000ff01090005000700010000004c000080140005000800060001001000010003000d0003000500070000000000050004000000000005000100160000000500040000000000140005005f0607003e06b00b460600100003800c000100045b097848050003b40002802f0002002e212c2d5749323440301f3f40023b2c334111303c3e0a4a2726084f393b091a0107300612150c320a26280005000400020000000500040002000000120001000318021b6c0216091b04000203600000050007000100000005000400670000004c0028314b01531016411d43144e32330eb496162b6dba03370d0e4c04074b230916321f140253493a2c0a3d2522242b1c2b272d38110b0121044f3e03070a15293d23201f1713121c000080050004000100000005000700000000000500060001000000ecb1cdeb7e0100000000000000a0f03f5217863a523b93a625d6de62ca7f661293c3e0d4d253ad0a1f9e57fd60a91de9af1daadf872b6c9a5c7ece3aa9605db351fb469a6e32b2c9a2772f397e75ea85541355533f8a1b7fcfbe6d7c5675587987755ae9be212c61591add3df965911592ab5e5f61a70750a46d80b89d1e123388ac8b13a1a1aeae56f8a126845ed133eddb04a837840745d870712b957b33e918504bb365acb3ea2a4100c9678297457b9c0247a89fed7b7dc9c76f57f8d0a321a74af26a69ee8958cc0579ae85f8d1099d200357402b91de9ee767669e8728d51d51bbfc8936db8dd1c6a3b692fc64fcd3c6d749b44db5de489dcd24a906c46a4869b23a0b202fe443ad753a551d49543186024771b9bbd5e456548bb17ec45749cabc8226552aa7162cf806a3e2000af55cce01f8d4712977593bad07c896706f7c5dec0be91769eb6320eb67498376473d2338e9d1335b3f54032444670da84b3203db20f348d92c633aa6650f5f29275ba00b1f0db81d40f4157c826f3e55d81e97b33b095e7fc94a404c92756b34958231a62f4d05c086b9b7eea17e570061084c3709319787dcf28fa3053fd2fa5b3e72ccaad8162f3feba785e60146fd9ac5b885c4260f11dd0d5757ba1047b59fcf3f817aebc1d94b9cb053d5a68616523132dc2602c016c670722ea58e89b2215b683fd55feaff7c9db9664327da9ac9ed7f9d27accd0499ffd3752164bc368a360f5715e6ddbddf16c8ef36dd69da4dcb26b29c9d15fbc9c1935ec4d52742d21ee44a04246f5bcdf6a7f0fc984934af1e1718837190f451ebed2ad3204a470c70ca3e13a8de"], 0x224}}, 0x8000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYRESDEC], 0x7c}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000000)='nr0\x00', 0x10) sendmmsg$inet(0xffffffffffffffff, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2000000}}], 0xfdef, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000009, 0x10, r0, 0xffffe000) socket$alg(0x26, 0x5, 0x0) r2 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bond0\x00'}) sendmsg$nl_route(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=@bridge_getvlan={0x68, 0x72, 0x20, 0x70bd2b, 0x25dfdbfb, {}, [@BRIDGE_VLANDB_DUMP_FLAGS={0x8}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}]}, 0x68}}, 0x4004084) openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="140100002d00010000000200fcf3df250401f2800800180004ac0f"], 0x114}], 0x1, 0x0, 0x0, 0x81}, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000140)={0x1f, 0xffff, 0x3}, 0x6) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000013b80)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0xc0}, 0x10) write(r4, &(0x7f00000000c0)="51f403000000", 0x6) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) r5 = socket$inet(0xa, 0x801, 0x84) connect$inet(r5, &(0x7f0000004cc0)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) listen(0xffffffffffffffff, 0x80000002) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_subtree(r6, &(0x7f0000000080)=ANY=[], 0x10448) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r7, 0x29, 0x1d, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r6, 0x0) accept4(r5, 0x0, 0x0, 0x80000) 2.088403437s ago: executing program 32 (id=1033): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'gre0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000072009fb300000000fedbdf2507000000", @ANYRES32=r2, @ANYBLOB="080001"], 0x20}}, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r0, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r3, 0x0, 0x2e, &(0x7f0000000480)={0x5, {{0x2, 0x0, @multicast1}}, {{0x2, 0xffff, @rand_addr=0x64010101}}}, 0x108) 2.029975638s ago: executing program 33 (id=1032): r0 = socket(0x10, 0x803, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) unshare(0x2040400) socket$inet(0xa, 0x801, 0x84) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'veth1\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0xa, 0x1, 0x7fff, 0x1, 0x4, 0x9, 0xa4, 0xffb, 0x7, 0xb69, 0xc1, 0x4, 0x1, 0x3, 0x5, 0x101, 0x1000, 0x9, 0x3, 0x3, 0x1, 0xfffffffa, 0x0, 0x6, 0x9, 0x4, 0x7, 0x1000005, 0x100000, 0x762, 0x3, 0xd, 0xe, 0x2b12, 0x100, 0x6, 0x1c00, 0xb, 0x7, 0xbed4, 0x8, 0x8000100, 0x3, 0x0, 0x11000, 0x8, 0x5, 0x79b, 0x2, 0x1, 0x7f, 0x4, 0x400, 0x7, 0xf, 0x101, 0xd7, 0x1fa0860a, 0x7, 0xaa, 0x81, 0x2, 0x180000, 0x4007, 0x8b, 0x5, 0x2af, 0xf7, 0x5, 0x2, 0x6, 0x9, 0x4, 0x7, 0x4009, 0x0, 0x4, 0x100002, 0x8, 0x752, 0x0, 0x3, 0x0, 0x10001, 0x82, 0xd, 0x6, 0x6, 0x9, 0x80000000, 0xfdffffff, 0x2, 0x2, 0x84, 0x100, 0x5, 0x252, 0x81, 0xb, 0x5, 0x20006, 0x5, 0x2, 0xb, 0x2, 0xd9a, 0x5, 0x2a2, 0xfff, 0x3, 0x2, 0x5, 0x8, 0x0, 0x4, 0x2, 0x40, 0x8, 0x4, 0x4, 0x401, 0x66cd, 0x8, 0x8, 0x1, 0x1fc, 0xc5c, 0xffffffff]}}) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_AVC(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x24000841}, 0x4008840) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}}) (fail_nth: 8) r3 = socket(0x10, 0x3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e00000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b710bb725cc6030000000000008500000071000000950000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r4, 0x0, 0x10, 0x10, &(0x7f0000000080)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x30) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=@bridge_getlink={0x28, 0x12, 0x1, 0x70bd29, 0x25dfdbfe, {0x7, 0x0, 0x0, 0x0, 0x886b, 0x956b4}, [@IFLA_TARGET_NETNSID={0x8, 0x2e, 0x3}]}, 0x28}}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10) sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a40)=@ipv6_getroute={0x24, 0x1a, 0x300, 0x0, 0x0, {}, [@RTA_OIF={0x8}]}, 0x24}}, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r3, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8008008}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x20, 0x140e, 0x100, 0x70bd28, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x4040880}, 0x1) bind$alg(r6, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f00000004c0)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x3fa1dc947ffe4b82}) 0s ago: executing program 34 (id=1034): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f00000006c0)=ANY=[@ANYRESHEX=r0, @ANYRESDEC=r1, @ANYRESHEX, @ANYBLOB="0c009900020000004e000000fc015a80cc00028016000100120005481618060b6c0c02051b0c040b1203000014000300300ffaff07000200ffff0600b192001400030009000900fffb19001000ff0304000900050007000200000014000300010000027f007100000006005b0c09004d00020053403811303a1e57241b2a1647572a4a1e4030110127270c360957304b212119541b2f2d001b332b1f42284a4c4e05571543573a3e4d35180d152f094624181a3c194a110844293b4400000014000500090007000800370006004000ff01090005000700010000004c000080140005000800060001001000010003000d0003000500070000000000050004000000000005000100160000000500040000000000140005005f0607003e06b00b460600100003800c000100045b097848050003b40002802f0002002e212c2d5749323440301f3f40023b2c334111303c3e0a4a2726084f393b091a0107300612150c320a26280005000400020000000500040002000000120001000318021b6c0216091b04000203600000050007000100000005000400670000004c0028314b01531016411d43144e32330eb496162b6dba03370d0e4c04074b230916321f140253493a2c0a3d2522242b1c2b272d38110b0121044f3e03070a15293d23201f1713121c000080050004000100000005000700000000000500060001000000ecb1cdeb7e0100000000000000a0f03f5217863a523b93a625d6de62ca7f661293c3e0d4d253ad0a1f9e57fd60a91de9af1daadf872b6c9a5c7ece3aa9605db351fb469a6e32b2c9a2772f397e75ea85541355533f8a1b7fcfbe6d7c5675587987755ae9be212c61591add3df965911592ab5e5f61a70750a46d80b89d1e123388ac8b13a1a1aeae56f8a126845ed133eddb04a837840745d870712b957b33e918504bb365acb3ea2a4100c9678297457b9c0247a89fed7b7dc9c76f57f8d0a321a74af26a69ee8958cc0579ae85f8d1099d200357402b91de9ee767669e8728d51d51bbfc8936db8dd1c6a3b692fc64fcd3c6d749b44db5de489dcd24a906c46a4869b23a0b202fe443ad753a551d49543186024771b9bbd5e456548bb17ec45749cabc8226552aa7162cf806a3e2000af55cce01f8d4712977593bad07c896706f7c5dec0be91769eb6320eb67498376473d2338e9d1335b3f54032444670da84b3203db20f348d92c633aa6650f5f29275ba00b1f0db81d40f4157c826f3e55d81e97b33b095e7fc94a404c92756b34958231a62f4d05c086b9b7eea17e570061084c3709319787dcf28fa3053fd2fa5b3e72ccaad8162f3feba785e60146fd9ac5b885c4260f11dd0d5757ba1047b59fcf3f817aebc1d94b9cb053d5a68616523132dc2602c016c670722ea58e89b2215b683fd55feaff7c9db9664327da9ac9ed7f9d27accd0499ffd3752164bc368a360f5715e6ddbddf16c8ef36dd69da4dcb26b29c9d15fbc9c1935ec4d52742d21ee44a04246f5bcdf6a7f0fc984934af1e1718837190f451ebed2ad3204a470c70ca3e13a8de"], 0x224}}, 0x8000) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYRESDEC], 0x7c}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000000)='nr0\x00', 0x10) sendmmsg$inet(0xffffffffffffffff, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2000000}}], 0xfdef, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000009, 0x10, r0, 0xffffe000) socket$alg(0x26, 0x5, 0x0) r2 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bond0\x00'}) sendmsg$nl_route(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=@bridge_getvlan={0x68, 0x72, 0x20, 0x70bd2b, 0x25dfdbfb, {}, [@BRIDGE_VLANDB_DUMP_FLAGS={0x8}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8}, @BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}]}, 0x68}}, 0x4004084) openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="140100002d00010000000200fcf3df250401f2800800180004ac0f"], 0x114}], 0x1, 0x0, 0x0, 0x81}, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000140)={0x1f, 0xffff, 0x3}, 0x6) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000013b80)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0xc0}, 0x10) write(r4, &(0x7f00000000c0)="51f403000000", 0x6) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) r5 = socket$inet(0xa, 0x801, 0x84) connect$inet(r5, &(0x7f0000004cc0)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) listen(0xffffffffffffffff, 0x80000002) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_subtree(r6, &(0x7f0000000080)=ANY=[], 0x10448) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r7, 0x29, 0x1d, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r6, 0x0) accept4(r5, 0x0, 0x0, 0x80000) kernel console output (not intermixed with test programs): e0: port 1(bridge_slave_0) entered forwarding state [ 199.294093][ T7937] netlink: 4 bytes leftover after parsing attributes in process `syz.0.428'. [ 200.004112][ T5856] Bluetooth: hci1: command 0x080f tx timeout [ 201.096373][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.103694][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.121041][ T7919] lo speed is unknown, defaulting to 1000 [ 201.342565][ T7963] netlink: 40 bytes leftover after parsing attributes in process `syz.3.433'. [ 201.381647][ T7965] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 201.471651][ T7965] FAULT_INJECTION: forcing a failure. [ 201.471651][ T7965] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 201.485719][ T7965] CPU: 0 UID: 0 PID: 7965 Comm: syz.0.432 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 201.485752][ T7965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 201.485774][ T7965] Call Trace: [ 201.485783][ T7965] [ 201.485793][ T7965] dump_stack_lvl+0x189/0x250 [ 201.485847][ T7965] ? __pfx____ratelimit+0x10/0x10 [ 201.485880][ T7965] ? __pfx_dump_stack_lvl+0x10/0x10 [ 201.485906][ T7965] ? __pfx__printk+0x10/0x10 [ 201.485938][ T7965] ? __might_fault+0xb0/0x130 [ 201.485980][ T7965] should_fail_ex+0x414/0x560 [ 201.486021][ T7965] _copy_from_iter+0x1db/0x16f0 [ 201.486050][ T7965] ? rcu_is_watching+0x15/0xb0 [ 201.486080][ T7965] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 201.486110][ T7965] ? __pfx__copy_from_iter+0x10/0x10 [ 201.486136][ T7965] ? __build_skb_around+0x257/0x3e0 [ 201.486173][ T7965] ? netlink_sendmsg+0x642/0xb30 [ 201.486204][ T7965] ? skb_put+0x11b/0x210 [ 201.486239][ T7965] netlink_sendmsg+0x6b2/0xb30 [ 201.486280][ T7965] ? __pfx_netlink_sendmsg+0x10/0x10 [ 201.486315][ T7965] ? aa_sock_msg_perm+0x94/0x160 [ 201.486353][ T7965] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 201.486374][ T7965] ? __pfx_netlink_sendmsg+0x10/0x10 [ 201.486405][ T7965] __sock_sendmsg+0x219/0x270 [ 201.486435][ T7965] ____sys_sendmsg+0x505/0x830 [ 201.486474][ T7965] ? __pfx_____sys_sendmsg+0x10/0x10 [ 201.486527][ T7965] ? import_iovec+0x74/0xa0 [ 201.486557][ T7965] ___sys_sendmsg+0x21f/0x2a0 [ 201.486578][ T7965] ? __pfx____sys_sendmsg+0x10/0x10 [ 201.486634][ T7965] ? __fget_files+0x2a/0x420 [ 201.486661][ T7965] ? __fget_files+0x3a0/0x420 [ 201.486697][ T7965] __x64_sys_sendmsg+0x19b/0x260 [ 201.486720][ T7965] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 201.486750][ T7965] ? __pfx_ksys_write+0x10/0x10 [ 201.486772][ T7965] ? rcu_is_watching+0x15/0xb0 [ 201.486800][ T7965] ? do_syscall_64+0xbe/0x3b0 [ 201.486835][ T7965] do_syscall_64+0xfa/0x3b0 [ 201.486875][ T7965] ? lockdep_hardirqs_on+0x9c/0x150 [ 201.486904][ T7965] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.486925][ T7965] ? clear_bhb_loop+0x60/0xb0 [ 201.486951][ T7965] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.486972][ T7965] RIP: 0033:0x7f319978e929 [ 201.486994][ T7965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 201.487014][ T7965] RSP: 002b:00007f319a61f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 201.487039][ T7965] RAX: ffffffffffffffda RBX: 00007f31999b5fa0 RCX: 00007f319978e929 [ 201.487055][ T7965] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 000000000000000c [ 201.487068][ T7965] RBP: 00007f319a61f090 R08: 0000000000000000 R09: 0000000000000000 [ 201.487082][ T7965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 201.487095][ T7965] R13: 0000000000000000 R14: 00007f31999b5fa0 R15: 00007ffd0dcf9a38 [ 201.487130][ T7965] [ 201.852061][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 201.893222][ T7973] netlink: 116 bytes leftover after parsing attributes in process `syz.3.435'. [ 202.055229][ T7619] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.111251][ T7619] veth0_vlan: entered promiscuous mode [ 202.157712][ T7619] veth1_vlan: entered promiscuous mode [ 202.215625][ T7975] netlink: 40 bytes leftover after parsing attributes in process `syz.4.436'. [ 202.322061][ T7985] netlink: 88 bytes leftover after parsing attributes in process `syz.3.438'. [ 202.372102][ T7987] netlink: 'syz.0.437': attribute type 1 has an invalid length. [ 202.395015][ T7619] veth0_macvtap: entered promiscuous mode [ 202.419707][ T7987] netlink: 224 bytes leftover after parsing attributes in process `syz.0.437'. [ 202.435513][ T7619] veth1_macvtap: entered promiscuous mode [ 202.542250][ T7990] bond0: entered promiscuous mode [ 202.559819][ T7990] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 202.648281][ T7990] bond0: left promiscuous mode [ 202.658123][ T7995] netlink: 'syz.3.439': attribute type 9 has an invalid length. [ 202.700820][ T7995] netlink: 'syz.3.439': attribute type 6 has an invalid length. [ 202.775110][ T7619] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 202.826470][ T7980] lo speed is unknown, defaulting to 1000 [ 202.998929][ T8002] openvswitch: netlink: Key 24 has unexpected len 2 expected 4 [ 203.337528][ T7619] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 203.552893][ T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.572939][ T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.661960][ T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.688460][ T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.939427][ T8016] netlink: 'syz.0.442': attribute type 39 has an invalid length. [ 204.134034][ T1148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.186275][ T1148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.272991][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.311774][ T7980] lo speed is unknown, defaulting to 1000 [ 204.338722][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 204.825138][ T8036] netlink: 40 bytes leftover after parsing attributes in process `syz.2.447'. [ 205.071990][ T8046] netlink: 132 bytes leftover after parsing attributes in process `syz.0.448'. [ 205.461338][ T59] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.622151][ T59] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.851291][ T59] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.050730][ T59] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.476024][ T59] bridge_slave_1: left allmulticast mode [ 206.512558][ T59] bridge_slave_1: left promiscuous mode [ 206.535084][ T8063] netlink: 88 bytes leftover after parsing attributes in process `syz.0.449'. [ 206.538701][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.604737][ T59] bridge_slave_0: left allmulticast mode [ 206.628596][ T59] bridge_slave_0: left promiscuous mode [ 206.634508][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.353322][ T5860] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 207.367331][ T5860] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 207.375986][ T5860] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 207.402876][ T5860] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 207.435796][ T5860] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 208.089014][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 208.122588][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 208.133675][ T59] bond0 (unregistering): Released all slaves [ 208.401792][ T8071] lo speed is unknown, defaulting to 1000 [ 208.460014][ T8088] netlink: 4 bytes leftover after parsing attributes in process `syz.0.453'. [ 208.530413][ T8090] netlink: 4 bytes leftover after parsing attributes in process `syz.0.453'. [ 208.620954][ T8086] netlink: 766 bytes leftover after parsing attributes in process `syz.0.453'. [ 208.687909][ T8089] IPv6: sit1: Disabled Multicast RS [ 208.729918][ T8089] sit1: entered allmulticast mode [ 208.777697][ T8094] netlink: 'syz.3.454': attribute type 1 has an invalid length. [ 209.037427][ T8071] lo speed is unknown, defaulting to 1000 [ 209.220998][ T8108] xt_socket: unknown flags 0xd0 [ 209.324612][ T8111] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.457'. [ 209.523564][ T5860] Bluetooth: hci0: command tx timeout [ 209.963677][ T59] hsr_slave_0: left promiscuous mode [ 209.989318][ T59] hsr_slave_1: left promiscuous mode [ 210.023703][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 210.062932][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 210.130589][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 210.138179][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 210.190119][ T8133] netlink: 88 bytes leftover after parsing attributes in process `syz.2.463'. [ 210.194199][ T59] veth1_macvtap: left promiscuous mode [ 210.205112][ T59] veth0_macvtap: left promiscuous mode [ 210.211132][ T59] veth1_vlan: left promiscuous mode [ 210.216537][ T59] veth0_vlan: left promiscuous mode [ 210.672601][ T59] team0 (unregistering): Port device team_slave_1 removed [ 210.715611][ T59] team0 (unregistering): Port device team_slave_0 removed [ 211.439771][ T8071] chnl_net:caif_netlink_parms(): no params data found [ 211.593775][ T8148] FAULT_INJECTION: forcing a failure. [ 211.593775][ T8148] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 211.638576][ T5860] Bluetooth: hci0: command tx timeout [ 211.678716][ T8148] CPU: 1 UID: 0 PID: 8148 Comm: syz.4.466 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 211.678751][ T8148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 211.678764][ T8148] Call Trace: [ 211.678791][ T8148] [ 211.678801][ T8148] dump_stack_lvl+0x189/0x250 [ 211.678835][ T8148] ? __pfx____ratelimit+0x10/0x10 [ 211.678867][ T8148] ? __pfx_dump_stack_lvl+0x10/0x10 [ 211.678894][ T8148] ? __pfx__printk+0x10/0x10 [ 211.678926][ T8148] ? __might_fault+0xb0/0x130 [ 211.678968][ T8148] should_fail_ex+0x414/0x560 [ 211.679019][ T8148] _copy_from_iter+0x1db/0x16f0 [ 211.679047][ T8148] ? rep_movs_alternative+0x4a/0x90 [ 211.679076][ T8148] ? __pfx__copy_from_iter+0x10/0x10 [ 211.679096][ T8148] ? sock_alloc_send_pskb+0x875/0x990 [ 211.679134][ T8148] ? __pfx__copy_from_iter+0x10/0x10 [ 211.679160][ T8148] ? page_copy_sane+0x16a/0x280 [ 211.679183][ T8148] copy_page_from_iter+0xdd/0x170 [ 211.679212][ T8148] skb_copy_datagram_from_iter+0x306/0x720 [ 211.679249][ T8148] tun_get_user+0x15c3/0x3ce0 [ 211.679298][ T8148] ? aa_file_perm+0x11f/0xed0 [ 211.679320][ T8148] ? __pfx_tun_get_user+0x10/0x10 [ 211.679342][ T8148] ? aa_file_perm+0x11f/0xed0 [ 211.679361][ T8148] ? aa_file_perm+0x3e7/0xed0 [ 211.679393][ T8148] ? ref_tracker_alloc+0x318/0x460 [ 211.679410][ T8148] ? __lock_acquire+0xab9/0xd20 [ 211.679436][ T8148] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 211.679476][ T8148] ? tun_get+0x1c/0x2f0 [ 211.679507][ T8148] ? tun_get+0x1c/0x2f0 [ 211.679530][ T8148] ? tun_get+0x1c/0x2f0 [ 211.679560][ T8148] tun_chr_write_iter+0x113/0x200 [ 211.679586][ T8148] vfs_write+0x54b/0xa90 [ 211.679618][ T8148] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 211.679645][ T8148] ? __pfx_vfs_write+0x10/0x10 [ 211.679679][ T8148] ? __fget_files+0x2a/0x420 [ 211.679716][ T8148] ksys_write+0x145/0x250 [ 211.679747][ T8148] ? __pfx_ksys_write+0x10/0x10 [ 211.679777][ T8148] ? do_syscall_64+0xbe/0x3b0 [ 211.679811][ T8148] do_syscall_64+0xfa/0x3b0 [ 211.679839][ T8148] ? lockdep_hardirqs_on+0x9c/0x150 [ 211.679868][ T8148] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.679888][ T8148] ? clear_bhb_loop+0x60/0xb0 [ 211.679914][ T8148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.679935][ T8148] RIP: 0033:0x7f2f6658e929 [ 211.679956][ T8148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.679973][ T8148] RSP: 002b:00007f2f673e4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 211.679996][ T8148] RAX: ffffffffffffffda RBX: 00007f2f667b6160 RCX: 00007f2f6658e929 [ 211.680011][ T8148] RDX: 000000000000fdef RSI: 00002000000005c0 RDI: 0000000000000003 [ 211.680036][ T8148] RBP: 00007f2f673e4090 R08: 0000000000000000 R09: 0000000000000000 [ 211.680048][ T8148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 211.680060][ T8148] R13: 0000000000000001 R14: 00007f2f667b6160 R15: 00007ffda6b178b8 [ 211.680095][ T8148] [ 212.756821][ T8071] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.782628][ T8071] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.818859][ T8071] bridge_slave_0: entered allmulticast mode [ 212.840546][ T8071] bridge_slave_0: entered promiscuous mode [ 212.874458][ T8071] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.902548][ T8071] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.921300][ T8071] bridge_slave_1: entered allmulticast mode [ 212.966505][ T8071] bridge_slave_1: entered promiscuous mode [ 213.246572][ T8071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 213.311335][ T8071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 213.605469][ T8071] team0: Port device team_slave_0 added [ 213.684411][ T5860] Bluetooth: hci0: command tx timeout [ 213.712412][ T8071] team0: Port device team_slave_1 added [ 213.802546][ T8071] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 213.818258][ T8071] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.942082][ T8071] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 213.990867][ T8071] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 214.008194][ T8071] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 214.090642][ T8071] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 214.156654][ T8240] netlink: 56 bytes leftover after parsing attributes in process `syz.2.498'. [ 214.184949][ T8240] netlink: 56 bytes leftover after parsing attributes in process `syz.2.498'. [ 214.207710][ T8240] netlink: 56 bytes leftover after parsing attributes in process `syz.2.498'. [ 214.221343][ T8242] netlink: 132 bytes leftover after parsing attributes in process `syz.4.499'. [ 214.368548][ T8071] hsr_slave_0: entered promiscuous mode [ 214.393057][ T8071] hsr_slave_1: entered promiscuous mode [ 214.417773][ T8071] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 214.444321][ T8071] Cannot create hsr debugfs directory [ 214.792211][ T8259] netlink: 'syz.4.505': attribute type 6 has an invalid length. [ 214.852113][ T8259] netlink: 'syz.4.505': attribute type 7 has an invalid length. [ 214.901401][ T8259] netlink: 13182 bytes leftover after parsing attributes in process `syz.4.505'. [ 215.027465][ T8272] netlink: 'syz.2.510': attribute type 29 has an invalid length. [ 215.088938][ T8274] netlink: 'syz.2.510': attribute type 29 has an invalid length. [ 215.115201][ T8272] netlink: 'syz.2.510': attribute type 29 has an invalid length. [ 215.149449][ T8272] netlink: 'syz.2.510': attribute type 29 has an invalid length. [ 215.380141][ T8291] netlink: 'syz.2.514': attribute type 2 has an invalid length. [ 215.392917][ T8291] netlink: 164 bytes leftover after parsing attributes in process `syz.2.514'. [ 215.516937][ T8290] netlink: 'syz.3.515': attribute type 29 has an invalid length. [ 215.551528][ T8292] netlink: 'syz.3.515': attribute type 29 has an invalid length. [ 215.569871][ T8295] netlink: 'syz.3.515': attribute type 29 has an invalid length. [ 215.760347][ T5860] Bluetooth: hci0: command tx timeout [ 218.387524][ T8071] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 218.411968][ T8071] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 219.601486][ T36] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 220.378711][ T8071] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 220.390142][ T8071] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 223.039843][ T8411] netlink: 96 bytes leftover after parsing attributes in process `syz.3.557'. [ 223.075196][ T8071] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.174024][ T8071] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.232474][ T8419] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 223.262455][ T1109] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.269740][ T1109] bridge0: port 1(bridge_slave_0) entered forwarding state [ 223.315691][ T1109] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.323061][ T1109] bridge0: port 2(bridge_slave_1) entered forwarding state [ 223.604460][ T8430] veth1_macvtap: left promiscuous mode [ 223.640417][ T8430] macsec0: entered promiscuous mode [ 223.883861][ T8441] netlink: 8 bytes leftover after parsing attributes in process `syz.0.569'. [ 223.937280][ T8443] syzkaller0: entered promiscuous mode [ 223.957008][ T8443] syzkaller0: entered allmulticast mode [ 224.043761][ T8450] ip6gre1: entered allmulticast mode [ 224.240918][ T5853] Bluetooth: hci4: command 0x0406 tx timeout [ 224.242081][ T51] Bluetooth: hci1: command 0x080f tx timeout [ 224.247888][ T5853] Bluetooth: hci2: command 0x0406 tx timeout [ 224.254947][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 224.317650][ T8071] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 224.423499][ T8071] veth0_vlan: entered promiscuous mode [ 224.459054][ T8071] veth1_vlan: entered promiscuous mode [ 224.538816][ T8467] validate_nla: 4 callbacks suppressed [ 224.538854][ T8467] netlink: 'syz.4.574': attribute type 3 has an invalid length. [ 224.606196][ T8071] veth0_macvtap: entered promiscuous mode [ 224.623159][ T8467] netlink: 28 bytes leftover after parsing attributes in process `syz.4.574'. [ 224.666586][ T8071] veth1_macvtap: entered promiscuous mode [ 224.754514][ T8071] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 224.853570][ T8071] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 224.926424][ T37] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.963100][ T37] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.975989][ T37] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.041545][ T8479] veth1_macvtap: left promiscuous mode [ 225.068688][ T8479] macsec0: entered promiscuous mode [ 225.195131][ T37] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.238566][ T8485] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 225.568701][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.618824][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.736174][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.757777][ T8506] xt_hashlimit: size too large, truncated to 1048576 [ 225.764758][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 226.855450][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.172296][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.336175][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.425708][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.636759][ T12] bridge_slave_1: left allmulticast mode [ 227.648218][ T12] bridge_slave_1: left promiscuous mode [ 227.654276][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.669717][ T12] bridge_slave_0: left allmulticast mode [ 227.675453][ T12] bridge_slave_0: left promiscuous mode [ 227.688094][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.735940][ T5863] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 228.759576][ T5863] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 228.768862][ T5863] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 228.784696][ T5863] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 228.803873][ T5863] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 228.947825][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 228.966985][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 228.990065][ T12] bond0 (unregistering): Released all slaves [ 229.116807][ T8569] tipc: Enabling of bearer rejected, failed to enable media [ 230.057658][ T8580] lo speed is unknown, defaulting to 1000 [ 230.199652][ T8604] netlink: 'syz.4.607': attribute type 16 has an invalid length. [ 230.230885][ T8604] netlink: 'syz.4.607': attribute type 17 has an invalid length. [ 230.652566][ T8604] 8021q: adding VLAN 0 to HW filter on device bond0 [ 230.698149][ T8604] 8021q: adding VLAN 0 to HW filter on device team0 [ 230.748902][ T8604] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 230.878605][ T5860] Bluetooth: hci0: command tx timeout [ 231.218562][ T8580] lo speed is unknown, defaulting to 1000 [ 232.188547][ T12] hsr_slave_0: left promiscuous mode [ 232.228575][ T12] hsr_slave_1: left promiscuous mode [ 232.235047][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 232.251682][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 232.266975][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 232.275202][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 232.340282][ T12] veth1_macvtap: left promiscuous mode [ 232.347450][ T12] veth0_macvtap: left promiscuous mode [ 232.355525][ T12] veth1_vlan: left promiscuous mode [ 232.361402][ T12] veth0_vlan: left promiscuous mode [ 232.962608][ T5860] Bluetooth: hci0: command tx timeout [ 233.662312][ T12] team0 (unregistering): Port device team_slave_1 removed [ 233.712215][ T12] team0 (unregistering): Port device team_slave_0 removed [ 234.167686][ T8650] netlink: 8 bytes leftover after parsing attributes in process `syz.4.622'. [ 234.576057][ T8580] chnl_net:caif_netlink_parms(): no params data found [ 234.659094][ T8704] xt_l2tp: v2 doesn't support IP mode [ 235.044491][ T5860] Bluetooth: hci0: command tx timeout [ 235.540057][ T8580] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.547886][ T8580] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.674781][ T8580] bridge_slave_0: entered allmulticast mode [ 235.695306][ T8580] bridge_slave_0: entered promiscuous mode [ 235.725922][ T8580] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.757943][ T8580] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.782521][ T8580] bridge_slave_1: entered allmulticast mode [ 235.833157][ T8580] bridge_slave_1: entered promiscuous mode [ 236.026767][ T8580] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 236.074260][ T8580] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 236.262608][ T8761] netlink: 'syz.4.665': attribute type 5 has an invalid length. [ 236.356208][ T8580] team0: Port device team_slave_0 added [ 236.548190][ T8771] netlink: 80 bytes leftover after parsing attributes in process `syz.4.669'. [ 236.591468][ T8580] team0: Port device team_slave_1 added [ 236.817159][ T8580] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 236.852521][ T8580] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 236.916381][ T8580] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 236.949151][ T8580] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 236.966462][ T8580] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 237.068725][ T8580] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 237.128704][ T5860] Bluetooth: hci0: command tx timeout [ 237.149647][ T8794] netlink: 12 bytes leftover after parsing attributes in process `syz.3.677'. [ 237.267371][ T8580] hsr_slave_0: entered promiscuous mode [ 237.294542][ T8580] hsr_slave_1: entered promiscuous mode [ 237.323217][ T8580] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 237.337295][ T8580] Cannot create hsr debugfs directory [ 237.703155][ T8815] netlink: 'syz.3.683': attribute type 1 has an invalid length. [ 237.742248][ T8815] netlink: 224 bytes leftover after parsing attributes in process `syz.3.683'. [ 237.839789][ T8815] bond0: entered promiscuous mode [ 237.854432][ T8815] bond_slave_0: entered promiscuous mode [ 237.862812][ T8815] bond_slave_1: entered promiscuous mode [ 237.873581][ T8815] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 237.886391][ T8815] bond0: left promiscuous mode [ 237.891976][ T8815] bond_slave_0: left promiscuous mode [ 237.901511][ T8815] bond_slave_1: left promiscuous mode [ 238.245478][ T8832] netlink: 88 bytes leftover after parsing attributes in process `syz.4.685'. [ 238.554836][ T8841] netlink: 'syz.3.689': attribute type 2 has an invalid length. [ 238.614057][ T8842] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.689'. [ 238.727080][ T8842] netlink: 'syz.3.689': attribute type 21 has an invalid length. [ 238.875713][ T8848] tipc: Enabled bearer , priority 0 [ 238.886891][ T8846] af_packet: tpacket_rcv: packet too big, clamped from 3954 to 3710. macoff=82 [ 238.914152][ T8847] syzkaller0: entered promiscuous mode [ 238.947347][ T8847] syzkaller0: entered allmulticast mode [ 239.174234][ T8849] lo speed is unknown, defaulting to 1000 [ 239.190300][ T8855] openvswitch: netlink: Unexpected mask (mask=c0, allowed=10048) [ 239.299154][ T8854] tipc: Resetting bearer [ 239.487863][ T8843] tipc: Resetting bearer [ 239.579566][ T8843] tipc: Disabling bearer [ 239.954808][ T8580] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 240.000069][ T8580] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 240.025975][ T8849] lo speed is unknown, defaulting to 1000 [ 240.034989][ T8580] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 240.059112][ T8580] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 240.408164][ T8882] netlink: 'syz.2.695': attribute type 10 has an invalid length. [ 240.442858][ T8882] netlink: 'syz.2.695': attribute type 5 has an invalid length. [ 240.477683][ T8882] netlink: 732 bytes leftover after parsing attributes in process `syz.2.695'. [ 240.513756][ T8882] netlink: 12 bytes leftover after parsing attributes in process `syz.2.695'. [ 240.683507][ T8580] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.754093][ T8580] 8021q: adding VLAN 0 to HW filter on device team0 [ 240.785235][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.792523][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.877787][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.885083][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.346554][ T8903] netlink: 88 bytes leftover after parsing attributes in process `syz.2.699'. [ 241.366210][ T5860] Bluetooth: hci0: command tx timeout [ 241.890381][ T8580] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 242.074639][ T8580] veth0_vlan: entered promiscuous mode [ 242.110477][ T8926] delete_channel: no stack [ 242.139495][ T8580] veth1_vlan: entered promiscuous mode [ 242.286285][ T8580] veth0_macvtap: entered promiscuous mode [ 242.383609][ T8580] veth1_macvtap: entered promiscuous mode [ 242.400649][ T8945] netlink: 48 bytes leftover after parsing attributes in process `syz.4.709'. [ 242.519436][ T8949] syzkaller1: entered promiscuous mode [ 242.536198][ T8949] syzkaller1: entered allmulticast mode [ 242.569739][ T8580] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 242.609260][ T8580] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 242.706222][ T59] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.735967][ T59] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.787503][ T59] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.811154][ T59] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.880625][ T8949] lo speed is unknown, defaulting to 1000 [ 243.099292][ T8963] netlink: 88 bytes leftover after parsing attributes in process `syz.4.714'. [ 243.136839][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.156597][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.390526][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.409501][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.646432][ T8971] netlink: 20 bytes leftover after parsing attributes in process `syz.3.718'. [ 243.800541][ T8974] netlink: 'syz.4.720': attribute type 12 has an invalid length. [ 243.821419][ T8974] netlink: 'syz.4.720': attribute type 29 has an invalid length. [ 243.832875][ T8974] netlink: 148 bytes leftover after parsing attributes in process `syz.4.720'. [ 244.168234][ T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.339285][ T8949] lo speed is unknown, defaulting to 1000 [ 244.399360][ T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.506154][ T36] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.629922][ T36] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.946849][ T36] bridge_slave_1: left allmulticast mode [ 244.952706][ T36] bridge_slave_1: left promiscuous mode [ 244.959050][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.970707][ T36] bridge_slave_0: left allmulticast mode [ 244.976403][ T36] bridge_slave_0: left promiscuous mode [ 244.982974][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.851004][ T5863] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 245.862827][ T5863] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 245.880840][ T5863] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 245.919648][ T5863] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 245.929696][ T5863] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 246.145843][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 246.159319][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 246.181211][ T36] bond0 (unregistering): Released all slaves [ 246.821079][ T9010] lo speed is unknown, defaulting to 1000 [ 247.694970][ T9050] netlink: 'syz.0.734': attribute type 11 has an invalid length. [ 247.777322][ T9010] lo speed is unknown, defaulting to 1000 [ 247.861428][ T9055] netlink: 8 bytes leftover after parsing attributes in process `syz.2.736'. [ 247.889448][ T9058] netlink: 'syz.3.735': attribute type 3 has an invalid length. [ 247.937041][ T9058] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.735'. [ 247.970538][ T9059] netlink: 'syz.2.736': attribute type 1 has an invalid length. [ 247.998777][ T5860] Bluetooth: hci0: command tx timeout [ 248.036248][ T9059] netlink: 172 bytes leftover after parsing attributes in process `syz.2.736'. [ 248.065896][ T9059] netlink: 'syz.2.736': attribute type 1 has an invalid length. [ 248.766001][ T9069] macsec1: entered allmulticast mode [ 249.057472][ T36] hsr_slave_0: left promiscuous mode [ 249.065279][ T9084] netlink: 'syz.2.742': attribute type 1 has an invalid length. [ 249.074398][ T9084] netlink: 236 bytes leftover after parsing attributes in process `syz.2.742'. [ 249.083788][ T36] hsr_slave_1: left promiscuous mode [ 249.115698][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 249.138003][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 249.157666][ T9087] netlink: 236 bytes leftover after parsing attributes in process `syz.2.742'. [ 249.180129][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 249.187632][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 249.265022][ T36] veth1_macvtap: left promiscuous mode [ 249.295390][ T36] veth0_macvtap: left promiscuous mode [ 249.308730][ T36] veth1_vlan: left promiscuous mode [ 249.323340][ T36] veth0_vlan: left promiscuous mode [ 250.079082][ T5860] Bluetooth: hci0: command tx timeout [ 250.683572][ T36] team0 (unregistering): Port device team_slave_1 removed [ 250.726584][ T36] team0 (unregistering): Port device team_slave_0 removed [ 251.158629][ T9102] netlink: 28 bytes leftover after parsing attributes in process `syz.0.744'. [ 251.171753][ T9102] netlink: 28 bytes leftover after parsing attributes in process `syz.0.744'. [ 251.572946][ T9134] netlink: 'syz.0.748': attribute type 1 has an invalid length. [ 251.598934][ T3017] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 251.625878][ T9134] netlink: 224 bytes leftover after parsing attributes in process `syz.0.748'. [ 251.637017][ T9010] chnl_net:caif_netlink_parms(): no params data found [ 251.788947][ T9139] bond0: entered promiscuous mode [ 251.794928][ T9139] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 251.797262][ T9132] netlink: 40 bytes leftover after parsing attributes in process `syz.4.749'. [ 251.872747][ T9139] bond0: left promiscuous mode [ 252.174747][ T5860] Bluetooth: hci0: command tx timeout [ 252.365392][ T9164] ÿ: renamed from bond_slave_0 [ 252.385514][ T9132] lo speed is unknown, defaulting to 1000 [ 252.562983][ T9010] bridge0: port 1(bridge_slave_0) entered blocking state [ 252.594817][ T9169] netlink: 24 bytes leftover after parsing attributes in process `syz.0.756'. [ 252.602911][ T9010] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.636737][ T9010] bridge_slave_0: entered allmulticast mode [ 252.669540][ T9010] bridge_slave_0: entered promiscuous mode [ 252.687620][ T9010] bridge0: port 2(bridge_slave_1) entered blocking state [ 252.714187][ T9010] bridge0: port 2(bridge_slave_1) entered disabled state [ 252.758978][ T9010] bridge_slave_1: entered allmulticast mode [ 252.781341][ T9010] bridge_slave_1: entered promiscuous mode [ 252.849874][ T9172] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 252.858043][ T9172] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 252.925446][ T9172] netlink: 'syz.3.757': attribute type 2 has an invalid length. [ 253.124495][ T9177] netlink: 24 bytes leftover after parsing attributes in process `syz.2.759'. [ 253.212976][ T9010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 253.252466][ T9010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 253.428296][ T9188] netlink: 20 bytes leftover after parsing attributes in process `syz.2.763'. [ 253.570471][ T9010] team0: Port device team_slave_0 added [ 253.611594][ T9010] team0: Port device team_slave_1 added [ 253.637397][ T9193] netlink: 212280 bytes leftover after parsing attributes in process `syz.2.765'. [ 253.699692][ T9132] lo speed is unknown, defaulting to 1000 [ 253.811739][ T9198] netlink: 'syz.2.765': attribute type 29 has an invalid length. [ 253.830033][ T9193] netlink: 'syz.2.765': attribute type 29 has an invalid length. [ 253.869322][ T9010] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 253.876372][ T9010] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 253.905247][ T9010] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 253.919876][ T9010] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 253.930287][ T9010] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 253.962953][ T9010] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 254.020503][ T9197] lo speed is unknown, defaulting to 1000 [ 254.223882][ T9212] FAULT_INJECTION: forcing a failure. [ 254.223882][ T9212] name failslab, interval 1, probability 0, space 0, times 0 [ 254.242842][ T5860] Bluetooth: hci0: command tx timeout [ 254.247818][ T9212] CPU: 0 UID: 0 PID: 9212 Comm: syz.0.769 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 254.247861][ T9212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 254.247948][ T9212] Call Trace: [ 254.247960][ T9212] [ 254.247973][ T9212] dump_stack_lvl+0x189/0x250 [ 254.248103][ T9212] ? __pfx____ratelimit+0x10/0x10 [ 254.248142][ T9212] ? __pfx_dump_stack_lvl+0x10/0x10 [ 254.248171][ T9212] ? __pfx__printk+0x10/0x10 [ 254.248215][ T9212] ? __pfx___might_resched+0x10/0x10 [ 254.248248][ T9212] ? fs_reclaim_acquire+0x7d/0x100 [ 254.248291][ T9212] should_fail_ex+0x414/0x560 [ 254.248333][ T9212] should_failslab+0xa8/0x100 [ 254.248362][ T9212] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 254.248389][ T9212] ? __alloc_skb+0x112/0x2d0 [ 254.248423][ T9212] __alloc_skb+0x112/0x2d0 [ 254.248455][ T9212] netlink_ack+0x146/0xa50 [ 254.248483][ T9212] ? __pfx___mutex_trylock_common+0x10/0x10 [ 254.248617][ T9212] ? rcu_is_watching+0x15/0xb0 [ 254.248670][ T9212] netlink_rcv_skb+0x28c/0x470 [ 254.248710][ T9212] ? __pfx_xfrm_user_rcv_msg+0x10/0x10 [ 254.248749][ T9212] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 254.248798][ T9212] ? netlink_deliver_tap+0x2e/0x1b0 [ 254.248826][ T9212] ? netlink_deliver_tap+0x2e/0x1b0 [ 254.248856][ T9212] xfrm_netlink_rcv+0x79/0x90 [ 254.248886][ T9212] netlink_unicast+0x758/0x8d0 [ 254.248926][ T9212] netlink_sendmsg+0x805/0xb30 [ 254.248974][ T9212] ? __pfx_netlink_sendmsg+0x10/0x10 [ 254.249014][ T9212] ? aa_sock_msg_perm+0x94/0x160 [ 254.249060][ T9212] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 254.249088][ T9212] ? __pfx_netlink_sendmsg+0x10/0x10 [ 254.249123][ T9212] __sock_sendmsg+0x219/0x270 [ 254.249167][ T9212] ____sys_sendmsg+0x505/0x830 [ 254.249221][ T9212] ? __pfx_____sys_sendmsg+0x10/0x10 [ 254.249274][ T9212] ? import_iovec+0x74/0xa0 [ 254.249310][ T9212] ___sys_sendmsg+0x21f/0x2a0 [ 254.249338][ T9212] ? __pfx____sys_sendmsg+0x10/0x10 [ 254.249411][ T9212] ? __fget_files+0x2a/0x420 [ 254.249447][ T9212] ? __fget_files+0x3a0/0x420 [ 254.249495][ T9212] __x64_sys_sendmsg+0x19b/0x260 [ 254.249525][ T9212] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 254.249563][ T9212] ? __pfx_ksys_write+0x10/0x10 [ 254.249591][ T9212] ? rcu_is_watching+0x15/0xb0 [ 254.249625][ T9212] ? do_syscall_64+0xbe/0x3b0 [ 254.249668][ T9212] do_syscall_64+0xfa/0x3b0 [ 254.249710][ T9212] ? lockdep_hardirqs_on+0x9c/0x150 [ 254.249745][ T9212] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.249775][ T9212] ? clear_bhb_loop+0x60/0xb0 [ 254.249806][ T9212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.249896][ T9212] RIP: 0033:0x7f319978e929 [ 254.249933][ T9212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.249956][ T9212] RSP: 002b:00007f319a61f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 254.250000][ T9212] RAX: ffffffffffffffda RBX: 00007f31999b5fa0 RCX: 00007f319978e929 [ 254.250018][ T9212] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000003 [ 254.250033][ T9212] RBP: 00007f319a61f090 R08: 0000000000000000 R09: 0000000000000000 [ 254.250049][ T9212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 254.250062][ T9212] R13: 0000000000000000 R14: 00007f31999b5fa0 R15: 00007ffd0dcf9a38 [ 254.250101][ T9212] [ 254.681730][ T9010] hsr_slave_0: entered promiscuous mode [ 254.707920][ T9010] hsr_slave_1: entered promiscuous mode [ 254.741564][ T9010] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 254.767588][ T9010] Cannot create hsr debugfs directory [ 254.812001][ T9197] lo speed is unknown, defaulting to 1000 [ 254.994701][ T9224] netlink: 'syz.3.771': attribute type 2 has an invalid length. [ 255.085254][ T9228] netlink: 592 bytes leftover after parsing attributes in process `syz.3.771'. [ 255.120906][ T9228] netlink: 24 bytes leftover after parsing attributes in process `syz.3.771'. [ 255.154910][ T9224] þ`Ì: entered promiscuous mode [ 255.793655][ T9244] FAULT_INJECTION: forcing a failure. [ 255.793655][ T9244] name failslab, interval 1, probability 0, space 0, times 0 [ 255.816878][ T9244] CPU: 0 UID: 0 PID: 9244 Comm: syz.0.775 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 255.816918][ T9244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 255.816933][ T9244] Call Trace: [ 255.816943][ T9244] [ 255.816953][ T9244] dump_stack_lvl+0x189/0x250 [ 255.816989][ T9244] ? __pfx____ratelimit+0x10/0x10 [ 255.817018][ T9244] ? __pfx_dump_stack_lvl+0x10/0x10 [ 255.817044][ T9244] ? __pfx__printk+0x10/0x10 [ 255.817079][ T9244] ? __pfx___might_resched+0x10/0x10 [ 255.817104][ T9244] ? fs_reclaim_acquire+0x7d/0x100 [ 255.817143][ T9244] should_fail_ex+0x414/0x560 [ 255.817182][ T9244] ? rhashtable_init_noprof+0x4ee/0xbb0 [ 255.817205][ T9244] should_failslab+0xa8/0x100 [ 255.817237][ T9244] __kvmalloc_node_noprof+0x161/0x5f0 [ 255.817266][ T9244] ? rhashtable_init_noprof+0x4ee/0xbb0 [ 255.817295][ T9244] rhashtable_init_noprof+0x4ee/0xbb0 [ 255.817349][ T9244] rhltable_init_noprof+0x1e/0x60 [ 255.817383][ T9244] nf_tables_newtable+0x68f/0x1890 [ 255.817445][ T9244] nfnetlink_rcv+0x112f/0x2520 [ 255.817503][ T9244] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 255.817545][ T9244] ? ref_tracker_free+0x63a/0x7d0 [ 255.817600][ T9244] ? __netlink_deliver_tap+0x807/0x850 [ 255.817640][ T9244] ? netlink_deliver_tap+0x2e/0x1b0 [ 255.817668][ T9244] ? netlink_deliver_tap+0x2e/0x1b0 [ 255.817700][ T9244] netlink_unicast+0x758/0x8d0 [ 255.817739][ T9244] netlink_sendmsg+0x805/0xb30 [ 255.817778][ T9244] ? __pfx_netlink_sendmsg+0x10/0x10 [ 255.817812][ T9244] ? aa_sock_msg_perm+0x94/0x160 [ 255.817848][ T9244] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 255.817868][ T9244] ? __pfx_netlink_sendmsg+0x10/0x10 [ 255.817899][ T9244] __sock_sendmsg+0x219/0x270 [ 255.817936][ T9244] ____sys_sendmsg+0x505/0x830 [ 255.817978][ T9244] ? __pfx_____sys_sendmsg+0x10/0x10 [ 255.818021][ T9244] ? import_iovec+0x74/0xa0 [ 255.818051][ T9244] ___sys_sendmsg+0x21f/0x2a0 [ 255.818074][ T9244] ? __pfx____sys_sendmsg+0x10/0x10 [ 255.818137][ T9244] ? __fget_files+0x2a/0x420 [ 255.818166][ T9244] ? __fget_files+0x3a0/0x420 [ 255.818208][ T9244] __x64_sys_sendmsg+0x19b/0x260 [ 255.818231][ T9244] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 255.818259][ T9244] ? __pfx_ksys_write+0x10/0x10 [ 255.818279][ T9244] ? rcu_is_watching+0x15/0xb0 [ 255.818308][ T9244] ? do_syscall_64+0xbe/0x3b0 [ 255.818339][ T9244] do_syscall_64+0xfa/0x3b0 [ 255.818366][ T9244] ? lockdep_hardirqs_on+0x9c/0x150 [ 255.818400][ T9244] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.818419][ T9244] ? clear_bhb_loop+0x60/0xb0 [ 255.818445][ T9244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.818466][ T9244] RIP: 0033:0x7f319978e929 [ 255.818486][ T9244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 255.818504][ T9244] RSP: 002b:00007f319a61f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 255.818526][ T9244] RAX: ffffffffffffffda RBX: 00007f31999b5fa0 RCX: 00007f319978e929 [ 255.818541][ T9244] RDX: 0000000000040000 RSI: 0000200000000d00 RDI: 0000000000000003 [ 255.818555][ T9244] RBP: 00007f319a61f090 R08: 0000000000000000 R09: 0000000000000000 [ 255.818566][ T9244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 255.818577][ T9244] R13: 0000000000000000 R14: 00007f31999b5fa0 R15: 00007ffd0dcf9a38 [ 255.818610][ T9244] [ 256.175525][ T9244] netlink: 36 bytes leftover after parsing attributes in process `syz.0.775'. [ 256.187855][ T9238] xt_CT: No such helper "snmp" [ 256.397147][ T9247] netlink: 12 bytes leftover after parsing attributes in process `syz.0.776'. [ 256.474214][ T9248] netlink: 36 bytes leftover after parsing attributes in process `syz.0.776'. [ 256.585471][ T9251] netlink: 232 bytes leftover after parsing attributes in process `syz.3.777'. [ 256.861444][ T9257] IPv6: addrconf: prefix option has invalid lifetime [ 256.890264][ T9257] netlink: 'syz.3.780': attribute type 7 has an invalid length. [ 256.925615][ T5930] IPVS: starting estimator thread 0... [ 257.018795][ T9259] IPVS: using max 30 ests per chain, 72000 per kthread [ 257.330219][ T9268] netlink: 16 bytes leftover after parsing attributes in process `syz.3.783'. [ 257.767142][ T9277] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 257.813442][ T9277] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.102288][ T9277] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 258.150401][ T9277] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.343451][ T9277] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 258.388693][ T9277] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.677997][ T9299] 8021q: adding VLAN 0 to HW filter on device bond1 [ 258.754167][ T9277] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 258.771248][ T9277] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.789527][ T9313] FAULT_INJECTION: forcing a failure. [ 258.789527][ T9313] name fail_futex, interval 1, probability 0, space 0, times 1 [ 258.814580][ T9313] CPU: 1 UID: 0 PID: 9313 Comm: syz.0.791 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 258.814617][ T9313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 258.814631][ T9313] Call Trace: [ 258.814640][ T9313] [ 258.814650][ T9313] dump_stack_lvl+0x189/0x250 [ 258.814685][ T9313] ? __pfx____ratelimit+0x10/0x10 [ 258.814718][ T9313] ? __pfx_dump_stack_lvl+0x10/0x10 [ 258.814745][ T9313] ? __pfx__printk+0x10/0x10 [ 258.814793][ T9313] should_fail_ex+0x414/0x560 [ 258.814839][ T9313] get_futex_key+0x1a8/0x1640 [ 258.814874][ T9313] ? look_up_lock_class+0x74/0x170 [ 258.814912][ T9313] ? __pfx_get_futex_key+0x10/0x10 [ 258.814942][ T9313] ? __lock_acquire+0xab9/0xd20 [ 258.814976][ T9313] futex_wake+0xf8/0x560 [ 258.815005][ T9313] ? __pfx_futex_wake+0x10/0x10 [ 258.815030][ T9313] ? __lock_acquire+0xab9/0xd20 [ 258.815065][ T9313] do_futex+0x395/0x420 [ 258.815106][ T9313] ? __pfx_do_futex+0x10/0x10 [ 258.815141][ T9313] ? __might_fault+0xb0/0x130 [ 258.815174][ T9313] mm_release+0x188/0x390 [ 258.815202][ T9313] ? __pfx_mm_release+0x10/0x10 [ 258.815228][ T9313] ? lockdep_hardirqs_on+0x9c/0x150 [ 258.815277][ T9313] exit_mm+0xa8/0x2c0 [ 258.815311][ T9313] ? __pfx_exit_mm+0x10/0x10 [ 258.815347][ T9313] ? rcu_is_watching+0x15/0xb0 [ 258.815379][ T9313] do_exit+0x648/0x22e0 [ 258.815418][ T9313] ? do_raw_spin_lock+0x121/0x290 [ 258.815452][ T9313] ? __pfx_do_exit+0x10/0x10 [ 258.815503][ T9313] do_group_exit+0x21c/0x2d0 [ 258.815535][ T9313] ? lockdep_hardirqs_on+0x9c/0x150 [ 258.815566][ T9313] get_signal+0x1286/0x1340 [ 258.815615][ T9313] arch_do_signal_or_restart+0x9a/0x750 [ 258.815654][ T9313] ? do_tee+0xbd5/0xe00 [ 258.815688][ T9313] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 258.815741][ T9313] ? exit_to_user_mode_loop+0x40/0x110 [ 258.815770][ T9313] exit_to_user_mode_loop+0x75/0x110 [ 258.815794][ T9313] do_syscall_64+0x2bd/0x3b0 [ 258.815823][ T9313] ? lockdep_hardirqs_on+0x9c/0x150 [ 258.815851][ T9313] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.815873][ T9313] ? clear_bhb_loop+0x60/0xb0 [ 258.815899][ T9313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.815920][ T9313] RIP: 0033:0x7f319978e929 [ 258.815940][ T9313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 258.815960][ T9313] RSP: 002b:00007f319a5fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000114 [ 258.815985][ T9313] RAX: 0000000000000001 RBX: 00007f31999b6080 RCX: 00007f319978e929 [ 258.816000][ T9313] RDX: 00000000000008f5 RSI: 000000000000000b RDI: 0000000000000006 [ 258.816013][ T9313] RBP: 00007f319a5fe090 R08: 0000000000000000 R09: 0000000000000000 [ 258.816038][ T9313] R10: 0100000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 258.816052][ T9313] R13: 0000000000000000 R14: 00007f31999b6080 R15: 00007ffd0dcf9a38 [ 258.816085][ T9313] [ 259.122144][ T9314] __nla_validate_parse: 2 callbacks suppressed [ 259.122186][ T9314] netlink: 8 bytes leftover after parsing attributes in process `syz.4.789'. [ 259.151223][ T9314] netlink: 8 bytes leftover after parsing attributes in process `syz.4.789'. [ 259.160442][ T9314] netlink: 8 bytes leftover after parsing attributes in process `syz.4.789'. [ 259.171146][ T9314] netlink: 8 bytes leftover after parsing attributes in process `syz.4.789'. [ 259.180292][ T9314] netlink: 8 bytes leftover after parsing attributes in process `syz.4.789'. [ 259.206388][ T9314] netlink: 8 bytes leftover after parsing attributes in process `syz.4.789'. [ 259.246920][ T9314] netlink: 8 bytes leftover after parsing attributes in process `syz.4.789'. [ 259.260986][ T9314] netlink: 8 bytes leftover after parsing attributes in process `syz.4.789'. [ 259.271901][ T9314] netlink: 8 bytes leftover after parsing attributes in process `syz.4.789'. [ 259.288250][ T9314] netlink: 8 bytes leftover after parsing attributes in process `syz.4.789'. [ 259.318901][ T9300] lo speed is unknown, defaulting to 1000 [ 259.484604][ T9010] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 259.536319][ T9010] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 259.596693][ T9010] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 259.622167][ T9010] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 259.672399][ T1148] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 259.683706][ T1148] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.758129][ T9029] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 259.767318][ T9341] Bluetooth: MGMT ver 1.23 [ 259.774752][ T9029] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.850646][ T9300] lo speed is unknown, defaulting to 1000 [ 259.850666][ T9029] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 259.871881][ T9029] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.928077][ T9029] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 259.937021][ T9029] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.951745][ T9345] FAULT_INJECTION: forcing a failure. [ 259.951745][ T9345] name failslab, interval 1, probability 0, space 0, times 0 [ 259.965104][ T9345] CPU: 0 UID: 0 PID: 9345 Comm: syz.3.796 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 259.965139][ T9345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 259.965154][ T9345] Call Trace: [ 259.965163][ T9345] [ 259.965173][ T9345] dump_stack_lvl+0x189/0x250 [ 259.965208][ T9345] ? __pfx____ratelimit+0x10/0x10 [ 259.965240][ T9345] ? __pfx_dump_stack_lvl+0x10/0x10 [ 259.965267][ T9345] ? __pfx__printk+0x10/0x10 [ 259.965304][ T9345] ? __pfx___might_resched+0x10/0x10 [ 259.965337][ T9345] should_fail_ex+0x414/0x560 [ 259.965376][ T9345] should_failslab+0xa8/0x100 [ 259.965410][ T9345] __kmalloc_cache_noprof+0x70/0x3d0 [ 259.965438][ T9345] ? call_usermodehelper_setup+0x8e/0x270 [ 259.965461][ T9345] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 259.965503][ T9345] call_usermodehelper_setup+0x8e/0x270 [ 259.965525][ T9345] ? __pfx_free_modprobe_argv+0x10/0x10 [ 259.965555][ T9345] __request_module+0x39f/0x5e0 [ 259.965589][ T9345] ? __pfx___mutex_lock+0x10/0x10 [ 259.965625][ T9345] ? __pfx___request_module+0x10/0x10 [ 259.965651][ T9345] ? pcpu_alloc_noprof+0xfdd/0x16b0 [ 259.965692][ T9345] ? xt_find_match+0x1fe/0x250 [ 259.965743][ T9345] xt_request_find_match+0xc1/0x140 [ 259.965776][ T9345] translate_table+0x1449/0x2040 [ 259.965836][ T9345] ? __pfx_translate_table+0x10/0x10 [ 259.965871][ T9345] ? __might_fault+0xb0/0x130 [ 259.965919][ T9345] ? _copy_from_user+0x94/0xb0 [ 259.965950][ T9345] do_ip6t_set_ctl+0x970/0xce0 [ 259.965997][ T9345] ? rcu_is_watching+0x15/0xb0 [ 259.966023][ T9345] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 259.966079][ T9345] ? __pfx___mutex_lock+0x10/0x10 [ 259.966109][ T9345] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 259.966138][ T9345] ? aa_sk_perm+0x81e/0x950 [ 259.966181][ T9345] ? __pfx_aa_sk_perm+0x10/0x10 [ 259.966219][ T9345] nf_setsockopt+0x26c/0x290 [ 259.966255][ T9345] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 259.966289][ T9345] do_sock_setsockopt+0x25a/0x3e0 [ 259.966326][ T9345] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 259.966364][ T9345] ? __fget_files+0x2a/0x420 [ 259.966404][ T9345] __x64_sys_setsockopt+0x18b/0x220 [ 259.966444][ T9345] do_syscall_64+0xfa/0x3b0 [ 259.966478][ T9345] ? lockdep_hardirqs_on+0x9c/0x150 [ 259.966506][ T9345] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.966527][ T9345] ? clear_bhb_loop+0x60/0xb0 [ 259.966554][ T9345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.966576][ T9345] RIP: 0033:0x7fe510b8e929 [ 259.966597][ T9345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 259.966617][ T9345] RSP: 002b:00007fe511a81038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 259.966641][ T9345] RAX: ffffffffffffffda RBX: 00007fe510db5fa0 RCX: 00007fe510b8e929 [ 259.966658][ T9345] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 259.966670][ T9345] RBP: 00007fe511a81090 R08: 0000000000000470 R09: 0000000000000000 [ 259.966684][ T9345] R10: 0000200000001300 R11: 0000000000000246 R12: 0000000000000002 [ 259.966698][ T9345] R13: 0000000000000000 R14: 00007fe510db5fa0 R15: 00007ffc0e5ef0f8 [ 259.966732][ T9345] [ 260.800464][ T9010] 8021q: adding VLAN 0 to HW filter on device bond0 [ 260.905311][ T9010] 8021q: adding VLAN 0 to HW filter on device team0 [ 261.005018][ T1043] bridge0: port 1(bridge_slave_0) entered blocking state [ 261.012317][ T1043] bridge0: port 1(bridge_slave_0) entered forwarding state [ 261.104706][ T9029] bridge0: port 2(bridge_slave_1) entered blocking state [ 261.112009][ T9029] bridge0: port 2(bridge_slave_1) entered forwarding state [ 261.867856][ T9393] FAULT_INJECTION: forcing a failure. [ 261.867856][ T9393] name failslab, interval 1, probability 0, space 0, times 0 [ 261.897749][ T9393] CPU: 0 UID: 0 PID: 9393 Comm: syz.2.805 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 261.897786][ T9393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 261.897801][ T9393] Call Trace: [ 261.897824][ T9393] [ 261.897834][ T9393] dump_stack_lvl+0x189/0x250 [ 261.897872][ T9393] ? __pfx____ratelimit+0x10/0x10 [ 261.897904][ T9393] ? __pfx_dump_stack_lvl+0x10/0x10 [ 261.897931][ T9393] ? __pfx__printk+0x10/0x10 [ 261.897970][ T9393] ? __pfx___might_resched+0x10/0x10 [ 261.898003][ T9393] should_fail_ex+0x414/0x560 [ 261.898044][ T9393] should_failslab+0xa8/0x100 [ 261.898077][ T9393] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 261.898109][ T9393] ? __alloc_skb+0x112/0x2d0 [ 261.898147][ T9393] __alloc_skb+0x112/0x2d0 [ 261.898183][ T9393] netlink_sendmsg+0x5c6/0xb30 [ 261.898237][ T9393] ? __pfx_netlink_sendmsg+0x10/0x10 [ 261.898268][ T9393] ? aa_sock_msg_perm+0x94/0x160 [ 261.898305][ T9393] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 261.898324][ T9393] ? __pfx_netlink_sendmsg+0x10/0x10 [ 261.898352][ T9393] __sock_sendmsg+0x219/0x270 [ 261.898380][ T9393] ____sys_sendmsg+0x505/0x830 [ 261.898421][ T9393] ? __pfx_____sys_sendmsg+0x10/0x10 [ 261.898465][ T9393] ? import_iovec+0x74/0xa0 [ 261.898497][ T9393] ___sys_sendmsg+0x21f/0x2a0 [ 261.898521][ T9393] ? __pfx____sys_sendmsg+0x10/0x10 [ 261.898584][ T9393] ? __fget_files+0x2a/0x420 [ 261.898614][ T9393] ? __fget_files+0x3a0/0x420 [ 261.898657][ T9393] __x64_sys_sendmsg+0x19b/0x260 [ 261.898681][ T9393] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 261.898714][ T9393] ? __pfx_ksys_write+0x10/0x10 [ 261.898737][ T9393] ? rcu_is_watching+0x15/0xb0 [ 261.898770][ T9393] ? do_syscall_64+0xbe/0x3b0 [ 261.898806][ T9393] do_syscall_64+0xfa/0x3b0 [ 261.898836][ T9393] ? lockdep_hardirqs_on+0x9c/0x150 [ 261.898866][ T9393] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.898889][ T9393] ? clear_bhb_loop+0x60/0xb0 [ 261.898917][ T9393] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.898938][ T9393] RIP: 0033:0x7f4bce58e929 [ 261.898959][ T9393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 261.898979][ T9393] RSP: 002b:00007f4bcf4b5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 261.899003][ T9393] RAX: ffffffffffffffda RBX: 00007f4bce7b5fa0 RCX: 00007f4bce58e929 [ 261.899020][ T9393] RDX: 0000000020050800 RSI: 00002000000000c0 RDI: 0000000000000003 [ 261.899035][ T9393] RBP: 00007f4bcf4b5090 R08: 0000000000000000 R09: 0000000000000000 [ 261.899048][ T9393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 261.899061][ T9393] R13: 0000000000000000 R14: 00007f4bce7b5fa0 R15: 00007ffd7927ff38 [ 261.899095][ T9393] [ 262.391606][ T9010] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 262.467324][ T9010] veth0_vlan: entered promiscuous mode [ 262.490376][ T9010] veth1_vlan: entered promiscuous mode [ 262.558895][ T5860] Bluetooth: hci0: command tx timeout [ 262.583957][ T9010] veth0_macvtap: entered promiscuous mode [ 262.595190][ T9010] veth1_macvtap: entered promiscuous mode [ 262.624671][ T9010] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 262.644039][ T9408] netlink: 'syz.4.808': attribute type 1 has an invalid length. [ 262.666038][ T9410] netlink: 'syz.3.809': attribute type 1 has an invalid length. [ 262.684265][ T9410] netlink: 'syz.3.809': attribute type 1 has an invalid length. [ 262.695807][ T9010] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 262.747165][ T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.788700][ T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.863793][ T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.886220][ T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.122605][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 263.319328][ T9029] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 263.336200][ T9029] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 263.451981][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 263.477654][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 263.573874][ T9434] lo speed is unknown, defaulting to 1000 [ 264.475102][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.664613][ T9434] lo speed is unknown, defaulting to 1000 [ 264.758542][ T9436] __nla_validate_parse: 21 callbacks suppressed [ 264.758568][ T9436] netlink: 20 bytes leftover after parsing attributes in process `syz.2.813'. [ 264.788907][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.932347][ T9457] netlink: 'syz.2.813': attribute type 12 has an invalid length. [ 265.059457][ T9436] lo speed is unknown, defaulting to 1000 [ 265.125970][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.372049][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.652741][ T12] bridge_slave_1: left allmulticast mode [ 265.668498][ T12] bridge_slave_1: left promiscuous mode [ 265.674388][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 265.709161][ T12] bridge_slave_0: left allmulticast mode [ 265.714893][ T12] bridge_slave_0: left promiscuous mode [ 265.739212][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 265.965343][ T9481] netlink: 12 bytes leftover after parsing attributes in process `syz.4.818'. [ 266.954412][ T5863] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 266.965995][ T5863] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 266.997469][ T5863] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 267.022692][ T5863] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 267.043216][ T5863] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 267.050129][ T9508] netlink: 'syz.0.822': attribute type 10 has an invalid length. [ 267.204220][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 267.217979][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 267.235024][ T12] bond0 (unregistering): Released all slaves [ 267.254779][ T9436] lo speed is unknown, defaulting to 1000 [ 267.306952][ T9508] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 267.425106][ T9481] lo speed is unknown, defaulting to 1000 [ 268.213959][ T9505] lo speed is unknown, defaulting to 1000 [ 268.223714][ T9481] lo speed is unknown, defaulting to 1000 [ 268.294289][ T9532] IPVS: persistence engine module ip_vs_pe_ not found [ 268.760467][ T9548] ip6gre0: entered promiscuous mode [ 268.781877][ T9548] ip6gre0: entered allmulticast mode [ 268.871109][ T9523] lo speed is unknown, defaulting to 1000 [ 268.908365][ T9549] netlink: 12 bytes leftover after parsing attributes in process `syz.3.827'. [ 268.974423][ T9548] can: request_module (can-proto-3) failed. [ 269.118966][ T5860] Bluetooth: hci0: command tx timeout [ 269.501111][ T9523] lo speed is unknown, defaulting to 1000 [ 269.510607][ T9505] lo speed is unknown, defaulting to 1000 [ 269.745176][ T9568] netlink: 84 bytes leftover after parsing attributes in process `syz.2.829'. [ 270.144986][ T12] hsr_slave_0: left promiscuous mode [ 270.151794][ T12] hsr_slave_1: left promiscuous mode [ 270.158129][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 270.169188][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 270.178203][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 270.186675][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 270.243985][ T12] veth1_macvtap: left promiscuous mode [ 270.260411][ T12] veth0_macvtap: left promiscuous mode [ 270.266235][ T12] veth1_vlan: left promiscuous mode [ 270.285986][ T12] veth0_vlan: left promiscuous mode [ 270.456995][ T9583] netlink: 40 bytes leftover after parsing attributes in process `syz.2.831'. [ 271.209288][ T5860] Bluetooth: hci0: command 0x041b tx timeout [ 272.217595][ T12] team0 (unregistering): Port device team_slave_1 removed [ 272.307784][ T12] team0 (unregistering): Port device team_slave_0 removed [ 273.279567][ T5860] Bluetooth: hci0: command 0x041b tx timeout [ 273.387671][ T9585] lo speed is unknown, defaulting to 1000 [ 273.866032][ T9505] chnl_net:caif_netlink_parms(): no params data found [ 274.065538][ T9585] lo speed is unknown, defaulting to 1000 [ 274.323247][ T9620] netlink: 'syz.3.834': attribute type 1 has an invalid length. [ 274.418556][ T9505] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.431645][ T9505] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.465425][ T9505] bridge_slave_0: entered allmulticast mode [ 274.501747][ T9505] bridge_slave_0: entered promiscuous mode [ 274.528187][ T9505] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.535772][ T9505] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.543257][ T9505] bridge_slave_1: entered allmulticast mode [ 274.560817][ T9505] bridge_slave_1: entered promiscuous mode [ 274.653739][ T9626] netlink: 'syz.4.835': attribute type 10 has an invalid length. [ 274.822962][ T9626] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 275.027238][ T9505] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 275.045464][ T9635] netlink: 'syz.3.838': attribute type 1 has an invalid length. [ 275.063584][ T9505] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 275.260504][ T9643] netlink: 20 bytes leftover after parsing attributes in process `syz.4.840'. [ 275.277225][ T9635] bond2: entered promiscuous mode [ 275.289331][ T9635] 8021q: adding VLAN 0 to HW filter on device bond2 [ 275.325145][ T9637] bond2: (slave dummy0): making interface the new active one [ 275.338595][ T9637] dummy0: entered promiscuous mode [ 275.353951][ T9637] bond2: (slave dummy0): Enslaving as an active interface with an up link [ 275.362759][ T5860] Bluetooth: hci0: command 0x041b tx timeout [ 275.510889][ T9505] team0: Port device team_slave_0 added [ 275.535169][ T9505] team0: Port device team_slave_1 added [ 275.863519][ T9505] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 275.893941][ T9505] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 276.005120][ T9505] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 276.024821][ T9505] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 276.063566][ T9505] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 276.132707][ T9505] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 276.365629][ T9505] hsr_slave_0: entered promiscuous mode [ 276.389964][ T9505] hsr_slave_1: entered promiscuous mode [ 276.396606][ T9505] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 276.413195][ T9505] Cannot create hsr debugfs directory [ 276.666739][ T9681] netlink: 'syz.3.848': attribute type 39 has an invalid length. [ 277.439443][ T5860] Bluetooth: hci0: command 0x041b tx timeout [ 278.528950][ T9505] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 278.574397][ T9505] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 278.691301][ T9505] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 278.748127][ T9505] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 279.342351][ T9505] 8021q: adding VLAN 0 to HW filter on device bond0 [ 279.491621][ T9505] 8021q: adding VLAN 0 to HW filter on device team0 [ 279.580503][ T3017] bridge0: port 1(bridge_slave_0) entered blocking state [ 279.587700][ T3017] bridge0: port 1(bridge_slave_0) entered forwarding state [ 279.649677][ T3017] bridge0: port 2(bridge_slave_1) entered blocking state [ 279.656924][ T3017] bridge0: port 2(bridge_slave_1) entered forwarding state [ 279.786677][ T9764] netlink: 'syz.0.866': attribute type 1 has an invalid length. [ 279.827282][ T9764] netlink: 4 bytes leftover after parsing attributes in process `syz.0.866'. [ 280.061422][ T9771] netlink: 24 bytes leftover after parsing attributes in process `syz.3.868'. [ 280.090400][ T9771] netlink: 12 bytes leftover after parsing attributes in process `syz.3.868'. [ 280.100100][ T9771] nbd: socks must be embedded in a SOCK_ITEM attr [ 280.726159][ T9505] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 280.952256][ T9505] veth0_vlan: entered promiscuous mode [ 281.016460][ T9505] veth1_vlan: entered promiscuous mode [ 281.080646][ T9809] netlink: 12 bytes leftover after parsing attributes in process `syz.0.874'. [ 281.110097][ T9809] netlink: 40 bytes leftover after parsing attributes in process `syz.0.874'. [ 281.197650][ T9505] veth0_macvtap: entered promiscuous mode [ 281.252514][ T9505] veth1_macvtap: entered promiscuous mode [ 281.342279][ T9505] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 281.424871][ T9505] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 281.452984][ T1148] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.462694][ T1148] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.524544][ T1148] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.551194][ T1148] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.747830][ T1043] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 281.781314][ T1043] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 281.906175][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 281.948608][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 282.258522][ T9833] netlink: 248 bytes leftover after parsing attributes in process `syz.0.881'. [ 282.643919][ T9029] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.884924][ T9029] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.039647][ T9029] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.336460][ T9029] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.599366][ T3017] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 283.667231][ T9029] bridge_slave_1: left allmulticast mode [ 283.682855][ T9029] bridge_slave_1: left promiscuous mode [ 283.694288][ T9029] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.712294][ T9029] bridge_slave_0: left allmulticast mode [ 283.718024][ T9029] bridge_slave_0: left promiscuous mode [ 283.738952][ T9029] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.115516][ T9873] netlink: 20 bytes leftover after parsing attributes in process `syz.0.883'. [ 284.643761][ T9029] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 284.658060][ T9029] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 284.671791][ T9029] bond0 (unregistering): Released all slaves [ 284.709187][ T9873] 8021q: VLANs not supported on nlmon0 [ 284.781129][ T5863] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 284.804245][ T5863] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 284.816609][ T5863] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 284.826536][ T5863] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 284.841676][ T5863] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 284.929160][ T9882] netlink: 16 bytes leftover after parsing attributes in process `syz.4.887'. [ 284.960348][ T9879] lo speed is unknown, defaulting to 1000 [ 285.010777][ T9886] netlink: 428 bytes leftover after parsing attributes in process `syz.4.887'. [ 285.358044][ T9893] gre0: entered promiscuous mode [ 285.408462][ T9893] gre0: entered allmulticast mode [ 285.417633][ T9899] FAULT_INJECTION: forcing a failure. [ 285.417633][ T9899] name failslab, interval 1, probability 0, space 0, times 0 [ 285.448936][ T9899] CPU: 0 UID: 0 PID: 9899 Comm: syz.4.892 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 285.448974][ T9899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 285.448989][ T9899] Call Trace: [ 285.448999][ T9899] [ 285.449010][ T9899] dump_stack_lvl+0x189/0x250 [ 285.449051][ T9899] ? __pfx____ratelimit+0x10/0x10 [ 285.449085][ T9899] ? __pfx_dump_stack_lvl+0x10/0x10 [ 285.449112][ T9899] ? __pfx__printk+0x10/0x10 [ 285.449147][ T9899] ? __pfx___might_resched+0x10/0x10 [ 285.449176][ T9899] ? fs_reclaim_acquire+0x7d/0x100 [ 285.449217][ T9899] should_fail_ex+0x414/0x560 [ 285.449277][ T9899] should_failslab+0xa8/0x100 [ 285.449311][ T9899] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 285.449340][ T9899] ? __alloc_skb+0x112/0x2d0 [ 285.449380][ T9899] __alloc_skb+0x112/0x2d0 [ 285.449424][ T9899] alloc_skb_with_frags+0xca/0x890 [ 285.449464][ T9899] ? register_lock_class+0x51/0x320 [ 285.449498][ T9899] sock_alloc_send_pskb+0x857/0x990 [ 285.449544][ T9899] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 285.449573][ T9899] ? dev_get_by_index+0x22/0x2e0 [ 285.449599][ T9899] ? dev_get_by_index+0x22/0x2e0 [ 285.449629][ T9899] packet_sendmsg+0x3672/0x53f0 [ 285.449669][ T9899] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 285.449724][ T9899] ? __pfx___might_resched+0x10/0x10 [ 285.449751][ T9899] ? __lock_acquire+0xab9/0xd20 [ 285.449789][ T9899] ? __pfx_packet_sendmsg+0x10/0x10 [ 285.449807][ T9899] ? aa_sk_perm+0x81e/0x950 [ 285.449844][ T9899] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 285.449875][ T9899] ? __lock_acquire+0xab9/0xd20 [ 285.449896][ T9899] ? aa_sock_msg_perm+0x94/0x160 [ 285.449931][ T9899] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 285.449952][ T9899] ? __pfx_packet_sendmsg+0x10/0x10 [ 285.449974][ T9899] __sock_sendmsg+0x219/0x270 [ 285.450006][ T9899] ____sys_sendmsg+0x52d/0x830 [ 285.450047][ T9899] ? __pfx_____sys_sendmsg+0x10/0x10 [ 285.450092][ T9899] ? import_iovec+0x74/0xa0 [ 285.450123][ T9899] ___sys_sendmsg+0x21f/0x2a0 [ 285.450146][ T9899] ? __pfx____sys_sendmsg+0x10/0x10 [ 285.450206][ T9899] ? __fget_files+0x2a/0x420 [ 285.450235][ T9899] ? __fget_files+0x3a0/0x420 [ 285.450274][ T9899] __sys_sendmmsg+0x227/0x430 [ 285.450298][ T9899] ? __pfx___sys_sendmmsg+0x10/0x10 [ 285.450315][ T9899] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 285.450378][ T9899] ? ksys_write+0x22a/0x250 [ 285.450414][ T9899] ? __pfx_ksys_write+0x10/0x10 [ 285.450438][ T9899] ? rcu_is_watching+0x15/0xb0 [ 285.450472][ T9899] __x64_sys_sendmmsg+0xa0/0xc0 [ 285.450496][ T9899] do_syscall_64+0xfa/0x3b0 [ 285.450527][ T9899] ? lockdep_hardirqs_on+0x9c/0x150 [ 285.450556][ T9899] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.450579][ T9899] ? clear_bhb_loop+0x60/0xb0 [ 285.450606][ T9899] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.450627][ T9899] RIP: 0033:0x7f2f6658e929 [ 285.450649][ T9899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 285.450670][ T9899] RSP: 002b:00007f2f67426038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 285.450694][ T9899] RAX: ffffffffffffffda RBX: 00007f2f667b5fa0 RCX: 00007f2f6658e929 [ 285.450711][ T9899] RDX: 0000000000000001 RSI: 0000200000000440 RDI: 0000000000000004 [ 285.450732][ T9899] RBP: 00007f2f67426090 R08: 0000000000000000 R09: 0000000000000000 [ 285.450746][ T9899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 285.450759][ T9899] R13: 0000000000000000 R14: 00007f2f667b5fa0 R15: 00007ffda6b178b8 [ 285.450794][ T9899] [ 285.848193][ T9902] trusted_key: syz.0.893 sent an empty control message without MSG_MORE. [ 285.961222][ T9908] netlink: 'syz.0.893': attribute type 1 has an invalid length. [ 286.063393][ T9879] lo speed is unknown, defaulting to 1000 [ 286.087000][ T9917] Bluetooth: hci0: no memory for command [ 286.114159][ T9911] syzkaller0: Caught tx_queue_len zero misconfig [ 286.317237][ T9925] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 286.371242][ T9925] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.379115][ T9925] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.845957][ T9944] netlink: 24 bytes leftover after parsing attributes in process `syz.3.902'. [ 286.888938][ T5860] Bluetooth: hci0: command tx timeout [ 287.346742][ T9029] hsr_slave_0: left promiscuous mode [ 287.365745][ T9029] hsr_slave_1: left promiscuous mode [ 287.380132][ T9965] FAULT_INJECTION: forcing a failure. [ 287.380132][ T9965] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 287.399288][ T9029] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 287.412959][ T9029] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 287.420763][ T9965] CPU: 0 UID: 0 PID: 9965 Comm: syz.3.907 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 287.420796][ T9965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 287.420810][ T9965] Call Trace: [ 287.420819][ T9965] [ 287.420828][ T9965] dump_stack_lvl+0x189/0x250 [ 287.420863][ T9965] ? __pfx____ratelimit+0x10/0x10 [ 287.420894][ T9965] ? __pfx_dump_stack_lvl+0x10/0x10 [ 287.420920][ T9965] ? __pfx__printk+0x10/0x10 [ 287.420964][ T9965] should_fail_ex+0x414/0x560 [ 287.421002][ T9965] _copy_from_user+0x2d/0xb0 [ 287.421030][ T9965] __copy_msghdr+0x3c5/0x5b0 [ 287.421068][ T9965] ___sys_sendmsg+0x1a5/0x2a0 [ 287.421090][ T9965] ? __pfx____sys_sendmsg+0x10/0x10 [ 287.421164][ T9965] ? __fget_files+0x2a/0x420 [ 287.421193][ T9965] ? __fget_files+0x3a0/0x420 [ 287.421230][ T9965] __x64_sys_sendmsg+0x19b/0x260 [ 287.421253][ T9965] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 287.421284][ T9965] ? __pfx_ksys_write+0x10/0x10 [ 287.421306][ T9965] ? rcu_is_watching+0x15/0xb0 [ 287.421346][ T9965] ? do_syscall_64+0xbe/0x3b0 [ 287.421381][ T9965] do_syscall_64+0xfa/0x3b0 [ 287.421408][ T9965] ? lockdep_hardirqs_on+0x9c/0x150 [ 287.421437][ T9965] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.421456][ T9965] ? clear_bhb_loop+0x60/0xb0 [ 287.421480][ T9965] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.421498][ T9965] RIP: 0033:0x7fe510b8e929 [ 287.421519][ T9965] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 287.421549][ T9965] RSP: 002b:00007fe511a81038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 287.421579][ T9965] RAX: ffffffffffffffda RBX: 00007fe510db5fa0 RCX: 00007fe510b8e929 [ 287.421595][ T9965] RDX: 00000000200040c4 RSI: 0000200000001640 RDI: 0000000000000004 [ 287.421609][ T9965] RBP: 00007fe511a81090 R08: 0000000000000000 R09: 0000000000000000 [ 287.421622][ T9965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 287.421636][ T9965] R13: 0000000000000000 R14: 00007fe510db5fa0 R15: 00007ffc0e5ef0f8 [ 287.421669][ T9965] [ 287.423256][ T9968] netlink: 'syz.4.908': attribute type 1 has an invalid length. [ 287.563600][ T9029] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 287.650422][ T9029] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 287.657861][ T9968] netlink: 228 bytes leftover after parsing attributes in process `syz.4.908'. [ 287.744671][ T9029] veth1_macvtap: left promiscuous mode [ 287.754515][ T9029] veth0_macvtap: left promiscuous mode [ 287.762302][ T9029] veth1_vlan: left promiscuous mode [ 287.769102][ T9029] veth0_vlan: left promiscuous mode [ 288.485833][ T9029] team0 (unregistering): Port device team_slave_1 removed [ 288.540183][ T9029] team0 (unregistering): Port device team_slave_0 removed [ 288.968988][ T5860] Bluetooth: hci0: command tx timeout [ 289.071401][ T9970] bond0: entered promiscuous mode [ 289.076537][ T9970] bond_slave_0: entered promiscuous mode [ 289.086593][ T9970] bond_slave_1: entered promiscuous mode [ 289.092833][ T9970] bond1: entered promiscuous mode [ 289.104437][ T9970] bridge0: entered promiscuous mode [ 289.111903][ T9970] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 289.121422][ T9970] bond0: left promiscuous mode [ 289.126223][ T9970] bond_slave_0: left promiscuous mode [ 289.133030][ T9970] bond_slave_1: left promiscuous mode [ 289.139000][ T9970] bond1: left promiscuous mode [ 289.144098][ T9970] bridge0: left promiscuous mode [ 289.220688][ T9990] netlink: 28 bytes leftover after parsing attributes in process `syz.2.913'. [ 289.292139][ T9990] smc: net device bond0 applied user defined pnetid SYZ2 [ 289.308707][ T9975] lo speed is unknown, defaulting to 1000 [ 289.463322][ T9879] chnl_net:caif_netlink_parms(): no params data found [ 289.867315][T10009] netlink: 'syz.4.915': attribute type 3 has an invalid length. [ 290.050269][T10021] sctp: [Deprecated]: syz.3.919 (pid 10021) Use of struct sctp_assoc_value in delayed_ack socket option. [ 290.050269][T10021] Use struct sctp_sack_info instead [ 290.112390][T10016] netlink: 32 bytes leftover after parsing attributes in process `syz.2.918'. [ 290.121977][ T9997] netlink: 60 bytes leftover after parsing attributes in process `syz.4.915'. [ 290.170901][ T9997] netlink: 60 bytes leftover after parsing attributes in process `syz.4.915'. [ 290.212556][ T9980] lo speed is unknown, defaulting to 1000 [ 290.230049][ T9879] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.237279][ T9879] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.288768][ T9879] bridge_slave_0: entered allmulticast mode [ 290.316325][ T9879] bridge_slave_0: entered promiscuous mode [ 290.345478][ T9975] lo speed is unknown, defaulting to 1000 [ 290.345831][ T9879] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.386410][ T9879] bridge0: port 2(bridge_slave_1) entered disabled state [ 290.406951][ T9879] bridge_slave_1: entered allmulticast mode [ 290.419054][ T9879] bridge_slave_1: entered promiscuous mode [ 290.706887][ T9879] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 290.745186][ T9879] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 290.919381][T10043] netlink: 'syz.2.925': attribute type 1 has an invalid length. [ 290.942895][T10043] netlink: 228 bytes leftover after parsing attributes in process `syz.2.925'. [ 291.039056][ T5860] Bluetooth: hci0: command tx timeout [ 291.043874][T10049] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 291.130799][ T9879] team0: Port device team_slave_0 added [ 291.227599][ T9980] lo speed is unknown, defaulting to 1000 [ 291.236200][ T9879] team0: Port device team_slave_1 added [ 291.671149][T10063] netlink: 8 bytes leftover after parsing attributes in process `syz.3.928'. [ 291.684037][T10063] netlink: 8 bytes leftover after parsing attributes in process `syz.3.928'. [ 291.876805][ T9879] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 291.894441][ T9879] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 291.954628][ T9879] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 291.961101][T10072] sctp: [Deprecated]: syz.2.931 (pid 10072) Use of struct sctp_assoc_value in delayed_ack socket option. [ 291.961101][T10072] Use struct sctp_sack_info instead [ 291.984087][ T9879] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 291.991269][ T9879] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 292.059593][ T9879] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 292.365393][T10084] netlink: 'syz.3.934': attribute type 5 has an invalid length. [ 292.382903][T10084] netlink: 4 bytes leftover after parsing attributes in process `syz.3.934'. [ 292.417320][T10086] FAULT_INJECTION: forcing a failure. [ 292.417320][T10086] name failslab, interval 1, probability 0, space 0, times 0 [ 292.438622][T10086] CPU: 0 UID: 0 PID: 10086 Comm: syz.2.935 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 292.438657][T10086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 292.438670][T10086] Call Trace: [ 292.438679][T10086] [ 292.438688][T10086] dump_stack_lvl+0x189/0x250 [ 292.438723][T10086] ? __pfx____ratelimit+0x10/0x10 [ 292.438752][T10086] ? __pfx_dump_stack_lvl+0x10/0x10 [ 292.438777][T10086] ? __pfx__printk+0x10/0x10 [ 292.438809][T10086] ? __pfx___might_resched+0x10/0x10 [ 292.438836][T10086] ? fs_reclaim_acquire+0x7d/0x100 [ 292.438874][T10086] should_fail_ex+0x414/0x560 [ 292.438912][T10086] should_failslab+0xa8/0x100 [ 292.438943][T10086] __kmalloc_node_noprof+0xd1/0x4e0 [ 292.438966][T10086] ? alloc_slab_obj_exts+0x39/0xa0 [ 292.438994][T10086] alloc_slab_obj_exts+0x39/0xa0 [ 292.439018][T10086] __memcg_slab_post_alloc_hook+0x31e/0x7f0 [ 292.439063][T10086] kmem_cache_alloc_noprof+0x2bf/0x3c0 [ 292.439088][T10086] ? fib_insert_alias+0x13b/0x1210 [ 292.439127][T10086] fib_insert_alias+0x13b/0x1210 [ 292.439160][T10086] ? rcu_is_watching+0x15/0xb0 [ 292.439187][T10086] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 292.439209][T10086] ? kmem_cache_alloc_noprof+0x21a/0x3c0 [ 292.439234][T10086] ? fib_table_insert+0x4a7/0x1b50 [ 292.439269][T10086] fib_table_insert+0x67c/0x1b50 [ 292.439316][T10086] ? l3mdev_fib_table+0x18/0x160 [ 292.439359][T10086] fib_magic+0x2c4/0x390 [ 292.439387][T10086] ? __pfx_fib_magic+0x10/0x10 [ 292.439406][T10086] ? queue_work_on+0x1ed/0x270 [ 292.439449][T10086] ? addr_event+0x34f/0x470 [ 292.439485][T10086] fib_add_ifaddr+0x144/0x5f0 [ 292.439516][T10086] fib_inetaddr_event+0x12e/0x190 [ 292.439542][T10086] notifier_call_chain+0x1b3/0x3e0 [ 292.439577][T10086] blocking_notifier_call_chain+0x6a/0x90 [ 292.439608][T10086] __inet_insert_ifa+0xa13/0xbf0 [ 292.439649][T10086] ? __pfx___inet_insert_ifa+0x10/0x10 [ 292.439683][T10086] inet_rtm_newaddr+0xf3a/0x18b0 [ 292.439717][T10086] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 292.439758][T10086] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 292.439779][T10086] rtnetlink_rcv_msg+0x7cf/0xb70 [ 292.439816][T10086] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 292.439842][T10086] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 292.439867][T10086] ? ref_tracker_free+0x63a/0x7d0 [ 292.439886][T10086] ? __copy_skb_header+0xa7/0x550 [ 292.439909][T10086] ? __pfx_ref_tracker_free+0x10/0x10 [ 292.439940][T10086] netlink_rcv_skb+0x205/0x470 [ 292.439972][T10086] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 292.440003][T10086] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 292.440046][T10086] ? netlink_deliver_tap+0x2e/0x1b0 [ 292.440075][T10086] ? netlink_deliver_tap+0x2e/0x1b0 [ 292.440110][T10086] netlink_unicast+0x758/0x8d0 [ 292.440147][T10086] netlink_sendmsg+0x805/0xb30 [ 292.440189][T10086] ? __pfx_netlink_sendmsg+0x10/0x10 [ 292.440222][T10086] ? aa_sock_msg_perm+0x94/0x160 [ 292.440258][T10086] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 292.440279][T10086] ? __pfx_netlink_sendmsg+0x10/0x10 [ 292.440309][T10086] __sock_sendmsg+0x219/0x270 [ 292.440357][T10086] ____sys_sendmsg+0x505/0x830 [ 292.440405][T10086] ? __pfx_____sys_sendmsg+0x10/0x10 [ 292.440451][T10086] ? import_iovec+0x74/0xa0 [ 292.440489][T10086] ___sys_sendmsg+0x21f/0x2a0 [ 292.440513][T10086] ? __pfx____sys_sendmsg+0x10/0x10 [ 292.440588][T10086] ? __fget_files+0x2a/0x420 [ 292.440617][T10086] ? __fget_files+0x3a0/0x420 [ 292.440658][T10086] __x64_sys_sendmsg+0x19b/0x260 [ 292.440683][T10086] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 292.440715][T10086] ? __pfx_ksys_write+0x10/0x10 [ 292.440738][T10086] ? rcu_is_watching+0x15/0xb0 [ 292.440769][T10086] ? do_syscall_64+0xbe/0x3b0 [ 292.440804][T10086] do_syscall_64+0xfa/0x3b0 [ 292.440832][T10086] ? lockdep_hardirqs_on+0x9c/0x150 [ 292.440861][T10086] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.440883][T10086] ? clear_bhb_loop+0x60/0xb0 [ 292.440920][T10086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 292.440941][T10086] RIP: 0033:0x7f4bce58e929 [ 292.440963][T10086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 292.440982][T10086] RSP: 002b:00007f4bcf4b5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 292.441007][T10086] RAX: ffffffffffffffda RBX: 00007f4bce7b5fa0 RCX: 00007f4bce58e929 [ 292.441023][T10086] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 292.441036][T10086] RBP: 00007f4bcf4b5090 R08: 0000000000000000 R09: 0000000000000000 [ 292.441049][T10086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 292.441062][T10086] R13: 0000000000000000 R14: 00007f4bce7b5fa0 R15: 00007ffd7927ff38 [ 292.441096][T10086] [ 292.476934][ T9879] hsr_slave_0: entered promiscuous mode [ 292.742166][ T9879] hsr_slave_1: entered promiscuous mode [ 292.912450][T10090] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 292.944258][ T9879] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 292.980819][ T9879] Cannot create hsr debugfs directory [ 293.127525][ T5860] Bluetooth: hci0: command tx timeout [ 293.163885][T10094] netlink: 'syz.3.937': attribute type 1 has an invalid length. [ 293.179591][T10094] netlink: 228 bytes leftover after parsing attributes in process `syz.3.937'. [ 293.296777][T10094] bond0: entered promiscuous mode [ 293.321008][T10094] bond_slave_0: entered promiscuous mode [ 293.327076][T10094] bond_slave_1: entered promiscuous mode [ 293.334049][T10094] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 293.349295][T10094] bond0: left promiscuous mode [ 293.354313][T10094] bond_slave_0: left promiscuous mode [ 293.360650][T10094] bond_slave_1: left promiscuous mode [ 293.661088][T10107] netlink: 8 bytes leftover after parsing attributes in process `syz.3.942'. [ 293.747146][T10113] sctp: [Deprecated]: syz.4.943 (pid 10113) Use of struct sctp_assoc_value in delayed_ack socket option. [ 293.747146][T10113] Use struct sctp_sack_info instead [ 293.997418][T10124] netlink: 64 bytes leftover after parsing attributes in process `syz.4.948'. [ 294.681514][T10150] FAULT_INJECTION: forcing a failure. [ 294.681514][T10150] name failslab, interval 1, probability 0, space 0, times 0 [ 294.709076][T10154] openvswitch: netlink: IP tunnel TTL not specified. [ 294.778426][T10150] CPU: 0 UID: 0 PID: 10150 Comm: syz.0.955 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 294.778462][T10150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 294.778476][T10150] Call Trace: [ 294.778485][T10150] [ 294.778494][T10150] dump_stack_lvl+0x189/0x250 [ 294.778532][T10150] ? __pfx____ratelimit+0x10/0x10 [ 294.778563][T10150] ? __pfx_dump_stack_lvl+0x10/0x10 [ 294.778589][T10150] ? __pfx__printk+0x10/0x10 [ 294.778620][T10150] ? __pfx___might_resched+0x10/0x10 [ 294.778649][T10150] should_fail_ex+0x414/0x560 [ 294.778689][T10150] should_failslab+0xa8/0x100 [ 294.778721][T10150] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 294.778749][T10150] ? __alloc_skb+0x112/0x2d0 [ 294.778785][T10150] __alloc_skb+0x112/0x2d0 [ 294.778818][T10150] netlink_sendmsg+0x5c6/0xb30 [ 294.778872][T10150] ? __pfx_netlink_sendmsg+0x10/0x10 [ 294.778905][T10150] ? aa_sock_msg_perm+0x94/0x160 [ 294.778940][T10150] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 294.778960][T10150] ? __pfx_netlink_sendmsg+0x10/0x10 [ 294.778989][T10150] __sock_sendmsg+0x219/0x270 [ 294.779019][T10150] ____sys_sendmsg+0x505/0x830 [ 294.779066][T10150] ? __pfx_____sys_sendmsg+0x10/0x10 [ 294.779108][T10150] ? import_iovec+0x74/0xa0 [ 294.779139][T10150] ___sys_sendmsg+0x21f/0x2a0 [ 294.779162][T10150] ? __pfx____sys_sendmsg+0x10/0x10 [ 294.779221][T10150] ? __fget_files+0x2a/0x420 [ 294.779250][T10150] ? __fget_files+0x3a0/0x420 [ 294.779289][T10150] __x64_sys_sendmsg+0x19b/0x260 [ 294.779312][T10150] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 294.779344][T10150] ? __pfx_ksys_write+0x10/0x10 [ 294.779365][T10150] ? rcu_is_watching+0x15/0xb0 [ 294.779396][T10150] ? do_syscall_64+0xbe/0x3b0 [ 294.779429][T10150] do_syscall_64+0xfa/0x3b0 [ 294.779456][T10150] ? lockdep_hardirqs_on+0x9c/0x150 [ 294.779484][T10150] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.779505][T10150] ? clear_bhb_loop+0x60/0xb0 [ 294.779532][T10150] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 294.779552][T10150] RIP: 0033:0x7f319978e929 [ 294.779571][T10150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 294.779589][T10150] RSP: 002b:00007f319a61f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 294.779612][T10150] RAX: ffffffffffffffda RBX: 00007f31999b5fa0 RCX: 00007f319978e929 [ 294.779625][T10150] RDX: 0000000000000000 RSI: 0000200000000500 RDI: 0000000000000007 [ 294.779636][T10150] RBP: 00007f319a61f090 R08: 0000000000000000 R09: 0000000000000000 [ 294.779646][T10150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 294.779657][T10150] R13: 0000000000000000 R14: 00007f31999b5fa0 R15: 00007ffd0dcf9a38 [ 294.779690][T10150] [ 295.169694][ T9879] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 295.204081][ T9879] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 295.241084][ T9879] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 295.273743][ T9879] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 295.331220][T10170] FAULT_INJECTION: forcing a failure. [ 295.331220][T10170] name failslab, interval 1, probability 0, space 0, times 0 [ 295.364939][T10173] sctp: [Deprecated]: syz.3.958 (pid 10173) Use of struct sctp_assoc_value in delayed_ack socket option. [ 295.364939][T10173] Use struct sctp_sack_info instead [ 295.388920][T10170] CPU: 0 UID: 0 PID: 10170 Comm: syz.2.960 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 295.388955][T10170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 295.388969][T10170] Call Trace: [ 295.388978][T10170] [ 295.388988][T10170] dump_stack_lvl+0x189/0x250 [ 295.389025][T10170] ? __pfx____ratelimit+0x10/0x10 [ 295.389058][T10170] ? __pfx_dump_stack_lvl+0x10/0x10 [ 295.389084][T10170] ? __pfx__printk+0x10/0x10 [ 295.389116][T10170] ? __pfx___might_resched+0x10/0x10 [ 295.389141][T10170] ? fs_reclaim_acquire+0x7d/0x100 [ 295.389189][T10170] should_fail_ex+0x414/0x560 [ 295.389222][T10170] should_failslab+0xa8/0x100 [ 295.389250][T10170] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 295.389274][T10170] ? __alloc_skb+0x112/0x2d0 [ 295.389317][T10170] __alloc_skb+0x112/0x2d0 [ 295.389350][T10170] netlink_ack+0x146/0xa50 [ 295.389377][T10170] ? __pfx_genl_rcv_msg+0x10/0x10 [ 295.389394][T10170] ? ref_tracker_free+0x63a/0x7d0 [ 295.389416][T10170] ? __pfx_ref_tracker_free+0x10/0x10 [ 295.389444][T10170] netlink_rcv_skb+0x28c/0x470 [ 295.389472][T10170] ? __pfx_genl_rcv_msg+0x10/0x10 [ 295.389494][T10170] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 295.389538][T10170] ? down_read+0x1ad/0x2e0 [ 295.389573][T10170] genl_rcv+0x28/0x40 [ 295.389590][T10170] netlink_unicast+0x758/0x8d0 [ 295.389627][T10170] netlink_sendmsg+0x805/0xb30 [ 295.389667][T10170] ? __pfx_netlink_sendmsg+0x10/0x10 [ 295.389697][T10170] ? aa_sock_msg_perm+0x94/0x160 [ 295.389729][T10170] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 295.389749][T10170] ? __pfx_netlink_sendmsg+0x10/0x10 [ 295.389777][T10170] __sock_sendmsg+0x219/0x270 [ 295.389808][T10170] __sys_sendto+0x3bd/0x520 [ 295.389841][T10170] ? __pfx___sys_sendto+0x10/0x10 [ 295.389883][T10170] ? count_memcg_event_mm+0x21/0x260 [ 295.389923][T10170] ? exc_page_fault+0x76/0xf0 [ 295.389953][T10170] ? do_user_addr_fault+0xc8a/0x1390 [ 295.389978][T10170] __x64_sys_sendto+0xde/0x100 [ 295.390010][T10170] do_syscall_64+0xfa/0x3b0 [ 295.390038][T10170] ? lockdep_hardirqs_on+0x9c/0x150 [ 295.390064][T10170] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.390083][T10170] ? clear_bhb_loop+0x60/0xb0 [ 295.390107][T10170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.390126][T10170] RIP: 0033:0x7f4bce5907bc [ 295.390146][T10170] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 295.390163][T10170] RSP: 002b:00007f4bcf4b3ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 295.390187][T10170] RAX: ffffffffffffffda RBX: 00007f4bcf4b3fc0 RCX: 00007f4bce5907bc [ 295.390203][T10170] RDX: 0000000000000024 RSI: 00007f4bcf4b4010 RDI: 0000000000000005 [ 295.390216][T10170] RBP: 0000000000000000 R08: 00007f4bcf4b3f14 R09: 000000000000000c [ 295.390228][T10170] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005 [ 295.390239][T10170] R13: 00007f4bcf4b3f68 R14: 00007f4bcf4b4010 R15: 0000000000000000 [ 295.390271][T10170] [ 295.733718][ T9879] 8021q: adding VLAN 0 to HW filter on device bond0 [ 295.754248][ T9879] 8021q: adding VLAN 0 to HW filter on device team0 [ 295.767626][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 295.774877][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 295.832318][ T9029] bridge0: port 2(bridge_slave_1) entered blocking state [ 295.839685][ T9029] bridge0: port 2(bridge_slave_1) entered forwarding state [ 295.989729][T10182] __nla_validate_parse: 3 callbacks suppressed [ 295.989755][T10182] netlink: 96 bytes leftover after parsing attributes in process `syz.4.962'. [ 296.766770][ T9879] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 296.859050][T10212] lo speed is unknown, defaulting to 1000 [ 297.274908][T10224] dvmrp8: entered allmulticast mode [ 297.359255][ T9879] veth0_vlan: entered promiscuous mode [ 297.422771][ T9879] veth1_vlan: entered promiscuous mode [ 297.537501][ T9879] veth0_macvtap: entered promiscuous mode [ 297.567476][ T9879] veth1_macvtap: entered promiscuous mode [ 297.632321][ T9879] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 297.672748][ T9879] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 297.721801][ T9029] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.762432][ T9029] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.826488][ T9029] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.850884][T10222] dvmrp8: left allmulticast mode [ 297.915785][T10212] lo speed is unknown, defaulting to 1000 [ 297.940916][T10226] lo speed is unknown, defaulting to 1000 [ 297.955461][ T9029] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.327389][ T1043] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 298.368596][ T1043] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 298.463644][T10248] sctp: [Deprecated]: syz.0.975 (pid 10248) Use of struct sctp_assoc_value in delayed_ack socket option. [ 298.463644][T10248] Use struct sctp_sack_info instead [ 298.531095][ T5863] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 298.544284][ T5863] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 298.553135][ T5863] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 298.562324][ T5863] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 298.570347][ T5863] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 298.615547][ T1043] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 298.659533][ T1043] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 298.831838][T10250] lo speed is unknown, defaulting to 1000 [ 298.853953][T10226] lo speed is unknown, defaulting to 1000 [ 299.085405][T10262] xt_CT: No such helper "snmp" [ 299.447399][T10275] netlink: 8 bytes leftover after parsing attributes in process `syz.0.980'. [ 299.525858][T10276] netlink: 248 bytes leftover after parsing attributes in process `syz.0.980'. [ 299.584912][ T37] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 299.826926][T10250] lo speed is unknown, defaulting to 1000 [ 299.934082][ T37] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.253962][T10279] lo speed is unknown, defaulting to 1000 [ 300.337953][ T37] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.492303][ T37] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.638621][ T5863] Bluetooth: hci4: command tx timeout [ 300.945372][T10279] lo speed is unknown, defaulting to 1000 [ 301.029506][T10303] netlink: 8 bytes leftover after parsing attributes in process `syz.3.982'. [ 301.085211][T10303] netlink: 8 bytes leftover after parsing attributes in process `syz.3.982'. [ 301.120075][ T37] bridge_slave_1: left allmulticast mode [ 301.125817][ T37] bridge_slave_1: left promiscuous mode [ 301.139779][ T37] bridge0: port 2(bridge_slave_1) entered disabled state [ 301.156333][ T37] bridge_slave_0: left allmulticast mode [ 301.163281][ T37] bridge_slave_0: left promiscuous mode [ 301.172144][ T37] bridge0: port 1(bridge_slave_0) entered disabled state [ 301.545351][T10321] netlink: 'syz.2.983': attribute type 1 has an invalid length. [ 301.562427][T10321] netlink: 228 bytes leftover after parsing attributes in process `syz.2.983'. [ 301.874366][ T5856] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 301.885761][ T5856] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 301.906246][ T5856] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 301.917119][ T5856] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 301.934556][ T5856] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 302.129173][ T37] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 302.143563][ T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 302.154499][ T37] bond0 (unregistering): Released all slaves [ 302.170509][T10303] netlink: 8 bytes leftover after parsing attributes in process `syz.3.982'. [ 302.197957][T10250] chnl_net:caif_netlink_parms(): no params data found [ 302.721053][ T5856] Bluetooth: hci4: command 0x041b tx timeout [ 302.993892][T10330] lo speed is unknown, defaulting to 1000 [ 303.282421][T10250] bridge0: port 1(bridge_slave_0) entered blocking state [ 303.329334][T10250] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.336758][T10250] bridge_slave_0: entered allmulticast mode [ 303.378767][T10250] bridge_slave_0: entered promiscuous mode [ 303.419702][T10250] bridge0: port 2(bridge_slave_1) entered blocking state [ 303.435708][T10250] bridge0: port 2(bridge_slave_1) entered disabled state [ 303.453540][T10250] bridge_slave_1: entered allmulticast mode [ 303.481873][T10250] bridge_slave_1: entered promiscuous mode [ 303.679559][T10250] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 303.728253][T10367] netlink: 8 bytes leftover after parsing attributes in process `syz.3.987'. [ 303.768108][T10367] netlink: 4 bytes leftover after parsing attributes in process `syz.3.987'. [ 303.768605][T10330] lo speed is unknown, defaulting to 1000 [ 303.842330][T10250] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 303.999066][ T5860] Bluetooth: hci0: command tx timeout [ 304.036000][T10374] netlink: 52 bytes leftover after parsing attributes in process `syz.2.989'. [ 304.247492][ T37] hsr_slave_0: left promiscuous mode [ 304.282768][ T37] hsr_slave_1: left promiscuous mode [ 304.295209][ T37] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 304.307612][T10383] netlink: 4 bytes leftover after parsing attributes in process `syz.3.991'. [ 304.324342][ T37] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 304.344868][ T37] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 304.353342][ T37] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 304.386913][ T37] veth1_macvtap: left promiscuous mode [ 304.394456][ T37] veth0_macvtap: left promiscuous mode [ 304.401520][ T37] veth1_vlan: left promiscuous mode [ 304.406943][ T37] veth0_vlan: left promiscuous mode [ 304.811404][ T5860] Bluetooth: hci4: command 0x041b tx timeout [ 305.107696][ T37] team0 (unregistering): Port device team_slave_1 removed [ 305.159851][ T37] team0 (unregistering): Port device team_slave_0 removed [ 305.664024][T10250] team0: Port device team_slave_0 added [ 305.778547][T10250] team0: Port device team_slave_1 added [ 305.906830][T10403] netlink: 'syz.3.995': attribute type 1 has an invalid length. [ 305.915030][T10403] netlink: 228 bytes leftover after parsing attributes in process `syz.3.995'. [ 305.924101][T10405] netlink: 4 bytes leftover after parsing attributes in process `syz.2.997'. [ 305.964460][T10250] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 305.988416][T10250] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 306.058498][T10250] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 306.092990][ T5860] Bluetooth: hci0: command tx timeout [ 306.096417][T10403] bond0: entered promiscuous mode [ 306.107066][T10403] bond_slave_0: entered promiscuous mode [ 306.116368][T10403] bond_slave_1: entered promiscuous mode [ 306.128959][T10403] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 306.150317][T10403] bond0: left promiscuous mode [ 306.155322][T10403] bond_slave_0: left promiscuous mode [ 306.174270][T10403] bond_slave_1: left promiscuous mode [ 306.254876][T10250] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 306.287157][T10250] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 306.386125][T10250] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 306.673558][T10424] netlink: 4 bytes leftover after parsing attributes in process `syz.3.999'. [ 306.764787][T10250] hsr_slave_0: entered promiscuous mode [ 306.785392][T10250] hsr_slave_1: entered promiscuous mode [ 306.803191][T10250] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 306.811519][T10250] Cannot create hsr debugfs directory [ 306.878895][ T5860] Bluetooth: hci4: command 0x041b tx timeout [ 306.985513][T10424] bridge_slave_1 (unregistering): left allmulticast mode [ 307.000781][T10424] bridge_slave_1 (unregistering): left promiscuous mode [ 307.012231][T10424] bridge0: port 2(bridge_slave_1) entered disabled state [ 307.316457][T10451] netlink: 'syz.2.1003': attribute type 9 has an invalid length. [ 307.433703][T10451] netlink: 'syz.2.1003': attribute type 6 has an invalid length. [ 307.651187][T10461] netlink: 'syz.3.1004': attribute type 9 has an invalid length. [ 307.662942][T10461] netlink: 'syz.3.1004': attribute type 6 has an invalid length. [ 307.821052][T10330] chnl_net:caif_netlink_parms(): no params data found [ 308.161512][ T5860] Bluetooth: hci0: command tx timeout [ 308.198568][T10467] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1006'. [ 308.958566][ T5860] Bluetooth: hci4: command 0x041b tx timeout [ 309.050914][T10330] bridge0: port 1(bridge_slave_0) entered blocking state [ 309.088776][T10330] bridge0: port 1(bridge_slave_0) entered disabled state [ 309.109014][T10330] bridge_slave_0: entered allmulticast mode [ 309.136878][T10330] bridge_slave_0: entered promiscuous mode [ 309.189938][T10330] bridge0: port 2(bridge_slave_1) entered blocking state [ 309.197185][T10330] bridge0: port 2(bridge_slave_1) entered disabled state [ 309.246050][T10330] bridge_slave_1: entered allmulticast mode [ 309.284310][T10330] bridge_slave_1: entered promiscuous mode [ 309.467262][T10496] veth0_to_team: entered promiscuous mode [ 309.488658][T10496] veth0_to_team: entered allmulticast mode [ 309.515396][T10330] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 309.559091][T10330] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 309.771563][T10330] team0: Port device team_slave_0 added [ 309.802610][T10330] team0: Port device team_slave_1 added [ 310.000634][T10330] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 310.028167][T10330] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 310.078432][T10330] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 310.103659][T10330] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 310.117943][T10330] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 310.150155][T10330] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 310.243283][ T5860] Bluetooth: hci0: command tx timeout [ 310.397049][T10330] hsr_slave_0: entered promiscuous mode [ 310.418003][T10330] hsr_slave_1: entered promiscuous mode [ 310.442173][T10330] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 310.463719][T10330] Cannot create hsr debugfs directory [ 310.506515][T10250] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 310.552923][T10250] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 310.804403][T10250] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 310.888464][T10250] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 311.997671][T10250] 8021q: adding VLAN 0 to HW filter on device bond0 [ 312.072303][T10250] 8021q: adding VLAN 0 to HW filter on device team0 [ 312.146859][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 312.154136][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 312.226741][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 312.234026][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 312.516486][T10330] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 312.567360][T10330] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 312.669032][T10330] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 312.727253][T10330] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 313.181371][T10330] 8021q: adding VLAN 0 to HW filter on device bond0 [ 313.287258][T10330] 8021q: adding VLAN 0 to HW filter on device team0 [ 313.367201][ T1043] bridge0: port 1(bridge_slave_0) entered blocking state [ 313.374557][ T1043] bridge0: port 1(bridge_slave_0) entered forwarding state [ 313.441714][ T1043] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.448989][ T1043] bridge0: port 2(bridge_slave_1) entered forwarding state [ 313.624530][T10250] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 314.203134][T10600] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1027'. [ 314.237320][T10600] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1027'. [ 314.285136][T10600] netlink: 'syz.3.1027': attribute type 12 has an invalid length. [ 314.312107][T10600] netlink: 'syz.3.1027': attribute type 14 has an invalid length. [ 314.636297][T10330] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 314.837958][T10250] veth0_vlan: entered promiscuous mode [ 314.897011][T10621] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 314.926162][T10624] netlink: 'syz.0.1029': attribute type 9 has an invalid length. [ 314.939148][T10589] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 314.991760][T10330] veth0_vlan: entered promiscuous mode [ 314.997822][T10624] netlink: 'syz.0.1029': attribute type 6 has an invalid length. [ 315.066358][T10250] veth1_vlan: entered promiscuous mode [ 315.094651][T10330] veth1_vlan: entered promiscuous mode [ 315.321317][T10250] veth0_macvtap: entered promiscuous mode [ 315.380259][T10250] veth1_macvtap: entered promiscuous mode [ 315.421322][T10330] veth0_macvtap: entered promiscuous mode [ 315.498914][T10330] veth1_macvtap: entered promiscuous mode [ 315.602247][ T3017] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 315.625392][T10250] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 315.662408][T10637] FAULT_INJECTION: forcing a failure. [ 315.662408][T10637] name failslab, interval 1, probability 0, space 0, times 0 [ 315.691550][T10637] CPU: 0 UID: 0 PID: 10637 Comm: syz.3.1032 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 315.691600][T10637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 315.691614][T10637] Call Trace: [ 315.691624][T10637] [ 315.691634][T10637] dump_stack_lvl+0x189/0x250 [ 315.691670][T10637] ? __pfx____ratelimit+0x10/0x10 [ 315.691708][T10637] ? __pfx_dump_stack_lvl+0x10/0x10 [ 315.691732][T10637] ? __pfx__printk+0x10/0x10 [ 315.691766][T10637] ? __pfx___might_resched+0x10/0x10 [ 315.691793][T10637] ? fs_reclaim_acquire+0x7d/0x100 [ 315.691832][T10637] should_fail_ex+0x414/0x560 [ 315.691872][T10637] should_failslab+0xa8/0x100 [ 315.691904][T10637] __kmalloc_cache_node_noprof+0x73/0x3d0 [ 315.691932][T10637] ? page_pool_create_percpu+0x76/0xbe0 [ 315.691964][T10637] page_pool_create_percpu+0x76/0xbe0 [ 315.691999][T10637] __veth_napi_enable_range+0x16c/0x6f0 [ 315.692041][T10637] ? __pfx___veth_napi_enable_range+0x10/0x10 [ 315.692084][T10637] ? netif_napi_set_irq_locked+0x20b/0x720 [ 315.692119][T10637] veth_napi_enable_range+0xff/0x200 [ 315.692153][T10637] veth_set_features+0x1c8/0x2a0 [ 315.692194][T10637] __netdev_update_features+0xa43/0x1be0 [ 315.692237][T10637] ? __pfx___netdev_update_features+0x10/0x10 [ 315.692260][T10637] ? __lock_acquire+0xab9/0xd20 [ 315.692295][T10637] ? __might_fault+0xb0/0x130 [ 315.692349][T10637] ethtool_set_one_feature+0x2b4/0x300 [ 315.692377][T10637] ? __pfx_ethtool_set_one_feature+0x10/0x10 [ 315.692402][T10637] ? bpf_lsm_capable+0x9/0x20 [ 315.692428][T10637] ? security_capable+0x7e/0x2e0 [ 315.692470][T10637] dev_ethtool+0x108d/0x19b0 [ 315.692520][T10637] ? __pfx_dev_ethtool+0x10/0x10 [ 315.692572][T10637] ? dev_load+0x21/0x1f0 [ 315.692603][T10637] dev_ioctl+0x392/0x1150 [ 315.692635][T10637] sock_do_ioctl+0x22c/0x300 [ 315.692665][T10637] ? __pfx_sock_do_ioctl+0x10/0x10 [ 315.692717][T10637] sock_ioctl+0x576/0x790 [ 315.692756][T10637] ? __pfx_sock_ioctl+0x10/0x10 [ 315.692781][T10637] ? ksys_write+0x1e1/0x250 [ 315.692815][T10637] ? bpf_lsm_file_ioctl+0x9/0x20 [ 315.692839][T10637] ? __pfx_sock_ioctl+0x10/0x10 [ 315.692862][T10637] __se_sys_ioctl+0xf9/0x170 [ 315.692891][T10637] do_syscall_64+0xfa/0x3b0 [ 315.692920][T10637] ? lockdep_hardirqs_on+0x9c/0x150 [ 315.692949][T10637] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.692971][T10637] ? clear_bhb_loop+0x60/0xb0 [ 315.692998][T10637] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.693019][T10637] RIP: 0033:0x7fe510b8e929 [ 315.693039][T10637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 315.693057][T10637] RSP: 002b:00007fe511a81038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 315.693082][T10637] RAX: ffffffffffffffda RBX: 00007fe510db5fa0 RCX: 00007fe510b8e929 [ 315.693098][T10637] RDX: 00002000000002c0 RSI: 0000000000008946 RDI: 0000000000000003 [ 315.693112][T10637] RBP: 00007fe511a81090 R08: 0000000000000000 R09: 0000000000000000 [ 315.693125][T10637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 315.693138][T10637] R13: 0000000000000000 R14: 00007fe510db5fa0 R15: 00007ffc0e5ef0f8 [ 315.693173][T10637] [ 316.024007][T10637] veth0_to_team: set_features() failed (-12); wanted 0x0000612e4fdd49e9, left 0x0000612e4fdd09e9 [ 316.061500][T10250] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 317.927358][T10671] netlink: 248 bytes leftover after parsing attributes in process `syz.0.1034'. [ 324.572969][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 331.668918][ T5856] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 331.681424][ T5856] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 331.690030][ T5856] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 331.700202][ T5856] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 331.703649][ T5857] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 331.719099][ T5857] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 331.729421][ T5856] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 331.749540][ T5857] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 331.759895][ T5857] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 331.771525][ T5857] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 333.582342][ T5857] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 333.592027][ T5857] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 333.600377][ T5857] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 333.609377][ T5857] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 333.617249][ T5857] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 333.758610][ T5857] Bluetooth: hci5: command tx timeout [ 333.848626][ T5857] Bluetooth: hci6: command tx timeout [ 335.678578][ T5857] Bluetooth: hci7: command tx timeout [ 335.838510][ T5857] Bluetooth: hci5: command tx timeout [ 335.920192][ T5857] Bluetooth: hci6: command tx timeout [ 337.758837][ T5857] Bluetooth: hci7: command tx timeout [ 337.918565][ T5857] Bluetooth: hci5: command tx timeout [ 338.000366][ T5857] Bluetooth: hci6: command tx timeout [ 339.838472][ T5857] Bluetooth: hci7: command tx timeout [ 339.998519][ T5857] Bluetooth: hci5: command tx timeout [ 340.078513][ T5857] Bluetooth: hci6: command tx timeout [ 341.918498][ T5857] Bluetooth: hci7: command tx timeout [ 347.599369][ T3017] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 359.015615][ T5863] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 359.028767][ T5863] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 359.038663][ T5863] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 359.049637][ T5863] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 359.060473][ T5863] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 361.118530][ T5857] Bluetooth: hci8: command tx timeout [ 362.608201][ T5863] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 362.619020][ T5863] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 362.627991][ T5863] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 362.640731][ T5863] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 362.651041][ T5863] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 363.198524][ T5857] Bluetooth: hci8: command tx timeout [ 364.719881][ T5857] Bluetooth: hci9: command tx timeout [ 365.288469][ T5857] Bluetooth: hci8: command tx timeout [ 366.798509][ T5857] Bluetooth: hci9: command tx timeout [ 367.358561][ T5857] Bluetooth: hci8: command tx timeout [ 368.888537][ T5857] Bluetooth: hci9: command tx timeout [ 370.958467][ T5857] Bluetooth: hci9: command tx timeout [ 379.599552][ T36] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 386.003382][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 391.595357][ T5863] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 391.604969][ T5863] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 391.613667][ T5863] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 391.626052][ T5863] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 391.635078][ T5863] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 392.161671][ T5863] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 392.170899][ T5863] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 392.180909][ T5863] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 392.191480][ T5863] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 392.200638][ T5863] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 393.678658][ T5857] Bluetooth: hci10: command tx timeout [ 394.172652][ T5863] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 394.182392][ T5863] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 394.191208][ T5863] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 394.201523][ T5863] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 394.209964][ T5863] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 394.238495][ T5863] Bluetooth: hci11: command tx timeout [ 395.758475][ T5863] Bluetooth: hci10: command tx timeout [ 396.239058][ T5863] Bluetooth: hci12: command tx timeout [ 396.318751][ T5863] Bluetooth: hci11: command tx timeout [ 397.838446][ T5863] Bluetooth: hci10: command tx timeout [ 398.318457][ T5863] Bluetooth: hci12: command tx timeout [ 398.398405][ T5863] Bluetooth: hci11: command tx timeout [ 399.918687][ T5863] Bluetooth: hci10: command tx timeout [ 400.398542][ T5863] Bluetooth: hci12: command tx timeout [ 400.488650][ T5863] Bluetooth: hci11: command tx timeout [ 402.478565][ T5863] Bluetooth: hci12: command tx timeout [ 411.600682][ T9029] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 419.227603][ T5857] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 419.240818][ T5857] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 419.249962][ T5857] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 419.259475][ T5857] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 419.267914][ T5857] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 421.358448][ T5863] Bluetooth: hci13: command tx timeout [ 423.438748][ T5857] Bluetooth: hci13: command tx timeout [ 423.918506][ T5857] Bluetooth: hci4: command 0x041b tx timeout [ 424.446935][ T5857] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 424.459048][ T5857] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 424.466948][ T5857] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 424.478303][ T5857] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 424.486360][ T5857] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 425.518563][ T5857] Bluetooth: hci13: command tx timeout [ 426.558510][ T5857] Bluetooth: hci14: command tx timeout [ 427.599348][ T5863] Bluetooth: hci13: command tx timeout [ 428.648442][ T5863] Bluetooth: hci14: command tx timeout [ 429.038437][ T5863] Bluetooth: hci0: command 0x0406 tx timeout [ 430.718464][ T5857] Bluetooth: hci14: command tx timeout [ 432.798456][ T5857] Bluetooth: hci14: command tx timeout [ 443.598454][ T3017] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 447.453567][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 452.445921][ T5863] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 452.456695][ T5863] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 452.465519][ T5863] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 452.484026][ T5863] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 452.495711][ T5863] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 452.583144][ T5856] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 452.592485][ T5856] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 452.601950][ T5856] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 452.612097][ T5856] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 452.620336][ T5856] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 454.331064][ T5856] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 454.342042][ T5856] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 454.351229][ T5856] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 454.362873][ T5856] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 454.371956][ T5856] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 454.558494][ T5860] Bluetooth: hci15: command tx timeout [ 454.638541][ T5856] Bluetooth: hci5: command 0x0406 tx timeout [ 454.647642][ T5860] Bluetooth: hci6: command 0x0406 tx timeout [ 454.718618][ T5857] Bluetooth: hci16: command tx timeout [ 456.398679][ T5857] Bluetooth: hci17: command tx timeout [ 456.638409][ T5857] Bluetooth: hci15: command tx timeout [ 456.798623][ T5857] Bluetooth: hci16: command tx timeout [ 458.488614][ T5860] Bluetooth: hci17: command tx timeout [ 458.718407][ T5860] Bluetooth: hci15: command tx timeout [ 458.878537][ T5860] Bluetooth: hci16: command tx timeout [ 459.758392][ T5860] Bluetooth: hci7: command 0x0406 tx timeout [ 460.558905][ T5857] Bluetooth: hci17: command tx timeout [ 460.798398][ T5857] Bluetooth: hci15: command tx timeout [ 460.968458][ T5857] Bluetooth: hci16: command tx timeout [ 462.638640][ T5857] Bluetooth: hci17: command tx timeout [ 464.078925][ T31] INFO: task kworker/u8:1:13 blocked for more than 143 seconds. [ 464.086730][ T31] Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 [ 464.094508][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 464.103289][ T31] task:kworker/u8:1 state:D stack:21160 pid:13 tgid:13 ppid:2 task_flags:0x4208160 flags:0x00004000 [ 464.115595][ T31] Workqueue: udp_tunnel_nic udp_tunnel_nic_device_sync_work [ 464.123023][ T31] Call Trace: [ 464.126334][ T31] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 464.129518][ T31] __schedule+0x16f5/0x4d00 [ 464.134294][ T31] ? __lock_acquire+0xab9/0xd20 [ 464.140062][ T31] ? schedule+0x165/0x360 [ 464.144880][ T31] ? __pfx___schedule+0x10/0x10 [ 464.149967][ T31] ? schedule+0x91/0x360 [ 464.154266][ T31] schedule+0x165/0x360 [ 464.158737][ T31] schedule_preempt_disabled+0x13/0x30 [ 464.164285][ T31] __mutex_lock+0x724/0xe80 [ 464.170481][ T31] ? __lock_acquire+0xab9/0xd20 [ 464.175660][ T31] ? __mutex_lock+0x51b/0xe80 [ 464.181161][ T31] ? udp_tunnel_nic_device_sync_work+0x29/0xa50 [ 464.187474][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 464.244669][ T31] ? __lock_acquire+0xab9/0xd20 [ 464.249715][ T31] udp_tunnel_nic_device_sync_work+0x29/0xa50 [ 464.255847][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 464.288077][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 464.294288][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 464.300475][ T31] process_scheduled_works+0xade/0x17b0 [ 464.306109][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 464.312659][ T31] worker_thread+0x8a0/0xda0 [ 464.317340][ T31] kthread+0x70e/0x8a0 [ 464.322634][ T31] ? __pfx_worker_thread+0x10/0x10 [ 464.327806][ T31] ? __pfx_kthread+0x10/0x10 [ 464.332839][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 464.338084][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 464.343995][ T31] ? __pfx_kthread+0x10/0x10 [ 464.349021][ T31] ret_from_fork+0x3fc/0x770 [ 464.353662][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 464.358897][ T31] ? __switch_to_asm+0x39/0x70 [ 464.363850][ T31] ? __switch_to_asm+0x33/0x70 [ 464.368715][ T31] ? __pfx_kthread+0x10/0x10 [ 464.373343][ T31] ret_from_fork_asm+0x1a/0x30 [ 464.378309][ T31] [ 464.381472][ T31] INFO: task kworker/u8:7:1148 blocked for more than 143 seconds. [ 464.389608][ T31] Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 [ 464.397505][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 464.407976][ T31] task:kworker/u8:7 state:D stack:22328 pid:1148 tgid:1148 ppid:2 task_flags:0x4208160 flags:0x00004000 [ 464.420506][ T31] Workqueue: ipv6_addrconf addrconf_dad_work [ 464.426640][ T31] Call Trace: [ 464.430422][ T31] [ 464.433406][ T31] __schedule+0x16f5/0x4d00 [ 464.437958][ T31] ? __lock_acquire+0xab9/0xd20 [ 464.443472][ T31] ? schedule+0x165/0x360 [ 464.448102][ T31] ? __pfx___schedule+0x10/0x10 [ 464.453348][ T31] ? schedule+0x91/0x360 [ 464.457653][ T31] schedule+0x165/0x360 [ 464.462420][ T31] schedule_preempt_disabled+0x13/0x30 [ 464.467944][ T31] __mutex_lock+0x724/0xe80 [ 464.472776][ T31] ? __mutex_lock+0x51b/0xe80 [ 464.477723][ T31] ? addrconf_dad_work+0x112/0x14b0 [ 464.483218][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 464.488682][ T31] ? do_raw_spin_lock+0x121/0x290 [ 464.493777][ T31] ? look_up_lock_class+0x74/0x170 [ 464.499380][ T31] addrconf_dad_work+0x112/0x14b0 [ 464.504465][ T31] ? __lock_acquire+0xab9/0xd20 [ 464.509786][ T31] ? __pfx_addrconf_dad_work+0x10/0x10 [ 464.515308][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 464.522492][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 464.527738][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 464.534176][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 464.540299][ T31] process_scheduled_works+0xade/0x17b0 [ 464.545944][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 464.552485][ T31] worker_thread+0x8a0/0xda0 [ 464.557126][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 464.563824][ T31] ? __kthread_parkme+0x7b/0x200 [ 464.568915][ T31] kthread+0x70e/0x8a0 [ 464.573057][ T31] ? __pfx_worker_thread+0x10/0x10 [ 464.578328][ T31] ? __pfx_kthread+0x10/0x10 [ 464.583159][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 464.588610][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 464.593878][ T31] ? __pfx_kthread+0x10/0x10 [ 464.598616][ T31] ret_from_fork+0x3fc/0x770 [ 464.603252][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 464.608459][ T31] ? __switch_to_asm+0x39/0x70 [ 464.613267][ T31] ? __switch_to_asm+0x33/0x70 [ 464.618075][ T31] ? __pfx_kthread+0x10/0x10 [ 464.622793][ T31] ret_from_fork_asm+0x1a/0x30 [ 464.627623][ T31] [ 464.630959][ T31] INFO: task dhcpcd:5512 blocked for more than 143 seconds. [ 464.638352][ T31] Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 [ 464.646020][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 464.660057][ T31] task:dhcpcd state:D stack:21384 pid:5512 tgid:5512 ppid:5511 task_flags:0x400140 flags:0x00004002 [ 464.673360][ T31] Call Trace: [ 464.676682][ T31] [ 464.680032][ T31] __schedule+0x16f5/0x4d00 [ 464.684630][ T31] ? __lock_acquire+0xab9/0xd20 [ 464.690169][ T31] ? schedule+0x165/0x360 [ 464.694820][ T31] ? __pfx___schedule+0x10/0x10 [ 464.700231][ T31] ? schedule+0x91/0x360 [ 464.704533][ T31] schedule+0x165/0x360 [ 464.709254][ T31] schedule_preempt_disabled+0x13/0x30 [ 464.714768][ T31] __mutex_lock+0x724/0xe80 [ 464.725404][ T31] ? __mutex_lock+0x51b/0xe80 [ 464.731507][ T31] ? rtnl_newlink+0x8db/0x1c70 [ 464.736369][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 464.741549][ T31] ? ns_capable+0x8a/0xf0 [ 464.745925][ T31] ? rtnl_link_get_net_capable+0x16a/0x350 [ 464.751883][ T31] rtnl_newlink+0x8db/0x1c70 [ 464.756761][ T31] ? __pfx_rtnl_newlink+0x10/0x10 [ 464.761936][ T31] ? rcu_is_watching+0x15/0xb0 [ 464.766742][ T31] ? trace_pelt_se_tp+0x39/0x130 [ 464.771776][ T31] ? __lock_acquire+0xab9/0xd20 [ 464.776684][ T31] ? __lock_acquire+0xab9/0xd20 [ 464.781945][ T31] ? is_bpf_text_address+0x26/0x2b0 [ 464.787220][ T31] ? is_bpf_text_address+0x292/0x2b0 [ 464.793022][ T31] ? is_bpf_text_address+0x26/0x2b0 [ 464.798652][ T31] ? kernel_text_address+0xa5/0xe0 [ 464.803956][ T31] ? __kernel_text_address+0xd/0x40 [ 464.809716][ T31] ? unwind_get_return_address+0x4d/0x90 [ 464.815417][ T31] ? __lock_acquire+0xab9/0xd20 [ 464.820809][ T31] ? __pfx_rtnl_newlink+0x10/0x10 [ 464.825876][ T31] rtnetlink_rcv_msg+0x7cf/0xb70 [ 464.831236][ T31] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 464.836402][ T31] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 464.842375][ T31] netlink_rcv_skb+0x205/0x470 [ 464.847187][ T31] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 464.852747][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 464.858533][ T31] ? netlink_deliver_tap+0x2e/0x1b0 [ 464.863776][ T31] ? netlink_deliver_tap+0x2e/0x1b0 [ 464.869163][ T31] netlink_unicast+0x758/0x8d0 [ 464.873984][ T31] netlink_sendmsg+0x805/0xb30 [ 464.880029][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 464.885377][ T31] ? __lock_acquire+0xab9/0xd20 [ 464.890335][ T31] ? aa_sock_msg_perm+0x94/0x160 [ 464.895313][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 464.900693][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 464.906024][ T31] __sock_sendmsg+0x219/0x270 [ 464.911129][ T31] ____sys_sendmsg+0x505/0x830 [ 464.915953][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 464.921775][ T31] ? import_iovec+0x74/0xa0 [ 464.926564][ T31] ___sys_sendmsg+0x21f/0x2a0 [ 464.931358][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 464.936653][ T31] ? __pfx_vfs_read+0x10/0x10 [ 464.941608][ T31] __x64_sys_sendmsg+0x19b/0x260 [ 464.946580][ T31] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 464.952408][ T31] ? __pfx_ksys_read+0x10/0x10 [ 464.957228][ T31] ? rcu_is_watching+0x15/0xb0 [ 464.962366][ T31] ? do_syscall_64+0xbe/0x3b0 [ 464.967099][ T31] do_syscall_64+0xfa/0x3b0 [ 464.971703][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.977815][ T31] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 464.984218][ T31] ? clear_bhb_loop+0x60/0xb0 [ 464.989054][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.994988][ T31] RIP: 0033:0x7f1534585407 [ 464.999473][ T31] RSP: 002b:00007fff3f1e12e0 EFLAGS: 00000202 ORIG_RAX: 000000000000002e [ 465.007924][ T31] RAX: ffffffffffffffda RBX: 00007f15344fb740 RCX: 00007f1534585407 [ 465.016089][ T31] RDX: 0000000000000000 RSI: 00007fff3f1f54c0 RDI: 0000000000000004 [ 465.024179][ T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 465.032292][ T31] R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff3f2056f0 [ 465.040358][ T31] R13: 00007f15344fb6c8 R14: 0000000000000030 R15: 00007fff3f1f54c0 [ 465.048686][ T31] [ 465.051835][ T31] INFO: task syz-executor:10250 blocked for more than 144 seconds. [ 465.061541][ T31] Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 [ 465.071165][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 465.081821][ T31] task:syz-executor state:D stack:21208 pid:10250 tgid:10250 ppid:1 task_flags:0x400140 flags:0x00004004 [ 465.095081][ T31] Call Trace: [ 465.100465][ T31] [ 465.103428][ T31] __schedule+0x16f5/0x4d00 [ 465.107962][ T31] ? kasan_save_free_info+0x46/0x50 [ 465.115179][ T31] ? __kasan_slab_free+0x62/0x70 [ 465.122716][ T31] ? __lock_acquire+0xab9/0xd20 [ 465.127608][ T31] ? schedule+0x165/0x360 [ 465.133899][ T31] ? __pfx___schedule+0x10/0x10 [ 465.140687][ T31] ? schedule+0x91/0x360 [ 465.144951][ T31] schedule+0x165/0x360 [ 465.150941][ T31] schedule_preempt_disabled+0x13/0x30 [ 465.156428][ T31] __mutex_lock+0x724/0xe80 [ 465.161329][ T31] ? __mutex_lock+0x51b/0xe80 [ 465.166333][ T31] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 465.171609][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 465.176672][ T31] ? __local_bh_enable_ip+0x12d/0x1c0 [ 465.182138][ T31] ? __nla_parse+0x40/0x60 [ 465.186602][ T31] inet_rtm_newaddr+0x3b0/0x18b0 [ 465.191665][ T31] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 465.197092][ T31] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 465.202834][ T31] rtnetlink_rcv_msg+0x7cf/0xb70 [ 465.207835][ T31] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 465.213040][ T31] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 465.218583][ T31] ? ref_tracker_free+0x63a/0x7d0 [ 465.223645][ T31] ? __copy_skb_header+0xa7/0x550 [ 465.228831][ T31] ? __pfx_ref_tracker_free+0x10/0x10 [ 465.234256][ T31] netlink_rcv_skb+0x205/0x470 [ 465.239101][ T31] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 465.244599][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 465.250003][ T31] ? netlink_deliver_tap+0x2e/0x1b0 [ 465.255242][ T31] ? netlink_deliver_tap+0x2e/0x1b0 [ 465.260544][ T31] netlink_unicast+0x758/0x8d0 [ 465.265576][ T31] netlink_sendmsg+0x805/0xb30 [ 465.270515][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 465.275844][ T31] ? aa_sock_msg_perm+0x94/0x160 [ 465.281210][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 465.286524][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 465.292226][ T31] __sock_sendmsg+0x219/0x270 [ 465.296959][ T31] __sys_sendto+0x3bd/0x520 [ 465.301932][ T31] ? __pfx___sys_sendto+0x10/0x10 [ 465.307019][ T31] ? fput_close_sync+0x119/0x200 [ 465.312387][ T31] ? __pfx_fput_close_sync+0x10/0x10 [ 465.317720][ T31] __x64_sys_sendto+0xde/0x100 [ 465.322557][ T31] do_syscall_64+0xfa/0x3b0 [ 465.327279][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 465.332564][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.338829][ T31] ? clear_bhb_loop+0x60/0xb0 [ 465.343541][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.349569][ T31] RIP: 0033:0x7f17ed5907bc [ 465.354150][ T31] RSP: 002b:00007fff20383f90 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 465.362629][ T31] RAX: ffffffffffffffda RBX: 00007f17ee2e4620 RCX: 00007f17ed5907bc [ 465.371044][ T31] RDX: 0000000000000028 RSI: 00007f17ee2e4670 RDI: 0000000000000003 [ 465.379122][ T31] RBP: 0000000000000000 R08: 00007fff20383fe4 R09: 000000000000000c [ 465.387112][ T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 465.395213][ T31] R13: 0000000000000000 R14: 00007f17ee2e4670 R15: 0000000000000000 [ 465.403284][ T31] [ 465.406346][ T31] INFO: task syz-executor:10330 blocked for more than 144 seconds. [ 465.414759][ T31] Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 [ 465.422710][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 465.431771][ T31] task:syz-executor state:D stack:21704 pid:10330 tgid:10330 ppid:1 task_flags:0x400140 flags:0x00004004 [ 465.444064][ T31] Call Trace: [ 465.447395][ T31] [ 465.450767][ T31] __schedule+0x16f5/0x4d00 [ 465.455320][ T31] ? kasan_save_free_info+0x46/0x50 [ 465.460815][ T31] ? __kasan_slab_free+0x62/0x70 [ 465.465788][ T31] ? __lock_acquire+0xab9/0xd20 [ 465.471161][ T31] ? schedule+0x165/0x360 [ 465.475538][ T31] ? __pfx___schedule+0x10/0x10 [ 465.480690][ T31] ? schedule+0x91/0x360 [ 465.484974][ T31] schedule+0x165/0x360 [ 465.489502][ T31] schedule_preempt_disabled+0x13/0x30 [ 465.494986][ T31] __mutex_lock+0x724/0xe80 [ 465.500510][ T31] ? __mutex_lock+0x51b/0xe80 [ 465.505245][ T31] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 465.510759][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 465.515828][ T31] ? __local_bh_enable_ip+0x12d/0x1c0 [ 465.521400][ T31] ? __nla_parse+0x40/0x60 [ 465.526063][ T31] inet_rtm_newaddr+0x3b0/0x18b0 [ 465.531150][ T31] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 465.536574][ T31] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 465.542296][ T31] rtnetlink_rcv_msg+0x7cf/0xb70 [ 465.547334][ T31] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 465.552571][ T31] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 465.558474][ T31] ? ref_tracker_free+0x63a/0x7d0 [ 465.563558][ T31] ? __copy_skb_header+0xa7/0x550 [ 465.569120][ T31] ? __pfx_ref_tracker_free+0x10/0x10 [ 465.574802][ T31] netlink_rcv_skb+0x205/0x470 [ 465.579920][ T31] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 465.585444][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 465.591327][ T31] ? netlink_deliver_tap+0x2e/0x1b0 [ 465.596577][ T31] ? netlink_deliver_tap+0x2e/0x1b0 [ 465.602015][ T31] netlink_unicast+0x758/0x8d0 [ 465.607020][ T31] netlink_sendmsg+0x805/0xb30 [ 465.612187][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 465.617531][ T31] ? aa_sock_msg_perm+0x94/0x160 [ 465.622802][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 465.628132][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 465.633522][ T31] __sock_sendmsg+0x219/0x270 [ 465.638282][ T31] __sys_sendto+0x3bd/0x520 [ 465.642852][ T31] ? __pfx___sys_sendto+0x10/0x10 [ 465.647926][ T31] ? fput_close_sync+0x119/0x200 [ 465.653524][ T31] ? __pfx_fput_close_sync+0x10/0x10 [ 465.659052][ T31] __x64_sys_sendto+0xde/0x100 [ 465.663863][ T31] do_syscall_64+0xfa/0x3b0 [ 465.668650][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.674960][ T31] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 465.681502][ T31] ? clear_bhb_loop+0x60/0xb0 [ 465.686224][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.692623][ T31] RIP: 0033:0x7fc55a7907bc [ 465.697067][ T31] RSP: 002b:00007ffc218f2c20 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 465.705592][ T31] RAX: ffffffffffffffda RBX: 00007fc55b4e4620 RCX: 00007fc55a7907bc [ 465.713641][ T31] RDX: 0000000000000028 RSI: 00007fc55b4e4670 RDI: 0000000000000003 [ 465.721852][ T31] RBP: 0000000000000000 R08: 00007ffc218f2c74 R09: 000000000000000c [ 465.730087][ T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 465.738091][ T31] R13: 0000000000000000 R14: 00007fc55b4e4670 R15: 0000000000000000 [ 465.746177][ T31] [ 465.749360][ T31] INFO: task syz.2.1033:10642 blocked for more than 145 seconds. [ 465.757133][ T31] Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 [ 465.770527][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 465.779543][ T31] task:syz.2.1033 state:D stack:25080 pid:10642 tgid:10640 ppid:5861 task_flags:0x400140 flags:0x00004004 [ 465.791555][ T31] Call Trace: [ 465.794860][ T31] [ 465.797817][ T31] __schedule+0x16f5/0x4d00 [ 465.802448][ T31] ? stack_trace_save+0x9c/0xe0 [ 465.807348][ T31] ? __lock_acquire+0xab9/0xd20 [ 465.812458][ T31] ? schedule+0x165/0x360 [ 465.816838][ T31] ? __pfx___schedule+0x10/0x10 [ 465.821981][ T31] ? schedule+0x91/0x360 [ 465.826277][ T31] schedule+0x165/0x360 [ 465.833609][ T31] schedule_preempt_disabled+0x13/0x30 [ 465.839498][ T31] __mutex_lock+0x724/0xe80 [ 465.844238][ T31] ? __mutex_lock+0x51b/0xe80 [ 465.849332][ T31] ? rtnl_dumpit+0x92/0x200 [ 465.853884][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 465.859230][ T31] ? __build_skb_around+0x257/0x3e0 [ 465.864468][ T31] ? __pfx_br_vlan_rtm_dump+0x10/0x10 [ 465.870094][ T31] rtnl_dumpit+0x92/0x200 [ 465.874478][ T31] netlink_dump+0x62a/0xe20 [ 465.879356][ T31] ? __pfx_netlink_dump+0x10/0x10 [ 465.884457][ T31] ? netlink_lookup+0x30/0x200 [ 465.889465][ T31] ? netlink_lookup+0x30/0x200 [ 465.894259][ T31] ? netlink_lookup+0x30/0x200 [ 465.899281][ T31] __netlink_dump_start+0x5cb/0x7e0 [ 465.904525][ T31] rtnetlink_rcv_msg+0x9eb/0xb70 [ 465.909749][ T31] ? __pfx_br_vlan_rtm_dump+0x10/0x10 [ 465.915170][ T31] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 465.922461][ T31] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 465.927961][ T31] ? ref_tracker_free+0x63a/0x7d0 [ 465.933084][ T31] ? __pfx_rtnl_dumpit+0x10/0x10 [ 465.938071][ T31] ? __pfx_br_vlan_rtm_dump+0x10/0x10 [ 465.943819][ T31] netlink_rcv_skb+0x205/0x470 [ 465.948861][ T31] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 465.954391][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 465.959825][ T31] ? netlink_deliver_tap+0x2e/0x1b0 [ 465.965070][ T31] ? netlink_deliver_tap+0x2e/0x1b0 [ 465.970389][ T31] netlink_unicast+0x758/0x8d0 [ 465.975205][ T31] netlink_sendmsg+0x805/0xb30 [ 465.980131][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 465.985726][ T31] ? aa_sock_msg_perm+0x94/0x160 [ 465.990780][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 465.996101][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 466.002580][ T31] __sock_sendmsg+0x219/0x270 [ 466.007317][ T31] ____sys_sendmsg+0x505/0x830 [ 466.012370][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 466.017750][ T31] ? import_iovec+0x74/0xa0 [ 466.022445][ T31] ___sys_sendmsg+0x21f/0x2a0 [ 466.027160][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 466.032563][ T31] ? __fget_files+0x2a/0x420 [ 466.037199][ T31] ? __fget_files+0x3a0/0x420 [ 466.042020][ T31] __x64_sys_sendmsg+0x19b/0x260 [ 466.047015][ T31] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 466.052615][ T31] ? rcu_is_watching+0x15/0xb0 [ 466.057443][ T31] ? do_syscall_64+0xbe/0x3b0 [ 466.062287][ T31] do_syscall_64+0xfa/0x3b0 [ 466.066844][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 466.072584][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.078973][ T31] ? clear_bhb_loop+0x60/0xb0 [ 466.083715][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.090174][ T31] RIP: 0033:0x7f4bce58e929 [ 466.094628][ T31] RSP: 002b:00007f4bcf4b5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 466.103406][ T31] RAX: ffffffffffffffda RBX: 00007f4bce7b5fa0 RCX: 00007f4bce58e929 [ 466.111533][ T31] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000005 [ 466.122365][ T31] RBP: 00007f4bce610b39 R08: 0000000000000000 R09: 0000000000000000 [ 466.131153][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 466.142252][ T31] R13: 0000000000000000 R14: 00007f4bce7b5fa0 R15: 00007ffd7927ff38 [ 466.151110][ T31] [ 466.154189][ T31] INFO: task syz.2.1033:10644 blocked for more than 145 seconds. [ 466.165956][ T31] Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 [ 466.173783][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 466.182712][ T31] task:syz.2.1033 state:D stack:28616 pid:10644 tgid:10640 ppid:5861 task_flags:0x400040 flags:0x00004004 [ 466.195272][ T31] Call Trace: [ 466.198795][ T31] [ 466.201778][ T31] __schedule+0x16f5/0x4d00 [ 466.206335][ T31] ? __lock_acquire+0xab9/0xd20 [ 466.211524][ T31] ? schedule+0x165/0x360 [ 466.215913][ T31] ? __pfx___schedule+0x10/0x10 [ 466.221851][ T31] ? schedule+0x91/0x360 [ 466.226150][ T31] schedule+0x165/0x360 [ 466.230404][ T31] schedule_preempt_disabled+0x13/0x30 [ 466.235921][ T31] __mutex_lock+0x724/0xe80 [ 466.240555][ T31] ? __mutex_lock+0x51b/0xe80 [ 466.245269][ T31] ? do_ip_setsockopt+0xeee/0x2d00 [ 466.250758][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 466.255847][ T31] ? __local_bh_enable_ip+0x12d/0x1c0 [ 466.261537][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 466.266795][ T31] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 466.272648][ T31] do_ip_setsockopt+0xeee/0x2d00 [ 466.277642][ T31] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 466.283152][ T31] ? __pfx___cgroup_bpf_run_filter_setsockopt+0x10/0x10 [ 466.290415][ T31] ? aa_sk_perm+0x81e/0x950 [ 466.294948][ T31] ? __pfx_aa_sk_perm+0x10/0x10 [ 466.299929][ T31] ip_setsockopt+0x66/0x110 [ 466.304490][ T31] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 466.310463][ T31] do_sock_setsockopt+0x25a/0x3e0 [ 466.315543][ T31] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 466.321235][ T31] ? __fget_files+0x2a/0x420 [ 466.325870][ T31] __x64_sys_setsockopt+0x18b/0x220 [ 466.337084][ T31] do_syscall_64+0xfa/0x3b0 [ 466.342951][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 466.348177][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.357537][ T31] ? clear_bhb_loop+0x60/0xb0 [ 466.362376][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.368542][ T31] RIP: 0033:0x7f4bce58e929 [ 466.373001][ T31] RSP: 002b:00007f4bcf494038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 466.381507][ T31] RAX: ffffffffffffffda RBX: 00007f4bce7b6080 RCX: 00007f4bce58e929 [ 466.389555][ T31] RDX: 000000000000002e RSI: 0000000000000000 RDI: 0000000000000007 [ 466.397789][ T31] RBP: 00007f4bce610b39 R08: 0000000000000108 R09: 0000000000000000 [ 466.405904][ T31] R10: 0000200000000480 R11: 0000000000000246 R12: 0000000000000000 [ 466.413949][ T31] R13: 0000000000000000 R14: 00007f4bce7b6080 R15: 00007ffd7927ff38 [ 466.422053][ T31] [ 466.425118][ T31] INFO: task syz.0.1034:10670 blocked for more than 145 seconds. [ 466.432931][ T31] Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 [ 466.440732][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 466.449499][ T31] task:syz.0.1034 state:D stack:25096 pid:10670 tgid:10670 ppid:5858 task_flags:0x400040 flags:0x00004004 [ 466.461572][ T31] Call Trace: [ 466.464889][ T31] [ 466.467854][ T31] __schedule+0x16f5/0x4d00 [ 466.472521][ T31] ? __lock_acquire+0xab9/0xd20 [ 466.477425][ T31] ? schedule+0x165/0x360 [ 466.481994][ T31] ? __pfx___schedule+0x10/0x10 [ 466.486940][ T31] ? schedule+0x91/0x360 [ 466.491967][ T31] schedule+0x165/0x360 [ 466.496419][ T31] schedule_preempt_disabled+0x13/0x30 [ 466.505084][ T31] __mutex_lock+0x724/0xe80 [ 466.510485][ T31] ? __mutex_lock+0x51b/0xe80 [ 466.515239][ T31] ? tun_chr_close+0x3e/0x1c0 [ 466.523438][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 466.529355][ T31] ? __pfx_tun_chr_close+0x10/0x10 [ 466.534533][ T31] tun_chr_close+0x3e/0x1c0 [ 466.540287][ T31] __fput+0x449/0xa70 [ 466.544343][ T31] task_work_run+0x1d1/0x260 [ 466.549105][ T31] ? __pfx_task_work_run+0x10/0x10 [ 466.554275][ T31] ? exit_to_user_mode_loop+0x40/0x110 [ 466.559945][ T31] exit_to_user_mode_loop+0xec/0x110 [ 466.565269][ T31] do_syscall_64+0x2bd/0x3b0 [ 466.572472][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 466.577699][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.584647][ T31] ? clear_bhb_loop+0x60/0xb0 [ 466.592392][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.599296][ T31] RIP: 0033:0x7f319978e929 [ 466.603748][ T31] RSP: 002b:00007ffd0dcf9b98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 466.615356][ T31] RAX: 0000000000000000 RBX: 00007f31999b7ba0 RCX: 00007f319978e929 [ 466.624090][ T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 466.635188][ T31] RBP: 00007f31999b7ba0 R08: 00000000000107ec R09: 0000001c0dcf9e8f [ 466.644005][ T31] R10: 00007f31999b7ac0 R11: 0000000000000246 R12: 000000000004dce0 [ 466.656592][ T31] R13: 00007f31999b6080 R14: ffffffffffffffff R15: 00007ffd0dcf9cb0 [ 466.665406][ T31] [ 466.669571][ T31] INFO: task syz.0.1034:10671 blocked for more than 145 seconds. [ 466.677346][ T31] Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 [ 466.685138][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 466.694133][ T31] task:syz.0.1034 state:D stack:25352 pid:10671 tgid:10670 ppid:5858 task_flags:0x400140 flags:0x00004004 [ 466.706548][ T31] Call Trace: [ 466.709933][ T31] [ 466.712900][ T31] __schedule+0x16f5/0x4d00 [ 466.717463][ T31] ? __lock_acquire+0xab9/0xd20 [ 466.722789][ T31] ? schedule+0x165/0x360 [ 466.727174][ T31] ? __pfx___schedule+0x10/0x10 [ 466.732407][ T31] ? schedule+0x91/0x360 [ 466.736706][ T31] schedule+0x165/0x360 [ 466.740976][ T31] schedule_preempt_disabled+0x13/0x30 [ 466.746476][ T31] __mutex_lock+0x724/0xe80 [ 466.751283][ T31] ? __mutex_lock+0x51b/0xe80 [ 466.756026][ T31] ? ieee80211_register_hw+0x2ec4/0x4120 [ 466.762164][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 466.767258][ T31] ieee80211_register_hw+0x2ec4/0x4120 [ 466.772872][ T31] ? ieee80211_register_hw+0x1471/0x4120 [ 466.778870][ T31] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 466.784819][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 466.791261][ T31] ? __hrtimer_setup+0x187/0x210 [ 466.796448][ T31] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 466.807644][ T31] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 466.813604][ T31] ? __pfx__printk+0x10/0x10 [ 466.818538][ T31] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 466.824651][ T31] ? __nla_validate_parse+0x251c/0x2d40 [ 466.830348][ T31] ? __sock_sendmsg+0x219/0x270 [ 466.835409][ T31] ? ____sys_sendmsg+0x505/0x830 [ 466.840507][ T31] hwsim_new_radio_nl+0xea4/0x1b10 [ 466.845848][ T31] ? __pfx___nla_validate_parse+0x10/0x10 [ 466.851880][ T31] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 466.857483][ T31] ? __nla_parse+0x40/0x60 [ 466.862014][ T31] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 466.868584][ T31] genl_family_rcv_msg_doit+0x215/0x300 [ 466.874210][ T31] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 466.880420][ T31] ? bpf_lsm_capable+0x9/0x20 [ 466.885298][ T31] ? security_capable+0x7e/0x2e0 [ 466.890498][ T31] genl_rcv_msg+0x60e/0x790 [ 466.895094][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 466.900220][ T31] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 466.906063][ T31] netlink_rcv_skb+0x205/0x470 [ 466.910908][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 466.915954][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 466.921369][ T31] ? down_read+0x1ad/0x2e0 [ 466.925823][ T31] genl_rcv+0x28/0x40 [ 466.929901][ T31] netlink_unicast+0x758/0x8d0 [ 466.934734][ T31] netlink_sendmsg+0x805/0xb30 [ 466.939625][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 466.944957][ T31] ? aa_sock_msg_perm+0x94/0x160 [ 466.949976][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 466.955326][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 466.961718][ T31] __sock_sendmsg+0x219/0x270 [ 466.966467][ T31] ____sys_sendmsg+0x505/0x830 [ 466.971363][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 466.976692][ T31] ? import_iovec+0x74/0xa0 [ 466.981313][ T31] ___sys_sendmsg+0x21f/0x2a0 [ 466.986026][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 466.991391][ T31] ? __fget_files+0x2a/0x420 [ 466.996042][ T31] ? __fget_files+0x3a0/0x420 [ 467.000856][ T31] __x64_sys_sendmsg+0x19b/0x260 [ 467.006091][ T31] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 467.011667][ T31] ? rcu_is_watching+0x15/0xb0 [ 467.016492][ T31] ? do_syscall_64+0xbe/0x3b0 [ 467.021419][ T31] do_syscall_64+0xfa/0x3b0 [ 467.025982][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 467.031293][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 467.037408][ T31] ? clear_bhb_loop+0x60/0xb0 [ 467.042810][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 467.048839][ T31] RIP: 0033:0x7f319978e929 [ 467.053290][ T31] RSP: 002b:00007f319a61f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 467.061853][ T31] RAX: ffffffffffffffda RBX: 00007f31999b5fa0 RCX: 00007f319978e929 [ 467.069938][ T31] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000008 [ 467.077960][ T31] RBP: 00007f3199810b39 R08: 0000000000000000 R09: 0000000000000000 [ 467.086068][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 467.094159][ T31] R13: 0000000000000000 R14: 00007f31999b5fa0 R15: 00007ffd0dcf9a38 [ 467.102682][ T31] [ 467.105806][ T31] [ 467.105806][ T31] Showing all locks held in the system: [ 467.114129][ T31] 3 locks held by kworker/u8:1/13: [ 467.119639][ T31] #0: ffff88814d4f1148 ((wq_completion)udp_tunnel_nic){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 467.131711][ T31] #1: ffffc90000127bc0 ((work_completion)(&utn->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 467.143520][ T31] #2: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: udp_tunnel_nic_device_sync_work+0x29/0xa50 [ 467.154366][ T31] 1 lock held by khungtaskd/31: [ 467.159339][ T31] #0: ffffffff8e13ee20 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 467.169538][ T31] 3 locks held by kworker/u8:7/1148: [ 467.174856][ T31] #0: ffff88802fc95148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 467.186627][ T31] #1: ffffc90003e87bc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 467.200115][ T31] #2: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x112/0x14b0 [ 467.209859][ T31] 2 locks held by kworker/u8:8/3017: [ 467.215570][ T31] #0: ffff8880b8739f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 467.225687][ T31] #1: ffff8880b8723f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39a/0x6d0 [ 467.237490][ T31] 1 lock held by dhcpcd/5512: [ 467.242311][ T31] #0: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 467.251624][ T31] 2 locks held by getty/5606: [ 467.256321][ T31] #0: ffff88803092a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 467.266252][ T31] #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 467.276668][ T31] 3 locks held by kworker/1:3/5835: [ 467.282176][ T31] #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 467.293265][ T31] #1: ffffc900043d7bc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 467.304409][ T31] #2: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 467.315166][ T31] 3 locks held by kworker/1:5/5930: [ 467.320742][ T31] #0: ffff88801a481d48 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 467.333419][ T31] #1: ffffc900050dfbc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 467.344622][ T31] #2: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x95/0xf00 [ 467.354391][ T31] 3 locks held by kworker/u8:9/9029: [ 467.360008][ T31] 1 lock held by syz-executor/10250: [ 467.365331][ T31] #0: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 467.374898][ T31] 1 lock held by syz-executor/10330: [ 467.383564][ T31] #0: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 467.393878][ T31] 2 locks held by syz.3.1032/10641: [ 467.402425][ T31] #0: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: dev_ioctl+0x7a4/0x1150 [ 467.412125][ T31] #1: ffff888011b12d20 (&dev_instance_lock_key#14){+.+.}-{4:4}, at: napi_disable+0x4e/0x80 [ 467.425810][ T31] 2 locks held by syz.2.1033/10642: [ 467.431938][ T31] #0: ffff8880327566d0 (nlk_cb_mutex-ROUTE){+.+.}-{4:4}, at: __netlink_dump_start+0xfe/0x7e0 [ 467.445573][ T31] #1: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dumpit+0x92/0x200 [ 467.455706][ T31] 1 lock held by syz.2.1033/10644: [ 467.465082][ T31] #0: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: do_ip_setsockopt+0xeee/0x2d00 [ 467.474670][ T31] 1 lock held by syz.0.1034/10670: [ 467.480072][ T31] #0: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0 [ 467.489524][ T31] 3 locks held by syz.0.1034/10671: [ 467.494763][ T31] #0: ffffffff8f583db0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 467.503399][ T31] #1: ffffffff8f583bc8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 467.512504][ T31] #2: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_register_hw+0x2ec4/0x4120 [ 467.522838][ T31] 1 lock held by syz-executor/10675: [ 467.528159][ T31] #0: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 467.537777][ T31] 1 lock held by syz-executor/10678: [ 467.543318][ T31] #0: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 467.552918][ T31] 1 lock held by syz-executor/10681: [ 467.558374][ T31] #0: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 467.567876][ T31] 1 lock held by syz-executor/10685: [ 467.573337][ T31] #0: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 467.582905][ T31] 1 lock held by syz-executor/10689: [ 467.588261][ T31] #0: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 467.597746][ T31] 1 lock held by syz-executor/10693: [ 467.603179][ T31] #0: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 467.612707][ T31] 1 lock held by syz-executor/10698: [ 467.618010][ T31] #0: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 467.627879][ T31] 1 lock held by syz-executor/10701: [ 467.633270][ T31] #0: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 467.643117][ T31] 1 lock held by syz-executor/10704: [ 467.648744][ T31] #0: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 467.658622][ T31] 1 lock held by syz-executor/10709: [ 467.663943][ T31] #0: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 467.673711][ T31] 1 lock held by syz-executor/10715: [ 467.680510][ T31] #0: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 467.690363][ T31] 1 lock held by syz-executor/10718: [ 467.696007][ T31] #0: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 467.705547][ T31] 1 lock held by syz-executor/10721: [ 467.711431][ T31] #0: ffffffff8f51f048 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 467.720982][ T31] [ 467.723564][ T31] ============================================= [ 467.723564][ T31] [ 467.732157][ T31] NMI backtrace for cpu 0 [ 467.732177][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 467.732217][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 467.732231][ T31] Call Trace: [ 467.732240][ T31] [ 467.732249][ T31] dump_stack_lvl+0x189/0x250 [ 467.732282][ T31] ? __wake_up_klogd+0xd9/0x110 [ 467.732317][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 467.732349][ T31] ? __pfx__printk+0x10/0x10 [ 467.732395][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 467.732427][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 467.732449][ T31] ? _printk+0xcf/0x120 [ 467.732484][ T31] ? __pfx__printk+0x10/0x10 [ 467.732516][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 467.732556][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 467.732585][ T31] watchdog+0xfee/0x1030 [ 467.732612][ T31] ? watchdog+0x1de/0x1030 [ 467.732645][ T31] kthread+0x70e/0x8a0 [ 467.732682][ T31] ? __pfx_watchdog+0x10/0x10 [ 467.732704][ T31] ? __pfx_kthread+0x10/0x10 [ 467.732738][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 467.732766][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 467.732794][ T31] ? __pfx_kthread+0x10/0x10 [ 467.732826][ T31] ret_from_fork+0x3fc/0x770 [ 467.732855][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 467.732886][ T31] ? __switch_to_asm+0x39/0x70 [ 467.732915][ T31] ? __switch_to_asm+0x33/0x70 [ 467.732942][ T31] ? __pfx_kthread+0x10/0x10 [ 467.732975][ T31] ret_from_fork_asm+0x1a/0x30 [ 467.733021][ T31] [ 467.733030][ T31] Sending NMI from CPU 0 to CPUs 1: [ 467.891331][ C1] NMI backtrace for cpu 1 [ 467.891354][ C1] CPU: 1 UID: 0 PID: 3017 Comm: kworker/u8:8 Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 467.891378][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 467.891391][ C1] Workqueue: bat_events batadv_nc_worker [ 467.891428][ C1] RIP: 0010:__lock_acquire+0x845/0xd20 [ 467.891456][ C1] Code: 41 29 cc 44 31 e2 44 01 f9 41 29 d7 89 d6 c1 c6 06 44 31 fe 01 ca 89 f0 c1 c0 08 29 f1 31 c8 01 d6 29 c2 89 c1 c1 c1 10 31 d1 <01> f0 41 89 cf 41 c1 c7 13 29 ce 41 31 f7 01 c1 44 29 f8 44 01 f9 [ 467.891473][ C1] RSP: 0018:ffffc9000be3f8f0 EFLAGS: 00000086 [ 467.891489][ C1] RAX: 00000000073ab086 RBX: 0000000000000002 RCX: 00000000c45ffa30 [ 467.891501][ C1] RDX: 0000000074d9fd0a RSI: 000000007f7dbfc4 RDI: ffff88802f76da00 [ 467.891513][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8b3e5262 [ 467.891524][ C1] R10: dffffc0000000000 R11: ffffffff8b3e5190 R12: 000000003c9e681b [ 467.891555][ C1] R13: ffff88802f76e4f0 R14: ffff88802f76e540 R15: 00000000a3aca7f6 [ 467.891569][ C1] FS: 0000000000000000(0000) GS:ffff888125d14000(0000) knlGS:0000000000000000 [ 467.891596][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 467.891608][ C1] CR2: 00005555be60f000 CR3: 00000000244f8000 CR4: 00000000003526f0 [ 467.891624][ C1] Call Trace: [ 467.891632][ C1] [ 467.891646][ C1] ? batadv_nc_worker+0xd2/0x610 [ 467.891666][ C1] lock_acquire+0x120/0x360 [ 467.891685][ C1] ? batadv_nc_worker+0xd2/0x610 [ 467.891709][ C1] ? batadv_nc_worker+0xd2/0x610 [ 467.891730][ C1] ? batadv_nc_worker+0xd2/0x610 [ 467.891750][ C1] batadv_nc_worker+0xef/0x610 [ 467.891771][ C1] ? batadv_nc_worker+0xd2/0x610 [ 467.891792][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 467.891816][ C1] process_scheduled_works+0xade/0x17b0 [ 467.891852][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 467.891882][ C1] worker_thread+0x8a0/0xda0 [ 467.891917][ C1] kthread+0x70e/0x8a0 [ 467.891950][ C1] ? __pfx_worker_thread+0x10/0x10 [ 467.891971][ C1] ? __pfx_kthread+0x10/0x10 [ 467.891997][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 467.892020][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 467.892044][ C1] ? __pfx_kthread+0x10/0x10 [ 467.892069][ C1] ret_from_fork+0x3fc/0x770 [ 467.892091][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 467.892113][ C1] ? __switch_to_asm+0x39/0x70 [ 467.892138][ C1] ? __switch_to_asm+0x33/0x70 [ 467.892160][ C1] ? __pfx_kthread+0x10/0x10 [ 467.892186][ C1] ret_from_fork_asm+0x1a/0x30 [ 467.892219][ C1] [ 467.897331][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 468.153446][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-syzkaller-01140-g6a971e48e2d8 #0 PREEMPT(full) [ 468.165278][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 468.175460][ T31] Call Trace: [ 468.178770][ T31] [ 468.181741][ T31] dump_stack_lvl+0x99/0x250 [ 468.186535][ T31] ? __asan_memcpy+0x40/0x70 [ 468.191167][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 468.196392][ T31] ? __pfx__printk+0x10/0x10 [ 468.201013][ T31] panic+0x2db/0x790 [ 468.204929][ T31] ? __pfx_panic+0x10/0x10 [ 468.209379][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 468.215219][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 468.220622][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 468.226819][ T31] watchdog+0x102d/0x1030 [ 468.231189][ T31] ? watchdog+0x1de/0x1030 [ 468.235626][ T31] kthread+0x70e/0x8a0 [ 468.239713][ T31] ? __pfx_watchdog+0x10/0x10 [ 468.244488][ T31] ? __pfx_kthread+0x10/0x10 [ 468.249127][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 468.254357][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 468.259593][ T31] ? __pfx_kthread+0x10/0x10 [ 468.264234][ T31] ret_from_fork+0x3fc/0x770 [ 468.268871][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 468.274021][ T31] ? __switch_to_asm+0x39/0x70 [ 468.278821][ T31] ? __switch_to_asm+0x33/0x70 [ 468.283612][ T31] ? __pfx_kthread+0x10/0x10 [ 468.288237][ T31] ret_from_fork_asm+0x1a/0x30 [ 468.293051][ T31] [ 468.296631][ T31] Kernel Offset: disabled [ 468.300982][ T31] Rebooting in 86400 seconds..