last executing test programs: 2.602054342s ago: executing program 4 (id=3954): syz_emit_ethernet(0x3e, 0x0, 0x0) (async) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000000200)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0xffffffff, 0x0, 0xfffffffe}, 0x10}, 0x94) 2.512393783s ago: executing program 4 (id=3956): r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) socket$nl_netfilter(0x10, 0x3, 0xc) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0xb, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x38}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x3, 0x800, @empty, 0xfffffffe}}, 0x80000, 0x0, 0x0, 0x0, 0xb3550aa4ba878396, 0x0, 0x4}, 0x9c) recvmmsg(0xffffffffffffffff, &(0x7f0000003e00)=[{{0x0, 0x0, 0x0}, 0x1c5}], 0x1, 0x40000000, 0x0) 1.906557515s ago: executing program 3 (id=3963): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000040)={'veth0_to_team\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x41}}) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xec, 0x14, 0x324, 0x70bd2b, 0x25dfdbfe, {0x28, 0xfc}, [@INET_DIAG_REQ_BYTECODE={0xd7, 0x1, "f847f3c9aa13fef50d223f531edb978c4570083340390d6e27d2e6a960f4e4decb3fd9c95fdc6b3fb2e466acdd43ab73e3014616c173dd03a8db94a7141d5997657a20da0b6e77b4905cc69d570c7b4fb12ae5d35a99218a5e45c31a57c12cadd94386ba48d505ad381206b4baa3f0943022e6097869e2da8fda6b41afb32a484beb90c8d57c27526c4becf627ec0d6f065af81a19b7ed5365085707a5f30b6baac834288b0df38107c7e9ef434d4e48a83fc17c9562ef6464c26d58bb82b03c998bb3578cfcc591e8cb795a9526e4eb75c279"}]}, 0xec}, 0x1, 0x0, 0x0, 0x40000}, 0x40) connect$pppoe(0xffffffffffffffff, &(0x7f0000000240)={0x18, 0x0, {0x2, @local, 'dummy0\x00'}}, 0x1e) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_J1939_FILTER(r3, 0x6b, 0x1, &(0x7f00000002c0)=[{0x0, 0x1, {0x2, 0x1, 0xd41603799c246bfa}, {0x0, 0x1, 0x1}, 0x2, 0xff}, {0x1, 0x1, {0x0, 0x1}, {0x1, 0xff}, 0x1, 0xfe}, {0x3, 0x2, {0x1, 0x0, 0x3}, {0x1, 0xf0, 0x3}, 0xfe, 0x1}], 0x60) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000340)={r2}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r2) sendmsg$NL80211_CMD_START_P2P_DEVICE(r4, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x20, r5, 0x300, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x8, 0x67}}}}, ["", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4000010}, 0x40) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r3}, &(0x7f00000004c0), &(0x7f0000000500)=r2}, 0x20) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000580), r6) sendmsg$SEG6_CMD_SETHMAC(r4, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x14040000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x54, r7, 0x4, 0x70bd28, 0x25dfdbfc, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x4}, @SEG6_ATTR_SECRET={0x14, 0x4, [0x5f5, 0xda2, 0x401, 0x11a6]}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x8}, @SEG6_ATTR_HMACKEYID={0x8}, @SEG6_ATTR_DST={0x14, 0x1, @remote}]}, 0x54}, 0x1, 0x0, 0x0, 0xc0d0}, 0x8081) recvfrom$x25(r2, &(0x7f0000000700)=""/4096, 0x1000, 0x0, &(0x7f0000001700)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x0}}, 0x12) sendmsg$NL80211_CMD_STOP_NAN(r6, &(0x7f0000001800)={&(0x7f0000001740)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000017c0)={&(0x7f0000001780)={0x20, r5, 0x20, 0x70bd2b, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x5, 0x3d}}}}, ["", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000010}, 0x10) sendmsg$SMC_PNETID_FLUSH(r6, &(0x7f0000001900)={&(0x7f0000001840)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000018c0)={&(0x7f0000001880)={0x3c, 0x0, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'rose0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}]}, 0x3c}}, 0x34044091) r8 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_SET_FEATURE(r8, &(0x7f0000001a00)={&(0x7f0000001940)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000019c0)={&(0x7f0000001980)={0x20, 0x3fa, 0x400, 0x70bd26, 0x25dfdbfc, {0x1, 0x0, 0x0, 0x1}, ["", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x40001}, 0xa4b30a1caeed85ba) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000001a40)={0x0, @in6={{0xa, 0x4e22, 0x40, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x401}}, [0xdf4, 0x1, 0x1, 0x3, 0x2, 0x3c0ff725, 0x7, 0x1, 0x0, 0x1cb73cbd, 0xaf9, 0x6, 0x0, 0x1]}, &(0x7f0000001b40)=0x100) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r3, &(0x7f0000001c40)={&(0x7f0000001b80)={0x10, 0x0, 0x0, 0x10004008}, 0xc, &(0x7f0000001c00)={&(0x7f0000001bc0)={0x14, 0x4, 0x1, 0x201, 0x0, 0x0, {0x7, 0x0, 0x6}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x44040}, 0x40040) r9 = openat$cgroup_ro(r3, &(0x7f0000001cc0)='cpuacct.stat\x00', 0x0, 0x0) syz_genetlink_get_family_id$wireguard(&(0x7f0000001c80), r9) syz_genetlink_get_family_id$wireguard(&(0x7f0000001d00), r3) r10 = accept4$phonet_pipe(r4, &(0x7f0000001d40), &(0x7f0000001d80)=0x10, 0x800) readv(r10, &(0x7f0000001e80)=[{&(0x7f0000001dc0)=""/155, 0x9b}], 0x1) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000021c0)={r9, 0xe0, &(0x7f00000020c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000001ec0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x7, &(0x7f0000001f00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001f80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x2c, &(0x7f0000001fc0)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000002000), &(0x7f0000002040), 0x8, 0x99, 0x8, 0x8, &(0x7f0000002080)}}, 0x10) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000002200)={r4}) ioctl$BTRFS_IOC_QUOTA_RESCAN(r1, 0x4040942c, &(0x7f0000002240)={0x0, 0x1, [0x0, 0x9, 0x1ff, 0x8001, 0x3, 0x9]}) recvmsg$kcm(r9, &(0x7f0000003400)={&(0x7f0000002280)=@caif=@util, 0x80, &(0x7f0000003300)=[{&(0x7f0000002300)=""/4096, 0x1000}], 0x1, &(0x7f0000003340)=""/153, 0x99}, 0x20) 1.864028503s ago: executing program 3 (id=3965): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, 0xffffffffffffffff, 0x0, 0x9}, 0x18) unshare(0x2000400) r0 = socket(0x28, 0x5, 0x0) bind$inet6(r0, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x144}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x5}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x6, 0x40004}, @TCA_FQ_TIMER_SLACK={0x8, 0xd, 0x2b3}]}}]}, 0x40}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$tun(0xffffffffffffff9c, &(0x7f0000000580), 0x802, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000880)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "1200b0", 0x30, 0x3a, 0x0, @empty, @mcast2, {[], @dest_unreach={0xa0, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "277382", 0x0, 0x0, 0x0, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}}}}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1.695986807s ago: executing program 3 (id=3969): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r3 = socket(0x10, 0x3, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x10, 0x11, 0x0, 0x1, @counter={{0xc}, @void}}]}, @NFT_MSG_NEWSETELEM={0x68, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x3c, 0x3, 0x0, 0x1, [{0x38, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x2c, 0xb, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc, 0x1, 0x1, 0x0, 0x8}, @NFTA_QUOTA_FLAGS={0x8}]}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xfc}}, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) socket$igmp(0x2, 0x3, 0x2) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x3c, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0xb86}, @TCA_TBF_PARMS={0x28, 0x1, {{0xa, 0x2, 0xffff, 0x7, 0xcc, 0x3}, {0x0, 0x1, 0x7, 0x8, 0x7f, 0x9}, 0xa6, 0x7, 0x1bb6}}, @TCA_TBF_BURST={0x8, 0x6, 0x7f}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) write$tun(r0, &(0x7f00000002c0)={@val={0x0, 0x86dd}, @val={0x0, 0x1, 0x11, 0x4, 0x0, 0xca6}, @mpls={[], @ipv6=@gre_packet={0xe, 0x6, "ec00be", 0x44, 0x2f, 0xff, @local, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x2000, 0x3}, {0x0, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x1}, {0xa888, 0x88be, 0x2, {{0x6, 0x1, 0x9, 0x2, 0x1, 0x0, 0x3, 0x5}, 0x1, {0x88a8}}}, {0x8, 0x22eb, 0x20000, {{0x0, 0x2, 0xc, 0x0, 0x0, 0x2, 0x7, 0x8}, 0x2, {0x2, 0x4, 0x0, 0x5, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}, 0xfdef) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x14, 0x0, 0x3, 0x5}, 0x14}}, 0x0) sendmsg$IPSET_CMD_DEL(r8, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x30, 0xa, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x6}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_PROTO={0x5, 0x7, 0x6}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0xffffffff}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) 1.633325303s ago: executing program 4 (id=3972): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000400)={r3}, 0x8) close(r4) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r3, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r5 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={r5, r4, 0x0, 0x0, 0x0}, 0x30) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd26, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0500000007000000040000000200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000001000"/28], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000005c0)={r7, &(0x7f00000002c0), &(0x7f0000000580)=@tcp}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r7, &(0x7f0000000080)="a3", &(0x7f0000000180)=@tcp6, 0x2}, 0x20) r8 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f00000014c0), 0x2, 0x0) write$6lowpan_enable(r8, &(0x7f0000001500)='0', 0x1) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r9, &(0x7f0000000640)=[{&(0x7f0000000240)='u', 0x1}], 0x1, 0x4) ioctl$sock_ax25_SIOCDELRT(r9, 0x890c, &(0x7f00000004c0)={@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x7, [@null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @null, @bcast, @default, @default]}) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write(r11, &(0x7f0000000680)="4eded3380304", 0x6) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x2, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000004000000ffff1700c4000000000028009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x93, &(0x7f0000000100)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x17, 0x10, 0x0, 0x0, 0x61e5cc96}, 0x22) splice(r11, &(0x7f0000000040), r10, 0x0, 0x800000000ff, 0x0) r12 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r12, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r12, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWRULE={0x38, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0xa, 0x7, 0x1, 0x0, "10c998226244"}]}], {0x14}}, 0x60}}, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="840000001000f5a400000000ffdbd72500000000", @ANYRES32=0x0, @ANYBLOB="00000000000000006400128009000100626f6e640000000054000280050001000500000005000d000200000008000200", @ANYRES32=r6], 0x84}}, 0x20008004) 1.335993186s ago: executing program 3 (id=3976): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000100)='htcp', 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @sack_perm, @window={0x3, 0x3, 0x401}, @window], 0x63) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12) recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x1, 0x10}, {0xffff, 0xffff}, {0xa, 0xf}}}, 0x24}}, 0x40) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) bind$tipc(0xffffffffffffffff, &(0x7f0000000200)=@name={0x1e, 0x2, 0x3, {{0x1}}}, 0x10) r7 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r7, &(0x7f0000000100)=@name={0x1e, 0x2, 0x2, {{0x42}, 0x4}}, 0x10) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000240)=@name={0x1e, 0x2, 0x1, {{0x42, 0x1}}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x24008984}, 0x845) write$cgroup_subtree(r6, &(0x7f0000000140)=ANY=[], 0x32600) r8 = socket(0x1e, 0x5, 0x0) recvmmsg(r8, &(0x7f0000003c40)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000540)=""/228, 0xe4}], 0x1}}], 0x1, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0x82, 0x0, &(0x7f0000000280)) 1.31843739s ago: executing program 2 (id=3978): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000280)='veth0\x00', 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000680)={&(0x7f0000000200)=@in={0x2, 0x0, @local}, 0x10, &(0x7f00000005c0)=[{&(0x7f0000000240)="02", 0x1}], 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000008400000007000000ac1414aa"], 0x18}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x4a21027ab5026f7d, 0x4, &(0x7f0000000040)=ANY=[@ANYRES32=r0], &(0x7f0000000000)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1c}, 0x94) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@ipv4_newroute={0x2c, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_IP_PROTO={0x5}, @RTA_UID={0x8}]}, 0x2c}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x16, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="7a0a00ff00000028711091ff0000000095"], &(0x7f0000000480)='syzkaller\x00', 0x4}, 0x94) close(r1) 1.195589793s ago: executing program 4 (id=3981): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'dh\x00', 0x1, 0x4, 0x72}, 0x2c) r1 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x4, 0x6, 0x77}, {@remote, 0x4e20, 0x10001, 0xc, 0x2}}, 0x44) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00'}, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940)) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000440)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000400)={&(0x7f00000000c0)={0x190, 0x10, 0x100, 0x70bd2d, 0x25dfdbfe, {0x17}, [@generic="869e0921d733a90e5e016d6d63753dd69720c678974f53a96a5eadcf0c777db194f59ba29110286b85458a0bea29e2b59935bbbbcac551f3b150c1d1d3e93fe86d9a8fc871f4c60b2907f4787f183f6b56266c49b4d84a60134cdf5dd22ebf9ebcf9bcbd5ead35d32980fc17b6241ef08f5148e783c401b58aa8dd74df50b5233ad77ffa61500093c364d924e1e7a7c9e5b36cbc1c68f36aa0", @nested={0xd1, 0x122, 0x0, 0x1, [@typed={0x14, 0x7e, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @nested={0x4, 0x129}, @nested={0x4, 0xb2}, @generic="a4f1a39434858e415db1a341c61564e5eec703804ddbf3cd71f2a48ee1f4bafd4eeca9ed149661bec1bb78dcca238027afed8530dc7b0838d2c04a3b745ec48fd7549df36e8793678daf9e69c37399b962af343b16a468a1839b948cee1f9af647b98fa56929451205f181a80d62979692b0dfe27bd7764cd81522621a6e8fb7e9d1e4bb68ccb1e184f52f8c47c87d9cfc733bb6f1bf9853b05440a4088f599c16edb0e5515172e4fb58aac39a", @nested={0x4, 0xcd}]}, @nested={0x4, 0x88}, @typed={0x8, 0x7c, 0x0, 0x0, @ipv4=@dev={0xac, 0x14, 0x14, 0x33}}]}, 0x190}, 0x1, 0x0, 0x0, 0x20000050}, 0x20000040) r5 = socket(0x9, 0x1, 0x8) syz_emit_ethernet(0x3a, &(0x7f0000000240)={@local, @link_local, @val={@void, {0x4305, 0x0, 0x0, 0x4}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0xfffc, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0x6}}}}}}, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) recvmsg$unix(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r8 = accept4(r6, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f00000158c0), 0x10b8c}}, 0x0) bind$inet6(r5, &(0x7f0000000000)={0xa, 0xfffd, 0x0, @dev={0xfe, 0x80, '\x00', 0x2d}}, 0x1c) connect$pppl2tp(r5, &(0x7f0000000480)=@pppol2tp={0x18, 0x1, {0x0, r4, {0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x3, 0x1, 0x2, 0x2}}, 0x26) socket$inet6_sctp(0xa, 0x801, 0x84) 1.083992638s ago: executing program 2 (id=3984): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, 0xffffffffffffffff, 0x0, 0x9}, 0x18) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x144}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x5}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x6, 0x40004}, @TCA_FQ_TIMER_SLACK={0x8, 0xd, 0x2b3}]}}]}, 0x40}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$tun(0xffffffffffffff9c, &(0x7f0000000580), 0x802, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) sendmmsg(r0, &(0x7f0000000ec0)=[{{&(0x7f00000002c0)=@l2tp={0x2, 0x0, @private=0xa010100, 0x4}, 0x80, &(0x7f0000000340)=[{&(0x7f00000006c0)="cc5c84001214dbd9e5943aa8a315357330c56529d6b619a78687eea13ea02981afbb0fab70e8c3ab037cd82bd48f4947702a177974e7eff5f2ccdec909645f69e3dea5153157374459f6a21ba8609552d9ada54e81b0f19b55b77cf382ad229baa9decce1ea639a300f1fa65b945a0e29d36cb8ed369e91698c0", 0x7a}, {&(0x7f00000007c0)="a960e57530b65741465209e7c6235055450b1ed3da8592b928d8e20971659d8e3ca392643af5fa7ae0e3455099a5f7b857afa34cbf9962bdc9db46a15e7dcf9412a2b98b6ae75ca1bd7eae82d94855e9ced28430f77527b7c0b999eab05883ce32fa9b99187b196d53939db62b2b37c0cd0dea2a1be6f97dbcd0937bb416c3fb74a9d08d9afa4c86a507485b0e6821ba9d82e6b8522a6eba1734eccbc5659567aa08b5b93be09bc2a6d6319acbd1aeb751f8e9b7ce9e2f", 0xb7}], 0x2}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000880)="90b9f79fecb3ad0dc00ca95fb148a3ba4355cee5ce27d2c10d8474464a37dea0c1ab2a961404f5aa5493cdadb4b6bf4131e96c0aef0f89065db2aa551c68ce3fa911638fd608ff9e30cce409b6e516e59c272cdbbb88c83dc61199d70f8f7e05d9639d278d53151a6720a51979ffd78dcc1a000929160435bd61e3f36c78b9bd5baef79be54e53", 0x87}, {&(0x7f0000000a40)}], 0x3}}], 0x2, 0x11) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x20, 0x0, 0x2, 0x12, @loopback, @mcast2, 0x10, 0x10, 0x6, 0x101}}) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3", 0x8}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1.069283738s ago: executing program 0 (id=3986): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = accept4$nfc_llcp(0xffffffffffffffff, &(0x7f0000000040), &(0x7f00000000c0)=0x60, 0x800) shutdown(r2, 0x0) write$tun(r0, &(0x7f00000002c0)={@val={0x0, 0x86dd}, @val={0x0, 0x1, 0x11, 0x4, 0x0, 0xca6}, @mpls={[], @ipv6=@gre_packet={0xe, 0x6, "ec00be", 0x44, 0x2f, 0xff, @local, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x2000, 0x3}, {0x0, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x1}, {0xa888, 0x88be, 0x2, {{0x6, 0x1, 0x9, 0x2, 0x1, 0x0, 0x3, 0x5}, 0x1, {0x88a8}}}, {0x8, 0x22eb, 0x20000, {{0x0, 0x2, 0xc, 0x0, 0x0, 0x2, 0x7, 0x8}, 0x2, {0x2, 0x4, 0x0, 0x5, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}, 0xfdef) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) 1.035628055s ago: executing program 2 (id=3987): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000500000000000000b64f7110b5000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(0x4) socket$phonet_pipe(0x23, 0x5, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket(0x25, 0x5, 0x0) socket$phonet(0x23, 0x2, 0x1) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000050000000900010073797a30000000002c000000030a01010000000000000000050000000900010073797a30000000000900030073797a"], 0xc8}}, 0x0) socket$packet(0x11, 0x3, 0x300) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x1}, 0x28) socket$inet_mptcp(0x2, 0x1, 0x106) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r1, 0x20, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400)=r2, 0x4) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x20000, 0x0) socket(0x400000000010, 0x3, 0x0) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) 959.929576ms ago: executing program 1 (id=3988): r0 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) (async, rerun: 64) r1 = socket$tipc(0x1e, 0x5, 0x0) (rerun: 64) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x14, 0x2, 0x6, 0x5}, 0x14}}, 0x0) (async) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="2400000020000100cdca76860000000002008000000000000000000008000200ac1e0001"], 0x24}}, 0x0) (async) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0xfffd, 0x0, 0x0, 0x5a1}, 0x9c) (async) connect$tipc(r0, &(0x7f0000000940)=@name={0x1e, 0x2, 0x1, {{0x1, 0x1}, 0x2}}, 0x10) (async) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000005c40)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000080)=@newtaction={0x64, 0x30, 0x9, 0x0, 0x0, {}, [{0x50, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6}, @TCA_ACT_BPF_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) (async) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10) (async) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000b80)={{0x14}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x28}, 0x1, 0x0, 0x0, 0x84c1}, 0x0) (async, rerun: 32) r7 = socket$alg(0x26, 0x5, 0x0) (rerun: 32) bind$alg(r7, &(0x7f00000002c0)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-sse2\x00'}, 0x58) (async) clock_gettime(0x17, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000a40)={0x1, {{0xa, 0x4e22, 0x2, @mcast2, 0xfffffff7}}, {{0xa, 0x4e24, 0x4, @rand_addr=' \x01\x00'}}}, 0x108) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) r8 = accept4(r7, 0x0, 0x0, 0x0) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r8, 0x0, 0x44004) r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r9, 0x112, 0xa, 0x0, 0x0) (async, rerun: 64) sendmsg$IPSET_CMD_HEADER(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000009c0)=ANY=[@ANYRESDEC=r6, @ANYRESOCT], 0x40}, 0x1, 0x0, 0x0, 0x8004}, 0x60044800) (async, rerun: 64) ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$kcm(r8, &(0x7f00000008c0)={&(0x7f0000000140)=@ll={0x11, 0x11, r10, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f0000000840)=[{&(0x7f00000001c0)="481c8899a63c9c90b37cbcb84363bd4510d2b7b359ef67f6adaa2a7ab642904ea05aac05336f21a4176f", 0x2a}, {&(0x7f0000000480)="7932450ef008840dad85e407730407453d4792f1ded18d29b0e00ba2a40cbf78fbf85a2c307271489ed7834117514819603064b5702082fc2c3e45f8336e5d2f3528dc439a06fbcf771e6d52350e71392f8221dfad227a19246c3b71d299b403d50a2ae3d51ae7ebb57fd07dbebb05d332dd7da28d75686b049e5d2a6d2a8516b6141c5ca6d83fe97e75b1ad70e48512341e6747c735abb4077419d5899fafbf034b6fb1", 0xa4}, {&(0x7f0000000540)="b6475c1694c678fb4eecfa6fb713785eabc3e263c99b4a418ac4c3f7c725ffe62f3efa404577a439eb783e22524dc50dcbd3361063cf2511ff902cc6b92f317fef16ce84594bcc60a7574536770a968a023b040cc5832d30088cc242b40d74369ef3ab8a4b2914b3fed59efb0cead470749fcc828b8dbd58b1bde0f71b65db30655a79ef6b4e403393028c8aa45bc14e1f3f72a06335f8190cf8f91fcad2ee4222fff0b67d24a8c2c2da5e8ce8cdd7cc03c64a0045e195dce6e7945a436d5d87ad7506e572ea9ed5ff5ec07680e82818062396f6", 0xd4}, {&(0x7f0000000240)="84458eed04d07e7490a3097b39e14e8b062dec443a8598526a6ce63d14ab959529e923fb9b733adb4ba69436bfb7264a236d0d9de92a62c71e21d3d8bf45582cf4ecf40c48cd8501b293437628b6b4cf2ac4f686b219eab1d9312f5e4d8310992f5e0e6499559c978bfd6b32e634fc5aebb4f836", 0x74}, {&(0x7f0000000640)="2501ad16427f85", 0x7}, {&(0x7f0000000680)="d853f22734864d5714b81ae7328f10e5fd9b843e34abd1a22b9d36cf9859f9c790c984bf1539d837682c6b6910c789bf2fa4e82914a3ff816d01ea2c6c2807839750489c5d5c0f1a3d87351f4b8dafaf5c9c479a7976d722b243a40826d8684c3bf41f6c7df151e47a88ab517449e8da192e7a863915fa86378e81a9897fa916d0f8b9eda7f35971b6dda7d70e756d8de576f2a274f10070bce24f746d50abba3b55c987d48b9321e28a549049b907ce586c44da4895b4f4", 0xb8}, {&(0x7f0000000740)="a89250db4ef9783881bf444ab2d4a1a3567e015eff27c972aed642ee6cb732a1a095e139e5e0d912e359f12a9a57a6e00cbd6795ac637d75ab618a474b937284086fd3ac19ef0068e738a4dbdb480a2dd745fec41aa5d3c2aa3aade5f91af61ce3837cd19ba9c0924c64349100e125dd7b463d92e53fcfecd70dda47a30b9e3cce3936d9884f5b6aa2584523ee983b8644783888aedadc87c0a6f4e711554293fba379beb73b1fdffba7eead75165ecef0313b8c6722d9f02b565161c684470b37de32a19a98fa2596ec144560e1b1", 0xcf}], 0x7}, 0x20000000) (async) sendmsg$tipc(r1, &(0x7f00000002c0)={&(0x7f0000000040)=@name={0x1e, 0x2, 0x2, {{0x43, 0x3}}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x841}, 0x4) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000900)='./cgroup/syz1\x00', 0x1ff) 920.602737ms ago: executing program 2 (id=3989): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000002000000000000000000001e95"], &(0x7f0000000040)='GPL\x00'}, 0x90) ppoll(0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000000)="fef351f64d23421a5b4e415288ca", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x4c) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x21b4b}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x3b}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0) 878.785064ms ago: executing program 1 (id=3990): r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, 0x0, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000100)={0x0, @in6={{0xa, 0x4e21, 0x5, @local, 0x8}}}, &(0x7f0000000080)=0x84) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1400000003010101"], 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x0) recvmmsg(r1, &(0x7f0000003e00)=[{{0x0, 0x0, 0x0}, 0x1c5}], 0x1, 0x40000000, 0x0) (fail_nth: 1) 711.011463ms ago: executing program 0 (id=3991): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000180)=0xfffffff7, 0x4) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000080)=0x0) sendmmsg(r0, &(0x7f0000005d00)=[{{&(0x7f0000000000)=@nfc_llcp={0x27, r1, 0xffffffffffffffff, 0x7, 0x7, 0xc5, "e64e0ab466a65c8a14e120a2d73152a4361f0d2cf7818ef3b2b6d80e27a37525c1241a2a6026ff00f86f06453ce0edfe03f6d3a1068c65343ef853934d4411", 0x34}, 0x80, 0x0}}], 0x1, 0x44080) 710.62113ms ago: executing program 0 (id=3992): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x144}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x5}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x6, 0x40004}, @TCA_FQ_TIMER_SLACK={0x8, 0xd, 0x2b3}]}}]}, 0x40}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$tun(0xffffffffffffff9c, &(0x7f0000000580), 0x802, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) sendmmsg(r0, &(0x7f0000000ec0)=[{{&(0x7f00000002c0)=@l2tp={0x2, 0x0, @private=0xa010100, 0x4}, 0x80, &(0x7f0000000340)=[{&(0x7f00000006c0)="cc5c84001214dbd9e5943aa8a315357330c56529d6b619a78687eea13ea02981afbb0fab70e8c3ab037cd82bd48f4947702a177974e7eff5f2ccdec909645f69e3dea5153157374459f6a21ba8609552d9ada54e81b0f19b55b77cf382ad229baa9decce1ea639a300f1fa65b945a0e29d36cb8ed369e91698c0", 0x7a}, {&(0x7f00000007c0)="a960e57530b65741465209e7c6235055450b1ed3da8592b928d8e20971659d8e3ca392643af5fa7ae0e3455099a5f7b857afa34cbf9962bdc9db46a15e7dcf9412a2b98b6ae75ca1bd7eae82d94855e9ced28430f77527b7c0b999eab05883ce32fa9b99187b196d53939db62b2b37c0cd0dea2a1be6f97dbcd0937bb416c3fb74a9d08d9afa4c86a507485b0e6821ba9d82e6b8522a6eba1734eccbc5659567aa08b5b93be09bc2a6d6319acbd1aeb751f8e9b7ce9e2f", 0xb7}], 0x2}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000880)="90b9f79fecb3ad0dc00ca95fb148a3ba4355cee5ce27d2c10d8474464a37dea0c1ab2a961404f5aa5493cdadb4b6bf4131e96c0aef0f89065db2aa551c68ce3fa911638fd608ff9e30cce409b6e516e59c272cdbbb88c83dc61199d70f8f7e05d9639d278d53151a6720a51979ffd78dcc1a000929160435bd61e3f36c78b9bd5baef79be54e53", 0x87}, {&(0x7f0000000a40)}], 0x3}}], 0x2, 0x11) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@bloom_filter={0x1e, 0x4f5b9e40, 0x8, 0x96282c4, 0x2040, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x45, 0x4, 0x2, 0x4}, 0x50) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed88", 0x3a}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 656.692073ms ago: executing program 1 (id=3993): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, 0xffffffffffffffff, 0x0, 0x9}, 0x18) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x144}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x5}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x6, 0x40004}, @TCA_FQ_TIMER_SLACK={0x8, 0xd, 0x2b3}]}}]}, 0x40}}, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000580), 0x802, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) sendmmsg(r0, &(0x7f0000000ec0)=[{{&(0x7f00000002c0)=@l2tp={0x2, 0x0, @private=0xa010100, 0x4}, 0x80, &(0x7f0000000340)=[{&(0x7f00000006c0)="cc5c84001214dbd9e5943aa8a315357330c56529d6b619a78687eea13ea02981afbb0fab70e8c3ab037cd82bd48f4947702a177974e7eff5f2ccdec909645f69e3dea5153157374459f6a21ba8609552d9ada54e81b0f19b55b77cf382ad229baa9decce1ea639a300f1fa65b945a0e29d36cb8ed369e91698c0", 0x7a}, {&(0x7f00000007c0)="a960e57530b65741465209e7c6235055450b1ed3da8592b928d8e20971659d8e3ca392643af5fa7ae0e3455099a5f7b857afa34cbf9962bdc9db46a15e7dcf9412a2b98b6ae75ca1bd7eae82d94855e9ced28430f77527b7c0b999eab05883ce32fa9b99187b196d53939db62b2b37c0cd0dea2a1be6f97dbcd0937bb416c3fb74a9d08d9afa4c86a507485b0e6821ba9d82e6b8522a6eba1734eccbc5659567aa08b5b93be09bc2a6d6319acbd1aeb751f8e9b7ce9e2f", 0xb7}], 0x2}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000880)="90b9f79fecb3ad0dc00ca95fb148a3ba4355cee5ce27d2c10d8474464a37dea0c1ab2a961404f5aa5493cdadb4b6bf4131e96c0aef0f89065db2aa551c68ce3fa911638fd608ff9e30cce409b6e516e59c272cdbbb88c83dc61199d70f8f7e05d9639d278d53151a6720a51979ffd78dcc1a000929160435bd61e3f36c78b9bd5baef79be54e53", 0x87}, {&(0x7f0000000a40)}], 0x3}}], 0x2, 0x11) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@bloom_filter={0x1e, 0x4f5b9e40, 0x8, 0x96282c4, 0x2040, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x45, 0x4, 0x2, 0x4}, 0x50) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x20, 0x0, 0x2, 0x12, @loopback, @mcast2, 0x10, 0x10, 0x6, 0x101}}) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={0x0, 0x6f4}}, 0x0) 431.497488ms ago: executing program 1 (id=3994): r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r0, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10) connect$llc(r0, &(0x7f0000000240)={0x1a, 0x5, 0x0, 0x8, 0x1}, 0x10) (async) connect$llc(r0, &(0x7f0000000040)={0x1a, 0x10e, 0x7, 0x7, 0x0, 0xcf, @random="f396630999e1"}, 0x10) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)={0x54, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}]}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x54}}, 0x0) (async) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[], 0x7c}}, 0x10) (async) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x58, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x48, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x24, 0x5, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0xd}, @NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0xe}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xb0}}, 0x0) 429.426762ms ago: executing program 3 (id=3995): r0 = socket$kcm(0x10, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8481f0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) 372.194417ms ago: executing program 0 (id=3996): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, 0xffffffffffffffff, 0x0, 0x9}, 0x18) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x144}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$tun(0xffffffffffffff9c, &(0x7f0000000580), 0x802, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) sendmmsg(r0, &(0x7f0000000ec0)=[{{&(0x7f00000002c0)=@l2tp={0x2, 0x0, @private=0xa010100, 0x4}, 0x80, &(0x7f0000000340)=[{&(0x7f00000006c0)="cc5c84001214dbd9e5943aa8a315357330c56529d6b619a78687eea13ea02981afbb0fab70e8c3ab037cd82bd48f4947702a177974e7eff5f2ccdec909645f69e3dea5153157374459f6a21ba8609552d9ada54e81b0f19b55b77cf382ad229baa9decce1ea639a300f1fa65b945a0e29d36cb8ed369e91698c0", 0x7a}, {&(0x7f00000007c0)="a960e57530b65741465209e7c6235055450b1ed3da8592b928d8e20971659d8e3ca392643af5fa7ae0e3455099a5f7b857afa34cbf9962bdc9db46a15e7dcf9412a2b98b6ae75ca1bd7eae82d94855e9ced28430f77527b7c0b999eab05883ce32fa9b99187b196d53939db62b2b37c0cd0dea2a1be6f97dbcd0937bb416c3fb74a9d08d9afa4c86a507485b0e6821ba9d82e6b8522a6eba1734eccbc5659567aa08b5b93be09bc2a6d6319acbd1aeb751f8e9b7ce9e2f", 0xb7}], 0x2}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000880)="90b9f79fecb3ad0dc00ca95fb148a3ba4355cee5ce27d2c10d8474464a37dea0c1ab2a961404f5aa5493cdadb4b6bf4131e96c0aef0f89065db2aa551c68ce3fa911638fd608ff9e30cce409b6e516e59c272cdbbb88c83dc61199d70f8f7e05d9639d278d53151a6720a51979ffd78dcc1a000929160435bd61e3f36c78b9bd5baef79be54e53", 0x87}, {&(0x7f0000000a40)}], 0x3}}], 0x2, 0x11) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@bloom_filter={0x1e, 0x4f5b9e40, 0x8, 0x96282c4, 0x2040, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x45, 0x4, 0x2, 0x4}, 0x50) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x20, 0x0, 0x2, 0x12, @loopback, @mcast2, 0x10, 0x10, 0x6, 0x101}}) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={0x0, 0x6f4}}, 0x0) 367.604287ms ago: executing program 2 (id=3997): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, 0xffffffffffffffff, 0x0, 0x9}, 0x18) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x144}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x5}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x6, 0x40004}, @TCA_FQ_TIMER_SLACK={0x8, 0xd, 0x2b3}]}}]}, 0x40}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$tun(0xffffffffffffff9c, &(0x7f0000000580), 0x802, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) sendmmsg(r0, &(0x7f0000000ec0)=[{{&(0x7f00000002c0)=@l2tp={0x2, 0x0, @private=0xa010100, 0x4}, 0x80, &(0x7f0000000340)=[{&(0x7f00000006c0)="cc5c84001214dbd9e5943aa8a315357330c56529d6b619a78687eea13ea02981afbb0fab70e8c3ab037cd82bd48f4947702a177974e7eff5f2ccdec909645f69e3dea5153157374459f6a21ba8609552d9ada54e81b0f19b55b77cf382ad229baa9decce1ea639a300f1fa65b945a0e29d36cb8ed369e91698c0", 0x7a}, {&(0x7f00000007c0)="a960e57530b65741465209e7c6235055450b1ed3da8592b928d8e20971659d8e3ca392643af5fa7ae0e3455099a5f7b857afa34cbf9962bdc9db46a15e7dcf9412a2b98b6ae75ca1bd7eae82d94855e9ced28430f77527b7c0b999eab05883ce32fa9b99187b196d53939db62b2b37c0cd0dea2a1be6f97dbcd0937bb416c3fb74a9d08d9afa4c86a507485b0e6821ba9d82e6b8522a6eba1734eccbc5659567aa08b5b93be09bc2a6d6319acbd1aeb751f8e9b7ce9e2f", 0xb7}], 0x2}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000880)="90b9f79fecb3ad0dc00ca95fb148a3ba4355cee5ce27d2c10d8474464a37dea0c1ab2a961404f5aa5493cdadb4b6bf4131e96c0aef0f89065db2aa551c68ce3fa911638fd608ff9e30cce409b6e516e59c272cdbbb88c83dc61199d70f8f7e05d9639d278d53151a6720a51979ffd78dcc1a000929160435bd61e3f36c78b9bd5baef79be54e53", 0x87}, {&(0x7f0000000a40)}], 0x3}}], 0x2, 0x11) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x20, 0x0, 0x2, 0x12, @loopback, @mcast2, 0x10, 0x10, 0x6, 0x101}}) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3", 0x8}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 289.640153ms ago: executing program 4 (id=3998): r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000180)={0xffffffffffffffff, 0xe98e, 0x8}, 0xc) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000001c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x3}, 0x50) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000540)={0x1, 0x58, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x2c, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_HT={0x4}]}]}]}, 0x2c}}, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r7, &(0x7f0000000080)=ANY=[], 0x10448) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000006c0)={0xffffffffffffffff, 0x20, &(0x7f0000000680)={&(0x7f00000005c0)=""/12, 0xc, 0x0, &(0x7f0000000600)=""/128, 0x80}}, 0x10) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='memory.events.local\x00', 0x275a, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000009c0)={0x0}, &(0x7f0000000a00)=0xc) sendmsg$AUDIT_SET(r9, &(0x7f0000000ac0)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x3c, 0x3e9, 0x8, 0x70bd2a, 0x25dfdbfc, {0x40, 0x0, 0x2, r10, 0xfffffffa, 0xbc, 0x101, 0x4, 0x0, 0x2, 0x4}, ["", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x4054}, 0x3) write$cgroup_devices(r9, 0x0, 0x0) r11 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x1}, 0x50) r12 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1b00000000000000000000000900000000000000", @ANYRES32, @ANYBLOB="ff07000000008d7b11e72d28dc97f6e8d7d74af700"/30, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="02000000020000000200"/28], 0x50) socket(0xb, 0x80000, 0x9) bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x7, 0x1d, &(0x7f0000000240)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @jmp={0x5, 0x0, 0x2, 0x7, 0x8, 0x0, 0x10}, @exit, @call={0x85, 0x0, 0x0, 0x4f}, @cb_func={0x18, 0x4, 0x4, 0x0, 0xfffffffffffffffc}, @map_val={0x18, 0x6, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x7}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}}, @printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}], &(0x7f0000000b80)='GPL\x00', 0x778, 0xcc, &(0x7f00000003c0)=""/204, 0x41000, 0x3, '\x00', r3, @fallback=0x2a, r7, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000580)={0x1002, 0x4, 0x6, 0xff2}, 0x10, r8, r9, 0x5, &(0x7f0000000800)=[r11, r12], &(0x7f0000000840)=[{0x5, 0x2, 0xb, 0x2}, {0x2, 0x3, 0x1, 0x5}, {0x2, 0x1, 0x1, 0x9}, {0x2, 0x5, 0x4}, {0x1, 0x3, 0x4, 0x4}], 0x10, 0x1}, 0x94) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @private=0xa010102}, 0x10) sendto$inet(r0, &(0x7f00000000c0)="9ebf47e426d87f9194c853c10fc9818a59ae3c8c5a5c157f9715686811cc826724ff0b51b1d3963fa4d5be1f740b25e80b8afcefcd8671b05eda4d0a133a6b7b508ab49d3af84eb9eeb681cc9f45409cf844650488909105ad0b1fa1718aabd5efec664cf7675bb23bd190d83782b740315c8e3689b9bdf850455ff0ce40f72177bd7ad2acaee1f6a41b57d1ebcc583ef4b1d24205fc1a7227154bd71b5a54eba1c19891965ad2c3de8e538c6e894579e7632392ea47ec50dc", 0xb9, 0x0, &(0x7f0000000380)={0x2, 0x4e24, @remote}, 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x23, 0x0, 0x0) r13 = socket$inet6_sctp(0xa, 0x801, 0x84) r14 = socket$nl_generic(0x10, 0x3, 0x10) r15 = syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_SET(r14, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000280)={0x44, r15, 0x1, 0x0, 0x0, {0x2c}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x58, 0x4}]}, 0x44}}, 0x20000000) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r13, 0x84, 0x7c, 0x0, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={0x0, 0xfffff001}, &(0x7f0000000080)=0x8) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000b00)={0x3, 0x4, 0x4, 0xa, 0x0, r12, 0x7, '\x00', r3, r9, 0x0, 0x0, 0x3}, 0x50) 288.81855ms ago: executing program 1 (id=3999): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xb, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffffdd, 0xa}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x48}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0xb5, 0x10, &(0x7f0000000000), 0x7, 0x0, 0xffffffffffffffff, 0x300}, 0x48) 240.09527ms ago: executing program 2 (id=4000): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000140)=[@in6={0xa, 0x4e20, 0x4a, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}], 0x1c) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f00000000c0)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x80440d0}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000280)={'wg2\x00'}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, 0x0) recvmmsg(r1, 0x0, 0x0, 0x40, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r3}, 0x18) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'wg2\x00', @multicast}) r4 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_buf(r5, 0x6, 0x1a, 0x0, &(0x7f0000000380)) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @local}, 0x10) r6 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0x6}, 0x10) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_WOL_SET(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="010027bd8e00000000000a0000000400028004000500"], 0x1c}}, 0x0) setsockopt$llc_int(r4, 0x10c, 0x6, &(0x7f0000000000), 0x4) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e21, @local}}}, 0x84) 239.727217ms ago: executing program 3 (id=4001): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @private1={0xfc, 0x1, '\x00', 0x3}, 0x7}, 0x1c) listen(r1, 0xfffffffc) r2 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000440)={0x0, 0x10, &(0x7f0000000400)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000480)=0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000200), &(0x7f0000000280)=0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r7, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r7, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5", 0x4) r9 = accept4(r8, 0x0, 0x0, 0x800) sendmmsg$alg(r9, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r9, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000600)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x5a}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x18, 0x6, 0x1, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@window={0x3, 0x3, 0x5}]}}}}}}}}, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=ANY=[@ANYBLOB="28001df7e5210d28d442000010005fba00000000", @ANYRES32=0x0, @ANYBLOB="00010000e180000008001b0000000000"], 0x28}}, 0x0) sendmsg$NL80211_CMD_SET_COALESCE(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001340)={0x14, 0x0, 0x100, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x840}, 0x44885) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r9, 0x89f3, &(0x7f0000000700)={'syztnl1\x00', &(0x7f0000000680)={'ip6tnl0\x00', 0x0, 0x4, 0x9, 0x7f, 0x80, 0x11, @empty, @empty, 0x8, 0x8000, 0x7, 0x2b0}}) sendto$packet(r9, &(0x7f00000004c0)="5130fbf3f0b49ea27c6676ab86559c32e24a362e6d703dc72fa639fcfef5a49322977d24e341ad305b1190f551a084d0eb7006a924fcbdaa399ea0747b0564e292b01e706056b9d4e0a3850ff39a6ef0c507759e48030bc44273b112a904b04a476c56736b93143b062f79b54f06f0826e3587ed72d1e4f3c3c8797893d7da6a3fb718513c6781754011748e781503d18e8785b00b5cdf39af749f951b84e3afde05cb5362aca46c3b95808e962e6a887022efba8edfdf5a83d0552bf99161b8d2", 0xc1, 0x8804, &(0x7f0000000740)={0x11, 0x1c, r10, 0x1, 0x9, 0x6, @local}, 0x14) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r4, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) 227.948622ms ago: executing program 0 (id=4002): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, 0xffffffffffffffff, 0x0, 0x9}, 0x18) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x144}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x5}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x6, 0x40004}, @TCA_FQ_TIMER_SLACK={0x8, 0xd, 0x2b3}]}}]}, 0x40}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$tun(0xffffffffffffff9c, &(0x7f0000000580), 0x802, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) sendmmsg(r0, &(0x7f0000000ec0)=[{{&(0x7f00000002c0)=@l2tp={0x2, 0x0, @private=0xa010100, 0x4}, 0x80, &(0x7f0000000340)=[{&(0x7f00000006c0)="cc5c84001214dbd9e5943aa8a315357330c56529d6b619a78687eea13ea02981afbb0fab70e8c3ab037cd82bd48f4947702a177974e7eff5f2ccdec909645f69e3dea5153157374459f6a21ba8609552d9ada54e81b0f19b55b77cf382ad229baa9decce1ea639a300f1fa65b945a0e29d36cb8ed369e91698c0", 0x7a}, {&(0x7f00000007c0)="a960e57530b65741465209e7c6235055450b1ed3da8592b928d8e20971659d8e3ca392643af5fa7ae0e3455099a5f7b857afa34cbf9962bdc9db46a15e7dcf9412a2b98b6ae75ca1bd7eae82d94855e9ced28430f77527b7c0b999eab05883ce32fa9b99187b196d53939db62b2b37c0cd0dea2a1be6f97dbcd0937bb416c3fb74a9d08d9afa4c86a507485b0e6821ba9d82e6b8522a6eba1734eccbc5659567aa08b5b93be09bc2a6d6319acbd1aeb751f8e9b7ce9e2f", 0xb7}], 0x2}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000880)="90b9f79fecb3ad0dc00ca95fb148a3ba4355cee5ce27d2c10d8474464a37dea0c1ab2a961404f5aa5493cdadb4b6bf4131e96c0aef0f89065db2aa551c68ce3fa911638fd608ff9e30cce409b6e516e59c272cdbbb88c83dc61199d70f8f7e05d9639d278d53151a6720a51979ffd78dcc1a000929160435bd61e3f36c78b9bd5baef79be54e53", 0x87}, {&(0x7f0000000a40)}], 0x3}}], 0x2, 0x11) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@bloom_filter={0x1e, 0x4f5b9e40, 0x8, 0x96282c4, 0x2040, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x45, 0x4, 0x2, 0x4}, 0x50) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x20, 0x0, 0x2, 0x12, @loopback, @mcast2, 0x10, 0x10, 0x6, 0x101}}) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r2, 0x0, 0x0) 156.99331ms ago: executing program 1 (id=4003): r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, 0x0, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000100)={0x0, @in6={{0xa, 0x4e21, 0x5, @local, 0x8}}}, &(0x7f0000000080)=0x84) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1400000003010101"], 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x0) recvmmsg(r1, &(0x7f0000003e00)=[{{0x0, 0x0, 0x0}, 0x1c5}], 0x1, 0x40000000, 0x0) (fail_nth: 2) 82.527201ms ago: executing program 0 (id=4004): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, 0xffffffffffffffff, 0x0, 0x9}, 0x18) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x144}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x5}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x6, 0x40004}, @TCA_FQ_TIMER_SLACK={0x8, 0xd, 0x2b3}]}}]}, 0x40}}, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000580), 0x802, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) sendmmsg(r0, &(0x7f0000000ec0)=[{{&(0x7f00000002c0)=@l2tp={0x2, 0x0, @private=0xa010100, 0x4}, 0x80, &(0x7f0000000340)=[{&(0x7f00000006c0)="cc5c84001214dbd9e5943aa8a315357330c56529d6b619a78687eea13ea02981afbb0fab70e8c3ab037cd82bd48f4947702a177974e7eff5f2ccdec909645f69e3dea5153157374459f6a21ba8609552d9ada54e81b0f19b55b77cf382ad229baa9decce1ea639a300f1fa65b945a0e29d36cb8ed369e91698c0", 0x7a}, {&(0x7f00000007c0)="a960e57530b65741465209e7c6235055450b1ed3da8592b928d8e20971659d8e3ca392643af5fa7ae0e3455099a5f7b857afa34cbf9962bdc9db46a15e7dcf9412a2b98b6ae75ca1bd7eae82d94855e9ced28430f77527b7c0b999eab05883ce32fa9b99187b196d53939db62b2b37c0cd0dea2a1be6f97dbcd0937bb416c3fb74a9d08d9afa4c86a507485b0e6821ba9d82e6b8522a6eba1734eccbc5659567aa08b5b93be09bc2a6d6319acbd1aeb751f8e9b7ce9e2f", 0xb7}], 0x2}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000880)="90b9f79fecb3ad0dc00ca95fb148a3ba4355cee5ce27d2c10d8474464a37dea0c1ab2a961404f5aa5493cdadb4b6bf4131e96c0aef0f89065db2aa551c68ce3fa911638fd608ff9e30cce409b6e516e59c272cdbbb88c83dc61199d70f8f7e05d9639d278d53151a6720a51979ffd78dcc1a000929160435bd61e3f36c78b9bd5baef79be54e53", 0x87}, {&(0x7f0000000a40)}], 0x3}}], 0x2, 0x11) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@bloom_filter={0x1e, 0x4f5b9e40, 0x8, 0x96282c4, 0x2040, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x45, 0x4, 0x2, 0x4}, 0x50) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x20, 0x0, 0x2, 0x12, @loopback, @mcast2, 0x10, 0x10, 0x6, 0x101}}) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={0x0, 0x6f4}}, 0x0) 0s ago: executing program 4 (id=4005): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000100)='htcp', 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @sack_perm, @window={0x3, 0x3, 0x401}, @window], 0x63) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12) recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x1, 0x10}, {0xffff, 0xffff}, {0xa, 0xf}}}, 0x24}}, 0x40) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) bind$tipc(0xffffffffffffffff, &(0x7f0000000200)=@name={0x1e, 0x2, 0x3, {{0x1}}}, 0x10) r7 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r7, &(0x7f0000000100)=@name={0x1e, 0x2, 0x2, {{0x42}, 0x4}}, 0x10) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000240)=@name={0x1e, 0x2, 0x1, {{0x42, 0x1}}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x24008984}, 0x845) write$cgroup_subtree(r6, &(0x7f0000000140)=ANY=[], 0x32600) r8 = socket(0x1e, 0x5, 0x0) recvmmsg(r8, &(0x7f0000003c40)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000540)=""/228, 0xe4}], 0x1}}], 0x1, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0x82, 0x0, &(0x7f0000000280)) kernel console output (not intermixed with test programs): 89 01 48 [ 273.289454][T14027] RSP: 002b:00007f0fd43c0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 273.289473][T14027] RAX: ffffffffffffffda RBX: 00007f0fd37e5fa0 RCX: 00007f0fd358f6c9 [ 273.289486][T14027] RDX: 0000000000000040 RSI: 0000200000000e40 RDI: 0000000000000003 [ 273.289498][T14027] RBP: 00007f0fd43c0090 R08: 0000000000000000 R09: 0000000000000000 [ 273.289509][T14027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 273.289520][T14027] R13: 00007f0fd37e6038 R14: 00007f0fd37e5fa0 R15: 00007ffd6bf65838 [ 273.289553][T14027] [ 273.682081][T14008] chnl_net:caif_netlink_parms(): no params data found [ 273.881950][T14008] bridge0: port 1(bridge_slave_0) entered blocking state [ 273.890261][T14008] bridge0: port 1(bridge_slave_0) entered disabled state [ 273.898542][T14008] bridge_slave_0: entered allmulticast mode [ 273.911475][T14008] bridge_slave_0: entered promiscuous mode [ 273.924866][T14008] bridge0: port 2(bridge_slave_1) entered blocking state [ 273.932281][T14008] bridge0: port 2(bridge_slave_1) entered disabled state [ 273.939559][T14008] bridge_slave_1: entered allmulticast mode [ 273.947579][T14008] bridge_slave_1: entered promiscuous mode [ 274.015938][T14008] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 274.036390][T14047] gtp0: entered promiscuous mode [ 274.044534][T14047] gtp0: entered allmulticast mode [ 274.054309][T14008] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 274.158231][T14008] team0: Port device team_slave_0 added [ 274.183994][T14008] team0: Port device team_slave_1 added [ 274.302298][T14064] FAULT_INJECTION: forcing a failure. [ 274.302298][T14064] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 274.315896][T14064] CPU: 1 UID: 0 PID: 14064 Comm: syz.4.2924 Not tainted syzkaller #0 PREEMPT(full) [ 274.315921][T14064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 274.315931][T14064] Call Trace: [ 274.315938][T14064] [ 274.315946][T14064] dump_stack_lvl+0x189/0x250 [ 274.315973][T14064] ? __pfx____ratelimit+0x10/0x10 [ 274.316005][T14064] ? __pfx_dump_stack_lvl+0x10/0x10 [ 274.316026][T14064] ? __pfx__printk+0x10/0x10 [ 274.316044][T14064] ? __might_fault+0xb0/0x130 [ 274.316078][T14064] should_fail_ex+0x414/0x560 [ 274.316107][T14064] _copy_from_user+0x2d/0xb0 [ 274.316129][T14064] sctp_setsockopt+0x19f/0x1200 [ 274.316147][T14064] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 274.316172][T14064] do_sock_setsockopt+0x17c/0x1b0 [ 274.316195][T14064] __x64_sys_setsockopt+0x13f/0x1b0 [ 274.316218][T14064] do_syscall_64+0xfa/0xfa0 [ 274.316240][T14064] ? lockdep_hardirqs_on+0x9c/0x150 [ 274.316262][T14064] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.316279][T14064] ? clear_bhb_loop+0x60/0xb0 [ 274.316300][T14064] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 274.316317][T14064] RIP: 0033:0x7f0fd358f6c9 [ 274.316333][T14064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 274.316347][T14064] RSP: 002b:00007f0fd439f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 274.316366][T14064] RAX: ffffffffffffffda RBX: 00007f0fd37e6090 RCX: 00007f0fd358f6c9 [ 274.316378][T14064] RDX: 0000000000000077 RSI: 0000000000000084 RDI: 0000000000000003 [ 274.316390][T14064] RBP: 00007f0fd439f090 R08: 000000000000000c R09: 0000000000000000 [ 274.316400][T14064] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001 [ 274.316411][T14064] R13: 00007f0fd37e6128 R14: 00007f0fd37e6090 R15: 00007ffd6bf65838 [ 274.316441][T14064] [ 274.319314][T14008] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 274.520483][T14008] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 274.550023][T14008] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 274.568246][T14066] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2927'. [ 274.597180][T14066] 8021q: adding VLAN 0 to HW filter on device bond8 [ 274.605894][T14008] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 274.623791][T14008] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 274.650119][T14008] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 274.745539][T14073] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2930'. [ 274.756300][T14073] netlink: 'syz.2.2930': attribute type 21 has an invalid length. [ 274.766243][T14073] netlink: 'syz.2.2930': attribute type 1 has an invalid length. [ 274.781264][T14008] hsr_slave_0: entered promiscuous mode [ 274.789870][T14008] hsr_slave_1: entered promiscuous mode [ 274.801279][T14008] debugfs: 'hsr0' already exists in 'hsr' [ 274.807546][T14008] Cannot create hsr debugfs directory [ 274.917481][T14081] netlink: 18 bytes leftover after parsing attributes in process `syz.2.2932'. [ 274.994049][ T5851] Bluetooth: hci1: command tx timeout [ 275.078546][T14092] netlink: 'syz.1.2936': attribute type 1 has an invalid length. [ 275.092145][T14092] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 275.149945][T14008] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 275.163333][T14008] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.234381][T14008] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 275.253600][T14008] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.380891][T14008] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 275.405815][T14008] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.506108][T14008] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 275.516642][T14008] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 276.156220][ T153] bridge_slave_1: left allmulticast mode [ 276.162157][ T153] bridge_slave_1: left promiscuous mode [ 276.169768][ T153] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.180565][ T153] bridge_slave_0: left allmulticast mode [ 276.186602][ T153] bridge_slave_0: left promiscuous mode [ 276.192375][ T153] bridge0: port 1(bridge_slave_0) entered disabled state [ 276.578109][ T153] bond1 (unregistering): (slave bridge2): Releasing active interface [ 276.633665][ T153] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 276.644127][ T153] bond0 (unregistering): Released all slaves [ 276.658161][ T153] bond1 (unregistering): Released all slaves [ 276.736687][ T153] bond2 (unregistering): Released all slaves [ 276.749422][ T153] bond3 (unregistering): Released all slaves [ 276.835997][ T153] bond4 (unregistering): Released all slaves [ 276.888923][T14008] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 276.917329][T14008] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 276.960054][ T153] tipc: Left network mode [ 276.968980][T14008] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 277.063701][T14008] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 277.073259][ T5851] Bluetooth: hci1: command tx timeout [ 277.176413][T14176] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2965'. [ 277.188334][T14185] FAULT_INJECTION: forcing a failure. [ 277.188334][T14185] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 277.211828][T14185] CPU: 0 UID: 0 PID: 14185 Comm: syz.1.2966 Not tainted syzkaller #0 PREEMPT(full) [ 277.211844][T14185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 277.211851][T14185] Call Trace: [ 277.211855][T14185] [ 277.211860][T14185] dump_stack_lvl+0x189/0x250 [ 277.211877][T14185] ? __pfx____ratelimit+0x10/0x10 [ 277.211896][T14185] ? __pfx_dump_stack_lvl+0x10/0x10 [ 277.211908][T14185] ? __pfx__printk+0x10/0x10 [ 277.211918][T14185] ? __might_fault+0xb0/0x130 [ 277.211937][T14185] should_fail_ex+0x414/0x560 [ 277.211954][T14185] _copy_from_iter+0x1de/0x1790 [ 277.211969][T14185] ? rcu_is_watching+0x15/0xb0 [ 277.211982][T14185] ? kmalloc_reserve+0xbd/0x290 [ 277.211991][T14185] ? __pfx__copy_from_iter+0x10/0x10 [ 277.212003][T14185] ? __build_skb_around+0x262/0x3f0 [ 277.212018][T14185] ? netlink_sendmsg+0x642/0xb30 [ 277.212027][T14185] ? skb_put+0x11b/0x210 [ 277.212038][T14185] netlink_sendmsg+0x6b2/0xb30 [ 277.212052][T14185] ? __pfx_netlink_sendmsg+0x10/0x10 [ 277.212063][T14185] ? aa_sock_msg_perm+0xf1/0x1d0 [ 277.212077][T14185] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 277.212087][T14185] ? __pfx_netlink_sendmsg+0x10/0x10 [ 277.212097][T14185] __sock_sendmsg+0x21c/0x270 [ 277.212111][T14185] ____sys_sendmsg+0x52d/0x830 [ 277.212125][T14185] ? __pfx_____sys_sendmsg+0x10/0x10 [ 277.212139][T14185] ? import_iovec+0x74/0xa0 [ 277.212152][T14185] ___sys_sendmsg+0x21f/0x2a0 [ 277.212164][T14185] ? __pfx____sys_sendmsg+0x10/0x10 [ 277.212192][T14185] ? __fget_files+0x2a/0x420 [ 277.212201][T14185] ? __fget_files+0x3a0/0x420 [ 277.212215][T14185] __sys_sendmmsg+0x227/0x430 [ 277.212228][T14185] ? __pfx___sys_sendmmsg+0x10/0x10 [ 277.212242][T14185] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 277.212265][T14185] ? ksys_write+0x22a/0x250 [ 277.212279][T14185] ? __pfx_ksys_write+0x10/0x10 [ 277.212294][T14185] __x64_sys_sendmmsg+0xa0/0xc0 [ 277.212305][T14185] do_syscall_64+0xfa/0xfa0 [ 277.212317][T14185] ? lockdep_hardirqs_on+0x9c/0x150 [ 277.212329][T14185] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.212339][T14185] ? clear_bhb_loop+0x60/0xb0 [ 277.212350][T14185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.212359][T14185] RIP: 0033:0x7f98a038f6c9 [ 277.212369][T14185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 277.212377][T14185] RSP: 002b:00007f98a1284038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 277.212389][T14185] RAX: ffffffffffffffda RBX: 00007f98a05e5fa0 RCX: 00007f98a038f6c9 [ 277.212396][T14185] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003 [ 277.212403][T14185] RBP: 00007f98a1284090 R08: 0000000000000000 R09: 0000000000000000 [ 277.212409][T14185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 277.212415][T14185] R13: 00007f98a05e6038 R14: 00007f98a05e5fa0 R15: 00007fffc03265f8 [ 277.212431][T14185] [ 277.563933][T14008] 8021q: adding VLAN 0 to HW filter on device bond0 [ 277.584163][T14008] 8021q: adding VLAN 0 to HW filter on device team0 [ 277.644202][ T6068] bridge0: port 1(bridge_slave_0) entered blocking state [ 277.651418][ T6068] bridge0: port 1(bridge_slave_0) entered forwarding state [ 277.676819][ T6068] bridge0: port 2(bridge_slave_1) entered blocking state [ 277.684003][ T6068] bridge0: port 2(bridge_slave_1) entered forwarding state [ 277.735632][T14198] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 277.800763][T14198] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 277.839927][T14202] blkio.reset_stats is deprecated [ 277.898220][T14198] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 277.969961][T14198] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.064715][ T61] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.109213][ T1341] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.160582][ T61] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.188957][ T1341] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.216380][T14008] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 278.369741][T14008] veth0_vlan: entered promiscuous mode [ 278.412655][T14008] veth1_vlan: entered promiscuous mode [ 278.525613][T14008] veth0_macvtap: entered promiscuous mode [ 278.576822][T14008] veth1_macvtap: entered promiscuous mode [ 278.655221][T14008] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 278.696127][T14008] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 278.717174][ T6073] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.741194][ T6073] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.783131][ T153] hsr_slave_0: left promiscuous mode [ 278.788174][T14235] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2983'. [ 278.797831][ T153] hsr_slave_1: left promiscuous mode [ 278.802543][T14236] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2983'. [ 278.805058][ T153] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 278.830502][ T153] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 278.846808][ T153] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 278.854739][ T153] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 278.900210][ T153] veth1_macvtap: left promiscuous mode [ 278.906374][ T153] veth0_macvtap: left promiscuous mode [ 278.914200][ T153] veth1_vlan: left promiscuous mode [ 278.919628][ T153] veth0_vlan: left promiscuous mode [ 279.153730][ T5851] Bluetooth: hci1: command tx timeout [ 279.407187][ T153] team0 (unregistering): Port device team_slave_1 removed [ 279.442388][ T153] team0 (unregistering): Port device team_slave_0 removed [ 279.802003][ T6073] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.811088][ T6073] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 280.051157][T14253] team0: Device ip6gre2 is up. Set it down before adding it as a team port [ 280.127822][ T1341] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 280.172984][ T1341] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 280.189123][T14255] netlink: 'syz.1.2990': attribute type 1 has an invalid length. [ 280.197968][T14255] syzkaller1: entered promiscuous mode [ 280.203681][T14255] syzkaller1: entered allmulticast mode [ 280.265136][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 280.292385][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 280.440652][ T153] IPVS: stop unused estimator thread 0... [ 280.478664][T14282] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 280.580638][T14286] bond1: option arp_validate: mode dependency failed, not supported in mode balance-alb(6) [ 280.601354][T14286] bond1 (unregistering): Released all slaves [ 280.979625][T14297] team0: Device ip6gre1 is up. Set it down before adding it as a team port [ 281.085901][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 281.094977][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 281.103639][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 281.112078][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 281.121056][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 281.146671][T14302] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3003'. [ 281.236477][ T5842] Bluetooth: hci1: command tx timeout [ 281.297119][T14306] netlink: 412 bytes leftover after parsing attributes in process `syz.1.3004'. [ 281.319767][T14308] x_tables: duplicate underflow at hook 3 [ 281.584832][T14318] netlink: 'syz.3.3006': attribute type 1 has an invalid length. [ 281.673327][T14318] 8021q: adding VLAN 0 to HW filter on device bond4 [ 281.806983][T14299] chnl_net:caif_netlink_parms(): no params data found [ 281.945520][T14332] netlink: 'syz.3.3009': attribute type 5 has an invalid length. [ 282.277287][T14299] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.289413][T14299] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.300218][T14299] bridge_slave_0: entered allmulticast mode [ 282.308524][T14299] bridge_slave_0: entered promiscuous mode [ 282.326131][T14299] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.334111][T14299] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.341464][T14299] bridge_slave_1: entered allmulticast mode [ 282.350223][T14299] bridge_slave_1: entered promiscuous mode [ 282.398681][T14352] bond5: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 282.411034][T14352] bond5 (unregistering): Released all slaves [ 282.464596][T14354] bond1: option mode: invalid value (133) [ 282.469390][T14362] netlink: 'syz.2.3016': attribute type 1 has an invalid length. [ 282.482727][T14354] bond1 (unregistering): Released all slaves [ 282.562156][T14355] syzkaller0: entered promiscuous mode [ 282.568226][T14355] syzkaller0: entered allmulticast mode [ 282.589982][T14368] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3016'. [ 282.635678][T14364] bond5: (slave ip6gretap0): Enslaving as a backup interface with an up link [ 282.696820][ T6073] bond5: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 282.710932][T14368] 8021q: adding VLAN 0 to HW filter on device bond5 [ 282.818190][T14299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 282.827363][ T153] bond5: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 282.832384][T14299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 282.938232][T14299] team0: Port device team_slave_0 added [ 282.964794][T14299] team0: Port device team_slave_1 added [ 283.055766][T14299] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 283.073635][T14299] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 283.130994][T14299] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 283.146835][T14299] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 283.153955][ T5842] Bluetooth: hci0: command tx timeout [ 283.157622][T14388] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3024'. [ 283.160110][T14299] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 283.180699][T14390] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3025'. [ 283.195343][T14299] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 283.236854][T14390] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 283.289768][T14299] hsr_slave_0: entered promiscuous mode [ 283.304131][T14299] hsr_slave_1: entered promiscuous mode [ 283.310920][T14299] debugfs: 'hsr0' already exists in 'hsr' [ 283.319201][T14299] Cannot create hsr debugfs directory [ 283.600106][T14405] bridge_slave_0: left allmulticast mode [ 283.610643][T14405] bridge_slave_0: left promiscuous mode [ 283.617598][T14405] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.646304][T14405] bridge_slave_1: left allmulticast mode [ 283.652078][T14405] bridge_slave_1: left promiscuous mode [ 283.658153][T14405] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.671293][T14405] bond0: (slave bond_slave_0): Releasing backup interface [ 283.689412][T14405] bond0: (slave bond_slave_1): Releasing backup interface [ 283.723327][T14405] team0: Port device team_slave_0 removed [ 283.759881][T14405] team0: Port device team_slave_1 removed [ 283.774126][T14405] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 283.781664][T14405] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 283.791970][T14405] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 283.809547][T14405] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 283.819969][T14405] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 283.842406][T14299] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 283.853822][T14299] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.913435][T14412] netlink: 'syz.0.3033': attribute type 5 has an invalid length. [ 283.944177][T14299] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 283.954750][T14299] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.041458][T14299] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 284.053500][T14299] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.141431][T14299] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 284.164807][T14299] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.917728][T14299] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 284.955679][T14299] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 285.013672][T14454] syzkaller1: entered promiscuous mode [ 285.019169][T14454] syzkaller1: entered allmulticast mode [ 285.088817][T14466] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 285.141324][T14299] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 285.185362][T14299] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 285.233472][ T5842] Bluetooth: hci0: command tx timeout [ 285.347386][T14486] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3051'. [ 285.394152][T14486] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3051'. [ 285.559476][T14499] netlink: 6 bytes leftover after parsing attributes in process `syz.0.3055'. [ 285.569703][T14299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 285.630516][T14496] syzkaller0: entered promiscuous mode [ 285.645415][T14496] syzkaller0: entered allmulticast mode [ 285.665356][T14299] 8021q: adding VLAN 0 to HW filter on device team0 [ 285.737124][ T6071] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.744330][ T6071] bridge0: port 1(bridge_slave_0) entered forwarding state [ 285.768355][ T6073] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.775545][ T6073] bridge0: port 2(bridge_slave_1) entered forwarding state [ 285.958649][T14515] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3060'. [ 286.010044][T14515] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3060'. [ 286.320742][T14299] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 286.535998][T14550] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3065'. [ 286.566609][T14550] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3065'. [ 286.585710][T14551] netlink: 'syz.3.3069': attribute type 11 has an invalid length. [ 286.917376][T14299] veth0_vlan: entered promiscuous mode [ 286.932140][T14299] veth1_vlan: entered promiscuous mode [ 286.989202][T14299] veth0_macvtap: entered promiscuous mode [ 287.000643][T14299] veth1_macvtap: entered promiscuous mode [ 287.030135][T14299] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 287.067327][T14299] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 287.090805][ T6071] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.105591][ T6071] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.117850][ T6071] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.191010][ T6071] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.323882][ T5842] Bluetooth: hci0: command tx timeout [ 287.420030][T14568] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3071'. [ 287.480805][ T24] IPVS: starting estimator thread 0... [ 287.558256][ T6073] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 287.573498][T14573] IPVS: using max 29 ests per chain, 69600 per kthread [ 287.580541][ T6073] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 287.659317][ T153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 287.670954][ T153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 287.851646][T14590] netlink: 'syz.3.3076': attribute type 2 has an invalid length. [ 288.188255][T14599] bridge0: port 3(syz_tun) entered blocking state [ 288.208762][T14599] bridge0: port 3(syz_tun) entered disabled state [ 288.230906][T14599] syz_tun: entered promiscuous mode [ 288.251181][T14601] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3080'. [ 288.283380][T14601] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3080'. [ 288.630502][ T153] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.679537][T14624] IPVS: set_ctl: invalid protocol: 52 10.1.1.0:20000 [ 288.725601][ T153] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.773529][ T5851] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 288.788820][ T5851] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 288.794659][ T153] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.798280][ T5851] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 288.818075][ T5851] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 288.826722][ T5851] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 288.901859][ T153] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.393974][ T5851] Bluetooth: hci0: command tx timeout [ 289.417133][ T153] veth7: left allmulticast mode [ 289.422079][ T153] veth7: left promiscuous mode [ 289.428412][ T153] bridge2: port 2(veth7) entered disabled state [ 289.438688][ T153] veth5: left allmulticast mode [ 289.445335][ T153] veth5: left promiscuous mode [ 289.450350][ T153] bridge2: port 1(veth5) entered disabled state [ 289.640713][ T43] IPVS: starting estimator thread 0... [ 289.672502][ T153] bond5 (unregistering): (slave ip6gretap0): Removing an active aggregator [ 289.687134][ T153] bond5 (unregistering): (slave ip6gretap0): Releasing backup interface [ 289.732982][T14658] IPVS: using max 31 ests per chain, 74400 per kthread [ 290.071760][ T153] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 290.080546][ T153] dummy0: left promiscuous mode [ 290.085876][ T153] dummy0: left allmulticast mode [ 290.094007][ T153] bond0 (unregistering): Released all slaves [ 290.177612][ T153] bond1 (unregistering): Released all slaves [ 290.264969][ T153] bond2 (unregistering): (slave veth3): Releasing backup interface [ 290.274342][ T153] bond2 (unregistering): Released all slaves [ 290.288264][ T153] bond3 (unregistering): Released all slaves [ 290.301076][ T153] bond4 (unregistering): Released all slaves [ 290.387955][ T153] bond5 (unregistering): Released all slaves [ 290.605746][ T153] tipc: Left network mode [ 290.716275][ T153] IPVS: stopping master sync thread 6238 ... [ 290.763878][T14682] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3102'. [ 290.859044][T14685] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3101'. [ 290.889223][T14685] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3101'. [ 290.904985][T14685] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3101'. [ 290.923101][ T5851] Bluetooth: hci2: command tx timeout [ 290.950514][T14627] chnl_net:caif_netlink_parms(): no params data found [ 291.450085][T14627] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.466918][T14627] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.480987][T14719] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3109'. [ 291.484026][T14627] bridge_slave_0: entered allmulticast mode [ 291.519875][T14627] bridge_slave_0: entered promiscuous mode [ 291.624448][T14627] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.631690][T14627] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.643998][T14627] bridge_slave_1: entered allmulticast mode [ 291.662550][T14627] bridge_slave_1: entered promiscuous mode [ 291.897835][T14627] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 291.947325][T14627] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 292.076874][T14627] team0: Port device team_slave_0 added [ 292.095988][T14627] team0: Port device team_slave_1 added [ 292.210492][T14749] netlink: 'syz.0.3119': attribute type 10 has an invalid length. [ 292.244371][T14627] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 292.271190][T14627] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 292.303351][T14749] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 292.318132][T14627] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 292.335470][T14627] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 292.345402][T14627] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 292.372935][T14627] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 292.568130][T14627] hsr_slave_0: entered promiscuous mode [ 292.585605][T14627] hsr_slave_1: entered promiscuous mode [ 292.600500][T14627] debugfs: 'hsr0' already exists in 'hsr' [ 292.607254][T14627] Cannot create hsr debugfs directory [ 292.951864][T14794] netlink: 'syz.3.3128': attribute type 5 has an invalid length. [ 292.957003][T14787] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3126'. [ 292.999318][ T5851] Bluetooth: hci2: command tx timeout [ 293.189606][T14805] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3131'. [ 293.261772][T14805] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3131'. [ 293.317740][T14810] IPVS: ip_vs_edit_dest(): server weight less than zero [ 293.334085][T14805] bridge_slave_1: left allmulticast mode [ 293.343292][T14805] bridge_slave_1: left promiscuous mode [ 293.349374][T14805] bridge0: port 2(bridge_slave_1) entered disabled state [ 293.360182][T14805] bridge_slave_0: left allmulticast mode [ 293.371114][T14805] bridge_slave_0: left promiscuous mode [ 293.377039][T14805] bridge0: port 1(bridge_slave_0) entered disabled state [ 293.479033][ T153] hsr_slave_0: left promiscuous mode [ 293.486403][ T153] hsr_slave_1: left promiscuous mode [ 293.515503][ T153] veth1_macvtap: left promiscuous mode [ 293.525019][ T153] veth0_macvtap: left promiscuous mode [ 294.076492][T14827] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3139'. [ 294.118697][T14829] netlink: 596 bytes leftover after parsing attributes in process `syz.4.3138'. [ 294.181750][ T50] smc: removing ib device syû [ 294.375658][T14823] netlink: 'syz.4.3138': attribute type 29 has an invalid length. [ 294.389291][T14828] netlink: 'syz.4.3138': attribute type 29 has an invalid length. [ 294.700312][T14835] syzkaller0: entered promiscuous mode [ 294.707232][T14835] syzkaller0: entered allmulticast mode [ 295.082940][ T5851] Bluetooth: hci2: command tx timeout [ 295.114726][T14858] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3146'. [ 295.209927][T14858] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3146'. [ 295.251052][T14868] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3149'. [ 295.483753][T14877] netlink: 'syz.1.3150': attribute type 1 has an invalid length. [ 295.497412][T14877] nbd: error processing sock list [ 295.517846][T14877] block nbd0: shutting down sockets [ 295.594521][T14884] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3153'. [ 295.679584][T14884] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.3153'. [ 295.868471][T14627] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 295.899500][T14627] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 295.935693][T14627] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 295.953715][T14627] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 296.136330][T14871] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 296.260843][T14627] 8021q: adding VLAN 0 to HW filter on device bond0 [ 296.430562][T14627] 8021q: adding VLAN 0 to HW filter on device team0 [ 296.491345][ T6073] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.498530][ T6073] bridge0: port 1(bridge_slave_0) entered forwarding state [ 296.594380][ T6071] bridge0: port 2(bridge_slave_1) entered blocking state [ 296.601567][ T6071] bridge0: port 2(bridge_slave_1) entered forwarding state [ 297.159701][ T5851] Bluetooth: hci2: command tx timeout [ 297.403170][ T5851] Bluetooth: hci0: command 0x0c1a tx timeout [ 297.408440][T14627] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 297.537489][ T153] IPVS: stop unused estimator thread 0... [ 297.738348][T14627] veth0_vlan: entered promiscuous mode [ 297.779222][T14627] veth1_vlan: entered promiscuous mode [ 297.901877][T14627] veth0_macvtap: entered promiscuous mode [ 297.936053][T14627] veth1_macvtap: entered promiscuous mode [ 297.989629][T14627] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 298.007058][T14981] IPVS: set_ctl: invalid protocol: 12 100.1.1.1:20001 [ 298.031390][T14627] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 298.072917][ T6073] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.106214][ T6073] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.170300][ T6073] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.215622][ T6073] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 298.369223][ T153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 298.399794][ T153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 298.446869][ T153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 298.470390][ T153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 299.070226][T15033] FAULT_INJECTION: forcing a failure. [ 299.070226][T15033] name failslab, interval 1, probability 0, space 0, times 0 [ 299.143143][T15033] CPU: 1 UID: 0 PID: 15033 Comm: syz.0.3190 Not tainted syzkaller #0 PREEMPT(full) [ 299.143169][T15033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 299.143179][T15033] Call Trace: [ 299.143186][T15033] [ 299.143194][T15033] dump_stack_lvl+0x189/0x250 [ 299.143222][T15033] ? __pfx____ratelimit+0x10/0x10 [ 299.143245][T15033] ? __pfx_dump_stack_lvl+0x10/0x10 [ 299.143267][T15033] ? __pfx__printk+0x10/0x10 [ 299.143300][T15033] should_fail_ex+0x414/0x560 [ 299.143328][T15033] should_failslab+0xa8/0x100 [ 299.143346][T15033] __kmalloc_cache_noprof+0x6f/0x6f0 [ 299.143368][T15033] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 299.143387][T15033] ? sctp_add_bind_addr+0x8c/0x370 [ 299.143413][T15033] sctp_add_bind_addr+0x8c/0x370 [ 299.143439][T15033] sctp_copy_local_addr_list+0x30b/0x4e0 [ 299.143463][T15033] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 299.143485][T15033] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 299.143509][T15033] ? sctp_v4_is_any+0x35/0x60 [ 299.143530][T15033] ? sctp_copy_one_addr+0x93/0x360 [ 299.143562][T15033] sctp_bind_addr_copy+0xb3/0x3c0 [ 299.143585][T15033] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 299.143608][T15033] sctp_connect_new_asoc+0x2e0/0x690 [ 299.143630][T15033] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 299.143646][T15033] ? __local_bh_enable_ip+0x12d/0x1c0 [ 299.143672][T15033] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 299.143690][T15033] ? security_sctp_bind_connect+0x7e/0x2e0 [ 299.143713][T15033] sctp_sendmsg+0x155c/0x2810 [ 299.143743][T15033] ? __pfx_sctp_sendmsg+0x10/0x10 [ 299.143764][T15033] ? aa_sk_perm+0x81e/0x950 [ 299.143791][T15033] ? __pfx_aa_sk_perm+0x10/0x10 [ 299.143817][T15033] ? sock_rps_record_flow+0x19/0x410 [ 299.143845][T15033] ? inet_sendmsg+0x2f4/0x370 [ 299.143865][T15033] __sock_sendmsg+0x19c/0x270 [ 299.143890][T15033] ____sys_sendmsg+0x505/0x830 [ 299.143913][T15033] ? __pfx_____sys_sendmsg+0x10/0x10 [ 299.143940][T15033] ? import_iovec+0x74/0xa0 [ 299.143965][T15033] ___sys_sendmsg+0x21f/0x2a0 [ 299.143987][T15033] ? __pfx____sys_sendmsg+0x10/0x10 [ 299.144038][T15033] ? __fget_files+0x2a/0x420 [ 299.144054][T15033] ? __fget_files+0x3a0/0x420 [ 299.144082][T15033] __x64_sys_sendmsg+0x19b/0x260 [ 299.144104][T15033] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 299.144131][T15033] ? __pfx_ksys_write+0x10/0x10 [ 299.144156][T15033] ? do_syscall_64+0xbe/0xfa0 [ 299.144185][T15033] do_syscall_64+0xfa/0xfa0 [ 299.144203][T15033] ? lockdep_hardirqs_on+0x9c/0x150 [ 299.144225][T15033] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.144241][T15033] ? clear_bhb_loop+0x60/0xb0 [ 299.144263][T15033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.144279][T15033] RIP: 0033:0x7f49bfb8f6c9 [ 299.144295][T15033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 299.144309][T15033] RSP: 002b:00007f49c0a61038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 299.144328][T15033] RAX: ffffffffffffffda RBX: 00007f49bfde5fa0 RCX: 00007f49bfb8f6c9 [ 299.144340][T15033] RDX: 0000000000000040 RSI: 0000200000000e40 RDI: 0000000000000003 [ 299.144350][T15033] RBP: 00007f49c0a61090 R08: 0000000000000000 R09: 0000000000000000 [ 299.144360][T15033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 299.144369][T15033] R13: 00007f49bfde6038 R14: 00007f49bfde5fa0 R15: 00007ffe0837a278 [ 299.144398][T15033] [ 299.964155][ T5842] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 299.974509][ T5842] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 299.982552][ T5842] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 299.990656][ T5842] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 300.000418][ T5842] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 300.401006][ T814] IPVS: starting estimator thread 0... [ 300.408583][T15080] FAULT_INJECTION: forcing a failure. [ 300.408583][T15080] name failslab, interval 1, probability 0, space 0, times 0 [ 300.436320][T15080] CPU: 0 UID: 0 PID: 15080 Comm: syz.1.3204 Not tainted syzkaller #0 PREEMPT(full) [ 300.436346][T15080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 300.436356][T15080] Call Trace: [ 300.436364][T15080] [ 300.436371][T15080] dump_stack_lvl+0x189/0x250 [ 300.436399][T15080] ? __pfx____ratelimit+0x10/0x10 [ 300.436429][T15080] ? __pfx_dump_stack_lvl+0x10/0x10 [ 300.436453][T15080] ? __pfx__printk+0x10/0x10 [ 300.436477][T15080] ? __pfx___might_resched+0x10/0x10 [ 300.436496][T15080] ? fs_reclaim_acquire+0x7d/0x100 [ 300.436526][T15080] should_fail_ex+0x414/0x560 [ 300.436556][T15080] should_failslab+0xa8/0x100 [ 300.436575][T15080] __kmalloc_cache_noprof+0x6f/0x6f0 [ 300.436598][T15080] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 300.436620][T15080] ? sctp_transport_new+0x7e/0x640 [ 300.436639][T15080] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 300.436666][T15080] sctp_transport_new+0x7e/0x640 [ 300.436689][T15080] sctp_assoc_add_peer+0x260/0x13b0 [ 300.436709][T15080] ? sctp_bind_addr_copy+0x380/0x3c0 [ 300.436739][T15080] sctp_connect_new_asoc+0x30a/0x690 [ 300.436761][T15080] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 300.436777][T15080] ? __local_bh_enable_ip+0x12d/0x1c0 [ 300.436804][T15080] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 300.436822][T15080] ? security_sctp_bind_connect+0x7e/0x2e0 [ 300.436846][T15080] sctp_sendmsg+0x155c/0x2810 [ 300.436876][T15080] ? __pfx_sctp_sendmsg+0x10/0x10 [ 300.436898][T15080] ? aa_sk_perm+0x81e/0x950 [ 300.436925][T15080] ? __pfx_aa_sk_perm+0x10/0x10 [ 300.436951][T15080] ? sock_rps_record_flow+0x19/0x410 [ 300.436979][T15080] ? inet_sendmsg+0x2f4/0x370 [ 300.436999][T15080] __sock_sendmsg+0x19c/0x270 [ 300.437025][T15080] ____sys_sendmsg+0x505/0x830 [ 300.437054][T15080] ? __pfx_____sys_sendmsg+0x10/0x10 [ 300.437083][T15080] ? import_iovec+0x74/0xa0 [ 300.437108][T15080] ___sys_sendmsg+0x21f/0x2a0 [ 300.437130][T15080] ? __pfx____sys_sendmsg+0x10/0x10 [ 300.437186][T15080] ? __fget_files+0x2a/0x420 [ 300.437203][T15080] ? __fget_files+0x3a0/0x420 [ 300.437230][T15080] __x64_sys_sendmsg+0x19b/0x260 [ 300.437252][T15080] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 300.437282][T15080] ? __pfx_ksys_write+0x10/0x10 [ 300.437309][T15080] ? do_syscall_64+0xbe/0xfa0 [ 300.437335][T15080] do_syscall_64+0xfa/0xfa0 [ 300.437356][T15080] ? lockdep_hardirqs_on+0x9c/0x150 [ 300.437378][T15080] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.437395][T15080] ? clear_bhb_loop+0x60/0xb0 [ 300.437416][T15080] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.437438][T15080] RIP: 0033:0x7f98a038f6c9 [ 300.437453][T15080] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 300.437467][T15080] RSP: 002b:00007f98a1284038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 300.437487][T15080] RAX: ffffffffffffffda RBX: 00007f98a05e5fa0 RCX: 00007f98a038f6c9 [ 300.437500][T15080] RDX: 0000000000000040 RSI: 0000200000000e40 RDI: 0000000000000003 [ 300.437511][T15080] RBP: 00007f98a1284090 R08: 0000000000000000 R09: 0000000000000000 [ 300.437522][T15080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 300.437533][T15080] R13: 00007f98a05e6038 R14: 00007f98a05e5fa0 R15: 00007fffc03265f8 [ 300.437565][T15080] [ 300.832976][T15081] IPVS: using max 30 ests per chain, 72000 per kthread [ 300.961749][T15058] chnl_net:caif_netlink_parms(): no params data found [ 301.298437][T15058] bridge0: port 1(bridge_slave_0) entered blocking state [ 301.307765][T15058] bridge0: port 1(bridge_slave_0) entered disabled state [ 301.315177][T15058] bridge_slave_0: entered allmulticast mode [ 301.334006][T15058] bridge_slave_0: entered promiscuous mode [ 301.373425][T15058] bridge0: port 2(bridge_slave_1) entered blocking state [ 301.383211][T15058] bridge0: port 2(bridge_slave_1) entered disabled state [ 301.390442][T15058] bridge_slave_1: entered allmulticast mode [ 301.438392][T15058] bridge_slave_1: entered promiscuous mode [ 301.584743][T15133] __nla_validate_parse: 1 callbacks suppressed [ 301.584759][T15133] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3217'. [ 301.621824][T15133] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 301.663138][T15133] bridge0: port 2(bridge_slave_1) entered disabled state [ 301.672105][T15133] bridge0: port 1(bridge_slave_0) entered disabled state [ 301.699866][T15058] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 301.717722][T15141] netlink: 27 bytes leftover after parsing attributes in process `syz.1.3220'. [ 301.744030][T15058] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 301.919250][T15058] team0: Port device team_slave_0 added [ 301.932106][T15058] team0: Port device team_slave_1 added [ 301.951877][T15154] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3223'. [ 302.034238][ T5842] Bluetooth: hci5: command tx timeout [ 302.145496][T15058] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 302.168424][T15058] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 302.226061][T15058] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 302.238662][T15168] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3229'. [ 302.257257][T15058] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 302.283263][T15058] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 302.310246][T15172] netlink: 9 bytes leftover after parsing attributes in process `syz.2.3229'. [ 302.318369][T15058] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 302.386246][T15176] netlink: 27 bytes leftover after parsing attributes in process `syz.4.3232'. [ 302.512374][T15181] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3233'. [ 302.524800][T15058] hsr_slave_0: entered promiscuous mode [ 302.531591][T15058] hsr_slave_1: entered promiscuous mode [ 302.704678][T15185] x_tables: duplicate underflow at hook 3 [ 302.771823][T15181] 8021q: VLANs not supported on vcan0 [ 303.196971][T15058] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.222273][T15058] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 303.246790][T15217] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 303.401346][T15058] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.429441][T15058] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 303.545076][T15058] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.563295][T15058] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 303.573696][T15231] netlink: 27 bytes leftover after parsing attributes in process `syz.2.3243'. [ 303.686996][T15058] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.699725][T15058] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 303.953512][T15215] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 304.088944][T15058] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 304.117204][ T5842] Bluetooth: hci5: command tx timeout [ 304.136632][T15058] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 304.169645][T15058] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 304.212460][T15058] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 304.229229][T15263] netlink: 'syz.1.3253': attribute type 1 has an invalid length. [ 304.297592][T15269] netlink: 27 bytes leftover after parsing attributes in process `syz.0.3255'. [ 304.301931][T15263] 8021q: adding VLAN 0 to HW filter on device bond6 [ 304.318770][T15268] bond6: entered allmulticast mode [ 304.332262][T15263] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3253'. [ 304.409239][T15263] bond6: (slave ip6gretap1): making interface the new active one [ 304.417472][T15263] ip6gretap1: entered allmulticast mode [ 304.426238][T15263] bond6: (slave ip6gretap1): Enslaving as an active interface with an up link [ 304.551732][T15285] FAULT_INJECTION: forcing a failure. [ 304.551732][T15285] name failslab, interval 1, probability 0, space 0, times 0 [ 304.575882][T15285] CPU: 1 UID: 0 PID: 15285 Comm: syz.1.3259 Not tainted syzkaller #0 PREEMPT(full) [ 304.575908][T15285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 304.575930][T15285] Call Trace: [ 304.575937][T15285] [ 304.575945][T15285] dump_stack_lvl+0x189/0x250 [ 304.575972][T15285] ? __pfx____ratelimit+0x10/0x10 [ 304.575994][T15285] ? __pfx_dump_stack_lvl+0x10/0x10 [ 304.576016][T15285] ? __pfx__printk+0x10/0x10 [ 304.576039][T15285] ? __pfx___might_resched+0x10/0x10 [ 304.576055][T15285] ? fs_reclaim_acquire+0x7d/0x100 [ 304.576084][T15285] should_fail_ex+0x414/0x560 [ 304.576114][T15285] should_failslab+0xa8/0x100 [ 304.576132][T15285] kmem_cache_alloc_node_noprof+0x77/0x710 [ 304.576156][T15285] ? __alloc_skb+0x112/0x2d0 [ 304.576170][T15285] ? tomoyo_check_open_permission+0x16a/0x3b0 [ 304.576197][T15285] __alloc_skb+0x112/0x2d0 [ 304.576217][T15285] alloc_skb_with_frags+0xca/0x890 [ 304.576241][T15285] ? __lock_acquire+0xab9/0xd20 [ 304.576265][T15285] sock_alloc_send_pskb+0x84d/0x980 [ 304.576304][T15285] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 304.576341][T15285] tun_get_user+0xa43/0x3e90 [ 304.576381][T15285] ? aa_file_perm+0x44d/0x1550 [ 304.576397][T15285] ? __pfx_tun_get_user+0x10/0x10 [ 304.576415][T15285] ? _parse_integer_limit+0x1ae/0x1f0 [ 304.576441][T15285] ? __lock_acquire+0xab9/0xd20 [ 304.576463][T15285] ? ref_tracker_alloc+0x318/0x460 [ 304.576478][T15285] ? __lock_acquire+0xab9/0xd20 [ 304.576497][T15285] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 304.576519][T15285] ? tun_get+0x1c/0x2f0 [ 304.576543][T15285] ? tun_get+0x1c/0x2f0 [ 304.576561][T15285] ? tun_get+0x1c/0x2f0 [ 304.576584][T15285] tun_chr_write_iter+0x113/0x200 [ 304.576606][T15285] vfs_write+0x5c9/0xb30 [ 304.576633][T15285] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 304.576653][T15285] ? __pfx_vfs_write+0x10/0x10 [ 304.576685][T15285] ? __fget_files+0x2a/0x420 [ 304.576710][T15285] ksys_write+0x145/0x250 [ 304.576735][T15285] ? __pfx_ksys_write+0x10/0x10 [ 304.576765][T15285] ? do_syscall_64+0xbe/0xfa0 [ 304.576789][T15285] do_syscall_64+0xfa/0xfa0 [ 304.576808][T15285] ? lockdep_hardirqs_on+0x9c/0x150 [ 304.576828][T15285] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.576844][T15285] ? clear_bhb_loop+0x60/0xb0 [ 304.576864][T15285] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.576878][T15285] RIP: 0033:0x7f98a038e17f [ 304.576894][T15285] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 304.576907][T15285] RSP: 002b:00007f98a1284000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 304.576925][T15285] RAX: ffffffffffffffda RBX: 00007f98a05e5fa0 RCX: 00007f98a038e17f [ 304.576936][T15285] RDX: 0000000000000d82 RSI: 0000200000001180 RDI: 00000000000000c8 [ 304.576945][T15285] RBP: 00007f98a1284090 R08: 0000000000000000 R09: 0000000000000000 [ 304.576956][T15285] R10: 0000000000000d82 R11: 0000000000000293 R12: 0000000000000001 [ 304.576965][T15285] R13: 00007f98a05e6038 R14: 00007f98a05e5fa0 R15: 00007fffc03265f8 [ 304.576995][T15285] [ 304.902135][T15058] 8021q: adding VLAN 0 to HW filter on device bond0 [ 304.922498][T15058] 8021q: adding VLAN 0 to HW filter on device team0 [ 304.955966][ T6073] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.963135][ T6073] bridge0: port 1(bridge_slave_0) entered forwarding state [ 305.022247][ T6073] bridge0: port 2(bridge_slave_1) entered blocking state [ 305.029482][ T6073] bridge0: port 2(bridge_slave_1) entered forwarding state [ 305.069764][T15058] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 305.080644][T15058] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 305.236082][ T5842] Bluetooth: hci0: command 0x0c1a tx timeout [ 305.579641][T15058] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 305.688878][T15322] bridge0: port 3(vlan2) entered blocking state [ 305.711892][T15322] bridge0: port 3(vlan2) entered disabled state [ 305.719102][T15322] vlan2: entered allmulticast mode [ 305.726044][T15322] bridge0: entered allmulticast mode [ 305.735425][T15322] vlan2: left allmulticast mode [ 305.740274][T15322] bridge0: left allmulticast mode [ 305.754587][T15325] bridge_slave_0: left allmulticast mode [ 305.760228][T15325] bridge_slave_0: left promiscuous mode [ 305.766736][T15325] bridge0: port 1(bridge_slave_0) entered disabled state [ 305.776507][T15325] bridge_slave_1: left allmulticast mode [ 305.782141][T15325] bridge_slave_1: left promiscuous mode [ 305.790619][T15325] bridge0: port 2(bridge_slave_1) entered disabled state [ 305.807465][T15325] bond0: (slave bond_slave_0): Releasing backup interface [ 305.821101][T15325] bond0: (slave bond_slave_1): Releasing backup interface [ 305.842241][T15325] team0: Port device team_slave_0 removed [ 305.858639][T15325] team0: Port device team_slave_1 removed [ 305.865324][T15325] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 305.873070][T15325] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 305.881327][T15325] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 305.889129][T15325] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 305.898311][T15325] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 305.966655][T15058] veth0_vlan: entered promiscuous mode [ 305.987532][T15058] veth1_vlan: entered promiscuous mode [ 306.050272][T15058] veth0_macvtap: entered promiscuous mode [ 306.087557][T15058] veth1_macvtap: entered promiscuous mode [ 306.115414][T15058] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 306.146030][T15058] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 306.170227][ T78] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.179936][ T78] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.194734][ T5842] Bluetooth: hci5: command tx timeout [ 306.199706][ T78] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.216582][ T78] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.256252][T15343] FAULT_INJECTION: forcing a failure. [ 306.256252][T15343] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 306.270405][T15343] CPU: 0 UID: 0 PID: 15343 Comm: syz.4.3283 Not tainted syzkaller #0 PREEMPT(full) [ 306.270427][T15343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 306.270435][T15343] Call Trace: [ 306.270441][T15343] [ 306.270447][T15343] dump_stack_lvl+0x189/0x250 [ 306.270470][T15343] ? __pfx____ratelimit+0x10/0x10 [ 306.270488][T15343] ? __pfx_dump_stack_lvl+0x10/0x10 [ 306.270504][T15343] ? __pfx__printk+0x10/0x10 [ 306.270517][T15343] ? __might_fault+0xb0/0x130 [ 306.270543][T15343] should_fail_ex+0x414/0x560 [ 306.270566][T15343] _copy_from_iter+0x1de/0x1790 [ 306.270581][T15343] ? skb_set_owner_w+0x25b/0x3a0 [ 306.270598][T15343] ? sock_alloc_send_pskb+0x86b/0x980 [ 306.270619][T15343] ? __pfx__copy_from_iter+0x10/0x10 [ 306.270640][T15343] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 306.270657][T15343] skb_copy_datagram_from_iter+0xf5/0x720 [ 306.270677][T15343] ? skb_put+0x11b/0x210 [ 306.270692][T15343] tun_get_user+0x1691/0x3e90 [ 306.270724][T15343] ? aa_file_perm+0x44d/0x1550 [ 306.270739][T15343] ? __pfx_tun_get_user+0x10/0x10 [ 306.270754][T15343] ? _parse_integer_limit+0x1ae/0x1f0 [ 306.270777][T15343] ? __lock_acquire+0xab9/0xd20 [ 306.270794][T15343] ? ref_tracker_alloc+0x318/0x460 [ 306.270805][T15343] ? __lock_acquire+0xab9/0xd20 [ 306.270818][T15343] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 306.270834][T15343] ? tun_get+0x1c/0x2f0 [ 306.270860][T15343] ? tun_get+0x1c/0x2f0 [ 306.270874][T15343] ? tun_get+0x1c/0x2f0 [ 306.270892][T15343] tun_chr_write_iter+0x113/0x200 [ 306.270910][T15343] vfs_write+0x5c9/0xb30 [ 306.270932][T15343] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 306.270949][T15343] ? __pfx_vfs_write+0x10/0x10 [ 306.270977][T15343] ? __fget_files+0x2a/0x420 [ 306.270996][T15343] ksys_write+0x145/0x250 [ 306.271015][T15343] ? __pfx_ksys_write+0x10/0x10 [ 306.271034][T15343] ? do_syscall_64+0xbe/0xfa0 [ 306.271056][T15343] do_syscall_64+0xfa/0xfa0 [ 306.271072][T15343] ? lockdep_hardirqs_on+0x9c/0x150 [ 306.271092][T15343] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.271105][T15343] ? clear_bhb_loop+0x60/0xb0 [ 306.271121][T15343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.271135][T15343] RIP: 0033:0x7f32bbd8e17f [ 306.271148][T15343] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 306.271160][T15343] RSP: 002b:00007f32bcbf0000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 306.271176][T15343] RAX: ffffffffffffffda RBX: 00007f32bbfe5fa0 RCX: 00007f32bbd8e17f [ 306.271187][T15343] RDX: 0000000000000d82 RSI: 0000200000001180 RDI: 00000000000000c8 [ 306.271198][T15343] RBP: 00007f32bcbf0090 R08: 0000000000000000 R09: 0000000000000000 [ 306.271206][T15343] R10: 0000000000000d82 R11: 0000000000000293 R12: 0000000000000001 [ 306.271214][T15343] R13: 00007f32bbfe6038 R14: 00007f32bbfe5fa0 R15: 00007ffead180938 [ 306.271241][T15343] [ 306.670563][ T153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 306.702413][ T153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 306.853196][T15354] netlink: 'syz.0.3288': attribute type 1 has an invalid length. [ 306.860997][T15354] __nla_validate_parse: 5 callbacks suppressed [ 306.861014][T15354] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3288'. [ 307.179375][T15349] bridge0: port 2(bridge_slave_1) entered disabled state [ 307.187183][T15349] bridge0: port 1(bridge_slave_0) entered disabled state [ 307.347951][T15349] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 307.360918][T15349] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 307.457522][ T153] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 307.472599][ T6068] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.483645][ T6068] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.487131][ T153] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 307.492530][ T6068] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.562187][ T6068] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.791515][T15375] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3296'. [ 307.807937][T15375] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3296'. [ 307.996554][T15383] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3299'. [ 308.273010][ T5842] Bluetooth: hci5: command tx timeout [ 308.393836][ T5851] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 308.404487][ T5851] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 308.419850][ T5851] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 308.429750][ T5851] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 308.445788][ T5851] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 308.701885][ T5834] syz_tun (unregistering): left allmulticast mode [ 308.736743][ T5834] syz_tun (unregistering): left promiscuous mode [ 308.744362][ T5834] bridge0: port 3(syz_tun) entered disabled state [ 308.967810][T15409] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.3308'. [ 309.089114][T15412] FAULT_INJECTION: forcing a failure. [ 309.089114][T15412] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 309.134108][T15412] CPU: 0 UID: 0 PID: 15412 Comm: syz.0.3309 Not tainted syzkaller #0 PREEMPT(full) [ 309.134133][T15412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 309.134142][T15412] Call Trace: [ 309.134149][T15412] [ 309.134157][T15412] dump_stack_lvl+0x189/0x250 [ 309.134183][T15412] ? __pfx____ratelimit+0x10/0x10 [ 309.134205][T15412] ? __pfx_dump_stack_lvl+0x10/0x10 [ 309.134226][T15412] ? __pfx__printk+0x10/0x10 [ 309.134244][T15412] ? __might_fault+0xb0/0x130 [ 309.134276][T15412] should_fail_ex+0x414/0x560 [ 309.134304][T15412] _copy_from_user+0x2d/0xb0 [ 309.134325][T15412] ____sys_sendmsg+0x2fe/0x830 [ 309.134350][T15412] ? __pfx_____sys_sendmsg+0x10/0x10 [ 309.134375][T15412] ? import_iovec+0x74/0xa0 [ 309.134398][T15412] ___sys_sendmsg+0x21f/0x2a0 [ 309.134426][T15412] ? __pfx____sys_sendmsg+0x10/0x10 [ 309.134476][T15412] ? __fget_files+0x2a/0x420 [ 309.134492][T15412] ? __fget_files+0x3a0/0x420 [ 309.134517][T15412] __x64_sys_sendmsg+0x19b/0x260 [ 309.134536][T15412] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 309.134562][T15412] ? __pfx_ksys_write+0x10/0x10 [ 309.134586][T15412] ? do_syscall_64+0xbe/0xfa0 [ 309.134609][T15412] do_syscall_64+0xfa/0xfa0 [ 309.134628][T15412] ? lockdep_hardirqs_on+0x9c/0x150 [ 309.134649][T15412] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.134665][T15412] ? clear_bhb_loop+0x60/0xb0 [ 309.134684][T15412] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.134700][T15412] RIP: 0033:0x7f49bfb8f6c9 [ 309.134716][T15412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 309.134730][T15412] RSP: 002b:00007f49c0a61038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 309.134750][T15412] RAX: ffffffffffffffda RBX: 00007f49bfde5fa0 RCX: 00007f49bfb8f6c9 [ 309.134763][T15412] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003 [ 309.134774][T15412] RBP: 00007f49c0a61090 R08: 0000000000000000 R09: 0000000000000000 [ 309.134785][T15412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 309.134795][T15412] R13: 00007f49bfde6038 R14: 00007f49bfde5fa0 R15: 00007ffe0837a278 [ 309.134824][T15412] [ 309.625015][T15392] chnl_net:caif_netlink_parms(): no params data found [ 309.660899][T15426] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3314'. [ 309.859126][T15426] hsr_slave_0 (unregistering): left promiscuous mode [ 309.982192][T15392] bridge0: port 1(bridge_slave_0) entered blocking state [ 309.989798][T15392] bridge0: port 1(bridge_slave_0) entered disabled state [ 309.999260][T15392] bridge_slave_0: entered allmulticast mode [ 310.008232][T15392] bridge_slave_0: entered promiscuous mode [ 310.017492][T15392] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.029135][T15392] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.041765][T15392] bridge_slave_1: entered allmulticast mode [ 310.051094][T15392] bridge_slave_1: entered promiscuous mode [ 310.150692][T15392] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 310.186143][T15392] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 310.283949][T15392] team0: Port device team_slave_0 added [ 310.297940][T15392] team0: Port device team_slave_1 added [ 310.387296][T15448] FAULT_INJECTION: forcing a failure. [ 310.387296][T15448] name failslab, interval 1, probability 0, space 0, times 0 [ 310.394278][T15392] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 310.408817][T15448] CPU: 0 UID: 0 PID: 15448 Comm: syz.2.3322 Not tainted syzkaller #0 PREEMPT(full) [ 310.408842][T15448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 310.408852][T15448] Call Trace: [ 310.408859][T15448] [ 310.408867][T15448] dump_stack_lvl+0x189/0x250 [ 310.408894][T15448] ? __pfx____ratelimit+0x10/0x10 [ 310.408917][T15448] ? __pfx_dump_stack_lvl+0x10/0x10 [ 310.408936][T15448] ? __pfx__printk+0x10/0x10 [ 310.408954][T15448] ? __lock_acquire+0xab9/0xd20 [ 310.408977][T15448] should_fail_ex+0x414/0x560 [ 310.409004][T15448] should_failslab+0xa8/0x100 [ 310.409022][T15448] kmem_cache_alloc_noprof+0x74/0x6e0 [ 310.409043][T15448] ? dst_alloc+0x105/0x170 [ 310.409066][T15448] dst_alloc+0x105/0x170 [ 310.409089][T15448] ip_route_output_key_hash_rcu+0x1560/0x23e0 [ 310.409119][T15448] ? ip_route_output_key_hash+0xc1/0x280 [ 310.409141][T15448] ip_route_output_key_hash+0x174/0x280 [ 310.409161][T15448] ? __lock_acquire+0xab9/0xd20 [ 310.409177][T15448] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 310.409224][T15448] ip_route_output_flow+0x2a/0x150 [ 310.409243][T15448] ? security_sk_classify_flow+0x70/0x180 [ 310.409265][T15448] udp_sendmsg+0x142e/0x2170 [ 310.409300][T15448] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 310.409324][T15448] ? __pfx_udp_sendmsg+0x10/0x10 [ 310.409353][T15448] ? get_random_u32+0x155/0x940 [ 310.409380][T15448] ? register_lock_class+0x51/0x320 [ 310.409395][T15448] ? get_random_u32+0x155/0x940 [ 310.409415][T15448] ? __lock_acquire+0xab9/0xd20 [ 310.409442][T15448] udpv6_sendmsg+0xc1c/0x2510 [ 310.409482][T15448] ? udp_lib_get_port+0x164b/0x1b10 [ 310.409507][T15448] ? udp_lib_get_port+0x164b/0x1b10 [ 310.409528][T15448] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 310.409556][T15448] ? __lock_acquire+0xab9/0xd20 [ 310.409588][T15448] ? __local_bh_enable_ip+0x12d/0x1c0 [ 310.409608][T15448] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 310.409630][T15448] ? inet_send_prepare+0x1b9/0x270 [ 310.409648][T15448] ? inet_send_prepare+0x1b9/0x270 [ 310.409666][T15448] ? inet6_sendmsg+0xe4/0x120 [ 310.409685][T15448] __sock_sendmsg+0xe5/0x270 [ 310.409710][T15448] ____sys_sendmsg+0x505/0x830 [ 310.409734][T15448] ? __pfx_____sys_sendmsg+0x10/0x10 [ 310.409762][T15448] ? import_iovec+0x74/0xa0 [ 310.409786][T15448] ___sys_sendmsg+0x21f/0x2a0 [ 310.409808][T15448] ? __pfx____sys_sendmsg+0x10/0x10 [ 310.409864][T15448] ? __fget_files+0x2a/0x420 [ 310.409880][T15448] ? __fget_files+0x3a0/0x420 [ 310.409907][T15448] __x64_sys_sendmsg+0x19b/0x260 [ 310.409930][T15448] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 310.409958][T15448] ? __pfx_ksys_write+0x10/0x10 [ 310.409984][T15448] ? do_syscall_64+0xbe/0xfa0 [ 310.410011][T15448] do_syscall_64+0xfa/0xfa0 [ 310.410034][T15448] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.410051][T15448] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 310.410068][T15448] ? clear_bhb_loop+0x60/0xb0 [ 310.410089][T15448] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.410106][T15448] RIP: 0033:0x7f93a9b8f6c9 [ 310.410123][T15448] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 310.410137][T15448] RSP: 002b:00007f93aa98a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 310.410156][T15448] RAX: ffffffffffffffda RBX: 00007f93a9de5fa0 RCX: 00007f93a9b8f6c9 [ 310.410169][T15448] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003 [ 310.410180][T15448] RBP: 00007f93aa98a090 R08: 0000000000000000 R09: 0000000000000000 [ 310.410191][T15448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 310.410298][T15448] R13: 00007f93a9de6038 R14: 00007f93a9de5fa0 R15: 00007ffe215c56e8 [ 310.410330][T15448] [ 310.442922][T15392] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 310.548615][ T5851] Bluetooth: hci4: command tx timeout [ 310.548867][T15392] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 310.839165][T15392] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 310.846239][T15392] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 310.874729][T15392] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 310.886111][T15456] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3326'. [ 310.895208][T15456] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3326'. [ 311.049906][T15392] hsr_slave_0: entered promiscuous mode [ 311.057357][T15392] hsr_slave_1: entered promiscuous mode [ 311.066263][T15392] debugfs: 'hsr0' already exists in 'hsr' [ 311.072012][T15392] Cannot create hsr debugfs directory [ 311.177631][T15471] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3333'. [ 311.492396][T15488] netlink: 'syz.2.3339': attribute type 5 has an invalid length. [ 311.495691][T15392] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.568156][T15392] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.658922][T15392] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.714789][T15392] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.805641][T15502] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3346'. [ 312.315523][ T50] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.337940][ T50] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.448263][T15516] bridge0: port 2(bridge_slave_1) entered disabled state [ 312.455737][T15516] bridge0: port 1(bridge_slave_0) entered disabled state [ 312.528848][T15516] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 312.541739][T15516] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 312.594807][ T5851] Bluetooth: hci4: command tx timeout [ 312.647000][ T50] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.658810][ T50] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.674524][T15392] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 312.704040][T15392] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 312.746307][ T50] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.773169][ T50] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.782090][T15392] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 312.839899][ T50] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.856853][T15530] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3357'. [ 312.858379][T15531] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3356'. [ 312.867647][ T50] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.894364][T15530] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3357'. [ 312.901716][T15392] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 313.005414][T15545] bridge_slave_0: left allmulticast mode [ 313.015797][T15545] bridge_slave_0: left promiscuous mode [ 313.022024][T15545] bridge0: port 1(bridge_slave_0) entered disabled state [ 313.035020][T15545] bridge_slave_1: left allmulticast mode [ 313.040822][T15545] bridge_slave_1: left promiscuous mode [ 313.047151][T15545] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.059758][T15545] bond0: (slave bond_slave_0): Releasing backup interface [ 313.079307][T15545] bond0: (slave bond_slave_1): Releasing backup interface [ 313.089978][T15545] team0: Port device team_slave_0 removed [ 313.098251][T15545] team0: Port device team_slave_1 removed [ 313.104600][T15545] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 313.112634][T15545] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 313.121443][T15545] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 313.146095][T15537] dvmrp1: entered allmulticast mode [ 313.222057][T15553] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3363'. [ 313.262731][T15553] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3363'. [ 313.280577][T15553] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3363'. [ 313.378159][T15560] openvswitch: netlink: Key 22 has unexpected len 2 expected 4 [ 313.395650][T15392] 8021q: adding VLAN 0 to HW filter on device bond0 [ 313.430979][T15392] 8021q: adding VLAN 0 to HW filter on device team0 [ 313.449341][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 313.456543][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 313.476477][ T153] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.483685][ T153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 313.638920][T15571] netlink: 'syz.3.3371': attribute type 5 has an invalid length. [ 313.824836][T15392] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 313.841595][T15578] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 313.859415][T15581] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3374'. [ 314.008065][T15392] veth0_vlan: entered promiscuous mode [ 314.029998][T15392] veth1_vlan: entered promiscuous mode [ 314.092633][T15392] veth0_macvtap: entered promiscuous mode [ 314.122456][T15392] veth1_macvtap: entered promiscuous mode [ 314.147089][T15392] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 314.167477][T15392] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 314.186789][ T153] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.217554][ T153] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.237985][ T153] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.265036][ T153] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 314.449645][ T153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 314.473305][ T153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 314.541018][ T6071] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 314.551573][ T6071] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 314.673783][ T5851] Bluetooth: hci4: command tx timeout [ 314.681283][T15620] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.3297'. [ 314.979225][T15634] FAULT_INJECTION: forcing a failure. [ 314.979225][T15634] name failslab, interval 1, probability 0, space 0, times 0 [ 315.010404][T15634] CPU: 1 UID: 0 PID: 15634 Comm: syz.1.3392 Not tainted syzkaller #0 PREEMPT(full) [ 315.010429][T15634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 315.010439][T15634] Call Trace: [ 315.010446][T15634] [ 315.010454][T15634] dump_stack_lvl+0x189/0x250 [ 315.010480][T15634] ? __pfx____ratelimit+0x10/0x10 [ 315.010504][T15634] ? __pfx_dump_stack_lvl+0x10/0x10 [ 315.010525][T15634] ? __pfx__printk+0x10/0x10 [ 315.010549][T15634] ? __pfx___might_resched+0x10/0x10 [ 315.010568][T15634] ? fs_reclaim_acquire+0x7d/0x100 [ 315.010597][T15634] should_fail_ex+0x414/0x560 [ 315.010627][T15634] should_failslab+0xa8/0x100 [ 315.010646][T15634] kmem_cache_alloc_noprof+0x74/0x6e0 [ 315.010669][T15634] ? security_inode_alloc+0x39/0x330 [ 315.010698][T15634] security_inode_alloc+0x39/0x330 [ 315.010723][T15634] inode_init_always_gfp+0x9ed/0xdc0 [ 315.010754][T15634] ? __pfx_sock_alloc_inode+0x10/0x10 [ 315.010783][T15634] alloc_inode+0x82/0x1b0 [ 315.010808][T15634] __sock_create+0x12d/0x9f0 [ 315.010841][T15634] mptcp_subflow_create_socket+0xf0/0x7d0 [ 315.010866][T15634] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 315.010885][T15634] ? __lock_acquire+0xab9/0xd20 [ 315.010909][T15634] __mptcp_nmpc_sk+0x148/0x760 [ 315.010930][T15634] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 315.010946][T15634] ? __local_bh_enable_ip+0x12d/0x1c0 [ 315.010964][T15634] ? lockdep_hardirqs_on+0x9c/0x150 [ 315.010987][T15634] ? __local_bh_enable_ip+0x12d/0x1c0 [ 315.011008][T15634] mptcp_sendmsg_fastopen+0xd4/0x580 [ 315.011040][T15634] mptcp_sendmsg+0x1774/0x1980 [ 315.011063][T15634] ? __pfx___might_resched+0x10/0x10 [ 315.011098][T15634] ? aa_sk_perm+0x81e/0x950 [ 315.011126][T15634] ? __pfx_aa_sk_perm+0x10/0x10 [ 315.011147][T15634] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 315.011170][T15634] ? sock_rps_record_flow+0x19/0x410 [ 315.011197][T15634] ? inet_sendmsg+0x2f4/0x370 [ 315.011217][T15634] __sock_sendmsg+0x19c/0x270 [ 315.011242][T15634] ____sys_sendmsg+0x505/0x830 [ 315.011266][T15634] ? __pfx_____sys_sendmsg+0x10/0x10 [ 315.011294][T15634] ? import_iovec+0x74/0xa0 [ 315.011319][T15634] ___sys_sendmsg+0x21f/0x2a0 [ 315.011339][T15634] ? __pfx____sys_sendmsg+0x10/0x10 [ 315.011396][T15634] ? __fget_files+0x2a/0x420 [ 315.011411][T15634] ? __fget_files+0x3a0/0x420 [ 315.011437][T15634] __x64_sys_sendmsg+0x19b/0x260 [ 315.011457][T15634] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 315.011485][T15634] ? __pfx_ksys_write+0x10/0x10 [ 315.011512][T15634] ? do_syscall_64+0xbe/0xfa0 [ 315.011539][T15634] do_syscall_64+0xfa/0xfa0 [ 315.011559][T15634] ? lockdep_hardirqs_on+0x9c/0x150 [ 315.011580][T15634] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.011598][T15634] ? clear_bhb_loop+0x60/0xb0 [ 315.011618][T15634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.011635][T15634] RIP: 0033:0x7fee64f8f6c9 [ 315.011651][T15634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 315.011665][T15634] RSP: 002b:00007fee65e14038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 315.011685][T15634] RAX: ffffffffffffffda RBX: 00007fee651e5fa0 RCX: 00007fee64f8f6c9 [ 315.011697][T15634] RDX: 0000000030004084 RSI: 0000200000000080 RDI: 0000000000000003 [ 315.011709][T15634] RBP: 00007fee65e14090 R08: 0000000000000000 R09: 0000000000000000 [ 315.011720][T15634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 315.011730][T15634] R13: 00007fee651e6038 R14: 00007fee651e5fa0 R15: 00007fff0fcb17d8 [ 315.011766][T15634] [ 315.012238][T15634] socket: no more sockets [ 315.552411][T15652] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.3398'. [ 315.806320][T15672] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3407'. [ 315.884946][T15672] 8021q: adding VLAN 0 to HW filter on device bond1 [ 316.303679][T15692] xt_bpf: check failed: parse error [ 316.308452][T15691] xt_bpf: check failed: parse error [ 316.311130][T15692] x_tables: duplicate underflow at hook 3 [ 316.343191][T15684] bond0 (unregistering): Released all slaves [ 316.569346][T15704] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.603229][T15705] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.754213][ T5851] Bluetooth: hci4: command tx timeout [ 316.823857][T15722] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 316.843728][T15722] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 316.857648][T15720] netlink: 'syz.0.3423': attribute type 1 has an invalid length. [ 316.919493][T15727] Cannot find del_set index 0 as target [ 317.016158][T15722] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 317.070213][T15722] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 317.086709][ T1301] aoe: packet could not be sent on bond0. consider increasing tx_queue_len [ 317.109062][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.263488][T15722] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 317.271419][T15722] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 317.480183][T15722] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 317.521233][T15722] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 317.556426][T15722] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 317.593000][T15722] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 317.881437][T15763] FAULT_INJECTION: forcing a failure. [ 317.881437][T15763] name failslab, interval 1, probability 0, space 0, times 0 [ 317.897705][T15762] __nla_validate_parse: 4 callbacks suppressed [ 317.897724][T15762] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3433'. [ 317.913267][T15763] CPU: 1 UID: 0 PID: 15763 Comm: syz.1.3436 Not tainted syzkaller #0 PREEMPT(full) [ 317.913291][T15763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 317.913302][T15763] Call Trace: [ 317.913309][T15763] [ 317.913317][T15763] dump_stack_lvl+0x189/0x250 [ 317.913344][T15763] ? __pfx____ratelimit+0x10/0x10 [ 317.913367][T15763] ? __pfx_dump_stack_lvl+0x10/0x10 [ 317.913389][T15763] ? __pfx__printk+0x10/0x10 [ 317.913413][T15763] ? __pfx___might_resched+0x10/0x10 [ 317.913431][T15763] ? fs_reclaim_acquire+0x7d/0x100 [ 317.913461][T15763] should_fail_ex+0x414/0x560 [ 317.913491][T15763] should_failslab+0xa8/0x100 [ 317.913510][T15763] __kmalloc_cache_noprof+0x6f/0x6f0 [ 317.913534][T15763] ? subflow_ulp_init+0xd0/0x5c0 [ 317.913567][T15763] subflow_ulp_init+0xd0/0x5c0 [ 317.913585][T15763] ? tcp_set_ulp+0xb1/0x5f0 [ 317.913609][T15763] tcp_set_ulp+0x53c/0x5f0 [ 317.913631][T15763] mptcp_subflow_create_socket+0x348/0x7d0 [ 317.913656][T15763] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 317.913675][T15763] ? __lock_acquire+0xab9/0xd20 [ 317.913699][T15763] __mptcp_nmpc_sk+0x148/0x760 [ 317.913721][T15763] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 317.913737][T15763] ? __local_bh_enable_ip+0x12d/0x1c0 [ 317.913755][T15763] ? lockdep_hardirqs_on+0x9c/0x150 [ 317.913778][T15763] ? __local_bh_enable_ip+0x12d/0x1c0 [ 317.913799][T15763] mptcp_sendmsg_fastopen+0xd4/0x580 [ 317.913831][T15763] mptcp_sendmsg+0x1774/0x1980 [ 317.913854][T15763] ? __pfx___might_resched+0x10/0x10 [ 317.913890][T15763] ? aa_sk_perm+0x81e/0x950 [ 317.913918][T15763] ? __pfx_aa_sk_perm+0x10/0x10 [ 317.913939][T15763] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 317.913962][T15763] ? sock_rps_record_flow+0x19/0x410 [ 317.913990][T15763] ? inet_sendmsg+0x2f4/0x370 [ 317.914009][T15763] __sock_sendmsg+0x19c/0x270 [ 317.914035][T15763] ____sys_sendmsg+0x505/0x830 [ 317.914059][T15763] ? __pfx_____sys_sendmsg+0x10/0x10 [ 317.914087][T15763] ? import_iovec+0x74/0xa0 [ 317.914112][T15763] ___sys_sendmsg+0x21f/0x2a0 [ 317.914134][T15763] ? __pfx____sys_sendmsg+0x10/0x10 [ 317.914196][T15763] ? __fget_files+0x2a/0x420 [ 317.914212][T15763] ? __fget_files+0x3a0/0x420 [ 317.914239][T15763] __x64_sys_sendmsg+0x19b/0x260 [ 317.914261][T15763] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 317.914290][T15763] ? __pfx_ksys_write+0x10/0x10 [ 317.914317][T15763] ? do_syscall_64+0xbe/0xfa0 [ 317.914344][T15763] do_syscall_64+0xfa/0xfa0 [ 317.914365][T15763] ? lockdep_hardirqs_on+0x9c/0x150 [ 317.914387][T15763] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.914404][T15763] ? clear_bhb_loop+0x60/0xb0 [ 317.914424][T15763] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.914441][T15763] RIP: 0033:0x7fee64f8f6c9 [ 317.914456][T15763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 317.914486][T15763] RSP: 002b:00007fee65e14038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 317.914505][T15763] RAX: ffffffffffffffda RBX: 00007fee651e5fa0 RCX: 00007fee64f8f6c9 [ 317.914518][T15763] RDX: 0000000030004084 RSI: 0000200000000080 RDI: 0000000000000003 [ 317.914530][T15763] RBP: 00007fee65e14090 R08: 0000000000000000 R09: 0000000000000000 [ 317.914541][T15763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 317.914557][T15763] R13: 00007fee651e6038 R14: 00007fee651e5fa0 R15: 00007fff0fcb17d8 [ 317.914589][T15763] [ 317.933813][T15766] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3437'. [ 318.542407][T15798] netlink: 27 bytes leftover after parsing attributes in process `syz.3.3450'. [ 318.620213][T15800] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 318.669309][T15802] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3451'. [ 318.824459][T15814] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 319.218584][T15828] netlink: 'syz.3.3463': attribute type 29 has an invalid length. [ 319.230527][T15828] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3463'. [ 319.266891][T15830] netdevsim netdevsim0: Direct firmware load for lookup_extent_enter failed with error -2 [ 319.293673][T15830] netdevsim netdevsim0: Falling back to sysfs fallback for: lookup_extent_enter [ 319.307194][T15832] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3465'. [ 319.325025][T15832] netlink: 'syz.3.3465': attribute type 29 has an invalid length. [ 319.342867][T15832] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3465'. [ 320.327517][T15864] nft_compat: unsupported protocol 5 [ 320.449717][T15870] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 320.585243][T15882] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3483'. [ 320.597827][T15882] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3483'. [ 320.607079][T15882] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3483'. [ 321.927356][T15944] syzkaller0: entered promiscuous mode [ 321.936755][T15944] syzkaller0: entered allmulticast mode [ 322.182624][T15961] FAULT_INJECTION: forcing a failure. [ 322.182624][T15961] name failslab, interval 1, probability 0, space 0, times 0 [ 322.203952][T15961] CPU: 0 UID: 0 PID: 15961 Comm: syz.3.3514 Not tainted syzkaller #0 PREEMPT(full) [ 322.203975][T15961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 322.203985][T15961] Call Trace: [ 322.203992][T15961] [ 322.203999][T15961] dump_stack_lvl+0x189/0x250 [ 322.204023][T15961] ? __pfx____ratelimit+0x10/0x10 [ 322.204045][T15961] ? __pfx_dump_stack_lvl+0x10/0x10 [ 322.204073][T15961] ? __pfx__printk+0x10/0x10 [ 322.204095][T15961] ? __pfx___might_resched+0x10/0x10 [ 322.204113][T15961] ? fs_reclaim_acquire+0x7d/0x100 [ 322.204140][T15961] should_fail_ex+0x414/0x560 [ 322.204169][T15961] should_failslab+0xa8/0x100 [ 322.204188][T15961] kmem_cache_alloc_node_noprof+0x77/0x710 [ 322.204211][T15961] ? __alloc_skb+0x112/0x2d0 [ 322.204226][T15961] ? netlink_autobind+0xdb/0x300 [ 322.204247][T15961] __alloc_skb+0x112/0x2d0 [ 322.204267][T15961] netlink_sendmsg+0x5c6/0xb30 [ 322.204293][T15961] ? __pfx_netlink_sendmsg+0x10/0x10 [ 322.204313][T15961] ? aa_sock_msg_perm+0xf1/0x1d0 [ 322.204337][T15961] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 322.204353][T15961] ? __pfx_netlink_sendmsg+0x10/0x10 [ 322.204371][T15961] __sock_sendmsg+0x21c/0x270 [ 322.204393][T15961] ____sys_sendmsg+0x505/0x830 [ 322.204415][T15961] ? __pfx_____sys_sendmsg+0x10/0x10 [ 322.204441][T15961] ? import_iovec+0x74/0xa0 [ 322.204466][T15961] ___sys_sendmsg+0x21f/0x2a0 [ 322.204486][T15961] ? __pfx____sys_sendmsg+0x10/0x10 [ 322.204542][T15961] ? __fget_files+0x2a/0x420 [ 322.204557][T15961] ? __fget_files+0x3a0/0x420 [ 322.204584][T15961] __x64_sys_sendmsg+0x19b/0x260 [ 322.204606][T15961] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 322.204633][T15961] ? __pfx_ksys_write+0x10/0x10 [ 322.204659][T15961] ? do_syscall_64+0xbe/0xfa0 [ 322.204685][T15961] do_syscall_64+0xfa/0xfa0 [ 322.204704][T15961] ? lockdep_hardirqs_on+0x9c/0x150 [ 322.204726][T15961] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.204742][T15961] ? clear_bhb_loop+0x60/0xb0 [ 322.204760][T15961] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.204775][T15961] RIP: 0033:0x7fa134d8f6c9 [ 322.204790][T15961] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 322.204804][T15961] RSP: 002b:00007fa135b9e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 322.204823][T15961] RAX: ffffffffffffffda RBX: 00007fa134fe5fa0 RCX: 00007fa134d8f6c9 [ 322.204835][T15961] RDX: 0000000000000800 RSI: 0000200000000100 RDI: 0000000000000003 [ 322.204847][T15961] RBP: 00007fa135b9e090 R08: 0000000000000000 R09: 0000000000000000 [ 322.204857][T15961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 322.204867][T15961] R13: 00007fa134fe6038 R14: 00007fa134fe5fa0 R15: 00007fff54bde318 [ 322.204897][T15961] [ 322.872461][T15990] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 323.106195][T16007] FAULT_INJECTION: forcing a failure. [ 323.106195][T16007] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 323.120119][T16007] CPU: 0 UID: 0 PID: 16007 Comm: syz.2.3531 Not tainted syzkaller #0 PREEMPT(full) [ 323.120144][T16007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 323.120154][T16007] Call Trace: [ 323.120161][T16007] [ 323.120169][T16007] dump_stack_lvl+0x189/0x250 [ 323.120195][T16007] ? __pfx____ratelimit+0x10/0x10 [ 323.120217][T16007] ? __pfx_dump_stack_lvl+0x10/0x10 [ 323.120240][T16007] ? __pfx__printk+0x10/0x10 [ 323.120258][T16007] ? __might_fault+0xb0/0x130 [ 323.120297][T16007] should_fail_ex+0x414/0x560 [ 323.120326][T16007] _copy_from_iter+0x1de/0x1790 [ 323.120351][T16007] ? rcu_is_watching+0x15/0xb0 [ 323.120373][T16007] ? kmalloc_reserve+0xbd/0x290 [ 323.120391][T16007] ? __pfx__copy_from_iter+0x10/0x10 [ 323.120409][T16007] ? __build_skb_around+0x262/0x3f0 [ 323.120437][T16007] ? netlink_sendmsg+0x642/0xb30 [ 323.120452][T16007] ? skb_put+0x11b/0x210 [ 323.120472][T16007] netlink_sendmsg+0x6b2/0xb30 [ 323.120497][T16007] ? __pfx_netlink_sendmsg+0x10/0x10 [ 323.120518][T16007] ? aa_sock_msg_perm+0xf1/0x1d0 [ 323.120543][T16007] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 323.120560][T16007] ? __pfx_netlink_sendmsg+0x10/0x10 [ 323.120577][T16007] __sock_sendmsg+0x21c/0x270 [ 323.120602][T16007] ____sys_sendmsg+0x505/0x830 [ 323.120626][T16007] ? __pfx_____sys_sendmsg+0x10/0x10 [ 323.120654][T16007] ? import_iovec+0x74/0xa0 [ 323.120678][T16007] ___sys_sendmsg+0x21f/0x2a0 [ 323.120698][T16007] ? __pfx____sys_sendmsg+0x10/0x10 [ 323.120752][T16007] ? __fget_files+0x2a/0x420 [ 323.120768][T16007] ? __fget_files+0x3a0/0x420 [ 323.120793][T16007] __x64_sys_sendmsg+0x19b/0x260 [ 323.120815][T16007] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 323.120842][T16007] ? __pfx_ksys_write+0x10/0x10 [ 323.120869][T16007] ? do_syscall_64+0xbe/0xfa0 [ 323.120896][T16007] do_syscall_64+0xfa/0xfa0 [ 323.120916][T16007] ? lockdep_hardirqs_on+0x9c/0x150 [ 323.120938][T16007] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.120955][T16007] ? clear_bhb_loop+0x60/0xb0 [ 323.120975][T16007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.120992][T16007] RIP: 0033:0x7f93a9b8f6c9 [ 323.121006][T16007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 323.121021][T16007] RSP: 002b:00007f93aa98a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 323.121044][T16007] RAX: ffffffffffffffda RBX: 00007f93a9de5fa0 RCX: 00007f93a9b8f6c9 [ 323.121056][T16007] RDX: 0000000000000800 RSI: 0000200000000100 RDI: 0000000000000003 [ 323.121067][T16007] RBP: 00007f93aa98a090 R08: 0000000000000000 R09: 0000000000000000 [ 323.121078][T16007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 323.121088][T16007] R13: 00007f93a9de6038 R14: 00007f93a9de5fa0 R15: 00007ffe215c56e8 [ 323.121117][T16007] [ 323.496440][T16026] netlink: 'syz.2.3537': attribute type 1 has an invalid length. [ 323.515989][T16026] __nla_validate_parse: 3 callbacks suppressed [ 323.516004][T16026] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3537'. [ 323.568064][T16028] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 323.656421][T16031] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3539'. [ 324.077039][ T78] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.090864][ T78] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.100464][ T78] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.111582][ T78] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.417663][T16075] netlink: 'syz.0.3552': attribute type 29 has an invalid length. [ 324.436302][T16078] netlink: 'syz.0.3552': attribute type 29 has an invalid length. [ 324.447199][T16075] netlink: 'syz.0.3552': attribute type 29 has an invalid length. [ 324.463742][T16074] netlink: 'syz.0.3552': attribute type 29 has an invalid length. [ 324.736759][T16093] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3558'. [ 324.753710][T16094] xt_l2tp: missing protocol rule (udp|l2tpip) [ 324.783117][T16099] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3560'. [ 324.798452][T16093] bond1: option xmit_hash_policy: invalid value (64) [ 324.807562][T16093] bond1 (unregistering): Released all slaves [ 325.088912][T16116] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3565'. [ 325.156213][T16121] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3563'. [ 325.250939][T16124] netlink: 1688 bytes leftover after parsing attributes in process `syz.4.3566'. [ 325.405588][T16132] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3569'. [ 325.414795][T16132] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 325.536195][T16141] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3573'. [ 325.838834][T16154] bridge0: port 2(bridge_slave_1) entered disabled state [ 325.846598][T16154] bridge0: port 1(bridge_slave_0) entered disabled state [ 325.934408][T16154] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 325.948956][T16154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 326.043552][ T61] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.052663][ T61] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.062062][ T61] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.076828][ T61] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.174362][T16173] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 326.242318][T16175] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3583'. [ 326.295123][T16181] netlink: 'syz.4.3586': attribute type 1 has an invalid length. [ 326.358721][T16181] bond1: (slave geneve2): making interface the new active one [ 326.374008][T16181] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 326.382708][ T61] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 20004 - 0 [ 326.415793][ T61] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 20004 - 0 [ 326.438671][ T61] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 20004 - 0 [ 326.463484][ T61] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 20004 - 0 [ 326.556395][T16192] FAULT_INJECTION: forcing a failure. [ 326.556395][T16192] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 326.581770][T16192] CPU: 1 UID: 0 PID: 16192 Comm: syz.2.3591 Not tainted syzkaller #0 PREEMPT(full) [ 326.581817][T16192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 326.581839][T16192] Call Trace: [ 326.581854][T16192] [ 326.581869][T16192] dump_stack_lvl+0x189/0x250 [ 326.581907][T16192] ? __pfx____ratelimit+0x10/0x10 [ 326.581929][T16192] ? __pfx_dump_stack_lvl+0x10/0x10 [ 326.581952][T16192] ? __pfx__printk+0x10/0x10 [ 326.581970][T16192] ? __might_fault+0xb0/0x130 [ 326.582004][T16192] should_fail_ex+0x414/0x560 [ 326.582033][T16192] _copy_from_user+0x2d/0xb0 [ 326.582056][T16192] kstrtouint_from_user+0xc4/0x170 [ 326.582077][T16192] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 326.582113][T16192] proc_fail_nth_write+0x88/0x200 [ 326.582135][T16192] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 326.582162][T16192] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 326.582185][T16192] vfs_write+0x27e/0xb30 [ 326.582217][T16192] ? __pfx_vfs_write+0x10/0x10 [ 326.582242][T16192] ? __fget_files+0x2a/0x420 [ 326.582263][T16192] ? __fget_files+0x3a0/0x420 [ 326.582278][T16192] ? __fget_files+0x2a/0x420 [ 326.582304][T16192] ksys_write+0x145/0x250 [ 326.582329][T16192] ? __pfx_ksys_write+0x10/0x10 [ 326.582356][T16192] ? do_syscall_64+0xbe/0xfa0 [ 326.582382][T16192] do_syscall_64+0xfa/0xfa0 [ 326.582402][T16192] ? lockdep_hardirqs_on+0x9c/0x150 [ 326.582424][T16192] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.582442][T16192] ? clear_bhb_loop+0x60/0xb0 [ 326.582463][T16192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.582479][T16192] RIP: 0033:0x7f93a9b8e17f [ 326.582495][T16192] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 326.582510][T16192] RSP: 002b:00007f93aa98a030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 326.582528][T16192] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f93a9b8e17f [ 326.582540][T16192] RDX: 0000000000000001 RSI: 00007f93aa98a0a0 RDI: 0000000000000004 [ 326.582551][T16192] RBP: 00007f93aa98a090 R08: 0000000000000000 R09: 0000000000000000 [ 326.582562][T16192] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 326.582571][T16192] R13: 00007f93a9de6038 R14: 00007f93a9de5fa0 R15: 00007ffe215c56e8 [ 326.582607][T16192] [ 326.842157][T16196] nbd: must specify at least one socket [ 326.890953][T16202] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 327.119974][T16220] veth0_to_bridge: entered promiscuous mode [ 327.163654][T16220] veth0_to_bridge: left promiscuous mode [ 327.660506][T16250] netlink: 'syz.1.3616': attribute type 6 has an invalid length. [ 328.131923][T16277] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 328.269569][T16283] pimreg: entered allmulticast mode [ 328.742108][T16309] __nla_validate_parse: 10 callbacks suppressed [ 328.742126][T16309] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3639'. [ 328.817713][T16309] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3639'. [ 328.831147][T16320] bridge_slave_0: left allmulticast mode [ 328.841115][T16320] bridge_slave_0: left promiscuous mode [ 328.854071][T16320] bridge0: port 1(bridge_slave_0) entered disabled state [ 328.887516][T16320] bridge_slave_1: left allmulticast mode [ 328.897126][T16320] bridge_slave_1: left promiscuous mode [ 328.914396][T16320] bridge0: port 2(bridge_slave_1) entered disabled state [ 328.947240][T16320] bond0: (slave bond_slave_0): Releasing backup interface [ 328.985851][T16320] bond0: (slave bond_slave_1): Releasing backup interface [ 329.091886][T16320] team0: Port device team_slave_0 removed [ 329.141574][T16320] team0: Port device team_slave_1 removed [ 329.146698][T16335] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3643'. [ 329.153420][T16320] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 329.174594][T16335] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3643'. [ 329.196981][T16320] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 329.205706][T16320] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 329.361752][T16350] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3649'. [ 329.481566][T16359] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3652'. [ 329.851896][T16387] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3663'. [ 329.918332][T16389] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.3664'. [ 330.124798][T16408] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 330.252789][T16413] netlink: 'syz.4.3673': attribute type 72 has an invalid length. [ 330.306909][T16421] IPVS: Error connecting to the multicast addr [ 330.360076][T16425] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3678'. [ 331.116857][T16468] FAULT_INJECTION: forcing a failure. [ 331.116857][T16468] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 331.130161][T16468] CPU: 1 UID: 0 PID: 16468 Comm: syz.3.3691 Not tainted syzkaller #0 PREEMPT(full) [ 331.130186][T16468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 331.130197][T16468] Call Trace: [ 331.130204][T16468] [ 331.130209][T16468] dump_stack_lvl+0x189/0x250 [ 331.130233][T16468] ? __pfx____ratelimit+0x10/0x10 [ 331.130246][T16468] ? __pfx_dump_stack_lvl+0x10/0x10 [ 331.130258][T16468] ? __pfx__printk+0x10/0x10 [ 331.130269][T16468] ? __might_fault+0xb0/0x130 [ 331.130287][T16468] should_fail_ex+0x414/0x560 [ 331.130304][T16468] _copy_from_user+0x2d/0xb0 [ 331.130317][T16468] sctp_setsockopt+0x19f/0x1200 [ 331.130326][T16468] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 331.130341][T16468] do_sock_setsockopt+0x17c/0x1b0 [ 331.130354][T16468] __x64_sys_setsockopt+0x13f/0x1b0 [ 331.130367][T16468] do_syscall_64+0xfa/0xfa0 [ 331.130380][T16468] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.130390][T16468] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 331.130399][T16468] ? clear_bhb_loop+0x60/0xb0 [ 331.130410][T16468] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.130420][T16468] RIP: 0033:0x7fa134d8f6c9 [ 331.130429][T16468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 331.130438][T16468] RSP: 002b:00007fa135b7d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 331.130449][T16468] RAX: ffffffffffffffda RBX: 00007fa134fe6090 RCX: 00007fa134d8f6c9 [ 331.130456][T16468] RDX: 0000000000000009 RSI: 0000000000000084 RDI: 0000000000000003 [ 331.130462][T16468] RBP: 00007fa135b7d090 R08: 000000000000009c R09: 0000000000000000 [ 331.130469][T16468] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000001 [ 331.130476][T16468] R13: 00007fa134fe6128 R14: 00007fa134fe6090 R15: 00007fff54bde318 [ 331.130493][T16468] [ 331.402428][T16472] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3693'. [ 331.683572][T16485] macsec1: entered promiscuous mode [ 332.184514][T16523] netlink: 'syz.4.3710': attribute type 1 has an invalid length. [ 332.215871][T16523] nbd: error processing sock list [ 332.220951][T16523] block nbd0: shutting down sockets [ 332.388463][T16540] FAULT_INJECTION: forcing a failure. [ 332.388463][T16540] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 332.422313][T16540] CPU: 1 UID: 0 PID: 16540 Comm: syz.0.3717 Not tainted syzkaller #0 PREEMPT(full) [ 332.422338][T16540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 332.422349][T16540] Call Trace: [ 332.422356][T16540] [ 332.422364][T16540] dump_stack_lvl+0x189/0x250 [ 332.422399][T16540] ? __pfx____ratelimit+0x10/0x10 [ 332.422421][T16540] ? __pfx_dump_stack_lvl+0x10/0x10 [ 332.422443][T16540] ? __pfx__printk+0x10/0x10 [ 332.422473][T16540] should_fail_ex+0x414/0x560 [ 332.422501][T16540] _copy_to_user+0x31/0xb0 [ 332.422525][T16540] simple_read_from_buffer+0xe1/0x170 [ 332.422555][T16540] proc_fail_nth_read+0x1b3/0x220 [ 332.422580][T16540] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 332.422603][T16540] ? rw_verify_area+0x2a6/0x4d0 [ 332.422624][T16540] ? __lock_acquire+0xab9/0xd20 [ 332.422639][T16540] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 332.422661][T16540] vfs_read+0x200/0xa30 [ 332.422682][T16540] ? fdget_pos+0x247/0x320 [ 332.422703][T16540] ? __pfx___mutex_lock+0x10/0x10 [ 332.422727][T16540] ? __pfx_vfs_read+0x10/0x10 [ 332.422751][T16540] ? __fget_files+0x2a/0x420 [ 332.422769][T16540] ? __fget_files+0x3a0/0x420 [ 332.422782][T16540] ? __fget_files+0x2a/0x420 [ 332.422808][T16540] ksys_read+0x145/0x250 [ 332.422830][T16540] ? __pfx_ksys_read+0x10/0x10 [ 332.422853][T16540] ? do_syscall_64+0xbe/0xfa0 [ 332.422879][T16540] do_syscall_64+0xfa/0xfa0 [ 332.422899][T16540] ? lockdep_hardirqs_on+0x9c/0x150 [ 332.422919][T16540] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.422936][T16540] ? clear_bhb_loop+0x60/0xb0 [ 332.422957][T16540] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.422972][T16540] RIP: 0033:0x7f49bfb8e0dc [ 332.422988][T16540] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 332.423001][T16540] RSP: 002b:00007f49c0a40030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 332.423019][T16540] RAX: ffffffffffffffda RBX: 00007f49bfde6090 RCX: 00007f49bfb8e0dc [ 332.423032][T16540] RDX: 000000000000000f RSI: 00007f49c0a400a0 RDI: 0000000000000005 [ 332.423042][T16540] RBP: 00007f49c0a40090 R08: 0000000000000000 R09: 0000000000000000 [ 332.423051][T16540] R10: 0000200000000300 R11: 0000000000000246 R12: 0000000000000001 [ 332.423061][T16540] R13: 00007f49bfde6128 R14: 00007f49bfde6090 R15: 00007ffe0837a278 [ 332.423092][T16540] [ 332.909643][T16552] xt_hashlimit: size too large, truncated to 1048576 [ 332.928700][T16552] warn_alloc: 1 callbacks suppressed [ 332.928717][T16552] syz.3.3724: vmalloc error: size 10485760, failed to allocated page array size 20480, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 332.955047][T16552] CPU: 0 UID: 0 PID: 16552 Comm: syz.3.3724 Not tainted syzkaller #0 PREEMPT(full) [ 332.955079][T16552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 332.955089][T16552] Call Trace: [ 332.955096][T16552] [ 332.955103][T16552] dump_stack_lvl+0x189/0x250 [ 332.955133][T16552] ? __pfx_dump_stack_lvl+0x10/0x10 [ 332.955155][T16552] ? __pfx__printk+0x10/0x10 [ 332.955175][T16552] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 332.955197][T16552] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 332.955222][T16552] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 332.955246][T16552] warn_alloc+0x214/0x310 [ 332.955275][T16552] ? __pfx_warn_alloc+0x10/0x10 [ 332.955306][T16552] ? __get_vm_area_node+0x28f/0x300 [ 332.955329][T16552] ? htable_create+0x101/0x7a0 [ 332.955353][T16552] __vmalloc_node_range_noprof+0x690/0x12d0 [ 332.955394][T16552] ? alloc_pages_mpol+0x3cd/0x4a0 [ 332.955413][T16552] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 332.955440][T16552] ? rcu_is_watching+0x15/0xb0 [ 332.955459][T16552] ? htable_create+0x101/0x7a0 [ 332.955479][T16552] __kvmalloc_node_noprof+0x674/0x910 [ 332.955502][T16552] ? htable_create+0x101/0x7a0 [ 332.955518][T16552] ? hashlimit_pernet+0x23/0x240 [ 332.955538][T16552] ? hashlimit_pernet+0x23/0x240 [ 332.955556][T16552] ? hashlimit_pernet+0x23/0x240 [ 332.955583][T16552] htable_create+0x101/0x7a0 [ 332.955612][T16552] hashlimit_mt_check_common+0x719/0xa10 [ 332.955644][T16552] xt_check_match+0x3d1/0xab0 [ 332.955671][T16552] ? __pfx_xt_check_match+0x10/0x10 [ 332.955695][T16552] ? pcpu_alloc_noprof+0xfdd/0x1720 [ 332.955730][T16552] ? xt_find_match+0x1f7/0x250 [ 332.955758][T16552] translate_table+0x1553/0x2040 [ 332.955806][T16552] ? __pfx_translate_table+0x10/0x10 [ 332.955832][T16552] ? __might_fault+0xb0/0x130 [ 332.955875][T16552] ? _copy_from_user+0x94/0xb0 [ 332.955900][T16552] do_ip6t_set_ctl+0x970/0xce0 [ 332.955928][T16552] ? rcu_is_watching+0x15/0xb0 [ 332.955947][T16552] ? trace_contention_end+0x39/0x120 [ 332.955968][T16552] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 332.956015][T16552] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 332.956045][T16552] ? vfs_write+0x960/0xb30 [ 332.956082][T16552] ? __lock_acquire+0xab9/0xd20 [ 332.956107][T16552] nf_setsockopt+0x26f/0x290 [ 332.956134][T16552] rawv6_setsockopt+0x23b/0x5b0 [ 332.956155][T16552] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 332.956172][T16552] ? aa_sock_opt_perm+0xff/0x1b0 [ 332.956198][T16552] ? sock_common_setsockopt+0x36/0xc0 [ 332.956220][T16552] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 332.956246][T16552] do_sock_setsockopt+0x17c/0x1b0 [ 332.956269][T16552] __x64_sys_setsockopt+0x13f/0x1b0 [ 332.956293][T16552] do_syscall_64+0xfa/0xfa0 [ 332.956314][T16552] ? lockdep_hardirqs_on+0x9c/0x150 [ 332.956336][T16552] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.956356][T16552] ? clear_bhb_loop+0x60/0xb0 [ 332.956377][T16552] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.956393][T16552] RIP: 0033:0x7fa134d8f6c9 [ 332.956408][T16552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 332.956422][T16552] RSP: 002b:00007fa135b9e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 332.956441][T16552] RAX: ffffffffffffffda RBX: 00007fa134fe5fa0 RCX: 00007fa134d8f6c9 [ 332.956454][T16552] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000005 [ 332.956465][T16552] RBP: 00007fa134e11f91 R08: 0000000000000528 R09: 0000000000000000 [ 332.956476][T16552] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000000 [ 332.956487][T16552] R13: 00007fa134fe6038 R14: 00007fa134fe5fa0 R15: 00007fff54bde318 [ 332.956519][T16552] [ 332.956569][T16552] Mem-Info: [ 333.324250][T16552] active_anon:6320 inactive_anon:0 isolated_anon:0 [ 333.324250][T16552] active_file:3829 inactive_file:39989 isolated_file:0 [ 333.324250][T16552] unevictable:768 dirty:166 writeback:0 [ 333.324250][T16552] slab_reclaimable:12220 slab_unreclaimable:118090 [ 333.324250][T16552] mapped:30850 shmem:1361 pagetables:1375 [ 333.324250][T16552] sec_pagetables:0 bounce:0 [ 333.324250][T16552] kernel_misc_reclaimable:0 [ 333.324250][T16552] free:1306401 free_pcp:15004 free_cma:0 [ 333.371016][T16552] Node 0 active_anon:25280kB inactive_anon:0kB active_file:15316kB inactive_file:159756kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:123400kB dirty:664kB writeback:0kB shmem:3908kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14544kB pagetables:5360kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 333.414049][T16552] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 333.444646][T16552] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 333.529851][T16578] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 333.540216][T16552] lowmem_reserve[]: 0 2505 2505 2505 2505 [ 333.547451][T16552] Node 0 DMA32 free:1314564kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:24780kB inactive_anon:0kB active_file:15316kB inactive_file:159756kB unevictable:1536kB writepending:664kB zspages:0kB present:3129332kB managed:2565160kB mlocked:0kB bounce:0kB free_pcp:43380kB local_pcp:23524kB free_cma:0kB [ 333.581236][T16578] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 333.581245][T16552] lowmem_reserve[]: [ 333.581318][T16578] gretap1: entered promiscuous mode [ 333.588931][T16552] 0 0 0 0 0 [ 333.589003][T16552] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 333.589055][T16552] lowmem_reserve[]: 0 0 0 0 0 [ 333.589092][T16552] Node 1 [ 333.593653][T16578] gretap1: entered allmulticast mode [ 333.598321][T16552] Normal free:3895368kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:18380kB local_pcp:9384kB free_cma:0kB [ 333.603970][T16585] netlink: 'syz.1.3733': attribute type 12 has an invalid length. [ 333.684880][T16552] lowmem_reserve[]: 0 0 0 0 0 [ 333.690782][T16552] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 333.711044][T16552] Node 0 DMA32: 817*4kB (UM) 840*8kB (UM) 538*16kB (UME) 182*32kB (UM) 79*64kB (UME) 51*128kB (UME) 22*256kB (UM) 2*512kB (M) 36*1024kB (UM) 7*2048kB (UME) 298*4096kB (UM) = 1314468kB [ 333.742946][T16552] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 333.793042][T16552] Node 1 Normal: 176*4kB (UME) 57*8kB (UME) 42*16kB (UME) 95*32kB (UME) 33*64kB (UME) 6*128kB (UME) 4*256kB (UM) 5*512kB (UM) 3*1024kB (UME) 1*2048kB (E) 947*4096kB (M) = 3895368kB [ 333.860826][T16552] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 333.886143][T16552] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 333.902675][T16596] __nla_validate_parse: 7 callbacks suppressed [ 333.902694][T16596] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3739'. [ 333.932640][T16552] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 333.946785][T16552] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 333.997285][T16552] 45175 total pagecache pages [ 334.013003][T16552] 0 pages in swap cache [ 334.017194][T16552] Free swap = 124996kB [ 334.021350][T16552] Total swap = 124996kB [ 334.076580][T16552] 2097051 pages RAM [ 334.094937][T16552] 0 pages HighMem/MovableOnly [ 334.099648][T16552] 424119 pages reserved [ 334.118690][T16552] 0 pages cma reserved [ 334.288149][T16616] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3743'. [ 334.428927][T16630] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3747'. [ 334.438567][T16628] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 334.529923][T16630] syzkaller0: entered promiscuous mode [ 334.535702][T16630] syzkaller0: entered allmulticast mode [ 334.544823][T16630] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 334.610432][T16637] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3751'. [ 335.047852][T16672] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 335.946545][T16728] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3781'. [ 336.092188][T16739] Bluetooth: MGMT ver 1.23 [ 336.098324][T16736] netlink: 'syz.1.3785': attribute type 1 has an invalid length. [ 336.106635][T16736] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3785'. [ 336.503952][T16760] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3794'. [ 336.517186][T16760] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3794'. [ 336.596657][T16767] IPVS: set_ctl: invalid protocol: 43 172.30.1.2:20001 [ 336.597804][T16766] netlink: 'syz.2.3797': attribute type 2 has an invalid length. [ 336.758371][T16776] A link change request failed with some changes committed already. Interface hsr_slave_1 may have been left with an inconsistent configuration, please check. [ 336.898359][T16785] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3805'. [ 336.907752][T16785] netlink: 'syz.0.3805': attribute type 30 has an invalid length. [ 336.923465][T16785] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3805'. [ 337.215046][T16807] bridge_slave_0: left allmulticast mode [ 337.220866][T16807] bridge_slave_0: left promiscuous mode [ 337.227161][T16807] bridge0: port 1(bridge_slave_0) entered disabled state [ 337.238249][T16807] bridge_slave_1: left allmulticast mode [ 337.244517][T16807] bridge_slave_1: left promiscuous mode [ 337.250514][T16807] bridge0: port 2(bridge_slave_1) entered disabled state [ 337.266136][T16807] bond0: (slave bond_slave_0): Releasing backup interface [ 337.275895][T16807] bond0: (slave bond_slave_1): Releasing backup interface [ 337.285307][T16807] team0: Port device team_slave_0 removed [ 337.292273][T16807] team0: Port device team_slave_1 removed [ 337.298310][T16807] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 337.306216][T16807] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 337.315870][T16807] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 337.380263][T16811] ipt_REJECT: TCP_RESET invalid for non-tcp [ 338.398934][T16872] netlink: 'syz.3.3844': attribute type 2 has an invalid length. [ 339.012485][ T9] IPVS: starting estimator thread 0... [ 339.021907][T16905] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 339.102967][T16910] IPVS: using max 26 ests per chain, 62400 per kthread [ 339.120119][T16918] openvswitch: netlink: Key type 234 is out of range max 32 [ 339.135995][T16920] sock: sock_timestamping_bind_phc: sock not bind to device [ 339.146868][T16914] __nla_validate_parse: 6 callbacks suppressed [ 339.146884][T16914] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3858'. [ 339.288738][T16931] RDS: rds_bind could not find a transport for fe80::, load rds_tcp or rds_rdma? [ 339.317660][T16931] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3864'. [ 339.328021][T16931] team1 (uninitialized): Failed to send options change via netlink (err -105) [ 339.359288][T16931] team1: entered promiscuous mode [ 339.364650][T16931] team1: entered allmulticast mode [ 339.373732][T16931] netlink: 100 bytes leftover after parsing attributes in process `syz.4.3864'. [ 339.474282][T16942] netlink: 'syz.4.3868': attribute type 1 has an invalid length. [ 339.503287][T16949] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3870'. [ 339.677592][T16955] sctp: [Deprecated]: syz.4.3873 (pid 16955) Use of int in max_burst socket option. [ 339.677592][T16955] Use struct sctp_assoc_value instead [ 340.019597][T16985] netlink: 9 bytes leftover after parsing attributes in process `syz.0.3884'. [ 340.175755][T16998] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3889'. [ 340.328180][T17013] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3895'. [ 340.344177][T17013] netlink: 'syz.2.3895': attribute type 6 has an invalid length. [ 340.466234][T17020] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3898'. [ 340.569957][T17024] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3900'. [ 340.760599][T17037] netlink: 'syz.2.3906': attribute type 18 has an invalid length. [ 340.768790][T17037] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3906'. [ 340.786264][ T6071] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 340.786302][T17037] netlink: 'syz.2.3906': attribute type 18 has an invalid length. [ 340.796228][ T6071] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 340.821169][ T6071] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 340.843401][ T6071] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 341.536287][T17082] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 341.954303][ T61] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 341.967753][ T61] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 341.985546][ T61] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 342.001024][ T61] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 342.731944][T17155] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 343.307152][T17181] sctp: [Deprecated]: syz.2.3959 (pid 17181) Use of int in maxseg socket option. [ 343.307152][T17181] Use struct sctp_assoc_value instead [ 343.324184][T17181] sctp: [Deprecated]: syz.2.3959 (pid 17181) Use of int in maxseg socket option. [ 343.324184][T17181] Use struct sctp_assoc_value instead [ 343.338788][T17181] sctp: [Deprecated]: syz.2.3959 (pid 17181) Use of int in maxseg socket option. [ 343.338788][T17181] Use struct sctp_assoc_value instead [ 343.353921][T17181] sctp: [Deprecated]: syz.2.3959 (pid 17181) Use of int in maxseg socket option. [ 343.353921][T17181] Use struct sctp_assoc_value instead [ 343.368725][T17181] sctp: [Deprecated]: syz.2.3959 (pid 17181) Use of int in maxseg socket option. [ 343.368725][T17181] Use struct sctp_assoc_value instead [ 343.936991][T17208] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 343.973669][T17208] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 344.074321][T17212] bond2: (slave ip6_vti0): Device is not bonding slave [ 344.081274][T17212] bond2: option active_slave: invalid value (ip6_vti0) [ 344.090544][T17212] bond2 (unregistering): Released all slaves [ 344.186788][T17225] __nla_validate_parse: 13 callbacks suppressed [ 344.186806][T17225] netlink: 152 bytes leftover after parsing attributes in process `syz.0.3977'. [ 344.616139][T17258] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3989'. [ 344.636283][T17258] macsec1: entered promiscuous mode [ 344.641695][T17258] bridge0: entered promiscuous mode [ 344.652014][T17258] macsec1: entered allmulticast mode [ 344.664299][T17258] bridge0: entered allmulticast mode [ 344.678046][T17258] bridge0: port 1(macsec1) entered blocking state [ 344.686271][T17258] bridge0: port 1(macsec1) entered disabled state [ 344.795235][T17258] bridge0: left allmulticast mode [ 344.797386][T17264] FAULT_INJECTION: forcing a failure. [ 344.797386][T17264] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 344.800538][T17258] bridge0: left promiscuous mode [ 344.813588][T17264] CPU: 1 UID: 0 PID: 17264 Comm: syz.1.3990 Not tainted syzkaller #0 PREEMPT(full) [ 344.813614][T17264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 344.813625][T17264] Call Trace: [ 344.813633][T17264] [ 344.813642][T17264] dump_stack_lvl+0x189/0x250 [ 344.813668][T17264] ? __pfx____ratelimit+0x10/0x10 [ 344.813690][T17264] ? __pfx_dump_stack_lvl+0x10/0x10 [ 344.813711][T17264] ? __pfx__printk+0x10/0x10 [ 344.813728][T17264] ? __might_fault+0xb0/0x130 [ 344.813759][T17264] should_fail_ex+0x414/0x560 [ 344.813789][T17264] _copy_from_user+0x2d/0xb0 [ 344.813811][T17264] ___sys_recvmsg+0x12e/0x510 [ 344.813837][T17264] ? __pfx____sys_recvmsg+0x10/0x10 [ 344.813877][T17264] ? __fget_files+0x3a0/0x420 [ 344.813905][T17264] do_recvmmsg+0x307/0x770 [ 344.813940][T17264] ? __pfx_do_recvmmsg+0x10/0x10 [ 344.813971][T17264] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 344.814011][T17264] __x64_sys_recvmmsg+0x190/0x240 [ 344.814033][T17264] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 344.814056][T17264] ? do_syscall_64+0xbe/0xfa0 [ 344.814082][T17264] do_syscall_64+0xfa/0xfa0 [ 344.814103][T17264] ? lockdep_hardirqs_on+0x9c/0x150 [ 344.814124][T17264] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.814141][T17264] ? clear_bhb_loop+0x60/0xb0 [ 344.814161][T17264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.814177][T17264] RIP: 0033:0x7fee64f8f6c9 [ 344.814193][T17264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 344.814208][T17264] RSP: 002b:00007fee65df3038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 344.814227][T17264] RAX: ffffffffffffffda RBX: 00007fee651e6090 RCX: 00007fee64f8f6c9 [ 344.814241][T17264] RDX: 0000000000000001 RSI: 0000200000003e00 RDI: 0000000000000004 [ 344.814252][T17264] RBP: 00007fee65df3090 R08: 0000000000000000 R09: 0000000000000000 [ 344.814263][T17264] R10: 0000000040000000 R11: 0000000000000246 R12: 0000000000000001 [ 344.814274][T17264] R13: 00007fee651e6128 R14: 00007fee651e6090 R15: 00007fff0fcb17d8 [ 344.814304][T17264] [ 345.511398][T17297] wg2: entered promiscuous mode [ 345.521736][T17295] FAULT_INJECTION: forcing a failure. [ 345.521736][T17295] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 345.523077][T17295] [ 345.523086][T17295] ====================================================== [ 345.523094][T17295] WARNING: possible circular locking dependency detected [ 345.523106][T17295] syzkaller #0 Not tainted [ 345.523115][T17295] ------------------------------------------------------ [ 345.523121][T17295] syz.1.4003/17295 is trying to acquire lock: [ 345.523130][T17295] ffffffff8df315e0 (console_owner){-.-.}-{0:0}, at: console_flush_all+0x13a/0xb10 [ 345.523173][T17295] [ 345.523173][T17295] but task is already holding lock: [ 345.523180][T17295] ffff8880b883a058 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 345.523215][T17295] [ 345.523215][T17295] which lock already depends on the new lock. [ 345.523215][T17295] [ 345.523221][T17295] [ 345.523221][T17295] the existing dependency chain (in reverse order) is: [ 345.523227][T17295] [ 345.523227][T17295] -> #5 (&rq->__lock){-.-.}-{2:2}: [ 345.523247][T17295] lock_acquire+0x120/0x360 [ 345.523262][T17295] _raw_spin_lock_nested+0x32/0x50 [ 345.523281][T17295] raw_spin_rq_lock_nested+0x2a/0x140 [ 345.523296][T17295] task_rq_lock+0xbc/0x470 [ 345.523310][T17295] cgroup_move_task+0x92/0x2a0 [ 345.523327][T17295] css_set_move_task+0x658/0x9e0 [ 345.523346][T17295] cgroup_post_fork+0x1ef/0x790 [ 345.523364][T17295] copy_process+0x3862/0x3c00 [ 345.523381][T17295] kernel_clone+0x21e/0x840 [ 345.523397][T17295] user_mode_thread+0xdd/0x140 [ 345.523414][T17295] rest_init+0x23/0x300 [ 345.523428][T17295] start_kernel+0x3ae/0x410 [ 345.523443][T17295] x86_64_start_reservations+0x24/0x30 [ 345.523462][T17295] x86_64_start_kernel+0x143/0x1c0 [ 345.523479][T17295] common_startup_64+0x13e/0x147 [ 345.523499][T17295] [ 345.523499][T17295] -> #4 (&p->pi_lock){-.-.}-{2:2}: [ 345.523520][T17295] lock_acquire+0x120/0x360 [ 345.523534][T17295] _raw_spin_lock_irqsave+0xa7/0xf0 [ 345.523552][T17295] try_to_wake_up+0x67/0x12b0 [ 345.523570][T17295] create_worker+0x503/0x720 [ 345.523591][T17295] workqueue_init+0x3f0/0x6a0 [ 345.523610][T17295] kernel_init_freeable+0x302/0x4b0 [ 345.523625][T17295] kernel_init+0x1d/0x1d0 [ 345.523640][T17295] ret_from_fork+0x4bc/0x870 [ 345.523655][T17295] ret_from_fork_asm+0x1a/0x30 [ 345.523669][T17295] [ 345.523669][T17295] -> #3 (&pool->lock){-.-.}-{2:2}: [ 345.523691][T17295] lock_acquire+0x120/0x360 [ 345.523705][T17295] _raw_spin_lock+0x2e/0x40 [ 345.523722][T17295] __queue_work+0x809/0xfb0 [ 345.523739][T17295] queue_work_on+0x181/0x270 [ 345.523754][T17295] rpm_suspend+0xe54/0x1720 [ 345.523772][T17295] __pm_runtime_idle+0x12f/0x1a0 [ 345.523789][T17295] __device_attach+0x342/0x400 [ 345.523815][T17295] bus_probe_device+0x185/0x260 [ 345.523830][T17295] device_add+0x7b6/0xb50 [ 345.523846][T17295] serial_base_port_add+0x2e3/0x410 [ 345.523862][T17295] serial_core_register_port+0x369/0x2800 [ 345.523881][T17295] serial8250_register_8250_port+0x16db/0x2080 [ 345.523900][T17295] serial_pnp_probe+0x527/0x790 [ 345.523918][T17295] pnp_device_probe+0x30b/0x4c0 [ 345.523937][T17295] really_probe+0x26d/0x9e0 [ 345.523955][T17295] __driver_probe_device+0x18c/0x2f0 [ 345.523973][T17295] driver_probe_device+0x4f/0x430 [ 345.523992][T17295] __driver_attach+0x452/0x700 [ 345.524009][T17295] bus_for_each_dev+0x233/0x2b0 [ 345.524023][T17295] bus_add_driver+0x345/0x640 [ 345.524037][T17295] driver_register+0x23a/0x320 [ 345.524056][T17295] serial8250_init+0x8f/0x160 [ 345.524075][T17295] do_one_initcall+0x236/0x820 [ 345.524095][T17295] do_initcall_level+0x104/0x190 [ 345.524111][T17295] do_initcalls+0x59/0xa0 [ 345.524125][T17295] kernel_init_freeable+0x334/0x4b0 [ 345.524141][T17295] kernel_init+0x1d/0x1d0 [ 345.524156][T17295] ret_from_fork+0x4bc/0x870 [ 345.524170][T17295] ret_from_fork_asm+0x1a/0x30 [ 345.524184][T17295] [ 345.524184][T17295] -> #2 (&dev->power.lock){-.-.}-{3:3}: [ 345.524206][T17295] lock_acquire+0x120/0x360 [ 345.524220][T17295] _raw_spin_lock_irqsave+0xa7/0xf0 [ 345.524239][T17295] __pm_runtime_resume+0x10f/0x180 [ 345.524256][T17295] __uart_start+0x171/0x460 [ 345.524275][T17295] uart_write+0xdc/0x130 [ 345.524293][T17295] n_tty_write+0xd27/0x1200 [ 345.524308][T17295] file_tty_write+0x559/0xa20 [ 345.524327][T17295] vfs_write+0x5c9/0xb30 [ 345.524347][T17295] ksys_write+0x145/0x250 [ 345.524365][T17295] do_syscall_64+0xfa/0xfa0 [ 345.524386][T17295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.524401][T17295] [ 345.524401][T17295] -> #1 (&port_lock_key){-.-.}-{3:3}: [ 345.524424][T17295] lock_acquire+0x120/0x360 [ 345.524438][T17295] _raw_spin_lock_irqsave+0xa7/0xf0 [ 345.524456][T17295] serial8250_console_write+0x17e/0x1ba0 [ 345.524479][T17295] console_flush_all+0x6f3/0xb10 [ 345.524498][T17295] console_unlock+0xbb/0x190 [ 345.524515][T17295] vprintk_emit+0x4c5/0x590 [ 345.524531][T17295] _printk+0xcf/0x120 [ 345.524545][T17295] register_console+0xa8b/0xf90 [ 345.524565][T17295] univ8250_console_init+0x3a/0x70 [ 345.524584][T17295] console_init+0x10e/0x430 [ 345.524601][T17295] start_kernel+0x254/0x410 [ 345.524615][T17295] x86_64_start_reservations+0x24/0x30 [ 345.524635][T17295] x86_64_start_kernel+0x143/0x1c0 [ 345.524654][T17295] common_startup_64+0x13e/0x147 [ 345.524673][T17295] [ 345.524673][T17295] -> #0 (console_owner){-.-.}-{0:0}: [ 345.524695][T17295] validate_chain+0xb9b/0x2140 [ 345.524712][T17295] __lock_acquire+0xab9/0xd20 [ 345.524726][T17295] lock_acquire+0x120/0x360 [ 345.524740][T17295] console_flush_all+0x69c/0xb10 [ 345.524758][T17295] console_unlock+0xbb/0x190 [ 345.524775][T17295] vprintk_emit+0x4c5/0x590 [ 345.524797][T17295] _printk+0xcf/0x120 [ 345.524811][T17295] should_fail_ex+0x3f5/0x560 [ 345.524832][T17295] copy_to_user_nofault+0x89/0x160 [ 345.524849][T17295] bpf_prog_fd43079d21e8a408+0x41/0x49 [ 345.524862][T17295] bpf_trace_run4+0x28e/0x4a0 [ 345.524883][T17295] __bpf_trace_sched_switch+0x17a/0x1e0 [ 345.524903][T17295] __traceiter_sched_switch+0x9d/0xd0 [ 345.524924][T17295] __schedule+0x238f/0x4cc0 [ 345.524942][T17295] schedule+0x165/0x360 [ 345.524959][T17295] schedule_timeout+0x9a/0x270 [ 345.524975][T17295] __skb_wait_for_more_packets+0x39c/0x580 [ 345.524993][T17295] skb_recv_datagram+0x119/0x190 [ 345.525009][T17295] netlink_recvmsg+0x101/0xa30 [ 345.525023][T17295] sock_recvmsg+0x22c/0x270 [ 345.525042][T17295] ____sys_recvmsg+0x1c9/0x460 [ 345.525058][T17295] ___sys_recvmsg+0x1b5/0x510 [ 345.525074][T17295] do_recvmmsg+0x307/0x770 [ 345.525090][T17295] __x64_sys_recvmmsg+0x190/0x240 [ 345.525105][T17295] do_syscall_64+0xfa/0xfa0 [ 345.525124][T17295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.525139][T17295] [ 345.525139][T17295] other info that might help us debug this: [ 345.525139][T17295] [ 345.525146][T17295] Chain exists of: [ 345.525146][T17295] console_owner --> &p->pi_lock --> &rq->__lock [ 345.525146][T17295] [ 345.525173][T17295] Possible unsafe locking scenario: [ 345.525173][T17295] [ 345.525179][T17295] CPU0 CPU1 [ 345.525184][T17295] ---- ---- [ 345.525190][T17295] lock(&rq->__lock); [ 345.525201][T17295] lock(&p->pi_lock); [ 345.525214][T17295] lock(&rq->__lock); [ 345.525227][T17295] lock(console_owner); [ 345.525238][T17295] [ 345.525238][T17295] *** DEADLOCK *** [ 345.525238][T17295] [ 345.525243][T17295] 4 locks held by syz.1.4003/17295: [ 345.525253][T17295] #0: ffff8880b883a058 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 345.525288][T17295] #1: ffffffff8df3d660 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x19c/0x4a0 [ 345.525329][T17295] #2: ffffffff8df31640 (console_lock){+.+.}-{0:0}, at: _printk+0xcf/0x120 [ 345.525365][T17295] #3: ffffffff8de18f10 (console_srcu){....}-{0:0}, at: console_flush_all+0x13a/0xb10 [ 345.525407][T17295] [ 345.525407][T17295] stack backtrace: [ 345.525416][T17295] CPU: 0 UID: 0 PID: 17295 Comm: syz.1.4003 Not tainted syzkaller #0 PREEMPT(full) [ 345.525435][T17295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 345.525446][T17295] Call Trace: [ 345.525453][T17295] [ 345.525461][T17295] dump_stack_lvl+0x189/0x250 [ 345.525483][T17295] ? __pfx_dump_stack_lvl+0x10/0x10 [ 345.525504][T17295] ? __pfx__printk+0x10/0x10 [ 345.525522][T17295] ? print_lock_name+0xde/0x100 [ 345.525539][T17295] print_circular_bug+0x2ee/0x310 [ 345.525561][T17295] check_noncircular+0x134/0x160 [ 345.525584][T17295] validate_chain+0xb9b/0x2140 [ 345.525612][T17295] __lock_acquire+0xab9/0xd20 [ 345.525631][T17295] ? console_flush_all+0x13a/0xb10 [ 345.525650][T17295] lock_acquire+0x120/0x360 [ 345.525665][T17295] ? console_flush_all+0x13a/0xb10 [ 345.525689][T17295] ? do_raw_spin_unlock+0x122/0x240 [ 345.525710][T17295] ? console_flush_all+0x13a/0xb10 [ 345.525730][T17295] console_flush_all+0x69c/0xb10 [ 345.525750][T17295] ? console_flush_all+0x13a/0xb10 [ 345.525772][T17295] ? console_flush_all+0x13a/0xb10 [ 345.525802][T17295] ? __pfx_console_flush_all+0x10/0x10 [ 345.525827][T17295] ? is_printk_cpu_sync_owner+0x32/0x40 [ 345.525852][T17295] console_unlock+0xbb/0x190 [ 345.525870][T17295] ? __pfx___down_trylock_console_sem+0x10/0x10 [ 345.525892][T17295] ? __pfx_console_unlock+0x10/0x10 [ 345.525915][T17295] vprintk_emit+0x4c5/0x590 [ 345.525935][T17295] ? __pfx_vprintk_emit+0x10/0x10 [ 345.525962][T17295] _printk+0xcf/0x120 [ 345.525977][T17295] ? __pfx____ratelimit+0x10/0x10 [ 345.525998][T17295] ? __pfx__printk+0x10/0x10 [ 345.526018][T17295] should_fail_ex+0x3f5/0x560 [ 345.526042][T17295] copy_to_user_nofault+0x89/0x160 [ 345.526061][T17295] bpf_prog_fd43079d21e8a408+0x41/0x49 [ 345.526076][T17295] bpf_trace_run4+0x28e/0x4a0 [ 345.526099][T17295] ? bpf_trace_run4+0x19c/0x4a0 [ 345.526122][T17295] ? __pfx_bpf_trace_run4+0x10/0x10 [ 345.526146][T17295] ? trace_pelt_se_tp+0x39/0x130 [ 345.526167][T17295] ? __bpf_trace_sched_switch+0x15f/0x1e0 [ 345.526186][T17295] __bpf_trace_sched_switch+0x17a/0x1e0 [ 345.526208][T17295] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 345.526227][T17295] ? psi_group_change+0xab8/0x1050 [ 345.526245][T17295] ? __schedule+0x22e9/0x4cc0 [ 345.526264][T17295] ? tracing_record_taskinfo_sched_switch+0x7d/0x370 [ 345.526287][T17295] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 345.526306][T17295] __traceiter_sched_switch+0x9d/0xd0 [ 345.526326][T17295] __schedule+0x238f/0x4cc0 [ 345.526352][T17295] ? __lock_acquire+0xab9/0xd20 [ 345.526367][T17295] ? __pfx___schedule+0x10/0x10 [ 345.526390][T17295] ? schedule+0x91/0x360 [ 345.526410][T17295] schedule+0x165/0x360 [ 345.526417][T17297] wg2: entered allmulticast mode [ 345.526429][T17295] schedule_timeout+0x9a/0x270 [ 345.526444][T17295] ? __pfx_schedule_timeout+0x10/0x10 [ 345.526459][T17295] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 345.526476][T17295] ? prepare_to_wait_exclusive+0x8d/0x240 [ 345.526495][T17295] __skb_wait_for_more_packets+0x39c/0x580 [ 345.526512][T17295] ? __pfx___skb_wait_for_more_packets+0x10/0x10 [ 345.526526][T17295] ? __pfx_receiver_wake_function+0x10/0x10 [ 345.526541][T17295] ? __pfx_sk_busy_loop_end+0x10/0x10 [ 345.526560][T17295] skb_recv_datagram+0x119/0x190 [ 345.526577][T17295] netlink_recvmsg+0x101/0xa30 [ 345.526589][T17295] ? aa_sk_perm+0x81e/0x950 [ 345.526607][T17295] ? __pfx_netlink_recvmsg+0x10/0x10 [ 345.526618][T17295] ? __lock_acquire+0xab9/0xd20 [ 345.526631][T17295] ? aa_sock_msg_perm+0xf1/0x1d0 [ 345.526650][T17295] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 345.526662][T17295] ? security_socket_recvmsg+0x7e/0x2e0 [ 345.526675][T17295] ? __pfx_netlink_recvmsg+0x10/0x10 [ 345.526687][T17295] sock_recvmsg+0x22c/0x270 [ 345.526704][T17295] ____sys_recvmsg+0x1c9/0x460 [ 345.526719][T17295] ? __pfx_____sys_recvmsg+0x10/0x10 [ 345.526737][T17295] ? import_iovec+0x74/0xa0 [ 345.526753][T17295] ___sys_recvmsg+0x1b5/0x510 [ 345.526768][T17295] ? __pfx____sys_recvmsg+0x10/0x10 [ 345.526789][T17295] ? __fget_files+0x3a0/0x420 [ 345.526811][T17295] do_recvmmsg+0x307/0x770 [ 345.526827][T17295] ? __pfx_do_recvmmsg+0x10/0x10 [ 345.526844][T17295] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 345.526867][T17295] __x64_sys_recvmmsg+0x190/0x240 [ 345.526881][T17295] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 345.526896][T17295] ? do_syscall_64+0xbe/0xfa0 [ 345.526914][T17295] do_syscall_64+0xfa/0xfa0 [ 345.526930][T17295] ? lockdep_hardirqs_on+0x9c/0x150 [ 345.526946][T17295] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.526958][T17295] ? clear_bhb_loop+0x60/0xb0 [ 345.526972][T17295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.526985][T17295] RIP: 0033:0x7fee64f8f6c9 [ 345.526996][T17295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 345.527007][T17295] RSP: 002b:00007fee65df3038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 345.527021][T17295] RAX: ffffffffffffffda RBX: 00007fee651e6090 RCX: 00007fee64f8f6c9 [ 345.527031][T17295] RDX: 0000000000000001 RSI: 0000200000003e00 RDI: 0000000000000004 [ 345.527040][T17295] RBP: 00007fee65df3090 R08: 0000000000000000 R09: 0000000000000000 [ 345.527050][T17295] R10: 0000000040000000 R11: 0000000000000246 R12: 0000000000000001 [ 345.527059][T17295] R13: 00007fee651e6128 R14: 00007fee651e6090 R15: 00007fff0fcb17d8 [ 345.527074][T17295] [ 345.540693][T17295] CPU: 0 UID: 0 PID: 17295 Comm: syz.1.4003 Not tainted syzkaller #0 PREEMPT(full) [ 345.540713][T17295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 345.540723][T17295] Call Trace: [ 345.540730][T17295] [ 345.540737][T17295] dump_stack_lvl+0x189/0x250 [ 345.540761][T17295] ? __pfx____ratelimit+0x10/0x10 [ 345.540781][T17295] ? __pfx_dump_stack_lvl+0x10/0x10 [ 345.540806][T17295] ? __pfx__printk+0x10/0x10 [ 345.540825][T17295] should_fail_ex+0x414/0x560 [ 345.540850][T17295] copy_to_user_nofault+0x89/0x160 [ 345.540871][T17295] bpf_prog_fd43079d21e8a408+0x41/0x49 [ 345.540886][T17295] bpf_trace_run4+0x28e/0x4a0 [ 345.540911][T17295] ? bpf_trace_run4+0x19c/0x4a0 [ 345.540933][T17295] ? __pfx_bpf_trace_run4+0x10/0x10 [ 345.540956][T17295] ? trace_pelt_se_tp+0x39/0x130 [ 345.540977][T17295] ? __bpf_trace_sched_switch+0x15f/0x1e0 [ 345.541001][T17295] __bpf_trace_sched_switch+0x17a/0x1e0 [ 345.541023][T17295] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 345.541044][T17295] ? psi_group_change+0xab8/0x1050 [ 345.541066][T17295] ? __schedule+0x22e9/0x4cc0 [ 345.541087][T17295] ? tracing_record_taskinfo_sched_switch+0x7d/0x370 [ 345.541110][T17295] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 345.541131][T17295] __traceiter_sched_switch+0x9d/0xd0 [ 345.541155][T17295] __schedule+0x238f/0x4cc0 [ 345.541183][T17295] ? __lock_acquire+0xab9/0xd20 [ 345.541198][T17295] ? __pfx___schedule+0x10/0x10 [ 345.541224][T17295] ? schedule+0x91/0x360 [ 345.541244][T17295] schedule+0x165/0x360 [ 345.541265][T17295] schedule_timeout+0x9a/0x270 [ 345.541283][T17295] ? __pfx_schedule_timeout+0x10/0x10 [ 345.541302][T17295] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 345.541323][T17295] ? prepare_to_wait_exclusive+0x8d/0x240 [ 345.541348][T17295] __skb_wait_for_more_packets+0x39c/0x580 [ 345.541371][T17295] ? __pfx___skb_wait_for_more_packets+0x10/0x10 [ 345.541390][T17295] ? __pfx_receiver_wake_function+0x10/0x10 [ 345.541408][T17295] ? __pfx_sk_busy_loop_end+0x10/0x10 [ 345.541434][T17295] skb_recv_datagram+0x119/0x190 [ 345.541455][T17295] netlink_recvmsg+0x101/0xa30 [ 345.541472][T17295] ? aa_sk_perm+0x81e/0x950 [ 345.541495][T17295] ? __pfx_netlink_recvmsg+0x10/0x10 [ 345.541509][T17295] ? __lock_acquire+0xab9/0xd20 [ 345.541527][T17295] ? aa_sock_msg_perm+0xf1/0x1d0 [ 345.541549][T17295] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 345.541565][T17295] ? security_socket_recvmsg+0x7e/0x2e0 [ 345.541582][T17295] ? __pfx_netlink_recvmsg+0x10/0x10 [ 345.541598][T17295] sock_recvmsg+0x22c/0x270 [ 345.541620][T17295] ____sys_recvmsg+0x1c9/0x460 [ 345.541641][T17295] ? __pfx_____sys_recvmsg+0x10/0x10 [ 345.541665][T17295] ? import_iovec+0x74/0xa0 [ 345.541686][T17295] ___sys_recvmsg+0x1b5/0x510 [ 345.541705][T17295] ? __pfx____sys_recvmsg+0x10/0x10 [ 345.541733][T17295] ? __fget_files+0x3a0/0x420 [ 345.541753][T17295] do_recvmmsg+0x307/0x770 [ 345.541774][T17295] ? __pfx_do_recvmmsg+0x10/0x10 [ 345.541801][T17295] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 345.541831][T17295] __x64_sys_recvmmsg+0x190/0x240 [ 345.541855][T17295] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 345.541874][T17295] ? do_syscall_64+0xbe/0xfa0 [ 345.541897][T17295] do_syscall_64+0xfa/0xfa0 [ 345.541918][T17295] ? lockdep_hardirqs_on+0x9c/0x150 [ 345.541938][T17295] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.541955][T17295] ? clear_bhb_loop+0x60/0xb0 [ 345.541973][T17295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.541989][T17295] RIP: 0033:0x7fee64f8f6c9 [ 345.542003][T17295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 345.542017][T17295] RSP: 002b:00007fee65df3038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 345.542035][T17295] RAX: ffffffffffffffda RBX: 00007fee651e6090 RCX: 00007fee64f8f6c9 [ 345.542048][T17295] RDX: 0000000000000001 RSI: 0000200000003e00 RDI: 0000000000000004 [ 345.542059][T17295] RBP: 00007fee65df3090 R08: 0000000000000000 R09: 0000000000000000 [ 345.542070][T17295] R10: 0000000040000000 R11: 0000000000000246 R12: 0000000000000001 [ 345.542082][T17295] R13: 00007fee651e6128 R14: 00007fee651e6090 R15: 00007fff0fcb17d8 [ 345.542101][T17295]