last executing test programs: 1m26.519450966s ago: executing program 3 (id=295): r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000002640)=""/4096, 0x1000}, {&(0x7f0000000600)=""/235, 0xeb}, {&(0x7f0000000540)=""/167, 0xa7}], 0x3}, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="364000002600913e"], 0xfe33) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000000)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000100)={0x1c, r2, 0x1, 0xfffffff9, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8084}, 0x0) r4 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) bind$inet(r4, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) recvmmsg(r4, &(0x7f0000001280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000cc0)=""/48, 0x30}, 0x85ae}], 0x1, 0x60010022, 0x0) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@ipv6_newroute={0x3c, 0x19, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0xfd, 0x4, 0x0, 0xb}, [@RTA_PREF={0x5, 0x14, 0xc3}, @RTA_ENCAP={0x18, 0x16, 0x0, 0x1, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x1, {0x38, 0x0, 0x4, 0x0, 0x5, 0x40, 0x74}}}}}]}, 0x3c}}, 0x48800) sendmsg$NFC_CMD_GET_TARGET(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r7, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r6) r9 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r6) sendmsg$NBD_CMD_RECONFIGURE(r5, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000000600000008000100030000000c000d"], 0x28}}, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x24, r9, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8}}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x20004858) 1m25.639414542s ago: executing program 1 (id=24): r0 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00'}) syz_emit_ethernet(0x3a, &(0x7f0000000180)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x90, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e21, 0x18, 0x0, @wg=@data}}}}}, 0x0) 1m11.082975023s ago: executing program 3 (id=295): r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000002640)=""/4096, 0x1000}, {&(0x7f0000000600)=""/235, 0xeb}, {&(0x7f0000000540)=""/167, 0xa7}], 0x3}, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="364000002600913e"], 0xfe33) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000000)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000100)={0x1c, r2, 0x1, 0xfffffff9, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8084}, 0x0) r4 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) bind$inet(r4, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) recvmmsg(r4, &(0x7f0000001280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000cc0)=""/48, 0x30}, 0x85ae}], 0x1, 0x60010022, 0x0) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@ipv6_newroute={0x3c, 0x19, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0xfd, 0x4, 0x0, 0xb}, [@RTA_PREF={0x5, 0x14, 0xc3}, @RTA_ENCAP={0x18, 0x16, 0x0, 0x1, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x1, {0x38, 0x0, 0x4, 0x0, 0x5, 0x40, 0x74}}}}}]}, 0x3c}}, 0x48800) sendmsg$NFC_CMD_GET_TARGET(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r7, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r6) r9 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r6) sendmsg$NBD_CMD_RECONFIGURE(r5, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000000600000008000100030000000c000d"], 0x28}}, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x24, r9, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8}}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x20004858) 1m10.016033377s ago: executing program 1 (id=24): r0 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00'}) syz_emit_ethernet(0x3a, &(0x7f0000000180)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x90, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e21, 0x18, 0x0, @wg=@data}}}}}, 0x0) 56.107208108s ago: executing program 3 (id=295): r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000002640)=""/4096, 0x1000}, {&(0x7f0000000600)=""/235, 0xeb}, {&(0x7f0000000540)=""/167, 0xa7}], 0x3}, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="364000002600913e"], 0xfe33) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000000)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000100)={0x1c, r2, 0x1, 0xfffffff9, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8084}, 0x0) r4 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) bind$inet(r4, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) recvmmsg(r4, &(0x7f0000001280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000cc0)=""/48, 0x30}, 0x85ae}], 0x1, 0x60010022, 0x0) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@ipv6_newroute={0x3c, 0x19, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0xfd, 0x4, 0x0, 0xb}, [@RTA_PREF={0x5, 0x14, 0xc3}, @RTA_ENCAP={0x18, 0x16, 0x0, 0x1, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x1, {0x38, 0x0, 0x4, 0x0, 0x5, 0x40, 0x74}}}}}]}, 0x3c}}, 0x48800) sendmsg$NFC_CMD_GET_TARGET(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r7, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r6) r9 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r6) sendmsg$NBD_CMD_RECONFIGURE(r5, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000000600000008000100030000000c000d"], 0x28}}, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x24, r9, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8}}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x20004858) 54.444887139s ago: executing program 1 (id=24): r0 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00'}) syz_emit_ethernet(0x3a, &(0x7f0000000180)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x90, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e21, 0x18, 0x0, @wg=@data}}}}}, 0x0) 36.698480995s ago: executing program 3 (id=295): r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000002640)=""/4096, 0x1000}, {&(0x7f0000000600)=""/235, 0xeb}, {&(0x7f0000000540)=""/167, 0xa7}], 0x3}, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="364000002600913e"], 0xfe33) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000000)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000100)={0x1c, r2, 0x1, 0xfffffff9, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8084}, 0x0) r4 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) bind$inet(r4, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) recvmmsg(r4, &(0x7f0000001280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000cc0)=""/48, 0x30}, 0x85ae}], 0x1, 0x60010022, 0x0) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@ipv6_newroute={0x3c, 0x19, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0xfd, 0x4, 0x0, 0xb}, [@RTA_PREF={0x5, 0x14, 0xc3}, @RTA_ENCAP={0x18, 0x16, 0x0, 0x1, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x1, {0x38, 0x0, 0x4, 0x0, 0x5, 0x40, 0x74}}}}}]}, 0x3c}}, 0x48800) sendmsg$NFC_CMD_GET_TARGET(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r7, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r6) r9 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r6) sendmsg$NBD_CMD_RECONFIGURE(r5, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000000600000008000100030000000c000d"], 0x28}}, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x24, r9, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8}}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x20004858) 34.92953832s ago: executing program 1 (id=24): r0 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00'}) syz_emit_ethernet(0x3a, &(0x7f0000000180)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x90, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e21, 0x18, 0x0, @wg=@data}}}}}, 0x0) 18.941846418s ago: executing program 3 (id=295): r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000002640)=""/4096, 0x1000}, {&(0x7f0000000600)=""/235, 0xeb}, {&(0x7f0000000540)=""/167, 0xa7}], 0x3}, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="364000002600913e"], 0xfe33) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000000)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000100)={0x1c, r2, 0x1, 0xfffffff9, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8084}, 0x0) r4 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) bind$inet(r4, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) recvmmsg(r4, &(0x7f0000001280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000cc0)=""/48, 0x30}, 0x85ae}], 0x1, 0x60010022, 0x0) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@ipv6_newroute={0x3c, 0x19, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0xfd, 0x4, 0x0, 0xb}, [@RTA_PREF={0x5, 0x14, 0xc3}, @RTA_ENCAP={0x18, 0x16, 0x0, 0x1, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x1, {0x38, 0x0, 0x4, 0x0, 0x5, 0x40, 0x74}}}}}]}, 0x3c}}, 0x48800) sendmsg$NFC_CMD_GET_TARGET(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r7, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r6) r9 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r6) sendmsg$NBD_CMD_RECONFIGURE(r5, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000000600000008000100030000000c000d"], 0x28}}, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x24, r9, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8}}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x20004858) 17.620434475s ago: executing program 1 (id=24): r0 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00'}) syz_emit_ethernet(0x3a, &(0x7f0000000180)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x90, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e21, 0x18, 0x0, @wg=@data}}}}}, 0x0) 5.101964222s ago: executing program 4 (id=989): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0x58) syz_open_procfs$namespace(0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r2}, 0x10) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000000)=ANY=[@ANYBLOB="f000000010000100"/31, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ac1414bb000000000000000000000000000000006c"], 0xf0}}, 0x0) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000140)) pwritev(r3, &(0x7f0000000040)=[{&(0x7f0000000180)="80fd02000040", 0x42}], 0x2, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000008dc0)={0x0, 0x0, &(0x7f0000008cc0)=[{&(0x7f0000008a40)="7c72bf03f7", 0x5}], 0x1}, 0x0) 4.690466815s ago: executing program 4 (id=992): socket$phonet(0x23, 0x2, 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f0000000300)=[{&(0x7f0000000100)="580000001400192340834b80040d8c560aff820fffff5bab003a0000002058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300ff31183e6bf5dd00000010000100040c100000000000224e0000", 0x5c}], 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=@newneigh={0x30, 0x1c, 0x401, 0x0, 0x0, {0x2, 0x0, 0x0, r3, 0x0, 0x14}, [@NDA_DST_MAC={0xa, 0x1, @link_local}, @NDA_FLAGS_EXT={0x8, 0xf, 0x1}]}, 0x30}}, 0x0) r5 = socket(0x8000000010, 0x2, 0x0) r6 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r6, 0x29, 0xcc, 0x0, 0x0) write(r5, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xe315}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvtap={{0xc}, {0x4}}}, @IFLA_MASTER={0x8}]}, 0x3c}}, 0x0) 4.426181614s ago: executing program 4 (id=994): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r1 = socket$alg(0x26, 0x5, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) sendmsg$inet6(r2, &(0x7f0000000000)={&(0x7f0000000040)={0xa, 0x4e24, 0x1000000080000, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x900}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002\x00\x00\x00', @ANYRESHEX], 0x28}, 0x8840) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx2\x00'}, 0x58) (async) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) accept4(r1, 0x0, 0x0, 0x80800) (async) r3 = accept4(r1, 0x0, 0x0, 0x80800) sendmmsg$alg(r3, &(0x7f0000001200)=[{0x0, 0x0, &(0x7f00000025c0)=[{&(0x7f0000001300)="65a35cc698d2cc9024a77994ccf0b1d7115dad4e494902d5c6c6b4f67d9cc0bac884c61c551cfd976da546197f130d224204f771c1bff157feef43f67c8b7e89d326f7f4deeade2dc01223c4ea65a3983ba5260ee91cf318fb861a8f40ecc7a681938774e45f998eca9d5533cdda4b76c4cd6e400f3c87daf346f59629eb661e91fc2a8f854be2cb1f2b8ed41dfd27949309e64ec164935f74c8e6a1219c3b9e16fb7a00619600000000000000", 0xad}, {&(0x7f00000013c0)="0fb606991534190a4a98ecfe4bf49b16492eb357ec9144c864f135f68160420477a01ca295e951419f943a359a37e95cf06b26679460bc9c7e16764edf6c1ef9182dcd00f1a36f1aa78bcb85a6b86b46868f8e36a634b437ef6180a97c2da121476abae119c2aafa4d", 0x69}, {&(0x7f00000024c0)="9eb5351d117970a3038b0acd91e1336179d3be4db67e20466c73db225785c624ce0a279f07d73f992aaeb5fceb5e3a6d4c007abbbed673f65ea2c486bd8d8c9c5f235ecd031414d986d2a29a6faa426c945f1351b2bd8d5d10ad", 0x5a}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4008800}], 0x1, 0x4040800) (async) sendmmsg$alg(r3, &(0x7f0000001200)=[{0x0, 0x0, &(0x7f00000025c0)=[{&(0x7f0000001300)="65a35cc698d2cc9024a77994ccf0b1d7115dad4e494902d5c6c6b4f67d9cc0bac884c61c551cfd976da546197f130d224204f771c1bff157feef43f67c8b7e89d326f7f4deeade2dc01223c4ea65a3983ba5260ee91cf318fb861a8f40ecc7a681938774e45f998eca9d5533cdda4b76c4cd6e400f3c87daf346f59629eb661e91fc2a8f854be2cb1f2b8ed41dfd27949309e64ec164935f74c8e6a1219c3b9e16fb7a00619600000000000000", 0xad}, {&(0x7f00000013c0)="0fb606991534190a4a98ecfe4bf49b16492eb357ec9144c864f135f68160420477a01ca295e951419f943a359a37e95cf06b26679460bc9c7e16764edf6c1ef9182dcd00f1a36f1aa78bcb85a6b86b46868f8e36a634b437ef6180a97c2da121476abae119c2aafa4d", 0x69}, {&(0x7f00000024c0)="9eb5351d117970a3038b0acd91e1336179d3be4db67e20466c73db225785c624ce0a279f07d73f992aaeb5fceb5e3a6d4c007abbbed673f65ea2c486bd8d8c9c5f235ecd031414d986d2a29a6faa426c945f1351b2bd8d5d10ad", 0x5a}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x4008800}], 0x1, 0x4040800) recvmsg$can_j1939(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000a80)=[{&(0x7f0000000600)=""/213, 0xd5}], 0x1}, 0x21) (async) recvmsg$can_j1939(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000a80)=[{&(0x7f0000000600)=""/213, 0xd5}], 0x1}, 0x21) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000200)={r0, 0x2000000, 0x1c, 0x0, &(0x7f0000000040)="ffff1fc42f5a0092733b80c677834f51e16e5dc756434150a4c87949", 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@updsa={0x14c, 0x1a, 0x1, 0x0, 0x0, {{@in=@loopback, @in6=@empty}, {@in=@local, 0x0, 0x33}, @in6=@rand_addr=' \x01\x00', {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x5c, 0x14, {{'xcbc(aes)\x00'}, 0x80, 0x0, "97a2c2df58bf2babea45840d4da5d432"}}]}, 0x14c}}, 0x0) (async) sendmsg$nl_xfrm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@updsa={0x14c, 0x1a, 0x1, 0x0, 0x0, {{@in=@loopback, @in6=@empty}, {@in=@local, 0x0, 0x33}, @in6=@rand_addr=' \x01\x00', {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x5c, 0x14, {{'xcbc(aes)\x00'}, 0x80, 0x0, "97a2c2df58bf2babea45840d4da5d432"}}]}, 0x14c}}, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0xffffffffffffffff}, 0x67) (async) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0xffffffffffffffff}, 0x67) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r6, &(0x7f0000000000), 0x6) write$bt_hci(r6, &(0x7f0000000040)=ANY=[], 0x6) sendmsg$netlink(r4, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="140100003b000103000000000000000001"], 0x114}], 0x1}, 0x0) 4.266978042s ago: executing program 4 (id=996): syz_open_procfs$namespace(0x0, &(0x7f0000000240)='ns/user\x00') mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='notify_on_release\x00', 0x2, 0x0) sendfile(r1, r1, 0x0, 0x100000000) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close(0x3) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000200)={0xffffffffffffffff}, 0x4) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0xc, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES64=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x9, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0xa, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) r5 = socket(0x40000000015, 0x5, 0x0) r6 = socket$inet(0xa, 0x801, 0x84) connect$inet(r6, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r6, 0x8) r7 = socket$kcm(0x11, 0x200000000000002, 0x300) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x10, &(0x7f0000000300)=ANY=[@ANYBLOB="18050000000000000000000000000000b70800000000232a1450ec10dc75e7f6edca9dde5500007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000", @ANYRES32=r8, @ANYBLOB="0000000000000000b70400000800000085000000950000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$sock_attach_bpf(r7, 0x1, 0x32, &(0x7f0000000600)=r9, 0x4) socket$kcm(0x10, 0x2, 0x10) r10 = accept4(r6, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r10, 0x84, 0x7c, &(0x7f0000000180)={0x0, 0x6, 0x7a}, 0x8) getsockopt$sock_buf(r5, 0x1, 0x37, 0x0, &(0x7f0000000040)) socket$nl_route(0x10, 0x3, 0x0) r11 = socket$kcm(0x10, 0x7, 0x0) sendmsg$inet(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703340000001f00000000000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) 4.132260632s ago: executing program 2 (id=998): socket$key(0xf, 0x3, 0x2) pselect6(0x40, &(0x7f0000000180)={0x7ff, 0x81, 0x3, 0x4, 0x100000001, 0x4, 0xffffffff, 0x1}, &(0x7f0000000200)={0x0, 0x0, 0x1, 0x2, 0x8, 0x0, 0x5, 0x5d9e}, &(0x7f0000000240)={0xfffffffffffffff9, 0x63cc, 0x6, 0x9, 0x0, 0x8000000000000000, 0x4, 0x3efc000}, &(0x7f0000000440)={0x0, 0x3938700}, &(0x7f0000000400)={&(0x7f0000000380)={[0x6]}, 0x8}) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-generic\x00'}, 0x58) r1 = socket(0x2b, 0x80801, 0x1) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x10000, @empty}, 0x1c) ioctl$sock_inet6_udp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000100)) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000000000000000000000b00ca0a0c00038008000700", @ANYRES32=0x0, @ANYBLOB], 0x20}}, 0x0) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="140100001e000504000000000000000004"], 0x114}], 0x1}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)) socket$nl_generic(0x10, 0x3, 0x10) accept4(r0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000730109000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r3, &(0x7f0000000000), &(0x7f0000000040)=""/66}, 0x20) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r5, 0x1, 0x10, &(0x7f0000000100)=0xffff, 0x4) writev(r4, &(0x7f0000000cc0)=[{&(0x7f0000000780)="1e5e7b", 0x3}], 0x1) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1400000016001d0a"], 0x14}}, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000240), r6) socket$kcm(0xa, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x4, &(0x7f00000001c0)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffeffff, @void, @value}, 0x94) socket$kcm(0x11, 0x200000000000002, 0x300) r7 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) socket$nl_generic(0x10, 0x3, 0x10) 4.021977827s ago: executing program 0 (id=999): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xc00}, 0x48) recvmmsg(r0, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000002cc0)=[{&(0x7f00000017c0)=""/130, 0x82}], 0x1}, 0xa1}], 0x2, 0x0, 0x0) 3.504209512s ago: executing program 2 (id=1000): r0 = socket(0x10, 0x80003, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000000000000000000100000e00"}}}]}, 0x48}}, 0x0) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(0xffffffffffffffff, 0x0, 0x80080c0) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000800)={0x14, 0x0, 0x1}, 0x14}}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[], 0x78}}, 0x0) (fail_nth: 9) 3.372133514s ago: executing program 0 (id=1001): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0x41, 0x3, 0x258, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x1c0, 0x1f0, 0x1f0, 0x1c0, 0x1f0, 0x3, 0x0, {[{{@ip={@local, @loopback, 0x0, 0x0, 'wlan1\x00', 'wg1\x00'}, 0x0, 0xd0, 0xf0, 0x0, {0x0, 0xffffffffa0028000}, [@common=@unspec=@connbytes={{0x38}, {[], 0x0, 0x3}}, @inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2b8) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_PROBE_CLIENT(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)={0x28, r2, 0x1, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MAC={0xa}]}, 0x28}, 0x1, 0x0, 0x0, 0x4001}, 0x4008800) 3.091348953s ago: executing program 2 (id=1002): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0x58) syz_open_procfs$namespace(0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r2}, 0x10) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000000)=ANY=[@ANYBLOB="f000000010000100"/31, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ac1414bb000000000000000000000000000000006c"], 0xf0}}, 0x0) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000140)) pwritev(r3, &(0x7f0000000040)=[{&(0x7f0000000180)="80fd02000040", 0x42}], 0x2, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000008dc0)={0x0, 0x0, &(0x7f0000008cc0)=[{&(0x7f0000008a40)="7c72bf03f7", 0x5}], 0x1}, 0x0) 3.018446165s ago: executing program 4 (id=1003): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000380)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x2}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose, 0xffffffff}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48) listen(r0, 0x1ad72f7) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r2, 0x29, 0x2, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r4) sendmsg$BATADV_CMD_GET_NEIGHBORS(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="31032fbd7400020000ff070000000800", @ANYRES32], 0x1c}, 0x1, 0x0, 0x0, 0x8814}, 0x884) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r6, 0x0) r7 = socket$inet(0xa, 0x801, 0x84) connect$inet(r7, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r7, 0xfffffffd) ioctl$int_in(r7, 0x5452, &(0x7f0000000340)=0xf) r8 = accept4(r7, 0x0, 0x0, 0x0) recvmmsg(r8, &(0x7f0000001000), 0x581, 0x40000000, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r8, 0x84, 0xb, &(0x7f00000002c0)={0x3, 0x1, 0x2, 0xff, 0xa4, 0x0, 0x1, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2, 0x20}, 0xe) accept(r3, 0x0, 0x0) close(0x4) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="740000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b030040000000004c0012800b00010067656e65766500003c0002800800050001000000140007000000000000000005000000000000000108000f"], 0x74}}, 0x0) 2.90944938s ago: executing program 0 (id=1004): socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/uts\x00') syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) socket$packet(0x11, 0x3, 0x300) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x840000000002, 0x3, 0x100) connect$inet(r0, &(0x7f00000005c0)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff97}, 0xfffffdef}], 0x4000095, 0x0) 2.606239741s ago: executing program 3 (id=295): r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000002640)=""/4096, 0x1000}, {&(0x7f0000000600)=""/235, 0xeb}, {&(0x7f0000000540)=""/167, 0xa7}], 0x3}, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="364000002600913e"], 0xfe33) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000000)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000100)={0x1c, r2, 0x1, 0xfffffff9, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8084}, 0x0) r4 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) bind$inet(r4, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) recvmmsg(r4, &(0x7f0000001280)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000cc0)=""/48, 0x30}, 0x85ae}], 0x1, 0x60010022, 0x0) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r6) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@ipv6_newroute={0x3c, 0x19, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0xfd, 0x4, 0x0, 0xb}, [@RTA_PREF={0x5, 0x14, 0xc3}, @RTA_ENCAP={0x18, 0x16, 0x0, 0x1, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x1, {0x38, 0x0, 0x4, 0x0, 0x5, 0x40, 0x74}}}}}]}, 0x3c}}, 0x48800) sendmsg$NFC_CMD_GET_TARGET(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r7, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r6) r9 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r6) sendmsg$NBD_CMD_RECONFIGURE(r5, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000000000000600000008000100030000000c000d"], 0x28}}, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x24, r9, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8}}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x20004858) 2.53609211s ago: executing program 2 (id=1005): mmap(&(0x7f0000b6f000/0x1000)=nil, 0x1000, 0x0, 0x810, 0xffffffffffffffff, 0xffffd080) r0 = accept4$netrom(0xffffffffffffffff, &(0x7f0000000180)={{0x3, @bcast}, [@remote, @rose, @bcast, @bcast, @netrom, @remote, @rose, @default]}, &(0x7f0000000300)=0x48, 0x0) getsockopt$netrom_NETROM_T1(r0, 0x103, 0x1, &(0x7f00000003c0), &(0x7f0000000400)=0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffcfc, {0x0, 0x0, 0x0, r2, {0x7}, {0xffff, 0xffff}, {0xc, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0xb, &(0x7f0000000000)=0x2, 0x4) r4 = openat$cgroup_procs(r3, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r5, &(0x7f0000000000)={0x1f, 0x1001, @none}, 0xe) socket$vsock_stream(0x28, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r6 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a40)=ANY=[@ANYBLOB="280000001400190100"], 0x28}}, 0x0) write$cgroup_pid(r4, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x5, 0x20000000ec071, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000085100000fcffffff9500000000004000"/31], &(0x7f0000000080)='GPL\x00', 0xf, 0xff8, &(0x7f0000001e00)=""/4088, 0x0, 0xd, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x5, 0x6, 0x200, 0x40, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r7, &(0x7f0000000080), 0x0}, 0x20) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r8 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000200)={'veth0_to_team\x00'}) socket$netlink(0x10, 0x3, 0x0) 1.297621422s ago: executing program 0 (id=1006): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r0}, 0x10) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000140), 0x5}, 0x38) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00'}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x8, &(0x7f0000001b80)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000b0000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b30205006023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa8272f3eee97c0c3258918bd811db74b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff90326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff7a9433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0f34d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbdee00550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920386f14d12ca3c3431ee97471c7868dcdaffaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf974fcf36cbf6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd574d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a8022c8870f228787863a9e0885e238b44ae1c25c9fd8bb27083b8246829e64056000302bffff15405bd5f2eba2000000dd0000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb42305651152df60a3a05b89e760b60563c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d0104361c37c61a43b5afd865b60d4cae891b73220f17d25979a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9463f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d00000000ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf5ef06f7244dd357acd09d1ee4928aafe23de66fed972e0dddfb33f64e64701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4faa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a2689217380400a9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000020bd79e41c682139c58aa9deb039a691ad640e12c12fe11d70fe495906f2d5d71778acbd4eee53a3996cb0de84bd2b059d60c0f96a53ea44e0b293865aa68df494f87db976e36ad6c06912244d4c883c4aaa60b4a1392ce0b2f2c519663b4652ff871e0f6dfff9f7d34ecf04be0a58c3d53174b67d1886e34b81ad8c60da56acc64739c3acab24aa8d0ac92d465074f915608b1b60a948bad401b1a7fb3627bbe6c45123ed44bfdf8cc143bd1b7a663dc3d0476b8e39becffc429e41f66b1e37ae52aacaff0f1dc8ea70b68c25072e20586b19127d75fa71577f265c51000000000000000000000000004c0c1b4742fdb68a34370543d7aec4fbb67bfb3730af0c908d89029365378cca550f508e3699830028643ecfe9f79bd15db571c5420d9b60fa794cfbc7fd039856329b684216237ec55faf25fee7f1a838fc2399d67fe9b245fab52f7a8eb1aadbfbd8d203290f131965a41ca43bf5440e7b1425c15d39559e76384112b80dd0049280a1e9b63e3e7cadefa558b6d38ebe86b49e3f80204b5536f1bde80cb2dade46f6a1b8cc20a5a9b560e736235d518349599b8368bf1e360ecaa0bde20303eef789304761aca34b507fd66115ef36b2cec7629c7609283d1676bb3a018c0dad35189928abf9d06bc9"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x49) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='ext4_ext_remove_space_done\x00'}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) setsockopt$inet_mreqsrc(r2, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @rand_addr=0x64010100, @local}, 0xc) socketpair(0x1, 0x1, 0x0, &(0x7f0000000180)) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x5, [@var={0x3, 0x0, 0x0, 0xe, 0x2}, @union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x0, 0x1}]}]}, {0x0, [0x0, 0x0, 0x5f]}}, &(0x7f0000000180)=""/161, 0x45, 0xa1, 0x1, 0x0, 0x0, @void, @value}, 0x28) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000b4a8b1541206000000e9c79077fa15ba36eca61299de54cf77c9062430bc068829afff36b31fa7e35ce95d04"], &(0x7f0000281ffc)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r3, 0x2000000, 0x20, 0x0, &(0x7f0000000240)="5cdd3086ddff0066b3c9bbac88a8862c00dffd0013dd00000000000000008100", 0x0, 0x4e23, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) 1.297500803s ago: executing program 1 (id=24): r0 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'syz_tun\x00'}) syz_emit_ethernet(0x3a, &(0x7f0000000180)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x90, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e21, 0x18, 0x0, @wg=@data}}}}}, 0x0) 188.732349ms ago: executing program 2 (id=1007): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c) r1 = socket$inet6(0xa, 0x3, 0x84) bind$alg(0xffffffffffffffff, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha12-simd\x00'}, 0x58) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000080)={{{@in6=@local, @in=@local, 0x0, 0x3, 0x4e20, 0x0, 0x2, 0x80}, {0x0, 0x15000000000000, 0x0, 0x2, 0x8001, 0xffffffffffffffff, 0x0, 0xd3d}, {0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x1, 0x1}, {{@in6=@loopback, 0x4d6, 0x3c}, 0x2, @in6=@private2, 0x0, 0x1}}, 0xe8) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) 188.30619ms ago: executing program 4 (id=1008): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) connect$qrtr(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$unix(r6, &(0x7f00000004c0)={&(0x7f0000000280)=@abs, 0x6e, 0x0}, 0x40001101) ioctl$BTRFS_IOC_RM_DEV(0xffffffffffffffff, 0x40305839, 0x0) splice(r5, 0x0, r6, 0x0, 0xf3a, 0x0) write(r3, &(0x7f0000000240)="94", 0x1) vmsplice(r6, &(0x7f0000000380)=[{&(0x7f0000013580)="0dd2e7c8926dc6acd0ae6c178054e95986faff9544de5fc4c30adf404da41181a77466ac5075905ea5f50134fdd517a957fe2ee59b61f9fe8d7aabe595ea23de2723e437af0423a56686a4c2d957be1a0ab922fbbd3cb1d8c6ab0d58440a327c8eb05d445b4ac5f20abe449e4084f8b996268d0564f67980d3ed3479e0edfe5cec7b4f89bface391c9c4c58ad123b91c33173c72326d1df18804a9ea20f9ece48f784d8ca2318e3d2b316666b5dfb7295c4915989d5bcb120e8fedaa97b93a137c256ce4", 0x20013644}, {&(0x7f0000013680)="c578381bf5113dad8319d9ea5294285ae9a90384ce23866477bef9de4399237d8b3522c9c194e71edaf3332a2f169682f9d8fa271683d4d441b710409e506333e0c3b64e52e8720734b6787f4a84f5bebb046649c6c697d978affd349031b2cd874c7a8961a586a9f2d62f945e7a5bf2f5f7a31684c0503704881d2578a2a98ac3ef4e4a4b0dcdb70db735d5c1652eed3848b2dd4131bb0eb7cfadfaf5", 0x9d}], 0x2, 0x0) tee(r2, r6, 0x8f5, 0x100000000000000) write(r4, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6ffff0fae9d6dcd32925820c7b6ef", 0x11) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42072, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000004340)=@assoc_value, 0x8) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000700000e0000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000002600000000c0a01080000000000000000010000000900020073797a32000000003400038030000080080003400000000224000b80200001800e000100636f6e6e6c696d69740000000c00028008000140000000000900010073797a30"], 0xe4}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=@newlink={0x60, 0x10, 0x40d, 0x4, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5019}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_BC_QUEUE_LEN={0x8, 0x9}, @IFLA_MACVLAN_FLAGS={0x6, 0x2, 0x1}, @IFLA_MACVLAN_BC_QUEUE_LEN={0x8, 0x7, 0xfffff000}]}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'macvlan0\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xf00, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4400000010004b0400000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800800080088a80000060027"], 0x44}}, 0x0) 185.161745ms ago: executing program 0 (id=1009): openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000280)=@udp=r0}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000640), &(0x7f0000000180)=@udp=r0, 0x1}, 0x20) 211.04µs ago: executing program 2 (id=1010): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000580)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)={0x1c, r3, 0xa01, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4010) 0s ago: executing program 0 (id=1011): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000001000000000000000000000071120d000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0xc0f00, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x4a, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffe, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x18) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) unshare(0x22020600) socket$vsock_stream(0x28, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18300000002d7d005f8fb8258caceee17e5dc22d63574f00000000030000009500000000000000bfd914b3441a243cefca366cd920138bc84274a7af74da46d22594a5e896bef675a5872d51d3940ad11cf8ec2869d97d9e724bbb17898b44"], &(0x7f0000000340)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="5c0000002d000100000000000000000004000080450011802fe5afbf24fbcccc55761e79b8dad8a2018544a3f855448c77987d9d7a5233e2"], 0x5c}], 0x1}, 0x0) kernel console output (not intermixed with test programs): .805496][ T53] hsr_slave_0: left promiscuous mode [ 177.841305][ T53] hsr_slave_1: left promiscuous mode [ 177.858269][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 177.865737][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 177.877841][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 177.885286][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 177.934374][ T53] veth1_macvtap: left promiscuous mode [ 177.957093][ T53] veth0_macvtap: left promiscuous mode [ 177.962871][ T53] veth1_vlan: left promiscuous mode [ 177.977268][ T53] veth0_vlan: left promiscuous mode [ 178.169623][ T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 178.178901][ T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 178.198622][ T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 178.213399][ T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 178.229710][ T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 178.543180][ T53] team0 (unregistering): Port device team_slave_1 removed [ 178.580515][ T53] team0 (unregistering): Port device team_slave_0 removed [ 178.939702][ T8405] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$UvyآDUDw}zR3' [ 178.985318][ T8405] CPU: 1 UID: 0 PID: 8405 Comm: syz.2.607 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) [ 178.985350][ T8405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 178.985362][ T8405] Call Trace: [ 178.985371][ T8405] [ 178.985379][ T8405] dump_stack_lvl+0x189/0x250 [ 178.985411][ T8405] ? lockdep_hardirqs_on+0x9c/0x150 [ 178.985440][ T8405] ? __pfx_dump_stack_lvl+0x10/0x10 [ 178.985468][ T8405] ? __pfx__printk+0x10/0x10 [ 178.985491][ T8405] ? kernfs_path_from_node+0x2b/0x260 [ 178.985521][ T8405] ? kernfs_path_from_node+0x216/0x260 [ 178.985545][ T8405] sysfs_warn_dup+0x8e/0xa0 [ 178.985565][ T8405] sysfs_do_create_link_sd+0xc0/0x110 [ 178.985588][ T8405] device_add_class_symlinks+0x1cf/0x240 [ 178.985609][ T8405] device_add+0x475/0xb50 [ 178.985627][ T8405] wiphy_register+0x199a/0x26b0 [ 178.985655][ T8405] ? __pfx_wiphy_register+0x10/0x10 [ 178.985668][ T8405] ? minstrel_ht_alloc+0x893/0x990 [ 178.985691][ T8405] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 178.985712][ T8405] ieee80211_register_hw+0x334b/0x4060 [ 178.985743][ T8405] ? ieee80211_register_hw+0x13f1/0x4060 [ 178.985769][ T8405] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 178.985790][ T8405] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 178.985815][ T8405] ? __hrtimer_setup+0x187/0x210 [ 178.985837][ T8405] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 178.985863][ T8405] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 178.985908][ T8405] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 178.985928][ T8405] ? trace_kmalloc+0x1f/0xd0 [ 178.985944][ T8405] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 178.985970][ T8405] ? kstrndup+0xbf/0x160 [ 178.985993][ T8405] hwsim_new_radio_nl+0xea4/0x1b10 [ 178.986018][ T8405] ? __pfx___nla_validate_parse+0x10/0x10 [ 178.986047][ T8405] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 178.986079][ T8405] ? __nla_parse+0x40/0x60 [ 178.986100][ T8405] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 178.986127][ T8405] genl_family_rcv_msg_doit+0x212/0x300 [ 178.986153][ T8405] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 178.986185][ T8405] ? bpf_lsm_capable+0x9/0x20 [ 178.986204][ T8405] ? security_capable+0x7e/0x2e0 [ 178.986225][ T8405] genl_rcv_msg+0x60e/0x790 [ 178.986250][ T8405] ? __pfx_genl_rcv_msg+0x10/0x10 [ 178.986268][ T8405] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 178.986301][ T8405] netlink_rcv_skb+0x219/0x490 [ 178.986316][ T8405] ? __pfx_genl_rcv_msg+0x10/0x10 [ 178.986337][ T8405] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 178.986371][ T8405] ? down_read+0x1ad/0x2e0 [ 178.986395][ T8405] genl_rcv+0x28/0x40 [ 178.986412][ T8405] netlink_unicast+0x758/0x8d0 [ 178.986444][ T8405] netlink_sendmsg+0x805/0xb30 [ 178.986467][ T8405] ? __pfx_netlink_sendmsg+0x10/0x10 [ 178.986486][ T8405] ? aa_sock_msg_perm+0x94/0x160 [ 178.986502][ T8405] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 178.986518][ T8405] ? __pfx_netlink_sendmsg+0x10/0x10 [ 178.986534][ T8405] __sock_sendmsg+0x219/0x270 [ 178.986559][ T8405] ____sys_sendmsg+0x505/0x830 [ 178.986581][ T8405] ? __pfx_____sys_sendmsg+0x10/0x10 [ 178.986606][ T8405] ? import_iovec+0x74/0xa0 [ 178.986628][ T8405] ___sys_sendmsg+0x21f/0x2a0 [ 178.986648][ T8405] ? __pfx____sys_sendmsg+0x10/0x10 [ 178.986695][ T8405] ? __fget_files+0x2a/0x420 [ 178.986715][ T8405] ? __fget_files+0x3a0/0x420 [ 178.986742][ T8405] __x64_sys_sendmsg+0x19b/0x260 [ 178.986763][ T8405] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 178.986794][ T8405] ? do_syscall_64+0xba/0x210 [ 178.986818][ T8405] do_syscall_64+0xf6/0x210 [ 178.986840][ T8405] ? clear_bhb_loop+0x45/0xa0 [ 178.986858][ T8405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.986872][ T8405] RIP: 0033:0x7fc52518e969 [ 178.986887][ T8405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.986899][ T8405] RSP: 002b:00007fc526059038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 178.986922][ T8405] RAX: ffffffffffffffda RBX: 00007fc5253b5fa0 RCX: 00007fc52518e969 [ 178.986935][ T8405] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 178.986946][ T8405] RBP: 00007fc525210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 178.986962][ T8405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 178.986972][ T8405] R13: 0000000000000000 R14: 00007fc5253b5fa0 R15: 00007ffc022cb648 [ 178.986997][ T8405] [ 179.472523][ T5839] Bluetooth: hci1: command tx timeout [ 179.486780][ T8417] xt_ecn: cannot match TCP bits for non-tcp packets [ 179.555204][ T8383] chnl_net:caif_netlink_parms(): no params data found [ 179.661184][ T8412] lo speed is unknown, defaulting to 1000 [ 179.929017][ T8439] netlink: 28 bytes leftover after parsing attributes in process `syz.2.614'. [ 180.068585][ T8383] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.075761][ T8383] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.119741][ T8383] bridge_slave_0: entered allmulticast mode [ 180.129315][ T8383] bridge_slave_0: entered promiscuous mode [ 180.139661][ T8449] netlink: 300 bytes leftover after parsing attributes in process `syz.2.616'. [ 180.141964][ T8383] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.156262][ T8383] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.169647][ T8383] bridge_slave_1: entered allmulticast mode [ 180.179031][ T8383] bridge_slave_1: entered promiscuous mode [ 180.240011][ T8449] FAULT_INJECTION: forcing a failure. [ 180.240011][ T8449] name failslab, interval 1, probability 0, space 0, times 0 [ 180.263447][ T8449] CPU: 1 UID: 0 PID: 8449 Comm: syz.2.616 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) [ 180.263473][ T8449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 180.263485][ T8449] Call Trace: [ 180.263492][ T8449] [ 180.263500][ T8449] dump_stack_lvl+0x189/0x250 [ 180.263534][ T8449] ? __pfx_dump_stack_lvl+0x10/0x10 [ 180.263560][ T8449] ? __pfx__printk+0x10/0x10 [ 180.263585][ T8449] ? ref_tracker_alloc+0x318/0x460 [ 180.263607][ T8449] should_fail_ex+0x414/0x560 [ 180.263638][ T8449] should_failslab+0xa8/0x100 [ 180.263663][ T8449] kmem_cache_alloc_noprof+0x73/0x3c0 [ 180.263684][ T8449] ? skb_clone+0x212/0x3a0 [ 180.263711][ T8449] skb_clone+0x212/0x3a0 [ 180.263737][ T8449] __netlink_deliver_tap+0x404/0x850 [ 180.263769][ T8449] ? netlink_deliver_tap+0x2e/0x1b0 [ 180.263790][ T8449] netlink_deliver_tap+0x19c/0x1b0 [ 180.263810][ T8449] netlink_unicast+0x72f/0x8d0 [ 180.263849][ T8449] netlink_sendmsg+0x805/0xb30 [ 180.263879][ T8449] ? __pfx_netlink_sendmsg+0x10/0x10 [ 180.263908][ T8449] ? aa_sock_msg_perm+0x94/0x160 [ 180.263929][ T8449] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 180.263950][ T8449] ? __pfx_netlink_sendmsg+0x10/0x10 [ 180.263970][ T8449] __sock_sendmsg+0x219/0x270 [ 180.264001][ T8449] ____sys_sendmsg+0x505/0x830 [ 180.264028][ T8449] ? __pfx_____sys_sendmsg+0x10/0x10 [ 180.264060][ T8449] ? import_iovec+0x74/0xa0 [ 180.264087][ T8449] ___sys_sendmsg+0x21f/0x2a0 [ 180.264112][ T8449] ? __pfx____sys_sendmsg+0x10/0x10 [ 180.264170][ T8449] ? __fget_files+0x2a/0x420 [ 180.264192][ T8449] ? __fget_files+0x3a0/0x420 [ 180.264226][ T8449] __x64_sys_sendmsg+0x19b/0x260 [ 180.264251][ T8449] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 180.264291][ T8449] ? do_syscall_64+0xba/0x210 [ 180.264321][ T8449] do_syscall_64+0xf6/0x210 [ 180.264347][ T8449] ? clear_bhb_loop+0x45/0xa0 [ 180.264369][ T8449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.264387][ T8449] RIP: 0033:0x7fc52518e969 [ 180.264403][ T8449] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 180.264418][ T8449] RSP: 002b:00007fc526059038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 180.264438][ T8449] RAX: ffffffffffffffda RBX: 00007fc5253b5fa0 RCX: 00007fc52518e969 [ 180.264451][ T8449] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 000000000000000e [ 180.264463][ T8449] RBP: 00007fc526059090 R08: 0000000000000000 R09: 0000000000000000 [ 180.264474][ T8449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 180.264485][ T8449] R13: 0000000000000000 R14: 00007fc5253b5fa0 R15: 00007ffc022cb648 [ 180.264513][ T8449] [ 180.557834][ T5839] Bluetooth: hci3: command tx timeout [ 180.811181][ T53] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.835624][ T8383] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 180.986096][ T53] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.010287][ T8383] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 181.030907][ T8475] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 181.062822][ T8475] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 181.166883][ T53] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.223322][ T8485] netlink: 28 bytes leftover after parsing attributes in process `syz.4.626'. [ 181.251885][ T8383] team0: Port device team_slave_0 added [ 181.326412][ T8383] team0: Port device team_slave_1 added [ 181.356443][ T53] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.500812][ T5839] Bluetooth: hci1: command tx timeout [ 181.550442][ T8383] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 181.558710][ T8383] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 181.585709][ T8383] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 181.614054][ T8412] chnl_net:caif_netlink_parms(): no params data found [ 181.628880][ T8383] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 181.636269][ T8383] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 181.662928][ T8383] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 181.834989][ T8496] netlink: 'syz.2.630': attribute type 25 has an invalid length. [ 181.915336][ T8498] x_tables: ip6_tables: rpfilter match: used from hooks POSTROUTING, but only valid from PREROUTING [ 181.970559][ T8383] hsr_slave_0: entered promiscuous mode [ 182.000316][ T8383] hsr_slave_1: entered promiscuous mode [ 182.008793][ T8383] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 182.021742][ T8383] Cannot create hsr debugfs directory [ 182.205020][ T8412] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.213874][ T8412] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.225040][ T8412] bridge_slave_0: entered allmulticast mode [ 182.232842][ T8412] bridge_slave_0: entered promiscuous mode [ 182.296618][ T8412] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.314448][ T8412] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.331044][ T8412] bridge_slave_1: entered allmulticast mode [ 182.349331][ T8412] bridge_slave_1: entered promiscuous mode [ 182.566501][ T5889] IPVS: starting estimator thread 0... [ 182.579222][ T8523] Bluetooth: MGMT ver 1.23 [ 182.617356][ T5839] Bluetooth: hci3: command tx timeout [ 182.657046][ T8525] IPVS: using max 33 ests per chain, 79200 per kthread [ 182.680552][ T8530] netlink: 'syz.0.643': attribute type 24 has an invalid length. [ 182.763934][ T8412] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 182.783404][ T53] bridge_slave_1: left allmulticast mode [ 182.794746][ T53] bridge_slave_1: left promiscuous mode [ 182.821115][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.870430][ T53] bridge_slave_0: left allmulticast mode [ 182.877675][ T53] bridge_slave_0: left promiscuous mode [ 182.883451][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.377667][ T8537] netlink: 256 bytes leftover after parsing attributes in process `syz.4.645'. [ 183.577219][ T5839] Bluetooth: hci1: command tx timeout [ 183.665788][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 183.676728][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 183.686878][ T53] bond0 (unregistering): Released all slaves [ 183.705511][ T8523] geneve3: entered promiscuous mode [ 183.731103][ T8412] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 183.968757][ T8412] team0: Port device team_slave_0 added [ 184.044794][ T8412] team0: Port device team_slave_1 added [ 184.067479][ T8549] netlink: 'syz.4.650': attribute type 5 has an invalid length. [ 184.075348][ T8549] netlink: 4 bytes leftover after parsing attributes in process `syz.4.650'. [ 184.243921][ T8550] lo speed is unknown, defaulting to 1000 [ 184.258740][ T8412] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 184.266152][ T8412] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 184.301365][ T8412] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 184.343696][ T53] hsr_slave_0: left promiscuous mode [ 184.363923][ T53] hsr_slave_1: left promiscuous mode [ 184.380972][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 184.402649][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 184.414218][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 184.422347][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 184.450758][ T53] veth1_macvtap: left promiscuous mode [ 184.458938][ T53] veth0_macvtap: left promiscuous mode [ 184.477187][ T53] veth1_vlan: left promiscuous mode [ 184.483542][ T53] veth0_vlan: left promiscuous mode [ 184.704048][ T5839] Bluetooth: hci3: command tx timeout [ 184.861630][ T8577] netlink: 'syz.2.655': attribute type 1 has an invalid length. [ 185.100021][ T53] team0 (unregistering): Port device team_slave_1 removed [ 185.136875][ T53] team0 (unregistering): Port device team_slave_0 removed [ 185.485336][ T8412] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 185.494026][ T8412] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 185.521652][ T8412] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 185.586820][ T8577] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 185.596226][ T8550] lo speed is unknown, defaulting to 1000 [ 185.668011][ T5839] Bluetooth: hci1: command tx timeout [ 185.784483][ T8550] lo speed is unknown, defaulting to 1000 [ 185.892839][ T8412] hsr_slave_0: entered promiscuous mode [ 185.927729][ T8412] hsr_slave_1: entered promiscuous mode [ 185.941676][ T8412] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 185.952572][ T8412] Cannot create hsr debugfs directory [ 186.220905][ T8550] infiniband syz0: set active [ 186.227174][ T8550] infiniband syz0: added lo [ 186.233743][ T8550] syz0: rxe_create_cq: returned err = -12 [ 186.250320][ T8550] infiniband syz0: Couldn't create ib_mad CQ [ 186.258168][ T8550] infiniband syz0: Couldn't open port 1 [ 186.276169][ T9] lo speed is unknown, defaulting to 1000 [ 186.283334][ T8550] RDS/IB: syz0: added [ 186.303286][ T8550] smc: adding ib device syz0 with port count 1 [ 186.315481][ T8550] smc: ib device syz0 port 1 has pnetid [ 186.321224][ T8591] netlink: 'syz.2.659': attribute type 10 has an invalid length. [ 186.333302][ T24] lo speed is unknown, defaulting to 1000 [ 186.364863][ T8550] lo speed is unknown, defaulting to 1000 [ 186.553334][ T8599] netlink: 'syz.2.660': attribute type 4 has an invalid length. [ 186.554781][ T8383] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 186.652598][ T8601] netlink: 'syz.4.661': attribute type 5 has an invalid length. [ 186.661190][ T8601] netlink: 4 bytes leftover after parsing attributes in process `syz.4.661'. [ 186.683557][ T8383] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 186.708405][ T8383] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 186.755009][ T8383] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 186.777704][ T5839] Bluetooth: hci3: command tx timeout [ 186.825238][ T8602] netlink: 'syz.2.660': attribute type 4 has an invalid length. [ 187.065333][ T8550] lo speed is unknown, defaulting to 1000 [ 187.259968][ T8620] netlink: 8 bytes leftover after parsing attributes in process `syz.4.663'. [ 187.366824][ T8383] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.442773][ T8383] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.468894][ T78] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.476172][ T78] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.532981][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.540201][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.755999][ T8412] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 187.819995][ T8383] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 187.856004][ T8412] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 187.881180][ T8550] lo speed is unknown, defaulting to 1000 [ 187.915668][ T8412] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 187.943892][ T8643] netlink: 4 bytes leftover after parsing attributes in process `syz.2.669'. [ 187.978615][ T8412] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 188.003920][ T8643] bridge_slave_1: left allmulticast mode [ 188.032506][ T8643] bridge_slave_1: left promiscuous mode [ 188.062637][ T8643] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.094831][ T8643] bridge_slave_0: left allmulticast mode [ 188.111588][ T8643] bridge_slave_0: left promiscuous mode [ 188.126526][ T8643] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.524391][ T8412] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.569458][ T8658] lo speed is unknown, defaulting to 1000 [ 188.609617][ T8550] lo speed is unknown, defaulting to 1000 [ 188.631988][ T8412] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.641367][ T8665] netlink: 'syz.4.672': attribute type 5 has an invalid length. [ 188.655821][ T8383] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.660555][ T8665] netlink: 4 bytes leftover after parsing attributes in process `syz.4.672'. [ 188.675887][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.683138][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.716784][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.724023][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.875962][ T8383] veth0_vlan: entered promiscuous mode [ 188.924199][ T8670] lo speed is unknown, defaulting to 1000 [ 188.930443][ T8383] veth1_vlan: entered promiscuous mode [ 189.031272][ T8383] veth0_macvtap: entered promiscuous mode [ 189.053082][ T8383] veth1_macvtap: entered promiscuous mode [ 189.158207][ T8383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 189.178770][ T8383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.207432][ T8383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 189.227380][ T8383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.252223][ T8383] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 189.303567][ T8383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 189.323297][ T8383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.335364][ T8383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 189.357970][ T8383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.369807][ T8383] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 189.379894][ T8550] lo speed is unknown, defaulting to 1000 [ 189.405743][ T8412] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 189.427944][ T8383] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.441290][ T8383] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.451083][ T8383] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.463909][ T8383] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.650179][ T8412] veth0_vlan: entered promiscuous mode [ 189.704082][ T8412] veth1_vlan: entered promiscuous mode [ 189.717587][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 189.740480][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 189.825186][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 189.841382][ T8412] veth0_macvtap: entered promiscuous mode [ 189.852505][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 189.874814][ T8550] lo speed is unknown, defaulting to 1000 [ 189.885961][ T8412] veth1_macvtap: entered promiscuous mode [ 190.100438][ T8412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 190.127819][ T8412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.147001][ T8412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 190.166984][ T8412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.177194][ T8412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 190.197165][ T8412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.219009][ T8412] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 190.276024][ T8412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 190.294127][ T8412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.326436][ T8412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 190.338046][ T8412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.348872][ T8412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 190.360299][ T8412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.372120][ T8412] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 190.382915][ T8670] lo speed is unknown, defaulting to 1000 [ 190.406677][ T8412] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.434244][ T8412] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.450827][ T8412] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.460185][ T8412] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.599215][ T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.789201][ T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.910206][ T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.188844][ T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.245146][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 191.274716][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 191.386840][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 191.421729][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 191.925351][ T8730] netlink: 8 bytes leftover after parsing attributes in process `syz.0.676'. [ 191.960511][ T13] bridge_slave_1: left allmulticast mode [ 191.971981][ T13] bridge_slave_1: left promiscuous mode [ 191.996334][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.113922][ T13] bridge_slave_0: left allmulticast mode [ 192.138728][ T13] bridge_slave_0: left promiscuous mode [ 192.145879][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.213797][ T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 192.226769][ T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 192.235662][ T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 192.244688][ T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 192.253915][ T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 192.701106][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 192.712458][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 192.723156][ T13] bond0 (unregistering): Released all slaves [ 192.751854][ T8751] bond0: entered promiscuous mode [ 192.761328][ T8751] bond_slave_0: entered promiscuous mode [ 192.768215][ T8751] bond_slave_1: entered promiscuous mode [ 192.955528][ T8744] lo speed is unknown, defaulting to 1000 [ 192.979221][ T8744] lo speed is unknown, defaulting to 1000 [ 193.345029][ T8768] netlink: 8 bytes leftover after parsing attributes in process `syz.2.681'. [ 193.367484][ T8768] openvswitch: netlink: Unknown nsh attribute 0 [ 193.401315][ T8768] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 193.594271][ T8779] netlink: 8 bytes leftover after parsing attributes in process `syz.4.684'. [ 193.882926][ T8788] netlink: 'syz.2.688': attribute type 4 has an invalid length. [ 194.189306][ T13] hsr_slave_0: left promiscuous mode [ 194.224409][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.238960][ T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 194.239384][ T13] hsr_slave_1: left promiscuous mode [ 194.254215][ T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 194.263273][ T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 194.268275][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 194.288538][ T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 194.297675][ T55] Bluetooth: hci1: command tx timeout [ 194.308966][ T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 194.339138][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 194.362752][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 194.383792][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 194.414124][ T8815] netlink: 12 bytes leftover after parsing attributes in process `syz.4.694'. [ 194.439175][ T13] veth1_macvtap: left promiscuous mode [ 194.465106][ T13] veth0_macvtap: left promiscuous mode [ 194.481405][ T13] veth1_vlan: left promiscuous mode [ 194.494297][ T13] veth0_vlan: left promiscuous mode [ 194.501365][ T8819] netlink: 12 bytes leftover after parsing attributes in process `syz.4.694'. [ 194.586370][ T8822] FAULT_INJECTION: forcing a failure. [ 194.586370][ T8822] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 194.604621][ T8822] CPU: 0 UID: 0 PID: 8822 Comm: syz.0.696 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) [ 194.604650][ T8822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 194.604662][ T8822] Call Trace: [ 194.604670][ T8822] [ 194.604679][ T8822] dump_stack_lvl+0x189/0x250 [ 194.604716][ T8822] ? __pfx_dump_stack_lvl+0x10/0x10 [ 194.604745][ T8822] ? __pfx__printk+0x10/0x10 [ 194.604778][ T8822] should_fail_ex+0x414/0x560 [ 194.604814][ T8822] _copy_to_user+0x31/0xb0 [ 194.604843][ T8822] simple_read_from_buffer+0xe1/0x170 [ 194.604873][ T8822] proc_fail_nth_read+0x1df/0x250 [ 194.604903][ T8822] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 194.604934][ T8822] ? rw_verify_area+0x258/0x650 [ 194.604955][ T8822] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 194.604983][ T8822] vfs_read+0x1fd/0x980 [ 194.605010][ T8822] ? __pfx___mutex_lock+0x10/0x10 [ 194.605038][ T8822] ? __pfx_vfs_read+0x10/0x10 [ 194.605062][ T8822] ? __fget_files+0x2a/0x420 [ 194.605091][ T8822] ? __fget_files+0x3a0/0x420 [ 194.605114][ T8822] ? __fget_files+0x2a/0x420 [ 194.605148][ T8822] ksys_read+0x145/0x250 [ 194.605168][ T8822] ? rcu_is_watching+0x15/0xb0 [ 194.605199][ T8822] ? __pfx_ksys_read+0x10/0x10 [ 194.605225][ T8822] ? do_syscall_64+0xba/0x210 [ 194.605257][ T8822] do_syscall_64+0xf6/0x210 [ 194.605286][ T8822] ? clear_bhb_loop+0x45/0xa0 [ 194.605330][ T8822] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.605348][ T8822] RIP: 0033:0x7f9cf2d8d37c [ 194.605366][ T8822] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 194.605383][ T8822] RSP: 002b:00007f9cf3b8c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 194.605403][ T8822] RAX: ffffffffffffffda RBX: 00007f9cf2fb5fa0 RCX: 00007f9cf2d8d37c [ 194.605418][ T8822] RDX: 000000000000000f RSI: 00007f9cf3b8c0a0 RDI: 0000000000000003 [ 194.605430][ T8822] RBP: 00007f9cf3b8c090 R08: 0000000000000000 R09: 0000000000000000 [ 194.605442][ T8822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 194.605453][ T8822] R13: 0000000000000000 R14: 00007f9cf2fb5fa0 R15: 00007ffc94465528 [ 194.605485][ T8822] [ 195.262155][ T13] team0 (unregistering): Port device team_slave_1 removed [ 195.297516][ T13] team0 (unregistering): Port device team_slave_0 removed [ 195.639182][ T8800] tc_dump_action: action bad kind [ 195.899554][ T8744] chnl_net:caif_netlink_parms(): no params data found [ 195.924603][ T8804] lo speed is unknown, defaulting to 1000 [ 196.003830][ T8804] lo speed is unknown, defaulting to 1000 [ 196.249857][ T8857] netlink: 28 bytes leftover after parsing attributes in process `syz.0.703'. [ 196.377719][ T5839] Bluetooth: hci3: command tx timeout [ 196.378911][ T55] Bluetooth: hci1: command tx timeout [ 196.533676][ T8871] sctp: [Deprecated]: syz.4.707 (pid 8871) Use of int in maxseg socket option. [ 196.533676][ T8871] Use struct sctp_assoc_value instead [ 196.577310][ T8869] netlink: 1040 bytes leftover after parsing attributes in process `syz.2.706'. [ 196.586589][ T8869] sch_tbf: peakrate 9 is lower than or equals to rate 2047 ! [ 196.613474][ T8873] netlink: 'syz.0.708': attribute type 39 has an invalid length. [ 196.639344][ T8744] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.667106][ T8744] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.674374][ T8744] bridge_slave_0: entered allmulticast mode [ 196.692314][ T8744] bridge_slave_0: entered promiscuous mode [ 196.710779][ T8744] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.752332][ T8744] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.778351][ T8744] bridge_slave_1: entered allmulticast mode [ 196.786070][ T8744] bridge_slave_1: entered promiscuous mode [ 196.833691][ T8881] netlink: 12 bytes leftover after parsing attributes in process `syz.2.709'. [ 196.914018][ T8886] netlink: 12 bytes leftover after parsing attributes in process `syz.2.709'. [ 196.942810][ T8744] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 197.063640][ T3494] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.259871][ T8744] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 197.321588][ T8895] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 197.549357][ T3494] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.743192][ T8744] team0: Port device team_slave_0 added [ 198.457275][ T55] Bluetooth: hci1: command tx timeout [ 198.463957][ T5839] Bluetooth: hci3: command tx timeout [ 199.219818][ T3494] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.236026][ T8744] team0: Port device team_slave_1 added [ 199.394809][ T8944] netlink: 12 bytes leftover after parsing attributes in process `syz.4.722'. [ 199.406857][ T3494] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.423423][ T8744] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 199.430793][ T8744] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 199.458712][ T8947] netlink: 12 bytes leftover after parsing attributes in process `syz.4.722'. [ 199.471671][ T8744] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 199.484487][ T8744] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 199.491806][ T8744] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 199.522934][ T8744] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 199.737689][ T8954] openvswitch: netlink: Missing key (keys=40, expected=100) [ 200.019569][ T8744] hsr_slave_0: entered promiscuous mode [ 200.034181][ T8744] hsr_slave_1: entered promiscuous mode [ 200.061164][ T8744] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 200.079181][ T8744] Cannot create hsr debugfs directory [ 200.100805][ T8804] chnl_net:caif_netlink_parms(): no params data found [ 200.468048][ T8989] netlink: 'syz.0.733': attribute type 1 has an invalid length. [ 200.480225][ T8987] netlink: 20 bytes leftover after parsing attributes in process `syz.4.732'. [ 200.487549][ T8989] netlink: 4 bytes leftover after parsing attributes in process `syz.0.733'. [ 200.537653][ T5140] Bluetooth: hci1: command tx timeout [ 200.544301][ T5140] Bluetooth: hci3: command tx timeout [ 200.673160][ T3494] bridge_slave_1: left allmulticast mode [ 200.699420][ T3494] bridge_slave_1: left promiscuous mode [ 200.705225][ T3494] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.785091][ T3494] bridge_slave_0: left allmulticast mode [ 200.803252][ T3494] bridge_slave_0: left promiscuous mode [ 200.812612][ T3494] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.196718][ T3494] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 201.208363][ T3494] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 201.218917][ T3494] bond0 (unregistering): Released all slaves [ 201.421582][ T5843] Bluetooth: hci0: command 0x0406 tx timeout [ 201.427570][ T5140] Bluetooth: hci2: command 0x0406 tx timeout [ 201.428829][ T5843] Bluetooth: hci4: command 0x0406 tx timeout [ 201.562624][ T8804] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.583810][ T8804] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.607202][ T8804] bridge_slave_0: entered allmulticast mode [ 201.624456][ T8804] bridge_slave_0: entered promiscuous mode [ 201.702394][ T8804] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.727911][ T8804] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.737272][ T8804] bridge_slave_1: entered allmulticast mode [ 201.748767][ T8804] bridge_slave_1: entered promiscuous mode [ 201.834152][ T9040] FAULT_INJECTION: forcing a failure. [ 201.834152][ T9040] name failslab, interval 1, probability 0, space 0, times 0 [ 201.861391][ T9040] CPU: 1 UID: 0 PID: 9040 Comm: syz.4.743 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) [ 201.861424][ T9040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 201.861436][ T9040] Call Trace: [ 201.861444][ T9040] [ 201.861453][ T9040] dump_stack_lvl+0x189/0x250 [ 201.861491][ T9040] ? __pfx_dump_stack_lvl+0x10/0x10 [ 201.861521][ T9040] ? __pfx__printk+0x10/0x10 [ 201.861549][ T9040] ? ref_tracker_alloc+0x318/0x460 [ 201.861574][ T9040] should_fail_ex+0x414/0x560 [ 201.861619][ T9040] should_failslab+0xa8/0x100 [ 201.861647][ T9040] kmem_cache_alloc_noprof+0x73/0x3c0 [ 201.861672][ T9040] ? skb_clone+0x212/0x3a0 [ 201.861703][ T9040] skb_clone+0x212/0x3a0 [ 201.861736][ T9040] __netlink_deliver_tap+0x404/0x850 [ 201.861772][ T9040] ? netlink_deliver_tap+0x2e/0x1b0 [ 201.861795][ T9040] netlink_deliver_tap+0x19c/0x1b0 [ 201.861818][ T9040] netlink_unicast+0x72f/0x8d0 [ 201.861872][ T9040] netlink_sendmsg+0x805/0xb30 [ 201.861902][ T9040] ? __pfx_netlink_sendmsg+0x10/0x10 [ 201.861925][ T9040] ? aa_sock_msg_perm+0x94/0x160 [ 201.861947][ T9040] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 201.861968][ T9040] ? __pfx_netlink_sendmsg+0x10/0x10 [ 201.861988][ T9040] __sock_sendmsg+0x219/0x270 [ 201.862019][ T9040] ____sys_sendmsg+0x505/0x830 [ 201.862047][ T9040] ? __pfx_____sys_sendmsg+0x10/0x10 [ 201.862078][ T9040] ? import_iovec+0x74/0xa0 [ 201.862106][ T9040] ___sys_sendmsg+0x21f/0x2a0 [ 201.862130][ T9040] ? __pfx____sys_sendmsg+0x10/0x10 [ 201.862189][ T9040] ? __fget_files+0x2a/0x420 [ 201.862212][ T9040] ? __fget_files+0x3a0/0x420 [ 201.862246][ T9040] __x64_sys_sendmsg+0x19b/0x260 [ 201.862272][ T9040] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 201.862311][ T9040] ? do_syscall_64+0xba/0x210 [ 201.862342][ T9040] do_syscall_64+0xf6/0x210 [ 201.862369][ T9040] ? clear_bhb_loop+0x45/0xa0 [ 201.862392][ T9040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.862410][ T9040] RIP: 0033:0x7fb776d8e969 [ 201.862426][ T9040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 201.862442][ T9040] RSP: 002b:00007fb777b3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 201.862461][ T9040] RAX: ffffffffffffffda RBX: 00007fb776fb5fa0 RCX: 00007fb776d8e969 [ 201.862475][ T9040] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000006 [ 201.862486][ T9040] RBP: 00007fb777b3f090 R08: 0000000000000000 R09: 0000000000000000 [ 201.862498][ T9040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 201.862508][ T9040] R13: 0000000000000000 R14: 00007fb776fb5fa0 R15: 00007ffe20de79a8 [ 201.862538][ T9040] [ 202.389327][ T8804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 202.418666][ T9057] netlink: 8 bytes leftover after parsing attributes in process `syz.2.745'. [ 202.593139][ T8804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 202.617171][ T55] Bluetooth: hci3: command tx timeout [ 202.637515][ T9062] netlink: 8 bytes leftover after parsing attributes in process `syz.4.746'. [ 202.869239][ T3494] hsr_slave_0: left promiscuous mode [ 202.875212][ T3494] hsr_slave_1: left promiscuous mode [ 202.883659][ T3494] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 202.893755][ T3494] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 202.911911][ T3494] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 202.924242][ T3494] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 202.967772][ T3494] veth1_macvtap: left promiscuous mode [ 202.973322][ T3494] veth0_macvtap: left promiscuous mode [ 202.984643][ T3494] veth1_vlan: left promiscuous mode [ 202.991111][ T3494] veth0_vlan: left promiscuous mode [ 203.424946][ T3494] team0 (unregistering): Port device team_slave_1 removed [ 203.468371][ T3494] team0 (unregistering): Port device team_slave_0 removed [ 203.847844][ T9072] ip6_vti0: entered allmulticast mode [ 203.901225][ T8804] team0: Port device team_slave_0 added [ 203.941144][ T8804] team0: Port device team_slave_1 added [ 204.184068][ T8804] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 204.191390][ T8804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 204.218558][ T8804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 204.233700][ T9092] FAULT_INJECTION: forcing a failure. [ 204.233700][ T9092] name failslab, interval 1, probability 0, space 0, times 0 [ 204.248213][ T8804] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 204.262765][ T9092] CPU: 1 UID: 0 PID: 9092 Comm: syz.4.754 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) [ 204.262791][ T9092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 204.262802][ T9092] Call Trace: [ 204.262809][ T9092] [ 204.262816][ T9092] dump_stack_lvl+0x189/0x250 [ 204.262849][ T9092] ? __pfx_dump_stack_lvl+0x10/0x10 [ 204.262875][ T9092] ? __pfx__printk+0x10/0x10 [ 204.262890][ T9092] ? __lock_acquire+0xaac/0xd20 [ 204.262927][ T9092] should_fail_ex+0x414/0x560 [ 204.262959][ T9092] should_failslab+0xa8/0x100 [ 204.262984][ T9092] kmem_cache_alloc_noprof+0x73/0x3c0 [ 204.263005][ T9092] ? skb_clone+0x212/0x3a0 [ 204.263032][ T9092] skb_clone+0x212/0x3a0 [ 204.263057][ T9092] __netlink_deliver_tap+0x404/0x850 [ 204.263087][ T9092] ? netlink_deliver_tap+0x2e/0x1b0 [ 204.263107][ T9092] netlink_deliver_tap+0x19c/0x1b0 [ 204.263126][ T9092] netlink_sendskb+0x68/0x140 [ 204.263161][ T9092] netlink_rcv_skb+0x2a0/0x490 [ 204.263180][ T9092] ? __pfx_genl_rcv_msg+0x10/0x10 [ 204.263205][ T9092] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 204.263245][ T9092] ? down_read+0x1ad/0x2e0 [ 204.263273][ T9092] genl_rcv+0x28/0x40 [ 204.263294][ T9092] netlink_unicast+0x758/0x8d0 [ 204.263331][ T9092] netlink_sendmsg+0x805/0xb30 [ 204.263359][ T9092] ? __pfx_netlink_sendmsg+0x10/0x10 [ 204.263381][ T9092] ? aa_sock_msg_perm+0x94/0x160 [ 204.263401][ T9092] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 204.263421][ T9092] ? __pfx_netlink_sendmsg+0x10/0x10 [ 204.263440][ T9092] __sock_sendmsg+0x219/0x270 [ 204.263469][ T9092] ____sys_sendmsg+0x505/0x830 [ 204.263496][ T9092] ? __pfx_____sys_sendmsg+0x10/0x10 [ 204.263526][ T9092] ? import_iovec+0x74/0xa0 [ 204.263551][ T9092] ___sys_sendmsg+0x21f/0x2a0 [ 204.263574][ T9092] ? __pfx____sys_sendmsg+0x10/0x10 [ 204.263630][ T9092] ? __fget_files+0x2a/0x420 [ 204.263652][ T9092] ? __fget_files+0x3a0/0x420 [ 204.263682][ T9092] __x64_sys_sendmsg+0x19b/0x260 [ 204.263706][ T9092] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 204.263743][ T9092] ? do_syscall_64+0xba/0x210 [ 204.263772][ T9092] do_syscall_64+0xf6/0x210 [ 204.263801][ T9092] ? clear_bhb_loop+0x45/0xa0 [ 204.263823][ T9092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.263840][ T9092] RIP: 0033:0x7fb776d8e969 [ 204.263855][ T9092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 204.263870][ T9092] RSP: 002b:00007fb777b3f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 204.263888][ T9092] RAX: ffffffffffffffda RBX: 00007fb776fb5fa0 RCX: 00007fb776d8e969 [ 204.263901][ T9092] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003 [ 204.263912][ T9092] RBP: 00007fb777b3f090 R08: 0000000000000000 R09: 0000000000000000 [ 204.263923][ T9092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 204.263933][ T9092] R13: 0000000000000000 R14: 00007fb776fb5fa0 R15: 00007ffe20de79a8 [ 204.263961][ T9092] [ 204.557053][ T8804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 204.583904][ T8804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 204.790433][ T9099] netlink: 16 bytes leftover after parsing attributes in process `syz.4.757'. [ 204.846486][ T8804] hsr_slave_0: entered promiscuous mode [ 204.866830][ T8804] hsr_slave_1: entered promiscuous mode [ 204.873879][ T8804] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 204.881865][ T8804] Cannot create hsr debugfs directory [ 204.924696][ T9110] netlink: 12 bytes leftover after parsing attributes in process `syz.0.761'. [ 204.971576][ T9099] netlink: 452 bytes leftover after parsing attributes in process `syz.4.757'. [ 205.154938][ T8744] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 205.173129][ T9120] netlink: 300 bytes leftover after parsing attributes in process `syz.4.764'. [ 205.259998][ T9124] FAULT_INJECTION: forcing a failure. [ 205.259998][ T9124] name failslab, interval 1, probability 0, space 0, times 0 [ 205.290588][ T9124] CPU: 0 UID: 0 PID: 9124 Comm: syz.4.764 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) [ 205.290622][ T9124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 205.290634][ T9124] Call Trace: [ 205.290640][ T9124] [ 205.290648][ T9124] dump_stack_lvl+0x189/0x250 [ 205.290702][ T9124] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.290731][ T9124] ? __pfx__printk+0x10/0x10 [ 205.290755][ T9124] ? __pfx___might_resched+0x10/0x10 [ 205.290774][ T9124] ? fs_reclaim_acquire+0x7d/0x100 [ 205.290808][ T9124] should_fail_ex+0x414/0x560 [ 205.290845][ T9124] should_failslab+0xa8/0x100 [ 205.290873][ T9124] __kmalloc_noprof+0xcb/0x4f0 [ 205.290897][ T9124] ? lockdep_hardirqs_on+0x9c/0x150 [ 205.290923][ T9124] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 205.290957][ T9124] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 205.290994][ T9124] genl_family_rcv_msg_doit+0xb8/0x300 [ 205.291029][ T9124] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 205.291059][ T9124] ? rcu_is_watching+0x15/0xb0 [ 205.291092][ T9124] ? apparmor_capable+0x137/0x1b0 [ 205.291120][ T9124] ? bpf_lsm_capable+0x9/0x20 [ 205.291147][ T9124] ? security_capable+0x7e/0x2e0 [ 205.291175][ T9124] genl_rcv_msg+0x60e/0x790 [ 205.291208][ T9124] ? __pfx_genl_rcv_msg+0x10/0x10 [ 205.291232][ T9124] ? __pfx_ovs_dp_cmd_set+0x10/0x10 [ 205.291266][ T9124] ? ref_tracker_free+0x63a/0x7d0 [ 205.291285][ T9124] ? __copy_skb_header+0xa7/0x550 [ 205.291320][ T9124] netlink_rcv_skb+0x219/0x490 [ 205.291342][ T9124] ? __pfx_genl_rcv_msg+0x10/0x10 [ 205.291370][ T9124] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 205.291417][ T9124] ? down_read+0x1ad/0x2e0 [ 205.291451][ T9124] genl_rcv+0x28/0x40 [ 205.291474][ T9124] netlink_unicast+0x758/0x8d0 [ 205.291517][ T9124] netlink_sendmsg+0x805/0xb30 [ 205.291549][ T9124] ? __pfx_netlink_sendmsg+0x10/0x10 [ 205.291575][ T9124] ? aa_sock_msg_perm+0x94/0x160 [ 205.291597][ T9124] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 205.291620][ T9124] ? __pfx_netlink_sendmsg+0x10/0x10 [ 205.291642][ T9124] __sock_sendmsg+0x219/0x270 [ 205.291675][ T9124] ____sys_sendmsg+0x505/0x830 [ 205.291706][ T9124] ? __pfx_____sys_sendmsg+0x10/0x10 [ 205.291741][ T9124] ? import_iovec+0x74/0xa0 [ 205.291771][ T9124] ___sys_sendmsg+0x21f/0x2a0 [ 205.291798][ T9124] ? __pfx____sys_sendmsg+0x10/0x10 [ 205.291875][ T9124] ? __fget_files+0x2a/0x420 [ 205.291897][ T9124] ? __fget_files+0x3a0/0x420 [ 205.291931][ T9124] __x64_sys_sendmsg+0x19b/0x260 [ 205.291976][ T9124] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 205.292014][ T9124] ? do_syscall_64+0xba/0x210 [ 205.292044][ T9124] do_syscall_64+0xf6/0x210 [ 205.292071][ T9124] ? clear_bhb_loop+0x45/0xa0 [ 205.292094][ T9124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.292112][ T9124] RIP: 0033:0x7fb776d8e969 [ 205.292128][ T9124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.292144][ T9124] RSP: 002b:00007fb777b1e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 205.292164][ T9124] RAX: ffffffffffffffda RBX: 00007fb776fb6080 RCX: 00007fb776d8e969 [ 205.292177][ T9124] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 000000000000000e [ 205.292189][ T9124] RBP: 00007fb777b1e090 R08: 0000000000000000 R09: 0000000000000000 [ 205.292200][ T9124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 205.292210][ T9124] R13: 0000000000000000 R14: 00007fb776fb6080 R15: 00007ffe20de79a8 [ 205.292239][ T9124] [ 205.293350][ T8744] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 205.336290][ T9127] xt_hashlimit: size too large, truncated to 1048576 [ 205.666371][ T8744] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 205.695471][ T9127] warn_alloc: 1 callbacks suppressed [ 205.695490][ T9127] syz.2.765: vmalloc error: size 10485760, failed to allocated page array size 20480, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 205.757647][ T9127] CPU: 1 UID: 0 PID: 9127 Comm: syz.2.765 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) [ 205.757676][ T9127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 205.757688][ T9127] Call Trace: [ 205.757695][ T9127] [ 205.757703][ T9127] dump_stack_lvl+0x189/0x250 [ 205.757738][ T9127] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.757766][ T9127] ? __pfx__printk+0x10/0x10 [ 205.757784][ T9127] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 205.757815][ T9127] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 205.757846][ T9127] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 205.757879][ T9127] warn_alloc+0x214/0x310 [ 205.757912][ T9127] ? __pfx_warn_alloc+0x10/0x10 [ 205.757952][ T9127] ? __get_vm_area_node+0x1c5/0x2d0 [ 205.757975][ T9127] ? __get_vm_area_node+0x25a/0x2d0 [ 205.758005][ T9127] __vmalloc_node_range_noprof+0x5f2/0x12c0 [ 205.758055][ T9127] ? __lock_acquire+0xaac/0xd20 [ 205.758083][ T9127] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 205.758109][ T9127] ? __kasan_kmalloc_large+0x1a/0xa0 [ 205.758134][ T9127] ? rcu_is_watching+0x15/0xb0 [ 205.758182][ T9127] ? htable_create+0xfc/0x7a0 [ 205.758205][ T9127] ? htable_create+0xfc/0x7a0 [ 205.758225][ T9127] __kvmalloc_node_noprof+0x3a0/0x5e0 [ 205.758250][ T9127] ? htable_create+0xfc/0x7a0 [ 205.758281][ T9127] ? hashlimit_pernet+0x23/0x240 [ 205.758309][ T9127] htable_create+0xfc/0x7a0 [ 205.758337][ T9127] hashlimit_mt_check_common+0x719/0xa10 [ 205.758370][ T9127] xt_check_match+0x3ce/0xab0 [ 205.758391][ T9127] ? __pfx___mutex_lock+0x10/0x10 [ 205.758421][ T9127] ? __pfx_xt_check_match+0x10/0x10 [ 205.758444][ T9127] ? pcpu_alloc_noprof+0xfdb/0x16b0 [ 205.758477][ T9127] ? xt_find_match+0x1f7/0x250 [ 205.758503][ T9127] translate_table+0x1553/0x2040 [ 205.758547][ T9127] ? __pfx_translate_table+0x10/0x10 [ 205.758570][ T9127] ? __might_fault+0xb0/0x130 [ 205.758611][ T9127] ? _copy_from_user+0x94/0xb0 [ 205.758641][ T9127] do_ip6t_set_ctl+0x970/0xce0 [ 205.758665][ T9127] ? futex_unqueue+0xcb/0xf0 [ 205.758683][ T9127] ? rcu_is_watching+0x15/0xb0 [ 205.758709][ T9127] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 205.758747][ T9127] ? __pfx___mutex_lock+0x10/0x10 [ 205.758772][ T9127] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 205.758802][ T9127] ? futex_wait+0x285/0x360 [ 205.758828][ T9127] ? __pfx_futex_wait+0x10/0x10 [ 205.758856][ T9127] nf_setsockopt+0x26c/0x290 [ 205.758884][ T9127] rawv6_setsockopt+0x23b/0x5b0 [ 205.758911][ T9127] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 205.758941][ T9127] ? aa_sock_opt_perm+0x74/0x110 [ 205.758960][ T9127] ? sock_common_setsockopt+0x36/0xc0 [ 205.759000][ T9127] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 205.759028][ T9127] do_sock_setsockopt+0x257/0x3e0 [ 205.759070][ T9127] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 205.759088][ T9127] ? __fget_files+0x2a/0x420 [ 205.759116][ T9127] ? __fget_files+0x3a0/0x420 [ 205.759138][ T9127] ? __fget_files+0x2a/0x420 [ 205.759169][ T9127] __x64_sys_setsockopt+0x18b/0x220 [ 205.759197][ T9127] do_syscall_64+0xf6/0x210 [ 205.759224][ T9127] ? clear_bhb_loop+0x45/0xa0 [ 205.759247][ T9127] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.759264][ T9127] RIP: 0033:0x7fc52518e969 [ 205.759281][ T9127] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.759297][ T9127] RSP: 002b:00007fc526059038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 205.759317][ T9127] RAX: ffffffffffffffda RBX: 00007fc5253b5fa0 RCX: 00007fc52518e969 [ 205.759331][ T9127] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000004 [ 205.759342][ T9127] RBP: 00007fc525210ab1 R08: 0000000000000588 R09: 0000000000000000 [ 205.759353][ T9127] R10: 00002000000014c0 R11: 0000000000000246 R12: 0000000000000000 [ 205.759365][ T9127] R13: 0000000000000000 R14: 00007fc5253b5fa0 R15: 00007ffc022cb648 [ 205.759394][ T9127] [ 205.759402][ T9127] Mem-Info: [ 206.118454][ T8744] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 206.161321][ T9127] active_anon:9563 inactive_anon:0 isolated_anon:0 [ 206.161321][ T9127] active_file:1683 inactive_file:38382 isolated_file:0 [ 206.161321][ T9127] unevictable:768 dirty:180 writeback:0 [ 206.161321][ T9127] slab_reclaimable:10211 slab_unreclaimable:100116 [ 206.161321][ T9127] mapped:31842 shmem:4280 pagetables:891 [ 206.161321][ T9127] sec_pagetables:0 bounce:0 [ 206.161321][ T9127] kernel_misc_reclaimable:0 [ 206.161321][ T9127] free:1341054 free_pcp:175 free_cma:0 [ 206.260013][ T9127] Node 0 active_anon:38252kB inactive_anon:0kB active_file:6732kB inactive_file:153456kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:127368kB dirty:716kB writeback:0kB shmem:15584kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10744kB pagetables:3364kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 206.304512][ T9127] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 206.345712][ T9127] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 206.383964][ T9127] lowmem_reserve[]: 0 2504 2504 2504 2504 [ 206.398262][ T9127] Node 0 DMA32 free:1441516kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB active_anon:34244kB inactive_anon:0kB active_file:6732kB inactive_file:153364kB unevictable:1536kB writepending:712kB present:3129332kB managed:2564100kB mlocked:0kB bounce:0kB free_pcp:2768kB local_pcp:1104kB free_cma:0kB [ 206.432444][ T9127] lowmem_reserve[]: 0 0 0 0 0 [ 206.437689][ T9127] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:8kB inactive_anon:0kB active_file:0kB inactive_file:92kB unevictable:0kB writepending:4kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 206.465509][ T9127] lowmem_reserve[]: 0 0 0 0 0 [ 206.470719][ T9127] Node 1 Normal free:3910656kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:72kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 206.522605][ T9127] lowmem_reserve[]: 0 0 0 0 0 [ 206.530061][ T9127] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 206.553651][ T9127] Node 0 DMA32: 233*4kB (UME) 221*8kB (UME) 173*16kB (UME) 278*32kB (UME) 60*64kB (UME) 22*128kB (UME) 160*256kB (UM) 174*512kB (UME) 110*1024kB (UM) 57*2048kB (UME) 260*4096kB (UME) = 1445404kB [ 206.586457][ T9127] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 206.631877][ T9127] Node 1 Normal: 214*4kB (UM) 47*8kB (UME) 37*16kB (UME) 215*32kB (UME) 104*64kB (UME) 30*128kB (UME) 17*256kB (UME) 8*512kB (UM) 2*1024kB (ME) 1*2048kB (E) 947*4096kB (M) = 3910656kB [ 206.663328][ T9127] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 206.674967][ T9127] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 206.691058][ T9127] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 206.702654][ T9127] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 206.732180][ T8744] 8021q: adding VLAN 0 to HW filter on device bond0 [ 206.740888][ T9127] 41495 total pagecache pages [ 206.750661][ T9127] 0 pages in swap cache [ 206.765937][ T9127] Free swap = 124996kB [ 206.774370][ T9127] Total swap = 124996kB [ 206.793958][ T9127] 2097051 pages RAM [ 206.816635][ T8744] 8021q: adding VLAN 0 to HW filter on device team0 [ 206.824359][ T9127] 0 pages HighMem/MovableOnly [ 206.829375][ T9127] 424368 pages reserved [ 206.833574][ T9127] 0 pages cma reserved [ 206.849986][ T9160] x_tables: ip6_tables: socket match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT [ 206.863839][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.871059][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 206.904250][ T771] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.911492][ T771] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.010324][ T8744] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 207.021674][ T8744] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 207.263766][ T9172] netlink: 4 bytes leftover after parsing attributes in process `syz.4.777'. [ 207.302631][ T8804] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 207.349652][ T8804] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 207.376668][ T8804] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 207.447339][ T8804] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 207.816526][ T8744] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 207.864720][ T8804] 8021q: adding VLAN 0 to HW filter on device bond0 [ 207.963610][ T8804] 8021q: adding VLAN 0 to HW filter on device team0 [ 208.051349][ T78] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.058697][ T78] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.150751][ T771] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.157986][ T771] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.211437][ T8744] veth0_vlan: entered promiscuous mode [ 208.290767][ T8744] veth1_vlan: entered promiscuous mode [ 208.398948][ T8744] veth0_macvtap: entered promiscuous mode [ 208.426462][ T8744] veth1_macvtap: entered promiscuous mode [ 208.485353][ T8744] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 208.519108][ T8744] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 208.534477][ T8744] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 208.548994][ T8744] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 208.562307][ T8744] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 208.585521][ T9226] netlink: 'syz.2.787': attribute type 10 has an invalid length. [ 208.613958][ T8744] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 208.643703][ T8744] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 208.665090][ T8744] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 208.683750][ T8744] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 208.701389][ T8744] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 208.728919][ T8744] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 208.740122][ T8744] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 208.749671][ T8744] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 208.758944][ T8744] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 208.812895][ T8804] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 208.932311][ T8804] veth0_vlan: entered promiscuous mode [ 208.942860][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 208.976290][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 209.012781][ T8804] veth1_vlan: entered promiscuous mode [ 209.055888][ T771] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 209.072416][ T771] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 209.119716][ T8804] veth0_macvtap: entered promiscuous mode [ 209.145264][ T8804] veth1_macvtap: entered promiscuous mode [ 209.209561][ T8804] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 209.221609][ T8804] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.236470][ T8804] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 209.253751][ T8804] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.273769][ T8804] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 209.281204][ T9244] netlink: 76 bytes leftover after parsing attributes in process `syz.4.789'. [ 209.285985][ T8804] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.308911][ T8804] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 209.341435][ T8804] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 209.367024][ T8804] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.391836][ T9249] netlink: 76 bytes leftover after parsing attributes in process `syz.4.789'. [ 209.401368][ T8804] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 209.412145][ T8804] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.423150][ T8804] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 209.436983][ T8804] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.454458][ T8804] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 209.484752][ T9248] netlink: 36 bytes leftover after parsing attributes in process `syz.0.791'. [ 209.614587][ T9255] netlink: 52 bytes leftover after parsing attributes in process `syz.4.793'. [ 209.641194][ T9252] tipc: Enabling of bearer rejected, already enabled [ 209.656015][ T8804] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.687142][ T8804] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.721642][ T8804] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.748799][ T8804] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.137576][ T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.344746][ T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.402153][ T9271] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 210.475183][ T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.532700][ T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.549321][ T9273] lo speed is unknown, defaulting to 1000 [ 210.589391][ T9273] lo speed is unknown, defaulting to 1000 [ 210.639258][ T771] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 210.655082][ T771] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 210.705164][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 210.734635][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 210.959926][ T13] bridge_slave_1: left allmulticast mode [ 210.965619][ T13] bridge_slave_1: left promiscuous mode [ 210.975312][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.987217][ T13] bridge_slave_0: left allmulticast mode [ 210.992897][ T13] bridge_slave_0: left promiscuous mode [ 211.003839][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.171644][ T9285] netlink: 452 bytes leftover after parsing attributes in process `syz.0.800'. [ 211.256757][ T9287] netlink: 76 bytes leftover after parsing attributes in process `syz.0.801'. [ 211.449272][ T5839] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 211.459022][ T5839] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 211.466792][ T5839] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 211.485147][ T5839] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 211.497285][ T5839] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 211.583497][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 211.594267][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 211.606238][ T13] bond0 (unregistering): Released all slaves [ 211.781765][ T9288] lo speed is unknown, defaulting to 1000 [ 211.857757][ T9288] lo speed is unknown, defaulting to 1000 [ 212.643486][ T13] hsr_slave_0: left promiscuous mode [ 212.650207][ T13] hsr_slave_1: left promiscuous mode [ 212.656019][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 212.665839][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 212.674535][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 212.682608][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 212.742408][ T13] veth1_macvtap: left promiscuous mode [ 212.757828][ T13] veth0_macvtap: left promiscuous mode [ 212.766153][ T13] veth1_vlan: left promiscuous mode [ 212.773039][ T13] veth0_vlan: left promiscuous mode [ 212.780893][ T9309] netlink: 76 bytes leftover after parsing attributes in process `syz.4.803'. [ 212.837488][ T9311] netlink: 76 bytes leftover after parsing attributes in process `syz.4.803'. [ 213.090920][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 213.101521][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 213.111269][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 213.120437][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 213.132229][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 213.348748][ T13] team0 (unregistering): Port device team_slave_1 removed [ 213.385935][ T13] team0 (unregistering): Port device team_slave_0 removed [ 213.587995][ T55] Bluetooth: hci1: command tx timeout [ 213.808420][ T9312] syzkaller0: entered promiscuous mode [ 213.814274][ T9312] syzkaller0: entered allmulticast mode [ 215.006570][ T9316] lo speed is unknown, defaulting to 1000 [ 215.032525][ T9288] chnl_net:caif_netlink_parms(): no params data found [ 215.178107][ T55] Bluetooth: hci3: command tx timeout [ 215.243732][ T9316] lo speed is unknown, defaulting to 1000 [ 215.332797][ T9339] netlink: 52 bytes leftover after parsing attributes in process `syz.2.807'. [ 215.486863][ T9347] FAULT_INJECTION: forcing a failure. [ 215.486863][ T9347] name failslab, interval 1, probability 0, space 0, times 0 [ 215.524902][ T9288] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.573154][ T9288] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.581453][ T9347] CPU: 0 UID: 0 PID: 9347 Comm: syz.4.810 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) [ 215.581482][ T9347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 215.581496][ T9347] Call Trace: [ 215.581504][ T9347] [ 215.581513][ T9347] dump_stack_lvl+0x189/0x250 [ 215.581551][ T9347] ? __pfx_dump_stack_lvl+0x10/0x10 [ 215.581580][ T9347] ? __pfx__printk+0x10/0x10 [ 215.581607][ T9347] ? __pfx___might_resched+0x10/0x10 [ 215.581625][ T9347] ? fs_reclaim_acquire+0x7d/0x100 [ 215.581660][ T9347] should_fail_ex+0x414/0x560 [ 215.581698][ T9347] should_failslab+0xa8/0x100 [ 215.581726][ T9347] __kmalloc_noprof+0xcb/0x4f0 [ 215.581751][ T9347] ? __list_lru_init+0xba/0x5c0 [ 215.581775][ T9347] __list_lru_init+0xba/0x5c0 [ 215.581793][ T9347] ? __raw_spin_lock_init+0x45/0x100 [ 215.581823][ T9347] alloc_super+0x7cb/0x970 [ 215.581850][ T9347] sget_fc+0x329/0xa40 [ 215.581885][ T9347] ? __pfx_set_anon_super_fc+0x10/0x10 [ 215.581904][ T9347] ? __pfx_mqueue_fill_super+0x10/0x10 [ 215.581934][ T9347] get_tree_nodev+0x2a/0x150 [ 215.581956][ T9347] vfs_get_tree+0x8f/0x2b0 [ 215.581981][ T9347] fc_mount+0x1c/0xb0 [ 215.582000][ T9347] mq_init_ns+0x3a1/0x510 [ 215.582031][ T9347] copy_ipcs+0x2f6/0x4f0 [ 215.582064][ T9347] create_new_namespaces+0x212/0x700 [ 215.582107][ T9347] unshare_nsproxy_namespaces+0x11c/0x170 [ 215.582139][ T9347] ksys_unshare+0x4c8/0x8c0 [ 215.582167][ T9347] ? __pfx_ksys_unshare+0x10/0x10 [ 215.582186][ T9347] ? ksys_write+0x1f0/0x250 [ 215.582212][ T9347] ? rcu_is_watching+0x15/0xb0 [ 215.582253][ T9347] __x64_sys_unshare+0x38/0x50 [ 215.582274][ T9347] do_syscall_64+0xf6/0x210 [ 215.582303][ T9347] ? clear_bhb_loop+0x45/0xa0 [ 215.582326][ T9347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.582343][ T9347] RIP: 0033:0x7fb776d8e969 [ 215.582361][ T9347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.582376][ T9347] RSP: 002b:00007fb777b3f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 215.582397][ T9347] RAX: ffffffffffffffda RBX: 00007fb776fb5fa0 RCX: 00007fb776d8e969 [ 215.582410][ T9347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006a040000 [ 215.582421][ T9347] RBP: 00007fb777b3f090 R08: 0000000000000000 R09: 0000000000000000 [ 215.582432][ T9347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 215.582443][ T9347] R13: 0000000000000000 R14: 00007fb776fb5fa0 R15: 00007ffe20de79a8 [ 215.582471][ T9347] [ 215.843153][ T9288] bridge_slave_0: entered allmulticast mode [ 215.859346][ T55] Bluetooth: hci1: command tx timeout [ 215.863339][ T9288] bridge_slave_0: entered promiscuous mode [ 215.889178][ T9288] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.904718][ T9288] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.936328][ T9355] xt_hashlimit: invalid rate [ 215.944801][ T9355] netlink: 36 bytes leftover after parsing attributes in process `syz.2.812'. [ 215.956442][ T9288] bridge_slave_1: entered allmulticast mode [ 215.964444][ T9288] bridge_slave_1: entered promiscuous mode [ 216.059392][ T9359] netlink: 76 bytes leftover after parsing attributes in process `syz.2.814'. [ 216.112054][ T9362] netlink: 76 bytes leftover after parsing attributes in process `syz.2.814'. [ 216.220442][ T9288] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 216.249897][ T9288] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 216.446185][ T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.491616][ T9372] tipc: Started in network mode [ 216.496548][ T9372] tipc: Node identity 00000000000000000000ffff640101, cluster identity 4711 [ 216.517077][ T9372] tipc: Enabling of bearer rejected, failed to enable media [ 216.539300][ T9288] team0: Port device team_slave_0 added [ 216.571923][ T9288] team0: Port device team_slave_1 added [ 216.700686][ T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 216.847697][ T9288] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 216.877213][ T9288] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 216.936038][ T9398] netlink: 52 bytes leftover after parsing attributes in process `syz.4.822'. [ 216.945642][ T9288] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 216.964341][ T9288] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 216.972973][ T9288] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 217.003221][ T9288] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 217.061779][ T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.257511][ T55] Bluetooth: hci3: command tx timeout [ 217.286958][ T9411] netlink: 76 bytes leftover after parsing attributes in process `syz.4.826'. [ 217.299118][ T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.346614][ T9415] netlink: 76 bytes leftover after parsing attributes in process `syz.4.826'. [ 217.412015][ T9288] hsr_slave_0: entered promiscuous mode [ 217.419154][ T9288] hsr_slave_1: entered promiscuous mode [ 217.425549][ T9288] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 217.433943][ T9288] Cannot create hsr debugfs directory [ 217.897627][ T55] Bluetooth: hci1: command tx timeout [ 218.126767][ T9316] chnl_net:caif_netlink_parms(): no params data found [ 218.196530][ T13] bridge_slave_1: left allmulticast mode [ 218.207967][ T13] bridge_slave_1: left promiscuous mode [ 218.216091][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.254552][ T13] bridge_slave_0: left allmulticast mode [ 218.266998][ T13] bridge_slave_0: left promiscuous mode [ 218.293564][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.688294][ T9470] netlink: 52 bytes leftover after parsing attributes in process `syz.2.836'. [ 218.833568][ T9474] nftables ruleset with unbound chain [ 219.045681][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 219.056526][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 219.071171][ T13] bond0 (unregistering): Released all slaves [ 219.238926][ T9480] netlink: 76 bytes leftover after parsing attributes in process `syz.2.839'. [ 219.250292][ T9480] netlink: 76 bytes leftover after parsing attributes in process `syz.2.839'. [ 219.337081][ T55] Bluetooth: hci3: command tx timeout [ 219.844478][ T9316] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.857255][ T9316] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.873688][ T9316] bridge_slave_0: entered allmulticast mode [ 219.882247][ T9316] bridge_slave_0: entered promiscuous mode [ 219.936359][ T9501] netlink: 16 bytes leftover after parsing attributes in process `syz.0.844'. [ 219.977107][ T55] Bluetooth: hci1: command tx timeout [ 220.076684][ T9316] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.106806][ T9316] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.155855][ T9316] bridge_slave_1: entered allmulticast mode [ 220.178806][ T9316] bridge_slave_1: entered promiscuous mode [ 220.225259][ T9508] netlink: 452 bytes leftover after parsing attributes in process `syz.0.844'. [ 220.404987][ T13] hsr_slave_0: left promiscuous mode [ 220.429584][ T9515] FAULT_INJECTION: forcing a failure. [ 220.429584][ T9515] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 220.444444][ T13] hsr_slave_1: left promiscuous mode [ 220.459538][ T9515] CPU: 0 UID: 0 PID: 9515 Comm: syz.0.846 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) [ 220.459567][ T9515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 220.459578][ T9515] Call Trace: [ 220.459585][ T9515] [ 220.459592][ T9515] dump_stack_lvl+0x189/0x250 [ 220.459622][ T9515] ? __lock_acquire+0xaac/0xd20 [ 220.459650][ T9515] ? __pfx_dump_stack_lvl+0x10/0x10 [ 220.459683][ T9515] ? __pfx__printk+0x10/0x10 [ 220.459712][ T9515] ? __might_fault+0xb0/0x130 [ 220.459744][ T9515] should_fail_ex+0x414/0x560 [ 220.459775][ T9515] _copy_from_iter+0x1db/0x15a0 [ 220.459802][ T9515] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 220.459821][ T9515] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 220.459844][ T9515] ? __pfx__copy_from_iter+0x10/0x10 [ 220.459865][ T9515] ? __build_skb_around+0x257/0x3e0 [ 220.459887][ T9515] ? netlink_sendmsg+0x642/0xb30 [ 220.459904][ T9515] ? skb_put+0x11b/0x210 [ 220.459943][ T9515] netlink_sendmsg+0x6b2/0xb30 [ 220.459972][ T9515] ? __pfx_netlink_sendmsg+0x10/0x10 [ 220.459995][ T9515] ? aa_sock_msg_perm+0x94/0x160 [ 220.460015][ T9515] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 220.460036][ T9515] ? __pfx_netlink_sendmsg+0x10/0x10 [ 220.460056][ T9515] __sock_sendmsg+0x219/0x270 [ 220.460086][ T9515] ____sys_sendmsg+0x505/0x830 [ 220.460113][ T9515] ? __pfx_____sys_sendmsg+0x10/0x10 [ 220.460143][ T9515] ? import_iovec+0x74/0xa0 [ 220.460168][ T9515] ___sys_sendmsg+0x21f/0x2a0 [ 220.460191][ T9515] ? __pfx____sys_sendmsg+0x10/0x10 [ 220.460245][ T9515] ? __fget_files+0x2a/0x420 [ 220.460265][ T9515] ? __fget_files+0x3a0/0x420 [ 220.460297][ T9515] __x64_sys_sendmsg+0x19b/0x260 [ 220.460321][ T9515] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 220.460357][ T9515] ? do_syscall_64+0xba/0x210 [ 220.460384][ T9515] do_syscall_64+0xf6/0x210 [ 220.460406][ T9515] ? clear_bhb_loop+0x45/0xa0 [ 220.460426][ T9515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 220.460441][ T9515] RIP: 0033:0x7f9cf2d8e969 [ 220.460455][ T9515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 220.460470][ T9515] RSP: 002b:00007f9cf3b8c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 220.460488][ T9515] RAX: ffffffffffffffda RBX: 00007f9cf2fb5fa0 RCX: 00007f9cf2d8e969 [ 220.460501][ T9515] RDX: 0000000020008040 RSI: 0000200000001000 RDI: 0000000000000003 [ 220.460513][ T9515] RBP: 00007f9cf3b8c090 R08: 0000000000000000 R09: 0000000000000000 [ 220.460524][ T9515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 220.460534][ T9515] R13: 0000000000000000 R14: 00007f9cf2fb5fa0 R15: 00007ffc94465528 [ 220.460562][ T9515] [ 220.462431][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 220.736967][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 220.749467][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 220.766979][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 220.806646][ T9528] netlink: 52 bytes leftover after parsing attributes in process `syz.0.849'. [ 220.829378][ T13] veth1_macvtap: left promiscuous mode [ 220.834963][ T13] veth0_macvtap: left promiscuous mode [ 220.841342][ T13] veth1_vlan: left promiscuous mode [ 220.846713][ T13] veth0_vlan: left promiscuous mode [ 221.214225][ T9534] netlink: 76 bytes leftover after parsing attributes in process `syz.2.851'. [ 221.365123][ T13] team0 (unregistering): Port device team_slave_1 removed [ 221.401691][ T13] team0 (unregistering): Port device team_slave_0 removed [ 221.420558][ T55] Bluetooth: hci3: command tx timeout [ 221.758977][ T9316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 221.829032][ T9316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 221.989241][ T9316] team0: Port device team_slave_0 added [ 222.026892][ T9316] team0: Port device team_slave_1 added [ 222.167493][ T9548] netlink: 'syz.4.857': attribute type 39 has an invalid length. [ 222.167615][ T9316] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 222.186439][ T9316] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 222.218337][ T9316] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 222.235279][ T9316] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 222.243308][ T9316] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 222.272536][ T9316] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 222.335764][ T9555] __nla_validate_parse: 1 callbacks suppressed [ 222.335783][ T9555] netlink: 56 bytes leftover after parsing attributes in process `syz.0.860'. [ 222.360446][ T9288] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 222.426550][ T9288] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 222.469829][ T9288] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 222.478843][ T9557] xt_hashlimit: size too large, truncated to 1048576 [ 222.521783][ T9316] hsr_slave_0: entered promiscuous mode [ 222.549816][ T9316] hsr_slave_1: entered promiscuous mode [ 222.566358][ T9316] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 222.587797][ T9558] delete_channel: no stack [ 222.593042][ T9316] Cannot create hsr debugfs directory [ 222.627022][ T9288] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 222.722007][ T9558] netlink: 52 bytes leftover after parsing attributes in process `syz.2.861'. [ 223.176141][ T9568] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 223.448594][ T9288] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.486675][ T9288] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.512841][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.520073][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 223.603726][ T771] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.610947][ T771] bridge0: port 2(bridge_slave_1) entered forwarding state [ 223.821816][ T9288] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 223.934283][ T9316] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 223.974091][ T9600] netlink: 8 bytes leftover after parsing attributes in process `syz.0.873'. [ 224.014929][ T9597] FAULT_INJECTION: forcing a failure. [ 224.014929][ T9597] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 224.015352][ T9316] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 224.071144][ T9316] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 224.089075][ T9597] CPU: 1 UID: 0 PID: 9597 Comm: syz.4.872 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) [ 224.089103][ T9597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 224.089115][ T9597] Call Trace: [ 224.089123][ T9597] [ 224.089130][ T9597] dump_stack_lvl+0x189/0x250 [ 224.089167][ T9597] ? __pfx_dump_stack_lvl+0x10/0x10 [ 224.089195][ T9597] ? __pfx__printk+0x10/0x10 [ 224.089224][ T9597] should_fail_ex+0x414/0x560 [ 224.089254][ T9597] _copy_to_user+0x31/0xb0 [ 224.089286][ T9597] simple_read_from_buffer+0xe1/0x170 [ 224.089311][ T9597] proc_fail_nth_read+0x1df/0x250 [ 224.089340][ T9597] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 224.089368][ T9597] ? rw_verify_area+0x258/0x650 [ 224.089388][ T9597] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 224.089413][ T9597] vfs_read+0x1fd/0x980 [ 224.089438][ T9597] ? __pfx___mutex_lock+0x10/0x10 [ 224.089464][ T9597] ? __pfx_vfs_read+0x10/0x10 [ 224.089485][ T9597] ? __fget_files+0x2a/0x420 [ 224.089513][ T9597] ? __fget_files+0x3a0/0x420 [ 224.089535][ T9597] ? __fget_files+0x2a/0x420 [ 224.089567][ T9597] ksys_read+0x145/0x250 [ 224.089585][ T9597] ? rcu_is_watching+0x15/0xb0 [ 224.089614][ T9597] ? __pfx_ksys_read+0x10/0x10 [ 224.089637][ T9597] ? do_syscall_64+0xba/0x210 [ 224.089668][ T9597] do_syscall_64+0xf6/0x210 [ 224.089694][ T9597] ? clear_bhb_loop+0x45/0xa0 [ 224.089717][ T9597] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.089734][ T9597] RIP: 0033:0x7fb776d8d37c [ 224.089750][ T9597] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 224.089765][ T9597] RSP: 002b:00007fb777b3f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 224.089784][ T9597] RAX: ffffffffffffffda RBX: 00007fb776fb5fa0 RCX: 00007fb776d8d37c [ 224.089797][ T9597] RDX: 000000000000000f RSI: 00007fb777b3f0a0 RDI: 0000000000000004 [ 224.089808][ T9597] RBP: 00007fb777b3f090 R08: 0000000000000000 R09: 0000000000000000 [ 224.089819][ T9597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 224.089829][ T9597] R13: 0000000000000000 R14: 00007fb776fb5fa0 R15: 00007ffe20de79a8 [ 224.089857][ T9597] [ 224.322017][ T9316] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 224.450372][ T9609] FAULT_INJECTION: forcing a failure. [ 224.450372][ T9609] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 224.464221][ T55] Bluetooth: hci3: command tx timeout [ 224.523130][ T9609] CPU: 0 UID: 0 PID: 9609 Comm: syz.0.875 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) [ 224.523158][ T9609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 224.523170][ T9609] Call Trace: [ 224.523178][ T9609] [ 224.523187][ T9609] dump_stack_lvl+0x189/0x250 [ 224.523218][ T9609] ? __lock_acquire+0xaac/0xd20 [ 224.523255][ T9609] ? __pfx_dump_stack_lvl+0x10/0x10 [ 224.523284][ T9609] ? __pfx__printk+0x10/0x10 [ 224.523304][ T9609] ? __might_fault+0xb0/0x130 [ 224.523351][ T9609] should_fail_ex+0x414/0x560 [ 224.523386][ T9609] _copy_from_iter+0x1db/0x15a0 [ 224.523409][ T9609] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 224.523430][ T9609] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 224.523460][ T9609] ? __pfx__copy_from_iter+0x10/0x10 [ 224.523485][ T9609] ? skb_set_owner_w+0x25b/0x3a0 [ 224.523510][ T9609] ? skb_put+0x11b/0x210 [ 224.523534][ T9609] pppoe_sendmsg+0x46a/0x790 [ 224.523561][ T9609] ? __pfx_pppoe_sendmsg+0x10/0x10 [ 224.523581][ T9609] ? aa_sock_msg_perm+0x94/0x160 [ 224.523601][ T9609] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 224.523623][ T9609] ? __pfx_pppoe_sendmsg+0x10/0x10 [ 224.523642][ T9609] __sock_sendmsg+0x219/0x270 [ 224.523673][ T9609] ____sys_sendmsg+0x52d/0x830 [ 224.523701][ T9609] ? __pfx_____sys_sendmsg+0x10/0x10 [ 224.523732][ T9609] ? import_iovec+0x74/0xa0 [ 224.523760][ T9609] ___sys_sendmsg+0x21f/0x2a0 [ 224.523784][ T9609] ? __pfx____sys_sendmsg+0x10/0x10 [ 224.523843][ T9609] ? __fget_files+0x2a/0x420 [ 224.523866][ T9609] ? __fget_files+0x3a0/0x420 [ 224.523899][ T9609] __sys_sendmmsg+0x227/0x430 [ 224.523928][ T9609] ? __pfx___sys_sendmmsg+0x10/0x10 [ 224.523959][ T9609] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 224.524022][ T9609] ? ksys_write+0x1f0/0x250 [ 224.524041][ T9609] ? rcu_is_watching+0x15/0xb0 [ 224.524080][ T9609] __x64_sys_sendmmsg+0xa0/0xc0 [ 224.524106][ T9609] do_syscall_64+0xf6/0x210 [ 224.524134][ T9609] ? clear_bhb_loop+0x45/0xa0 [ 224.524158][ T9609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.524180][ T9609] RIP: 0033:0x7f9cf2d8e969 [ 224.524198][ T9609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 224.524215][ T9609] RSP: 002b:00007f9cf3b8c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 224.524243][ T9609] RAX: ffffffffffffffda RBX: 00007f9cf2fb5fa0 RCX: 00007f9cf2d8e969 [ 224.524256][ T9609] RDX: 0000000000000001 RSI: 0000200000001600 RDI: 0000000000000003 [ 224.524268][ T9609] RBP: 00007f9cf3b8c090 R08: 0000000000000000 R09: 0000000000000000 [ 224.524279][ T9609] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000001 [ 224.524290][ T9609] R13: 0000000000000000 R14: 00007f9cf2fb5fa0 R15: 00007ffc94465528 [ 224.524320][ T9609] [ 224.852011][ T9316] 8021q: adding VLAN 0 to HW filter on device bond0 [ 224.865921][ T9288] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 224.915923][ T9316] 8021q: adding VLAN 0 to HW filter on device team0 [ 224.990925][ T3501] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.998164][ T3501] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.080284][ T3501] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.087498][ T3501] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.187851][ T9288] veth0_vlan: entered promiscuous mode [ 225.239206][ T9288] veth1_vlan: entered promiscuous mode [ 225.402752][ T9288] veth0_macvtap: entered promiscuous mode [ 225.433634][ T9288] veth1_macvtap: entered promiscuous mode [ 225.496801][ T9288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 225.530969][ T9288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.544686][ T9288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 225.559995][ T9288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.573445][ T9288] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 225.612339][ T9288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 225.641520][ T9288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.665245][ T9288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 225.688151][ T9288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.722216][ T9288] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 225.823695][ T9288] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.846440][ T9288] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.875800][ T9288] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.898357][ T9288] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 226.015672][ T9316] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 226.125933][ T9661] netlink: 4 bytes leftover after parsing attributes in process `syz.0.887'. [ 226.204255][ T771] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 226.245545][ T9665] x_tables: duplicate underflow at hook 1 [ 226.251778][ T771] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 226.276252][ T9316] veth0_vlan: entered promiscuous mode [ 226.365835][ T9669] syzkaller1: entered promiscuous mode [ 226.387864][ T9669] syzkaller1: entered allmulticast mode [ 226.395185][ T9316] veth1_vlan: entered promiscuous mode [ 226.426735][ T771] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 226.449605][ T771] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 226.602588][ T9316] veth0_macvtap: entered promiscuous mode [ 226.673899][ T9316] veth1_macvtap: entered promiscuous mode [ 226.721560][ T9674] siw: device registration error -23 [ 226.749907][ T9316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 226.767404][ T9316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 226.806999][ T9316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 226.836109][ T9316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 226.856356][ T9316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 226.877138][ T9316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 226.903116][ T9316] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 227.024210][ T9685] FAULT_INJECTION: forcing a failure. [ 227.024210][ T9685] name failslab, interval 1, probability 0, space 0, times 0 [ 227.051185][ T9685] CPU: 1 UID: 0 PID: 9685 Comm: syz.0.894 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) [ 227.051216][ T9685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 227.051228][ T9685] Call Trace: [ 227.051236][ T9685] [ 227.051245][ T9685] dump_stack_lvl+0x189/0x250 [ 227.051283][ T9685] ? __pfx_dump_stack_lvl+0x10/0x10 [ 227.051313][ T9685] ? __pfx__printk+0x10/0x10 [ 227.051338][ T9685] ? __mutex_trylock_common+0x153/0x260 [ 227.051368][ T9685] should_fail_ex+0x414/0x560 [ 227.051404][ T9685] should_failslab+0xa8/0x100 [ 227.051433][ T9685] __kmalloc_cache_noprof+0x70/0x3d0 [ 227.051458][ T9685] ? __hw_addr_add_ex+0x1f4/0x770 [ 227.051487][ T9685] __hw_addr_add_ex+0x1f4/0x770 [ 227.051517][ T9685] dev_addr_init+0x14f/0x230 [ 227.051546][ T9685] ? __pfx_dev_addr_init+0x10/0x10 [ 227.051584][ T9685] alloc_netdev_mqs+0x2f3/0x11e0 [ 227.051610][ T9685] ? __pfx_ip6_tnl_dev_setup+0x10/0x10 [ 227.051647][ T9685] ip6_tnl_locate+0x658/0x810 [ 227.051680][ T9685] ? __pfx_ip6_tnl_locate+0x10/0x10 [ 227.051703][ T9685] ? ip6_tnl_siocdevprivate+0x60c/0xad0 [ 227.051749][ T9685] ip6_tnl_siocdevprivate+0x630/0xad0 [ 227.051788][ T9685] ? __pfx_ip6_tnl_siocdevprivate+0x10/0x10 [ 227.051830][ T9685] ? rcu_is_watching+0x15/0xb0 [ 227.051891][ T9685] ? full_name_hash+0x92/0xe0 [ 227.051921][ T9685] ? netdev_name_node_lookup+0xdf/0x120 [ 227.051951][ T9685] dev_ifsioc+0xb54/0xf00 [ 227.051978][ T9685] dev_ioctl+0x84c/0x1150 [ 227.052010][ T9685] sock_ioctl+0x719/0x790 [ 227.052039][ T9685] ? __pfx_sock_ioctl+0x10/0x10 [ 227.052068][ T9685] ? __fget_files+0x3a0/0x420 [ 227.052091][ T9685] ? __fget_files+0x2a/0x420 [ 227.052117][ T9685] ? bpf_lsm_file_ioctl+0x9/0x20 [ 227.052141][ T9685] ? __pfx_sock_ioctl+0x10/0x10 [ 227.052166][ T9685] __se_sys_ioctl+0xf9/0x170 [ 227.052187][ T9685] do_syscall_64+0xf6/0x210 [ 227.052214][ T9685] ? clear_bhb_loop+0x45/0xa0 [ 227.052237][ T9685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.052254][ T9685] RIP: 0033:0x7f9cf2d8e969 [ 227.052271][ T9685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 227.052285][ T9685] RSP: 002b:00007f9cf3b8c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 227.052304][ T9685] RAX: ffffffffffffffda RBX: 00007f9cf2fb5fa0 RCX: 00007f9cf2d8e969 [ 227.052317][ T9685] RDX: 00002000000000c0 RSI: 00000000000089f1 RDI: 0000000000000003 [ 227.052329][ T9685] RBP: 00007f9cf3b8c090 R08: 0000000000000000 R09: 0000000000000000 [ 227.052340][ T9685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 227.052350][ T9685] R13: 0000000000000000 R14: 00007f9cf2fb5fa0 R15: 00007ffc94465528 [ 227.052379][ T9685] [ 227.342593][ T9316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 227.353247][ T9316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.363152][ T9316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 227.373980][ T9316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.383870][ T9316] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 227.394339][ T9316] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 227.405648][ T9316] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 227.416772][ T9316] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.432960][ T9316] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.442058][ T9316] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.450999][ T9316] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.616692][ T9705] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 227.684868][ T3501] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 227.880754][ T3501] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.034358][ T3501] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.150362][ T771] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.179176][ T771] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.193333][ T3501] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.272383][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.283800][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.535700][ T3501] bridge_slave_1: left allmulticast mode [ 228.548616][ T3501] bridge_slave_1: left promiscuous mode [ 228.554527][ T3501] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.569303][ T3501] bridge_slave_0: left allmulticast mode [ 228.575057][ T3501] bridge_slave_0: left promiscuous mode [ 228.597703][ T3501] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.531674][ T5839] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 229.548520][ T5839] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 229.559128][ T5839] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 229.568807][ T5839] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 229.578216][ T5839] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 229.645417][ T3501] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 229.656360][ T3501] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 229.672509][ T3501] bond0 (unregistering): Released all slaves [ 229.687246][ T9740] tipc: Cannot configure node identity twice [ 229.758131][ T9756] lo speed is unknown, defaulting to 1000 [ 229.802578][ T9756] lo speed is unknown, defaulting to 1000 [ 230.444651][ T9781] netlink: 'syz.4.905': attribute type 1 has an invalid length. [ 230.470952][ T9781] netlink: 4 bytes leftover after parsing attributes in process `syz.4.905'. [ 230.696607][ T3501] hsr_slave_0: left promiscuous mode [ 230.746752][ T3501] hsr_slave_1: left promiscuous mode [ 230.757328][ T9790] xt_CT: No such helper "syz0" [ 230.778552][ T3501] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 230.808095][ T9794] ipt_ECN: cannot use operation on non-tcp rule [ 230.817008][ T3501] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 230.860751][ T3501] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 230.890763][ T3501] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 230.894216][ T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 230.914423][ T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 230.922807][ T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 230.937696][ T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 230.945462][ T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 230.990079][ T3501] veth1_macvtap: left promiscuous mode [ 230.995666][ T3501] veth0_macvtap: left promiscuous mode [ 231.034494][ T3501] veth1_vlan: left promiscuous mode [ 231.050256][ T3501] veth0_vlan: left promiscuous mode [ 231.071870][ T9801] netlink: 'syz.2.910': attribute type 1 has an invalid length. [ 231.668431][ T5839] Bluetooth: hci1: command tx timeout [ 231.725622][ T3501] team0 (unregistering): Port device team_slave_1 removed [ 231.802585][ T3501] team0 (unregistering): Port device team_slave_0 removed [ 232.180499][ T9801] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 232.458769][ T9795] lo speed is unknown, defaulting to 1000 [ 232.496371][ T9822] netlink: 60 bytes leftover after parsing attributes in process `syz.0.915'. [ 232.521458][ T9795] lo speed is unknown, defaulting to 1000 [ 232.531058][ T9822] batadv0: entered promiscuous mode [ 232.536314][ T9822] batadv0: entered allmulticast mode [ 232.576247][ T9756] chnl_net:caif_netlink_parms(): no params data found [ 233.017055][ T5839] Bluetooth: hci3: command tx timeout [ 233.196580][ T9756] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.215894][ T9756] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.236022][ T9756] bridge_slave_0: entered allmulticast mode [ 233.263339][ T9756] bridge_slave_0: entered promiscuous mode [ 233.314080][ T9756] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.328962][ T9857] netlink: 32 bytes leftover after parsing attributes in process `syz.4.925'. [ 233.351546][ T9756] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.359694][ T9756] bridge_slave_1: entered allmulticast mode [ 233.369834][ T9756] bridge_slave_1: entered promiscuous mode [ 233.581142][ T3494] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 233.609514][ T9756] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 233.684260][ T9756] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 233.737728][ T5839] Bluetooth: hci1: command tx timeout [ 233.826664][ T3494] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 233.902241][ T9756] team0: Port device team_slave_0 added [ 233.950922][ T3494] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 233.989262][ T9884] FAULT_INJECTION: forcing a failure. [ 233.989262][ T9884] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 234.019887][ T9884] CPU: 0 UID: 0 PID: 9884 Comm: syz.2.933 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) [ 234.019914][ T9884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 234.019926][ T9884] Call Trace: [ 234.019933][ T9884] [ 234.019941][ T9884] dump_stack_lvl+0x189/0x250 [ 234.019972][ T9884] ? __lock_acquire+0xaac/0xd20 [ 234.020000][ T9884] ? __pfx_dump_stack_lvl+0x10/0x10 [ 234.020032][ T9884] ? __pfx__printk+0x10/0x10 [ 234.020051][ T9884] ? __might_fault+0xb0/0x130 [ 234.020085][ T9884] should_fail_ex+0x414/0x560 [ 234.020117][ T9884] _copy_from_iter+0x1db/0x15a0 [ 234.020145][ T9884] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 234.020165][ T9884] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 234.020190][ T9884] ? __pfx__copy_from_iter+0x10/0x10 [ 234.020212][ T9884] ? __build_skb_around+0x257/0x3e0 [ 234.020236][ T9884] ? netlink_sendmsg+0x642/0xb30 [ 234.020253][ T9884] ? skb_put+0x11b/0x210 [ 234.020276][ T9884] netlink_sendmsg+0x6b2/0xb30 [ 234.020305][ T9884] ? __pfx_netlink_sendmsg+0x10/0x10 [ 234.020327][ T9884] ? aa_sock_msg_perm+0x94/0x160 [ 234.020348][ T9884] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 234.020369][ T9884] ? __pfx_netlink_sendmsg+0x10/0x10 [ 234.020389][ T9884] __sock_sendmsg+0x219/0x270 [ 234.020419][ T9884] ____sys_sendmsg+0x505/0x830 [ 234.020442][ T9884] ? __pfx_____sys_sendmsg+0x10/0x10 [ 234.020468][ T9884] ? import_iovec+0x74/0xa0 [ 234.020490][ T9884] ___sys_sendmsg+0x21f/0x2a0 [ 234.020509][ T9884] ? __pfx____sys_sendmsg+0x10/0x10 [ 234.020552][ T9884] ? __fget_files+0x2a/0x420 [ 234.020570][ T9884] ? __fget_files+0x3a0/0x420 [ 234.020596][ T9884] __x64_sys_sendmsg+0x19b/0x260 [ 234.020621][ T9884] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 234.020651][ T9884] ? do_syscall_64+0xba/0x210 [ 234.020695][ T9884] do_syscall_64+0xf6/0x210 [ 234.020719][ T9884] ? clear_bhb_loop+0x45/0xa0 [ 234.020738][ T9884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.020753][ T9884] RIP: 0033:0x7fc52518e969 [ 234.020768][ T9884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 234.020783][ T9884] RSP: 002b:00007fc526059038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 234.020800][ T9884] RAX: ffffffffffffffda RBX: 00007fc5253b5fa0 RCX: 00007fc52518e969 [ 234.020812][ T9884] RDX: 0000000020000000 RSI: 0000200000000a40 RDI: 0000000000000003 [ 234.020822][ T9884] RBP: 00007fc526059090 R08: 0000000000000000 R09: 0000000000000000 [ 234.020831][ T9884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 234.020840][ T9884] R13: 0000000000000000 R14: 00007fc5253b5fa0 R15: 00007ffc022cb648 [ 234.020866][ T9884] [ 234.294224][ T9756] team0: Port device team_slave_1 added [ 234.430672][ T3494] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 234.513313][ T9756] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 234.523617][ T9756] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.551703][ T9894] openvswitch: netlink: Key type 16144 is out of range max 32 [ 234.560381][ T9756] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 234.640895][ T9756] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 234.661699][ T9756] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.717532][ T9756] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 234.757884][ T9900] netlink: 32 bytes leftover after parsing attributes in process `syz.4.937'. [ 234.790867][ T9795] chnl_net:caif_netlink_parms(): no params data found [ 234.803633][ T9904] netlink: 32 bytes leftover after parsing attributes in process `syz.4.937'. [ 234.996838][ T9756] hsr_slave_0: entered promiscuous mode [ 235.001351][ T9913] netlink: 16 bytes leftover after parsing attributes in process `syz.4.940'. [ 235.009357][ T9756] hsr_slave_1: entered promiscuous mode [ 235.030114][ T9756] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 235.041894][ T9756] Cannot create hsr debugfs directory [ 235.098874][ T5839] Bluetooth: hci3: command tx timeout [ 235.182905][ T9917] netlink: 452 bytes leftover after parsing attributes in process `syz.4.940'. [ 235.471597][ T3494] bridge_slave_1: left allmulticast mode [ 235.479226][ T3494] bridge_slave_1: left promiscuous mode [ 235.485251][ T3494] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.496636][ T3494] bridge_slave_0: left allmulticast mode [ 235.503703][ T3494] bridge_slave_0: left promiscuous mode [ 235.510325][ T3494] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.817339][ T5839] Bluetooth: hci1: command tx timeout [ 235.994107][ T3494] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 236.008368][ T3494] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 236.021425][ T3494] bond0 (unregistering): Released all slaves [ 236.034421][ T9943] netlink: 12 bytes leftover after parsing attributes in process `syz.2.947'. [ 236.073083][ T9795] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.093066][ T9795] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.105938][ T9795] bridge_slave_0: entered allmulticast mode [ 236.114152][ T9795] bridge_slave_0: entered promiscuous mode [ 236.136677][ T9795] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.157433][ T9795] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.164806][ T9795] bridge_slave_1: entered allmulticast mode [ 236.172542][ T9795] bridge_slave_1: entered promiscuous mode [ 236.285213][ T9945] xfrm1: entered promiscuous mode [ 236.293623][ T9945] xfrm1: entered allmulticast mode [ 236.364278][ T9955] netlink: 16 bytes leftover after parsing attributes in process `syz.0.951'. [ 236.441564][ T9795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 236.454961][ T9957] netlink: 40 bytes leftover after parsing attributes in process `syz.2.952'. [ 236.502582][ T9795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 236.532290][ T9958] netlink: 452 bytes leftover after parsing attributes in process `syz.0.951'. [ 236.805320][ T9795] team0: Port device team_slave_0 added [ 236.845175][ T9795] team0: Port device team_slave_1 added [ 237.036620][ T9972] netlink: 'syz.2.958': attribute type 5 has an invalid length. [ 237.051533][ T9972] netlink: 16 bytes leftover after parsing attributes in process `syz.2.958'. [ 237.181672][ T5839] Bluetooth: hci3: command tx timeout [ 237.357788][ T3494] hsr_slave_0: left promiscuous mode [ 237.375046][ T3494] hsr_slave_1: left promiscuous mode [ 237.385808][ T3494] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 237.406228][ T3494] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 237.418704][ T3494] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 237.440633][ T3494] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 237.475257][ T3494] veth1_macvtap: left promiscuous mode [ 237.481383][ T3494] veth0_macvtap: left promiscuous mode [ 237.488538][ T3494] veth1_vlan: left promiscuous mode [ 237.494112][ T3494] veth0_vlan: left promiscuous mode [ 237.516212][ T9983] netlink: 'syz.2.962': attribute type 4 has an invalid length. [ 237.524593][ T9984] netlink: 'syz.2.962': attribute type 4 has an invalid length. [ 237.899761][ T5839] Bluetooth: hci1: command tx timeout [ 237.951276][ T3494] team0 (unregistering): Port device team_slave_1 removed [ 237.992237][ T3494] team0 (unregistering): Port device team_slave_0 removed [ 238.446438][ T9795] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 238.453827][ T9795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 238.482513][ T9795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 238.519032][ T9795] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 238.526105][ T9795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 238.565647][ T9795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 238.594939][ T9992] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 238.654546][ T24] lo speed is unknown, defaulting to 1000 [ 238.806335][ T9999] netlink: 16 bytes leftover after parsing attributes in process `syz.4.967'. [ 238.850333][ T9795] hsr_slave_0: entered promiscuous mode [ 238.877652][ T9795] hsr_slave_1: entered promiscuous mode [ 238.883919][ T9795] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 238.890256][T10002] netlink: 452 bytes leftover after parsing attributes in process `syz.4.967'. [ 238.897141][ T9795] Cannot create hsr debugfs directory [ 239.118481][ T9756] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 239.136820][ T9756] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 239.176228][ T9756] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 239.186703][ T9756] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 239.258429][ T5839] Bluetooth: hci3: command tx timeout [ 239.544745][T10016] netdevsim0: renamed from geneve0 (while UP) [ 239.566880][T10018] netlink: 'syz.4.973': attribute type 8 has an invalid length. [ 239.687167][ T9756] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.759083][ T9756] 8021q: adding VLAN 0 to HW filter on device team0 [ 239.818602][ T3501] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.825766][ T3501] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.850001][ T3501] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.857207][ T3501] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.883427][T10028] netlink: 4 bytes leftover after parsing attributes in process `syz.4.976'. [ 240.028417][T10032] netlink: 4 bytes leftover after parsing attributes in process `syz.0.978'. [ 240.054247][ T9795] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 240.091881][T10028] lo speed is unknown, defaulting to 1000 [ 240.103156][ T9795] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 240.135968][ T9795] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 240.175237][ T9795] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 240.216568][T10028] lo speed is unknown, defaulting to 1000 [ 240.226735][ T9756] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 240.239305][ T9756] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 240.624479][T10055] netlink: 'syz.0.982': attribute type 4 has an invalid length. [ 240.654921][T10055] netlink: 12 bytes leftover after parsing attributes in process `syz.0.982'. [ 240.825257][T10062] openvswitch: netlink: Missing key (keys=40, expected=100) [ 240.966719][ T9756] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 241.064107][T10069] netlink: 64 bytes leftover after parsing attributes in process `syz.4.985'. [ 241.091964][T10070] netlink: 64 bytes leftover after parsing attributes in process `syz.4.985'. [ 241.125804][ T9795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.190239][T10065] netlink: 12 bytes leftover after parsing attributes in process `syz.0.984'. [ 241.244445][ T9795] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.306013][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.313223][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.337574][ T5839] Bluetooth: hci3: command tx timeout [ 241.384312][ T3494] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.391551][ T3494] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.496098][ T9756] veth0_vlan: entered promiscuous mode [ 241.613170][ T9756] veth1_vlan: entered promiscuous mode [ 241.784378][T10084] netlink: 'syz.2.991': attribute type 24 has an invalid length. [ 241.803628][ T9756] veth0_macvtap: entered promiscuous mode [ 241.824408][ T9756] veth1_macvtap: entered promiscuous mode [ 241.880453][ T9756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 241.918539][ T9756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.936105][ T9756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 241.947963][ T9756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.962558][ T9756] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 242.011913][ T9756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 242.035103][ T9756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.068508][ T9756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 242.093696][ T9756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.110048][ T9756] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 242.126509][ T9756] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.177134][ T9756] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.186298][ T9756] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.222433][ T9756] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.329750][ T9795] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 242.520687][T10114] netlink: 'syz.2.998': attribute type 3 has an invalid length. [ 242.536978][T10114] netlink: 244 bytes leftover after parsing attributes in process `syz.2.998'. [ 242.543654][ T9795] veth0_vlan: entered promiscuous mode [ 242.558361][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.566220][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 242.587657][ T9795] veth1_vlan: entered promiscuous mode [ 242.671724][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.680189][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.003784][ T9795] veth0_macvtap: entered promiscuous mode [ 243.093469][ T9795] veth1_macvtap: entered promiscuous mode [ 243.153045][T10123] FAULT_INJECTION: forcing a failure. [ 243.153045][T10123] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 243.177218][T10123] CPU: 1 UID: 0 PID: 10123 Comm: syz.2.1000 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) [ 243.177246][T10123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 243.177266][T10123] Call Trace: [ 243.177273][T10123] [ 243.177281][T10123] dump_stack_lvl+0x189/0x250 [ 243.177316][T10123] ? __pfx_dump_stack_lvl+0x10/0x10 [ 243.177342][T10123] ? __pfx__printk+0x10/0x10 [ 243.177373][T10123] should_fail_ex+0x414/0x560 [ 243.177405][T10123] _copy_to_user+0x31/0xb0 [ 243.177430][T10123] simple_read_from_buffer+0xe1/0x170 [ 243.177456][T10123] proc_fail_nth_read+0x1df/0x250 [ 243.177483][T10123] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 243.177510][T10123] ? rw_verify_area+0x258/0x650 [ 243.177529][T10123] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 243.177555][T10123] vfs_read+0x1fd/0x980 [ 243.177579][T10123] ? __pfx___mutex_lock+0x10/0x10 [ 243.177606][T10123] ? __pfx_vfs_read+0x10/0x10 [ 243.177627][T10123] ? __fget_files+0x2a/0x420 [ 243.177655][T10123] ? __fget_files+0x3a0/0x420 [ 243.177677][T10123] ? __fget_files+0x2a/0x420 [ 243.177708][T10123] ksys_read+0x145/0x250 [ 243.177727][T10123] ? rcu_is_watching+0x15/0xb0 [ 243.177755][T10123] ? __pfx_ksys_read+0x10/0x10 [ 243.177778][T10123] ? do_syscall_64+0xba/0x210 [ 243.177809][T10123] do_syscall_64+0xf6/0x210 [ 243.177835][T10123] ? clear_bhb_loop+0x45/0xa0 [ 243.177857][T10123] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.177875][T10123] RIP: 0033:0x7fc52518d37c [ 243.177897][T10123] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 243.177913][T10123] RSP: 002b:00007fc526038030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 243.177932][T10123] RAX: ffffffffffffffda RBX: 00007fc5253b6080 RCX: 00007fc52518d37c [ 243.177946][T10123] RDX: 000000000000000f RSI: 00007fc5260380a0 RDI: 0000000000000005 [ 243.177957][T10123] RBP: 00007fc526038090 R08: 0000000000000000 R09: 0000000000000000 [ 243.177968][T10123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 243.177979][T10123] R13: 0000000000000000 R14: 00007fc5253b6080 R15: 00007ffc022cb648 [ 243.178008][T10123] [ 243.500719][ T9795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 243.511801][ T9795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.522150][ T9795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 243.532655][ T9795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.542592][ T9795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 243.553521][ T9795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.564724][ T9795] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 243.635456][ T9795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 243.646555][ T9795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.656865][ T9795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 243.667998][ T9795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.684555][ T9795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 243.695630][ T9795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.707474][ T9795] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 243.756610][T10132] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1003'. [ 243.768909][T10132] netlink: 'syz.4.1003': attribute type 5 has an invalid length. [ 243.776786][T10132] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1003'. [ 243.782858][ T9795] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.815652][ T9795] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.829327][ T9795] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.841163][ T9795] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.892641][T10132] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 256 - 0 [ 243.932718][T10132] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 256 - 0 [ 243.953899][T10132] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 256 - 0 [ 243.988971][T10132] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 256 - 0 [ 244.025833][T10132] geneve3: entered promiscuous mode [ 244.033679][T10132] geneve3: entered allmulticast mode [ 244.168890][ T36] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.308082][ T36] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.411615][ T3494] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.422685][ T3494] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.459666][ T3494] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.467746][ T3494] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.553973][ T36] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.647060][ T36] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.878379][ T36] bridge_slave_1: left allmulticast mode [ 244.885138][ T36] bridge_slave_1: left promiscuous mode [ 244.895198][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.905934][ T36] bridge_slave_0: left allmulticast mode [ 244.912122][ T36] bridge_slave_0: left promiscuous mode [ 244.918593][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.757596][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 245.770948][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 245.799104][ T36] bond0 (unregistering): Released all slaves [ 245.848516][ T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 245.860481][ T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 245.876098][ T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 245.898295][ T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 245.911623][ T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 246.028375][T10184] lo speed is unknown, defaulting to 1000 [ 246.037666][T10184] lo speed is unknown, defaulting to 1000 [ 246.640443][T10205] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$UvyآDUDw}zR3' [ 246.662413][T10208] ------------[ cut here ]------------ [ 246.668172][T10208] WARNING: CPU: 1 PID: 10208 at net/mac80211/driver-ops.c:473 drv_link_info_changed+0x14c/0x870 [ 246.678788][T10208] Modules linked in: [ 246.682916][T10208] CPU: 1 UID: 0 PID: 10208 Comm: syz.2.1010 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) [ 246.695082][T10208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 246.708113][T10208] RIP: 0010:drv_link_info_changed+0x14c/0x870 [ 246.714235][T10208] Code: 83 fb 01 75 1f e8 04 a5 f9 f6 eb 32 e8 fd a4 f9 f6 eb 2b 83 fb 03 74 21 83 fb 05 75 07 e8 ec a4 f9 f6 eb 1a e8 e5 a4 f9 f6 90 <0f> 0b 90 e9 b5 01 00 00 e8 d7 a4 f9 f6 eb 05 e8 d0 a4 f9 f6 4d 8d [ 246.734778][T10208] RSP: 0018:ffffc90002e570b8 EFLAGS: 00010283 [ 246.741533][T10208] RAX: ffffffff8ac6189b RBX: 0000000080000000 RCX: 0000000000080000 [ 246.749605][T10208] RDX: ffffc90004912000 RSI: 000000000000079c RDI: 000000000000079d [ 246.757965][T10208] RBP: ffff88805ddb8e40 R08: ffff888030a85a00 R09: 0000000000000004 [ 246.765965][T10208] R10: 0000000000000005 R11: 0000000000000002 R12: ffff88802dcd9730 [ 246.774170][T10208] R13: ffff88802dcd8d80 R14: 0000000000000200 R15: ffff88802dcdaa28 [ 246.782327][T10208] FS: 00007fc5260596c0(0000) GS:ffff8881261c4000(0000) knlGS:0000000000000000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 246.791334][T10208] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 246.798431][T10208] CR2: 0000200000000108 CR3: 0000000026d94000 CR4: 00000000003526f0 [ 246.806438][T10208] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 246.814498][T10208] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 246.822612][T10208] Call Trace: [ 246.826692][T10208] [ 246.830556][T10208] ? ieee80211_link_info_change_notify+0x198/0x330 [ 246.837165][T10208] ieee80211_offchannel_stop_vifs+0x249/0x550 [ 246.843303][T10208] __ieee80211_start_scan+0x1a2c/0x1dc0 [ 246.849015][T10208] rdev_scan+0x14d/0x2f0 [ 246.853313][T10208] nl80211_trigger_scan+0x1cb4/0x2170 [ 246.859313][T10208] genl_family_rcv_msg_doit+0x212/0x300 [ 246.864933][T10208] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 246.871290][T10208] ? bpf_lsm_capable+0x9/0x20 [ 246.876017][T10208] ? security_capable+0x7e/0x2e0 [ 246.881469][T10208] genl_rcv_msg+0x60e/0x790 [ 246.886172][T10208] ? __pfx_genl_rcv_msg+0x10/0x10 [ 246.891279][T10208] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 246.895633][T10205] CPU: 0 UID: 0 PID: 10205 Comm: syz.0.1011 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) [ 246.895682][T10205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 246.895699][T10205] Call Trace: [ 246.895707][T10205] [ 246.895716][T10205] dump_stack_lvl+0x189/0x250 [ 246.895751][T10205] ? lockdep_hardirqs_on+0x9c/0x150 [ 246.895780][T10205] ? __pfx_dump_stack_lvl+0x10/0x10 [ 246.895810][T10205] ? __pfx__printk+0x10/0x10 [ 246.895836][T10205] ? kernfs_path_from_node+0x2b/0x260 [ 246.895867][T10205] ? kernfs_path_from_node+0x216/0x260 [ 246.895899][T10205] sysfs_warn_dup+0x8e/0xa0 [ 246.895925][T10205] sysfs_do_create_link_sd+0xc0/0x110 [ 246.895956][T10205] device_add_class_symlinks+0x1cf/0x240 [ 246.895982][T10205] device_add+0x475/0xb50 [ 246.896009][T10205] wiphy_register+0x199a/0x26b0 [ 246.896049][T10205] ? __pfx_wiphy_register+0x10/0x10 [ 246.896065][T10205] ? minstrel_ht_alloc+0x893/0x990 [ 246.896096][T10205] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 246.896125][T10205] ieee80211_register_hw+0x334b/0x4060 [ 246.896166][T10205] ? ieee80211_register_hw+0x13f1/0x4060 [ 246.896202][T10205] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 246.896232][T10205] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 246.896266][T10205] ? __hrtimer_setup+0x187/0x210 [ 246.896295][T10205] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 246.896333][T10205] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 246.896395][T10205] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 246.896423][T10205] ? trace_kmalloc+0x1f/0xd0 [ 246.896444][T10205] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 246.896470][T10205] ? kstrndup+0xbf/0x160 [ 246.896501][T10205] hwsim_new_radio_nl+0xea4/0x1b10 [ 246.896534][T10205] ? __pfx___nla_validate_parse+0x10/0x10 [ 246.896573][T10205] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 246.896618][T10205] ? __nla_parse+0x40/0x60 [ 246.896644][T10205] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 246.896688][T10205] genl_family_rcv_msg_doit+0x212/0x300 [ 246.896724][T10205] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 246.896768][T10205] ? bpf_lsm_capable+0x9/0x20 [ 246.896797][T10205] ? security_capable+0x7e/0x2e0 [ 246.896826][T10205] genl_rcv_msg+0x60e/0x790 [ 246.896861][T10205] ? __pfx_genl_rcv_msg+0x10/0x10 [ 246.896886][T10205] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 246.896931][T10205] netlink_rcv_skb+0x219/0x490 [ 246.896953][T10205] ? __pfx_genl_rcv_msg+0x10/0x10 [ 246.896981][T10205] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 246.897030][T10205] ? down_read+0x1ad/0x2e0 [ 246.897062][T10205] genl_rcv+0x28/0x40 [ 246.897086][T10205] netlink_unicast+0x758/0x8d0 [ 246.897130][T10205] netlink_sendmsg+0x805/0xb30 [ 246.897163][T10205] ? __pfx_netlink_sendmsg+0x10/0x10 [ 246.897189][T10205] ? aa_sock_msg_perm+0x94/0x160 [ 246.897211][T10205] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 246.897233][T10205] ? __pfx_netlink_sendmsg+0x10/0x10 [ 246.897257][T10205] __sock_sendmsg+0x219/0x270 [ 246.897290][T10205] ____sys_sendmsg+0x505/0x830 [ 246.897322][T10205] ? __pfx_____sys_sendmsg+0x10/0x10 [ 246.897357][T10205] ? import_iovec+0x74/0xa0 [ 246.897388][T10205] ___sys_sendmsg+0x21f/0x2a0 [ 246.897415][T10205] ? __pfx____sys_sendmsg+0x10/0x10 [ 246.897447][T10205] ? futex_wake+0x458/0x500 [ 246.897504][T10205] ? security_bpf+0x7e/0x300 [ 246.897548][T10205] __x64_sys_sendmsg+0x19b/0x260 [ 246.897576][T10205] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 246.897622][T10205] ? do_syscall_64+0xba/0x210 [ 246.897660][T10205] do_syscall_64+0xf6/0x210 [ 246.897691][T10205] ? clear_bhb_loop+0x45/0xa0 [ 246.897717][T10205] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.897738][T10205] RIP: 0033:0x7f9cf2d8e969 [ 246.897758][T10205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 246.897775][T10205] RSP: 002b:00007f9cf3b8c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 246.897796][T10205] RAX: ffffffffffffffda RBX: 00007f9cf2fb5fa0 RCX: 00007f9cf2d8e969 [ 246.897811][T10205] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000006 [ 246.897824][T10205] RBP: 00007f9cf2e10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 246.897838][T10205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 246.897850][T10205] R13: 0000000000000000 R14: 00007f9cf2fb5fa0 R15: 00007ffc94465528 [ 246.897883][T10205] [ 247.336668][T10208] ? __pfx_nl80211_trigger_scan+0x10/0x10 [ 247.343352][T10208] ? __pfx_nl80211_post_doit+0x10/0x10 [ 247.349430][T10208] ? ref_tracker_free+0x63a/0x7d0 [ 247.354513][T10208] ? __copy_skb_header+0xa7/0x550 [ 247.359663][T10208] netlink_rcv_skb+0x219/0x490 [ 247.364478][T10208] ? __pfx_genl_rcv_msg+0x10/0x10 [ 247.369604][T10208] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 247.374963][T10208] ? down_read+0x1ad/0x2e0 [ 247.379492][T10208] genl_rcv+0x28/0x40 [ 247.383510][T10208] netlink_unicast+0x758/0x8d0 [ 247.388364][T10208] netlink_sendmsg+0x805/0xb30 [ 247.393175][T10208] ? __pfx_netlink_sendmsg+0x10/0x10 [ 247.398590][T10208] ? aa_sock_msg_perm+0x94/0x160 [ 247.403590][T10208] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 247.408986][T10208] ? __pfx_netlink_sendmsg+0x10/0x10 [ 247.414308][T10208] __sock_sendmsg+0x219/0x270 [ 247.419392][T10208] ____sys_sendmsg+0x505/0x830 [ 247.424212][T10208] ? __pfx_____sys_sendmsg+0x10/0x10 [ 247.429750][T10208] ? import_iovec+0x74/0xa0 [ 247.434303][T10208] ___sys_sendmsg+0x21f/0x2a0 [ 247.439062][T10208] ? __pfx____sys_sendmsg+0x10/0x10 [ 247.445066][T10208] ? __fget_files+0x2a/0x420 [ 247.450304][T10208] ? __fget_files+0x3a0/0x420 [ 247.455044][T10208] __x64_sys_sendmsg+0x19b/0x260 [ 247.460084][T10208] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 247.465623][T10208] ? do_syscall_64+0xba/0x210 [ 247.470390][T10208] do_syscall_64+0xf6/0x210 [ 247.474932][T10208] ? clear_bhb_loop+0x45/0xa0 [ 247.479704][T10208] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.485638][T10208] RIP: 0033:0x7fc52518e969 [ 247.490132][T10208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.510271][T10208] RSP: 002b:00007fc526059038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 247.518780][T10208] RAX: ffffffffffffffda RBX: 00007fc5253b5fa0 RCX: 00007fc52518e969 [ 247.526783][T10208] RDX: 0000000000004010 RSI: 0000200000000600 RDI: 0000000000000004 [ 247.534878][T10208] RBP: 00007fc525210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 247.543616][T10208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 247.552241][T10208] R13: 0000000000000000 R14: 00007fc5253b5fa0 R15: 00007ffc022cb648 [ 247.560324][T10208] [ 247.563373][T10208] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 247.570682][T10208] CPU: 1 UID: 0 PID: 10208 Comm: syz.2.1010 Not tainted 6.15.0-rc3-syzkaller-00644-gdeeed351e982 #0 PREEMPT(full) [ 247.582780][T10208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 247.592864][T10208] Call Trace: [ 247.596192][T10208] [ 247.599153][T10208] dump_stack_lvl+0x99/0x250 [ 247.603785][T10208] ? __asan_memcpy+0x40/0x70 [ 247.608404][T10208] ? __pfx_dump_stack_lvl+0x10/0x10 [ 247.613652][T10208] ? __pfx__printk+0x10/0x10 [ 247.618293][T10208] panic+0x2db/0x790 [ 247.622238][T10208] ? __pfx_panic+0x10/0x10 [ 247.626801][T10208] __warn+0x31b/0x4b0 [ 247.630805][T10208] ? drv_link_info_changed+0x14c/0x870 [ 247.636285][T10208] ? drv_link_info_changed+0x14c/0x870 [ 247.641757][T10208] report_bug+0x2be/0x4f0 [ 247.646106][T10208] ? drv_link_info_changed+0x14c/0x870 [ 247.651587][T10208] ? drv_link_info_changed+0x14c/0x870 [ 247.657074][T10208] ? drv_link_info_changed+0x14e/0x870 [ 247.662559][T10208] handle_bug+0x84/0x160 [ 247.666826][T10208] exc_invalid_op+0x1a/0x50 [ 247.671348][T10208] asm_exc_invalid_op+0x1a/0x20 [ 247.676205][T10208] RIP: 0010:drv_link_info_changed+0x14c/0x870 [ 247.682285][T10208] Code: 83 fb 01 75 1f e8 04 a5 f9 f6 eb 32 e8 fd a4 f9 f6 eb 2b 83 fb 03 74 21 83 fb 05 75 07 e8 ec a4 f9 f6 eb 1a e8 e5 a4 f9 f6 90 <0f> 0b 90 e9 b5 01 00 00 e8 d7 a4 f9 f6 eb 05 e8 d0 a4 f9 f6 4d 8d [ 247.701910][T10208] RSP: 0018:ffffc90002e570b8 EFLAGS: 00010283 [ 247.707982][T10208] RAX: ffffffff8ac6189b RBX: 0000000080000000 RCX: 0000000000080000 [ 247.715953][T10208] RDX: ffffc90004912000 RSI: 000000000000079c RDI: 000000000000079d [ 247.723937][T10208] RBP: ffff88805ddb8e40 R08: ffff888030a85a00 R09: 0000000000000004 [ 247.731910][T10208] R10: 0000000000000005 R11: 0000000000000002 R12: ffff88802dcd9730 [ 247.739883][T10208] R13: ffff88802dcd8d80 R14: 0000000000000200 R15: ffff88802dcdaa28 [ 247.747881][T10208] ? drv_link_info_changed+0x14b/0x870 [ 247.753369][T10208] ? drv_link_info_changed+0x14b/0x870 [ 247.758848][T10208] ? ieee80211_link_info_change_notify+0x198/0x330 [ 247.765366][T10208] ieee80211_offchannel_stop_vifs+0x249/0x550 [ 247.771453][T10208] __ieee80211_start_scan+0x1a2c/0x1dc0 [ 247.777054][T10208] rdev_scan+0x14d/0x2f0 [ 247.781306][T10208] nl80211_trigger_scan+0x1cb4/0x2170 [ 247.786705][T10208] genl_family_rcv_msg_doit+0x212/0x300 [ 247.792285][T10208] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 247.798393][T10208] ? bpf_lsm_capable+0x9/0x20 [ 247.803097][T10208] ? security_capable+0x7e/0x2e0 [ 247.808046][T10208] genl_rcv_msg+0x60e/0x790 [ 247.812565][T10208] ? __pfx_genl_rcv_msg+0x10/0x10 [ 247.817615][T10208] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 247.823002][T10208] ? __pfx_nl80211_trigger_scan+0x10/0x10 [ 247.828749][T10208] ? __pfx_nl80211_post_doit+0x10/0x10 [ 247.834235][T10208] ? ref_tracker_free+0x63a/0x7d0 [ 247.839259][T10208] ? __copy_skb_header+0xa7/0x550 [ 247.844294][T10208] netlink_rcv_skb+0x219/0x490 [ 247.849073][T10208] ? __pfx_genl_rcv_msg+0x10/0x10 [ 247.854129][T10208] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 247.859450][T10208] ? down_read+0x1ad/0x2e0 [ 247.863891][T10208] genl_rcv+0x28/0x40 [ 247.867889][T10208] netlink_unicast+0x758/0x8d0 [ 247.872677][T10208] netlink_sendmsg+0x805/0xb30 [ 247.877454][T10208] ? __pfx_netlink_sendmsg+0x10/0x10 [ 247.882744][T10208] ? aa_sock_msg_perm+0x94/0x160 [ 247.887706][T10208] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 247.892997][T10208] ? __pfx_netlink_sendmsg+0x10/0x10 [ 247.898286][T10208] __sock_sendmsg+0x219/0x270 [ 247.902977][T10208] ____sys_sendmsg+0x505/0x830 [ 247.907755][T10208] ? __pfx_____sys_sendmsg+0x10/0x10 [ 247.913054][T10208] ? import_iovec+0x74/0xa0 [ 247.917569][T10208] ___sys_sendmsg+0x21f/0x2a0 [ 247.922250][T10208] ? __pfx____sys_sendmsg+0x10/0x10 [ 247.927479][T10208] ? __fget_files+0x2a/0x420 [ 247.932071][T10208] ? __fget_files+0x3a0/0x420 [ 247.936758][T10208] __x64_sys_sendmsg+0x19b/0x260 [ 247.941705][T10208] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 247.947186][T10208] ? do_syscall_64+0xba/0x210 [ 247.951886][T10208] do_syscall_64+0xf6/0x210 [ 247.956412][T10208] ? clear_bhb_loop+0x45/0xa0 [ 247.961096][T10208] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.966993][T10208] RIP: 0033:0x7fc52518e969 [ 247.971413][T10208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.991028][T10208] RSP: 002b:00007fc526059038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 247.999457][T10208] RAX: ffffffffffffffda RBX: 00007fc5253b5fa0 RCX: 00007fc52518e969 [ 248.007429][T10208] RDX: 0000000000004010 RSI: 0000200000000600 RDI: 0000000000000004 [ 248.015399][T10208] RBP: 00007fc525210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 248.023370][T10208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 248.031342][T10208] R13: 0000000000000000 R14: 00007fc5253b5fa0 R15: 00007ffc022cb648 [ 248.039345][T10208] [ 248.042717][T10208] Kernel Offset: disabled [ 248.047055][T10208] Rebooting in 86400 seconds..