last executing test programs: 41.702978712s ago: executing program 1 (id=3383): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000140)="91f8a9849519def28691bbc4173c3d6f357d0272b7319130feaab952ac4703cad04be68907e50e997fc26e4c91ea4feb931647fc5393de25000000000000000000", 0x41}, {&(0x7f0000000e80)="44900000000056ee66c372f3105eb186dd8062fad2d5b5bfb0ba06f274a8d026bd209da8ffa6a26e3b3f8075704a9d0ef9aff7f1e7db24609f02d34e76992c9df9fe6888c6c9a4825c6223be6ac54536025af1dea54e527c68b0ff250261953f2da79a78104c2d9e7b16ed86b124945aa9ab7581ebd385fb61d442035db81e18c2d2462d", 0x84}], 0x2}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000b80)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001129dbacbfd4924d7545517fd18b5d29978f32a5b5c81755cb89cc0490958ba3211eb99df5cdbbc0f9c941aaa1495893dada02d8188acd26b5afd7476413f322c8f79de769debb56343f3eded2dca93ed6641", 0xb0}, {&(0x7f0000000d00)="31cef842d9c50636f60fc0cfdac56c75f1687f0c56287423f5eed69f117e766bdbad0c2171ad6227e1173ab6efa2fcb1c420a51a0917861009000000f049c606ccab7cda1f0e3490fbe385ea382294882839a22674037b8910bd8a1420e33eb1be6f10cfb24eb7cccdf1528ef33b34ab07cdb0909a9ba9547e1e343b451d9025c4e153612d4674b9411fb4de295599abbcb388d291aa839ab0954e6a8dfc19c3c1533a11d81e03a4879bd736f1caacc2bbf1194598a652677efb930a5b6ee292c57402e0cc07a9a26ee794e46e604a9aec550d12af09f782e1f6a996f0756604847689d37ee3047e61531a8672447cb501b2560bc0e0c5fb2c9f341ed3972b30190e930af94642ab1557e286442cfa6a84ad931e99549640705cd6261ca7094910df055747e2e2ae170e7850093b", 0x12e}, {&(0x7f0000001300)="e0cda6472d1ccfb4d1d46bf348a3b7ff9e5b6b3e30ef2266c86a085e37271763c50968fe2e2eb13b9472381bade936f9a85e26aac6ebd21115f086751d870434cf07dbd9", 0x44}], 0x3}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000640)="42e013913edbeb683c44e18a52b5a2462064ddd92caaba941de80d06047dedb7eeeff3a27eacf4c416b6979d6c918608807c44d01535dbaab3b390086e4fd43c6b5931187023646d6beac2340fdc7a0d81214ac76a818f64d287311e8828dfd3e3dd67efdb129a6e52745d1540e570891f6bf411cc16a18c4d34e522a1f003498f1a03ea1f8828b6c902286c71a9bc21923972dacfa74fef6a0fd3267e599c1dd33dff5d7b28f134bda4a29962fd5daa4fc9c515a1c3ee25ace1a9948c24b277d0c9c46f948f8a3f98b1a18eff685b7296457ba31632fea4d8f817817026eeb76460dad4f677de73", 0xe8}, {&(0x7f0000000040)="7542473782798be019c27ed30b", 0xd}, {0x0}], 0x3}}], 0x3, 0x2090) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 41.552678239s ago: executing program 1 (id=3386): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x4e, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}}, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000700)=@newtfilter={0x44, 0x2c, 0xd3f, 0x70b524, 0x25dfdbfb, {0x0, 0x0, 0x0, r8, {0xfff3, 0xffe0}, {}, {0x7, 0xfff2}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x172fd}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4008848}, 0xc884) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r9, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)='\'', 0x20}], 0x1}, 0x4) 39.203487979s ago: executing program 1 (id=3392): socket$inet_sctp(0x2, 0x5, 0x84) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000200)) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r1, @ANYBLOB, @ANYRES64=r0], 0x38}}, 0x10) 38.80600216s ago: executing program 1 (id=3398): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) unshare(0x20040400) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000300), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)) sendmsg$NFC_CMD_DEV_UP(r1, 0x0, 0x4008054) write$nci(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="61050503010402070406010009067603"], 0x2e) 8.91652346s ago: executing program 0 (id=3554): r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmsg(r0, &(0x7f0000001d00)={0x0, 0x0, 0x0}, 0x40000020) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002500010324bd5502ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) recvmsg(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000001d40)=""/4087, 0xff7}, {&(0x7f0000004700)=""/4094, 0xffe}, {&(0x7f0000000040)=""/28, 0x1c}, {&(0x7f0000000080)=""/21, 0x15}, {&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f00000016c0)=""/198, 0xc6}], 0x6}, 0x2000) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x84) ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x40047211, 0x0) 8.512726879s ago: executing program 0 (id=3556): syz_init_net_socket$x25(0x3, 0x5, 0x3) r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f00000000c0)="2600000022024780e8ff06006d00000078cc6f920a97c99f494e83cf3b21f84fcf47e2af0bf9", 0x26) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000d9bffc)=0x61, 0x4) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000000100), 0x4) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x25, 0x4, @val=@netfilter={0x1, 0x0, 0x7}}, 0x20) r2 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x8810) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f0000000140)=ANY=[], 0x80}}, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmmsg(r3, &(0x7f00000000c0), 0x2c8, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={@fallback, 0x2f, 0x0, 0x0, &(0x7f0000000140)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='(\x00\x00\x00.\x00\t\x00\'\tp\x00'], 0x28}, 0x1, 0x0, 0x0, 0x42804}, 0x0) r4 = socket$inet(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x8, 0x3, 0x288, 0x0, 0xa, 0x148, 0x160, 0x60, 0x1f0, 0x2a8, 0x2a8, 0x1f0, 0x2a8, 0x7fffffe, 0x0, {[{{@ip={@multicast2, @rand_addr=0x64010106, 0xff, 0xffffffff, 'gretap0\x00', 'wg2\x00', {}, {0xff}, 0x0, 0x3}, 0x0, 0xf0, 0x160, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'veth1_to_team\x00', {0x11, 0x0, 0x0, 0xfffffffd, 0x533, 0xffffffff, 0x7, 0x0, 0x8}}}, @inet=@rpfilter={{0x28}, {0x7}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x2, 0x0, 0x1000, 0x0, "f2f7b9f28413d9d8ad470ad2b60c45cb4ea68dba902bdc2ff8a930811d5ab686316d51d4773506378bc2d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@uncond, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x2e8) r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCRSCLRRT(r5, 0x89e4) 7.937921544s ago: executing program 0 (id=3562): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r2) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x4e, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}}, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000700)=@newtfilter={0x44, 0x2c, 0xd3f, 0x70b524, 0x25dfdbfb, {0x0, 0x0, 0x0, r8, {0xfff3, 0xffe0}, {}, {0x7, 0xfff2}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x172fd}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4008848}, 0xc884) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r9, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)='\'', 0x20}], 0x1}, 0x4) 5.277044879s ago: executing program 0 (id=3567): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="14000000520001ff0f000000000000001c"], 0x14}}, 0x0) 5.118721578s ago: executing program 4 (id=3570): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$kcm(0x11, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r5, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0xfffffff9}, @TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x5, 0xb, 0x11}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r1, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x0, r6, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee162fd4b8bf4a31accb", 0xfdef}], 0x1}, 0x0) 4.988756359s ago: executing program 0 (id=3572): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00') unshare(0x6a040000) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$kcm(0xa, 0x2, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e22, 0x3, 'lc\x00', 0x5, 0x7, 0x77}, {@loopback, 0x4e20, 0x4, 0x2, 0x2}}, 0x44) sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)}, 0x0) listen(r0, 0x5) accept4(r0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002240)=[{{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, &(0x7f0000001d40)=[{0x0}, {0x0}], 0x2}}], 0x2, 0x10002, 0x0) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@dellinkprop={0x38, 0x6d, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x1021a, 0x2800}, [@IFLA_PROP_LIST={0x18, 0x34, 0x0, 0x1, [{0x14, 0x35, 'pim6reg0\x00'}]}]}, 0x38}, 0x1, 0x0, 0x0, 0xc04c065}, 0x40000) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="700000001000ffff25bd7000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="920a050000000000480012800e0001006970366772657461700000003400028014000700ff02000000000000000000000000000114000600fe80000000000000000000000000003508000100", @ANYRES32=r3, @ANYBLOB="080004"], 0x70}, 0x1, 0x0, 0x0, 0x4000080}, 0x20048004) 4.707407377s ago: executing program 5 (id=3575): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000003c0)) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) connect$bt_l2cap(r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) socket$inet6_sctp(0xa, 0x1, 0x84) socket$key(0xf, 0x3, 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0xa}}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x34}, 0x94) socket$kcm(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x12, 0x4, 0x4, 0x12}, 0x50) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000040)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xe, 0x4, 0x4, 0x1, 0x0, 0x1, 0xfffffffc}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r1}, &(0x7f0000000280), &(0x7f0000000000)=r2}, 0x20) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r2, r4, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x11, &(0x7f0000000700)=ANY=[@ANYBLOB], 0x0) 4.402929424s ago: executing program 3 (id=3577): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={0x0}, 0x1, 0x0, 0x0, 0x4008848}, 0xc884) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syz_tun\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e22, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@newlink={0x30, 0x10, 0x1, 0x70bd25, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, 0x48815, 0x40103}, [@IFLA_GROUP={0x8}, @IFLA_TXQLEN={0x8, 0xd, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000) 4.332668008s ago: executing program 4 (id=3578): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r2) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x4e, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}}, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000700)=@newtfilter={0x44, 0x2c, 0xd3f, 0x70b524, 0x25dfdbfb, {0x0, 0x0, 0x0, r8, {0xfff3, 0xffe0}, {}, {0x7, 0xfff2}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x172fd}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4008848}, 0xc884) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r9, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)='\'', 0x20}], 0x1}, 0x4) 3.103904388s ago: executing program 5 (id=3579): r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x0, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0x0, 0xd}, {0xffff, 0xb}, {0x4, 0xfff2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_WASH={0x8, 0xd, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240040a1}, 0x4890) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x8, r6, 0x17}, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)}], 0x1}, 0x4) 2.893271136s ago: executing program 3 (id=3581): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0xdd86, r6, 0x33}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000000)="b8a626319f48ffc54553d60508b9", 0xe}], 0x1}, 0x404481c) 2.805057608s ago: executing program 4 (id=3582): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000a410000000100000038000180060001000200000008000500000000000c0007000000000000000000080009"], 0x4c}}, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f00000000c0)=""/24, 0x0) 2.639683042s ago: executing program 2 (id=3583): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x4361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}}, 0x0) 2.571704022s ago: executing program 4 (id=3584): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) preadv(r0, &(0x7f0000000100)=[{&(0x7f00000007c0)=""/4096, 0x1000}], 0x1, 0x497, 0x9) 1.62730803s ago: executing program 2 (id=3585): socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet_sctp(0x2, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000000000000000000000000001850000002c00000095000000000000004495e980d4ab43a654dbda1289491fde9751ca443daaa97c18e213"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x70) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket$kcm(0x2, 0x3, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_udp(0xa, 0x2, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000001440), 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x0) socket$inet(0xa, 0x801, 0x84) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x1c9241, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)) r0 = socket$packet(0x11, 0x3, 0x300) socketpair$tipc(0x1e, 0x1, 0x0, 0x0) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 1.624044673s ago: executing program 5 (id=3586): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r0, 0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000140)='%-010d \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={r1}, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x10, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000000000000000000005000000b7080000000000007b8af8ff00000000b70800000e0000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$sock(r3, &(0x7f0000001940)={0x0, 0x0, 0x0}, 0x20000000) 1.497122554s ago: executing program 4 (id=3587): r0 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd7000fcdbdf2502000000", @ANYRES32=r4], 0x1c}}, 0x840) write$nci(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="400404"], 0x7) 1.473163164s ago: executing program 5 (id=3588): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc0800034000000014480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000020c000440000000000000000b14000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000000d0a010300000000000000000a0000010900020073797a31000000e20800010073797a31"], 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) 1.400340316s ago: executing program 3 (id=3589): socket$inet_sctp(0x2, 0x5, 0x84) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000200)) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYRES32=r1, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r0], 0x38}}, 0x10) 1.332852227s ago: executing program 5 (id=3590): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000003c0)) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) connect$bt_l2cap(r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) socket$inet6_sctp(0xa, 0x1, 0x84) socket$key(0xf, 0x3, 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0xa}}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x34}, 0x94) socket$kcm(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x12, 0x4, 0x4, 0x12}, 0x50) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000040)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xe, 0x4, 0x4, 0x1, 0x0, 0x1, 0xfffffffc}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000480)={{r1}, &(0x7f0000000280), &(0x7f0000000000)=r2}, 0x20) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r2, r4, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x11, &(0x7f0000000700)=ANY=[@ANYBLOB], 0x0) 1.275815216s ago: executing program 2 (id=3591): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r6 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(r6) socket$netlink(0x10, 0x3, 0xc) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r7 = socket$kcm(0x11, 0x3, 0x0) r8 = socket(0x400000000010, 0x3, 0x0) r9 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001300)=@newtfilter={0xea4, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r10, {0x5, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0xe70, 0x2, [@TCA_MATCHALL_ACT={0xe6c, 0x2, [@m_pedit={0xe68, 0x1, 0x0, 0x0, {{0xa}, {0xe3c, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe38, 0x4, {{{0x0, 0x7f, 0x2, 0x4, 0x4}, 0x3, 0x2, [{0x5e5, 0xb, 0x1ff, 0x0, 0x1, 0xb}]}, [{0x2, 0xb853, 0x1ff, 0xe40, 0x4, 0xc}, {0x5, 0x5, 0x4, 0x4, 0x4, 0xe941}, {0x3, 0xc, 0x4b48, 0x9, 0x5, 0x6}, {0xcb, 0x4000, 0x6, 0x2, 0x6, 0x4ae}, {0x9, 0xc, 0xe5, 0xeddc, 0x1, 0x3}, {0x6, 0x81, 0x1, 0x7, 0x1, 0xacd}, {0x6, 0xf, 0x80000000, 0x7, 0x4, 0xfffffff9}, {0xfff80000, 0x5, 0x9, 0x10001, 0xe0, 0x6}, {0xffffffff, 0x0, 0xffffffff, 0x7, 0x2, 0x9}, {0x5, 0xfffffff7, 0x5, 0x4, 0x6, 0xb}, {0x9, 0x9, 0xfffffff5, 0x200, 0x7fff, 0x5}, {0xffffff01, 0x61a96559, 0x6f1, 0xff, 0x3, 0x4}, {0xbb, 0x7, 0x9, 0x40, 0x401, 0xb}, {0xf, 0x8, 0x40, 0x7, 0x7, 0x7}, {0x4, 0x3, 0x9, 0x0, 0x8, 0xe3e}, {0xfffffffc, 0xc86, 0xd, 0x9, 0xb9, 0x7ff}, {0x10, 0xc1b, 0xfff, 0x474, 0x8, 0x8}, {0x7e, 0x2, 0x7, 0xd, 0x40, 0x8}, {0x9, 0x4d12, 0x2a, 0x3ff, 0xad68, 0x80}, {0x800, 0x9, 0x5, 0x9, 0x2, 0x5}, {0x8, 0xfffffb32, 0xbf33, 0xe, 0x8001, 0x8}, {0x8, 0x6, 0xb, 0x2, 0x3, 0x6}, {0xfffffff7, 0x5, 0x7, 0x8, 0x100, 0x1ff}, {0x533c, 0x9, 0xffffffff, 0x2, 0x0, 0x9}, {0x0, 0xfff, 0x3ff, 0x1, 0x4417973e, 0x401}, {0xff, 0xfffffffe, 0xa7, 0x1, 0xffffff81, 0x59}, {0x4, 0xe, 0xb0d, 0xfffffff7, 0x0, 0xd}, {0xb2, 0x401, 0x2, 0xaf73, 0xffff, 0x5}, {0x7fffffff, 0x9a, 0x100, 0x3, 0x10000, 0x8}, {0x8, 0xfffff000, 0x8, 0x7, 0x8, 0x1ff}, {0x2, 0xc0000000, 0x4, 0x2, 0x3, 0x6}, {0x1, 0x9de4, 0x40, 0x7ff, 0x8, 0xac}, {0x80000001, 0x37c, 0x3560, 0x7, 0x0, 0xeb7}, {0x400, 0x6, 0x2, 0x8, 0x3, 0x1}, {0x25, 0x7fff, 0x0, 0x6, 0xa}, {0x8, 0x2, 0x1, 0x8000, 0x400, 0x2}, {0x2, 0x200, 0x9, 0x8, 0x6, 0x7fff}, {0xb42, 0xb7e1, 0x3, 0x3, 0x4, 0x2007e01e}, {0x7fff, 0xb, 0x0, 0xc1f2, 0x80, 0x10}, {0x101, 0x6, 0x8000, 0x800, 0x9, 0x5}, {0xedf, 0x998a, 0x8, 0x80000000, 0xfffff19d, 0x5}, {0x5, 0x6, 0xfffffeff, 0x7, 0x2, 0x5}, {0x8, 0x6, 0x0, 0x6, 0x3, 0xffffc145}, {0x5, 0x4, 0xccd2, 0x9, 0x29ca, 0x8}, {0x0, 0x2b, 0x7, 0x7282, 0xf44, 0x6a0}, {0x9, 0xfffffff7, 0x7f, 0x1, 0x8, 0x7f}, {0x0, 0x8, 0x9e89, 0x6, 0x3, 0xda}, {0x2, 0xff, 0x7, 0x4, 0xb, 0x6}, {0x4, 0x40, 0x0, 0xf, 0x2aef33c8, 0x4}, {0xfffffffd, 0x4, 0xfffffff7, 0x1, 0x3, 0x7}, {0x5f82, 0x3, 0x6, 0x8, 0x81, 0xfffffeff}, {0x101, 0xf, 0x7bdd545b, 0x100, 0x1, 0xff}, {0x1, 0x7, 0x2, 0x78, 0x3ff, 0x2}, {0x9, 0x0, 0x6, 0x7, 0x4, 0x1}, {0x7, 0xcc77, 0x9, 0xad3, 0x0, 0x4}, {0x90a8, 0x3, 0x0, 0x2, 0xc, 0x3}, {0x2, 0xe4f, 0x7, 0x401, 0xffff}, {0x1, 0x8, 0x7e01, 0x7f, 0x6, 0x97}, {0x1, 0x6, 0x9, 0x9, 0x0, 0xf}, {0x6, 0x2, 0x80, 0x4, 0x6, 0x8}, {0x3, 0x5b5, 0x800, 0x0, 0x6, 0x81}, {0xd, 0x1000, 0x6, 0x4, 0x80000000}, {0xc, 0xe, 0x2, 0x7fffffff, 0x401, 0x3ff}, {0x8, 0x4000000, 0xc5db, 0x5, 0x48be, 0x4}, {0x2, 0x0, 0x7, 0x100, 0x8000000, 0x7ff}, {0x0, 0x5, 0x27fa7c96, 0x8, 0x7, 0x9}, {0x9, 0x1, 0x40000, 0x8, 0x3, 0x3}, {0x7, 0x8, 0xa, 0xbab, 0x5, 0x534}, {0x1d7ef776, 0x7, 0xd, 0x6, 0x8, 0x1800}, {0x2, 0x35bd, 0x0, 0x2, 0x6, 0x3}, {0xff, 0x4, 0x80, 0x698e, 0x6, 0x1}, {0x7, 0x80000001, 0x1ff, 0x8e1, 0xebd, 0xfffffff2}, {0x7853, 0x200, 0x8, 0x6, 0xf4bb, 0x2}, {0x400, 0x2, 0x8, 0x1, 0x5, 0x7c8d2d4f}, {0x7ff, 0xb17, 0xfbc, 0x9, 0x8, 0x1}, {0x1000000, 0x80000001, 0xfa, 0x10001, 0x2000000, 0x9}, {0xffff, 0x8, 0x5, 0x2, 0x0, 0x100}, {0x7c6d, 0x52d, 0x0, 0x8, 0x4, 0x10001}, {0xfff, 0x1, 0x2, 0x5, 0x7, 0x88}, {0x4, 0x0, 0x80000000, 0x1, 0xffffff9a, 0x10000}, {0x8, 0x1, 0x3, 0x2, 0x4, 0xc0a}, {0x3, 0x6, 0x1, 0x4534, 0x52, 0x8141}, {0xd, 0x8, 0x2, 0x101, 0x80000000, 0x7fffffff}, {0xa, 0x488, 0x7, 0x92a, 0x8, 0x7}, {0x0, 0x6, 0xd, 0xca53, 0x4}, {0x80, 0xfff, 0x3, 0x0, 0x2, 0x5}, {0x0, 0x2, 0x8000, 0x7, 0x7, 0x6}, {0x3, 0x9, 0x8, 0xd5a, 0x7, 0xfdd}, {0x7d5, 0xc, 0xfa7, 0x7, 0x5e, 0x3}, {0x8d, 0x0, 0x5, 0x475, 0xdb, 0x6}, {0x1, 0x80000001, 0x3, 0x7, 0x7, 0x56}, {0x400, 0x90, 0x9a, 0x8000, 0x9, 0x100}, {0x9, 0xfffffffa, 0x4, 0xfffffffa, 0xef76, 0x1e}, {0x2, 0x9, 0x80, 0xea, 0x7ff, 0x3}, {0x0, 0x7fff, 0x0, 0x7, 0x4, 0x5}, {0x100, 0x9, 0x8, 0x81, 0x3, 0xfff}, {0x4, 0x400, 0x1000, 0x3, 0x8, 0x2}, {0x89, 0x2, 0x3, 0xfffffffd, 0x5, 0xfff}, {0x3, 0xff, 0xfffffffc, 0x9, 0x2, 0x10001}, {0x0, 0x8, 0x7, 0x2, 0x0, 0x10}, {0x1, 0x6, 0xd, 0x91, 0x6d, 0xf}, {0x40, 0x6, 0x1282, 0x2, 0xe28d}, {0x2, 0x1, 0x4, 0x0, 0x4, 0xa}, {0x48b, 0x3ff, 0x5, 0x200, 0x3, 0x5}, {0x10, 0x0, 0x9, 0x7, 0x1, 0xfffffac3}, {0x100, 0x436, 0x31b03387, 0x2, 0x442, 0x3}, {0x9, 0x7, 0x0, 0xfffffffe, 0x8001, 0xa}, {0x61, 0x1, 0x9, 0x2, 0x6, 0x40000000}, {0x4, 0x9, 0xd, 0x3ff, 0xfffffffa}, {0x7, 0x8, 0xb, 0x0, 0x0, 0x4}, {0xa, 0x0, 0x2, 0x1ff, 0x20, 0x40}, {0x1, 0xff800000, 0x2, 0x10000, 0x8}, {0x1, 0x401, 0xfffffff7, 0x0, 0xa3, 0x2}, {0x4f, 0xffffffff, 0x6, 0x8, 0x4, 0x3}, {0x5, 0x6, 0x25, 0xffd, 0x3, 0x6}, {0x4fdcd1f1, 0x8, 0x68f849fd, 0x3, 0xffffa0fc}, {0x0, 0x2, 0x5, 0x4, 0x6, 0x5}, {0x3, 0x3, 0x5, 0x7, 0x7, 0x594}, {0x4, 0x0, 0x5, 0x3, 0x5, 0x80}, {0x2, 0x3, 0x1, 0xd, 0x4, 0x8001}, {0x0, 0x4800, 0x1000, 0x9, 0x1}, {0xfffffffd, 0x1, 0x5, 0x401, 0x4, 0x5}, {0x8, 0xff, 0xcf0, 0x2, 0x1ff, 0x40}, {0x7, 0x5, 0xbff, 0x8, 0x6, 0x8}, {0x82, 0x9, 0x2, 0x9ac, 0x6, 0xfb}, {0xa74b511, 0xd58, 0x4, 0x0, 0xdcc2, 0x1}, {0x9, 0x8, 0x1, 0x8, 0x1, 0x101}, {0xc, 0x8, 0x4, 0x9, 0x3, 0x100}], [{0x2}, {0x1}, {0x2}, {0x1}, {0x4}, {0x2, 0x1}, {0x1}, {0x1, 0x1}, {0x3}, {0x5df484c4300b366, 0x1}, {0x4, 0x1}, {0x80cfd2003438bf2}, {0x2, 0x1}, {0x1}, {0x4}, {0x1}, {0x0, 0x1}, {}, {}, {0x0, 0x1}, {0x3}, {0x1, 0x1}, {0x5}, {0x0, 0x1}, {0x5, 0x1}, {0x0, 0x2d4fb9831e576f94}, {0x4, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x3}, {0x3, 0x1}, {0x4}, {0x3}, {0x2}, {0x4}, {0x2}, {}, {0x1, 0x1}, {}, {0x2, 0x1}, {0x2}, {0x0, 0x1}, {0x2}, {}, {0x2}, {0x2}, {0x4, 0x1}, {0x4}, {}, {0x0, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x1, 0x1}, {0x4}, {0x3}, {}, {0x0, 0x1}, {0x5}, {0x7, 0x1}, {0x5}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x5}, {0x1}, {0x5, 0x1}, {0x0, 0x1}, {0x4}, {0x4}, {0x2, 0x1}, {0x2}, {0x5}, {0x5}, {}, {0x4, 0x1}, {}, {0x4, 0x1}, {0x4, 0x1}, {0x5, 0x1}, {0x1, 0x1}, {0x3}, {0x4}, {0x4}, {0x0, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {0x2}, {0x3}, {0x3, 0x1}, {0x2, 0x1}, {0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x5, 0x1}, {0x5}, {0x5}, {0x0, 0x1}, {0x4, 0x2}, {0x4, 0x1}, {0x4}, {0x4}, {0x1}, {0x4}, {0x2}, {0x0, 0x1}, {0x2, 0x1}, {0x1}, {0x2}, {0x4}, {}, {0x5, 0x1}, {}, {0x5}, {0x3, 0x1}, {0x5}, {0x4}, {0x1, 0x1}, {0x1}, {0x2, 0x2}, {0x3}, {0x1, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x5, 0x1}, {0x3}, {0x1}]}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0xea4}, 0x1, 0x0, 0x0, 0x10}, 0x0) setsockopt$sock_attach_bpf(r7, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r7, &(0x7f00000000c0)={&(0x7f0000000500)=@xdp={0x2c, 0x0, r5, 0xc}, 0x80, &(0x7f00000006c0)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf", 0x22}, {&(0x7f0000000c00)="4307ed2e", 0x4}], 0x2}, 0x4) 1.163506232s ago: executing program 3 (id=3592): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xe, 0x3, &(0x7f0000000000)=@framed={{0x72, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0x6b}}, 0x0}, 0x94) r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000)) r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], 0x0}, 0x94) r4 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_ifreq(r0, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newlink={0x58, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_VFINFO_LIST={0x30, 0x16, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@IFLA_VF_MAC={0x28, 0x1, {0x0, @local}}]}]}, @IFLA_GROUP={0x8}]}, 0x58}}, 0x0) 1.063228237s ago: executing program 5 (id=3593): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r2) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x4e, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}}, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000700)=@newtfilter={0x44, 0x2c, 0xd3f, 0x70b524, 0x25dfdbfb, {0x0, 0x0, 0x0, r8, {0xfff3, 0xffe0}, {}, {0x7, 0xfff2}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x172fd}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4008848}, 0xc884) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r9, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)='\'', 0x20}], 0x1}, 0x4) 824.752146ms ago: executing program 4 (id=3594): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={0x0}, 0x1, 0x0, 0x0, 0x4008848}, 0xc884) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syz_tun\x00'}) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e22, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@newlink={0x30, 0x10, 0x1, 0x70bd25, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, 0x48815, 0x40103}, [@IFLA_GROUP={0x8}, @IFLA_TXQLEN={0x8, 0xd, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000) 796.078074ms ago: executing program 3 (id=3595): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='freezer.self_freezing\x00', 0x0, 0x0) r3 = socket(0x840000000002, 0x3, 0xff) sendmmsg$inet(r3, &(0x7f0000000b00)=[{{&(0x7f00000001c0)={0x2, 0x0, @remote}, 0x10, 0x0}}], 0x1, 0x24000800) sendmsg$nl_route(r2, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=@ipv6_getrule={0x1c, 0x22, 0x10, 0x70bd2d, 0x25dfdbff, {0xa, 0x80, 0x10, 0x30, 0x3, 0x0, 0x0, 0x1, 0x2}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004004}, 0x40800) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="01002abd7000000000003900000008000300", @ANYRES32=r4, @ANYBLOB="14005a8010000182040001000500020008000000"], 0x30}, 0x1, 0x0, 0x0, 0x400c040}, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000180)={r5, r5, 0x3, 0x1, &(0x7f0000000000)="f4", 0x9, 0xb, 0x10cf, 0x5500, 0xc336, 0x1, 0xf, 'syz1\x00'}) 627.568049ms ago: executing program 2 (id=3596): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='cdg', 0x3) sendmmsg$inet(r0, &(0x7f0000003e80)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000100)="879cc2c159a353f433adae119a33ce80108a7c36e78f3b935a81317bd3081e3113fa96bed0957516f72295f1cf1021f82e67c56aee3559aceb87e8395e4eccf01183f34b6f4a7271ef131e7bc254f2c26ac53bde07a05cdcd627670147c5eff940a65c897dc91ffbf45c3899a2d2fd05a0f6e75cebdda40b95edc95d5396dd144c959050f6fe052cabc0255b", 0x8c}, {0x0}, {&(0x7f0000000280)="9d30ae87c0c688e817702ea9ea352b833effebe4164a19147aee34e946c5dd3db4f1e45bc27a0ff10b6604f9b9cc2dd46d8d4e169c584af41b526269991caae6128a06afc93ed4f28a1ae649e4532cce0bb7a968dbe29f9c67df6e94196b377d4fafc09b1ec60618b7f3c2a3e630339cb70c1cb97c", 0x75}, {&(0x7f0000000300)="82038646e9af293f5ac5b0d21e27c27f3d71836b75e99ba3c728216446f3aeb595e98335a77fd317ac305f311c9507934839abef2b3aa0d9710ede11b5f580dd6d0f645e85d7ab150898b89411b3593de4c738c710676979b9bd053ceb01b700eda2f6028d7d75bd5ee6fc7535546232a166dcc7498f5997fd2da019eb055824f48f", 0x82}, {&(0x7f0000000040)="edc5ee757447a8204a1c69cd08255ffa0791edf5348d6950d7b99cdfb310fa449a", 0x21}, {&(0x7f0000000500)="59414f09bcc64d8b964bd14b7b45931ee3e904474f0c99dfbe7d7d36b775a37d0c9e45aac73e67543637f2f9c288f5eb863e739b30e9c7cbee1592a29889f951b251f58777bd", 0x46}], 0x6}}], 0x1, 0x4c054) 626.31337ms ago: executing program 3 (id=3597): r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x0, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0x0, 0xd}, {0xffff, 0xb}, {0x4, 0xfff2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_WASH={0x8, 0xd, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240040a1}, 0x4890) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x8, r6, 0x17}, 0x80, &(0x7f0000000480)=[{&(0x7f00000002c0)='\'', 0x1}], 0x1}, 0x4) 603.232427ms ago: executing program 0 (id=3598): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x4361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}}, 0x0) 413.773801ms ago: executing program 2 (id=3599): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r0, 0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000140)='%-010d \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000001c0)={r1}, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x10, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000000000000000000005000000b7080000000000007b8af8ff00000000b70800000e0000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$sock(r3, &(0x7f0000001940)={0x0, 0x0, 0x0}, 0x20000000) 402.69893ms ago: executing program 1 (id=3402): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)={0x38, 0x0, 0x60b, 0x70bd28, 0x4000, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x3}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x6}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}]}, 0x38}, 0x1, 0x8000000, 0x0, 0x4004}, 0x0) 49.3667ms ago: executing program 1 (id=3601): socket(0xa, 0x1, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000200), r1) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f00000002c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010029bd7000fbdbdf25010000000c00020000000000000000001c0007801800018008000100", @ANYBLOB="04"], 0x3c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000) sendto$inet(r0, 0x0, 0x0, 0x200047f9, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) 0s ago: executing program 2 (id=3602): socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet_sctp(0x2, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000000000000000000000000001850000002c00000095000000000000004495e980d4ab43a654dbda1289491fde9751ca443daaa97c18e213"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x70) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket$kcm(0x2, 0x3, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_udp(0xa, 0x2, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000001440), 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x0) socket$inet(0xa, 0x801, 0x84) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x1c9241, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)) r0 = socket$packet(0x11, 0x3, 0x300) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) setsockopt$packet_int(r0, 0x107, 0x14, 0x0, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) kernel console output (not intermixed with test programs): 288.363964][ T7919] netlink: 216 bytes leftover after parsing attributes in process `syz.4.593'. [ 288.460581][ T7919] netlink: 24 bytes leftover after parsing attributes in process `syz.4.593'. [ 289.367991][ T7942] syzkaller0: entered promiscuous mode [ 289.402979][ T7942] syzkaller0: entered allmulticast mode [ 290.523639][ T7979] netlink: 16 bytes leftover after parsing attributes in process `syz.5.617'. [ 291.765131][ T7993] netlink: 8 bytes leftover after parsing attributes in process `syz.1.621'. [ 291.815360][ T7993] netlink: 28 bytes leftover after parsing attributes in process `syz.1.621'. [ 291.875060][ T7993] ip6gretap1: entered allmulticast mode [ 291.980044][ T8003] netlink: 12 bytes leftover after parsing attributes in process `syz.2.626'. [ 292.133025][ T8007] netlink: 'syz.3.629': attribute type 3 has an invalid length. [ 292.296889][ T8011] netlink: 52 bytes leftover after parsing attributes in process `syz.1.630'. [ 292.804468][ T8033] netlink: 20 bytes leftover after parsing attributes in process `syz.1.638'. [ 292.854868][ T8033] xt_hashlimit: size too large, truncated to 1048576 [ 292.872212][ T8033] xt_hashlimit: overflow, try lower: 0/0 [ 292.904433][ T8033] syz_tun: entered allmulticast mode [ 292.972668][ T8037] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.640'. [ 293.008419][ T8032] syz_tun: left allmulticast mode [ 293.242229][ T8040] nbd: couldn't find a device at index 0 [ 294.351142][ T8075] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 294.383365][ T8077] syzkaller1: entered promiscuous mode [ 294.388880][ T8077] syzkaller1: entered allmulticast mode [ 294.421305][ T8080] netlink: 12 bytes leftover after parsing attributes in process `syz.4.660'. [ 294.983790][ T8092] syzkaller0: entered promiscuous mode [ 294.990672][ T8092] syzkaller0: entered allmulticast mode [ 295.049576][ T8096] sit1: entered allmulticast mode [ 295.289994][ T8109] netlink: 12 bytes leftover after parsing attributes in process `syz.0.672'. [ 295.413521][ T8112] netlink: 20 bytes leftover after parsing attributes in process `syz.0.672'. [ 295.532313][ T8112] bond2: (slave bridge1): Enslaving as an active interface with an up link [ 295.593475][ T8109] 8021q: adding VLAN 0 to HW filter on device bond2 [ 295.602944][ T8120] __nla_validate_parse: 1 callbacks suppressed [ 295.602971][ T8120] netlink: 8 bytes leftover after parsing attributes in process `syz.4.674'. [ 296.128435][ T8134] netlink: 12 bytes leftover after parsing attributes in process `syz.4.682'. [ 297.010489][ T8151] syzkaller0: entered promiscuous mode [ 297.065225][ T8151] syzkaller0: entered allmulticast mode [ 297.536592][ T8175] af_packet: tpacket_rcv: packet too big, clamped from 39 to 4294967272. macoff=96 [ 297.642233][ T8176] netlink: 'syz.2.690': attribute type 1 has an invalid length. [ 298.065060][ T8187] netlink: 4 bytes leftover after parsing attributes in process `syz.3.694'. [ 299.153401][ T8182] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 299.182727][ T8194] syzkaller0: entered promiscuous mode [ 299.232391][ T8194] syzkaller0: entered allmulticast mode [ 299.288375][ T8219] netlink: 24 bytes leftover after parsing attributes in process `syz.4.697'. [ 299.674502][ T8227] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.774189][ T8227] bridge_slave_1 (unregistering): left allmulticast mode [ 299.792575][ T8227] bridge_slave_1 (unregistering): left promiscuous mode [ 299.821939][ T8227] bridge0: port 2(bridge_slave_1) entered disabled state [ 300.587871][ T8259] syzkaller0: entered promiscuous mode [ 300.618754][ T8259] syzkaller0: entered allmulticast mode [ 300.661797][ T8259] tc action pedit offset must be on 32 bit boundaries [ 301.147467][ T8282] syzkaller0: entered promiscuous mode [ 301.177805][ T8286] netlink: 8 bytes leftover after parsing attributes in process `syz.3.727'. [ 301.183357][ T8282] syzkaller0: entered allmulticast mode [ 301.204138][ T8286] netlink: 8 bytes leftover after parsing attributes in process `syz.3.727'. [ 301.465354][ T8296] tipc: Started in network mode [ 301.470271][ T8296] tipc: Node identity ac14142f, cluster identity 4711 [ 301.500428][ T8296] tipc: New replicast peer: 0.0.0.0 [ 301.525024][ T8296] tipc: Enabled bearer , priority 10 [ 301.636580][ T8305] Bluetooth: MGMT ver 1.23 [ 302.101225][ T8321] syzkaller0: entered promiscuous mode [ 302.144150][ T8321] syzkaller0: entered allmulticast mode [ 302.188054][ T8327] netlink: 8 bytes leftover after parsing attributes in process `syz.0.742'. [ 302.306461][ T8332] syzkaller0: entered promiscuous mode [ 302.337568][ T8332] syzkaller0: entered allmulticast mode [ 302.647825][ T8342] netlink: 'syz.2.748': attribute type 3 has an invalid length. [ 302.652152][ T5811] tipc: Node number set to 2886997039 [ 303.079842][ T8357] syzkaller0: entered promiscuous mode [ 303.105002][ T8357] syzkaller0: entered allmulticast mode [ 303.378641][ T8365] bridge_slave_0: left allmulticast mode [ 303.409043][ T8365] bridge_slave_0: left promiscuous mode [ 303.433455][ T8365] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.601845][ T10] IPVS: starting estimator thread 0... [ 303.751507][ T8395] IPVS: using max 25 ests per chain, 60000 per kthread [ 303.764797][ T8365] bridge_slave_1: left allmulticast mode [ 303.802373][ T8399] netlink: 'syz.1.759': attribute type 1 has an invalid length. [ 303.835515][ T8365] bridge_slave_1: left promiscuous mode [ 303.882913][ T8365] bridge0: port 2(bridge_slave_1) entered disabled state [ 303.978893][ T8401] netlink: 20 bytes leftover after parsing attributes in process `syz.1.759'. [ 304.066145][ T8365] bond0: (slave bond_slave_0): Releasing backup interface [ 304.077091][ T8403] netlink: 28 bytes leftover after parsing attributes in process `syz.1.759'. [ 304.118275][ T8365] bond0: (slave bond_slave_1): Releasing backup interface [ 304.218953][ T8365] team0: Port device team_slave_0 removed [ 304.279593][ T8365] team0: Port device team_slave_1 removed [ 304.308384][ T8365] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 304.333630][ T8365] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 304.345212][ T8365] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 304.353101][ T8365] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 304.374649][ T8365] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 304.493366][ T8411] nbd2: detected capacity change from 0 to 63 [ 304.509011][ T5839] block nbd2: Receive control failed (result -104) [ 304.563136][ T8401] bond1: (slave bridge1): making interface the new active one [ 304.573947][ T8401] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 304.592420][ T8403] 8021q: adding VLAN 0 to HW filter on device bond1 [ 304.906068][ T8431] nbd: couldn't find a device at index 1 [ 305.318020][ T8444] netlink: 8 bytes leftover after parsing attributes in process `syz.2.775'. [ 305.346737][ T8444] bond0: Unable to set down delay as MII monitoring is disabled [ 305.863372][ T8451] syzkaller0: entered promiscuous mode [ 305.887984][ T8451] syzkaller0: entered allmulticast mode [ 306.500702][ T8476] netlink: 8 bytes leftover after parsing attributes in process `syz.5.788'. [ 306.512172][ T8476] netlink: 8 bytes leftover after parsing attributes in process `syz.5.788'. [ 306.832026][ T8489] netlink: 4 bytes leftover after parsing attributes in process `syz.5.793'. [ 307.433279][ T8505] syzkaller0: entered promiscuous mode [ 307.461506][ T8505] syzkaller0: entered allmulticast mode [ 307.822034][ T8523] tipc: Started in network mode [ 307.856591][ T8523] tipc: Node identity 84e, cluster identity 4711 [ 307.883355][ T8523] tipc: Node number set to 2126 [ 308.338981][ T8533] netlink: 12 bytes leftover after parsing attributes in process `syz.0.809'. [ 308.405053][ T8533] vlan2: entered promiscuous mode [ 308.412503][ T8533] team0: entered promiscuous mode [ 308.417612][ T8533] team_slave_0: entered promiscuous mode [ 308.431795][ T8533] team_slave_1: entered promiscuous mode [ 308.937432][ T8552] ipvlan2: entered promiscuous mode [ 308.967321][ T8552] ipvlan2: entered allmulticast mode [ 308.993430][ T8552] vlan1: entered allmulticast mode [ 309.008822][ T8552] veth0_vlan: entered allmulticast mode [ 309.020253][ T8552] team0: Device ipvlan2 is up. Set it down before adding it as a team port [ 309.685989][ T8576] netlink: 56 bytes leftover after parsing attributes in process `syz.0.826'. [ 309.724089][ T8576] netlink: 8 bytes leftover after parsing attributes in process `syz.0.826'. [ 309.864577][ T8583] x_tables: ip6_tables: udplite match: only valid for protocol 136 [ 310.587635][ T8605] netlink: 48 bytes leftover after parsing attributes in process `syz.3.839'. [ 310.753750][ T8605] ip6gre1: entered promiscuous mode [ 310.788489][ T8605] ip6gre1: entered allmulticast mode [ 311.266451][ T8631] IPVS: set_ctl: invalid protocol: 51 172.20.20.170:20001 [ 311.355508][ T8631] netlink: 8 bytes leftover after parsing attributes in process `syz.4.848'. [ 311.457051][ T8639] netlink: 12 bytes leftover after parsing attributes in process `syz.4.848'. [ 311.481514][ T8639] netlink: 12 bytes leftover after parsing attributes in process `syz.4.848'. [ 312.446360][ T8659] team0: entered allmulticast mode [ 312.463621][ T8659] team_slave_0: entered allmulticast mode [ 312.480604][ T8659] team_slave_1: entered allmulticast mode [ 313.842591][ T8696] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 313.849478][ T8696] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 313.861973][ T8699] netlink: 4 bytes leftover after parsing attributes in process `syz.2.875'. [ 314.521999][ T8710] IPVS: Scheduler module ip_vs_ not found [ 314.536919][ T8715] IPVS: length: 24 != 73752 [ 315.295189][ T8731] nbd: couldn't find a device at index 0 [ 316.437821][ T8753] netlink: 24 bytes leftover after parsing attributes in process `syz.3.895'. [ 316.566665][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.709469][ T8758] netlink: 180 bytes leftover after parsing attributes in process `syz.0.897'. [ 317.233939][ T8769] lo speed is unknown, defaulting to 1000 [ 317.261696][ T8769] lo speed is unknown, defaulting to 1000 [ 317.270786][ T8769] lo speed is unknown, defaulting to 1000 [ 317.277327][ T8772] netlink: 20 bytes leftover after parsing attributes in process `syz.0.902'. [ 317.317850][ T8769] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 317.320333][ T8772] netlink: 20 bytes leftover after parsing attributes in process `syz.0.902'. [ 317.361210][ T8769] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 317.536913][ T8769] lo speed is unknown, defaulting to 1000 [ 317.557342][ T8769] lo speed is unknown, defaulting to 1000 [ 317.577281][ T8769] lo speed is unknown, defaulting to 1000 [ 317.598680][ T8769] lo speed is unknown, defaulting to 1000 [ 317.668189][ T8769] lo speed is unknown, defaulting to 1000 [ 317.712971][ T8769] lo speed is unknown, defaulting to 1000 [ 317.968954][ T8781] syzkaller0: entered promiscuous mode [ 317.988062][ T8781] syzkaller0: entered allmulticast mode [ 318.115718][ T8789] netlink: 'syz.0.909': attribute type 3 has an invalid length. [ 321.205672][ T8805] lo speed is unknown, defaulting to 1000 [ 321.406473][ T8839] vcan0: tx address claim with different name [ 321.479003][ T8843] netlink: 36 bytes leftover after parsing attributes in process `syz.1.930'. [ 321.547699][ T1206] IPVS: starting estimator thread 0... [ 321.579056][ T8840] syzkaller0: entered promiscuous mode [ 321.584979][ T8840] syzkaller0: entered allmulticast mode [ 321.641632][ T8850] IPVS: using max 23 ests per chain, 55200 per kthread [ 323.450352][ T8881] pim6reg: entered allmulticast mode [ 323.497363][ T8884] pim6reg: left allmulticast mode [ 323.634179][ T8881] gre0: entered promiscuous mode [ 323.651328][ T8881] gre0: entered allmulticast mode [ 323.713301][ T8881] netlink: 4 bytes leftover after parsing attributes in process `syz.5.940'. [ 324.353816][ T8892] syzkaller0: entered promiscuous mode [ 324.359356][ T8892] syzkaller0: entered allmulticast mode [ 325.352913][ T8899] netlink: 1320 bytes leftover after parsing attributes in process `syz.4.944'. [ 326.322115][ T5916] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 326.484709][ T5916] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 326.511524][ T5916] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 326.555792][ T5916] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 326.582238][ T5916] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 326.610325][ T5916] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 326.659484][ T5916] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 326.696536][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 326.716287][ T5916] usb 4-1: Product: syz [ 326.720615][ T5916] usb 4-1: Manufacturer: syz [ 326.746262][ T5916] cdc_wdm 4-1:1.0: skipping garbage [ 326.759905][ T5916] cdc_wdm 4-1:1.0: skipping garbage [ 326.776306][ T5916] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 326.783005][ T5916] cdc_wdm 4-1:1.0: Unknown control protocol [ 327.285200][ T7517] wlan1: Trigger new scan to find an IBSS to join [ 328.611585][ T5811] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 328.795724][ T5811] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 328.809352][ T5811] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 328.831081][ T5811] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 328.852037][ T5811] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 328.882382][ T8954] pim6reg: entered allmulticast mode [ 328.883225][ T5811] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 328.919388][ T8954] pim6reg: left allmulticast mode [ 328.943281][ T5811] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 328.955908][ T5811] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 328.964963][ T5811] usb 1-1: Product: syz [ 328.969292][ T5811] usb 1-1: Manufacturer: syz [ 328.985723][ T5811] cdc_wdm 1-1:1.0: skipping garbage [ 328.992456][ T5811] cdc_wdm 1-1:1.0: skipping garbage [ 329.006659][ T5811] cdc_wdm 1-1:1.0: cdc-wdm1: USB WDM device [ 329.013162][ T5811] cdc_wdm 1-1:1.0: Unknown control protocol [ 329.036298][ T8954] gre0: entered promiscuous mode [ 329.053225][ T8954] gre0: entered allmulticast mode [ 329.129315][ T5916] usb 4-1: USB disconnect, device number 2 [ 329.162876][ T8954] netlink: 4 bytes leftover after parsing attributes in process `syz.4.960'. [ 329.230991][ T5811] usb 1-1: USB disconnect, device number 4 [ 330.321863][ T50] wlan1: Trigger new scan to find an IBSS to join [ 331.157810][ T8932] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 331.275144][ T13] wlan1: Creating new IBSS network, BSSID 00:00:00:8d:00:00 [ 331.576512][ T8980] syzkaller0: entered promiscuous mode [ 331.609621][ T8980] syzkaller0: entered allmulticast mode [ 331.717444][ T8984] netlink: 44 bytes leftover after parsing attributes in process `syz.2.971'. [ 331.842424][ T52] Bluetooth: hci5: command 0x0406 tx timeout [ 331.855545][ T8991] tipc: Started in network mode [ 331.860810][ T8991] tipc: Node identity ae3888513ba5, cluster identity 4711 [ 331.876473][ T8991] tipc: Enabled bearer , priority 0 [ 331.890227][ T8992] syzkaller0: entered promiscuous mode [ 331.927944][ T8992] syzkaller0: entered allmulticast mode [ 332.106308][ T9006] netlink: 20 bytes leftover after parsing attributes in process `syz.5.977'. [ 333.133842][ T8983] tipc: Resetting bearer [ 333.148737][ T8983] tipc: Disabling bearer [ 333.171587][ T1206] tipc: Node number set to 2510129233 [ 333.464890][ T9022] netlink: 4 bytes leftover after parsing attributes in process `syz.1.994'. [ 333.543234][ T9028] pim6reg: entered allmulticast mode [ 333.594853][ T9028] team0: left allmulticast mode [ 333.609884][ T9028] team_slave_0: left allmulticast mode [ 333.637925][ T9028] team_slave_1: left allmulticast mode [ 333.663683][ T9028] pim6reg: left allmulticast mode [ 333.737607][ T9037] IPVS: set_ctl: invalid protocol: 51 172.20.20.170:20001 [ 333.829658][ T9037] netlink: 8 bytes leftover after parsing attributes in process `syz.0.983'. [ 333.884395][ T9036] gre0: entered promiscuous mode [ 333.900169][ T9036] gre0: entered allmulticast mode [ 333.944564][ T9039] netlink: 4 bytes leftover after parsing attributes in process `syz.3.984'. [ 334.102128][ T9029] netlink: 12 bytes leftover after parsing attributes in process `syz.0.983'. [ 334.171694][ T9029] netlink: 12 bytes leftover after parsing attributes in process `syz.0.983'. [ 334.627198][ T9049] vcan0: tx address claim with dlc 0 [ 334.915391][ T9057] netlink: 'syz.1.992': attribute type 1 has an invalid length. [ 334.952605][ T9057] netlink: 224 bytes leftover after parsing attributes in process `syz.1.992'. [ 335.000832][ T9060] netlink: 4 bytes leftover after parsing attributes in process `syz.4.996'. [ 335.057863][ T9060] netlink: 28 bytes leftover after parsing attributes in process `syz.4.996'. [ 335.123449][ T25] block nbd2: Possible stuck request ffff888027d20000: control (read@0,1024B). Runtime 30 seconds [ 335.140176][ T25] block nbd2: Possible stuck request ffff888027d20200: control (read@1024,1024B). Runtime 30 seconds [ 335.156470][ T25] block nbd2: Possible stuck request ffff888027d20400: control (read@2048,1024B). Runtime 30 seconds [ 335.167457][ T25] block nbd2: Possible stuck request ffff888027d20600: control (read@3072,1024B). Runtime 30 seconds [ 335.361095][ T9067] tipc: Started in network mode [ 335.366382][ T9067] tipc: Node identity 5a1fdc4e49d, cluster identity 4711 [ 335.376659][ T9067] tipc: Enabled bearer , priority 0 [ 335.390758][ T9064] syzkaller0: entered promiscuous mode [ 335.401625][ T9064] syzkaller0: entered allmulticast mode [ 335.478106][ T9064] tipc: Resetting bearer [ 335.501675][ T9070] netlink: 'syz.1.997': attribute type 11 has an invalid length. [ 335.509463][ T9070] netlink: 'syz.1.997': attribute type 23 has an invalid length. [ 335.537915][ T9063] tipc: Resetting bearer [ 335.567984][ T9070] netlink: 224 bytes leftover after parsing attributes in process `syz.1.997'. [ 335.652517][ T9063] tipc: Disabling bearer [ 336.567593][ T9091] nbd: couldn't find a device at index 1 [ 336.669091][ T9093] vlan0: entered promiscuous mode [ 336.701041][ T9093] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 337.108028][ T9105] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1012'. [ 337.120801][ T9106] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1011'. [ 337.537999][ T9105] sit2: entered allmulticast mode [ 337.792804][ T9109] syzkaller0: entered promiscuous mode [ 337.820634][ T9109] syzkaller0: entered allmulticast mode [ 337.836663][ T5916] IPVS: starting estimator thread 0... [ 337.895421][ T9109] 0: reclassify loop, rule prio 0, protocol 800 [ 337.971508][ T9112] IPVS: using max 23 ests per chain, 55200 per kthread [ 338.332566][ T9123] syzkaller0: entered promiscuous mode [ 338.338092][ T9123] syzkaller0: entered allmulticast mode [ 338.431747][ T9125] netlink: 65173 bytes leftover after parsing attributes in process `syz.1.1020'. [ 338.705736][ T7521] wlan1: Selected IBSS BSSID 00:00:00:8d:00:00 based on configured SSID [ 339.784057][ T9154] netlink: 'syz.2.1028': attribute type 4 has an invalid length. [ 339.821069][ T5916] lo speed is unknown, defaulting to 1000 [ 339.828514][ T5916] syz2: Port: 1 Link DOWN [ 339.919631][ T12] wlan1: Selected IBSS BSSID 00:00:00:8d:00:00 based on configured SSID [ 340.149919][ T9129] lec:lec_atm_close: lec0: Shut down! [ 340.261111][ T9164] syzkaller0: entered promiscuous mode [ 340.300109][ T9164] syzkaller0: entered allmulticast mode [ 340.361823][ T9164] 0: reclassify loop, rule prio 0, protocol 800 [ 340.861803][ T9179] syzkaller0: entered promiscuous mode [ 340.891573][ T9179] syzkaller0: entered allmulticast mode [ 342.002772][ T9217] pim6reg: entered allmulticast mode [ 342.009789][ T9189] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 342.075992][ T9217] pim6reg: left allmulticast mode [ 342.289593][ T9221] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1045'. [ 342.649008][ T9227] netlink: 'syz.4.1046': attribute type 2 has an invalid length. [ 342.681764][ T9227] netlink: 'syz.4.1046': attribute type 2 has an invalid length. [ 342.742383][ T10] lec:lec_start_xmit: lec0:No lecd attached [ 343.284095][ T1161] wlan1: Trigger new scan to find an IBSS to join [ 343.898524][ T9260] xt_hashlimit: size too large, truncated to 1048576 [ 343.950233][ T9266] ¾x9ÿ: renamed from bridge_slave_0 (while UP) [ 344.019846][ T9268] nbd: couldn't find a device at index 0 [ 344.272870][ T9278] gre0: entered promiscuous mode [ 344.277966][ T9278] gre0: entered allmulticast mode [ 344.458191][ T9233] lec:lec_atm_close: lec0: Shut down! [ 344.717332][ T9286] batadv_slave_0: entered promiscuous mode [ 345.451597][ T9285] batadv_slave_0: left promiscuous mode [ 345.837526][ T9318] nbd3: detected capacity change from 0 to 63 [ 345.864892][ T5839] block nbd3: Receive control failed (result -32) [ 345.864891][ T52] block nbd3: Receive control failed (result -32) [ 345.879408][ T6939] block nbd3: Receive control failed (result -32) [ 346.002763][ T7138] block nbd3: Dead connection, failed to find a fallback [ 346.024299][ T7138] block nbd3: shutting down sockets [ 346.068794][ T7138] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 346.098676][ T9335] lo speed is unknown, defaulting to 1000 [ 346.127405][ T7138] Buffer I/O error on dev nbd3, logical block 0, async page read [ 346.164455][ T9340] bond0: entered promiscuous mode [ 346.192444][ T7138] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 346.215463][ T9340] bond_slave_0: entered promiscuous mode [ 346.221352][ T9340] bond_slave_1: entered promiscuous mode [ 346.252674][ T7138] Buffer I/O error on dev nbd3, logical block 1, async page read [ 346.260501][ T7138] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 346.267780][ T9340] batadv0: entered promiscuous mode [ 346.291974][ T9340] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 346.321561][ T7521] wlan1: Trigger new scan to find an IBSS to join [ 346.331493][ T7138] Buffer I/O error on dev nbd3, logical block 2, async page read [ 346.339332][ T7138] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 346.408876][ T9348] ip6gretap2: entered allmulticast mode [ 346.421542][ T7138] Buffer I/O error on dev nbd3, logical block 3, async page read [ 346.429381][ T7138] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 346.482588][ T7138] Buffer I/O error on dev nbd3, logical block 0, async page read [ 346.521574][ T7138] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 346.557939][ T7138] Buffer I/O error on dev nbd3, logical block 1, async page read [ 346.573263][ T9344] lo speed is unknown, defaulting to 1000 [ 346.581735][ T7138] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 346.597469][ T7138] Buffer I/O error on dev nbd3, logical block 2, async page read [ 346.606733][ T7138] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 346.616378][ T7138] Buffer I/O error on dev nbd3, logical block 3, async page read [ 346.625436][ T7138] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 346.635118][ T7138] Buffer I/O error on dev nbd3, logical block 0, async page read [ 346.643626][ T7138] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 346.653945][ T7138] Buffer I/O error on dev nbd3, logical block 1, async page read [ 346.663848][ T7138] ldm_validate_partition_table(): Disk read failed. [ 346.674367][ T7138] Dev nbd3: unable to read RDB block 0 [ 346.680702][ T7138] nbd3: unable to read partition table [ 346.692690][ T7138] ldm_validate_partition_table(): Disk read failed. [ 346.700049][ T7138] Dev nbd3: unable to read RDB block 0 [ 346.706688][ T7138] nbd3: unable to read partition table [ 347.631614][ T9379] batadv_slave_0: entered promiscuous mode [ 348.086446][ T9357] lec:lec_atm_close: lec0: Shut down! [ 348.156814][ T9378] batadv_slave_0: left promiscuous mode [ 349.279496][ T9430] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1105'. [ 349.289583][ T7517] wlan1: Creating new IBSS network, BSSID 00:00:00:8d:00:00 [ 350.016498][ T9449] syzkaller0: entered promiscuous mode [ 350.022060][ T9449] syzkaller0: entered allmulticast mode [ 350.546038][ T9467] batadv_slave_0: entered promiscuous mode [ 350.721617][ T5839] Bluetooth: hci2: command 0x0406 tx timeout [ 350.727775][ T6939] Bluetooth: hci2: Opcode 0x0401 failed: -110 [ 351.153300][ T9465] batadv_slave_0: left promiscuous mode [ 351.320431][ T9485] netlink: 'syz.0.1120': attribute type 1 has an invalid length. [ 351.344340][ T9485] netlink: 240 bytes leftover after parsing attributes in process `syz.0.1120'. [ 351.369609][ T9487] syzkaller0: entered promiscuous mode [ 351.382785][ T9487] syzkaller0: entered allmulticast mode [ 351.894246][ T9498] pim6reg: entered allmulticast mode [ 351.899921][ T9501] pim6reg: left allmulticast mode [ 352.191727][ T9508] syzkaller0: entered promiscuous mode [ 352.197936][ T9508] syzkaller0: entered allmulticast mode [ 352.241842][ T9507] lo speed is unknown, defaulting to 1000 [ 353.132722][ T9536] syzkaller0: entered promiscuous mode [ 353.138258][ T9536] syzkaller0: entered allmulticast mode [ 353.281472][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5200 ms [ 353.290361][ C0] lec:lec_tx_timeout: lec0 [ 353.295780][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 353.853955][ T9562] syzkaller0: entered promiscuous mode [ 353.859701][ T9562] syzkaller0: entered allmulticast mode [ 354.256365][ T9579] batadv_slave_0: entered promiscuous mode [ 354.278878][ T9578] batadv_slave_0: left promiscuous mode [ 354.947572][ T9599] lo speed is unknown, defaulting to 1000 [ 355.136793][ T9601] syzkaller0: entered promiscuous mode [ 355.151543][ T9601] syzkaller0: entered allmulticast mode [ 355.884772][ T9621] syzkaller0: entered promiscuous mode [ 355.891632][ T9621] syzkaller0: entered allmulticast mode [ 356.366550][ T9641] syzkaller0: entered promiscuous mode [ 356.375847][ T9641] syzkaller0: entered allmulticast mode [ 356.510737][ T9554] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 356.543314][ T9571] netlink: 'syz.4.1150': attribute type 1 has an invalid length. [ 356.571773][ T9571] netlink: 240 bytes leftover after parsing attributes in process `syz.4.1150'. [ 357.278405][ T9673] batadv_slave_0: entered promiscuous mode [ 357.306843][ T9673] batadv_slave_0: left promiscuous mode [ 357.717213][ T9683] syzkaller0: entered promiscuous mode [ 357.731978][ T9683] syzkaller0: entered allmulticast mode [ 358.052422][ T9694] syzkaller0: entered promiscuous mode [ 358.070155][ T9694] syzkaller0: entered allmulticast mode [ 358.321846][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5020 ms [ 358.329927][ C0] lec:lec_tx_timeout: lec0 [ 358.335202][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 359.331326][ T9737] lo speed is unknown, defaulting to 1000 [ 360.247233][ T9765] syzkaller0: entered promiscuous mode [ 360.253025][ T9765] syzkaller0: entered allmulticast mode [ 362.882537][ T9843] lo speed is unknown, defaulting to 1000 [ 363.341400][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 363.349497][ C0] lec:lec_tx_timeout: lec0 [ 363.354406][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 363.808905][ T9887] syzkaller0: entered promiscuous mode [ 363.852659][ T9887] syzkaller0: entered allmulticast mode [ 365.212268][ T25] block nbd2: Possible stuck request ffff888027d20000: control (read@0,1024B). Runtime 60 seconds [ 365.223313][ T25] block nbd2: Possible stuck request ffff888027d20200: control (read@1024,1024B). Runtime 60 seconds [ 365.234501][ T25] block nbd2: Possible stuck request ffff888027d20400: control (read@2048,1024B). Runtime 60 seconds [ 365.245684][ T25] block nbd2: Possible stuck request ffff888027d20600: control (read@3072,1024B). Runtime 60 seconds [ 366.479322][ T9883] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 366.707954][ T9950] openvswitch: netlink: Flow actions attr not present in new flow. [ 367.727431][ T9999] openvswitch: netlink: Flow actions attr not present in new flow. [ 368.362348][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 368.370422][ C0] lec:lec_tx_timeout: lec0 [ 368.376104][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 369.166196][T10056] syzkaller0: entered promiscuous mode [ 369.187629][T10056] syzkaller0: entered allmulticast mode [ 369.199330][T10064] openvswitch: netlink: Flow key attr not present in new flow. [ 369.216961][T10060] syzkaller0: entered promiscuous mode [ 369.222935][T10060] syzkaller0: entered allmulticast mode [ 369.530191][T10073] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1314'. [ 369.546546][T10073] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1314'. [ 370.006444][ T1147] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 370.294853][T10097] openvswitch: netlink: Flow key attr not present in new flow. [ 370.586155][T10001] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 371.195129][T10138] openvswitch: netlink: Flow key attr not present in new flow. [ 371.503258][T10134] lo speed is unknown, defaulting to 1000 [ 371.858602][T10156] syzkaller0: entered promiscuous mode [ 371.879598][T10156] syzkaller0: entered allmulticast mode [ 371.988802][T10157] syzkaller0: entered promiscuous mode [ 371.998340][T10157] syzkaller0: entered allmulticast mode [ 372.180954][T10178] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 373.047765][T10209] syzkaller0: entered promiscuous mode [ 373.053539][T10209] syzkaller0: entered allmulticast mode [ 373.196342][T10214] syzkaller0: entered promiscuous mode [ 373.203187][T10214] syzkaller0: entered allmulticast mode [ 373.313572][T10217] xt_hashlimit: size too large, truncated to 1048576 [ 373.320372][T10217] xt_hashlimit: overflow, try lower: 0/0 [ 373.377939][T10219] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 373.391434][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 373.399472][ C0] lec:lec_tx_timeout: lec0 [ 373.404278][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 373.563454][T10226] IPVS: length: 24 != 73752 [ 373.927372][T10233] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.1376'. [ 374.687838][T10159] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 374.707519][T10216] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1369'. [ 375.025776][T10243] syzkaller0: entered promiscuous mode [ 375.051496][T10243] syzkaller0: entered allmulticast mode [ 375.242271][T10255] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 375.384481][T10249] syzkaller0: entered promiscuous mode [ 375.391492][T10249] syzkaller0: entered allmulticast mode [ 377.344032][T10314] syzkaller0: entered promiscuous mode [ 377.350258][T10314] syzkaller0: entered allmulticast mode [ 378.032615][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.411415][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 378.419533][ C0] lec:lec_tx_timeout: lec0 [ 378.424229][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 378.673458][T10287] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 380.569383][T10429] xt_hashlimit: size too large, truncated to 1048576 [ 380.593386][T10429] xt_hashlimit: overflow, try lower: 0/0 [ 381.841994][ T37] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 382.459387][T10496] syzkaller0: entered promiscuous mode [ 382.465397][T10496] syzkaller0: entered allmulticast mode [ 382.658384][T10398] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 382.668253][T10426] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1442'. [ 382.995884][T10517] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1481'. [ 383.431409][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 383.439545][ C0] lec:lec_tx_timeout: lec0 [ 383.444606][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 383.556300][T10534] batadv_slave_0: entered promiscuous mode [ 383.583589][T10534] batadv_slave_0: left promiscuous mode [ 384.779856][T10590] batadv_slave_0: entered promiscuous mode [ 384.787415][T10590] batadv_slave_0: left promiscuous mode [ 385.123151][T10601] lo speed is unknown, defaulting to 1000 [ 385.928464][T10634] batadv_slave_0: entered promiscuous mode [ 385.946355][T10634] batadv_slave_0: left promiscuous mode [ 386.532917][T10655] syzkaller0: entered promiscuous mode [ 386.539689][T10655] syzkaller0: entered allmulticast mode [ 386.808323][T10551] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 388.129524][T10685] batadv_slave_0: entered promiscuous mode [ 388.149598][T10689] batadv_slave_0: left promiscuous mode [ 388.451397][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 388.459501][ C0] lec:lec_tx_timeout: lec0 [ 388.465110][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 388.592776][T10703] lo speed is unknown, defaulting to 1000 [ 389.506648][T10727] syzkaller0: entered promiscuous mode [ 389.513942][T10727] syzkaller0: entered allmulticast mode [ 390.823858][T10736] lo speed is unknown, defaulting to 1000 [ 391.250620][T10756] batadv_slave_0: entered promiscuous mode [ 391.264089][T10762] batadv_slave_0: left promiscuous mode [ 391.493131][T10777] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1564'. [ 391.980522][T10722] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 391.991086][T10788] netlink: 260 bytes leftover after parsing attributes in process `syz.1.1568'. [ 392.456022][T10801] batadv_slave_0: entered promiscuous mode [ 392.484160][T10800] batadv_slave_0: left promiscuous mode [ 393.192719][T10835] netlink: 260 bytes leftover after parsing attributes in process `syz.0.1584'. [ 393.471453][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 393.479545][ C0] lec:lec_tx_timeout: lec0 [ 393.484312][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 393.550995][T10845] syzkaller0: entered promiscuous mode [ 393.558530][T10845] syzkaller0: entered allmulticast mode [ 393.619361][T10845] tc action pedit offset must be on 32 bit boundaries [ 393.690026][T10850] batadv_slave_0: entered promiscuous mode [ 393.705974][T10849] batadv_slave_0: left promiscuous mode [ 394.322917][T10875] tipc: New replicast peer: 0.0.0.0 [ 394.346408][T10875] tipc: Enabled bearer , priority 10 [ 394.756590][T10896] batadv_slave_0: entered promiscuous mode [ 394.810607][T10894] batadv_slave_0: left promiscuous mode [ 395.284973][ T25] block nbd2: Possible stuck request ffff888027d20000: control (read@0,1024B). Runtime 90 seconds [ 395.297125][ T25] block nbd2: Possible stuck request ffff888027d20200: control (read@1024,1024B). Runtime 90 seconds [ 395.309440][ T25] block nbd2: Possible stuck request ffff888027d20400: control (read@2048,1024B). Runtime 90 seconds [ 395.320998][ T25] block nbd2: Possible stuck request ffff888027d20600: control (read@3072,1024B). Runtime 90 seconds [ 395.910890][T10939] netlink: 260 bytes leftover after parsing attributes in process `syz.4.1625'. [ 396.855987][T10964] syzkaller0: entered promiscuous mode [ 396.877031][T10964] syzkaller0: entered allmulticast mode [ 397.534292][T10987] netlink: 260 bytes leftover after parsing attributes in process `syz.5.1641'. [ 397.814471][T10995] syzkaller0: entered promiscuous mode [ 397.820023][T10995] syzkaller0: entered allmulticast mode [ 398.363440][T11021] lo speed is unknown, defaulting to 1000 [ 398.491406][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 398.499506][ C0] lec:lec_tx_timeout: lec0 [ 398.504368][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 398.507748][T11028] syzkaller0: entered promiscuous mode [ 398.516366][T11028] syzkaller0: entered allmulticast mode [ 399.999032][T11069] syzkaller0: entered promiscuous mode [ 400.004893][T11069] syzkaller0: entered allmulticast mode [ 400.249757][T11073] lo speed is unknown, defaulting to 1000 [ 400.600183][T10999] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 400.635233][T11051] netlink: 240 bytes leftover after parsing attributes in process `syz.0.1661'. [ 401.000446][T11091] syzkaller1: entered promiscuous mode [ 401.006212][T11091] syzkaller1: entered allmulticast mode [ 401.032695][ T2968] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 401.742408][T11116] lo speed is unknown, defaulting to 1000 [ 401.929670][T11126] netlink: 240 bytes leftover after parsing attributes in process `syz.5.1689'. [ 402.695673][T11155] syzkaller1: entered promiscuous mode [ 402.701243][T11155] syzkaller1: entered allmulticast mode [ 402.876206][T11164] syzkaller0: entered promiscuous mode [ 402.909941][T11164] syzkaller0: entered allmulticast mode [ 403.226260][T11179] xt_hashlimit: size too large, truncated to 1048576 [ 403.261469][T11179] xt_hashlimit: overflow, try lower: 0/0 [ 403.570055][T11192] lo speed is unknown, defaulting to 1000 [ 404.116460][T11210] syzkaller1: entered promiscuous mode [ 404.123935][T11210] syzkaller1: entered allmulticast mode [ 404.272851][T11212] syzkaller0: entered promiscuous mode [ 404.278378][T11212] syzkaller0: entered allmulticast mode [ 404.881480][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 6380 ms [ 404.889625][ C0] lec:lec_tx_timeout: lec0 [ 404.894891][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 404.934998][T11134] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 404.963407][T11178] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1705'. [ 404.983109][T11186] netlink: 240 bytes leftover after parsing attributes in process `syz.0.1707'. [ 405.613234][T11246] syzkaller0: entered promiscuous mode [ 405.618750][T11246] syzkaller0: entered allmulticast mode [ 405.969444][T11269] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1739'. [ 406.006466][T11269] xt_hashlimit: size too large, truncated to 1048576 [ 406.042398][T11269] xt_hashlimit: overflow, try lower: 0/0 [ 406.324083][T11284] lo speed is unknown, defaulting to 1000 [ 408.044114][T11350] syzkaller0: entered promiscuous mode [ 408.049642][T11350] syzkaller0: entered allmulticast mode [ 408.336102][T11355] syzkaller0: entered promiscuous mode [ 408.366026][T11355] syzkaller0: entered allmulticast mode [ 408.738078][T11377] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1761'. [ 408.774270][T11377] xt_hashlimit: size too large, truncated to 1048576 [ 408.793691][T11377] xt_hashlimit: overflow, try lower: 0/0 [ 409.133487][T11383] lo speed is unknown, defaulting to 1000 [ 409.268623][T11391] bond1: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 409.282487][ T10] IPVS: starting estimator thread 0... [ 409.294067][T11391] bond1 (unregistering): Released all slaves [ 409.382517][T11399] IPVS: using max 23 ests per chain, 55200 per kthread [ 409.933111][T11419] syzkaller0: entered promiscuous mode [ 409.950981][T11419] syzkaller0: entered allmulticast mode [ 410.304621][T11432] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1776'. [ 410.315052][T11432] xt_hashlimit: size too large, truncated to 1048576 [ 410.322234][T11432] xt_hashlimit: overflow, try lower: 0/0 [ 410.448277][T11437] syzkaller0: entered promiscuous mode [ 410.478766][T11437] syzkaller0: entered allmulticast mode [ 410.641459][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5750 ms [ 410.649579][ C0] lec:lec_tx_timeout: lec0 [ 410.654216][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 411.641199][T11454] syzkaller0: entered promiscuous mode [ 411.678605][T11454] syzkaller0: entered allmulticast mode [ 413.158189][T11477] bond2: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 413.169538][T11477] bond2 (unregistering): Released all slaves [ 413.251835][T11470] lo speed is unknown, defaulting to 1000 [ 413.548011][T11510] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1794'. [ 413.572464][T11510] xt_hashlimit: size too large, truncated to 1048576 [ 413.611541][T11510] xt_hashlimit: overflow, try lower: 0/0 [ 413.845211][ T50] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 414.764669][T11570] syzkaller0: entered promiscuous mode [ 414.770194][T11570] syzkaller0: entered allmulticast mode [ 415.422838][T11600] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1816'. [ 415.433431][T11600] xt_hashlimit: size too large, truncated to 1048576 [ 415.440238][T11600] xt_hashlimit: overflow, try lower: 0/0 [ 415.588720][T11601] lo speed is unknown, defaulting to 1000 [ 416.402182][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5750 ms [ 416.410250][ C0] lec:lec_tx_timeout: lec0 [ 416.415173][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 416.728366][T11648] syzkaller0: entered promiscuous mode [ 416.741093][T11648] syzkaller0: entered allmulticast mode [ 417.006637][T11654] syzkaller0: entered promiscuous mode [ 417.026085][T11654] syzkaller0: entered allmulticast mode [ 418.127976][T11702] lo speed is unknown, defaulting to 1000 [ 418.417831][T11723] syzkaller0: entered promiscuous mode [ 418.429593][T11723] syzkaller0: entered allmulticast mode [ 418.440159][T11725] tipc: Started in network mode [ 418.456071][T11725] tipc: Node identity ac14142f, cluster identity 4711 [ 418.465795][T11725] tipc: New replicast peer: 0.0.0.0 [ 418.499800][T11725] tipc: Enabled bearer , priority 10 [ 419.639846][ T10] tipc: Node number set to 2886997039 [ 420.125012][T11800] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1866'. [ 420.151920][T11800] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 420.160186][T11800] IPv6: NLM_F_CREATE should be set when creating new route [ 420.260998][T11805] syzkaller0: entered promiscuous mode [ 420.280341][T11805] syzkaller0: entered allmulticast mode [ 420.406288][T11810] lo speed is unknown, defaulting to 1000 [ 420.795851][T11826] xt_hashlimit: size too large, truncated to 1048576 [ 420.804421][T11826] xt_hashlimit: overflow, try lower: 0/0 [ 421.421405][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 421.429518][ C0] lec:lec_tx_timeout: lec0 [ 421.434908][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 421.905526][T11753] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 421.929982][T11825] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1873'. [ 422.287625][T11861] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1882'. [ 422.331611][T11861] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 422.338940][T11861] IPv6: NLM_F_CREATE should be set when creating new route [ 422.508356][T11865] syzkaller0: entered promiscuous mode [ 422.523619][T11865] syzkaller0: entered allmulticast mode [ 422.827343][T11873] lo speed is unknown, defaulting to 1000 [ 423.775736][T11911] bond4: entered allmulticast mode [ 424.134704][T11929] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1899'. [ 424.182148][T11929] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 424.189471][T11929] IPv6: NLM_F_CREATE should be set when creating new route [ 425.276567][T11964] lo speed is unknown, defaulting to 1000 [ 425.374965][ T25] block nbd2: Possible stuck request ffff888027d20000: control (read@0,1024B). Runtime 120 seconds [ 425.386557][ T25] block nbd2: Possible stuck request ffff888027d20200: control (read@1024,1024B). Runtime 120 seconds [ 425.398357][ T25] block nbd2: Possible stuck request ffff888027d20400: control (read@2048,1024B). Runtime 120 seconds [ 425.410777][ T25] block nbd2: Possible stuck request ffff888027d20600: control (read@3072,1024B). Runtime 120 seconds [ 425.762671][T11979] bond1: entered allmulticast mode [ 426.358059][T11900] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 426.441444][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 426.449555][ C0] lec:lec_tx_timeout: lec0 [ 426.454328][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 426.707737][T12008] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1924'. [ 426.728136][T12008] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 426.735505][T12008] IPv6: NLM_F_CREATE should be set when creating new route [ 427.038095][T12013] syzkaller0: entered promiscuous mode [ 427.067120][T12013] syzkaller0: entered allmulticast mode [ 427.196942][T12024] lo speed is unknown, defaulting to 1000 [ 427.869562][T12039] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1936'. [ 427.893846][T12039] xt_hashlimit: size too large, truncated to 1048576 [ 427.921045][T12039] xt_hashlimit: overflow, try lower: 0/0 [ 428.032417][T12038] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 428.427628][T12054] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1941'. [ 428.460494][T12054] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 429.019940][T12076] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1947'. [ 429.057306][T12076] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1947'. [ 429.137941][T12077] lo speed is unknown, defaulting to 1000 [ 429.322126][T12082] syzkaller0: entered promiscuous mode [ 429.327638][T12082] syzkaller0: entered allmulticast mode [ 429.531521][T12089] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1953'. [ 429.556011][T12089] xt_hashlimit: size too large, truncated to 1048576 [ 429.582754][T12089] xt_hashlimit: overflow, try lower: 0/0 [ 430.591138][T12130] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1964'. [ 430.642304][T12130] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1964'. [ 431.297214][T12144] syzkaller0: entered promiscuous mode [ 431.305145][T12144] syzkaller0: entered allmulticast mode [ 431.410243][T12147] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1970'. [ 431.422175][T12147] xt_hashlimit: size too large, truncated to 1048576 [ 431.428969][T12147] xt_hashlimit: overflow, try lower: 0/0 [ 431.461706][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 431.469762][ C0] lec:lec_tx_timeout: lec0 [ 431.474474][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 431.656790][T12149] lo speed is unknown, defaulting to 1000 [ 432.057478][ T2957] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 432.381014][T12179] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1981'. [ 432.432092][T12179] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1981'. [ 432.659104][T12185] xt_hashlimit: size too large, truncated to 1048576 [ 432.683685][T12185] xt_hashlimit: overflow, try lower: 0/0 [ 432.733801][T12188] syzkaller0: entered promiscuous mode [ 432.760217][T12188] syzkaller0: entered allmulticast mode [ 434.194877][T12233] __nla_validate_parse: 1 callbacks suppressed [ 434.194904][T12233] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1999'. [ 434.250695][T12234] lo speed is unknown, defaulting to 1000 [ 434.518229][T12239] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2001'. [ 434.575895][T12239] xt_hashlimit: size too large, truncated to 1048576 [ 434.622121][T12239] xt_hashlimit: overflow, try lower: 0/0 [ 434.654241][T12250] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2004'. [ 434.686472][T12250] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 434.891285][T12255] syzkaller0: entered promiscuous mode [ 434.899631][T12255] syzkaller0: entered allmulticast mode [ 434.907752][T12256] syzkaller0: entered promiscuous mode [ 434.931715][T12256] syzkaller0: entered allmulticast mode [ 435.726513][T12295] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2020'. [ 435.753882][T12295] xt_hashlimit: size too large, truncated to 1048576 [ 435.791290][T12295] xt_hashlimit: overflow, try lower: 0/0 [ 435.963499][T12298] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2021'. [ 436.037211][T12298] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 436.149903][T12304] lo speed is unknown, defaulting to 1000 [ 436.380204][T12311] syzkaller0: entered promiscuous mode [ 436.411992][T12311] syzkaller0: entered allmulticast mode [ 436.481520][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 436.489609][ C0] lec:lec_tx_timeout: lec0 [ 436.494653][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 436.686426][T12326] syzkaller0: entered promiscuous mode [ 436.700182][T12326] syzkaller0: entered allmulticast mode [ 437.194994][T12344] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2036'. [ 437.213562][T12348] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2037'. [ 437.248373][T12348] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 437.255736][T12348] IPv6: NLM_F_CREATE should be set when creating new route [ 437.284494][T12344] xt_hashlimit: size too large, truncated to 1048576 [ 437.310752][T12344] xt_hashlimit: overflow, try lower: 0/0 [ 437.876426][T12368] syzkaller0: entered promiscuous mode [ 437.882200][T12368] syzkaller0: entered allmulticast mode [ 438.078036][T12376] lo speed is unknown, defaulting to 1000 [ 438.182255][T12382] syzkaller0: entered promiscuous mode [ 438.198510][T12382] syzkaller0: entered allmulticast mode [ 438.569400][T12397] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2055'. [ 438.610076][T12397] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 438.617396][T12397] IPv6: NLM_F_CREATE should be set when creating new route [ 438.899294][T12408] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2058'. [ 438.928664][T12408] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2058'. [ 439.251696][T12420] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2064'. [ 439.447285][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 439.463171][T12425] syzkaller0: entered promiscuous mode [ 439.468856][T12425] syzkaller0: entered allmulticast mode [ 439.601611][T12419] syzkaller0: entered promiscuous mode [ 439.607467][T12419] syzkaller0: entered allmulticast mode [ 440.626473][T12458] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2074'. [ 440.635752][T12458] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 440.876697][T12439] syzkaller0: entered promiscuous mode [ 440.883230][T12439] syzkaller0: entered allmulticast mode [ 441.048771][T12449] lo speed is unknown, defaulting to 1000 [ 441.118018][T12468] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2079'. [ 441.165942][T12470] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2080'. [ 441.576177][T12492] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2087'. [ 441.598852][T12482] syzkaller0: entered promiscuous mode [ 441.604473][T12482] syzkaller0: entered allmulticast mode [ 441.960876][T12502] syzkaller0: entered promiscuous mode [ 441.966937][T12502] syzkaller0: entered allmulticast mode [ 442.321369][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5830 ms [ 442.329540][ C0] lec:lec_tx_timeout: lec0 [ 442.334782][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 442.347373][T12520] syzkaller0: entered promiscuous mode [ 442.367852][T12520] syzkaller0: entered allmulticast mode [ 442.488845][T12524] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2097'. [ 442.521220][T12526] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2098'. [ 442.871170][T12543] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2105'. [ 443.106865][T12547] lo speed is unknown, defaulting to 1000 [ 443.107894][T12549] syzkaller0: entered promiscuous mode [ 443.127529][T12549] syzkaller0: entered allmulticast mode [ 443.314269][T12554] syzkaller0: entered promiscuous mode [ 443.319968][T12554] syzkaller0: entered allmulticast mode [ 443.368832][T12562] syzkaller0: entered promiscuous mode [ 443.374534][T12562] syzkaller0: entered allmulticast mode [ 444.354939][T12595] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2124'. [ 444.368631][T12600] syzkaller0: entered promiscuous mode [ 444.395466][T12600] syzkaller0: entered allmulticast mode [ 444.513390][T12602] syzkaller0: entered promiscuous mode [ 444.519504][T12602] syzkaller0: entered allmulticast mode [ 444.584226][T12607] syzkaller0: entered promiscuous mode [ 444.589739][T12607] syzkaller0: entered allmulticast mode [ 444.612416][T12605] syzkaller0: entered promiscuous mode [ 444.625399][T12605] syzkaller0: entered allmulticast mode [ 444.725969][T12612] lo speed is unknown, defaulting to 1000 [ 445.422545][T12650] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2142'. [ 445.701150][T12653] syzkaller0: entered promiscuous mode [ 445.706827][T12653] syzkaller0: entered allmulticast mode [ 445.843421][ T50] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 446.880831][T12699] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2158'. [ 447.343930][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 447.352029][ C0] lec:lec_tx_timeout: lec0 [ 447.357667][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 447.547908][T12655] syzkaller0: entered promiscuous mode [ 447.555072][T12655] syzkaller0: entered allmulticast mode [ 447.564237][T12665] syzkaller0: entered promiscuous mode [ 447.575987][T12665] syzkaller0: entered allmulticast mode [ 449.158806][T12723] syzkaller1: entered promiscuous mode [ 449.173726][T12723] syzkaller1: entered allmulticast mode [ 449.404096][T12736] syzkaller0: entered promiscuous mode [ 449.409915][T12736] syzkaller0: entered allmulticast mode [ 449.793499][T12761] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2177'. [ 452.275925][T12824] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2191'. [ 452.314502][T12824] xt_hashlimit: size too large, truncated to 1048576 [ 452.347403][T12824] xt_hashlimit: overflow, try lower: 0/0 [ 452.371382][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 452.379508][ C0] lec:lec_tx_timeout: lec0 [ 452.384381][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 452.566395][T12840] syzkaller0: entered promiscuous mode [ 452.572031][T12840] syzkaller0: entered allmulticast mode [ 455.174983][T12895] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2209'. [ 455.197530][T12895] xt_hashlimit: size too large, truncated to 1048576 [ 455.205952][T12895] xt_hashlimit: overflow, try lower: 0/0 [ 455.461997][ T25] block nbd2: Possible stuck request ffff888027d20000: control (read@0,1024B). Runtime 150 seconds [ 455.473433][ T25] block nbd2: Possible stuck request ffff888027d20200: control (read@1024,1024B). Runtime 150 seconds [ 455.484641][ T25] block nbd2: Possible stuck request ffff888027d20400: control (read@2048,1024B). Runtime 150 seconds [ 455.497867][ T25] block nbd2: Possible stuck request ffff888027d20600: control (read@3072,1024B). Runtime 150 seconds [ 455.646857][T12921] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2215'. [ 455.830941][T12924] syzkaller0: entered promiscuous mode [ 455.854379][T12924] syzkaller0: entered allmulticast mode [ 456.000847][T12938] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2221'. [ 457.118193][T12938] ip6gre1: entered promiscuous mode [ 457.123769][T12938] ip6gre1: entered allmulticast mode [ 457.169793][T12945] syzkaller0: entered promiscuous mode [ 457.190965][T12945] syzkaller0: entered allmulticast mode [ 457.391425][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 457.399521][ C0] lec:lec_tx_timeout: lec0 [ 457.411444][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 457.524729][T12975] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2228'. [ 457.535867][T12975] xt_hashlimit: size too large, truncated to 1048576 [ 457.551490][T12975] xt_hashlimit: overflow, try lower: 0/0 [ 457.675627][T12979] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2230'. [ 457.834405][T12988] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2233'. [ 458.199147][T13005] syzkaller0: entered promiscuous mode [ 458.204792][T13005] syzkaller0: entered allmulticast mode [ 459.743500][T13033] xt_hashlimit: size too large, truncated to 1048576 [ 459.750235][T13033] xt_hashlimit: overflow, try lower: 0/0 [ 460.110178][T13035] syzkaller0: entered promiscuous mode [ 460.116394][T13035] syzkaller0: entered allmulticast mode [ 460.160129][T13037] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2247'. [ 460.343728][T13042] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2248'. [ 460.362073][T13042] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2248'. [ 460.453772][T13042] ip6gre1: entered promiscuous mode [ 460.459252][T13042] ip6gre1: entered allmulticast mode [ 460.475950][T13042] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 460.486754][T13042] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 460.659505][T12983] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 460.670314][T13032] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2245'. [ 461.088196][T13066] syzkaller0: entered promiscuous mode [ 461.094265][T13066] syzkaller0: entered allmulticast mode [ 461.105139][ T2957] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 461.123850][ T2957] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 461.132283][ T30] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 461.186720][T13073] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2261'. [ 461.842403][ T5974] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 462.084414][ T5974] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 462.421427][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 462.429586][ C0] lec:lec_tx_timeout: lec0 [ 462.434276][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 463.496017][ T7521] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 463.737347][T13153] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2276'. [ 464.223023][T13170] syzkaller0: entered promiscuous mode [ 464.231382][T13170] syzkaller0: entered allmulticast mode [ 464.254629][T13166] syzkaller0: entered promiscuous mode [ 464.269111][T13166] syzkaller0: entered allmulticast mode [ 465.286430][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 465.965971][T13197] syzkaller0: entered promiscuous mode [ 465.991524][T13197] syzkaller0: entered allmulticast mode [ 466.384774][T13228] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2291'. [ 467.451483][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5020 ms [ 467.459638][ C0] lec:lec_tx_timeout: lec0 [ 467.464280][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 468.032102][T13261] syzkaller0: entered promiscuous mode [ 468.039329][T13261] syzkaller0: entered allmulticast mode [ 468.047724][T13265] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2301'. [ 469.482288][T13242] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 469.888520][T13265] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2301'. [ 470.217767][T13314] syzkaller0: entered promiscuous mode [ 470.223524][T13314] syzkaller0: entered allmulticast mode [ 472.471442][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 472.479571][ C0] lec:lec_tx_timeout: lec0 [ 472.484457][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 472.551445][T13360] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2323'. [ 472.571706][T13361] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2323'. [ 472.907187][T13368] syzkaller0: entered promiscuous mode [ 472.912816][T13368] syzkaller0: entered allmulticast mode [ 473.544357][T13397] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2334'. [ 474.012158][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 474.662006][T13408] syzkaller0: entered promiscuous mode [ 474.669202][T13408] syzkaller0: entered allmulticast mode [ 476.078052][T13425] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2340'. [ 476.090539][T13429] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2340'. [ 476.227814][T13446] syzkaller0: entered promiscuous mode [ 476.233847][T13446] syzkaller0: entered allmulticast mode [ 476.746983][T13466] syzkaller0: entered promiscuous mode [ 476.753806][T13466] syzkaller0: entered allmulticast mode [ 477.494051][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 477.502131][ C0] lec:lec_tx_timeout: lec0 [ 477.506833][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 477.854837][ T999] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 478.570626][T13500] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2356'. [ 478.593554][T13502] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2356'. [ 479.595590][T13550] syzkaller0: entered promiscuous mode [ 479.616400][T13550] syzkaller0: entered allmulticast mode [ 480.044186][T13573] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2373'. [ 480.063069][T13573] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2373'. [ 480.784824][T13597] syzkaller0: entered promiscuous mode [ 480.793815][T13597] syzkaller0: entered allmulticast mode [ 482.771249][T13560] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 483.248988][T13671] syzkaller0: entered promiscuous mode [ 483.256040][T13671] syzkaller0: entered allmulticast mode [ 483.408780][T13672] syzkaller0: entered promiscuous mode [ 483.422758][T13672] syzkaller0: entered allmulticast mode [ 483.601417][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 6090 ms [ 483.609648][ C0] lec:lec_tx_timeout: lec0 [ 483.615296][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 485.524241][ T25] block nbd2: Possible stuck request ffff888027d20000: control (read@0,1024B). Runtime 180 seconds [ 485.542696][ T25] block nbd2: Possible stuck request ffff888027d20200: control (read@1024,1024B). Runtime 180 seconds [ 485.553897][ T25] block nbd2: Possible stuck request ffff888027d20400: control (read@2048,1024B). Runtime 180 seconds [ 485.564941][ T25] block nbd2: Possible stuck request ffff888027d20600: control (read@3072,1024B). Runtime 180 seconds [ 486.170789][T13744] syzkaller0: entered promiscuous mode [ 486.177587][T13744] syzkaller0: entered allmulticast mode [ 486.326657][T13754] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2421'. [ 486.528072][T13761] syzkaller0: entered promiscuous mode [ 486.535384][T13761] syzkaller0: entered allmulticast mode [ 487.511845][T13721] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 488.484788][T13815] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2432'. [ 488.543753][T13815] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2432'. [ 488.553074][T13819] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2435'. [ 488.779200][T13821] syzkaller0: entered promiscuous mode [ 488.797760][T13821] syzkaller0: entered allmulticast mode [ 489.245606][T13846] syzkaller0: entered promiscuous mode [ 489.266962][T13846] syzkaller0: entered allmulticast mode [ 489.361443][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5750 ms [ 489.369603][ C0] lec:lec_tx_timeout: lec0 [ 489.374754][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 490.001588][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 491.304028][T13858] syzkaller0: entered promiscuous mode [ 491.309691][T13858] syzkaller0: entered allmulticast mode [ 491.930839][T13836] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 493.664105][T13906] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2451'. [ 493.684719][T13910] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2451'. [ 494.057668][T13935] syzkaller0: entered promiscuous mode [ 494.073482][T13935] syzkaller0: entered allmulticast mode [ 494.381363][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 494.389499][ C0] lec:lec_tx_timeout: lec0 [ 494.394184][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 494.507960][T13940] syzkaller0: entered promiscuous mode [ 494.514909][T13940] syzkaller0: entered allmulticast mode [ 494.522254][ T50] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 496.079352][T13969] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2468'. [ 496.088717][T13970] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2468'. [ 496.617269][T14012] syzkaller0: entered promiscuous mode [ 496.648044][T14012] syzkaller0: entered allmulticast mode [ 496.875471][T14023] syzkaller0: entered promiscuous mode [ 496.882298][T14023] syzkaller0: entered allmulticast mode [ 497.105461][T14025] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2480'. [ 497.358649][T13957] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 497.673459][T14039] syzkaller0: entered promiscuous mode [ 497.678982][T14039] syzkaller0: entered allmulticast mode [ 497.959984][T14050] syzkaller0: entered promiscuous mode [ 498.003829][T14050] syzkaller0: entered allmulticast mode [ 498.066451][T14056] syzkaller0: entered promiscuous mode [ 498.082618][T14056] syzkaller0: entered allmulticast mode [ 498.872821][T14095] pim6reg: entered allmulticast mode [ 498.882311][T14095] pim6reg: left allmulticast mode [ 499.153717][T14103] syzkaller0: entered promiscuous mode [ 499.159940][T14103] syzkaller0: entered allmulticast mode [ 499.401385][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 499.409615][ C0] lec:lec_tx_timeout: lec0 [ 499.414371][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 500.581098][T14130] syzkaller0: entered promiscuous mode [ 500.587015][T14130] syzkaller0: entered allmulticast mode [ 500.886522][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.292787][ T2993] wlan1: Trigger new scan to find an IBSS to join [ 501.530182][T14075] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 501.746627][T14143] syzkaller0: entered promiscuous mode [ 501.775765][T14143] syzkaller0: entered allmulticast mode [ 502.272372][T14170] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2523'. [ 502.318798][T14170] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2523'. [ 503.205404][T14203] syzkaller0: entered promiscuous mode [ 503.211095][T14203] syzkaller0: entered allmulticast mode [ 503.457790][T14214] syzkaller0: entered promiscuous mode [ 503.471991][T14214] syzkaller0: entered allmulticast mode [ 503.639421][T14220] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2538'. [ 503.650833][T14220] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2538'. [ 504.241960][ T50] wlan1: Trigger new scan to find an IBSS to join [ 504.421353][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 504.429505][ C0] lec:lec_tx_timeout: lec0 [ 504.434164][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 504.899928][T14261] syzkaller0: entered promiscuous mode [ 504.905690][T14261] syzkaller0: entered allmulticast mode [ 505.180038][T14265] syzkaller0: entered promiscuous mode [ 505.186021][T14265] syzkaller0: entered allmulticast mode [ 505.349939][T14270] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2552'. [ 505.361847][T14270] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2552'. [ 505.957700][T14194] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 506.318426][T14299] syzkaller0: entered promiscuous mode [ 506.328084][T14299] syzkaller0: entered allmulticast mode [ 506.942365][T14312] syzkaller0: entered promiscuous mode [ 506.963795][T14312] syzkaller0: entered allmulticast mode [ 507.302133][ T3015] wlan1: Trigger new scan to find an IBSS to join [ 508.254606][ T999] wlan1: Creating new IBSS network, BSSID 02:0f:ae:8b:cd:97 [ 509.441484][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 509.449657][ C0] lec:lec_tx_timeout: lec0 [ 509.454787][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 509.853079][ T37] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 510.806761][T14356] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 511.510869][T14445] syzkaller0: entered promiscuous mode [ 511.547896][T14445] syzkaller0: entered allmulticast mode [ 513.842718][T14516] syzkaller0: entered promiscuous mode [ 513.868963][T14516] syzkaller0: entered allmulticast mode [ 514.461388][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 514.469564][ C0] lec:lec_tx_timeout: lec0 [ 514.474321][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 514.512881][T14544] syzkaller0: entered promiscuous mode [ 514.518410][T14544] syzkaller0: entered allmulticast mode [ 514.547747][T14546] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2615'. [ 514.578916][T14546] xt_hashlimit: size too large, truncated to 1048576 [ 514.600691][T14546] xt_hashlimit: overflow, try lower: 0/0 [ 514.759695][T14557] pim6reg: entered allmulticast mode [ 514.781246][T14557] pim6reg: left allmulticast mode [ 514.946185][T14559] syzkaller0: entered promiscuous mode [ 514.952757][T14559] syzkaller0: entered allmulticast mode [ 515.007734][T14566] syzkaller0: entered promiscuous mode [ 515.021537][T14566] syzkaller0: entered allmulticast mode [ 515.611897][ T25] block nbd2: Possible stuck request ffff888027d20000: control (read@0,1024B). Runtime 210 seconds [ 515.623133][ T25] block nbd2: Possible stuck request ffff888027d20200: control (read@1024,1024B). Runtime 210 seconds [ 515.647576][ T25] block nbd2: Possible stuck request ffff888027d20400: control (read@2048,1024B). Runtime 210 seconds [ 515.658728][ T25] block nbd2: Possible stuck request ffff888027d20600: control (read@3072,1024B). Runtime 210 seconds [ 517.344492][T14634] syzkaller0: entered promiscuous mode [ 517.350258][T14634] syzkaller0: entered allmulticast mode [ 517.555129][T14636] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2635'. [ 517.583057][T14636] xt_hashlimit: size too large, truncated to 1048576 [ 517.591932][T14636] xt_hashlimit: overflow, try lower: 0/0 [ 517.816499][T14645] pim6reg: entered allmulticast mode [ 517.851417][T14643] syzkaller0: entered promiscuous mode [ 517.875848][T14643] syzkaller0: entered allmulticast mode [ 517.915212][T14645] pim6reg: left allmulticast mode [ 517.953927][ T50] wlan1: Selected IBSS BSSID 02:0f:ae:8b:cd:97 based on configured SSID [ 517.976491][T14653] gre0: entered promiscuous mode [ 517.992526][T14653] gre0: entered allmulticast mode [ 518.107149][T14652] syzkaller0: entered promiscuous mode [ 518.131261][T14652] syzkaller0: entered allmulticast mode [ 518.776014][T14678] syzkaller0: entered promiscuous mode [ 518.811903][T14678] syzkaller0: entered allmulticast mode [ 519.111224][T14709] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2655'. [ 519.125047][T14709] xt_hashlimit: size too large, truncated to 1048576 [ 519.150176][T14709] xt_hashlimit: overflow, try lower: 0/0 [ 519.285313][ T37] wlan1: Trigger new scan to find an IBSS to join [ 519.481475][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 519.489537][ C0] lec:lec_tx_timeout: lec0 [ 519.494238][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 520.316216][T14708] syzkaller0: entered promiscuous mode [ 520.323455][T14708] syzkaller0: entered allmulticast mode [ 520.476092][T14716] pim6reg: entered allmulticast mode [ 520.494491][T14717] pim6reg: left allmulticast mode [ 520.655412][T14725] syzkaller0: entered promiscuous mode [ 520.660937][T14725] syzkaller0: entered allmulticast mode [ 521.361667][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 521.413108][T14760] xt_hashlimit: size too large, truncated to 1048576 [ 521.419898][T14760] xt_hashlimit: overflow, try lower: 0/0 [ 521.538162][T14749] nbd4: detected capacity change from 0 to 63 [ 521.555607][T14759] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2671'. [ 521.571177][ T6939] block nbd4: Receive control failed (result -32) [ 521.571233][ T52] block nbd4: Receive control failed (result -32) [ 521.581405][ T5839] block nbd4: Receive control failed (result -32) [ 521.586288][ T7138] block nbd4: Send control failed (result -32) [ 521.673356][ T7138] block nbd4: Request send failed, requeueing [ 521.752326][ T25] block nbd4: Dead connection, failed to find a fallback [ 521.762248][ T25] block nbd4: shutting down sockets [ 521.768043][ T25] blk_print_req_error: 138 callbacks suppressed [ 521.768067][ T25] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 521.786029][ T25] buffer_io_error: 138 callbacks suppressed [ 521.786059][ T25] Buffer I/O error on dev nbd4, logical block 0, async page read [ 521.803591][ T7138] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 521.821408][ T7138] Buffer I/O error on dev nbd4, logical block 1, async page read [ 521.829270][ T7138] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 521.844049][ T7138] Buffer I/O error on dev nbd4, logical block 2, async page read [ 521.862040][ T7138] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 521.862397][T14770] syzkaller0: entered promiscuous mode [ 521.871599][ T7138] Buffer I/O error on dev nbd4, logical block 3, async page read [ 521.885464][ T7138] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 521.895110][ T7138] Buffer I/O error on dev nbd4, logical block 0, async page read [ 521.903071][ T7138] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 521.912754][ T7138] Buffer I/O error on dev nbd4, logical block 1, async page read [ 521.920589][ T7138] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 521.934675][ T7138] Buffer I/O error on dev nbd4, logical block 2, async page read [ 521.943596][T14770] syzkaller0: entered allmulticast mode [ 521.971536][ T7138] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 521.981082][ T7138] Buffer I/O error on dev nbd4, logical block 3, async page read [ 522.026331][ T7138] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 522.061122][ T7138] Buffer I/O error on dev nbd4, logical block 0, async page read [ 522.081476][ T7138] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 522.121589][ T7138] Buffer I/O error on dev nbd4, logical block 1, async page read [ 522.200292][ T7138] ldm_validate_partition_table(): Disk read failed. [ 522.237806][ T7138] Dev nbd4: unable to read RDB block 0 [ 522.244687][ T7515] wlan1: Trigger new scan to find an IBSS to join [ 522.280127][ T7138] nbd4: unable to read partition table [ 522.336391][ T7138] ldm_validate_partition_table(): Disk read failed. [ 522.373087][ T7138] Dev nbd4: unable to read RDB block 0 [ 522.409161][ T7138] nbd4: unable to read partition table [ 522.552165][T14782] syzkaller0: entered promiscuous mode [ 522.569123][T14782] syzkaller0: entered allmulticast mode [ 522.823741][T14781] syzkaller0: entered promiscuous mode [ 522.829260][T14781] syzkaller0: entered allmulticast mode [ 523.282916][ T7515] wlan1: Trigger new scan to find an IBSS to join [ 524.681232][T14841] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2689'. [ 524.691652][T14841] xt_hashlimit: size too large, truncated to 1048576 [ 524.698359][T14841] xt_hashlimit: overflow, try lower: 0/0 [ 524.906452][T14851] syzkaller0: entered promiscuous mode [ 524.925641][T14851] syzkaller0: entered allmulticast mode [ 525.281350][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5790 ms [ 525.289408][ C0] lec:lec_tx_timeout: lec0 [ 525.301437][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 525.311647][ T1147] wlan1: Trigger new scan to find an IBSS to join [ 525.634454][T14886] syzkaller0: entered promiscuous mode [ 525.640277][T14886] syzkaller0: entered allmulticast mode [ 525.800304][T14887] 0: reclassify loop, rule prio 0, protocol 800 [ 526.345406][ T1147] wlan1: Trigger new scan to find an IBSS to join [ 526.465910][T14912] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2709'. [ 526.527918][T14912] xt_hashlimit: size too large, truncated to 1048576 [ 526.584805][T14912] xt_hashlimit: overflow, try lower: 0/0 [ 527.036156][T14932] syzkaller0: entered promiscuous mode [ 527.043036][T14932] syzkaller0: entered allmulticast mode [ 527.702642][T14921] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 527.713145][T14964] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2724'. [ 527.753053][T14964] xt_hashlimit: size too large, truncated to 1048576 [ 527.759771][T14964] xt_hashlimit: overflow, try lower: 0/0 [ 528.068512][T14974] syzkaller0: entered promiscuous mode [ 528.090363][T14974] syzkaller0: entered allmulticast mode [ 528.539599][T14990] pim6reg: entered allmulticast mode [ 528.571181][T14999] pim6reg: left allmulticast mode [ 528.715495][T15004] lo speed is unknown, defaulting to 1000 [ 528.799802][T14993] ip6gretap0: entered allmulticast mode [ 529.074587][ T37] wlan1: Selected IBSS BSSID 02:0f:ae:8b:cd:97 based on configured SSID [ 529.192420][T15030] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2742'. [ 529.271276][T15030] xt_hashlimit: size too large, truncated to 1048576 [ 529.281748][ T2993] wlan1: Creating new IBSS network, BSSID 00:00:00:8d:00:00 [ 529.317856][T15030] xt_hashlimit: overflow, try lower: 0/0 [ 529.709941][T15045] syzkaller0: entered promiscuous mode [ 529.726257][T15045] syzkaller0: entered allmulticast mode [ 530.321461][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5020 ms [ 530.329554][ C0] lec:lec_tx_timeout: lec0 [ 530.331568][ T2993] wlan1: Trigger new scan to find an IBSS to join [ 530.334741][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 530.547935][T15065] syzkaller0: entered promiscuous mode [ 530.553720][T15065] syzkaller0: entered allmulticast mode [ 531.291893][ T3015] wlan1: Trigger new scan to find an IBSS to join [ 532.376562][T15098] pim6reg: entered allmulticast mode [ 532.414362][ T50] wlan1: Selected IBSS BSSID 02:0f:ae:8b:cd:97 based on configured SSID [ 532.636894][T15126] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2761'. [ 532.648559][T15126] xt_hashlimit: size too large, truncated to 1048576 [ 532.655557][T15126] xt_hashlimit: overflow, try lower: 0/0 [ 532.945835][T15136] syzkaller0: entered promiscuous mode [ 533.001462][T15136] syzkaller0: entered allmulticast mode [ 533.044681][T15142] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2765'. [ 533.281819][ T50] wlan1: Creating new IBSS network, BSSID 00:00:00:8d:00:00 [ 533.431476][T15152] lo speed is unknown, defaulting to 1000 [ 533.908380][T15188] pim6reg: entered allmulticast mode [ 534.321601][ T1147] wlan1: Trigger new scan to find an IBSS to join [ 534.434862][ T1147] wlan1: Selected IBSS BSSID 00:00:00:8d:00:00 based on configured SSID [ 534.456357][T15205] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2779'. [ 534.502736][T15205] xt_hashlimit: size too large, truncated to 1048576 [ 534.541438][T15205] xt_hashlimit: overflow, try lower: 0/0 [ 534.665964][T15213] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2781'. [ 535.056862][T15237] syzkaller0: entered promiscuous mode [ 535.063778][T15237] syzkaller0: entered allmulticast mode [ 535.261885][ T7515] wlan1: Creating new IBSS network, BSSID de:f9:42:e5:e1:a1 [ 535.351327][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 535.359434][ C0] lec:lec_tx_timeout: lec0 [ 535.365126][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 535.696263][ T5488] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 535.862098][T15265] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 536.302975][ T5488] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 536.358122][T15287] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2798'. [ 536.512974][T15287] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2798'. [ 536.547453][T15259] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 537.155121][ T2957] wlan1: Selected IBSS BSSID 00:00:00:8d:00:00 based on configured SSID [ 537.333695][T15314] syzkaller0: entered promiscuous mode [ 537.350011][T15314] syzkaller0: entered allmulticast mode [ 537.969447][T15346] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2813'. [ 538.062179][T15346] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2813'. [ 538.813285][T15350] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 538.882755][T15265] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 539.516916][T15397] syzkaller0: entered promiscuous mode [ 539.551398][T15397] syzkaller0: entered allmulticast mode [ 539.622706][T15400] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2828'. [ 539.702854][T15400] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2828'. [ 540.297736][ T5488] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 540.334674][ T7515] wlan1: Selected IBSS BSSID 00:00:00:8d:00:00 based on configured SSID [ 540.371416][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 540.379588][ C0] lec:lec_tx_timeout: lec0 [ 540.384328][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 540.609328][T15443] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2841'. [ 540.622630][T15443] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2841'. [ 540.722167][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 540.943740][T15425] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 541.495024][T15463] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2847'. [ 541.534012][T15465] syzkaller0: entered promiscuous mode [ 541.539543][T15465] syzkaller0: entered allmulticast mode [ 541.842516][T15476] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2854'. [ 541.875342][T15478] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2854'. [ 542.875314][T15521] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2866'. [ 543.351496][T15529] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2870'. [ 543.402419][T15532] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2870'. [ 543.772953][T15543] lo speed is unknown, defaulting to 1000 [ 544.292095][T15568] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2882'. [ 544.302064][ T5488] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 544.788687][T15586] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2890'. [ 544.844097][T15586] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2890'. [ 545.185707][T15595] gre0: entered promiscuous mode [ 545.202536][T15595] gre0: entered allmulticast mode [ 545.391339][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 545.399444][ C0] lec:lec_tx_timeout: lec0 [ 545.404056][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 545.587857][T15601] lo speed is unknown, defaulting to 1000 [ 545.710691][ T25] block nbd2: Possible stuck request ffff888027d20000: control (read@0,1024B). Runtime 240 seconds [ 545.723039][ T25] block nbd2: Possible stuck request ffff888027d20200: control (read@1024,1024B). Runtime 240 seconds [ 545.741492][ T25] block nbd2: Possible stuck request ffff888027d20400: control (read@2048,1024B). Runtime 240 seconds [ 545.752634][ T25] block nbd2: Possible stuck request ffff888027d20600: control (read@3072,1024B). Runtime 240 seconds [ 545.763875][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 546.575820][T15634] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2900'. [ 550.411378][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 550.419524][ C0] lec:lec_tx_timeout: lec0 [ 550.430948][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 550.472316][ T5193] udevd[5193]: worker [7240] /devices/virtual/block/nbd2 timeout; kill it [ 550.542163][ T5193] udevd[5193]: seq 12757 '/devices/virtual/block/nbd2' killed [ 550.801575][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 550.827202][T15265] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 551.534109][T15699] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2914'. [ 551.591799][T15699] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2914'. [ 552.262980][T15709] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2918'. [ 554.169902][T15750] syzkaller0: entered promiscuous mode [ 554.189921][T15750] syzkaller0: entered allmulticast mode [ 554.332191][ T5488] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 554.760126][T15763] lo speed is unknown, defaulting to 1000 [ 555.016138][T15767] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2931'. [ 555.044283][T15768] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2931'. [ 555.441631][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 555.449763][ C0] lec:lec_tx_timeout: lec0 [ 555.455056][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 555.841454][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 555.849814][T15723] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 556.447232][T15800] syzkaller0: entered promiscuous mode [ 556.492105][T15800] syzkaller0: entered allmulticast mode [ 556.890915][T15819] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2945'. [ 556.958090][T15819] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2945'. [ 557.226281][T15820] lo speed is unknown, defaulting to 1000 [ 558.306869][T15853] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2958'. [ 559.020335][T15870] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2964'. [ 559.059472][T15871] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2964'. [ 559.209791][T15868] syzkaller0: entered promiscuous mode [ 559.215506][T15868] syzkaller0: entered allmulticast mode [ 560.461749][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 560.469810][ C0] lec:lec_tx_timeout: lec0 [ 560.474735][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 560.881635][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 560.901117][T15841] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 561.535712][T15920] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2979'. [ 561.574284][T15915] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2975'. [ 561.583920][T15920] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2979'. [ 562.326465][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.335968][ T1297] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 562.413266][ T999] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 562.746182][T15959] syzkaller0: entered promiscuous mode [ 562.771461][T15959] syzkaller0: entered allmulticast mode [ 564.057278][T15998] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2995'. [ 564.676645][T16022] netlink: 'syz.3.3005': attribute type 1 has an invalid length. [ 564.917711][T16035] syzkaller0: entered promiscuous mode [ 564.923860][T16035] syzkaller0: entered allmulticast mode [ 565.037510][T15957] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 565.142404][T16040] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3012'. [ 565.481390][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 565.489482][ C0] lec:lec_tx_timeout: lec0 [ 565.494209][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 565.938029][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 566.990224][T15265] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 567.442660][ T1147] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 567.444015][ T2993] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 568.358129][T16048] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 568.774979][T16113] netlink: 'syz.4.3033': attribute type 10 has an invalid length. [ 568.846964][T16113] netlink: 16154 bytes leftover after parsing attributes in process `syz.4.3033'. [ 569.712308][T16141] IPVS: Unknown mcast interface: veth1_vlan [ 570.044998][T16147] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3043'. [ 570.410883][ T2957] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 570.795631][T16177] lo speed is unknown, defaulting to 1000 [ 570.961441][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 571.110385][T16158] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 571.281439][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5790 ms [ 571.289477][ C0] lec:lec_tx_timeout: lec0 [ 571.294366][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 571.448816][T16206] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3060'. [ 571.469923][T16204] syzkaller0: entered promiscuous mode [ 571.475688][T16204] syzkaller0: entered allmulticast mode [ 572.251747][T16224] bridge0: entered promiscuous mode [ 572.300196][T16224] bridge0: entered allmulticast mode [ 572.318981][T16241] openvswitch: netlink: Tunnel attr 31 out of range max 16 [ 572.456506][T16233] lo speed is unknown, defaulting to 1000 [ 572.535240][T16246] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3076'. [ 574.549049][T16302] lo speed is unknown, defaulting to 1000 [ 575.266664][T16239] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 575.620722][T16330] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3106'. [ 575.642890][T16330] xt_hashlimit: size too large, truncated to 1048576 [ 575.649813][T16330] xt_hashlimit: overflow, try lower: 0/0 [ 575.763856][ T25] block nbd2: Possible stuck request ffff888027d20000: control (read@0,1024B). Runtime 270 seconds [ 575.774905][ T25] block nbd2: Possible stuck request ffff888027d20200: control (read@1024,1024B). Runtime 270 seconds [ 575.786210][ T25] block nbd2: Possible stuck request ffff888027d20400: control (read@2048,1024B). Runtime 270 seconds [ 575.807765][ T25] block nbd2: Possible stuck request ffff888027d20600: control (read@3072,1024B). Runtime 270 seconds [ 576.001445][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 576.321413][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5030 ms [ 576.329516][ C0] lec:lec_tx_timeout: lec0 [ 576.334242][ C0] lec:lec_start_xmit: lec0:No lecd attached [ 576.362751][T16362] lo speed is unknown, defaulting to 1000 [ 576.535434][T16373] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3117'. [ 576.626522][T16380] nbd: couldn't find a device at index 0 [ 576.974448][T16395] netlink: 'syz.5.3122': attribute type 6 has an invalid length. [ 577.049929][T16399] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3124'. [ 577.121564][T16399] xt_hashlimit: size too large, truncated to 1048576 [ 577.179549][T16399] xt_hashlimit: overflow, try lower: 0/0 [ 577.981058][T16444] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3136'. [ 578.130548][T16442] lo speed is unknown, defaulting to 1000 [ 578.285451][T16466] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3140'. [ 578.832083][T16482] xt_hashlimit: size too large, truncated to 1048576 [ 578.838824][T16482] xt_hashlimit: overflow, try lower: 0/0 [ 578.864184][T16487] syzkaller0: entered promiscuous mode [ 578.872175][T16487] syzkaller0: entered allmulticast mode [ 580.865427][T16537] lo speed is unknown, defaulting to 1000 [ 581.041450][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 581.137196][T16459] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 581.222186][T16491] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3144'. [ 581.341320][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 581.349397][ C0] lec:lec_tx_timeout: lec0 [ 581.693644][T16552] syzkaller0: entered promiscuous mode [ 581.709514][T16552] syzkaller0: entered allmulticast mode [ 582.801557][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 583.676200][T16617] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3177'. [ 583.693727][T16617] xt_hashlimit: size too large, truncated to 1048576 [ 583.701262][T16617] xt_hashlimit: overflow, try lower: 0/0 [ 584.395689][T16598] lo speed is unknown, defaulting to 1000 [ 584.566244][T16621] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3179'. [ 584.771719][T16629] syzkaller0: entered promiscuous mode [ 584.777390][T16629] syzkaller0: entered allmulticast mode [ 584.990657][T16642] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3186'. [ 585.355789][T16644] bridge1: entered promiscuous mode [ 585.379706][T16644] bridge1: entered allmulticast mode [ 585.644487][T16660] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3192'. [ 585.669148][T16660] xt_hashlimit: size too large, truncated to 1048576 [ 585.678528][T16660] xt_hashlimit: overflow, try lower: 0/0 [ 586.023299][T16674] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3197'. [ 586.081863][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 586.302338][T16675] syzkaller0: entered promiscuous mode [ 586.335566][T16675] syzkaller0: entered allmulticast mode [ 586.770950][T16707] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3203'. [ 588.191588][T16738] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3211'. [ 588.211846][T16728] syzkaller0: entered promiscuous mode [ 588.249552][T16728] syzkaller0: entered allmulticast mode [ 588.689975][T16763] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3217'. [ 589.178598][T16764] syzkaller0: entered promiscuous mode [ 589.187021][T16764] syzkaller0: entered allmulticast mode [ 590.028787][T16805] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3227'. [ 590.867732][T16752] bridge2: entered promiscuous mode [ 590.873292][T16752] bridge2: entered allmulticast mode [ 591.121496][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 591.226966][T16825] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3233'. [ 591.382070][T16827] syzkaller0: entered promiscuous mode [ 591.402209][T16827] syzkaller0: entered allmulticast mode [ 591.820923][T16841] syzkaller0: entered promiscuous mode [ 591.826596][T16841] syzkaller0: entered allmulticast mode [ 593.230552][T16882] syzkaller0: entered promiscuous mode [ 593.238397][T16882] syzkaller0: entered allmulticast mode [ 593.516688][T16894] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3248'. [ 593.572567][T16895] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3250'. [ 593.572737][T16897] netlink: 'syz.2.3251': attribute type 4 has an invalid length. [ 593.844945][T16905] netlink: 64 bytes leftover after parsing attributes in process `syz.1.3255'. [ 593.934313][T16905] syzkaller1: entered promiscuous mode [ 593.943117][T16905] syzkaller1: entered allmulticast mode [ 593.975856][T16910] syzkaller0: entered promiscuous mode [ 593.986368][T16910] syzkaller0: entered allmulticast mode [ 594.052767][T16911] syzkaller0: entered promiscuous mode [ 594.059698][T16911] syzkaller0: entered allmulticast mode [ 594.323618][ T999] wlan1: Trigger new scan to find an IBSS to join [ 594.493265][T16927] syzkaller0: entered promiscuous mode [ 594.527771][T16927] syzkaller0: entered allmulticast mode [ 595.003904][T16965] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3269'. [ 595.168306][T16970] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3270'. [ 595.950437][T16923] lo speed is unknown, defaulting to 1000 [ 595.980274][T16932] syzkaller0: entered promiscuous mode [ 595.986917][T16932] syzkaller0: entered allmulticast mode [ 596.161479][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 597.283484][ T84] wlan1: Trigger new scan to find an IBSS to join [ 597.753723][T17004] syzkaller0: entered promiscuous mode [ 597.759249][T17004] syzkaller0: entered allmulticast mode [ 598.053458][T17028] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3285'. [ 598.118840][T17033] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 598.801788][ T50] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 598.812038][ T84] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 599.246559][T15265] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 599.350824][T17043] syzkaller0: entered promiscuous mode [ 599.358469][T17043] syzkaller0: entered allmulticast mode [ 600.325269][ T3015] wlan1: Trigger new scan to find an IBSS to join [ 600.350530][ T9310] lec:lec_start_xmit: lec0:No lecd attached [ 601.040862][T17063] ip6gretap1: entered allmulticast mode [ 601.149893][T17089] syzkaller0: entered promiscuous mode [ 601.155609][T17089] syzkaller0: entered allmulticast mode [ 601.211450][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 601.290208][ T37] wlan1: Creating new IBSS network, BSSID 12:fe:b8:78:a3:3d [ 601.370489][T17112] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3297'. [ 601.431677][ T37] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 602.185147][T17067] lo speed is unknown, defaulting to 1000 [ 602.212693][T17114] syzkaller1: entered promiscuous mode [ 602.228422][T17114] syzkaller1: entered allmulticast mode [ 602.328335][ T2993] wlan1: Trigger new scan to find an IBSS to join [ 602.474750][T17124] syzkaller0: entered promiscuous mode [ 602.542459][T17124] syzkaller0: entered allmulticast mode [ 602.578000][T17126] syzkaller0: entered promiscuous mode [ 602.589737][T17126] syzkaller0: entered allmulticast mode [ 603.377838][T17151] syzkaller0: entered promiscuous mode [ 603.397718][T17151] syzkaller0: entered allmulticast mode [ 603.445495][T17154] syzkaller0: entered promiscuous mode [ 603.450979][T17154] syzkaller0: entered allmulticast mode [ 603.478366][T17159] syzkaller0: entered promiscuous mode [ 603.490288][T17159] syzkaller0: entered allmulticast mode [ 604.932141][T17202] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3317'. [ 605.024615][T17200] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3318'. [ 605.050087][T17200] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3318'. [ 605.071456][T17200] iwpm_parse_nlmsg: Invalid NULL attribute (msg type Remote Mapping info ret = -22) [ 605.281964][ T2993] wlan1: Trigger new scan to find an IBSS to join [ 605.361558][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms [ 605.369682][ C0] lec:lec_tx_timeout: lec0 [ 605.446108][T17206] syzkaller1: entered promiscuous mode [ 605.463155][T17206] syzkaller1: entered allmulticast mode [ 605.636565][T17205] lo speed is unknown, defaulting to 1000 [ 605.694494][T17208] syzkaller0: entered promiscuous mode [ 605.700137][T17208] syzkaller0: entered allmulticast mode [ 605.842374][ T25] block nbd2: Possible stuck request ffff888027d20000: control (read@0,1024B). Runtime 300 seconds [ 605.855444][ T25] block nbd2: Possible stuck request ffff888027d20200: control (read@1024,1024B). Runtime 300 seconds [ 605.866625][ T25] block nbd2: Possible stuck request ffff888027d20400: control (read@2048,1024B). Runtime 300 seconds [ 605.877736][ T25] block nbd2: Possible stuck request ffff888027d20600: control (read@3072,1024B). Runtime 300 seconds [ 606.251622][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 607.004042][T17233] syzkaller0: entered promiscuous mode [ 607.009570][T17233] syzkaller0: entered allmulticast mode [ 607.028787][T17243] ip6gretap0: entered allmulticast mode [ 607.128175][T17242] lo speed is unknown, defaulting to 1000 [ 607.354099][T17257] syzkaller0: entered promiscuous mode [ 607.374760][T17257] syzkaller0: entered allmulticast mode [ 607.495333][T17264] syzkaller0: entered promiscuous mode [ 607.500842][T17264] syzkaller0: entered allmulticast mode [ 608.321911][ T1147] wlan1: Trigger new scan to find an IBSS to join [ 608.872324][T17296] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3334'. [ 609.232698][ T50] wlan1: Creating new IBSS network, BSSID 00:00:00:8d:00:00 [ 610.211607][T17315] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3340'. [ 610.219052][T17314] syzkaller0: entered promiscuous mode [ 610.226097][T17314] syzkaller0: entered allmulticast mode [ 610.275463][ T50] wlan1: Selected IBSS BSSID 00:00:00:8d:00:00 based on configured SSID [ 610.398857][T17319] syzkaller0: entered promiscuous mode [ 610.412979][T17319] syzkaller0: entered allmulticast mode [ 610.615653][T17335] syzkaller0: entered promiscuous mode [ 610.626414][T17335] syzkaller0: entered allmulticast mode [ 611.109709][T17339] syzkaller0: entered promiscuous mode [ 611.138206][T17339] syzkaller0: entered allmulticast mode [ 611.194463][T17347] syzkaller0: entered promiscuous mode [ 611.199982][T17347] syzkaller0: entered allmulticast mode [ 611.286459][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 611.990191][T17298] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 612.266524][T17356] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3353'. [ 612.291439][T17356] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3353'. [ 612.310687][T17356] iwpm_parse_nlmsg: Invalid NULL attribute (msg type Remote Mapping info ret = -22) [ 614.465904][T17405] syzkaller0: entered promiscuous mode [ 614.491491][T17405] syzkaller0: entered allmulticast mode [ 614.528606][T17366] lo speed is unknown, defaulting to 1000 [ 615.859228][ T5488] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 616.010736][T17443] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 616.321630][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 616.374136][T17458] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3375'. [ 616.400519][T17458] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 616.407823][T17458] IPv6: NLM_F_CREATE should be set when creating new route [ 616.409672][T17446] syzkaller0: entered promiscuous mode [ 616.420714][T17446] syzkaller0: entered allmulticast mode [ 616.449624][T17459] syzkaller0: entered promiscuous mode [ 616.455250][T17459] syzkaller0: entered allmulticast mode [ 616.707369][T17476] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3380'. [ 616.890410][ T5488] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 617.725871][T17477] syzkaller0: entered promiscuous mode [ 617.745943][T17477] syzkaller0: entered allmulticast mode [ 617.808720][T17476] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3380'. [ 617.936963][T17482] syzkaller0: entered promiscuous mode [ 617.961610][T17482] syzkaller0: entered allmulticast mode [ 620.102180][T17443] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 620.173650][ T2993] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 620.182592][ T2993] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 620.194559][ T2993] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 620.273374][ T2993] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 620.576776][T17539] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3392'. [ 620.612044][T17539] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 620.619255][T17539] IPv6: NLM_F_CREATE should be set when creating new route [ 620.711555][T17548] syzkaller0: entered promiscuous mode [ 620.717150][T17548] syzkaller0: entered allmulticast mode [ 620.881400][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 620.894214][ T5488] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 621.361437][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 621.517860][T17573] syzkaller0: entered promiscuous mode [ 621.534607][ T6939] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 621.554394][ T6939] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 621.564084][ T6939] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 621.573293][ T6939] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 621.581702][ T6939] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 621.622731][T17573] syzkaller0: entered allmulticast mode [ 622.080801][T17598] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3412'. [ 622.090714][T17598] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 622.098003][T17598] IPv6: NLM_F_CREATE should be set when creating new route [ 622.944916][T17577] syzkaller0: entered promiscuous mode [ 622.950398][T17577] syzkaller0: entered allmulticast mode [ 623.683301][ T5839] Bluetooth: hci6: command tx timeout [ 623.768753][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 623.778079][ T1297] lec:lec_start_xmit: lec0:No lecd attached [ 623.784280][ T1297] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 623.793362][ T1297] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 624.698715][ T1147] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 624.774716][T17581] lo speed is unknown, defaulting to 1000 [ 624.887820][T17643] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3424'. [ 624.894780][ T5488] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 624.921396][T17643] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 624.928622][T17643] IPv6: NLM_F_CREATE should be set when creating new route [ 625.080345][ T1147] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.325015][T17650] syzkaller0: entered promiscuous mode [ 625.330506][T17650] syzkaller0: entered allmulticast mode [ 625.405207][ T1147] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.463509][T17656] syzkaller0: entered promiscuous mode [ 625.469109][T17656] syzkaller0: entered allmulticast mode [ 625.762169][ T5839] Bluetooth: hci6: command tx timeout [ 625.921417][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 626.410496][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 627.077403][ T1147] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 627.458608][T17443] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 627.842726][ T5839] Bluetooth: hci6: command tx timeout [ 628.150444][T17665] lo speed is unknown, defaulting to 1000 [ 628.442617][T17728] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3438'. [ 628.451971][T17728] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 628.459184][T17728] IPv6: NLM_F_CREATE should be set when creating new route [ 628.490664][T17730] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 628.497914][T17730] IPv6: NLM_F_CREATE should be set when creating new route [ 628.547671][T17730] gre0: left promiscuous mode [ 628.563617][T17730] gre0: left allmulticast mode [ 628.628765][T17730] bridge0: port 2(bridge_slave_1) entered disabled state [ 628.636050][T17730] bridge0: port 1(bridge_slave_0) entered disabled state [ 628.759813][T17730] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 628.773514][T17730] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 628.914432][T17730] ip6gre1: left promiscuous mode [ 628.919508][T17730] ip6gre1: left allmulticast mode [ 629.152464][ T2993] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 629.174589][ T2993] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 629.281368][ C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5500 ms [ 629.289418][ C0] lec:lec_tx_timeout: lec0 [ 629.299048][ T2993] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 629.330378][ T1147] bridge_slave_1: left allmulticast mode [ 629.344074][ T1147] bridge_slave_1: left promiscuous mode [ 629.352230][ T1147] bridge0: port 2(bridge_slave_1) entered disabled state [ 629.388500][ T1147] bridge_slave_0: left allmulticast mode [ 629.396492][ T1147] bridge_slave_0: left promiscuous mode [ 629.403833][ T1147] bridge0: port 1(bridge_slave_0) entered disabled state [ 629.747170][ T1147] bond1 (unregistering): (slave bridge1): Releasing active interface [ 629.817331][ T1147] bond0 (unregistering): left promiscuous mode [ 629.831359][ T1147] bond_slave_0: left promiscuous mode [ 629.836955][ T1147] bond_slave_1: left promiscuous mode [ 629.872656][ T1147] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 629.889688][ T1147] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 629.912774][ T1147] bond0 (unregistering): Released all slaves [ 629.935596][ T1147] bond1 (unregistering): Released all slaves [ 629.941662][ T5839] Bluetooth: hci6: command tx timeout [ 629.963074][T17581] chnl_net:caif_netlink_parms(): no params data found [ 629.980940][ T2993] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 630.236005][ T1147] tipc: Disabling bearer [ 630.244270][ T1147] tipc: Left network mode [ 630.503978][T17772] syzkaller0: entered promiscuous mode [ 630.524807][T17772] syzkaller0: entered allmulticast mode [ 630.961804][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 631.078935][T17785] syzkaller0: entered promiscuous mode [ 631.084610][T17785] syzkaller0: entered allmulticast mode [ 631.184798][T17792] syzkaller0: entered promiscuous mode [ 631.190525][T17792] syzkaller0: entered allmulticast mode [ 631.201985][T17581] bridge0: port 1(bridge_slave_0) entered blocking state [ 631.212649][T17581] bridge0: port 1(bridge_slave_0) entered disabled state [ 631.232682][T17581] bridge_slave_0: entered allmulticast mode [ 631.259470][T17809] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input5 [ 631.276480][T17581] bridge_slave_0: entered promiscuous mode [ 631.327450][ T37] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 631.441509][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 632.455459][ T50] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 632.880509][T17581] bridge0: port 2(bridge_slave_1) entered blocking state [ 632.891664][T17581] bridge0: port 2(bridge_slave_1) entered disabled state [ 632.898809][T17581] bridge_slave_1: entered allmulticast mode [ 632.916861][T17581] bridge_slave_1: entered promiscuous mode [ 632.929584][T17834] gre0: entered promiscuous mode [ 632.934846][T17834] gre0: entered allmulticast mode [ 633.111659][ T1147] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 633.132567][ T1147] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 633.152155][ T1147] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 633.159797][ T1147] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 633.195344][ T1147] veth1_macvtap: left promiscuous mode [ 633.202528][ T1147] veth0_macvtap: left promiscuous mode [ 633.280316][ T1147] pim6reg (unregistering): left allmulticast mode [ 633.434162][ T1147] team0 (unregistering): Port device team_slave_1 removed [ 633.459683][ T1147] team0 (unregistering): Port device team_slave_0 removed [ 633.843242][T17865] syzkaller0: entered promiscuous mode [ 633.859344][T17865] syzkaller0: entered allmulticast mode [ 634.829268][ T5488] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 635.121457][T17917] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3472'. [ 635.845200][T17581] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 635.881138][T17920] syzkaller1: entered promiscuous mode [ 635.891432][T17920] syzkaller1: entered allmulticast mode [ 635.916771][T17581] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 635.935948][ T25] block nbd2: Possible stuck request ffff888027d20000: control (read@0,1024B). Runtime 330 seconds [ 635.948478][ T25] block nbd2: Possible stuck request ffff888027d20200: control (read@1024,1024B). Runtime 330 seconds [ 635.959580][ T25] block nbd2: Possible stuck request ffff888027d20400: control (read@2048,1024B). Runtime 330 seconds [ 635.970823][ T25] block nbd2: Possible stuck request ffff888027d20600: control (read@3072,1024B). Runtime 330 seconds [ 636.001654][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 636.236384][T17581] team0: Port device team_slave_0 added [ 636.324827][T17581] team0: Port device team_slave_1 added [ 636.466804][T17929] syzkaller0: entered promiscuous mode [ 636.472572][T17929] syzkaller0: entered allmulticast mode [ 636.481420][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 636.526581][T17581] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 636.545690][ T1147] IPVS: stop unused estimator thread 0... [ 636.557267][T17581] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 636.610221][T17581] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 636.622271][T17940] syzkaller0: entered promiscuous mode [ 636.628917][T17940] syzkaller0: entered allmulticast mode [ 638.434936][T17581] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 638.441980][T17581] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 638.468447][T17581] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 638.750388][T17581] hsr_slave_0: entered promiscuous mode [ 638.757785][T17581] hsr_slave_1: entered promiscuous mode [ 638.769343][T18000] syzkaller0: entered promiscuous mode [ 638.776952][T18000] syzkaller0: entered allmulticast mode [ 639.462459][T18022] syzkaller0: entered promiscuous mode [ 639.474847][T18022] syzkaller0: entered allmulticast mode [ 639.620018][T18043] bridge0: port 1(bond0) entered blocking state [ 639.650902][T18043] bridge0: port 1(bond0) entered disabled state [ 639.683535][T18043] bond0: entered allmulticast mode [ 639.986409][T18064] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3499'. [ 640.003393][T18064] xt_hashlimit: size too large, truncated to 1048576 [ 640.049779][T18064] xt_hashlimit: overflow, try lower: 0/0 [ 640.703501][T18055] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 640.900020][T18030] syzkaller0: entered promiscuous mode [ 640.905657][T18028] lo speed is unknown, defaulting to 1000 [ 640.911433][T18030] syzkaller0: entered allmulticast mode [ 641.051450][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 641.196335][T18073] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3500'. [ 641.446301][T18086] syzkaller0: entered promiscuous mode [ 641.461404][T18086] syzkaller0: entered allmulticast mode [ 642.282363][T18114] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3511'. [ 642.330382][T18114] xt_hashlimit: size too large, truncated to 1048576 [ 642.411860][T18114] xt_hashlimit: overflow, try lower: 0/0 [ 642.429636][T18124] syzkaller0: entered promiscuous mode [ 642.452296][T18124] syzkaller0: entered allmulticast mode [ 642.461006][T18113] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 642.564379][T18122] syzkaller0: entered promiscuous mode [ 642.569977][T18122] syzkaller0: entered allmulticast mode [ 642.688305][T18136] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3515'. [ 644.148334][T17581] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 644.316800][T18158] syzkaller0: entered promiscuous mode [ 644.323276][T18158] syzkaller0: entered allmulticast mode [ 644.344031][T17581] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 644.382891][T18165] syzkaller0: entered promiscuous mode [ 644.388453][T18165] syzkaller0: entered allmulticast mode [ 644.739412][T18192] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3527'. [ 644.751791][T18192] xt_hashlimit: size too large, truncated to 1048576 [ 644.758485][T18192] xt_hashlimit: overflow, try lower: 0/0 [ 644.825890][T17443] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 645.463752][T18185] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 646.100035][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 646.255164][ T37] wlan1: Trigger new scan to find an IBSS to join [ 647.487730][T17581] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 647.826375][T17581] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 647.991729][T18250] lo speed is unknown, defaulting to 1000 [ 648.213478][T18270] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3532'. [ 648.507417][T18285] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3536'. [ 648.615635][T18274] syzkaller0: entered promiscuous mode [ 648.633199][T18274] syzkaller0: entered allmulticast mode [ 648.750408][T17581] 8021q: adding VLAN 0 to HW filter on device bond0 [ 648.999581][T18303] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3541'. [ 649.027618][T18303] xt_hashlimit: size too large, truncated to 1048576 [ 649.039099][T18303] xt_hashlimit: overflow, try lower: 0/0 [ 649.283398][ T999] wlan1: Trigger new scan to find an IBSS to join [ 649.709688][T18298] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 650.209293][T17581] 8021q: adding VLAN 0 to HW filter on device team0 [ 650.278522][T18326] syzkaller0: entered promiscuous mode [ 650.284417][T18326] syzkaller0: entered allmulticast mode [ 650.306406][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 650.313590][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 650.446651][T18328] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3547'. [ 650.453667][ T2993] bridge0: port 2(bridge_slave_1) entered blocking state [ 650.462673][ T2993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 650.681550][T18334] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3550'. [ 650.757508][T18340] syzkaller0: entered promiscuous mode [ 650.778362][T18340] syzkaller0: entered allmulticast mode [ 651.121479][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 651.153711][T18350] lo speed is unknown, defaulting to 1000 [ 651.178744][T18359] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3556'. [ 651.190142][T18359] xt_hashlimit: size too large, truncated to 1048576 [ 651.197852][T18359] xt_hashlimit: overflow, try lower: 0/0 [ 651.343877][T17581] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 651.352491][T18358] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 651.470338][T18361] syzkaller0: entered promiscuous mode [ 651.476115][T18361] syzkaller0: entered allmulticast mode [ 652.242233][ T2957] wlan1: Trigger new scan to find an IBSS to join [ 653.006236][T18382] syzkaller0: entered promiscuous mode [ 653.011821][T18382] syzkaller0: entered allmulticast mode [ 653.144559][ T999] wlan1: Creating new IBSS network, BSSID 00:00:00:8d:00:00 [ 653.181059][T18402] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3564'. [ 653.210683][T18403] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3563'. [ 653.223238][T18403] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3563'. [ 654.306903][T17581] veth0_vlan: entered promiscuous mode [ 654.338380][T17581] veth1_vlan: entered promiscuous mode [ 654.381331][T18418] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3566'. [ 654.500905][T17581] veth0_macvtap: entered promiscuous mode [ 654.538533][T17581] veth1_macvtap: entered promiscuous mode [ 654.685067][T17581] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 654.727825][T18429] syzkaller0: entered promiscuous mode [ 654.754918][T18436] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3573'. [ 654.767408][T18429] syzkaller0: entered allmulticast mode [ 654.817120][T17581] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 655.029573][T18446] syzkaller0: entered promiscuous mode [ 655.035138][T18446] syzkaller0: entered allmulticast mode [ 655.122051][T18456] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3576'. [ 655.162735][T18447] ip6gretap1: entered allmulticast mode [ 655.187565][ T2957] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 655.203979][ T2957] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 656.171551][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 656.423198][T18443] lo speed is unknown, defaulting to 1000 [ 656.440236][ T2957] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 656.454730][T18459] gre0: left promiscuous mode [ 656.566765][T18459] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 656.610716][ T2957] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 656.705844][T18479] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input6 [ 656.796506][T18473] syzkaller0: entered promiscuous mode [ 656.802279][T18473] syzkaller0: entered allmulticast mode [ 656.915805][T18487] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3582'. [ 657.875359][T18488] syzkaller0: entered promiscuous mode [ 657.882337][T18488] syzkaller0: entered allmulticast mode [ 658.155096][T18510] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3588'. [ 658.333136][T18515] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3587'. [ 658.450536][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 658.481015][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 658.543283][T18525] 8021q: adding VLAN 0 to HW filter on device bond0 [ 658.612910][T18525] bond0: (slave rose0): Enslaving as an active interface with an up link [ 658.683165][T18528] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 658.805084][ T84] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 658.817800][T18532] syzkaller0: entered promiscuous mode [ 658.820224][ T84] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 658.831736][T18532] syzkaller0: entered allmulticast mode [ 659.097324][T18542] gre0: left promiscuous mode [ 659.510457][T18542] 8021q: adding VLAN 0 to HW filter on device bond0 [ 659.632077][T18542] 8021q: adding VLAN 0 to HW filter on device team0 [ 659.728950][T18575] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3601'. [ 659.893517][ T5839] block nbd5: Receive control failed (result -111) [ 659.905598][ T5839] [ 659.907935][ T5839] ====================================================== [ 659.914946][ T5839] WARNING: possible circular locking dependency detected [ 659.921968][ T5839] syzkaller #0 Not tainted [ 659.926382][ T5839] ------------------------------------------------------ [ 659.933395][ T5839] kworker/u9:3/5839 is trying to acquire lock: [ 659.939551][ T5839] ffff88807eff28a0 (sk_lock-AF_INET){+.+.}-{0:0}, at: inet_shutdown+0x67/0x410 [ 659.948594][ T5839] [ 659.948594][ T5839] but task is already holding lock: [ 659.955956][ T5839] ffff88801ef86870 (&nsock->tx_lock){+.+.}-{4:4}, at: recv_work+0x5e7/0x8c0 [ 659.964722][ T5839] [ 659.964722][ T5839] which lock already depends on the new lock. [ 659.964722][ T5839] [ 659.968328][T18542] chnl_net:chnl_net_open(): err: Unable to register and open device, Err:-19 [ 659.975117][ T5839] [ 659.975117][ T5839] the existing dependency chain (in reverse order) is: [ 659.975132][ T5839] [ 659.975132][ T5839] -> #6 (&nsock->tx_lock){+.+.}-{4:4}: [ 659.975186][ T5839] __mutex_lock+0x1a2/0x1b90 [ 660.005706][ T5839] nbd_queue_rq+0x428/0x1080 [ 660.010826][ T5839] blk_mq_dispatch_rq_list+0x422/0x1e70 [ 660.016917][ T5839] __blk_mq_sched_dispatch_requests+0xcea/0x1620 [ 660.023782][ T5839] blk_mq_sched_dispatch_requests+0xd7/0x1c0 [ 660.030297][ T5839] blk_mq_run_hw_queue+0x23c/0x670 [ 660.035939][ T5839] blk_mq_dispatch_list+0x51d/0x1360 [ 660.041766][ T5839] blk_mq_flush_plug_list+0x130/0x600 [ 660.047678][ T5839] __blk_flush_plug+0x2c4/0x4b0 [ 660.053064][ T5839] __submit_bio+0x584/0x6c0 [ 660.058107][ T5839] submit_bio_noacct_nocheck+0x562/0xc10 [ 660.064276][ T5839] submit_bio_noacct+0xd17/0x2010 [ 660.069838][ T5839] submit_bh_wbc+0x59c/0x770 [ 660.074983][ T5839] block_read_full_folio+0x264/0x8e0 [ 660.080801][ T5839] filemap_read_folio+0xfc/0x3b0 [ 660.086268][ T5839] do_read_cache_folio+0x2d7/0x6b0 [ 660.091912][ T5839] read_part_sector+0xd1/0x370 [ 660.097202][ T5839] adfspart_check_ICS+0x93/0x910 [ 660.102667][ T5839] bdev_disk_changed+0x7f8/0xc80 [ 660.108131][ T5839] blkdev_get_whole+0x187/0x290 [ 660.113513][ T5839] bdev_open+0x2c7/0xe40 [ 660.118289][ T5839] blkdev_open+0x34e/0x4f0 [ 660.123246][ T5839] do_dentry_open+0x6d8/0x1660 [ 660.128549][ T5839] vfs_open+0x82/0x3f0 [ 660.133159][ T5839] path_openat+0x208c/0x31a0 [ 660.138290][ T5839] do_file_open+0x20e/0x430 [ 660.143330][ T5839] do_sys_openat2+0x10d/0x1e0 [ 660.148533][ T5839] __x64_sys_openat+0x12d/0x210 [ 660.153905][ T5839] do_syscall_64+0x106/0xf80 [ 660.159037][ T5839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.165464][ T5839] [ 660.165464][ T5839] -> #5 (&cmd->lock){+.+.}-{4:4}: [ 660.172697][ T5839] __mutex_lock+0x1a2/0x1b90 [ 660.177835][ T5839] nbd_queue_rq+0xba/0x1080 [ 660.182870][ T5839] blk_mq_dispatch_rq_list+0x422/0x1e70 [ 660.188960][ T5839] __blk_mq_sched_dispatch_requests+0xcea/0x1620 [ 660.195825][ T5839] blk_mq_sched_dispatch_requests+0xd7/0x1c0 [ 660.202339][ T5839] blk_mq_run_hw_queue+0x23c/0x670 [ 660.207980][ T5839] blk_mq_dispatch_list+0x51d/0x1360 [ 660.213801][ T5839] blk_mq_flush_plug_list+0x130/0x600 [ 660.219711][ T5839] __blk_flush_plug+0x2c4/0x4b0 [ 660.225108][ T5839] __submit_bio+0x584/0x6c0 [ 660.230147][ T5839] submit_bio_noacct_nocheck+0x562/0xc10 [ 660.236317][ T5839] submit_bio_noacct+0xd17/0x2010 [ 660.241878][ T5839] submit_bh_wbc+0x59c/0x770 [ 660.247017][ T5839] block_read_full_folio+0x264/0x8e0 [ 660.252836][ T5839] filemap_read_folio+0xfc/0x3b0 [ 660.258304][ T5839] do_read_cache_folio+0x2d7/0x6b0 [ 660.263943][ T5839] read_part_sector+0xd1/0x370 [ 660.269234][ T5839] adfspart_check_ICS+0x93/0x910 [ 660.274701][ T5839] bdev_disk_changed+0x7f8/0xc80 [ 660.280172][ T5839] blkdev_get_whole+0x187/0x290 [ 660.285563][ T5839] bdev_open+0x2c7/0xe40 [ 660.290338][ T5839] blkdev_open+0x34e/0x4f0 [ 660.295292][ T5839] do_dentry_open+0x6d8/0x1660 [ 660.300593][ T5839] vfs_open+0x82/0x3f0 [ 660.305206][ T5839] path_openat+0x208c/0x31a0 [ 660.310336][ T5839] do_file_open+0x20e/0x430 [ 660.315377][ T5839] do_sys_openat2+0x10d/0x1e0 [ 660.320575][ T5839] __x64_sys_openat+0x12d/0x210 [ 660.325957][ T5839] do_syscall_64+0x106/0xf80 [ 660.331095][ T5839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.337604][ T5839] [ 660.337604][ T5839] -> #4 (set->srcu){.+.+}-{0:0}: [ 660.344750][ T5839] __synchronize_srcu+0xa1/0x2a0 [ 660.350239][ T5839] blk_mq_quiesce_queue+0x149/0x1c0 [ 660.355968][ T5839] elevator_switch+0x17b/0x7e0 [ 660.361266][ T5839] elevator_change+0x352/0x530 [ 660.366558][ T5839] elevator_set_default+0x29e/0x360 [ 660.372300][ T5839] blk_register_queue+0x412/0x590 [ 660.377851][ T5839] __add_disk+0x73f/0xe40 [ 660.382718][ T5839] add_disk_fwnode+0x118/0x5c0 [ 660.388454][ T5839] nbd_dev_add+0x77a/0xb10 [ 660.393417][ T5839] nbd_init+0x291/0x2b0 [ 660.398117][ T5839] do_one_initcall+0x11d/0x760 [ 660.403408][ T5839] kernel_init_freeable+0x6e5/0x7a0 [ 660.409133][ T5839] kernel_init+0x1f/0x1e0 [ 660.413990][ T5839] ret_from_fork+0x754/0xd80 [ 660.419133][ T5839] ret_from_fork_asm+0x1a/0x30 [ 660.424421][ T5839] [ 660.424421][ T5839] -> #3 (&q->elevator_lock){+.+.}-{4:4}: [ 660.432256][ T5839] __mutex_lock+0x1a2/0x1b90 [ 660.437397][ T5839] elevator_change+0x1bc/0x530 [ 660.442691][ T5839] elevator_set_none+0x92/0xf0 [ 660.448077][ T5839] blk_mq_update_nr_hw_queues+0x4c1/0x15f0 [ 660.454432][ T5839] nbd_start_device+0x1a6/0xbd0 [ 660.459807][ T5839] nbd_genl_connect+0xff2/0x1a40 [ 660.465268][ T5839] genl_family_rcv_msg_doit+0x214/0x300 [ 660.471345][ T5839] genl_rcv_msg+0x560/0x800 [ 660.476375][ T5839] netlink_rcv_skb+0x159/0x420 [ 660.481683][ T5839] genl_rcv+0x28/0x40 [ 660.486184][ T5839] netlink_unicast+0x5aa/0x870 [ 660.491576][ T5839] netlink_sendmsg+0x8b0/0xda0 [ 660.496883][ T5839] ____sys_sendmsg+0x9e1/0xb70 [ 660.502175][ T5839] ___sys_sendmsg+0x190/0x1e0 [ 660.507376][ T5839] __sys_sendmsg+0x170/0x220 [ 660.512502][ T5839] do_syscall_64+0x106/0xf80 [ 660.517633][ T5839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.524058][ T5839] [ 660.524058][ T5839] -> #2 (&q->q_usage_counter(io)#52){++++}-{0:0}: [ 660.532693][ T5839] blk_alloc_queue+0x610/0x790 [ 660.537994][ T5839] blk_mq_alloc_queue+0x174/0x290 [ 660.543573][ T5839] __blk_mq_alloc_disk+0x29/0x120 [ 660.549141][ T5839] nbd_dev_add+0x492/0xb10 [ 660.554104][ T5839] nbd_init+0x291/0x2b0 [ 660.558805][ T5839] do_one_initcall+0x11d/0x760 [ 660.564099][ T5839] kernel_init_freeable+0x6e5/0x7a0 [ 660.569825][ T5839] kernel_init+0x1f/0x1e0 [ 660.574681][ T5839] ret_from_fork+0x754/0xd80 [ 660.579815][ T5839] ret_from_fork_asm+0x1a/0x30 [ 660.585105][ T5839] [ 660.585105][ T5839] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 660.592337][ T5839] fs_reclaim_acquire+0xc4/0x100 [ 660.597817][ T5839] kmem_cache_alloc_node_noprof+0x53/0x6f0 [ 660.604155][ T5839] __alloc_skb+0x140/0x710 [ 660.609109][ T5839] tcp_stream_alloc_skb+0x34/0x660 [ 660.614745][ T5839] tcp_sendmsg_locked+0x1396/0x45e0 [ 660.620555][ T5839] tcp_sendmsg+0x2e/0x50 [ 660.625321][ T5839] inet_sendmsg+0xb9/0x140 [ 660.630275][ T5839] sock_write_iter+0x4ea/0x5a0 [ 660.635566][ T5839] vfs_write+0x6ac/0x1070 [ 660.640431][ T5839] ksys_write+0x1f8/0x250 [ 660.645294][ T5839] do_syscall_64+0x106/0xf80 [ 660.650438][ T5839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 660.656863][ T5839] [ 660.656863][ T5839] -> #0 (sk_lock-AF_INET){+.+.}-{0:0}: [ 660.664532][ T5839] __lock_acquire+0x14b8/0x2630 [ 660.669927][ T5839] lock_acquire+0x1cf/0x380 [ 660.674968][ T5839] lock_sock_nested+0x41/0xf0 [ 660.680180][ T5839] inet_shutdown+0x67/0x410 [ 660.685230][ T5839] nbd_mark_nsock_dead+0xae/0x5c0 [ 660.690800][ T5839] recv_work+0x5fb/0x8c0 [ 660.695562][ T5839] process_one_work+0xa23/0x19a0 [ 660.701021][ T5839] worker_thread+0x5ef/0xe50 [ 660.706129][ T5839] kthread+0x370/0x450 [ 660.710742][ T5839] ret_from_fork+0x754/0xd80 [ 660.715880][ T5839] ret_from_fork_asm+0x1a/0x30 [ 660.721173][ T5839] [ 660.721173][ T5839] other info that might help us debug this: [ 660.721173][ T5839] [ 660.731399][ T5839] Chain exists of: [ 660.731399][ T5839] sk_lock-AF_INET --> &cmd->lock --> &nsock->tx_lock [ 660.731399][ T5839] [ 660.744040][ T5839] Possible unsafe locking scenario: [ 660.744040][ T5839] [ 660.751483][ T5839] CPU0 CPU1 [ 660.756850][ T5839] ---- ---- [ 660.762205][ T5839] lock(&nsock->tx_lock); [ 660.766627][ T5839] lock(&cmd->lock); [ 660.773130][ T5839] lock(&nsock->tx_lock); [ 660.780066][ T5839] lock(sk_lock-AF_INET); [ 660.784484][ T5839] [ 660.784484][ T5839] *** DEADLOCK *** [ 660.784484][ T5839] [ 660.792618][ T5839] 3 locks held by kworker/u9:3/5839: [ 660.797895][ T5839] #0: ffff888027da5948 ((wq_completion)nbd5-recv){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 [ 660.808637][ T5839] #1: ffffc90003417d08 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 [ 660.819815][ T5839] #2: ffff88801ef86870 (&nsock->tx_lock){+.+.}-{4:4}, at: recv_work+0x5e7/0x8c0 [ 660.828992][ T5839] [ 660.828992][ T5839] stack backtrace: [ 660.834875][ T5839] CPU: 1 UID: 0 PID: 5839 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT(full) [ 660.834915][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 660.834939][ T5839] Workqueue: nbd5-recv recv_work [ 660.834970][ T5839] Call Trace: [ 660.834981][ T5839] [ 660.834992][ T5839] dump_stack_lvl+0x100/0x190 [ 660.835046][ T5839] print_circular_bug.cold+0x178/0x1c7 [ 660.835105][ T5839] check_noncircular+0x146/0x160 [ 660.835153][ T5839] ? srso_alias_return_thunk+0x5/0xfbef5 [ 660.835202][ T5839] __lock_acquire+0x14b8/0x2630 [ 660.835259][ T5839] ? srso_alias_return_thunk+0x5/0xfbef5 [ 660.835300][ T5839] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 660.835353][ T5839] lock_acquire+0x1cf/0x380 [ 660.835402][ T5839] ? inet_shutdown+0x67/0x410 [ 660.835461][ T5839] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 660.835515][ T5839] lock_sock_nested+0x41/0xf0 [ 660.835561][ T5839] ? inet_shutdown+0x67/0x410 [ 660.835615][ T5839] inet_shutdown+0x67/0x410 [ 660.835671][ T5839] nbd_mark_nsock_dead+0xae/0x5c0 [ 660.835726][ T5839] recv_work+0x5fb/0x8c0 [ 660.835758][ T5839] ? __lock_acquire+0xd73/0x2630 [ 660.835811][ T5839] ? __pfx_recv_work+0x10/0x10 [ 660.835841][ T5839] ? srso_alias_return_thunk+0x5/0xfbef5 [ 660.835881][ T5839] ? debug_object_deactivate+0x2e4/0x3b0 [ 660.835945][ T5839] ? srso_alias_return_thunk+0x5/0xfbef5 [ 660.836002][ T5839] ? srso_alias_return_thunk+0x5/0xfbef5 [ 660.836043][ T5839] ? rcu_is_watching+0x12/0xc0 [ 660.836084][ T5839] process_one_work+0xa23/0x19a0 [ 660.836126][ T5839] ? __pfx_process_one_work+0x10/0x10 [ 660.836156][ T5839] ? srso_alias_return_thunk+0x5/0xfbef5 [ 660.836205][ T5839] ? srso_alias_return_thunk+0x5/0xfbef5 [ 660.836248][ T5839] worker_thread+0x5ef/0xe50 [ 660.836286][ T5839] ? __pfx_worker_thread+0x10/0x10 [ 660.836323][ T5839] ? kthread+0x13a/0x450 [ 660.836373][ T5839] ? __pfx_worker_thread+0x10/0x10 [ 660.836403][ T5839] kthread+0x370/0x450 [ 660.836453][ T5839] ? __pfx_kthread+0x10/0x10 [ 660.836505][ T5839] ret_from_fork+0x754/0xd80 [ 660.836560][ T5839] ? __pfx_ret_from_fork+0x10/0x10 [ 660.836615][ T5839] ? srso_alias_return_thunk+0x5/0xfbef5 [ 660.836655][ T5839] ? __switch_to+0x7b4/0x1120 [ 660.836693][ T5839] ? __pfx_kthread+0x10/0x10 [ 660.836746][ T5839] ret_from_fork_asm+0x1a/0x30 [ 660.836793][ T5839] [ 661.122421][T18542] caif:caif_disconnect_client(): nothing to disconnect SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 661.211396][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 661.391507][T18542] chnl_net:chnl_flowctrl_cb(): NET flowctrl func called flow: CLOSE/DEINIT [ 661.400150][T18542] chnl_net:chnl_net_open(): state disconnected [ 661.421328][T18542] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 661.959215][ T3015] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 661.974953][T18481] ================================================================== [ 661.983053][T18481] BUG: KASAN: use-after-free in __mutex_lock+0x1861/0x1b90 [ 661.990304][T18481] Read of size 8 at addr ffff8880412680a8 by task khidpd_10cf5500/18481 [ 661.998643][T18481] [ 662.000973][T18481] CPU: 0 UID: 0 PID: 18481 Comm: khidpd_10cf5500 Not tainted syzkaller #0 PREEMPT(full) [ 662.001018][T18481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 662.001041][T18481] Call Trace: [ 662.001052][T18481] [ 662.001065][T18481] dump_stack_lvl+0x100/0x190 [ 662.001125][T18481] print_report+0x156/0x4c9 [ 662.001177][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 662.001223][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 662.001267][T18481] ? __phys_addr+0xe8/0x180 [ 662.001326][T18481] ? __mutex_lock+0x1861/0x1b90 [ 662.001384][T18481] kasan_report+0xdf/0x1e0 [ 662.001437][T18481] ? __mutex_lock+0x1861/0x1b90 [ 662.001497][T18481] __mutex_lock+0x1861/0x1b90 [ 662.001587][T18481] ? __pfx_debug_object_deactivate+0x10/0x10 [ 662.001667][T18481] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 662.001706][T18481] ? l2cap_unregister_user+0x71/0x240 [ 662.001769][T18481] ? _raw_spin_lock_irqsave+0x52/0x60 [ 662.001819][T18481] ? __pfx___mutex_lock+0x10/0x10 [ 662.001873][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 662.001919][T18481] ? rcu_is_watching+0x12/0xc0 [ 662.001958][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 662.002003][T18481] ? rcu_is_watching+0x12/0xc0 [ 662.002046][T18481] ? __try_to_del_timer_sync+0x107/0x160 [ 662.002095][T18481] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 662.002141][T18481] ? __timer_delete_sync+0x151/0x1c0 [ 662.002188][T18481] ? rcu_is_watching+0x12/0xc0 [ 662.002231][T18481] ? l2cap_unregister_user+0x71/0x240 [ 662.002289][T18481] l2cap_unregister_user+0x71/0x240 [ 662.002354][T18481] hidp_session_thread+0x459/0x680 [ 662.002401][T18481] ? __pfx_hidp_session_thread+0x10/0x10 [ 662.002447][T18481] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 662.002491][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 662.002534][T18481] ? rcu_is_watching+0x12/0xc0 [ 662.002570][T18481] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 662.002609][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 662.002649][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 662.002688][T18481] ? __kthread_parkme+0x18c/0x230 [ 662.002734][T18481] ? kthread+0x13a/0x450 [ 662.002783][T18481] ? __pfx_hidp_session_thread+0x10/0x10 [ 662.002824][T18481] kthread+0x370/0x450 [ 662.002874][T18481] ? __pfx_kthread+0x10/0x10 [ 662.002930][T18481] ret_from_fork+0x754/0xd80 [ 662.002988][T18481] ? __pfx_ret_from_fork+0x10/0x10 [ 662.003056][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 662.003097][T18481] ? rcu_is_watching+0x12/0xc0 [ 662.003131][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 662.003172][T18481] ? __switch_to+0x7b4/0x1120 [ 662.003209][T18481] ? __pfx_kthread+0x10/0x10 [ 662.003260][T18481] ret_from_fork_asm+0x1a/0x30 [ 662.003307][T18481] [ 662.003323][T18481] [ 662.265363][T18481] The buggy address belongs to the physical page: [ 662.271765][T18481] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804126b400 pfn:0x41268 [ 662.281829][T18481] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 662.288949][T18481] raw: 00fff00000000000 ffffea00016b1c08 ffff8880b8441140 0000000000000000 [ 662.297537][T18481] raw: ffff88804126b400 0000000000000000 00000000ffffffff 0000000000000000 [ 662.306198][T18481] page dumped because: kasan: bad access detected [ 662.312600][T18481] page_owner tracks the page as freed [ 662.317955][T18481] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 17581, tgid 17581 (syz-executor), ts 621499508745, free_ts 661973745384 [ 662.336209][T18481] post_alloc_hook+0x153/0x170 [ 662.340985][T18481] get_page_from_freelist+0x111d/0x3140 [ 662.346539][T18481] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 662.352438][T18481] alloc_pages_mpol+0x1fb/0x550 [ 662.357390][T18481] ___kmalloc_large_node+0x104/0x150 [ 662.362699][T18481] __kmalloc_large_node_noprof+0x1c/0x70 [ 662.368354][T18481] __kmalloc_noprof+0x5be/0x850 [ 662.373214][T18481] hci_alloc_dev_priv+0x1d/0x28a0 [ 662.378249][T18481] __vhci_create_device+0xf0/0x880 [ 662.383368][T18481] vhci_write+0x2c4/0x490 [ 662.387705][T18481] vfs_write+0x6ac/0x1070 [ 662.392043][T18481] ksys_write+0x12a/0x250 [ 662.396387][T18481] do_syscall_64+0x106/0xf80 [ 662.400996][T18481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 662.406893][T18481] page last free pid 18575 tgid 18572 stack trace: [ 662.413384][T18481] __free_frozen_pages+0x7e1/0x10d0 [ 662.418608][T18481] hci_release_dev+0x4ef/0x630 [ 662.423379][T18481] bt_host_release+0x6a/0xb0 [ 662.427981][T18481] device_release+0xa4/0x240 [ 662.432583][T18481] kobject_put+0x1f7/0x640 [ 662.437018][T18481] put_device+0x1f/0x30 [ 662.441279][T18481] vhci_release+0x185/0x230 [ 662.445786][T18481] __fput+0x3ff/0xb40 [ 662.449788][T18481] task_work_run+0x150/0x240 [ 662.454379][T18481] do_exit+0x8b8/0x2b60 [ 662.458553][T18481] do_group_exit+0xd5/0x2a0 [ 662.463083][T18481] get_signal+0x1ec7/0x21e0 [ 662.467597][T18481] arch_do_signal_or_restart+0x91/0x7a0 [ 662.473157][T18481] exit_to_user_mode_loop+0x86/0x4a0 [ 662.478475][T18481] do_syscall_64+0x67c/0xf80 [ 662.483092][T18481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 662.488994][T18481] [ 662.491317][T18481] Memory state around the buggy address: [ 662.496938][T18481] ffff888041267f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 662.505090][T18481] ffff888041268000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 662.513322][T18481] >ffff888041268080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 662.521373][T18481] ^ [ 662.526731][T18481] ffff888041268100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 662.534789][T18481] ffff888041268180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 662.542844][T18481] ================================================================== [ 662.552409][T18481] ================================================================== [ 662.560480][T18481] BUG: KASAN: use-after-free in do_raw_spin_lock+0x23b/0x260 [ 662.567878][T18481] Read of size 4 at addr ffff888041268064 by task khidpd_10cf5500/18481 [ 662.576210][T18481] [ 662.578539][T18481] CPU: 0 UID: 0 PID: 18481 Comm: khidpd_10cf5500 Tainted: G B syzkaller #0 PREEMPT(full) [ 662.578588][T18481] Tainted: [B]=BAD_PAGE [ 662.578600][T18481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 662.578620][T18481] Call Trace: [ 662.578631][T18481] [ 662.578644][T18481] dump_stack_lvl+0x100/0x190 [ 662.578697][T18481] print_report+0x156/0x4c9 [ 662.578744][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 662.578785][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 662.578825][T18481] ? __phys_addr+0xe8/0x180 [ 662.578873][T18481] ? do_raw_spin_lock+0x23b/0x260 [ 662.578907][T18481] kasan_report+0xdf/0x1e0 [ 662.578953][T18481] ? do_raw_spin_lock+0x23b/0x260 [ 662.578992][T18481] do_raw_spin_lock+0x23b/0x260 [ 662.579024][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 662.579065][T18481] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 662.579103][T18481] ? lock_acquire+0x317/0x380 [ 662.579152][T18481] ? __mutex_lock+0x1861/0x1b90 [ 662.579203][T18481] ? _raw_spin_lock_irqsave+0x52/0x60 [ 662.579247][T18481] _raw_spin_lock_irqsave+0x42/0x60 [ 662.579288][T18481] ? __mutex_lock+0xcc7/0x1b90 [ 662.579338][T18481] __mutex_lock+0xcc7/0x1b90 [ 662.579386][T18481] ? __pfx_debug_object_deactivate+0x10/0x10 [ 662.579441][T18481] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 662.579474][T18481] ? l2cap_unregister_user+0x71/0x240 [ 662.579533][T18481] ? __pfx___mutex_lock+0x10/0x10 [ 662.579581][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 662.579622][T18481] ? rcu_is_watching+0x12/0xc0 [ 662.579658][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 662.579697][T18481] ? rcu_is_watching+0x12/0xc0 [ 662.579735][T18481] ? __try_to_del_timer_sync+0x107/0x160 [ 662.579779][T18481] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 662.579821][T18481] ? __timer_delete_sync+0x151/0x1c0 [ 662.579862][T18481] ? rcu_is_watching+0x12/0xc0 [ 662.579900][T18481] ? l2cap_unregister_user+0x71/0x240 [ 662.579951][T18481] l2cap_unregister_user+0x71/0x240 [ 662.580005][T18481] hidp_session_thread+0x459/0x680 [ 662.580048][T18481] ? __pfx_hidp_session_thread+0x10/0x10 [ 662.580095][T18481] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 662.580135][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 662.580176][T18481] ? rcu_is_watching+0x12/0xc0 [ 662.580210][T18481] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 662.580249][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 662.580290][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 662.580330][T18481] ? __kthread_parkme+0x18c/0x230 [ 662.580376][T18481] ? kthread+0x13a/0x450 [ 662.580426][T18481] ? __pfx_hidp_session_thread+0x10/0x10 [ 662.580466][T18481] kthread+0x370/0x450 [ 662.580515][T18481] ? __pfx_kthread+0x10/0x10 [ 662.580566][T18481] ret_from_fork+0x754/0xd80 [ 662.580620][T18481] ? __pfx_ret_from_fork+0x10/0x10 [ 662.580672][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 662.580712][T18481] ? rcu_is_watching+0x12/0xc0 [ 662.580746][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 662.580786][T18481] ? __switch_to+0x7b4/0x1120 [ 662.580823][T18481] ? __pfx_kthread+0x10/0x10 [ 662.580875][T18481] ret_from_fork_asm+0x1a/0x30 [ 662.580922][T18481] [ 662.580933][T18481] [ 662.884253][T18481] The buggy address belongs to the physical page: [ 662.890657][T18481] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804126b400 pfn:0x41268 [ 662.900722][T18481] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 662.907848][T18481] raw: 00fff00000000000 ffffea00016b1c08 ffff8880b8441140 0000000000000000 [ 662.916437][T18481] raw: ffff88804126b400 0000000000000000 00000000ffffffff 0000000000000000 [ 662.925013][T18481] page dumped because: kasan: bad access detected [ 662.931418][T18481] page_owner tracks the page as freed [ 662.936772][T18481] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 17581, tgid 17581 (syz-executor), ts 621499508745, free_ts 661973745384 [ 662.955025][T18481] post_alloc_hook+0x153/0x170 [ 662.959806][T18481] get_page_from_freelist+0x111d/0x3140 [ 662.965372][T18481] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 662.971295][T18481] alloc_pages_mpol+0x1fb/0x550 [ 662.976181][T18481] ___kmalloc_large_node+0x104/0x150 [ 662.981494][T18481] __kmalloc_large_node_noprof+0x1c/0x70 [ 662.987166][T18481] __kmalloc_noprof+0x5be/0x850 [ 662.992041][T18481] hci_alloc_dev_priv+0x1d/0x28a0 [ 662.997095][T18481] __vhci_create_device+0xf0/0x880 [ 663.002221][T18481] vhci_write+0x2c4/0x490 [ 663.006563][T18481] vfs_write+0x6ac/0x1070 [ 663.010912][T18481] ksys_write+0x12a/0x250 [ 663.015258][T18481] do_syscall_64+0x106/0xf80 [ 663.019895][T18481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 663.025817][T18481] page last free pid 18575 tgid 18572 stack trace: [ 663.032327][T18481] __free_frozen_pages+0x7e1/0x10d0 [ 663.037565][T18481] hci_release_dev+0x4ef/0x630 [ 663.042336][T18481] bt_host_release+0x6a/0xb0 [ 663.046944][T18481] device_release+0xa4/0x240 [ 663.051552][T18481] kobject_put+0x1f7/0x640 [ 663.055988][T18481] put_device+0x1f/0x30 [ 663.060154][T18481] vhci_release+0x185/0x230 [ 663.064662][T18481] __fput+0x3ff/0xb40 [ 663.068670][T18481] task_work_run+0x150/0x240 [ 663.073259][T18481] do_exit+0x8b8/0x2b60 [ 663.077432][T18481] do_group_exit+0xd5/0x2a0 [ 663.081950][T18481] get_signal+0x1ec7/0x21e0 [ 663.086463][T18481] arch_do_signal_or_restart+0x91/0x7a0 [ 663.092016][T18481] exit_to_user_mode_loop+0x86/0x4a0 [ 663.097331][T18481] do_syscall_64+0x67c/0xf80 [ 663.101940][T18481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 663.107838][T18481] [ 663.110151][T18481] Memory state around the buggy address: [ 663.115770][T18481] ffff888041267f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 663.123829][T18481] ffff888041267f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 663.131887][T18481] >ffff888041268000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 663.139941][T18481] ^ [ 663.147129][T18481] ffff888041268080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 663.155187][T18481] ffff888041268100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 663.163255][T18481] ================================================================== [ 663.171304][T18481] ================================================================== [ 663.179355][T18481] BUG: KASAN: use-after-free in do_raw_spin_lock+0x248/0x260 [ 663.186746][T18481] Read of size 8 at addr ffff888041268070 by task khidpd_10cf5500/18481 [ 663.195075][T18481] [ 663.197404][T18481] CPU: 0 UID: 0 PID: 18481 Comm: khidpd_10cf5500 Tainted: G B syzkaller #0 PREEMPT(full) [ 663.197454][T18481] Tainted: [B]=BAD_PAGE [ 663.197466][T18481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 663.197488][T18481] Call Trace: [ 663.197499][T18481] [ 663.197512][T18481] dump_stack_lvl+0x100/0x190 [ 663.197565][T18481] print_report+0x156/0x4c9 [ 663.197616][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 663.197657][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 663.197697][T18481] ? __phys_addr+0xe8/0x180 [ 663.197745][T18481] ? do_raw_spin_lock+0x248/0x260 [ 663.197777][T18481] kasan_report+0xdf/0x1e0 [ 663.197825][T18481] ? do_raw_spin_lock+0x248/0x260 [ 663.197864][T18481] do_raw_spin_lock+0x248/0x260 [ 663.197896][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 663.197938][T18481] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 663.197971][T18481] ? lock_acquire+0x317/0x380 [ 663.198022][T18481] ? __mutex_lock+0x1861/0x1b90 [ 663.198080][T18481] ? _raw_spin_lock_irqsave+0x52/0x60 [ 663.198125][T18481] _raw_spin_lock_irqsave+0x42/0x60 [ 663.198167][T18481] ? __mutex_lock+0xcc7/0x1b90 [ 663.198215][T18481] __mutex_lock+0xcc7/0x1b90 [ 663.198264][T18481] ? __pfx_debug_object_deactivate+0x10/0x10 [ 663.198322][T18481] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 663.198355][T18481] ? l2cap_unregister_user+0x71/0x240 [ 663.198418][T18481] ? __pfx___mutex_lock+0x10/0x10 [ 663.198467][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 663.198508][T18481] ? rcu_is_watching+0x12/0xc0 [ 663.198543][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 663.198583][T18481] ? rcu_is_watching+0x12/0xc0 [ 663.198622][T18481] ? __try_to_del_timer_sync+0x107/0x160 [ 663.198665][T18481] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 663.198708][T18481] ? __timer_delete_sync+0x151/0x1c0 [ 663.198749][T18481] ? rcu_is_watching+0x12/0xc0 [ 663.198787][T18481] ? l2cap_unregister_user+0x71/0x240 [ 663.198837][T18481] l2cap_unregister_user+0x71/0x240 [ 663.198892][T18481] hidp_session_thread+0x459/0x680 [ 663.198935][T18481] ? __pfx_hidp_session_thread+0x10/0x10 [ 663.198977][T18481] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 663.199018][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 663.199058][T18481] ? rcu_is_watching+0x12/0xc0 [ 663.199097][T18481] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 663.199136][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 663.199177][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 663.199216][T18481] ? __kthread_parkme+0x18c/0x230 [ 663.199263][T18481] ? kthread+0x13a/0x450 [ 663.199315][T18481] ? __pfx_hidp_session_thread+0x10/0x10 [ 663.199355][T18481] kthread+0x370/0x450 [ 663.199404][T18481] ? __pfx_kthread+0x10/0x10 [ 663.199456][T18481] ret_from_fork+0x754/0xd80 [ 663.199513][T18481] ? __pfx_ret_from_fork+0x10/0x10 [ 663.199565][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 663.199606][T18481] ? rcu_is_watching+0x12/0xc0 [ 663.199639][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 663.199679][T18481] ? __switch_to+0x7b4/0x1120 [ 663.199717][T18481] ? __pfx_kthread+0x10/0x10 [ 663.199768][T18481] ret_from_fork_asm+0x1a/0x30 [ 663.199815][T18481] [ 663.199826][T18481] [ 663.502919][T18481] The buggy address belongs to the physical page: [ 663.509322][T18481] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804126b400 pfn:0x41268 [ 663.519390][T18481] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 663.526526][T18481] raw: 00fff00000000000 ffffea00016b1c08 ffff8880b8441140 0000000000000000 [ 663.535116][T18481] raw: ffff88804126b400 0000000000000000 00000000ffffffff 0000000000000000 [ 663.543691][T18481] page dumped because: kasan: bad access detected [ 663.550093][T18481] page_owner tracks the page as freed [ 663.555448][T18481] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 17581, tgid 17581 (syz-executor), ts 621499508745, free_ts 661973745384 [ 663.573694][T18481] post_alloc_hook+0x153/0x170 [ 663.578466][T18481] get_page_from_freelist+0x111d/0x3140 [ 663.584016][T18481] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 663.589920][T18481] alloc_pages_mpol+0x1fb/0x550 [ 663.594871][T18481] ___kmalloc_large_node+0x104/0x150 [ 663.600182][T18481] __kmalloc_large_node_noprof+0x1c/0x70 [ 663.605831][T18481] __kmalloc_noprof+0x5be/0x850 [ 663.610684][T18481] hci_alloc_dev_priv+0x1d/0x28a0 [ 663.615719][T18481] __vhci_create_device+0xf0/0x880 [ 663.620843][T18481] vhci_write+0x2c4/0x490 [ 663.625180][T18481] vfs_write+0x6ac/0x1070 [ 663.629521][T18481] ksys_write+0x12a/0x250 [ 663.633862][T18481] do_syscall_64+0x106/0xf80 [ 663.638474][T18481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 663.644374][T18481] page last free pid 18575 tgid 18572 stack trace: [ 663.650866][T18481] __free_frozen_pages+0x7e1/0x10d0 [ 663.656093][T18481] hci_release_dev+0x4ef/0x630 [ 663.660864][T18481] bt_host_release+0x6a/0xb0 [ 663.665474][T18481] device_release+0xa4/0x240 [ 663.670085][T18481] kobject_put+0x1f7/0x640 [ 663.674527][T18481] put_device+0x1f/0x30 [ 663.678699][T18481] vhci_release+0x185/0x230 [ 663.683205][T18481] __fput+0x3ff/0xb40 [ 663.687208][T18481] task_work_run+0x150/0x240 [ 663.691800][T18481] do_exit+0x8b8/0x2b60 [ 663.695974][T18481] do_group_exit+0xd5/0x2a0 [ 663.700489][T18481] get_signal+0x1ec7/0x21e0 [ 663.704994][T18481] arch_do_signal_or_restart+0x91/0x7a0 [ 663.710549][T18481] exit_to_user_mode_loop+0x86/0x4a0 [ 663.715860][T18481] do_syscall_64+0x67c/0xf80 [ 663.720472][T18481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 663.726369][T18481] [ 663.728683][T18481] Memory state around the buggy address: [ 663.734303][T18481] ffff888041267f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 663.742368][T18481] ffff888041267f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 663.750434][T18481] >ffff888041268000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 663.758488][T18481] ^ [ 663.766198][T18481] ffff888041268080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 663.774255][T18481] ffff888041268100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 663.782307][T18481] ================================================================== [ 663.790357][T18481] ================================================================== [ 663.798406][T18481] BUG: KASAN: use-after-free in do_raw_spin_lock+0x231/0x260 [ 663.805790][T18481] Read of size 4 at addr ffff888041268068 by task khidpd_10cf5500/18481 [ 663.814111][T18481] [ 663.816433][T18481] CPU: 0 UID: 0 PID: 18481 Comm: khidpd_10cf5500 Tainted: G B syzkaller #0 PREEMPT(full) [ 663.816481][T18481] Tainted: [B]=BAD_PAGE [ 663.816493][T18481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 663.816514][T18481] Call Trace: [ 663.816525][T18481] [ 663.816539][T18481] dump_stack_lvl+0x100/0x190 [ 663.816592][T18481] print_report+0x156/0x4c9 [ 663.816642][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 663.816684][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 663.816724][T18481] ? __phys_addr+0xe8/0x180 [ 663.816773][T18481] ? do_raw_spin_lock+0x231/0x260 [ 663.816806][T18481] kasan_report+0xdf/0x1e0 [ 663.816854][T18481] ? do_raw_spin_lock+0x231/0x260 [ 663.816892][T18481] do_raw_spin_lock+0x231/0x260 [ 663.816925][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 663.816965][T18481] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 663.816998][T18481] ? lock_acquire+0x317/0x380 [ 663.817050][T18481] ? __mutex_lock+0x1861/0x1b90 [ 663.817106][T18481] ? _raw_spin_lock_irqsave+0x52/0x60 [ 663.817152][T18481] _raw_spin_lock_irqsave+0x42/0x60 [ 663.817193][T18481] ? __mutex_lock+0xcc7/0x1b90 [ 663.817242][T18481] __mutex_lock+0xcc7/0x1b90 [ 663.817291][T18481] ? __pfx_debug_object_deactivate+0x10/0x10 [ 663.817349][T18481] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 663.817382][T18481] ? l2cap_unregister_user+0x71/0x240 [ 663.817444][T18481] ? __pfx___mutex_lock+0x10/0x10 [ 663.817493][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 663.817532][T18481] ? rcu_is_watching+0x12/0xc0 [ 663.817569][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 663.817608][T18481] ? rcu_is_watching+0x12/0xc0 [ 663.817647][T18481] ? __try_to_del_timer_sync+0x107/0x160 [ 663.817691][T18481] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 663.817733][T18481] ? __timer_delete_sync+0x151/0x1c0 [ 663.817775][T18481] ? rcu_is_watching+0x12/0xc0 [ 663.817813][T18481] ? l2cap_unregister_user+0x71/0x240 [ 663.817864][T18481] l2cap_unregister_user+0x71/0x240 [ 663.817918][T18481] hidp_session_thread+0x459/0x680 [ 663.817962][T18481] ? __pfx_hidp_session_thread+0x10/0x10 [ 663.818004][T18481] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 663.818043][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 663.818087][T18481] ? rcu_is_watching+0x12/0xc0 [ 663.818121][T18481] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 663.818161][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 663.818202][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 663.818242][T18481] ? __kthread_parkme+0x18c/0x230 [ 663.818288][T18481] ? kthread+0x13a/0x450 [ 663.818340][T18481] ? __pfx_hidp_session_thread+0x10/0x10 [ 663.818381][T18481] kthread+0x370/0x450 [ 663.818430][T18481] ? __pfx_kthread+0x10/0x10 [ 663.818481][T18481] ret_from_fork+0x754/0xd80 [ 663.818538][T18481] ? __pfx_ret_from_fork+0x10/0x10 [ 663.818590][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 663.818630][T18481] ? rcu_is_watching+0x12/0xc0 [ 663.818664][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 663.818704][T18481] ? __switch_to+0x7b4/0x1120 [ 663.818742][T18481] ? __pfx_kthread+0x10/0x10 [ 663.818793][T18481] ret_from_fork_asm+0x1a/0x30 [ 663.818840][T18481] [ 663.818851][T18481] [ 664.121793][T18481] The buggy address belongs to the physical page: [ 664.128197][T18481] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804126b400 pfn:0x41268 [ 664.138264][T18481] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 664.145387][T18481] raw: 00fff00000000000 ffffea00016b1c08 ffff8880b8441140 0000000000000000 [ 664.153977][T18481] raw: ffff88804126b400 0000000000000000 00000000ffffffff 0000000000000000 [ 664.162553][T18481] page dumped because: kasan: bad access detected [ 664.168953][T18481] page_owner tracks the page as freed [ 664.174308][T18481] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 17581, tgid 17581 (syz-executor), ts 621499508745, free_ts 661973745384 [ 664.192560][T18481] post_alloc_hook+0x153/0x170 [ 664.197335][T18481] get_page_from_freelist+0x111d/0x3140 [ 664.202894][T18481] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 664.208796][T18481] alloc_pages_mpol+0x1fb/0x550 [ 664.213665][T18481] ___kmalloc_large_node+0x104/0x150 [ 664.218973][T18481] __kmalloc_large_node_noprof+0x1c/0x70 [ 664.224628][T18481] __kmalloc_noprof+0x5be/0x850 [ 664.229486][T18481] hci_alloc_dev_priv+0x1d/0x28a0 [ 664.234525][T18481] __vhci_create_device+0xf0/0x880 [ 664.239644][T18481] vhci_write+0x2c4/0x490 [ 664.243985][T18481] vfs_write+0x6ac/0x1070 [ 664.248328][T18481] ksys_write+0x12a/0x250 [ 664.252665][T18481] do_syscall_64+0x106/0xf80 [ 664.257275][T18481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.263175][T18481] page last free pid 18575 tgid 18572 stack trace: [ 664.269673][T18481] __free_frozen_pages+0x7e1/0x10d0 [ 664.274898][T18481] hci_release_dev+0x4ef/0x630 [ 664.279669][T18481] bt_host_release+0x6a/0xb0 [ 664.284272][T18481] device_release+0xa4/0x240 [ 664.288891][T18481] kobject_put+0x1f7/0x640 [ 664.293774][T18481] put_device+0x1f/0x30 [ 664.297937][T18481] vhci_release+0x185/0x230 [ 664.302465][T18481] __fput+0x3ff/0xb40 [ 664.306469][T18481] task_work_run+0x150/0x240 [ 664.311059][T18481] do_exit+0x8b8/0x2b60 [ 664.315240][T18481] do_group_exit+0xd5/0x2a0 [ 664.319755][T18481] get_signal+0x1ec7/0x21e0 [ 664.324263][T18481] arch_do_signal_or_restart+0x91/0x7a0 [ 664.329820][T18481] exit_to_user_mode_loop+0x86/0x4a0 [ 664.335130][T18481] do_syscall_64+0x67c/0xf80 [ 664.339742][T18481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.345639][T18481] [ 664.347951][T18481] Memory state around the buggy address: [ 664.353568][T18481] ffff888041267f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 664.361658][T18481] ffff888041267f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 664.369714][T18481] >ffff888041268000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 664.377762][T18481] ^ [ 664.385206][T18481] ffff888041268080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 664.393266][T18481] ffff888041268100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 664.401332][T18481] ================================================================== [ 664.409382][T18481] ================================================================== [ 664.417430][T18481] BUG: KASAN: use-after-free in do_raw_spin_lock+0x119/0x260 [ 664.424812][T18481] Write of size 4 at addr ffff888041268060 by task khidpd_10cf5500/18481 [ 664.433220][T18481] [ 664.435547][T18481] CPU: 0 UID: 0 PID: 18481 Comm: khidpd_10cf5500 Tainted: G B syzkaller #0 PREEMPT(full) [ 664.435596][T18481] Tainted: [B]=BAD_PAGE [ 664.435608][T18481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 664.435628][T18481] Call Trace: [ 664.435640][T18481] [ 664.435654][T18481] dump_stack_lvl+0x100/0x190 [ 664.435707][T18481] print_report+0x156/0x4c9 [ 664.435758][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 664.435800][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 664.435840][T18481] ? __phys_addr+0xe8/0x180 [ 664.435890][T18481] ? do_raw_spin_lock+0x119/0x260 [ 664.435922][T18481] kasan_report+0xdf/0x1e0 [ 664.435971][T18481] ? do_raw_spin_lock+0x119/0x260 [ 664.436010][T18481] kasan_check_range+0x10f/0x1e0 [ 664.436063][T18481] do_raw_spin_lock+0x119/0x260 [ 664.436097][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 664.436139][T18481] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 664.436172][T18481] ? lock_acquire+0x317/0x380 [ 664.436225][T18481] ? __mutex_lock+0x1861/0x1b90 [ 664.436280][T18481] ? _raw_spin_lock_irqsave+0x52/0x60 [ 664.436329][T18481] _raw_spin_lock_irqsave+0x42/0x60 [ 664.436371][T18481] ? __mutex_lock+0xcc7/0x1b90 [ 664.436421][T18481] __mutex_lock+0xcc7/0x1b90 [ 664.436471][T18481] ? __pfx_debug_object_deactivate+0x10/0x10 [ 664.436530][T18481] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 664.436564][T18481] ? l2cap_unregister_user+0x71/0x240 [ 664.436626][T18481] ? __pfx___mutex_lock+0x10/0x10 [ 664.436675][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 664.436716][T18481] ? rcu_is_watching+0x12/0xc0 [ 664.436752][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 664.436793][T18481] ? rcu_is_watching+0x12/0xc0 [ 664.436832][T18481] ? __try_to_del_timer_sync+0x107/0x160 [ 664.436876][T18481] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 664.436920][T18481] ? __timer_delete_sync+0x151/0x1c0 [ 664.436962][T18481] ? rcu_is_watching+0x12/0xc0 [ 664.437000][T18481] ? l2cap_unregister_user+0x71/0x240 [ 664.437051][T18481] l2cap_unregister_user+0x71/0x240 [ 664.437107][T18481] hidp_session_thread+0x459/0x680 [ 664.437151][T18481] ? __pfx_hidp_session_thread+0x10/0x10 [ 664.437194][T18481] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 664.437235][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 664.437276][T18481] ? rcu_is_watching+0x12/0xc0 [ 664.437311][T18481] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 664.437354][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 664.437396][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 664.437437][T18481] ? __kthread_parkme+0x18c/0x230 [ 664.437484][T18481] ? kthread+0x13a/0x450 [ 664.437536][T18481] ? __pfx_hidp_session_thread+0x10/0x10 [ 664.437577][T18481] kthread+0x370/0x450 [ 664.437626][T18481] ? __pfx_kthread+0x10/0x10 [ 664.437679][T18481] ret_from_fork+0x754/0xd80 [ 664.437737][T18481] ? __pfx_ret_from_fork+0x10/0x10 [ 664.437791][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 664.437831][T18481] ? rcu_is_watching+0x12/0xc0 [ 664.437866][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 664.437907][T18481] ? __switch_to+0x7b4/0x1120 [ 664.437949][T18481] ? __pfx_kthread+0x10/0x10 [ 664.438013][T18481] ret_from_fork_asm+0x1a/0x30 [ 664.438060][T18481] [ 664.438071][T18481] [ 664.746050][T18481] The buggy address belongs to the physical page: [ 664.752543][T18481] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804126b400 pfn:0x41268 [ 664.762613][T18481] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 664.769732][T18481] raw: 00fff00000000000 ffffea00016b1c08 ffff8880b8441140 0000000000000000 [ 664.778323][T18481] raw: ffff88804126b400 0000000000000000 00000000ffffffff 0000000000000000 [ 664.786898][T18481] page dumped because: kasan: bad access detected [ 664.793302][T18481] page_owner tracks the page as freed [ 664.798661][T18481] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 17581, tgid 17581 (syz-executor), ts 621499508745, free_ts 661973745384 [ 664.816907][T18481] post_alloc_hook+0x153/0x170 [ 664.821681][T18481] get_page_from_freelist+0x111d/0x3140 [ 664.827236][T18481] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 664.833138][T18481] alloc_pages_mpol+0x1fb/0x550 [ 664.838003][T18481] ___kmalloc_large_node+0x104/0x150 [ 664.843306][T18481] __kmalloc_large_node_noprof+0x1c/0x70 [ 664.848967][T18481] __kmalloc_noprof+0x5be/0x850 [ 664.853832][T18481] hci_alloc_dev_priv+0x1d/0x28a0 [ 664.858874][T18481] __vhci_create_device+0xf0/0x880 [ 664.863999][T18481] vhci_write+0x2c4/0x490 [ 664.868340][T18481] vfs_write+0x6ac/0x1070 [ 664.872687][T18481] ksys_write+0x12a/0x250 [ 664.877029][T18481] do_syscall_64+0x106/0xf80 [ 664.881638][T18481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.887534][T18481] page last free pid 18575 tgid 18572 stack trace: [ 664.894021][T18481] __free_frozen_pages+0x7e1/0x10d0 [ 664.899255][T18481] hci_release_dev+0x4ef/0x630 [ 664.904019][T18481] bt_host_release+0x6a/0xb0 [ 664.908623][T18481] device_release+0xa4/0x240 [ 664.913224][T18481] kobject_put+0x1f7/0x640 [ 664.917665][T18481] put_device+0x1f/0x30 [ 664.921836][T18481] vhci_release+0x185/0x230 [ 664.926346][T18481] __fput+0x3ff/0xb40 [ 664.930351][T18481] task_work_run+0x150/0x240 [ 664.934941][T18481] do_exit+0x8b8/0x2b60 [ 664.939117][T18481] do_group_exit+0xd5/0x2a0 [ 664.943637][T18481] get_signal+0x1ec7/0x21e0 [ 664.948145][T18481] arch_do_signal_or_restart+0x91/0x7a0 [ 664.953701][T18481] exit_to_user_mode_loop+0x86/0x4a0 [ 664.959010][T18481] do_syscall_64+0x67c/0xf80 [ 664.963622][T18481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.969522][T18481] [ 664.971833][T18481] Memory state around the buggy address: [ 664.977458][T18481] ffff888041267f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 664.985519][T18481] ffff888041267f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 664.993592][T18481] >ffff888041268000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 665.001649][T18481] ^ [ 665.008833][T18481] ffff888041268080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 665.016890][T18481] ffff888041268100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 665.024950][T18481] ================================================================== [ 665.033003][T18481] Kernel panic - not syncing: kasan.fault=panic_on_write set ... [ 665.040716][T18481] CPU: 0 UID: 0 PID: 18481 Comm: khidpd_10cf5500 Tainted: G B syzkaller #0 PREEMPT(full) [ 665.052096][T18481] Tainted: [B]=BAD_PAGE [ 665.056233][T18481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 665.066288][T18481] Call Trace: [ 665.069565][T18481] [ 665.072500][T18481] dump_stack_lvl+0x100/0x190 [ 665.077214][T18481] vpanic+0x552/0x970 [ 665.081203][T18481] ? __pfx_vpanic+0x10/0x10 [ 665.085727][T18481] ? do_raw_spin_lock+0x119/0x260 [ 665.090764][T18481] panic+0xd1/0xe0 [ 665.094489][T18481] ? __pfx_panic+0x10/0x10 [ 665.098998][T18481] ? end_report.part.0+0x23/0x90 [ 665.103961][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 665.109605][T18481] ? rcu_is_watching+0x12/0xc0 [ 665.114376][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 665.120020][T18481] ? lock_release+0x263/0x320 [ 665.124737][T18481] end_report.part.0+0x68/0x90 [ 665.129532][T18481] kasan_report.cold+0xe/0x18 [ 665.134232][T18481] ? do_raw_spin_lock+0x119/0x260 [ 665.139270][T18481] kasan_check_range+0x10f/0x1e0 [ 665.144240][T18481] do_raw_spin_lock+0x119/0x260 [ 665.149095][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 665.154739][T18481] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 665.160114][T18481] ? lock_acquire+0x317/0x380 [ 665.164815][T18481] ? __mutex_lock+0x1861/0x1b90 [ 665.169691][T18481] ? _raw_spin_lock_irqsave+0x52/0x60 [ 665.175080][T18481] _raw_spin_lock_irqsave+0x42/0x60 [ 665.180298][T18481] ? __mutex_lock+0xcc7/0x1b90 [ 665.185094][T18481] __mutex_lock+0xcc7/0x1b90 [ 665.189704][T18481] ? __pfx_debug_object_deactivate+0x10/0x10 [ 665.195715][T18481] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 665.201093][T18481] ? l2cap_unregister_user+0x71/0x240 [ 665.206494][T18481] ? __pfx___mutex_lock+0x10/0x10 [ 665.211542][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 665.217195][T18481] ? rcu_is_watching+0x12/0xc0 [ 665.221972][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 665.227619][T18481] ? rcu_is_watching+0x12/0xc0 [ 665.232395][T18481] ? __try_to_del_timer_sync+0x107/0x160 [ 665.238044][T18481] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 665.244041][T18481] ? __timer_delete_sync+0x151/0x1c0 [ 665.249348][T18481] ? rcu_is_watching+0x12/0xc0 [ 665.254126][T18481] ? l2cap_unregister_user+0x71/0x240 [ 665.259530][T18481] l2cap_unregister_user+0x71/0x240 [ 665.264759][T18481] hidp_session_thread+0x459/0x680 [ 665.269891][T18481] ? __pfx_hidp_session_thread+0x10/0x10 [ 665.275536][T18481] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 665.281793][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 665.287446][T18481] ? rcu_is_watching+0x12/0xc0 [ 665.292223][T18481] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 665.298475][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 665.304122][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 665.309764][T18481] ? __kthread_parkme+0x18c/0x230 [ 665.314808][T18481] ? kthread+0x13a/0x450 [ 665.319082][T18481] ? __pfx_hidp_session_thread+0x10/0x10 [ 665.324730][T18481] kthread+0x370/0x450 [ 665.328825][T18481] ? __pfx_kthread+0x10/0x10 [ 665.333439][T18481] ret_from_fork+0x754/0xd80 [ 665.338068][T18481] ? __pfx_ret_from_fork+0x10/0x10 [ 665.343205][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 665.348852][T18481] ? rcu_is_watching+0x12/0xc0 [ 665.353625][T18481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 665.359269][T18481] ? __switch_to+0x7b4/0x1120 [ 665.363955][T18481] ? __pfx_kthread+0x10/0x10 [ 665.368575][T18481] ret_from_fork_asm+0x1a/0x30 [ 665.373361][T18481] [ 665.377127][T18481] Kernel Offset: disabled [ 665.381444][T18481] Rebooting in 86400 seconds..