last executing test programs: 1.332360286s ago: executing program 1 (id=1861): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) r1 = socket$inet6(0xa, 0x3, 0x88) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000c00)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x200000000, 0x40000000007, 0x20000a0de, 0x40000000000004, 0x5, 0x200000003, 0x400}, {0x40000000000005, 0x0, 0x0, 0x5}, 0xc2, 0x0, 0x1}, {{@in6=@local, 0x0, 0x6c}, 0x2, @in6=@local, 0x3502, 0x1, 0x8, 0x0, 0x9075}}, 0xe8) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x4}}}, 0x1c) 1.142168584s ago: executing program 1 (id=1863): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000080)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000280)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x500, 0x0, 0x1c, {[@window={0xb, 0x3}, @timestamp={0x5, 0x2, 0xfffe, 0x88000}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e) 1.112550314s ago: executing program 3 (id=1864): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'sh\x00', 0x2d, 0xff, 0xf}, 0x2c) 1.015453477s ago: executing program 0 (id=1866): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="034886dd0900300003003000000060ce902d120c2f0081e949b93897bc3b0000000000007d01ff020000000000000000000000000001120022eb"], 0xfdef) 910.33696ms ago: executing program 4 (id=1868): r0 = socket(0x2, 0x3, 0xff) bind$inet(r0, 0x0, 0x0) r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)="711f63377256c1d015c929eb92", 0xd}, 0x1, 0x0, 0x0, 0x20008986}, 0x4044004) recvmmsg(r1, &(0x7f0000003f80)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x12162, 0x0) 836.476311ms ago: executing program 3 (id=1869): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 835.462522ms ago: executing program 2 (id=1870): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x40, '\x00', 0x0, 0x0}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000280), &(0x7f00000000c0)='%pi6 \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0}, 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x10, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000ff0500000000000000000000b7080000000000007b8af8ff00000000b7080000ff0100007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="b34715ecd04550d3abc89b6f7bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 781.890442ms ago: executing program 4 (id=1871): setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000c00)={{{@in=@broadcast, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x200000000, 0x40000000007, 0x20000a0de, 0x40000000000004, 0x2, 0x200000003, 0x400}, {0x40000000000005, 0x0, 0x0, 0x5}, 0x4, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0xa, @in6=@local, 0x3502, 0x1, 0x8, 0x0, 0x9075}}, 0xe8) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x20000328) 773.735856ms ago: executing program 1 (id=1872): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000006bc0)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x8080, @dev={0xfe, 0x80, '\x00', 0x29}, 0x4}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000180)='L', 0x1}], 0x1}}], 0x1, 0x4040001) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e24, 0x100, @local, 0x2}, 0x1c) shutdown(r0, 0x1) getsockopt$bt_hci(r0, 0x84, 0x81, &(0x7f0000001280)=""/4107, &(0x7f00000000c0)=0x100b) 693.296041ms ago: executing program 3 (id=1873): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @multicast2}, 0x20000003}}, 0x2e) ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001300)) readv(r0, &(0x7f0000001440)=[{&(0x7f0000000040)=""/4096, 0x1000}], 0x1) 677.508784ms ago: executing program 0 (id=1874): r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001280)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_ABORT_SCAN(r1, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f00000012c0)={0x1c, r2, 0x5, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x20008080) 650.649844ms ago: executing program 2 (id=1875): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha256\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)="ca", 0x1}], 0x1, 0x0, 0x0, 0x4800}], 0x1, 0xe803) accept4(r1, 0x0, 0x0, 0x80000) 631.029157ms ago: executing program 4 (id=1876): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-384-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56", 0x2) r1 = accept4(r0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000240), r1) 571.77165ms ago: executing program 3 (id=1877): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000080)="580000001500add427323b472545b45602117fffffff81000e224e217f000001925aa80020007b00090080007f000001e809000000ff0000f03ac7108bfaffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) recvfrom$inet6(r0, 0x0, 0x0, 0x40010023, 0x0, 0x0) 539.826913ms ago: executing program 0 (id=1878): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001bc0)=ANY=[], 0x11a0}, 0x1, 0x0, 0x0, 0x8040}, 0x8080) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r1) 480.076933ms ago: executing program 1 (id=1879): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4) sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x80087601, 0x0) 477.73039ms ago: executing program 4 (id=1880): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=@newqdisc={0x54, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x24, 0x2, [@TCA_CODEL_TARGET={0x8, 0x1, 0x8000}, @TCA_CODEL_LIMIT={0x8, 0x2, 0xb}, @TCA_CODEL_CE_THRESHOLD={0x8, 0x5, 0x3}, @TCA_CODEL_ECN={0x8}]}}]}, 0x54}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 457.859846ms ago: executing program 2 (id=1881): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="18010000200000000000000000000000850000006d0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000e00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x18}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 431.135856ms ago: executing program 3 (id=1882): r0 = socket$alg(0x26, 0x5, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000003e80)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000009c0)="18acf8b1ed479de320cdbff21bc648a4423880b9fb95564f48c38e3fdaea755288c2a91a1ef344702de01af77d599320e22a0ea41b13aa09f1b359b0e2d2e8b6074bb4119ea219d2055df8bab18280f3c3ea8e45510d60a28f7af2a9c471dbe0a88f57ae4580b0b420f5f90b70efb6805d81812d5d64c87c99f9c75e9f656dfd6e0cb005b1abd4d879a097dd9d3e6e12f85505cd45c840f9503b2fff6c33e6a675512ab99729da82acc41b65a398d515700ba76224267cdabfb9576027eb82a82c337e379c488d47691d7fe2c55bbe29a7a37633648559a31b90f145d0f5a2d8d9499f100ba95da30ce9df964d2af22e6551f8a35878071d2b5477c0f1c0ab067a8bd9368c04ed9b6e1547f04d022d726bb32daf66bded05624baa409848f50d96df5d0a86c6ce2b9b0767e85c5233c1e30aaad953301d7294b375db43804290971c857070e9d2c8b6397ab8d56358476fc0359ee79b7956f0ef1ce2edefc6bd340037706a57aa98105019c21be58ce8c868c90db57bfe8304416b3e7e02837ea3ce01ce463321f2ea429ee0c42b27d28c2b6063eb5cd746e26ade0c9ae3049ebb8c5038b01281f26c9777fb1263a5ba1262fa783e07ef5ded966eb85a4a811f5aab0d9575551239e9b0f76e5217744b0a8edcb1504774e36818033e3ab03ca6164df64fdf4352b9c88bfa91add131e13bee44e7eb4e38e613f3bab3c6c8a5038e446d57c9058b975f05f36e0e49171b426b99aa82a0656d7ffc46169ee20456aab06ee429bff9408fb1961e3976e288bee69e9ec6dc72862e1cfcc6c4804457285efcb056b0d834666748129994a3fc172c4c9c622a0c4ddd84bce972d56c70f3687222e5857f9a24b0e138a8359409f5b4ba3206c1a7f35c9e90f3ad903715ab7283e700f9ec2c641f38e998122266a8b1731ce1f03d12a643f281b3ace22f1e403dfe05052fdca3da258f8f1bd7c88949d2a14510b4116c5e403b6cee434d4969113ff8eebc1052e6a1dfa710cadfa0dbd96afa3dd1ab32b10e97d4c015e357bb938d5c2420ed83fff6a17ca9c334fc1b1a3b171f3ca2f4f88a66c59477a73265a8dc10c6d0e5ab2f595e4b9bdd160f35a7917d46df4a50b7651a5991f2444fc0a235f210e8ce8afede0b725d0cabfa20e4d36a836314d180f66614db4fbbd15ef7a947247f7f6f0eb34af0b7aeaaa9210154285dcd0389de273ad3459a1d87f062d9a050c57b6325750aeb9f47d7242117d8e0d38ae1e6cef179809d422ae852bf41f8d5ec42fac487ed46e0511a1f554cd6181e6c81dfdafa7c69daa2ba822e22e305b4b8f34c20fcc8e50cf451f053df249a7f5b20cbc0bc127f55d80bc9c0ba3cf9f0a9c56286215c20f9d60cb61276c6bbf772c151be2520e22b8f6daea2aa1f9e1b30bbeed092d3c2fb92a10fb71e7fea336a0258620c918581487ec04c54ca4e9811a83a6bf39dca6a4e89092cdee6e40024bd7c1ae7b3a8cdbb38c21ccb1de68f7fc9fa4726b832cedcfdd22b71f37d66f350e78e3c19bcae0322f8f070c316bc3c2ba0cb12a43746bd8aaa1645e3f8800b93722ac1791396bb3def1678cb5ab3f42c097c4c3684ea61dc89209ae57906bd4577a93b14eceff6f18893064198d9141a927ced2af06226011187f1851d6a5c1b5ff78a4c6d8b387a781c06a286f052d2e828ed94110cd7b9e6cfcb840e12019678080a6e9e517ce8ba6276c5a919197fd0adf86547135fcec083f2c1fea0e40564f279ceec580e827e39fa77bfa823d6e08aa7bd320491381f21be8b10dc2ed7fee1524680a52bb1e14cb6248519100edd7df29bac5c4ad1c893ee99db03aa7e077ba6608b0db797f31a6cd6d5a01077a41df98fc373ac5c149b87c55bb73bb17b09dffa7847b134b866b9ce179d547750dd2fb9c280e2003d132c87e2535f31232a32d738aeedeff052f256a9c866b6c2cb880d15f1acca7396a8f6113afe45e46e96a6c7762eb09d2c568df561d5484356b4ae71f89bf0126c6670c4fbeee59a89e20206401ef85f083039aa9ceacc2912427b031c35e29c7a702e0054f4dbb01062c0daab2a5faa49a86cd5d48d64bbee12f60ee529a00ad13a579934faff4ec12778038a3e48217fc4eb97ebe3dec9ecdfc0af3e722ed7ca0f12952c2902b0db061098d4bf14664104c440c9d07af7fbaa375274f61b04c17050a3e139dcce999071f18468139182cfe78a84c90c0428d7c75a621a6eaa69e028ce47626235ca3edbbb53e15afebebb25e18c732a820edca2f60be8c0ecd7e5a30282a0add95c6eb43b0afea34d91de7b20f4fb999d17c7fc418738f61cce38d656ce86e2d0a97f31dad0296ee63fb48e859003f88d0a27c874a47301dc0f1fd4f4e9b1bcd7806f715c751b94e182307d2d01278eb0ad2e1a48c3cac80ea5ec28b9b52f5cf6ea8b5611be5a24f91545cae2f581fd58fd47e6aa3b88b380442f21739319050ef702ffe604d7b1341013d330ad4e8d7c3cec17da298b4fcf1205e156f30642d654384d4be8b9eb4add6d9603e8fe122b9d70171d6f8ea5", 0xfffffdef}], 0x1}}], 0x1, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) 354.887426ms ago: executing program 0 (id=1883): openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000080)=ANY=[], 0x10448) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) pselect6(0x71, 0x0, &(0x7f0000000040)={0x2}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140), 0x8}) 353.799237ms ago: executing program 2 (id=1884): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000000)=@gcm_256={{0x303}, "41328ac34a4ad2ba", "e8582491a0c4050000000000f6542a9b6800000000000000003967d2daa45b4e", "61241765", "89b06aff130000fd"}, 0x38) sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@ip_retopts={{0x12, 0x0, 0x7, {[@cipso={0x86, 0x14, 0xfffffffffffffffe, [{0x2, 0xe, "722be30cfb360b015d590dbe"}]}]}}}], 0x28}, 0x8000) 309.104321ms ago: executing program 1 (id=1885): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0xbc, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {0xfff3, 0xffe0}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x8c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x2, 0x0, 0xf, 0xff, 0x0, 0x3, 0xb, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfd, 0xf4, 0x2], 0x1, [0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0xd52, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0x4000], [0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x30, 0xc, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x9}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5}]}]}]}}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r1, @ANYBLOB="00000000000000001c001a800800028004000500080000003e"], 0x44}}, 0x0) 275.728185ms ago: executing program 4 (id=1886): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8) r1 = accept(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000740)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10008044}], 0x1, 0x40081) recvmsg(r1, &(0x7f000000b680)={0x0, 0x0, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x5}], 0x1}, 0x0) 197.635502ms ago: executing program 0 (id=1887): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a2f000006"], 0x1c}}, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@updpolicy={0xb8, 0x19, 0x1, 0xffffffff, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x4, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0x0, 0x0, 0xe7}, 0x0, 0x0, 0x0, 0x1}}, 0xb8}, 0x1, 0x0, 0x0, 0x40}, 0x4000090) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) 164.005757ms ago: executing program 2 (id=1888): bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw-serpent-sse2\x00'}, 0x58) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x62) listen(r0, 0x807) close(r0) 163.548782ms ago: executing program 3 (id=1889): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x3ec0) ppoll(&(0x7f0000000600)=[{r1, 0x101}], 0x1, 0x0, 0x0, 0x0) close(r0) 163.078264ms ago: executing program 1 (id=1890): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)={0x24, r1, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}}, 0x0) syz_80211_join_ibss(&(0x7f0000000280)='wlan0\x00', &(0x7f0000000340)=@random='\r', 0x1, 0x0) 137.328519ms ago: executing program 4 (id=1891): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000140)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000018c0)={{r0}, &(0x7f0000000100), &(0x7f00000006c0)='%pB \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x0, 0xe, 0x0, &(0x7f0000000000)="40f0538ef047b21fb60068305500", 0x0, 0x1200, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 45.790401ms ago: executing program 0 (id=1892): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x18, r1, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}}, 0x0) 0s ago: executing program 2 (id=1893): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x38, r0, 0x1, 0x70bd2b, 0x0, {{0x2}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0xf4, 0x2e}}}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x38}, 0x1, 0x0, 0x0, 0xd37697ff280d3c0e}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.244' (ED25519) to the list of known hosts. [ 84.130077][ T5855] cgroup: Unknown subsys name 'net' [ 84.240604][ T5855] cgroup: Unknown subsys name 'cpuset' [ 84.250699][ T5855] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 85.938152][ T5855] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 90.345630][ T5186] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.375141][ T5874] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.397153][ T5874] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.428676][ T5884] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.436759][ T5884] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.444810][ T5884] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.453346][ T5884] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.461417][ T5874] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.499087][ T5876] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.507518][ T5878] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.513283][ T5884] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.522558][ T5874] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.524908][ T5878] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 90.531716][ T5874] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.538135][ T5878] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.549960][ T5874] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.552108][ T5886] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 90.566830][ T5878] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.568761][ T5874] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.575443][ T5886] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.582851][ T5878] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.592290][ T5886] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 90.606274][ T5886] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.618456][ T5186] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 90.641072][ T5886] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 91.309617][ T5865] chnl_net:caif_netlink_parms(): no params data found [ 91.392166][ T5872] chnl_net:caif_netlink_parms(): no params data found [ 91.494039][ T5867] chnl_net:caif_netlink_parms(): no params data found [ 91.644726][ T5879] chnl_net:caif_netlink_parms(): no params data found [ 91.694299][ T5883] chnl_net:caif_netlink_parms(): no params data found [ 91.777817][ T5872] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.785858][ T5872] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.793912][ T5872] bridge_slave_0: entered allmulticast mode [ 91.801997][ T5872] bridge_slave_0: entered promiscuous mode [ 91.811856][ T5865] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.819199][ T5865] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.826392][ T5865] bridge_slave_0: entered allmulticast mode [ 91.834500][ T5865] bridge_slave_0: entered promiscuous mode [ 91.870981][ T5872] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.878590][ T5872] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.885924][ T5872] bridge_slave_1: entered allmulticast mode [ 91.893573][ T5872] bridge_slave_1: entered promiscuous mode [ 91.901310][ T5865] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.908718][ T5865] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.916195][ T5865] bridge_slave_1: entered allmulticast mode [ 91.924187][ T5865] bridge_slave_1: entered promiscuous mode [ 92.057989][ T5867] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.065139][ T5867] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.073014][ T5867] bridge_slave_0: entered allmulticast mode [ 92.080601][ T5867] bridge_slave_0: entered promiscuous mode [ 92.103108][ T5879] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.110410][ T5879] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.118490][ T5879] bridge_slave_0: entered allmulticast mode [ 92.125860][ T5879] bridge_slave_0: entered promiscuous mode [ 92.138483][ T5872] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.151310][ T5872] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.163738][ T5865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.181317][ T5867] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.188653][ T5867] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.195890][ T5867] bridge_slave_1: entered allmulticast mode [ 92.203750][ T5867] bridge_slave_1: entered promiscuous mode [ 92.210837][ T5879] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.218691][ T5879] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.226130][ T5879] bridge_slave_1: entered allmulticast mode [ 92.234102][ T5879] bridge_slave_1: entered promiscuous mode [ 92.272597][ T5865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.358012][ T5872] team0: Port device team_slave_0 added [ 92.378729][ T5883] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.385934][ T5883] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.393606][ T5883] bridge_slave_0: entered allmulticast mode [ 92.400978][ T5883] bridge_slave_0: entered promiscuous mode [ 92.424945][ T5879] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.437642][ T5872] team0: Port device team_slave_1 added [ 92.445945][ T5879] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.474335][ T5883] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.482116][ T5883] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.490289][ T5883] bridge_slave_1: entered allmulticast mode [ 92.498045][ T5883] bridge_slave_1: entered promiscuous mode [ 92.510317][ T5867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.527823][ T5867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.584885][ T5865] team0: Port device team_slave_0 added [ 92.636266][ T5879] team0: Port device team_slave_0 added [ 92.656714][ T5865] team0: Port device team_slave_1 added [ 92.667989][ T5876] Bluetooth: hci3: command tx timeout [ 92.667989][ T5881] Bluetooth: hci1: command tx timeout [ 92.668275][ T5881] Bluetooth: hci2: command tx timeout [ 92.673972][ T5886] Bluetooth: hci0: command tx timeout [ 92.697611][ T5867] team0: Port device team_slave_0 added [ 92.706018][ T5883] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.718794][ T5879] team0: Port device team_slave_1 added [ 92.725738][ T5872] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.733270][ T5872] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.760761][ T5872] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.767015][ T5886] Bluetooth: hci4: command tx timeout [ 92.808185][ T5867] team0: Port device team_slave_1 added [ 92.822967][ T5883] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.866835][ T5872] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.873955][ T5872] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.900978][ T5872] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.912804][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.920910][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.947084][ T5865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.007250][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.014540][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.040960][ T5865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.066354][ T5883] team0: Port device team_slave_0 added [ 93.073745][ T5879] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.081512][ T5879] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.108795][ T5879] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.131788][ T5867] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.138829][ T5867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.165056][ T5867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.179400][ T5883] team0: Port device team_slave_1 added [ 93.186127][ T5867] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.193193][ T5867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.219508][ T5867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.232191][ T5879] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.239295][ T5879] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.265497][ T5879] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.367693][ T5883] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.374681][ T5883] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.400899][ T5883] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.464669][ T5883] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.471881][ T5883] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.499047][ T5883] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.523867][ T5872] hsr_slave_0: entered promiscuous mode [ 93.532547][ T5872] hsr_slave_1: entered promiscuous mode [ 93.551641][ T5865] hsr_slave_0: entered promiscuous mode [ 93.558621][ T5865] hsr_slave_1: entered promiscuous mode [ 93.565217][ T5865] debugfs: 'hsr0' already exists in 'hsr' [ 93.571596][ T5865] Cannot create hsr debugfs directory [ 93.585401][ T5879] hsr_slave_0: entered promiscuous mode [ 93.592210][ T5879] hsr_slave_1: entered promiscuous mode [ 93.598592][ T5879] debugfs: 'hsr0' already exists in 'hsr' [ 93.604346][ T5879] Cannot create hsr debugfs directory [ 93.664598][ T5867] hsr_slave_0: entered promiscuous mode [ 93.671536][ T5867] hsr_slave_1: entered promiscuous mode [ 93.678981][ T5867] debugfs: 'hsr0' already exists in 'hsr' [ 93.684740][ T5867] Cannot create hsr debugfs directory [ 93.760967][ T5883] hsr_slave_0: entered promiscuous mode [ 93.767727][ T5883] hsr_slave_1: entered promiscuous mode [ 93.773886][ T5883] debugfs: 'hsr0' already exists in 'hsr' [ 93.780109][ T5883] Cannot create hsr debugfs directory [ 94.410881][ T5879] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 94.431421][ T5879] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 94.443397][ T5879] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 94.463845][ T5879] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 94.542277][ T5865] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.559838][ T5865] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.578011][ T5865] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.605120][ T5865] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.694895][ T5872] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.712876][ T5872] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.724917][ T5872] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.736411][ T5872] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.748062][ T5186] Bluetooth: hci2: command tx timeout [ 94.748073][ T5876] Bluetooth: hci1: command tx timeout [ 94.754505][ T5886] Bluetooth: hci0: command tx timeout [ 94.759554][ T5881] Bluetooth: hci3: command tx timeout [ 94.826752][ T5881] Bluetooth: hci4: command tx timeout [ 94.882611][ T5867] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.900001][ T5867] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.911827][ T5867] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.926314][ T5867] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.960803][ T5879] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.070585][ T5883] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 95.101238][ T5879] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.110788][ T5883] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 95.125439][ T5883] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.147098][ T5883] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.175158][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.182620][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.224689][ T5865] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.251755][ T2913] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.259068][ T2913] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.374989][ T5865] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.392523][ T5879] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 95.419587][ T5872] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.443203][ T1126] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.450896][ T1126] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.488003][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.495208][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.536371][ T5872] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.602456][ T5883] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.621720][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.628969][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.654027][ T5867] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.674447][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.681660][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.731948][ T5867] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.774816][ T5883] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.790582][ T3017] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.797919][ T3017] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.853982][ T3017] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.861252][ T3017] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.877730][ T3017] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.884952][ T3017] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.897291][ T3017] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.904490][ T3017] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.032745][ T5879] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.080151][ T5867] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 96.401250][ T5865] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.574002][ T5865] veth0_vlan: entered promiscuous mode [ 96.619589][ T5865] veth1_vlan: entered promiscuous mode [ 96.745310][ T5865] veth0_macvtap: entered promiscuous mode [ 96.775810][ T5865] veth1_macvtap: entered promiscuous mode [ 96.826212][ T5872] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.835802][ T5881] Bluetooth: hci3: command tx timeout [ 96.840775][ T5186] Bluetooth: hci2: command tx timeout [ 96.842924][ T5881] Bluetooth: hci0: command tx timeout [ 96.847750][ T5886] Bluetooth: hci1: command tx timeout [ 96.876349][ T5883] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.896364][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.909575][ T5886] Bluetooth: hci4: command tx timeout [ 96.921914][ T5867] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.938229][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.967936][ T1126] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.978052][ T36] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.008098][ T36] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.019177][ T36] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.112802][ T5872] veth0_vlan: entered promiscuous mode [ 97.168880][ T5879] veth0_vlan: entered promiscuous mode [ 97.176166][ T5867] veth0_vlan: entered promiscuous mode [ 97.216474][ T5872] veth1_vlan: entered promiscuous mode [ 97.229694][ T1211] cfg80211: failed to load regulatory.db [ 97.238638][ T5883] veth0_vlan: entered promiscuous mode [ 97.251758][ T5867] veth1_vlan: entered promiscuous mode [ 97.269284][ T5879] veth1_vlan: entered promiscuous mode [ 97.284511][ T3017] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.300318][ T3017] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.330892][ T5883] veth1_vlan: entered promiscuous mode [ 97.400776][ T3017] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.402656][ T5872] veth0_macvtap: entered promiscuous mode [ 97.415459][ T3017] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.422921][ T5867] veth0_macvtap: entered promiscuous mode [ 97.449583][ T5867] veth1_macvtap: entered promiscuous mode [ 97.471876][ T5872] veth1_macvtap: entered promiscuous mode [ 97.483242][ T5883] veth0_macvtap: entered promiscuous mode [ 97.512702][ T5883] veth1_macvtap: entered promiscuous mode [ 97.536015][ T5865] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 97.558510][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.574935][ T5867] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.595437][ T5879] veth0_macvtap: entered promiscuous mode [ 97.607875][ T5872] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.630338][ T5879] veth1_macvtap: entered promiscuous mode [ 97.693533][ T5867] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.716139][ T36] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.725944][ T36] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.754013][ T36] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.765667][ T36] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.804629][ T5879] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.814251][ T61] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.827994][ T61] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.863987][ T5883] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.881062][ T61] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.897390][ T5879] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.921394][ T5883] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.954093][ T61] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.985931][ T3017] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.999967][ T3017] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.091846][ T3017] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.105457][ T3017] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.139835][ T3017] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.163857][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.172149][ T3017] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.181209][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.184627][ T3017] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.199333][ T3017] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.259856][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.273419][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.413673][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.437225][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.509975][ T2913] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.531980][ T2913] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.594993][ T2913] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.610738][ T2913] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.715523][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.752074][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.907244][ T5886] Bluetooth: hci1: command tx timeout [ 98.912843][ T5186] Bluetooth: hci2: command tx timeout [ 98.912866][ T5876] Bluetooth: hci0: command tx timeout [ 98.918906][ T5886] Bluetooth: hci3: command tx timeout [ 98.958593][ T6009] Zero length message leads to an empty skb [ 98.967314][ T1126] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.987290][ T5886] Bluetooth: hci4: command tx timeout [ 98.996083][ T1126] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.065176][ T2913] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.109994][ T2913] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.135771][ T6016] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 99.551591][ T6031] netlink: 4 bytes leftover after parsing attributes in process `syz.2.16'. [ 99.612501][ T6033] netlink: 8 bytes leftover after parsing attributes in process `syz.3.18'. [ 99.715624][ T6037] warning: `syz.0.20' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 99.750536][ T6036] netlink: 16186 bytes leftover after parsing attributes in process `syz.4.19'. [ 99.884821][ T6043] netlink: 4 bytes leftover after parsing attributes in process `syz.3.23'. [ 100.437662][ T6065] openvswitch: netlink: Multiple metadata blocks provided [ 100.676961][ T6068] nbd0: detected capacity change from 0 to 127 [ 100.713570][ T5886] block nbd0: Receive control failed (result -32) [ 100.733774][ T6070] block nbd0: Dead connection, failed to find a fallback [ 100.800297][ T6070] block nbd0: shutting down sockets [ 100.805906][ T6070] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 100.853185][ T6070] Buffer I/O error on dev nbd0, logical block 0, async page read [ 100.897568][ T6070] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 100.932905][ T6070] Buffer I/O error on dev nbd0, logical block 1, async page read [ 100.966826][ T6070] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 101.014194][ T6070] Buffer I/O error on dev nbd0, logical block 2, async page read [ 101.040110][ T6089] Bluetooth: MGMT ver 1.23 [ 101.047895][ T6070] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 101.104711][ T6070] Buffer I/O error on dev nbd0, logical block 3, async page read [ 101.136914][ T6070] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 101.164518][ T6070] Buffer I/O error on dev nbd0, logical block 0, async page read [ 101.190552][ T6070] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 101.243317][ T6070] Buffer I/O error on dev nbd0, logical block 1, async page read [ 101.268167][ T6070] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 101.326960][ T6070] Buffer I/O error on dev nbd0, logical block 2, async page read [ 101.334951][ T6070] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 101.366484][ T6070] Buffer I/O error on dev nbd0, logical block 3, async page read [ 101.395208][ T6070] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 101.436771][ T6070] Buffer I/O error on dev nbd0, logical block 0, async page read [ 101.476769][ T6070] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 101.529561][ T6070] Buffer I/O error on dev nbd0, logical block 1, async page read [ 101.553949][ T6070] ldm_validate_partition_table(): Disk read failed. [ 101.592699][ T6070] Dev nbd0: unable to read RDB block 0 [ 101.640910][ T6070] nbd0: unable to read partition table [ 101.704848][ T6070] ldm_validate_partition_table(): Disk read failed. [ 101.763916][ T6070] Dev nbd0: unable to read RDB block 0 [ 101.791134][ T6070] nbd0: unable to read partition table [ 101.899417][ T6121] blkio.reset_stats is deprecated [ 101.922437][ T6123] netlink: 20 bytes leftover after parsing attributes in process `syz.2.60'. [ 102.121278][ T6129] netlink: 12 bytes leftover after parsing attributes in process `syz.4.63'. [ 102.451732][ T6143] netlink: 'syz.1.69': attribute type 1 has an invalid length. [ 102.485232][ T6143] netlink: 'syz.1.69': attribute type 10 has an invalid length. [ 102.513673][ T6143] netlink: 236 bytes leftover after parsing attributes in process `syz.1.69'. [ 102.856301][ T6162] netlink: 4 bytes leftover after parsing attributes in process `syz.1.79'. [ 103.078419][ T6172] team0: Cannot enslave team device to itself [ 103.297159][ T6179] syz.0.87: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 103.306726][ T6181] netlink: 12 bytes leftover after parsing attributes in process `syz.4.88'. [ 103.357936][ T6181] netlink: 12 bytes leftover after parsing attributes in process `syz.4.88'. [ 103.368569][ T6179] CPU: 0 UID: 0 PID: 6179 Comm: syz.0.87 Not tainted syzkaller #0 PREEMPT(full) [ 103.368597][ T6179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 103.368617][ T6179] Call Trace: [ 103.368626][ T6179] [ 103.368635][ T6179] dump_stack_lvl+0x189/0x250 [ 103.368673][ T6179] ? __pfx_dump_stack_lvl+0x10/0x10 [ 103.368698][ T6179] ? __pfx__printk+0x10/0x10 [ 103.368727][ T6179] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 103.368753][ T6179] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 103.368780][ T6179] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 103.368808][ T6179] warn_alloc+0x214/0x310 [ 103.368841][ T6179] ? stack_depot_save_flags+0x41b/0x860 [ 103.368876][ T6179] ? __pfx_warn_alloc+0x10/0x10 [ 103.368910][ T6179] ? kasan_save_track+0x4f/0x80 [ 103.368935][ T6179] ? xskq_create+0x56/0x170 [ 103.368954][ T6179] ? xsk_init_queue+0xb0/0x110 [ 103.368969][ T6179] ? xsk_setsockopt+0x4dc/0x8d0 [ 103.368998][ T6179] ? do_sock_setsockopt+0x17c/0x1b0 [ 103.369020][ T6179] ? __x64_sys_setsockopt+0x13f/0x1b0 [ 103.369042][ T6179] ? do_syscall_64+0xfa/0x3b0 [ 103.369063][ T6179] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.369093][ T6179] __vmalloc_node_range_noprof+0x125/0x12f0 [ 103.369157][ T6179] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 103.369195][ T6179] ? __kasan_kmalloc+0x93/0xb0 [ 103.369226][ T6179] vmalloc_user_noprof+0xad/0xf0 [ 103.369257][ T6179] ? xskq_create+0xbf/0x170 [ 103.369277][ T6179] xskq_create+0xbf/0x170 [ 103.369299][ T6179] xsk_init_queue+0xb0/0x110 [ 103.369322][ T6179] xsk_setsockopt+0x4dc/0x8d0 [ 103.369358][ T6179] ? __pfx_xsk_setsockopt+0x10/0x10 [ 103.369389][ T6179] ? __pfx_aa_sk_perm+0x10/0x10 [ 103.369425][ T6179] ? aa_sock_opt_perm+0xff/0x1b0 [ 103.369449][ T6179] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 103.369472][ T6179] ? __pfx_xsk_setsockopt+0x10/0x10 [ 103.369504][ T6179] do_sock_setsockopt+0x17c/0x1b0 [ 103.369535][ T6179] __x64_sys_setsockopt+0x13f/0x1b0 [ 103.369579][ T6179] do_syscall_64+0xfa/0x3b0 [ 103.369601][ T6179] ? lockdep_hardirqs_on+0x9c/0x150 [ 103.369622][ T6179] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.369642][ T6179] ? clear_bhb_loop+0x60/0xb0 [ 103.369668][ T6179] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.369688][ T6179] RIP: 0033:0x7fea3878ec29 [ 103.369713][ T6179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.369731][ T6179] RSP: 002b:00007fea369f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 103.369754][ T6179] RAX: ffffffffffffffda RBX: 00007fea389d5fa0 RCX: 00007fea3878ec29 [ 103.369769][ T6179] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 103.369781][ T6179] RBP: 00007fea38811e41 R08: 0000000000000004 R09: 0000000000000000 [ 103.369794][ T6179] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 103.369806][ T6179] R13: 00007fea389d6038 R14: 00007fea389d5fa0 R15: 00007fffc22f03a8 [ 103.369840][ T6179] [ 103.371227][ T6179] Mem-Info: [ 103.693721][ T6179] active_anon:5383 inactive_anon:0 isolated_anon:0 [ 103.693721][ T6179] active_file:3080 inactive_file:39860 isolated_file:0 [ 103.693721][ T6179] unevictable:768 dirty:1474 writeback:0 [ 103.693721][ T6179] slab_reclaimable:10555 slab_unreclaimable:96365 [ 103.693721][ T6179] mapped:29083 shmem:1356 pagetables:1126 [ 103.693721][ T6179] sec_pagetables:0 bounce:0 [ 103.693721][ T6179] kernel_misc_reclaimable:0 [ 103.693721][ T6179] free:1325280 free_pcp:20810 free_cma:0 [ 103.694822][ T6184] veth0_to_team: entered promiscuous mode [ 103.748104][ T6179] Node 0 active_anon:21532kB inactive_anon:0kB active_file:12320kB inactive_file:159240kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:116332kB dirty:5884kB writeback:0kB shmem:3888kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11860kB pagetables:4376kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 103.791825][ T6184] veth0_to_team: entered allmulticast mode [ 103.856685][ T6179] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:12kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 103.912741][ T6179] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 104.020671][ T6179] lowmem_reserve[]: 0 2497 2499 2499 2499 [ 104.050756][ T6179] Node 0 DMA32 free:1403152kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:21688kB inactive_anon:0kB active_file:12320kB inactive_file:157672kB unevictable:1536kB writepending:5880kB present:3129332kB managed:2557412kB mlocked:0kB bounce:0kB free_pcp:64608kB local_pcp:52864kB free_cma:0kB [ 104.102584][ T6179] lowmem_reserve[]: 0 0 1 1 1 [ 104.156732][ T6179] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:4kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 104.216668][ T6179] lowmem_reserve[]: 0 0 0 0 0 [ 104.221479][ T6179] Node 1 Normal free:3881004kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:12kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:20292kB local_pcp:10528kB free_cma:0kB [ 104.348517][ T6179] lowmem_reserve[]: 0 0 0 0 0 [ 104.357337][ T6179] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 104.379743][ T6179] Node 0 DMA32: 1228*4kB (UME) 186*8kB (UM) 49*16kB (UME) 39*32kB (UME) 24*64kB (UME) 14*128kB (ME) 7*256kB (M) 6*512kB (UME) 4*1024kB (ME) 4*2048kB (UM) 338*4096kB (M) = 1413360kB [ 104.410250][ T6179] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB [ 104.439627][ T6179] Node 1 Normal: 201*4kB (UE) 51*8kB (UME) 43*16kB (UME) 66*32kB (UME) 22*64kB (UME) 6*128kB (UME) 4*256kB (UME) 4*512kB (UM) 3*1024kB (UME) 1*2048kB (E) 944*4096kB (M) = 3881004kB [ 104.458607][ T6179] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 104.474950][ T6179] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 104.486190][ T6179] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 104.497750][ T6209] netem: incorrect ge model size [ 104.502954][ T6209] netem: change failed [ 104.537018][ T6179] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 104.598973][ T6179] 44292 total pagecache pages [ 104.616561][ T6179] 0 pages in swap cache [ 104.656632][ T6179] Free swap = 124996kB [ 104.660855][ T6179] Total swap = 124996kB [ 104.665040][ T6179] 2097051 pages RAM [ 104.713833][ T6179] 0 pages HighMem/MovableOnly [ 104.724540][ T6179] 425672 pages reserved [ 104.729656][ T6179] 0 pages cma reserved [ 105.420780][ T6246] netlink: 71 bytes leftover after parsing attributes in process `syz.3.118'. [ 105.448468][ T6245] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.457398][ T6245] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.975101][ T6268] netlink: 20 bytes leftover after parsing attributes in process `syz.0.129'. [ 106.098351][ T6267] netlink: 8 bytes leftover after parsing attributes in process `syz.3.128'. [ 106.346721][ T5886] Bluetooth: hci4: command tx timeout [ 106.651833][ T6291] netlink: 'syz.4.141': attribute type 1 has an invalid length. [ 106.686739][ T6291] netlink: 172 bytes leftover after parsing attributes in process `syz.4.141'. [ 106.739353][ T6291] netlink: 'syz.4.141': attribute type 1 has an invalid length. [ 107.533159][ T6330] ip6gre1: entered allmulticast mode [ 107.751940][ T6332] raw_sendmsg: syz.4.159 forgot to set AF_INET. Fix it! [ 107.993395][ T6341] netlink: 20 bytes leftover after parsing attributes in process `syz.0.164'. [ 108.078316][ T6344] netlink: 12 bytes leftover after parsing attributes in process `syz.3.165'. [ 108.603419][ T6365] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 108.660768][ T6366] netlink: 28 bytes leftover after parsing attributes in process `syz.1.176'. [ 109.736093][ T6414] netlink: 104 bytes leftover after parsing attributes in process `syz.0.198'. [ 109.962238][ T6425] unknown channel width for channel at 909000KHz? [ 110.354689][ T6442] syz.4.211 uses obsolete (PF_INET,SOCK_PACKET) [ 110.953200][ T6469] netlink: 8 bytes leftover after parsing attributes in process `syz.3.225'. [ 110.994169][ T5873] hid-generic 0005:16C0:5505.0001: item fetching failed at offset 0/1 [ 111.047420][ T5873] hid-generic 0005:16C0:5505.0001: probe with driver hid-generic failed with error -22 [ 111.555016][ T6494] netlink: 8 bytes leftover after parsing attributes in process `syz.2.234'. [ 111.569986][ T6496] netlink: 146840 bytes leftover after parsing attributes in process `syz.0.236'. [ 111.627972][ T6500] netlink: 40 bytes leftover after parsing attributes in process `syz.1.238'. [ 112.063424][ T6520] netlink: 20 bytes leftover after parsing attributes in process `syz.1.248'. [ 112.120417][ T5186] Bluetooth: hci4: command 0x0405 tx timeout [ 112.371786][ T6531] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.253'. [ 112.676403][ T6543] netlink: 68 bytes leftover after parsing attributes in process `syz.4.259'. [ 113.021134][ T6559] netlink: 4 bytes leftover after parsing attributes in process `syz.0.267'. [ 113.383251][ T6571] netlink: 'syz.4.272': attribute type 1 has an invalid length. [ 113.421456][ T6571] netlink: 'syz.4.272': attribute type 2 has an invalid length. [ 113.429730][ T6571] netlink: 'syz.4.272': attribute type 1 has an invalid length. [ 113.439308][ T6571] netlink: 1156 bytes leftover after parsing attributes in process `syz.4.272'. [ 113.536713][ T6578] netlink: 20 bytes leftover after parsing attributes in process `syz.2.276'. [ 114.085745][ T6607] netlink: 'syz.1.290': attribute type 3 has an invalid length. [ 114.186902][ T5186] Bluetooth: hci4: command 0x0405 tx timeout [ 116.363066][ T6684] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 116.387581][ T6685] openvswitch: netlink: Multiple metadata blocks provided [ 116.795069][ T6701] veth0_to_bridge: entered promiscuous mode [ 116.816842][ T6700] veth0_to_bridge: left promiscuous mode [ 117.042377][ T6717] __nla_validate_parse: 4 callbacks suppressed [ 117.042396][ T6717] netlink: 4 bytes leftover after parsing attributes in process `syz.3.342'. [ 117.578551][ T6739] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 118.291412][ T6773] batadv0: entered promiscuous mode [ 118.315983][ T6773] bond0: entered promiscuous mode [ 118.335422][ T6773] bond_slave_0: entered promiscuous mode [ 118.349189][ T6773] bond_slave_1: entered promiscuous mode [ 118.383202][ T6773] hsr1: entered allmulticast mode [ 118.432397][ T6773] batadv0: entered allmulticast mode [ 118.452731][ T6773] bond0: entered allmulticast mode [ 118.472991][ T6773] bond_slave_0: entered allmulticast mode [ 118.504762][ T6773] bond_slave_1: entered allmulticast mode [ 118.514188][ T6773] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 118.538589][ T6781] tap0: tun_chr_ioctl cmd 1074025677 [ 118.557361][ T6781] tap0: linktype set to 65534 [ 119.392345][ T6824] netlink: 12 bytes leftover after parsing attributes in process `syz.4.395'. [ 119.934453][ T6850] veth0: entered promiscuous mode [ 119.948674][ T6849] veth0: left promiscuous mode [ 120.531086][ T6875] Illegal XDP return value 4294967289 on prog (id 31) dev N/A, expect packet loss! [ 121.435678][ T6914] netlink: 'syz.0.437': attribute type 1 has an invalid length. [ 121.463574][ T6914] netlink: 140 bytes leftover after parsing attributes in process `syz.0.437'. [ 121.482585][ T6914] netlink: 'syz.0.437': attribute type 1 has an invalid length. [ 121.643130][ T6925] netlink: 8 bytes leftover after parsing attributes in process `syz.0.442'. [ 121.817857][ T6931] netlink: 56 bytes leftover after parsing attributes in process `syz.3.444'. [ 122.565370][ T6968] netlink: 'syz.4.463': attribute type 8 has an invalid length. [ 122.893309][ T6982] netlink: 64 bytes leftover after parsing attributes in process `syz.2.469'. [ 123.366912][ T7002] netlink: 'syz.3.480': attribute type 1 has an invalid length. [ 123.391198][ T7002] netlink: 172 bytes leftover after parsing attributes in process `syz.3.480'. [ 124.271324][ T7049] af_packet: tpacket_rcv: packet too big, clamped from 112 to 4294967272. macoff=96 [ 125.409707][ T7101] netlink: 'syz.2.525': attribute type 4 has an invalid length. [ 125.562615][ T7107] netlink: 16 bytes leftover after parsing attributes in process `syz.1.528'. [ 126.588256][ T2983] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 126.621525][ T2983] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 126.629906][ T5873] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 126.736821][ T1211] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 127.068826][ T7176] veth1_macvtap: left promiscuous mode [ 127.122129][ T7182] netlink: 36 bytes leftover after parsing attributes in process `syz.2.565'. [ 127.536695][ T7195] netlink: 24 bytes leftover after parsing attributes in process `syz.0.571'. [ 127.717759][ T5873] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 127.872892][ T7215] netlink: 4 bytes leftover after parsing attributes in process `syz.2.579'. [ 128.250944][ T7236] netlink: 4 bytes leftover after parsing attributes in process `syz.4.590'. [ 128.279924][ T7236] netlink: 20 bytes leftover after parsing attributes in process `syz.4.590'. [ 128.418179][ T7241] netlink: 'syz.0.591': attribute type 4 has an invalid length. [ 128.440804][ T7245] netlink: 'syz.4.594': attribute type 6 has an invalid length. [ 129.019241][ T7270] netlink: 28 bytes leftover after parsing attributes in process `syz.3.606'. [ 130.507118][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 131.402584][ T7360] netlink: 36 bytes leftover after parsing attributes in process `syz.4.645'. [ 131.420873][ T7359] netlink: 88 bytes leftover after parsing attributes in process `syz.1.646'. [ 131.432764][ T7359] netem: invalid attributes len -24 [ 131.443241][ T7359] netem: change failed [ 131.942215][ T7385] netlink: 'syz.1.653': attribute type 2 has an invalid length. [ 131.990585][ T7390] netlink: 8 bytes leftover after parsing attributes in process `syz.4.655'. [ 133.284168][ T7434] IPVS: dh: SCTP 172.20.20.187:0 - no destination available [ 133.322995][ T5873] IPVS: starting estimator thread 0... [ 133.453731][ T7436] IPVS: using max 26 ests per chain, 62400 per kthread [ 133.802349][ T7457] netlink: 8 bytes leftover after parsing attributes in process `syz.1.684'. [ 134.711034][ T7493] netlink: 8 bytes leftover after parsing attributes in process `syz.4.703'. [ 136.428411][ T7526] netlink: 8 bytes leftover after parsing attributes in process `syz.1.719'. [ 136.440718][ T7526] netlink: 12 bytes leftover after parsing attributes in process `syz.1.719'. [ 137.501907][ T7557] netlink: 64 bytes leftover after parsing attributes in process `syz.2.734'. [ 137.907164][ T7574] netlink: 108 bytes leftover after parsing attributes in process `syz.3.742'. [ 138.105694][ T7581] netlink: 'syz.2.746': attribute type 83 has an invalid length. [ 138.192274][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 138.205950][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.212918][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.614400][ T7302] Set syz1 is full, maxelem 65536 reached [ 139.157486][ T7622] netlink: 12 bytes leftover after parsing attributes in process `syz.0.765'. [ 139.212336][ T7622] xfrm1: entered promiscuous mode [ 139.228567][ T7622] xfrm1: entered allmulticast mode [ 139.235839][ T7628] netlink: 108 bytes leftover after parsing attributes in process `syz.1.767'. [ 139.247935][ T7629] netlink: 12 bytes leftover after parsing attributes in process `syz.0.765'. [ 139.257636][ T7628] netlink: 8 bytes leftover after parsing attributes in process `syz.1.767'. [ 139.480734][ T7639] netlink: 16 bytes leftover after parsing attributes in process `syz.0.773'. [ 140.790491][ T7706] netlink: 4 bytes leftover after parsing attributes in process `syz.2.801'. [ 140.826962][ T7706] netlink: 4 bytes leftover after parsing attributes in process `syz.2.801'. [ 141.638815][ T7760] netlink: 8 bytes leftover after parsing attributes in process `syz.3.812'. [ 142.446325][ T7780] tun0: tun_chr_ioctl cmd 1074025675 [ 142.478022][ T7780] tun0: persist disabled [ 142.565321][ T7781] erspan0: entered promiscuous mode [ 142.802271][ T7787] netlink: 8 bytes leftover after parsing attributes in process `syz.3.826'. [ 142.817590][ T7787] netlink: 'syz.3.826': attribute type 30 has an invalid length. [ 142.840242][ T7787] netlink: 4 bytes leftover after parsing attributes in process `syz.3.826'. [ 143.639268][ T7820] netlink: 'syz.4.840': attribute type 83 has an invalid length. [ 144.046894][ T7842] netlink: 'syz.2.851': attribute type 83 has an invalid length. [ 144.927023][ T7881] __nla_validate_parse: 3 callbacks suppressed [ 144.927044][ T7881] netlink: 4 bytes leftover after parsing attributes in process `syz.3.868'. [ 145.205387][ T7895] netlink: 'syz.3.878': attribute type 11 has an invalid length. [ 145.368021][ T7903] netlink: 48 bytes leftover after parsing attributes in process `syz.4.879'. [ 145.756198][ T7920] bond0: option mode: unable to set because the bond device has slaves [ 146.010445][ T7928] netlink: 12 bytes leftover after parsing attributes in process `syz.2.892'. [ 146.036253][ T7932] netlink: 'syz.1.894': attribute type 8 has an invalid length. [ 146.195060][ T7942] netlink: 64 bytes leftover after parsing attributes in process `syz.2.898'. [ 146.355582][ T7948] netlink: 'syz.2.901': attribute type 10 has an invalid length. [ 146.412820][ T7948] team0: Port device dummy0 added [ 146.823144][ T7969] veth0: entered promiscuous mode [ 146.860068][ T7968] veth0: left promiscuous mode [ 146.936678][ T7971] netlink: 8 bytes leftover after parsing attributes in process `syz.1.912'. [ 146.986215][ T7971] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 147.515610][ T7998] netlink: 8 bytes leftover after parsing attributes in process `syz.4.924'. [ 148.615611][ T8041] netlink: 'syz.4.945': attribute type 5 has an invalid length. [ 149.449524][ T8073] netlink: 8 bytes leftover after parsing attributes in process `syz.3.961'. [ 149.804365][ T8089] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.969'. [ 149.836891][ T8088] netlink: 40 bytes leftover after parsing attributes in process `syz.0.970'. [ 150.146910][ T8109] netlink: 104 bytes leftover after parsing attributes in process `syz.4.979'. [ 150.228097][ T8111] netlink: 8 bytes leftover after parsing attributes in process `syz.1.981'. [ 151.462805][ T8173] netlink: 'syz.3.1009': attribute type 4 has an invalid length. [ 151.654165][ T8187] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1017'. [ 151.970591][ T8203] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1025'. [ 152.375772][ T8223] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1032'. [ 152.906796][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 153.208347][ T8272] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.1057'. [ 153.219139][ T8273] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 153.443401][ T8286] openvswitch: netlink: IPv4 tun info is not correct [ 153.534727][ T8291] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1067'. [ 153.634284][ T8295] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 153.639041][ T8297] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1069'. [ 153.712576][ T5970] IPVS: starting estimator thread 0... [ 153.806807][ T8305] IPVS: using max 25 ests per chain, 60000 per kthread [ 154.107702][ T2983] wlan1: Trigger new scan to find an IBSS to join [ 155.087661][ T8356] syzkaller1: entered promiscuous mode [ 155.116666][ T8356] syzkaller1: entered allmulticast mode [ 155.230431][ T8360] syzkaller1: entered promiscuous mode [ 155.236242][ T8360] syzkaller1: entered allmulticast mode [ 156.572343][ T8416] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1118'. [ 157.100209][ T12] wlan1: Trigger new scan to find an IBSS to join [ 157.488981][ T8436] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1129'. [ 157.593415][ T8439] netlink: 'syz.2.1130': attribute type 12 has an invalid length. [ 157.615131][ T8439] netlink: 'syz.2.1130': attribute type 29 has an invalid length. [ 157.627249][ T8439] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1130'. [ 157.637436][ T8439] netlink: 59 bytes leftover after parsing attributes in process `syz.2.1130'. [ 159.883047][ T8522] netlink: 'syz.0.1168': attribute type 11 has an invalid length. [ 160.067142][ T8526] unknown channel width for channel at 909000KHz? [ 160.094188][ T8526] unknown channel width for channel at 909000KHz? [ 160.107064][ T7726] wlan1: Trigger new scan to find an IBSS to join [ 160.119384][ T8526] unknown channel width for channel at 909000KHz? [ 161.079692][ T3017] wlan1: Creating new IBSS network, BSSID 86:7c:e9:1a:b0:fc [ 161.262197][ T8322] Set syz1 is full, maxelem 65536 reached [ 161.372740][ T8561] Bluetooth: MGMT ver 1.23 [ 161.545678][ T8569] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.1192'. [ 161.637588][ T8571] syzkaller1: entered promiscuous mode [ 161.644778][ T8571] syzkaller1: entered allmulticast mode [ 161.740736][ T8575] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1194'. [ 161.767773][ T8575] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1194'. [ 161.774025][ T8577] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1195'. [ 161.846626][ T12] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 161.886008][ T12] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 161.903107][ T12] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 161.936306][ T12] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 162.241214][ T8598] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1204'. [ 163.273241][ T8647] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1228'. [ 165.851012][ T8743] netlink: 'syz.0.1261': attribute type 1 has an invalid length. [ 165.899434][ T8743] netlink: 'syz.0.1261': attribute type 10 has an invalid length. [ 165.946887][ T8743] netlink: 'syz.0.1261': attribute type 4 has an invalid length. [ 165.966005][ T8743] netlink: 136 bytes leftover after parsing attributes in process `syz.0.1261'. [ 166.489986][ T8780] netlink: 14560 bytes leftover after parsing attributes in process `syz.0.1277'. [ 166.600781][ T8784] macvtap1: entered promiscuous mode [ 166.606865][ T8784] macvtap1: entered allmulticast mode [ 166.613868][ T8784] bond_slave_0: entered promiscuous mode [ 166.619841][ T8784] bond_slave_1: entered promiscuous mode [ 166.646770][ T8784] bond0: entered allmulticast mode [ 166.660597][ T8784] bond_slave_0: entered allmulticast mode [ 166.672974][ T8784] bond_slave_1: entered allmulticast mode [ 166.699915][ T8784] bond0: entered promiscuous mode [ 166.721289][ T8784] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 166.739176][ T8784] team0: Device macvtap1 failed to register rx_handler [ 166.755089][ T8784] bond0: left allmulticast mode [ 166.780196][ T8784] bond_slave_0: left allmulticast mode [ 166.800235][ T8784] bond_slave_1: left allmulticast mode [ 166.811199][ T8784] bond0: left promiscuous mode [ 166.818351][ T8784] bond_slave_0: left promiscuous mode [ 166.823900][ T8784] bond_slave_1: left promiscuous mode [ 167.227913][ T8814] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1294'. [ 167.457374][ T8825] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1300'. [ 167.484466][ T8825] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1300'. [ 167.507595][ T8828] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.1302'. [ 167.827134][ T8843] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1309'. [ 168.194512][ T8867] netlink: 'syz.3.1321': attribute type 1 has an invalid length. [ 168.458533][ T8879] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1326'. [ 169.831066][ T8951] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1362'. [ 170.022720][ T8962] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1367'. [ 170.551160][ T8989] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 170.714753][ T8997] syzkaller1: entered promiscuous mode [ 170.721008][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807d81dc00: rx timeout, send abort [ 170.730959][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807d81dc00: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 170.787261][ T8997] syzkaller1: entered allmulticast mode [ 171.295708][ T9030] netlink: 'syz.1.1400': attribute type 2 has an invalid length. [ 171.816655][ T9060] netlink: 'syz.1.1413': attribute type 17 has an invalid length. [ 171.824936][ T9060] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1413'. [ 171.836670][ T9060] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1413'. [ 171.880624][ T9060] gretap0: entered promiscuous mode [ 171.892857][ T9062] netlink: 'syz.3.1414': attribute type 7 has an invalid length. [ 171.901929][ T9060] gretap0: left promiscuous mode [ 171.908662][ T9062] netlink: 'syz.3.1414': attribute type 8 has an invalid length. [ 171.938171][ T9062] gretap0: entered promiscuous mode [ 171.946166][ T9062] batadv_slave_1: entered promiscuous mode [ 171.954142][ T9062] gretap0: left promiscuous mode [ 171.962042][ T9062] batadv_slave_1: left promiscuous mode [ 171.982004][ T9064] hsr0 speed is unknown, defaulting to 1000 [ 171.996702][ T9064] hsr0 speed is unknown, defaulting to 1000 [ 172.004701][ T9064] hsr0 speed is unknown, defaulting to 1000 [ 172.023928][ T9064] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 172.064581][ T9064] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 172.110809][ T9064] hsr0 speed is unknown, defaulting to 1000 [ 172.122351][ T9069] syzkaller1: left promiscuous mode [ 172.128813][ T9069] syzkaller1: left allmulticast mode [ 172.135595][ T9064] hsr0 speed is unknown, defaulting to 1000 [ 172.150054][ T9064] hsr0 speed is unknown, defaulting to 1000 [ 172.169243][ T9064] hsr0 speed is unknown, defaulting to 1000 [ 172.184363][ T9064] hsr0 speed is unknown, defaulting to 1000 [ 172.368532][ T9078] vlan2: entered allmulticast mode [ 172.373727][ T9078] hsr0: entered allmulticast mode [ 172.413420][ T9078] hsr_slave_0: entered allmulticast mode [ 172.431513][ T9078] hsr_slave_1: entered allmulticast mode [ 172.548096][ T5994] hid (null): unknown global tag 0xe [ 172.555061][ T5994] hid (null): nested delimiters [ 172.850328][ T9103] __nla_validate_parse: 2 callbacks suppressed [ 172.850348][ T9103] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1433'. [ 172.875724][ T9103] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1433'. [ 173.045815][ T9112] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1437'. [ 173.090795][ T9112] netlink: 'syz.1.1437': attribute type 7 has an invalid length. [ 173.116931][ T9112] netlink: 'syz.1.1437': attribute type 8 has an invalid length. [ 173.136602][ T9112] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1437'. [ 173.384543][ T9129] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1445'. [ 173.730554][ T9143] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1451'. [ 173.765585][ T9143] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1451'. [ 173.817083][ T9143] netlink: 'syz.4.1451': attribute type 11 has an invalid length. [ 174.442927][ T5994] hid-generic 0005:0D45:1012.0002: unknown global tag 0xe [ 174.459669][ T5994] hid-generic 0005:0D45:1012.0002: item 0 2 1 14 parsing failed [ 174.476235][ T5994] hid-generic 0005:0D45:1012.0002: probe with driver hid-generic failed with error -22 [ 174.536835][ T9179] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 174.824402][ T9193] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1476'. [ 175.114581][ T9210] netlink: 'syz.0.1483': attribute type 12 has an invalid length. [ 175.128119][ T9210] netlink: 'syz.0.1483': attribute type 29 has an invalid length. [ 175.136124][ T9210] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1483'. [ 175.145366][ T9210] netlink: 'syz.0.1483': attribute type 2 has an invalid length. [ 175.153857][ T9210] netlink: 23 bytes leftover after parsing attributes in process `syz.0.1483'. [ 175.238558][ T9214] team0: Device gtp0 is of different type [ 175.725443][ T9240] pim6reg1: entered promiscuous mode [ 175.738794][ T9240] pim6reg1: entered allmulticast mode [ 176.509731][ T9280] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 176.530059][ T9280] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.725025][ T9280] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 176.766264][ T9280] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 176.785383][ T9294] validate_nla: 2 callbacks suppressed [ 176.785406][ T9294] netlink: 'syz.2.1522': attribute type 4 has an invalid length. [ 176.947770][ T9280] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 176.999726][ T9280] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.222174][ T9280] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 177.235114][ T9280] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 177.446126][ T9326] netlink: 'syz.2.1537': attribute type 10 has an invalid length. [ 177.506280][ T9326] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.541139][ T9326] bridge_slave_1: left allmulticast mode [ 177.551566][ T9326] bridge_slave_1: left promiscuous mode [ 177.558712][ T9326] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.581150][ T9326] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 177.600099][ T2972] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 177.656587][ T2972] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.689744][ T2972] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 177.716340][ T2972] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.768076][ T7728] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 177.780178][ T7728] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.801881][ T7728] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 177.810223][ T7728] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 178.057187][ T9356] __nla_validate_parse: 10 callbacks suppressed [ 178.057206][ T9356] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1550'. [ 179.886071][ T9400] netlink: 'syz.0.1571': attribute type 29 has an invalid length. [ 179.900186][ T9402] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1570'. [ 179.900482][ T9400] netlink: 'syz.0.1571': attribute type 29 has an invalid length. [ 179.923261][ T9400] netlink: 500 bytes leftover after parsing attributes in process `syz.0.1571'. [ 179.934167][ T9400] unsupported nla_type 58 [ 179.984046][ T9404] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1572'. [ 179.998155][ T9404] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1572'. [ 180.287163][ T9421] veth0: entered promiscuous mode [ 180.294425][ T9420] veth0: left promiscuous mode [ 180.373920][ T9423] netlink: 'syz.2.1581': attribute type 4 has an invalid length. [ 180.482418][ T9427] netlink: 'syz.2.1583': attribute type 9 has an invalid length. [ 180.506518][ T9427] netlink: 'syz.2.1583': attribute type 9 has an invalid length. [ 180.800393][ T9441] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1590'. [ 181.195062][ T9468] veth0: entered promiscuous mode [ 181.202738][ T9468] veth0: left promiscuous mode [ 181.439887][ T9482] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1609'. [ 181.466715][ T9482] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1609'. [ 181.765935][ T9497] syzkaller1: entered promiscuous mode [ 181.774171][ T9497] syzkaller1: entered allmulticast mode [ 181.904452][ T9503] syzkaller1: entered promiscuous mode [ 181.913012][ T9503] syzkaller1: entered allmulticast mode [ 182.045571][ T9507] syzkaller1: entered promiscuous mode [ 182.060186][ T9507] syzkaller1: entered allmulticast mode [ 182.377737][ T9525] netlink: 146780 bytes leftover after parsing attributes in process `syz.1.1629'. [ 182.493138][ T9532] syzkaller1: entered promiscuous mode [ 182.520501][ T9532] syzkaller1: entered allmulticast mode [ 182.816064][ T9546] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 182.926016][ T9558] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 182.986668][ C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 183.278714][ T9573] Bluetooth: MGMT ver 1.23 [ 183.299323][ T9573] Bluetooth: hci1: expected 19 bytes, got 2 bytes [ 184.588122][ T5941] IPVS: starting estimator thread 0... [ 184.588402][ T9632] tipc: Started in network mode [ 184.606684][ T9632] tipc: Node identity ac1414aa, cluster identity 4711 [ 184.615692][ T9632] tipc: Enabled bearer , priority 10 [ 184.656989][ T9637] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1684'. [ 184.696751][ T9635] IPVS: using max 28 ests per chain, 67200 per kthread [ 184.965553][ T9655] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6 [ 185.067234][ T37] wlan1: Trigger new scan to find an IBSS to join [ 185.077848][ T9662] netlink: 'syz.2.1696': attribute type 1 has an invalid length. [ 185.085825][ T9662] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1696'. [ 185.213042][ T9666] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1698'. [ 185.232606][ T9664] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 185.240081][ T5970] IPVS: starting estimator thread 0... [ 185.338179][ T9674] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1702'. [ 185.347902][ T9672] IPVS: using max 24 ests per chain, 57600 per kthread [ 185.643131][ T9692] siw: device registration error -23 [ 185.727918][ T5970] tipc: Node number set to 2886997162 [ 186.071188][ T9713] mac80211_hwsim hwsim11 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 186.224071][ T9721] veth0: entered promiscuous mode [ 186.232145][ T9719] veth0: left promiscuous mode [ 186.882281][ T9740] syzkaller1: entered promiscuous mode [ 186.890342][ T9744] sock: sock_set_timeout: `syz.0.1734' (pid 9744) tries to set negative timeout [ 186.906726][ T9740] syzkaller1: entered allmulticast mode [ 187.215836][ T9760] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 187.538903][ T9780] openvswitch: netlink: IPv4 tun info is not correct [ 187.646092][ T9784] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1754'. [ 187.724743][ T9784] gretap0: entered promiscuous mode [ 187.744701][ T9793] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1754'. [ 187.795138][ T9793] 0ªî{X¹¦: renamed from gretap0 [ 187.853077][ T9793] 0ªî{X¹¦: left promiscuous mode [ 187.865790][ T9793] 0ªî{X¹¦: entered allmulticast mode [ 187.893410][ T9793] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 188.115734][ T37] wlan1: Trigger new scan to find an IBSS to join [ 188.116827][ T2972] wlan1: Trigger new scan to find an IBSS to join [ 188.423590][ T9833] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1775'. [ 188.804577][ T9853] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1785'. [ 188.819900][ T9853] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1785'. [ 188.832619][ T9853] netlink: 50 bytes leftover after parsing attributes in process `syz.0.1785'. [ 188.980425][ T9863] bridge0: entered allmulticast mode [ 189.006012][ T9863] pim6reg: entered allmulticast mode [ 189.422952][ T9890] netlink: 'syz.1.1802': attribute type 10 has an invalid length. [ 189.466902][ T9890] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 189.489572][ T9890] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 189.528648][ T9890] netlink: 'syz.1.1802': attribute type 10 has an invalid length. [ 189.570492][ T9890] batadv0: entered promiscuous mode [ 189.576351][ T9890] batadv0: entered allmulticast mode [ 189.595230][ T9890] bond0: (slave batadv0): Releasing backup interface [ 189.621314][ T9890] bridge0: port 3(batadv0) entered blocking state [ 189.639851][ T9890] bridge0: port 3(batadv0) entered disabled state [ 189.933759][ T2972] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 189.945111][ T2972] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 189.993933][ T9915] __nla_validate_parse: 1 callbacks suppressed [ 189.993956][ T9915] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1815'. [ 190.501811][ T9946] sctp: [Deprecated]: syz.4.1828 (pid 9946) Use of struct sctp_assoc_value in delayed_ack socket option. [ 190.501811][ T9946] Use struct sctp_sack_info instead [ 191.069052][ T7729] wlan1: Trigger new scan to find an IBSS to join [ 191.147477][ T3017] wlan1: Trigger new scan to find an IBSS to join [ 191.266191][ T9990] netlink: 'syz.3.1845': attribute type 39 has an invalid length. [ 191.674817][T10011] netlink: 236 bytes leftover after parsing attributes in process `syz.0.1853'. [ 192.071664][ T7729] wlan1: Creating new IBSS network, BSSID ce:1a:00:d3:80:7e [ 192.466947][T10036] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 192.576381][T10037] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 193.226975][ T7729] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 193.344322][T10084] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1887'. [ 193.506667][ T7728] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 193.525531][ T7728] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 193.550554][ C0] ------------[ cut here ]------------ [ 193.556091][ C0] no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0x0 with flags 0x0 [ 193.567334][ C0] WARNING: CPU: 0 PID: 10089 at net/mac80211/rate.c:403 __rate_control_send_low+0x5df/0x820 [ 193.577533][ C0] Modules linked in: [ 193.581668][ C0] CPU: 0 UID: 0 PID: 10089 Comm: syz.4.1891 Not tainted syzkaller #0 PREEMPT(full) [ 193.591130][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 193.601289][ C0] RIP: 0010:__rate_control_send_low+0x5df/0x820 [ 193.607897][ C0] Code: 38 0f b6 04 28 84 c0 0f 85 d7 01 00 00 41 8b 0f 48 c7 c7 a0 91 b0 8c 48 8b 74 24 18 44 8b 44 24 2c 45 89 e9 e8 72 8a 92 f6 90 <0f> 0b 90 90 e9 73 fe ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c [ 193.627879][ C0] RSP: 0018:ffffc90000007758 EFLAGS: 00010246 [ 193.634130][ C0] RAX: 8b11c5ded33b2000 RBX: 000000000000000c RCX: ffff888024e1da00 [ 193.642215][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002 [ 193.650382][ C0] RBP: dffffc0000000000 R08: 0000000000000003 R09: 0000000000000004 [ 193.658542][ C0] R10: dffffc0000000000 R11: fffffbfff1bfa22c R12: ffff888031c7f8e8 [ 193.666627][ C0] R13: 0000000000000000 R14: ffff888028388e40 R15: ffff88802838b0d8 [ 193.674738][ C0] FS: 0000000000000000(0000) GS:ffff888125c13000(0000) knlGS:0000000000000000 [ 193.683751][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 193.690776][ C0] CR2: 00007f6be2ac4f98 CR3: 000000000df36000 CR4: 00000000003526f0 [ 193.698928][ C0] Call Trace: [ 193.702254][ C0] [ 193.705204][ C0] rate_control_send_low+0x194/0x7a0 [ 193.710859][ C0] rate_control_get_rate+0x20b/0x5d0 [ 193.716219][ C0] ieee80211_beacon_get_finish+0x39a/0x6c0 [ 193.722141][ C0] ? __pfx_ieee80211_beacon_get_finish+0x10/0x10 [ 193.728663][ C0] ? __pfx___netdev_alloc_skb+0x10/0x10 [ 193.734268][ C0] ? __ieee80211_beacon_get+0xce1/0x1880 [ 193.740125][ C0] __ieee80211_beacon_get+0xd3d/0x1880 [ 193.745650][ C0] ? __ieee80211_beacon_get+0x36/0x1880 [ 193.751313][ C0] ieee80211_beacon_get_tim+0xb4/0x2b0 [ 193.756978][ C0] ? __pfx_ieee80211_beacon_get_tim+0x10/0x10 [ 193.763229][ C0] mac80211_hwsim_beacon_tx+0x3ce/0x860 [ 193.769076][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 193.776346][ C0] __iterate_interfaces+0x2ab/0x590 [ 193.781684][ C0] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 193.787960][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 193.795481][ C0] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 193.801762][ C0] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 193.808903][ C0] mac80211_hwsim_beacon+0xbb/0x1c0 [ 193.814179][ C0] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 193.820083][ C0] __hrtimer_run_queues+0x529/0xc60 [ 193.825372][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 193.831190][ C0] ? read_tsc+0x9/0x20 [ 193.835350][ C0] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 193.841361][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 193.846833][ C0] handle_softirqs+0x283/0x870 [ 193.851778][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 193.856863][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 193.862217][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 193.863118][T10106] netlink: 'syz.3.1898': attribute type 14 has an invalid length. [ 193.867633][ C0] __irq_exit_rcu+0xca/0x1f0 [ 193.867670][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 193.867700][ C0] irq_exit_rcu+0x9/0x30 [ 193.867717][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 193.867740][ C0] [ 193.867749][ C0] [ 193.867758][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 193.867782][ C0] RIP: 0010:pfn_valid+0x40a/0x490 [ 193.867815][ C0] Code: 5d e9 0a c8 4e 09 cc e8 74 39 91 ff e8 ef 52 05 ff 48 89 e0 31 ed eb 0d e8 63 39 91 ff e8 de 52 05 ff 48 89 e0 48 89 c4 eb cb 0f 1e fa 48 bf 00 00 00 00 04 00 00 00 4c 89 f6 e8 20 3e 91 ff [ 193.867832][ C0] RSP: 0018:ffffc9001ba07558 EFLAGS: 00000293 [ 193.867854][ C0] RAX: ffffffff822e7042 RBX: 8000000069dfa007 RCX: ffff888024e1da00 [ 193.867872][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000069dfa [ 193.867886][ C0] RBP: ffffc9001ba07890 R08: ffffea0001a77e87 R09: 1ffffd400034efd0 [ 193.867903][ C0] R10: dffffc0000000000 R11: fffff9400034efd1 R12: 0000000000069dfa [ 193.867918][ C0] R13: 1ffffd400034efd3 R14: 0000000000069dfa R15: 0000000000000000 [ 193.867943][ C0] ? pfn_valid+0x12/0x490 [ 193.867979][ C0] ? pfn_valid+0x12/0x490 [ 193.868012][ C0] page_table_check_clear+0x21/0x700 [ 193.868044][ C0] ? vm_normal_page+0xb7/0x210 [ 193.868071][ C0] unmap_page_range+0x3445/0x4370 [ 193.868095][ C0] ? is_bpf_text_address+0x292/0x2b0 [ 193.868194][ C0] ? __pfx_unmap_page_range+0x10/0x10 [ 193.868228][ C0] ? mas_find+0xb0e/0xd30 [ 193.868250][ C0] ? unmap_vmas+0x144/0x580 [ 193.868279][ C0] unmap_vmas+0x399/0x580 [ 193.868312][ C0] ? __pfx_unmap_vmas+0x10/0x10 [ 193.868371][ C0] exit_mmap+0x248/0xb50 [ 193.881586][T10106] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1898'. [ 193.886124][ C0] ? uprobe_clear_state+0x20f/0x290 [ 193.886165][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 193.902395][ T7729] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 193.908163][ C0] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 193.908214][ C0] ? __pfx_exit_aio+0x10/0x10 [ 193.913990][T10106] netlink: 'syz.3.1898': attribute type 14 has an invalid length. [ 193.933172][ C0] ? uprobe_clear_state+0x274/0x290 [ 193.933220][ C0] __mmput+0x118/0x430 [ 193.933248][ C0] exit_mm+0x1da/0x2c0 [ 193.933279][ C0] ? __pfx_exit_mm+0x10/0x10 [ 193.933310][ C0] ? rcu_is_watching+0x15/0xb0 [ 193.933338][ C0] do_exit+0x648/0x2300 [ 193.933382][ C0] ? preempt_schedule_common+0x83/0xd0 [ 193.933407][ C0] ? preempt_schedule+0xae/0xc0 [ 193.939897][ T7729] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 193.947667][ C0] ? __pfx_do_exit+0x10/0x10 [ 193.956117][ T7729] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 193.963626][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 193.963677][ C0] do_group_exit+0x21c/0x2d0 [ 193.963713][ C0] __x64_sys_exit_group+0x3f/0x40 [ 193.963743][ C0] x64_sys_call+0x21f7/0x2200 [ 193.963772][ C0] do_syscall_64+0xfa/0x3b0 [ 193.963800][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.963823][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 193.963847][ C0] ? clear_bhb_loop+0x60/0xb0 [ 193.963874][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.963897][ C0] RIP: 0033:0x7f17cf58ec29 [ 193.963918][ C0] Code: Unable to access opcode bytes at 0x7f17cf58ebff. [ 193.963930][ C0] RSP: 002b:00007fff6e137588 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 193.963956][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f17cf58ec29 [ 193.963973][ C0] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 193.963987][ C0] RBP: 00007fff6e1375ec R08: 000000056e13767f R09: 00000000000927c0 [ 193.964003][ C0] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000181 [ 193.964017][ C0] R13: 00000000000927c0 R14: 000000000002f2da R15: 00007fff6e137640 [ 193.964053][ C0] [ 193.964080][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 193.964097][ C0] CPU: 0 UID: 0 PID: 10089 Comm: syz.4.1891 Not tainted syzkaller #0 PREEMPT(full) [ 193.964123][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 193.964139][ C0] Call Trace: [ 193.964149][ C0] [ 193.964160][ C0] dump_stack_lvl+0x99/0x250 [ 193.964192][ C0] ? __asan_memcpy+0x40/0x70 [ 193.964222][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.964251][ C0] ? __pfx__printk+0x10/0x10 [ 193.964300][ C0] vpanic+0x281/0x750 [ 193.964328][ C0] ? __pfx__printk+0x10/0x10 [ 193.964375][ C0] ? __pfx_vpanic+0x10/0x10 [ 193.964403][ C0] ? is_bpf_text_address+0x292/0x2b0 [ 193.964454][ C0] panic+0xb9/0xc0 [ 193.964481][ C0] ? __pfx_panic+0x10/0x10 [ 193.964529][ C0] __warn+0x31b/0x4b0 [ 193.964555][ C0] ? __rate_control_send_low+0x5df/0x820 [ 193.964588][ C0] ? __rate_control_send_low+0x5df/0x820 [ 193.964616][ C0] report_bug+0x2be/0x4f0 [ 193.964640][ C0] ? __rate_control_send_low+0x5df/0x820 [ 193.964669][ C0] ? __rate_control_send_low+0x5df/0x820 [ 193.964698][ C0] ? __rate_control_send_low+0x5e1/0x820 [ 193.964726][ C0] handle_bug+0x84/0x160 [ 193.964756][ C0] exc_invalid_op+0x1a/0x50 [ 193.964786][ C0] asm_exc_invalid_op+0x1a/0x20 [ 193.964808][ C0] RIP: 0010:__rate_control_send_low+0x5df/0x820 [ 193.964837][ C0] Code: 38 0f b6 04 28 84 c0 0f 85 d7 01 00 00 41 8b 0f 48 c7 c7 a0 91 b0 8c 48 8b 74 24 18 44 8b 44 24 2c 45 89 e9 e8 72 8a 92 f6 90 <0f> 0b 90 90 e9 73 fe ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c [ 193.964856][ C0] RSP: 0018:ffffc90000007758 EFLAGS: 00010246 [ 193.964877][ C0] RAX: 8b11c5ded33b2000 RBX: 000000000000000c RCX: ffff888024e1da00 [ 193.964895][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002 [ 193.964910][ C0] RBP: dffffc0000000000 R08: 0000000000000003 R09: 0000000000000004 [ 193.964924][ C0] R10: dffffc0000000000 R11: fffffbfff1bfa22c R12: ffff888031c7f8e8 [ 193.964942][ C0] R13: 0000000000000000 R14: ffff888028388e40 R15: ffff88802838b0d8 [ 193.964981][ C0] ? __rate_control_send_low+0x5de/0x820 [ 193.965028][ C0] rate_control_send_low+0x194/0x7a0 [ 193.965064][ C0] rate_control_get_rate+0x20b/0x5d0 [ 193.965104][ C0] ieee80211_beacon_get_finish+0x39a/0x6c0 [ 193.965150][ C0] ? __pfx_ieee80211_beacon_get_finish+0x10/0x10 [ 193.965197][ C0] ? __pfx___netdev_alloc_skb+0x10/0x10 [ 193.965231][ C0] ? __ieee80211_beacon_get+0xce1/0x1880 [ 193.965268][ C0] __ieee80211_beacon_get+0xd3d/0x1880 [ 193.965302][ C0] ? __ieee80211_beacon_get+0x36/0x1880 [ 193.965348][ C0] ieee80211_beacon_get_tim+0xb4/0x2b0 [ 193.965417][ C0] ? __pfx_ieee80211_beacon_get_tim+0x10/0x10 [ 193.965465][ C0] mac80211_hwsim_beacon_tx+0x3ce/0x860 [ 193.965500][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 193.965538][ C0] __iterate_interfaces+0x2ab/0x590 [ 193.965571][ C0] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 193.965601][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 193.965635][ C0] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 193.965666][ C0] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 193.965703][ C0] mac80211_hwsim_beacon+0xbb/0x1c0 [ 193.965729][ C0] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 193.965752][ C0] __hrtimer_run_queues+0x529/0xc60 [ 193.965801][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 193.965823][ C0] ? read_tsc+0x9/0x20 [ 193.965859][ C0] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 193.965894][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 193.965925][ C0] handle_softirqs+0x283/0x870 [ 193.965954][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 193.965986][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 193.966018][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 193.966054][ C0] __irq_exit_rcu+0xca/0x1f0 [ 193.966078][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 193.966129][ C0] irq_exit_rcu+0x9/0x30 [ 193.966151][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 193.966175][ C0] [ 193.966184][ C0] [ 193.966196][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 193.966220][ C0] RIP: 0010:pfn_valid+0x40a/0x490 [ 193.966254][ C0] Code: 5d e9 0a c8 4e 09 cc e8 74 39 91 ff e8 ef 52 05 ff 48 89 e0 31 ed eb 0d e8 63 39 91 ff e8 de 52 05 ff 48 89 e0 48 89 c4 eb cb 0f 1e fa 48 bf 00 00 00 00 04 00 00 00 4c 89 f6 e8 20 3e 91 ff [ 193.966273][ C0] RSP: 0018:ffffc9001ba07558 EFLAGS: 00000293 [ 193.966293][ C0] RAX: ffffffff822e7042 RBX: 8000000069dfa007 RCX: ffff888024e1da00 [ 193.966311][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000069dfa [ 193.966325][ C0] RBP: ffffc9001ba07890 R08: ffffea0001a77e87 R09: 1ffffd400034efd0 [ 193.966344][ C0] R10: dffffc0000000000 R11: fffff9400034efd1 R12: 0000000000069dfa [ 193.966369][ C0] R13: 1ffffd400034efd3 R14: 0000000000069dfa R15: 0000000000000000 [ 193.966395][ C0] ? pfn_valid+0x12/0x490 [ 193.966435][ C0] ? pfn_valid+0x12/0x490 [ 193.966476][ C0] page_table_check_clear+0x21/0x700 [ 193.966511][ C0] ? vm_normal_page+0xb7/0x210 [ 193.966539][ C0] unmap_page_range+0x3445/0x4370 [ 193.966565][ C0] ? is_bpf_text_address+0x292/0x2b0 [ 193.966658][ C0] ? __pfx_unmap_page_range+0x10/0x10 [ 193.966692][ C0] ? mas_find+0xb0e/0xd30 [ 193.966715][ C0] ? unmap_vmas+0x144/0x580 [ 193.966745][ C0] unmap_vmas+0x399/0x580 [ 193.966782][ C0] ? __pfx_unmap_vmas+0x10/0x10 [ 193.966838][ C0] exit_mmap+0x248/0xb50 [ 193.966874][ C0] ? uprobe_clear_state+0x20f/0x290 [ 193.966906][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 193.966935][ C0] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 193.966982][ C0] ? __pfx_exit_aio+0x10/0x10 [ 193.967033][ C0] ? uprobe_clear_state+0x274/0x290 [ 193.967071][ C0] __mmput+0x118/0x430 [ 193.967098][ C0] exit_mm+0x1da/0x2c0 [ 193.967133][ C0] ? __pfx_exit_mm+0x10/0x10 [ 193.967168][ C0] ? rcu_is_watching+0x15/0xb0 [ 193.967198][ C0] do_exit+0x648/0x2300 [ 193.967237][ C0] ? preempt_schedule_common+0x83/0xd0 [ 193.967263][ C0] ? preempt_schedule+0xae/0xc0 [ 193.967285][ C0] ? __pfx_do_exit+0x10/0x10 [ 193.967325][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 193.967378][ C0] do_group_exit+0x21c/0x2d0 [ 193.967419][ C0] __x64_sys_exit_group+0x3f/0x40 [ 193.967450][ C0] x64_sys_call+0x21f7/0x2200 [ 193.967482][ C0] do_syscall_64+0xfa/0x3b0 [ 193.967510][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.967534][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 193.967559][ C0] ? clear_bhb_loop+0x60/0xb0 [ 193.967590][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.967612][ C0] RIP: 0033:0x7f17cf58ec29 [ 193.967632][ C0] Code: Unable to access opcode bytes at 0x7f17cf58ebff. [ 193.967644][ C0] RSP: 002b:00007fff6e137588 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 193.967669][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f17cf58ec29 [ 193.967684][ C0] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 193.967699][ C0] RBP: 00007fff6e1375ec R08: 000000056e13767f R09: 00000000000927c0 [ 193.967716][ C0] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000181 [ 193.967730][ C0] R13: 00000000000927c0 R14: 000000000002f2da R15: 00007fff6e137640 [ 193.967767][ C0] [ 193.972368][ C0] Kernel Offset: disabled