last executing test programs: 23.266709886s ago: executing program 1 (id=807): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_SWAP(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000006060500000000000000000000000007050001"], 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x40020) 22.989066637s ago: executing program 1 (id=812): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="20010000120013070000000000000000e0000001000000000000000000000000fc0000000000000000000000000400"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000072c42572f64a264410b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbc18c8582fc7800000000000000000000000050019000000000028001a"], 0x120}}, 0x0) 22.796069075s ago: executing program 1 (id=815): socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_tcp(0x2, 0x1, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x4a, &(0x7f00000003c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 22.593327731s ago: executing program 1 (id=820): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0) sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x7c, r2, 0x800, 0x70bd27, 0x25dfdbfd, {}, [@ETHTOOL_A_WOL_SOPASS={0x8, 0x3, "a8cca727"}, @ETHTOOL_A_WOL_SOPASS={0x46, 0x3, "34beff6ed9c963df06409aef4db8390c5eba2f0861e729a4c393e4c8b82400b299cb1734a5caa061de099c6c0da2863e75c6827276153870f0d89028e2df867b3597"}, @ETHTOOL_A_WOL_SOPASS={0x15, 0x3, "662402e21fa78d3a8038d7a1d71e14d21d"}]}, 0x7c}, 0x1, 0x0, 0x0, 0x80}, 0x4000000) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) socket$netlink(0x10, 0x3, 0xc) 22.344224365s ago: executing program 1 (id=826): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000780)=ANY=[@ANYBLOB="5000000008021100000108021100000008021100000000000000000000000000640001000006020202020202010182"], 0x2f) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=@newlink={0x2c, 0x10, 0x44b, 0x0, 0x0, {0x7a, 0x0, 0x0, 0x0, 0x2}, [@IFLA_ADDRESS={0xa, 0x1, @broadcast}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) 21.553235412s ago: executing program 1 (id=835): socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, 0x0, 0x40040) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) r0 = socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x10, 0x2, 0x0) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r4], 0x1c}}, 0x0) write$nci(r1, &(0x7f0000000240)=@NCI_OP_CORE_SET_CONFIG_RSP={0x0, 0x0, 0x2, 0x2, 0x4, {0x1, 0x2, "cd42"}}, 0x7) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[], 0x1c}}, 0x0) 20.219402755s ago: executing program 2 (id=857): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14, 0x12, 0xa01, 0x0, 0x0, {0x0, 0x0, 0x2}}, 0x14}}, 0x0) bind$inet6(r0, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x240540c7, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) 20.040094529s ago: executing program 2 (id=862): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001ac0)=ANY=[@ANYBLOB="b702000006000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2a24a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112b0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01ac69398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9877399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ef6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a8449f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b6214912a517810200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d2943e6f5f828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000056c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734837ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a6d072034cecc457776c5fa1f33b0203c072083c9cda0b7480e0b17854ffcc76176ce266bc698f7921b8afe798a7a5ed33ab0374455ee368fda99a0e681bf9426831b193395cb01a7332a50aac841cb7d48a1768a7640a9820631ba775a00000000000000000000d550c9f15fbb2324a3f37dc4ba"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0xfe, 0x60000000}, 0x50) 19.87980565s ago: executing program 2 (id=866): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x40}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x110}, 0x0) syz_extract_tcp_res(&(0x7f0000000000), 0x3, 0x7fffffff) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x40c0080) 19.178580751s ago: executing program 3 (id=875): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r1, 0x5, 0xf000000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) 18.982507785s ago: executing program 3 (id=879): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000004c0)=0x1, 0x4) writev(r0, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r1, 0x0, 0xf3a, 0x0) 18.398329338s ago: executing program 0 (id=884): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfc79, &(0x7f0000000140)=[{&(0x7f00000004c0)="d800000018009f064e81f744db4cb904021d0800fd02fe02e8fe50a10a001100250000000c600e41b0000900ac0008032500000016000b000a00ff150048035c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d31afe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffff5ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a4500000000", 0xd8}], 0x1}, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, 0x0) 18.340207648s ago: executing program 0 (id=885): setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) r0 = socket$kcm(0xa, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0) sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) (fail_nth: 3) 17.956119469s ago: executing program 0 (id=886): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c0040002500010125bd7000fbffffa343e8bb630800030047"], 0x1c}, 0x1, 0x0, 0x0, 0x4048957}, 0x28040) 17.917476483s ago: executing program 0 (id=887): r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000400)={0x18, 0x0, {0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, 'lo\x00'}}, 0x1e) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000000080)) socket$packet(0x11, 0x3, 0x300) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000040)=0x2) ioctl$PPPIOCBRIDGECHAN(r3, 0x40047435, 0x0) sendmmsg(r2, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0) 17.62401354s ago: executing program 0 (id=890): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x5, 0x3032, 0xffffffffffffffff, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_open_procfs$namespace(0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000280)={0x30, 0x2, 0x6, 0x201, 0x0, 0x0, {0xc}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x30}}, 0x0) close(r0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000100)=0x204, 0x4) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000480)={'ip6_vti0\x00', 0x0}) sendto$packet(r3, &(0x7f00000002c0)="05031600d3fc14edffff4681031c09102c28", 0x12, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r4, 0x1, 0x0, 0x6, @multicast}, 0x14) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c) listen(r2, 0x0) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) accept(r0, 0x0, 0x0) connect$inet(r5, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="ff000000000200000400010000002800018014000400000000000f00fdffffffffffac1414aa060001000a008000080006dd024e4fec83848ea0992b000800000000000066902e4aa1925d538da89d1c4d4c208b42c82d0b50f20d1bc8318cdd776b6a1e6bc9dbdfd71dd262fc350f3db222ff4fbf608a8f3461d0769e"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) unshare(0xa020480) r8 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r8, &(0x7f0000000480)={0xa, 0x4e24, 0x0, @mcast1, 0x2}, 0x1c) bind$inet6(r8, &(0x7f0000f67fe4)={0xa, 0x4e22, 0x2000000, @private1}, 0x1c) 16.91265995s ago: executing program 4 (id=895): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfc79, &(0x7f0000000140)=[{&(0x7f00000004c0)="d800000018009f064e81f744db4cb904021d0800fd02fe02e8fe50a10a001100250000000c600e41b0000900ac0008032500000016000b000a00ff150048035c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d31afe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffff5ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a4500000000", 0xd8}], 0x1}, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, 0x0) 16.813300959s ago: executing program 4 (id=896): r0 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x80, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x50, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x40, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x1c, 0x5, 0x0, 0x1, @payload={{0xc}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x5}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xa8}}, 0x0) r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000480)={0x0, 0x7, 0x8}, 0xc) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={&(0x7f0000000240)="c55af4b3da242d2e30c8a83b367530cc669506029dd84bfa4f0248fd40f92500a8f50c00423bd6f4b3e36dd1b48d7f4714de13e4", &(0x7f00000003c0)=""/142, &(0x7f0000000280)="4d904edf6fae3b52fda932cbf411222d6e65662c89e2f92d6c091ac22ddfbc3377124ce373fd0a38cf962d20b6ab9e249f33a3e5a4ca180a16e1ad19b3027f3130b106eae17073e61bff05185b42c8c99a3d8f5e4698dfa2e728be6613207788f907073679", &(0x7f00000005c0)="8a914faa90854ef9957b3fb8188deb76bf09562ef9e3051f09254a35a6a146e35af2db4e4e38acf43bbe859d9125d267dc27cbba24203e24fe36574dedb61f8a879ec076915930ec407d861c5ba8c90412f118b9ad81e2a22e07a2bc5b8b314351b087e4638558e64bb16f757d0fd67cb07797224a539e82724c6c1c152f98652279ec1b2d37a79c41037d9f872efd01949061d3b5d4e1253eb709d1af6ca1139d90573027a4b2b9555f958b38e8b3074d9338ee27a4dcf9fb9ff79ae84862199042ae0ac7e3f65889e467a89ce3a18d3e469909", 0x7fffffff, r5, 0x4}, 0x38) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) syz_emit_ethernet(0x36, &(0x7f0000000400)={@link_local={0xd}, @empty, @val={@void}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private, @empty}, {0xfffc, 0x0, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r4, 0xc020f509, &(0x7f0000000700)={r4, 0x3, 0x1, 0x1}) write$tun(r7, &(0x7f0000000740)={@val={0x0, 0x80f3}, @val={0x1, 0x0, 0x4, 0xf7cf, 0x9, 0xa1c2}, @ipv6=@udp={0x9, 0x6, "bbc1a3", 0x37e, 0x11, 0x1, @dev={0xfe, 0x80, '\x00', 0x15}, @ipv4={'\x00', '\xff\xff', @multicast2}, {[@hopopts={0x16, 0x22, '\x00', [@calipso={0x7, 0x10, {0x3, 0x2, 0x0, 0x1, [0x6]}}, @generic={0x6f, 0xfe, "123519022c63cfb2021ab416bd60a8bf3e55d5d16d62c364d3a35bc6f77ea8afa90d68c1faa5e4bb0830f0d0ada6a0bb789836d1e6c123d5c86f9a80a39311f06815795e6c726ce33f4be82244f8e5bd70de494eb7636a9edc80c03b54104676842d6363ba8835a9be65dbd1b90f307965b4266193d1ecb7982b2b67362d3b7a8534ef6869e0b2762d1205669f63f0d5feb15d602429efb99c157ac5970478b164c831361029d383b0a2998ba1fdfd203acde9a883559a79f777e5e1534544105585a2a442f2ec6ef471f55a83c75b92113e9c1506d19246f3e74c6fd940c7e85cf40ff568dd21b2967bf31f534b02b9bbdadfd2a24d2a5700b500e20849"}]}, @routing={0x3a, 0xa, 0x2, 0x0, 0x0, [@mcast2, @local, @private1={0xfc, 0x1, '\x00', 0x1}, @local, @private0]}, @srh={0x2c, 0xe, 0x4, 0x7, 0x0, 0x0, 0xfffa, [@private2={0xfc, 0x2, '\x00', 0x1}, @loopback, @remote, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @empty, @local]}, @fragment={0x2b, 0x0, 0x23, 0x0, 0x0, 0x3, 0x65}, @dstopts={0x1d, 0x3, '\x00', [@calipso={0x7, 0x18, {0x2, 0x4, 0x4, 0x8, [0x10001, 0x5]}}]}, @srh={0x2, 0xa, 0x4, 0x5, 0x68, 0x60, 0x3, [@dev={0xfe, 0x80, '\x00', 0x27}, @remote, @empty, @private0, @private2]}, @hopopts={0x2c, 0x7, '\x00', [@padn={0x1, 0x2, [0x0, 0x0]}, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x9e64}, @enc_lim={0x4, 0x1, 0x95}, @calipso={0x7, 0x20, {0x1, 0x6, 0x6a, 0x3, [0x9, 0xc, 0x8]}}]}, @routing={0x1d, 0x6, 0x2, 0x2, 0x0, [@mcast2, @local, @empty]}, @dstopts={0x89, 0x2, '\x00', [@hao={0xc9, 0x10, @dev={0xfe, 0x80, '\x00', 0xf}}, @pad1]}, @fragment={0x3b, 0x0, 0xf, 0x0, 0x0, 0x9, 0x66}], {0x4e20, 0x4e20, 0x66, 0x0, @opaque="58be3df297a24134d9a2bb82a24ea0691c56a665e451432d6ff535c6344157931d044431d36c6041cc0f6bef9d66453e308feedc7d16c47c37ea1a3a53f16f0a1f14b982f7414509dfedade35acbc7fc522b5751d87351dd74f5ed560729"}}}}, 0x3b4) sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000b00)=ANY=[@ANYBLOB="f0000000", @ANYRES16=r2, @ANYBLOB="090090c50b496cfe0886f232f47281788dd58a3d19f7ffffffffffffffcfc3673577b2f0c007884495680bd64fe865c911e9ac4f47bd2398e4683342479195124f03a35a990eb49d8382405572b94e8921ab5aeffabc4f14e2deea65a81dbed997e37b884838fe930b684739", @ANYRES32=r3, @ANYBLOB="08001400", @ANYRES32=r6, @ANYBLOB="050074000100000006001000820300000a001300960becec188200002100130086838bec046c1203c81bc8129b92a402020285b69b9b89300b92040b48000000050029000c00000005001301010000000500c200060000007400ac00150c9d7018512a991e934381edeca0983d323c6ca0dbf2af83518d4e94bd01d0fb2cc7362176120bf40ac63937cc116f642bae0ec55062e9d546d983cb9fe05b003669aa2f997129c3b966c66663aeb88e6064b358f391c9588f268116fe6688cc5f3d1e5d86ae4090d286bb94da63e6"], 0xf0}, 0x1, 0x0, 0x0, 0x24000401}, 0x4040081) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffff}, {0xffff, 0xffff}, {0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x20000000) socket(0x10, 0x3, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)) (async) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) (async) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x80, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x50, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x40, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x1c, 0x5, 0x0, 0x1, @payload={{0xc}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x5}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xa8}}, 0x0) (async) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000480)={0x0, 0x7, 0x8}, 0xc) (async) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={&(0x7f0000000240)="c55af4b3da242d2e30c8a83b367530cc669506029dd84bfa4f0248fd40f92500a8f50c00423bd6f4b3e36dd1b48d7f4714de13e4", &(0x7f00000003c0)=""/142, &(0x7f0000000280)="4d904edf6fae3b52fda932cbf411222d6e65662c89e2f92d6c091ac22ddfbc3377124ce373fd0a38cf962d20b6ab9e249f33a3e5a4ca180a16e1ad19b3027f3130b106eae17073e61bff05185b42c8c99a3d8f5e4698dfa2e728be6613207788f907073679", &(0x7f00000005c0)="8a914faa90854ef9957b3fb8188deb76bf09562ef9e3051f09254a35a6a146e35af2db4e4e38acf43bbe859d9125d267dc27cbba24203e24fe36574dedb61f8a879ec076915930ec407d861c5ba8c90412f118b9ad81e2a22e07a2bc5b8b314351b087e4638558e64bb16f757d0fd67cb07797224a539e82724c6c1c152f98652279ec1b2d37a79c41037d9f872efd01949061d3b5d4e1253eb709d1af6ca1139d90573027a4b2b9555f958b38e8b3074d9338ee27a4dcf9fb9ff79ae84862199042ae0ac7e3f65889e467a89ce3a18d3e469909", 0x7fffffff, r5, 0x4}, 0x38) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) (async) syz_emit_ethernet(0x36, &(0x7f0000000400)={@link_local={0xd}, @empty, @val={@void}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private, @empty}, {0xfffc, 0x0, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0) (async) ioctl$F2FS_IOC_MOVE_RANGE(r4, 0xc020f509, &(0x7f0000000700)={r4, 0x3, 0x1, 0x1}) (async) write$tun(r7, &(0x7f0000000740)={@val={0x0, 0x80f3}, @val={0x1, 0x0, 0x4, 0xf7cf, 0x9, 0xa1c2}, @ipv6=@udp={0x9, 0x6, "bbc1a3", 0x37e, 0x11, 0x1, @dev={0xfe, 0x80, '\x00', 0x15}, @ipv4={'\x00', '\xff\xff', @multicast2}, {[@hopopts={0x16, 0x22, '\x00', [@calipso={0x7, 0x10, {0x3, 0x2, 0x0, 0x1, [0x6]}}, @generic={0x6f, 0xfe, "123519022c63cfb2021ab416bd60a8bf3e55d5d16d62c364d3a35bc6f77ea8afa90d68c1faa5e4bb0830f0d0ada6a0bb789836d1e6c123d5c86f9a80a39311f06815795e6c726ce33f4be82244f8e5bd70de494eb7636a9edc80c03b54104676842d6363ba8835a9be65dbd1b90f307965b4266193d1ecb7982b2b67362d3b7a8534ef6869e0b2762d1205669f63f0d5feb15d602429efb99c157ac5970478b164c831361029d383b0a2998ba1fdfd203acde9a883559a79f777e5e1534544105585a2a442f2ec6ef471f55a83c75b92113e9c1506d19246f3e74c6fd940c7e85cf40ff568dd21b2967bf31f534b02b9bbdadfd2a24d2a5700b500e20849"}]}, @routing={0x3a, 0xa, 0x2, 0x0, 0x0, [@mcast2, @local, @private1={0xfc, 0x1, '\x00', 0x1}, @local, @private0]}, @srh={0x2c, 0xe, 0x4, 0x7, 0x0, 0x0, 0xfffa, [@private2={0xfc, 0x2, '\x00', 0x1}, @loopback, @remote, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @empty, @local]}, @fragment={0x2b, 0x0, 0x23, 0x0, 0x0, 0x3, 0x65}, @dstopts={0x1d, 0x3, '\x00', [@calipso={0x7, 0x18, {0x2, 0x4, 0x4, 0x8, [0x10001, 0x5]}}]}, @srh={0x2, 0xa, 0x4, 0x5, 0x68, 0x60, 0x3, [@dev={0xfe, 0x80, '\x00', 0x27}, @remote, @empty, @private0, @private2]}, @hopopts={0x2c, 0x7, '\x00', [@padn={0x1, 0x2, [0x0, 0x0]}, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x9e64}, @enc_lim={0x4, 0x1, 0x95}, @calipso={0x7, 0x20, {0x1, 0x6, 0x6a, 0x3, [0x9, 0xc, 0x8]}}]}, @routing={0x1d, 0x6, 0x2, 0x2, 0x0, [@mcast2, @local, @empty]}, @dstopts={0x89, 0x2, '\x00', [@hao={0xc9, 0x10, @dev={0xfe, 0x80, '\x00', 0xf}}, @pad1]}, @fragment={0x3b, 0x0, 0xf, 0x0, 0x0, 0x9, 0x66}], {0x4e20, 0x4e20, 0x66, 0x0, @opaque="58be3df297a24134d9a2bb82a24ea0691c56a665e451432d6ff535c6344157931d044431d36c6041cc0f6bef9d66453e308feedc7d16c47c37ea1a3a53f16f0a1f14b982f7414509dfedade35acbc7fc522b5751d87351dd74f5ed560729"}}}}, 0x3b4) (async) sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000b00)=ANY=[@ANYBLOB="f0000000", @ANYRES16=r2, @ANYBLOB="090090c50b496cfe0886f232f47281788dd58a3d19f7ffffffffffffffcfc3673577b2f0c007884495680bd64fe865c911e9ac4f47bd2398e4683342479195124f03a35a990eb49d8382405572b94e8921ab5aeffabc4f14e2deea65a81dbed997e37b884838fe930b684739", @ANYRES32=r3, @ANYBLOB="08001400", @ANYRES32=r6, @ANYBLOB="050074000100000006001000820300000a001300960becec188200002100130086838bec046c1203c81bc8129b92a402020285b69b9b89300b92040b48000000050029000c00000005001301010000000500c200060000007400ac00150c9d7018512a991e934381edeca0983d323c6ca0dbf2af83518d4e94bd01d0fb2cc7362176120bf40ac63937cc116f642bae0ec55062e9d546d983cb9fe05b003669aa2f997129c3b966c66663aeb88e6064b358f391c9588f268116fe6688cc5f3d1e5d86ae4090d286bb94da63e6"], 0xf0}, 0x1, 0x0, 0x0, 0x24000401}, 0x4040081) (async) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffff}, {0xffff, 0xffff}, {0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x20000000) (async) 16.639969019s ago: executing program 4 (id=897): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) (async) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000700), 0x100}, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) (async, rerun: 32) recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000e80), 0x100}, 0x0) (async, rerun: 32) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001400)=@newlink={0xa8, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x80, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x70, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x4}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x8, 0x15}}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x8100}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x88a8}, @IFLA_VLAN_INGRESS_QOS={0x40, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x4, 0x7}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x6b19, 0xd}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x1, 0x5}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x6, 0x8}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x0, 0x5}}]}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_AF_SPEC={0x8, 0x1a, 0x0, 0x1, [@AF_MPLS={0x4}]}]}, 0xa8}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) (async) pipe(0x0) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000740)=ANY=[@ANYBLOB="9feb0100180000000000000018004000180000000200000000000001662bc940d83aab443e2dfaed169192020000000200000000000000000026"], 0x0, 0x32}, 0x20) (async) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000002c0)="b9ff03076003008cb89e08f086dd", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) (async) r10 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) (async) sendmsg$ETHTOOL_MSG_WOL_GET(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000013c0)=ANY=[@ANYRESDEC=0x0, @ANYRES16=r1, @ANYBLOB="0100b11b700000feffff1a000000180001801400020064756d6d7930"], 0x2c}}, 0x20040040) (async, rerun: 64) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000000052db000100000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200fc00000000b3db0000f8ffffffb703000408000000b704000000000000850000000300000095000000000000003aa577e710b2bde71c2ff6197d88b8b36d463f2a092b40ccef6ea3ea79fde20a0fb2283cdc452471c38e8f8c3d1ec4a9fc6bd213ec5d22bc863ae18488a84939c1165339f7da937c99800307775364ed6f4761a7a15169138a5560ae7929c7a07f05619ec1e82bcf02045fdd58c20d349969b6b47755df2bf150d848f249a26316a54b4bf7cffc8b934a97fd6b7bf28142168cb3cafee3c74fdeb7825d3dc32cf6877f8cfd12ac45582a83db6d7b180fe3b59de3e36bcc81be4bc45e5529f5d7a9cd4c36d81cbd397e25b2db6a966b71a733a0aaf92fd87bf24d"], &(0x7f0000000dc0)='syzkaller\x00', 0xffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (rerun: 64) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r11, 0x0, 0x28, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) (async) recvmmsg(r5, &(0x7f0000001200)=[{{&(0x7f0000000180)=@phonet, 0x80, &(0x7f0000000200)=[{&(0x7f0000000340)=""/99, 0x63}, {&(0x7f0000000600)=""/114, 0x72}], 0x2}, 0x6}, {{&(0x7f0000000680)=@alg, 0x80, &(0x7f0000000a80)=[{&(0x7f0000000700)=""/57, 0x39}, {&(0x7f0000000740)}, {&(0x7f0000000780)=""/76, 0x4c}, {&(0x7f0000000800)=""/186, 0xba}, {&(0x7f00000008c0)=""/104, 0x68}, {&(0x7f0000000940)=""/173, 0xad}, {&(0x7f0000000a00)=""/91, 0x5b}], 0x7}, 0x9}, {{0x0, 0x0, &(0x7f0000000d80)=[{&(0x7f0000000b00)=""/52, 0x34}, {&(0x7f0000000b40)=""/232, 0xe8}, {&(0x7f0000000c40)=""/107, 0x6b}, {&(0x7f0000000cc0)=""/163, 0xa3}], 0x4, &(0x7f0000000dc0)}, 0x2}, {{&(0x7f0000000e00)=@generic, 0x80, &(0x7f0000000fc0)=[{&(0x7f0000000e80)=""/89, 0x59}, {&(0x7f0000000f00)=""/153, 0x99}], 0x2}, 0x7}, {{0x0, 0x0, &(0x7f0000001000)=[{&(0x7f0000001100)=""/193, 0xc1}], 0x1, &(0x7f0000001040)=""/106, 0x6a}, 0x2}], 0x5, 0x2001, &(0x7f0000001340)) (async, rerun: 32) setsockopt$sock_timeval(r2, 0x1, 0x43, &(0x7f0000001380)={0x0, 0x2710}, 0x10) (rerun: 32) 16.639100788s ago: executing program 0 (id=898): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0300002e00090027bd70000000003f04000000480311802e"], 0x35c}, 0x1, 0x0, 0x0, 0x42804}, 0x4000010) 16.530266147s ago: executing program 4 (id=899): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000640)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf20000000000000070000000f0000002d030100000000007300ffb1000000006926000000000000bf67000000000000150002000fff52004507000010000000d60600000ee60000bf0500000000000073700000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8473e2060d60bb39d0af449deaa27ea949e8f9000d885dfea2783835e29eb532ba8546fc020c196738b5f32b095f5d5b196b9e8d897e461c01c697671d1000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r1, &(0x7f00000000c0), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f00000001c0)={r1, &(0x7f0000000240), 0x0}, 0x20) (async) bpf$MAP_GET_NEXT_KEY(0x3, &(0x7f00000001c0)={r1, &(0x7f0000000240), 0x0}, 0x20) socket(0x10, 0x800, 0x0) (async) r2 = socket(0x10, 0x800, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100707070000c00028008000100", @ANYBLOB='\b'], 0x40}}, 0x0) 16.402810584s ago: executing program 4 (id=900): r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000400)={0x18, 0x0, {0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, 'lo\x00'}}, 0x1e) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000000080)) socket$packet(0x11, 0x3, 0x300) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000040)=0x2) ioctl$PPPIOCBRIDGECHAN(r3, 0x40047435, 0x0) sendmmsg(r2, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0) 16.18506508s ago: executing program 4 (id=901): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="1400000010000100f7000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc08000340000000144c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a3100000000200003801c0000800c00018006000100d10300000c000440000000000000000114000000110001"], 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="480000000d0a010800000000000000000a0000010900020073797a31000000000900010073797a31000000001c000380180000800c000180020001000d0000000800034000000001"], 0x48}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x304}, "bd88818314ff7d84", "0b3ea924c47b25d7624cd362581725c7", "000400", "d5a1d50399459b68"}, 0x28) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000080)=0x8) syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff) shutdown(0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="b4000000000b00007910000000000000db100003a00000009500740000000000079c69dc7ded5dbe11b62ac5ea9fca11027d19e93adb605feb92de3145e8ed7ac5b8902070213cdfdc646c4890cdeb50347c32060581172b94c6dd22a2b589b6cbad46ed6ef790bb41931f9a3d4dd127c1b4e49f7468f5e603950c4f67581c92ef8a7e000017d5f1110ed29d3b2aaf153bcf69bebf18262352ba68d39942c3b567e06411d8879622f74cc431dabd332c4c4702e4c3d41bfb54b574e8947309c7503c3e8ea23e12e0648aa223a1f97a9832f442e8cbeab77cdf1ebd8465593c000000000000000000000000000000ef429b14459ffd88bee4b9d894ddad0980af53202ab155f101b2fcbfb5b81b73035fd5a76985d4710fb6fbfb2a933a09dd6317e77ca962327022fb34017197ff712a35c63cdd0dec053fdbc310f29c6b8be788b559a80135bb7369351b952ade2339eddde60eb16301b0f4640be5852e1cef861b861b7b19ea03dfc83f729d02e9e73db24dd5dfb09d4b1bbbd5dd5daa4615b0845f264f229f9806862e116612ade616b1769e97549d095b0a4d02801406491d77a65fe74f8aa67391e8cb3c"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$WPAN_SECURITY_LEVEL(r2, 0x0, 0x2, 0x0, &(0x7f00000000c0)) ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0, 0x80000001, 'syz0\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0xd8, 0x0, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @bcast]}) 15.855979412s ago: executing program 3 (id=902): socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x4a, &(0x7f00000003c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 15.820619004s ago: executing program 3 (id=903): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000001800)={@val={0x8, 0x800}, @val={0x3, 0x0, 0x0, 0x0, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x1, 0x2b, 0x2f, 0x68, 0x0, 0x60, 0x67, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, "21f3305280f125e6e11a9314b296b53b5d25867c0a8c27b6478984"}}, 0x3d) 15.542047303s ago: executing program 3 (id=904): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_emit_ethernet(0xba, &(0x7f0000000080)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xac, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x24, 0x0, {0x24, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @local, @dev, {[@cipso={0x86, 0x6d, 0x0, [{0x0, 0xc, "e256b28c59881681fb52"}, {0x0, 0x9, "789607671442eb"}, {0x0, 0xe, "7434954373561de584b703c8"}, {0x0, 0x9, "e706d30bd224f8"}, {0x0, 0x7, "cfa11cab1a"}, {0x0, 0x10, "8475be675de6a70a05a0dc91e5c6"}, {0x0, 0xa, "6580a5e97612fe86"}, {0x0, 0xe, "73bc2300ad9d19a300000000"}, {0x0, 0xc, "c8f46976e79e56c7a95e"}]}, @cipso={0x86, 0xc, 0x0, [{0x0, 0x6, "7f36c525"}]}]}}}}}}}, 0x0) 15.473291217s ago: executing program 3 (id=905): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7800fdffffff4400000008000300", @ANYRES32=r2], 0x4c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 15.403015809s ago: executing program 2 (id=906): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xfc79, &(0x7f0000000140)=[{&(0x7f00000004c0)="d800000018009f064e81f744db4cb904021d0800fd02fe02e8fe50a10a001100250000000c600e41b0000900ac0008032500000016000b000a00ff150048035c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d31afe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffff5ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a4500000000", 0xd8}], 0x1}, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, 0x0) 15.342408565s ago: executing program 2 (id=907): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="68000000100001002fbd7000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="0201000000000000140003006e657464657673696d3000000000000034001680300001802c"], 0x68}}, 0x24040800) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_pressure(r1, &(0x7f0000000100)='cpu.pressure\x00', 0x2, 0x0) preadv(r2, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/58, 0x3a}], 0x1, 0x0, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0) socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)}, 0x0) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="ceaa000000000000711037000000000095"], &(0x7f0000000480)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xe}, 0x94) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$AUTOFS_IOC_EXPIRE(r0, 0x810c9365, &(0x7f0000000280)={{0xfffffeff, 0xfffffffa}, 0x100, './file0\x00'}) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000100)={0x1f, 0xffff}, 0x6) r5 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000140)={'vxcan1\x00', 0x0}) connect$can_bcm(r5, &(0x7f0000000180)={0x1d, r6}, 0x10) sendmsg$nl_generic(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0xbc, 0x42, 0x107, 0xfffffffe, 0x25dfdbfc, {0x3, 0x7c}, [@nested={0x4, 0x145}, @nested={0xa1, 0x1, 0x0, 0x1, [@generic="2c7c1454a9a72411127773771690d00facf9f93c8b02aa9c75f893ab868b53e9179102245545087857a12981bbb987b3fcfd46473efb0a2f4f5512ccdd9b90e9a7d2b68d64d844bcd2b6c24bc3f9bead7e56c1c12dcdb6cc4a9259bc004092020d66ee58fee5e4da167fa34516723287a4b74516fb8815b31ca9fcb9ccf489db54d2d8e9a73e4b1f172372f5a3ffd621b32c98e4efd88e3dcff11eb676"]}]}, 0xbc}, 0x1, 0x0, 0x0, 0xc004}, 0xc000) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r7, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a78000000060a030400000000000000000a0000010900010073797a31000000004c000480480001800b000100746172676574000038000280240003000739f2f10455afb9fdd672bad09dfb78c7699c74e891a0c700000000000000000800024000000000080001004c4f47000900020073797a32"], 0xa0}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) r8 = socket$can_bcm(0x1d, 0x2, 0x2) r9 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r9, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x15, 0x3, 'sh\x00', 0x1, 0x4, 0x6d}, 0x2c) r10 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r10, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e20, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x2000, 0x0, 0x12d5c, 0x12d5c}}, 0x44) setsockopt$IP_VS_SO_SET_FLUSH(r9, 0x0, 0x485, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f00000004c0)={'vcan0\x00'}) 15.152160323s ago: executing program 2 (id=908): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000180)={0x0, 0x363}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000240)={r1, 0xdb5d}, &(0x7f0000000280)=0x8) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000000)=@ccm_128={{0x304}, "b39625e03be22ead", "8da0640c9e8f6b81143f1a1a6d81ee2b", "3b0e7088", "19a4216dfdbf6602"}, 0x28) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000080)=@ccm_128={{0x304}, "f64e40992f79ecf0", "53c272d8b763f690b35605dff8a4a8d2", "3da2d199", "72392a24199b5903"}, 0x28) syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$IP_SET_OP_GET_FNAME(r3, 0x1, 0x53, &(0x7f00000000c0)={0x8, 0x7, 0x0, 'syz0\x00'}, &(0x7f0000000140)=0x2c) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000300)=0x59, 0x4) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000900)={0x4c, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x2e, 0x33, @action={{{}, {}, @device_b}, @sp_mp_close={0xf, 0x3, {{0x72, 0x6}, {0x75, 0x6, {0x1, 0x9, @void, @val=0x6, @void}}}}}}]}, 0x4c}}, 0x0) 6.041852948s ago: executing program 32 (id=835): socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, 0x0, 0x40040) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) r0 = socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x10, 0x2, 0x0) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2) ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r4], 0x1c}}, 0x0) write$nci(r1, &(0x7f0000000240)=@NCI_OP_CORE_SET_CONFIG_RSP={0x0, 0x0, 0x2, 0x2, 0x4, {0x1, 0x2, "cd42"}}, 0x7) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[], 0x1c}}, 0x0) 1.534065542s ago: executing program 33 (id=898): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0300002e00090027bd70000000003f04000000480311802e"], 0x35c}, 0x1, 0x0, 0x0, 0x42804}, 0x4000010) 1.035587674s ago: executing program 34 (id=901): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="1400000010000100f7000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc08000340000000144c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a3100000000200003801c0000800c00018006000100d10300000c000440000000000000000114000000110001"], 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="480000000d0a010800000000000000000a0000010900020073797a31000000000900010073797a31000000001c000380180000800c000180020001000d0000000800034000000001"], 0x48}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, &(0x7f0000000000)=@gcm_128={{0x304}, "bd88818314ff7d84", "0b3ea924c47b25d7624cd362581725c7", "000400", "d5a1d50399459b68"}, 0x28) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000080)=0x8) syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff) shutdown(0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="b4000000000b00007910000000000000db100003a00000009500740000000000079c69dc7ded5dbe11b62ac5ea9fca11027d19e93adb605feb92de3145e8ed7ac5b8902070213cdfdc646c4890cdeb50347c32060581172b94c6dd22a2b589b6cbad46ed6ef790bb41931f9a3d4dd127c1b4e49f7468f5e603950c4f67581c92ef8a7e000017d5f1110ed29d3b2aaf153bcf69bebf18262352ba68d39942c3b567e06411d8879622f74cc431dabd332c4c4702e4c3d41bfb54b574e8947309c7503c3e8ea23e12e0648aa223a1f97a9832f442e8cbeab77cdf1ebd8465593c000000000000000000000000000000ef429b14459ffd88bee4b9d894ddad0980af53202ab155f101b2fcbfb5b81b73035fd5a76985d4710fb6fbfb2a933a09dd6317e77ca962327022fb34017197ff712a35c63cdd0dec053fdbc310f29c6b8be788b559a80135bb7369351b952ade2339eddde60eb16301b0f4640be5852e1cef861b861b7b19ea03dfc83f729d02e9e73db24dd5dfb09d4b1bbbd5dd5daa4615b0845f264f229f9806862e116612ade616b1769e97549d095b0a4d02801406491d77a65fe74f8aa67391e8cb3c"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$WPAN_SECURITY_LEVEL(r2, 0x0, 0x2, 0x0, &(0x7f00000000c0)) ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0, 0x80000001, 'syz0\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0xd8, 0x0, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @bcast]}) 34.24812ms ago: executing program 35 (id=908): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000400)=0x1, 0x4) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000180)={0x0, 0x363}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000240)={r1, 0xdb5d}, &(0x7f0000000280)=0x8) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000000)=@ccm_128={{0x304}, "b39625e03be22ead", "8da0640c9e8f6b81143f1a1a6d81ee2b", "3b0e7088", "19a4216dfdbf6602"}, 0x28) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000080)=@ccm_128={{0x304}, "f64e40992f79ecf0", "53c272d8b763f690b35605dff8a4a8d2", "3da2d199", "72392a24199b5903"}, 0x28) syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$IP_SET_OP_GET_FNAME(r3, 0x1, 0x53, &(0x7f00000000c0)={0x8, 0x7, 0x0, 'syz0\x00'}, &(0x7f0000000140)=0x2c) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000300)=0x59, 0x4) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000900)={0x4c, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x2e, 0x33, @action={{{}, {}, @device_b}, @sp_mp_close={0xf, 0x3, {{0x72, 0x6}, {0x75, 0x6, {0x1, 0x9, @void, @val=0x6, @void}}}}}}]}, 0x4c}}, 0x0) 0s ago: executing program 36 (id=905): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7800fdffffff4400000008000300", @ANYRES32=r2], 0x4c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.97' (ED25519) to the list of known hosts. [ 84.350027][ T5817] cgroup: Unknown subsys name 'net' [ 84.488204][ T5817] cgroup: Unknown subsys name 'cpuset' [ 84.497474][ T5817] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.229105][ T5817] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 88.847151][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.874503][ T5833] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.882244][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.894648][ T5839] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.896774][ T5841] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.909552][ T5841] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.917344][ T5839] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.917467][ T5841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.933630][ T5841] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.934705][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.948527][ T5841] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.967168][ T5841] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.974969][ T5841] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 88.984618][ T5841] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.985524][ T5835] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.000205][ T5835] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.009272][ T5844] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.022785][ T5844] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.035451][ T5844] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.047718][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.069055][ T5151] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.078973][ T5151] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.087395][ T5151] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.096323][ T5151] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.108347][ T5151] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 89.703658][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 89.819144][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 89.990970][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 90.017333][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 90.084010][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 90.119339][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.126718][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.135260][ T5828] bridge_slave_0: entered allmulticast mode [ 90.142857][ T5828] bridge_slave_0: entered promiscuous mode [ 90.206528][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.213737][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.221634][ T5828] bridge_slave_1: entered allmulticast mode [ 90.229306][ T5828] bridge_slave_1: entered promiscuous mode [ 90.265448][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.272615][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.280923][ T5842] bridge_slave_0: entered allmulticast mode [ 90.288323][ T5842] bridge_slave_0: entered promiscuous mode [ 90.334201][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.341926][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.349369][ T5842] bridge_slave_1: entered allmulticast mode [ 90.357222][ T5842] bridge_slave_1: entered promiscuous mode [ 90.430672][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.473688][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.481161][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.488488][ T5827] bridge_slave_0: entered allmulticast mode [ 90.496375][ T5827] bridge_slave_0: entered promiscuous mode [ 90.507594][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.550634][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.560437][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.568055][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.575756][ T5827] bridge_slave_1: entered allmulticast mode [ 90.583008][ T5827] bridge_slave_1: entered promiscuous mode [ 90.627351][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.634720][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.642110][ T5837] bridge_slave_0: entered allmulticast mode [ 90.649924][ T5837] bridge_slave_0: entered promiscuous mode [ 90.660173][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.687232][ T5828] team0: Port device team_slave_0 added [ 90.696103][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.719281][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.726559][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.733742][ T5837] bridge_slave_1: entered allmulticast mode [ 90.741552][ T5837] bridge_slave_1: entered promiscuous mode [ 90.765917][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.776590][ T5828] team0: Port device team_slave_1 added [ 90.795389][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.802583][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.810161][ T5846] bridge_slave_0: entered allmulticast mode [ 90.817665][ T5846] bridge_slave_0: entered promiscuous mode [ 90.875743][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.882911][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.890431][ T5846] bridge_slave_1: entered allmulticast mode [ 90.897843][ T5846] bridge_slave_1: entered promiscuous mode [ 90.919663][ T5842] team0: Port device team_slave_0 added [ 90.941355][ T5827] team0: Port device team_slave_0 added [ 90.962867][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.974600][ T5842] team0: Port device team_slave_1 added [ 90.981476][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.989711][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.016036][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.029547][ T5827] team0: Port device team_slave_1 added [ 91.051037][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.074985][ T5151] Bluetooth: hci0: command tx timeout [ 91.082015][ T5844] Bluetooth: hci2: command tx timeout [ 91.082032][ T5839] Bluetooth: hci3: command tx timeout [ 91.082195][ T5839] Bluetooth: hci1: command tx timeout [ 91.101259][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.108292][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.134315][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.154128][ T5839] Bluetooth: hci4: command tx timeout [ 91.164112][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.221510][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.232557][ T5837] team0: Port device team_slave_0 added [ 91.239603][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.247224][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.273226][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.286877][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.294045][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.320129][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.332123][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.339354][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.365798][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.391553][ T5837] team0: Port device team_slave_1 added [ 91.419142][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.426296][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.452623][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.502865][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.510022][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.536202][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.558192][ T5846] team0: Port device team_slave_0 added [ 91.566818][ T5846] team0: Port device team_slave_1 added [ 91.592580][ T5828] hsr_slave_0: entered promiscuous mode [ 91.599950][ T5828] hsr_slave_1: entered promiscuous mode [ 91.607621][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.614659][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.640788][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.746201][ T5842] hsr_slave_0: entered promiscuous mode [ 91.753095][ T5842] hsr_slave_1: entered promiscuous mode [ 91.759646][ T5842] debugfs: 'hsr0' already exists in 'hsr' [ 91.765541][ T5842] Cannot create hsr debugfs directory [ 91.795751][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.802743][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.829262][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.873842][ T5827] hsr_slave_0: entered promiscuous mode [ 91.881429][ T5827] hsr_slave_1: entered promiscuous mode [ 91.887855][ T5827] debugfs: 'hsr0' already exists in 'hsr' [ 91.893624][ T5827] Cannot create hsr debugfs directory [ 91.900149][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.907624][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.934474][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.019787][ T5837] hsr_slave_0: entered promiscuous mode [ 92.026437][ T5837] hsr_slave_1: entered promiscuous mode [ 92.032867][ T5837] debugfs: 'hsr0' already exists in 'hsr' [ 92.044333][ T5837] Cannot create hsr debugfs directory [ 92.365614][ T5846] hsr_slave_0: entered promiscuous mode [ 92.372582][ T5846] hsr_slave_1: entered promiscuous mode [ 92.379728][ T5846] debugfs: 'hsr0' already exists in 'hsr' [ 92.385917][ T5846] Cannot create hsr debugfs directory [ 92.785895][ T5828] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.822840][ T5828] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.834978][ T5828] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.867273][ T5828] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 92.946951][ T5842] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 92.963120][ T5842] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 92.991314][ T5842] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 93.003311][ T5842] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 93.091493][ T5827] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.108674][ T5827] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.123175][ T5827] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 93.133845][ T5827] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.154545][ T5839] Bluetooth: hci1: command tx timeout [ 93.155318][ T5151] Bluetooth: hci2: command tx timeout [ 93.160029][ T5839] Bluetooth: hci3: command tx timeout [ 93.165868][ T5841] Bluetooth: hci0: command tx timeout [ 93.234625][ T5841] Bluetooth: hci4: command tx timeout [ 93.266996][ T5837] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.280084][ T5837] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.307187][ T5837] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 93.317375][ T5837] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 93.425206][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.445612][ T5846] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.456874][ T5846] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.476296][ T5846] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.489408][ T5846] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.534262][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.557849][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.595290][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.631307][ T2925] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.638652][ T2925] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.650619][ T2925] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.657816][ T2925] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.680189][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.687411][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.712883][ T2925] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.720172][ T2925] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.747766][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.831709][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.852141][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.880733][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.887907][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.897775][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.904985][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.957919][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.997239][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.004444][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.018201][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.025435][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.140736][ T5827] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 94.172124][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.263447][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.367172][ T2942] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.374591][ T2942] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.392708][ T2942] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.399956][ T2942] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.559310][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.663197][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.765584][ T5828] veth0_vlan: entered promiscuous mode [ 94.838964][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.856665][ T5828] veth1_vlan: entered promiscuous mode [ 94.934932][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.052369][ T5828] veth0_macvtap: entered promiscuous mode [ 95.087415][ T5828] veth1_macvtap: entered promiscuous mode [ 95.132983][ T5837] veth0_vlan: entered promiscuous mode [ 95.173017][ T5827] veth0_vlan: entered promiscuous mode [ 95.190245][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.206429][ T5837] veth1_vlan: entered promiscuous mode [ 95.217933][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.234735][ T5841] Bluetooth: hci3: command tx timeout [ 95.235813][ T5839] Bluetooth: hci0: command tx timeout [ 95.240197][ T5841] Bluetooth: hci2: command tx timeout [ 95.246359][ T5839] Bluetooth: hci1: command tx timeout [ 95.261390][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.285565][ T5827] veth1_vlan: entered promiscuous mode [ 95.310347][ T2942] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.319601][ T5839] Bluetooth: hci4: command tx timeout [ 95.341259][ T2942] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.361820][ T2942] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.371189][ T748] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.380500][ T5842] veth0_vlan: entered promiscuous mode [ 95.428404][ T5842] veth1_vlan: entered promiscuous mode [ 95.498274][ T5837] veth0_macvtap: entered promiscuous mode [ 95.529756][ T2942] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.545699][ T2942] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.547444][ T5827] veth0_macvtap: entered promiscuous mode [ 95.572248][ T5837] veth1_macvtap: entered promiscuous mode [ 95.590841][ T5827] veth1_macvtap: entered promiscuous mode [ 95.601109][ T5846] veth0_vlan: entered promiscuous mode [ 95.637134][ T5842] veth0_macvtap: entered promiscuous mode [ 95.661326][ T5842] veth1_macvtap: entered promiscuous mode [ 95.671422][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.679480][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.693311][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.700880][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.708179][ T5846] veth1_vlan: entered promiscuous mode [ 95.729396][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.750433][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.787120][ T5828] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 95.802774][ T2942] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.811907][ T2942] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.835357][ T2942] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.844517][ T2942] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.875468][ T2942] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.917148][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.930383][ T2942] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.941212][ T2942] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.966260][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.978767][ T2942] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.979535][ T5952] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3'. [ 96.081340][ T2942] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.097005][ T2942] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.118800][ T2942] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.131515][ T2942] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.147430][ T2942] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.156613][ T2942] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.169472][ T5846] veth0_macvtap: entered promiscuous mode [ 96.226168][ T5846] veth1_macvtap: entered promiscuous mode [ 96.255751][ T748] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.263634][ T748] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.279548][ T2925] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.288480][ T2925] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.342263][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.427676][ T748] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.438041][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.444117][ T748] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.496734][ T2942] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.511750][ T2942] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.532198][ T2925] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.574122][ T2925] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.612561][ T2925] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.660175][ T2925] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.783532][ T5960] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 96.814611][ T5958] netlink: 'syz.1.2': attribute type 1 has an invalid length. [ 96.835236][ T5962] Zero length message leads to an empty skb [ 96.843780][ T748] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.865199][ T748] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.933648][ T5958] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.273329][ T5958] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.316137][ T5839] Bluetooth: hci1: command tx timeout [ 97.324469][ T5839] Bluetooth: hci2: command tx timeout [ 97.326946][ T5844] Bluetooth: hci3: command tx timeout [ 97.335516][ T5841] Bluetooth: hci0: command tx timeout [ 97.336888][ T3100] cfg80211: failed to load regulatory.db [ 97.389856][ T5971] syz.4.5 uses obsolete (PF_INET,SOCK_PACKET) [ 97.390637][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.398366][ T5841] Bluetooth: hci4: command tx timeout [ 97.419622][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.439652][ T5971] netlink: 272 bytes leftover after parsing attributes in process `syz.4.5'. [ 97.783485][ T5979] netlink: 28 bytes leftover after parsing attributes in process `syz.3.12'. [ 97.839082][ T5958] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.888451][ T5983] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_team, syncid = 4, id = 0 [ 97.889829][ T2942] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.952525][ T2942] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.087568][ T5958] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.450092][ T5999] tipc: Started in network mode [ 98.473402][ T5999] tipc: Node identity 2e16fd253579, cluster identity 4711 [ 98.496095][ T5999] tipc: Enabled bearer , priority 0 [ 98.662746][ T5999] tipc: Disabling bearer [ 98.737704][ T6010] netlink: 8 bytes leftover after parsing attributes in process `syz.0.21'. [ 98.963451][ T6016] netlink: 36 bytes leftover after parsing attributes in process `syz.0.23'. [ 98.985622][ T6016] netlink: 16 bytes leftover after parsing attributes in process `syz.0.23'. [ 99.005207][ T6016] netlink: 36 bytes leftover after parsing attributes in process `syz.0.23'. [ 99.014883][ T6016] netlink: 36 bytes leftover after parsing attributes in process `syz.0.23'. [ 99.191387][ T6012] infiniband syz1: set active [ 99.205285][ T6012] infiniband syz1: added syz_tun [ 99.288868][ T10] IPVS: starting estimator thread 0... [ 99.296090][ T6020] IPVS: sh: TCP 172.20.20.170:0 - no destination available [ 99.353258][ T6012] RDS/IB: syz1: added [ 99.362999][ T6012] smc: adding ib device syz1 with port count 1 [ 99.369805][ T6012] smc: ib device syz1 port 1 has no pnetid [ 99.395389][ T6021] IPVS: using max 25 ests per chain, 60000 per kthread [ 99.516255][ T6024] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 99.747838][ T6029] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 99.955364][ T6031] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 99.997646][ T5914] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 100.017807][ T5914] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 100.046071][ T12] wlan1: authenticated [ 100.054055][ T6031] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 100.055379][ T12] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 100.116961][ T6031] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 100.119535][ T12] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 100.142256][ T12] wlan1: associated [ 100.169778][ T6036] warning: `syz.4.30' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 100.504260][ T6046] netlink: 60 bytes leftover after parsing attributes in process `syz.4.33'. [ 100.513655][ T6042] netlink: 60 bytes leftover after parsing attributes in process `syz.4.33'. [ 100.869430][ T6057] netlink: 'syz.2.39': attribute type 1 has an invalid length. [ 101.860007][ T6089] __nla_validate_parse: 1 callbacks suppressed [ 101.860027][ T6089] netlink: 12 bytes leftover after parsing attributes in process `syz.1.53'. [ 102.731287][ T6119] netlink: 44 bytes leftover after parsing attributes in process `syz.3.66'. [ 102.748888][ T6116] netlink: 44 bytes leftover after parsing attributes in process `syz.3.66'. [ 103.852412][ T6128] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.860887][ T6128] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.177003][ T6128] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 104.196842][ T6128] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 104.303468][ T6128] wlan1: deauthenticating from 08:02:11:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING) [ 104.345251][ T748] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.400414][ T748] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.449548][ T748] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.461454][ T748] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.481079][ T6154] Illegal XDP return value 6154 on prog (id 20) dev syz_tun, expect packet loss! [ 104.897208][ T6172] netlink: 36 bytes leftover after parsing attributes in process `syz.2.85'. [ 105.425744][ T6187] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 105.551275][ T6188] tipc: Started in network mode [ 105.571244][ T6188] tipc: Node identity 064c255432f3, cluster identity 4711 [ 105.584333][ T6188] tipc: Enabled bearer , priority 0 [ 105.626497][ T6184] tipc: Resetting bearer [ 105.860309][ T6201] netlink: 20 bytes leftover after parsing attributes in process `syz.1.96'. [ 105.935202][ T6202] netlink: 20 bytes leftover after parsing attributes in process `syz.1.96'. [ 106.679422][ T6184] tipc: Disabling bearer [ 106.724258][ T5906] tipc: Node number set to 884942164 [ 106.873065][ T6206] netlink: 12 bytes leftover after parsing attributes in process `syz.2.98'. [ 106.968019][ T6206] netlink: 8 bytes leftover after parsing attributes in process `syz.2.98'. [ 107.017290][ T6211] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 107.097201][ T6211] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 107.140930][ T6211] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 107.427099][ T6228] IPVS: sh: TCP 172.20.20.170:0 - no destination available [ 107.642646][ T6237] netlink: 4 bytes leftover after parsing attributes in process `syz.0.105'. [ 107.969818][ T6244] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 108.531651][ T6276] netlink: 'syz.2.117': attribute type 10 has an invalid length. [ 108.540871][ T6276] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.548723][ T6276] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.586540][ T6276] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.593813][ T6276] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.602054][ T6276] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.609346][ T6276] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.689119][ T6276] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 109.173744][ T6295] netlink: 8 bytes leftover after parsing attributes in process `syz.4.122'. [ 109.234615][ T6295] netlink: 8 bytes leftover after parsing attributes in process `syz.4.122'. [ 109.243504][ T6295] netlink: 8 bytes leftover after parsing attributes in process `syz.4.122'. [ 109.272674][ T6295] netlink: 8 bytes leftover after parsing attributes in process `syz.4.122'. [ 109.330632][ T6295] netlink: 8 bytes leftover after parsing attributes in process `syz.4.122'. [ 109.353750][ T6295] netlink: 8 bytes leftover after parsing attributes in process `syz.4.122'. [ 109.373007][ T6295] netlink: 8 bytes leftover after parsing attributes in process `syz.4.122'. [ 109.725940][ T6324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 111.609766][ T6398] netlink: 'syz.1.158': attribute type 10 has an invalid length. [ 111.689404][ T6398] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 111.754474][ T6398] siw: device registration error -23 [ 111.817678][ T6405] netlink: zone id is out of range [ 111.822988][ T6405] netlink: zone id is out of range [ 111.828387][ T6405] netlink: zone id is out of range [ 111.833619][ T6405] netlink: zone id is out of range [ 111.841070][ T6405] netlink: zone id is out of range [ 111.846423][ T6405] netlink: zone id is out of range [ 111.851732][ T6405] netlink: zone id is out of range [ 111.857187][ T6405] netlink: zone id is out of range [ 111.862457][ T6405] netlink: zone id is out of range [ 113.303704][ T6468] syzkaller1: entered promiscuous mode [ 113.309447][ T6468] syzkaller1: entered allmulticast mode [ 113.620944][ T6474] smc: net device hsr0 applied user defined pnetid SYZ2 [ 113.629790][ T6474] smc: net device hsr0 erased user defined pnetid SYZ2 [ 113.799269][ T6480] syzkaller1: entered promiscuous mode [ 113.819149][ T6480] syzkaller1: entered allmulticast mode [ 114.271298][ T6498] __nla_validate_parse: 49 callbacks suppressed [ 114.271317][ T6498] netlink: 12 bytes leftover after parsing attributes in process `syz.3.197'. [ 114.376107][ T6498] 8021q: adding VLAN 0 to HW filter on device bond1 [ 114.398427][ T6502] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.417165][ T6502] bond1: (slave bond0): Enslaving as an active interface with an up link [ 114.509790][ T6490] net_ratelimit: 1 callbacks suppressed [ 114.509810][ T6490] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 115.984441][ T6563] netlink: 24 bytes leftover after parsing attributes in process `syz.3.218'. [ 116.131577][ T6570] netlink: 'syz.2.217': attribute type 10 has an invalid length. [ 117.738152][ T6621] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 117.923775][ T6630] netlink: 12 bytes leftover after parsing attributes in process `syz.4.243'. [ 117.933452][ T6630] netlink: 16 bytes leftover after parsing attributes in process `syz.4.243'. [ 117.956778][ T6631] bond0: (slave rose0): Enslaving as an active interface with an up link [ 118.936821][ T5899] IPVS: starting estimator thread 0... [ 119.044613][ T6674] IPVS: using max 24 ests per chain, 57600 per kthread [ 119.430174][ T6696] netlink: 24 bytes leftover after parsing attributes in process `syz.2.270'. [ 119.627555][ T6703] batman_adv: batadv0: Adding interface: dummy0 [ 119.636411][ T6703] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 119.692530][ T6703] batman_adv: batadv0: Interface activated: dummy0 [ 119.755785][ T6706] batadv0: mtu less than device minimum [ 119.804604][ T6706] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 119.816834][ T6706] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 119.828879][ T6706] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 119.840926][ T6706] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 119.852963][ T6706] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 119.864987][ T6706] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 119.877021][ T6706] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 119.889109][ T6706] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 119.901281][ T6706] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 120.148375][ T6722] netlink: 24 bytes leftover after parsing attributes in process `syz.4.283'. [ 120.914945][ T6752] netlink: 24 bytes leftover after parsing attributes in process `syz.1.296'. [ 121.620069][ T6773] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 122.129871][ T6783] netlink: 4 bytes leftover after parsing attributes in process `syz.0.307'. [ 122.141822][ T6783] netlink: 16 bytes leftover after parsing attributes in process `syz.0.307'. [ 122.174416][ T6785] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 122.880659][ T6802] netlink: 24 bytes leftover after parsing attributes in process `syz.2.316'. [ 123.681966][ T6820] x_tables: duplicate underflow at hook 1 [ 124.216833][ T6838] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 124.479038][ T6850] netlink: 24 bytes leftover after parsing attributes in process `syz.0.329'. [ 124.580032][ T6852] netlink: 8 bytes leftover after parsing attributes in process `syz.3.330'. [ 125.056145][ T6867] batman_adv: batadv0: Adding interface: dummy0 [ 125.062475][ T6867] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 125.164567][ T6867] batman_adv: batadv0: Interface activated: dummy0 [ 125.654673][ T6887] netlink: 24 bytes leftover after parsing attributes in process `syz.0.342'. [ 126.278154][ T6916] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 126.504100][ T6926] netlink: 'syz.0.353': attribute type 4 has an invalid length. [ 126.511895][ T6926] netlink: 'syz.0.353': attribute type 1 has an invalid length. [ 126.567731][ T6926] netlink: 228 bytes leftover after parsing attributes in process `syz.0.353'. [ 126.831987][ T6934] netlink: 24 bytes leftover after parsing attributes in process `syz.0.356'. [ 127.276853][ T6948] netlink: 68 bytes leftover after parsing attributes in process `syz.3.359'. [ 127.334180][ T6952] netlink: 68 bytes leftover after parsing attributes in process `syz.3.359'. [ 127.916583][ T6978] netlink: 24 bytes leftover after parsing attributes in process `syz.1.368'. [ 128.251036][ T9] IPVS: starting estimator thread 0... [ 128.364023][ T6994] IPVS: using max 26 ests per chain, 62400 per kthread [ 128.364892][ T6998] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 128.407857][ T6993] net_ratelimit: 11 callbacks suppressed [ 128.407880][ T6993] IPVS: lc: FWM 3 0x00000003 - no destination available [ 129.243535][ T7031] tipc: Enabled bearer , priority 0 [ 129.280752][ T7031] syzkaller0: entered promiscuous mode [ 129.308819][ T7031] syzkaller0: entered allmulticast mode [ 129.375991][ T7031] tipc: Resetting bearer [ 129.417482][ T7029] tipc: Resetting bearer [ 129.476425][ T7041] netlink: 'syz.2.385': attribute type 4 has an invalid length. [ 129.508534][ T7029] tipc: Disabling bearer [ 129.516463][ T7041] netlink: 'syz.2.385': attribute type 1 has an invalid length. [ 129.550318][ T6756] Set syz1 is full, maxelem 65536 reached [ 129.594041][ T7041] netlink: 228 bytes leftover after parsing attributes in process `syz.2.385'. [ 130.407902][ T7081] netlink: 24 bytes leftover after parsing attributes in process `syz.0.397'. [ 130.588912][ T7085] netlink: 27 bytes leftover after parsing attributes in process `syz.4.399'. [ 131.029334][ T7104] netlink: 12 bytes leftover after parsing attributes in process `syz.4.402'. [ 131.473781][ T7118] netlink: 8 bytes leftover after parsing attributes in process `syz.0.407'. [ 132.023757][ T7130] netlink: 24 bytes leftover after parsing attributes in process `syz.2.411'. [ 132.680606][ T5832] IPVS: starting estimator thread 0... [ 132.797053][ T7152] IPVS: using max 26 ests per chain, 62400 per kthread [ 133.543777][ T7171] batman_adv: batadv0: Adding interface: dummy0 [ 133.550263][ T7171] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 133.595397][ T7171] batman_adv: batadv0: Interface activated: dummy0 [ 133.627986][ T7173] batadv0: mtu less than device minimum [ 133.634510][ T5844] Bluetooth: hci4: command 0x0405 tx timeout [ 133.640184][ T7182] netlink: 24 bytes leftover after parsing attributes in process `syz.2.423'. [ 133.654889][ T7173] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 133.667037][ T7173] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 133.679042][ T7173] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 133.691038][ T7173] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 133.703316][ T7173] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 133.715419][ T7173] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 133.727522][ T7173] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 133.739831][ T7173] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 133.751873][ T7173] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 135.229365][ T7204] netlink: 8 bytes leftover after parsing attributes in process `syz.4.429'. [ 135.582997][ T7214] netlink: 24 bytes leftover after parsing attributes in process `syz.0.434'. [ 135.709344][ T7218] xt_nfacct: accounting object `\$‚9ZúM#íü¾mUµ|±^cÁ\F9YⳈ«ÃÖ' does not exist [ 135.858968][ T7222] netlink: 'syz.4.438': attribute type 10 has an invalid length. [ 135.889651][ T7222] team0: Device veth1_macvtap is up. Set it down before adding it as a team port [ 136.134903][ T7232] batman_adv: batadv0: Interface deactivated: dummy0 [ 136.151631][ T7232] batman_adv: batadv0: Removing interface: dummy0 [ 137.176990][ T7264] tipc: Started in network mode [ 137.181984][ T7264] tipc: Node identity 7a84cbdefce1, cluster identity 4711 [ 137.214445][ T7264] tipc: Enabled bearer , priority 0 [ 137.243126][ T7264] syzkaller0: entered promiscuous mode [ 137.264742][ T7264] syzkaller0: entered allmulticast mode [ 137.311725][ T7264] tipc: Resetting bearer [ 137.351894][ T7262] tipc: Resetting bearer [ 137.405430][ T7262] tipc: Disabling bearer [ 137.887498][ T7281] netlink: 'syz.2.459': attribute type 10 has an invalid length. [ 137.914865][ T7281] team0: Device veth1_macvtap is up. Set it down before adding it as a team port [ 138.322691][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.332789][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.498370][ T7298] netlink: 'syz.2.466': attribute type 1 has an invalid length. [ 138.567137][ T7300] netlink: 'syz.4.467': attribute type 4 has an invalid length. [ 138.596645][ T7300] netlink: 'syz.4.467': attribute type 1 has an invalid length. [ 138.607043][ T7300] netlink: 228 bytes leftover after parsing attributes in process `syz.4.467'. [ 138.808274][ T7304] tipc: Started in network mode [ 138.813283][ T7304] tipc: Node identity 52257a5fe5c8, cluster identity 4711 [ 138.821532][ T7304] tipc: Enabled bearer , priority 0 [ 138.829830][ T7304] syzkaller0: entered promiscuous mode [ 138.835800][ T7304] syzkaller0: entered allmulticast mode [ 138.863432][ T7304] tipc: Resetting bearer [ 138.872676][ T7303] tipc: Resetting bearer [ 138.961236][ T7303] tipc: Disabling bearer [ 139.545224][ T7329] netlink: 'syz.2.479': attribute type 10 has an invalid length. [ 139.553489][ T7329] team0: Device veth1_macvtap is up. Set it down before adding it as a team port [ 139.816981][ T7087] net_ratelimit: 13 callbacks suppressed [ 139.817004][ T7087] Set syz1 is full, maxelem 65536 reached [ 140.127832][ T7343] tipc: Enabled bearer , priority 0 [ 140.156326][ T7343] syzkaller0: entered promiscuous mode [ 140.166022][ T7343] syzkaller0: entered allmulticast mode [ 140.205255][ T7343] tipc: Resetting bearer [ 140.233203][ T7342] tipc: Resetting bearer [ 140.298449][ T7342] tipc: Disabling bearer [ 140.327738][ T7352] netlink: 24 bytes leftover after parsing attributes in process `syz.4.490'. [ 140.539702][ T7363] netlink: 24 bytes leftover after parsing attributes in process `syz.0.494'. [ 140.616976][ T7361] Bluetooth: MGMT ver 1.23 [ 140.949714][ T7377] netlink: 8 bytes leftover after parsing attributes in process `syz.2.499'. [ 141.351377][ T7397] netlink: 12 bytes leftover after parsing attributes in process `syz.1.509'. [ 141.370614][ T7399] netlink: 24 bytes leftover after parsing attributes in process `syz.4.508'. [ 141.469157][ T7402] netlink: 'syz.2.511': attribute type 10 has an invalid length. [ 141.513038][ T7402] team0: Device veth1_macvtap is up. Set it down before adding it as a team port [ 141.702559][ T7405] syzkaller0: entered promiscuous mode [ 141.708259][ T7405] syzkaller0: entered allmulticast mode [ 141.769342][ T7415] netlink: 27 bytes leftover after parsing attributes in process `syz.1.515'. [ 141.789345][ T7418] netlink: 348 bytes leftover after parsing attributes in process `syz.4.514'. [ 142.904980][ T7409] netlink: 240 bytes leftover after parsing attributes in process `syz.4.514'. [ 143.036136][ T7427] batman_adv: batadv0: Adding interface: dummy0 [ 143.053232][ T7427] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 143.087404][ T7427] batman_adv: batadv0: Interface activated: dummy0 [ 143.118606][ T7431] batadv0: mtu less than device minimum [ 143.152684][ T7431] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 143.165381][ T7431] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 143.177501][ T7431] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 143.189524][ T7431] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 143.201512][ T7431] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 143.213533][ T7431] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 143.225671][ T7431] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 143.237741][ T7431] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 143.290809][ T7433] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 143.354597][ T7440] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 143.417927][ T7442] netlink: 24 bytes leftover after parsing attributes in process `syz.0.524'. [ 143.483335][ T7433] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 143.499325][ T7433] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 143.540972][ T7433] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 143.576968][ T7433] batman_adv: batadv0: Interface deactivated: dummy0 [ 143.588007][ T7433] batman_adv: batadv0: Removing interface: dummy0 [ 143.646664][ T7443] netlink: 8 bytes leftover after parsing attributes in process `syz.2.521'. [ 143.756844][ T2925] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 143.769515][ T2925] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 143.799062][ T2925] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 143.814083][ T2925] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.089066][ T7470] FAULT_INJECTION: forcing a failure. [ 144.089066][ T7470] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 144.108047][ T7470] CPU: 0 UID: 0 PID: 7470 Comm: syz.0.535 Not tainted syzkaller #0 PREEMPT(full) [ 144.108078][ T7470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 144.108099][ T7470] Call Trace: [ 144.108108][ T7470] [ 144.108118][ T7470] dump_stack_lvl+0x189/0x250 [ 144.108162][ T7470] ? __pfx____ratelimit+0x10/0x10 [ 144.108193][ T7470] ? __pfx_dump_stack_lvl+0x10/0x10 [ 144.108222][ T7470] ? __pfx__printk+0x10/0x10 [ 144.108245][ T7470] ? __might_fault+0xb0/0x130 [ 144.108289][ T7470] should_fail_ex+0x414/0x560 [ 144.108339][ T7470] _copy_from_iter+0x1de/0x1790 [ 144.108371][ T7470] ? rcu_is_watching+0x15/0xb0 [ 144.108400][ T7470] ? kmalloc_reserve+0xbd/0x290 [ 144.108422][ T7470] ? __pfx__copy_from_iter+0x10/0x10 [ 144.108448][ T7470] ? __build_skb_around+0x262/0x3f0 [ 144.108472][ T7470] ? netlink_sendmsg+0x642/0xb30 [ 144.108493][ T7470] ? skb_put+0x11b/0x210 [ 144.108517][ T7470] netlink_sendmsg+0x6b2/0xb30 [ 144.108550][ T7470] ? __pfx_netlink_sendmsg+0x10/0x10 [ 144.108576][ T7470] ? aa_sock_msg_perm+0xf1/0x1d0 [ 144.108611][ T7470] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 144.108632][ T7470] ? __pfx_netlink_sendmsg+0x10/0x10 [ 144.108654][ T7470] __sock_sendmsg+0x21c/0x270 [ 144.108688][ T7470] ____sys_sendmsg+0x505/0x830 [ 144.108718][ T7470] ? __pfx_____sys_sendmsg+0x10/0x10 [ 144.108752][ T7470] ? import_iovec+0x74/0xa0 [ 144.108783][ T7470] ___sys_sendmsg+0x21f/0x2a0 [ 144.108810][ T7470] ? __pfx____sys_sendmsg+0x10/0x10 [ 144.108873][ T7470] ? __fget_files+0x2a/0x420 [ 144.108893][ T7470] ? __fget_files+0x3a0/0x420 [ 144.108924][ T7470] __x64_sys_sendmsg+0x19b/0x260 [ 144.108952][ T7470] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 144.108992][ T7470] ? __pfx_ksys_write+0x10/0x10 [ 144.109027][ T7470] ? do_syscall_64+0xbe/0xfa0 [ 144.109063][ T7470] do_syscall_64+0xfa/0xfa0 [ 144.109093][ T7470] ? lockdep_hardirqs_on+0x9c/0x150 [ 144.109124][ T7470] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.109145][ T7470] ? clear_bhb_loop+0x60/0xb0 [ 144.109171][ T7470] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.109192][ T7470] RIP: 0033:0x7f65e6d8f749 [ 144.109219][ T7470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.109237][ T7470] RSP: 002b:00007f65e7cfc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 144.109261][ T7470] RAX: ffffffffffffffda RBX: 00007f65e6fe5fa0 RCX: 00007f65e6d8f749 [ 144.109277][ T7470] RDX: 0000000000028040 RSI: 0000200000000180 RDI: 0000000000000003 [ 144.109290][ T7470] RBP: 00007f65e7cfc090 R08: 0000000000000000 R09: 0000000000000000 [ 144.109303][ T7470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 144.109322][ T7470] R13: 00007f65e6fe6038 R14: 00007f65e6fe5fa0 R15: 00007fff52c80cd8 [ 144.109358][ T7470] [ 144.550318][ T7473] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 144.973334][ T7493] netlink: 'syz.1.544': attribute type 1 has an invalid length. [ 145.813393][ T7526] __nla_validate_parse: 6 callbacks suppressed [ 145.813414][ T7526] netlink: 8 bytes leftover after parsing attributes in process `syz.0.556'. [ 146.141672][ T7536] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 146.444727][ T7550] netlink: 8 bytes leftover after parsing attributes in process `syz.1.563'. [ 146.593461][ T7552] netlink: 'syz.3.562': attribute type 10 has an invalid length. [ 146.608499][ T7552] netlink: 40 bytes leftover after parsing attributes in process `syz.3.562'. [ 146.621499][ T7552] batadv0: entered promiscuous mode [ 146.629374][ T7552] batadv0: entered allmulticast mode [ 146.636702][ T7552] bridge0: port 3(batadv0) entered blocking state [ 146.652219][ T7552] bridge0: port 3(batadv0) entered disabled state [ 146.714494][ T7552] bridge0: port 3(batadv0) entered blocking state [ 146.721156][ T7552] bridge0: port 3(batadv0) entered forwarding state [ 146.996655][ T7575] tipc: Enabled bearer , priority 0 [ 147.025219][ T13] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 147.035492][ T7575] syzkaller0: entered promiscuous mode [ 147.041157][ T13] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 147.093897][ T7575] syzkaller0: entered allmulticast mode [ 147.139102][ T7579] tipc: Resetting bearer [ 147.179393][ T7573] tipc: Resetting bearer [ 147.256895][ T7573] tipc: Disabling bearer [ 147.267639][ T7583] sctp: [Deprecated]: syz.2.573 (pid 7583) Use of int in max_burst socket option. [ 147.267639][ T7583] Use struct sctp_assoc_value instead [ 147.322719][ T7583] netlink: 12 bytes leftover after parsing attributes in process `syz.2.573'. [ 147.700023][ T7605] netlink: 12 bytes leftover after parsing attributes in process `syz.0.581'. [ 147.901854][ T7609] netlink: 8 bytes leftover after parsing attributes in process `syz.2.583'. [ 148.144741][ T7625] tipc: Enabled bearer , priority 0 [ 148.171215][ T7625] syzkaller0: entered promiscuous mode [ 148.187238][ T7625] syzkaller0: entered allmulticast mode [ 148.215406][ T7625] tipc: Resetting bearer [ 148.248939][ T7622] tipc: Resetting bearer [ 148.277221][ T7630] FAULT_INJECTION: forcing a failure. [ 148.277221][ T7630] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 148.290712][ T7630] CPU: 1 UID: 0 PID: 7630 Comm: syz.3.590 Not tainted syzkaller #0 PREEMPT(full) [ 148.290741][ T7630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 148.290754][ T7630] Call Trace: [ 148.290762][ T7630] [ 148.290771][ T7630] dump_stack_lvl+0x189/0x250 [ 148.290803][ T7630] ? __pfx____ratelimit+0x10/0x10 [ 148.290829][ T7630] ? __pfx_dump_stack_lvl+0x10/0x10 [ 148.290857][ T7630] ? __pfx__printk+0x10/0x10 [ 148.290879][ T7630] ? __might_fault+0xb0/0x130 [ 148.290921][ T7630] should_fail_ex+0x414/0x560 [ 148.290960][ T7630] _copy_from_user+0x2d/0xb0 [ 148.290989][ T7630] ___sys_sendmsg+0x158/0x2a0 [ 148.291017][ T7630] ? __pfx____sys_sendmsg+0x10/0x10 [ 148.291082][ T7630] ? __fget_files+0x2a/0x420 [ 148.291103][ T7630] ? __fget_files+0x3a0/0x420 [ 148.291136][ T7630] __x64_sys_sendmsg+0x19b/0x260 [ 148.291164][ T7630] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 148.291199][ T7630] ? __pfx_ksys_write+0x10/0x10 [ 148.291235][ T7630] ? do_syscall_64+0xbe/0xfa0 [ 148.291272][ T7630] do_syscall_64+0xfa/0xfa0 [ 148.291303][ T7630] ? lockdep_hardirqs_on+0x9c/0x150 [ 148.291342][ T7630] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.291364][ T7630] ? clear_bhb_loop+0x60/0xb0 [ 148.291392][ T7630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.291413][ T7630] RIP: 0033:0x7f58d798f749 [ 148.291433][ T7630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.291451][ T7630] RSP: 002b:00007f58d5bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 148.291475][ T7630] RAX: ffffffffffffffda RBX: 00007f58d7be5fa0 RCX: 00007f58d798f749 [ 148.291491][ T7630] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 148.291505][ T7630] RBP: 00007f58d5bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 148.291519][ T7630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 148.291532][ T7630] R13: 00007f58d7be6038 R14: 00007f58d7be5fa0 R15: 00007ffd876930a8 [ 148.291569][ T7630] [ 148.508050][ T7622] tipc: Disabling bearer [ 149.007767][ T7649] netlink: 'syz.1.598': attribute type 64 has an invalid length. [ 149.018346][ T7649] netlink: 20 bytes leftover after parsing attributes in process `syz.1.598'. [ 149.086035][ T7649] netlink: 'syz.1.598': attribute type 64 has an invalid length. [ 149.114628][ T7649] netlink: 20 bytes leftover after parsing attributes in process `syz.1.598'. [ 149.125399][ T7651] netlink: 8 bytes leftover after parsing attributes in process `syz.1.598'. [ 149.134962][ T7649] netlink: 'syz.1.598': attribute type 64 has an invalid length. [ 149.134985][ T7649] netlink: 20 bytes leftover after parsing attributes in process `syz.1.598'. [ 149.135158][ T7649] netlink: 'syz.1.598': attribute type 64 has an invalid length. [ 149.165461][ T7649] netlink: 'syz.1.598': attribute type 64 has an invalid length. [ 149.173545][ T7649] netlink: 'syz.1.598': attribute type 64 has an invalid length. [ 149.229495][ T7649] netlink: 'syz.1.598': attribute type 64 has an invalid length. [ 149.244189][ T7649] netlink: 'syz.1.598': attribute type 64 has an invalid length. [ 149.294987][ T7649] netlink: 'syz.1.598': attribute type 64 has an invalid length. [ 149.568482][ T7663] tipc: Enabled bearer , priority 0 [ 149.605649][ T7670] syzkaller0: entered promiscuous mode [ 149.618282][ T7670] syzkaller0: entered allmulticast mode [ 149.693314][ T7663] tipc: Resetting bearer [ 149.732356][ T7662] tipc: Resetting bearer [ 149.785424][ T7662] tipc: Disabling bearer [ 150.198405][ T7694] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 150.561953][ T7712] batman_adv: batadv0: Interface deactivated: dummy0 [ 150.595485][ T7712] batman_adv: batadv0: Removing interface: dummy0 [ 151.200356][ T7744] __nla_validate_parse: 31 callbacks suppressed [ 151.200378][ T7744] netlink: 24 bytes leftover after parsing attributes in process `syz.0.637'. [ 151.537622][ T7761] netlink: 12 bytes leftover after parsing attributes in process `syz.0.644'. [ 151.955076][ T7786] validate_nla: 24 callbacks suppressed [ 151.955099][ T7786] netlink: 'syz.1.651': attribute type 10 has an invalid length. [ 151.986627][ T7786] team0: Device veth1_macvtap is up. Set it down before adding it as a team port [ 152.200294][ T7796] bond0: Error: Cannot enslave bond to itself. [ 152.329575][ T7803] netlink: 24 bytes leftover after parsing attributes in process `syz.2.659'. [ 152.467164][ T7806] netlink: 12 bytes leftover after parsing attributes in process `syz.4.660'. [ 152.567833][ T7811] tipc: Enabled bearer , priority 0 [ 152.660226][ T7811] syzkaller0: entered promiscuous mode [ 152.676777][ T7811] syzkaller0: entered allmulticast mode [ 152.726666][ T7811] sch_tbf: burst 0 is lower than device syzkaller0 mtu (1514) ! [ 152.750728][ T7811] tipc: Resetting bearer [ 152.758696][ T7809] tipc: Resetting bearer [ 152.819099][ T7809] tipc: Disabling bearer [ 153.097177][ T7836] netlink: 8 bytes leftover after parsing attributes in process `syz.2.672'. [ 153.149562][ T7840] netlink: 1 bytes leftover after parsing attributes in process `syz.3.673'. [ 153.325406][ T7850] FAULT_INJECTION: forcing a failure. [ 153.325406][ T7850] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 153.378508][ T7850] CPU: 0 UID: 0 PID: 7850 Comm: syz.4.676 Not tainted syzkaller #0 PREEMPT(full) [ 153.378549][ T7850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 153.378567][ T7850] Call Trace: [ 153.378578][ T7850] [ 153.378593][ T7850] dump_stack_lvl+0x189/0x250 [ 153.378636][ T7850] ? __pfx____ratelimit+0x10/0x10 [ 153.378675][ T7850] ? __pfx_dump_stack_lvl+0x10/0x10 [ 153.378704][ T7850] ? __pfx__printk+0x10/0x10 [ 153.378731][ T7850] ? __might_fault+0xb0/0x130 [ 153.378775][ T7850] should_fail_ex+0x414/0x560 [ 153.378814][ T7850] _copy_from_iter+0x1de/0x1790 [ 153.378846][ T7850] ? rcu_is_watching+0x15/0xb0 [ 153.378876][ T7850] ? kmalloc_reserve+0xbd/0x290 [ 153.378898][ T7850] ? __pfx__copy_from_iter+0x10/0x10 [ 153.378925][ T7850] ? __build_skb_around+0x262/0x3f0 [ 153.378950][ T7850] ? netlink_sendmsg+0x642/0xb30 [ 153.378971][ T7850] ? skb_put+0x11b/0x210 [ 153.378996][ T7850] netlink_sendmsg+0x6b2/0xb30 [ 153.379030][ T7850] ? __pfx_netlink_sendmsg+0x10/0x10 [ 153.379056][ T7850] ? aa_sock_msg_perm+0xf1/0x1d0 [ 153.379092][ T7850] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 153.379113][ T7850] ? __pfx_netlink_sendmsg+0x10/0x10 [ 153.379137][ T7850] __sock_sendmsg+0x21c/0x270 [ 153.379173][ T7850] ____sys_sendmsg+0x505/0x830 [ 153.379201][ T7850] ? __pfx_____sys_sendmsg+0x10/0x10 [ 153.379234][ T7850] ? import_iovec+0x74/0xa0 [ 153.379265][ T7850] ___sys_sendmsg+0x21f/0x2a0 [ 153.379292][ T7850] ? __pfx____sys_sendmsg+0x10/0x10 [ 153.379358][ T7850] ? __fget_files+0x2a/0x420 [ 153.379378][ T7850] ? __fget_files+0x3a0/0x420 [ 153.379411][ T7850] __x64_sys_sendmsg+0x19b/0x260 [ 153.379438][ T7850] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 153.379475][ T7850] ? __pfx_ksys_write+0x10/0x10 [ 153.379511][ T7850] ? do_syscall_64+0xbe/0xfa0 [ 153.379548][ T7850] do_syscall_64+0xfa/0xfa0 [ 153.379579][ T7850] ? lockdep_hardirqs_on+0x9c/0x150 [ 153.379611][ T7850] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.379633][ T7850] ? clear_bhb_loop+0x60/0xb0 [ 153.379659][ T7850] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.379689][ T7850] RIP: 0033:0x7f3fa398f749 [ 153.379708][ T7850] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 153.379727][ T7850] RSP: 002b:00007f3fa1bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 153.379750][ T7850] RAX: ffffffffffffffda RBX: 00007f3fa3be5fa0 RCX: 00007f3fa398f749 [ 153.379766][ T7850] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 153.379779][ T7850] RBP: 00007f3fa1bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 153.379792][ T7850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 153.379805][ T7850] R13: 00007f3fa3be6038 R14: 00007f3fa3be5fa0 R15: 00007ffe98604198 [ 153.379842][ T7850] [ 153.587644][ T7856] netlink: 24 bytes leftover after parsing attributes in process `syz.3.678'. [ 153.898393][ T7871] netlink: 4 bytes leftover after parsing attributes in process `syz.1.683'. [ 154.639177][ T7891] x_tables: duplicate underflow at hook 2 [ 154.823346][ T7896] netlink: 8 bytes leftover after parsing attributes in process `syz.1.695'. [ 156.158305][ T7938] syzkaller1: entered promiscuous mode [ 156.174658][ T7938] syzkaller1: entered allmulticast mode [ 156.573327][ T7952] gtp0: entered promiscuous mode [ 156.595104][ T7952] gtp0: entered allmulticast mode [ 156.670054][ T7956] netlink: 100 bytes leftover after parsing attributes in process `syz.0.721'. [ 156.773543][ T7962] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 156.922153][ T7964] netlink: 8 bytes leftover after parsing attributes in process `syz.4.722'. [ 157.157109][ T7971] netlink: 8 bytes leftover after parsing attributes in process `syz.4.726'. [ 157.202239][ T7971] netlink: 12 bytes leftover after parsing attributes in process `syz.4.726'. [ 157.223059][ T7980] netlink: 24 bytes leftover after parsing attributes in process `syz.2.725'. [ 157.300228][ T7972] netlink: 4 bytes leftover after parsing attributes in process `syz.2.725'. [ 157.611456][ T7993] FAULT_INJECTION: forcing a failure. [ 157.611456][ T7993] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 157.644418][ T7993] CPU: 1 UID: 0 PID: 7993 Comm: syz.0.733 Not tainted syzkaller #0 PREEMPT(full) [ 157.644449][ T7993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 157.644463][ T7993] Call Trace: [ 157.644471][ T7993] [ 157.644481][ T7993] dump_stack_lvl+0x189/0x250 [ 157.644518][ T7993] ? __pfx____ratelimit+0x10/0x10 [ 157.644548][ T7993] ? __pfx_dump_stack_lvl+0x10/0x10 [ 157.644578][ T7993] ? __pfx__printk+0x10/0x10 [ 157.644612][ T7993] should_fail_ex+0x414/0x560 [ 157.644651][ T7993] _copy_from_user+0x2d/0xb0 [ 157.644681][ T7993] __copy_msghdr+0x3c5/0x5b0 [ 157.644709][ T7993] ___sys_sendmsg+0x1a5/0x2a0 [ 157.644736][ T7993] ? __pfx____sys_sendmsg+0x10/0x10 [ 157.644801][ T7993] ? __fget_files+0x2a/0x420 [ 157.644822][ T7993] ? __fget_files+0x3a0/0x420 [ 157.644854][ T7993] __x64_sys_sendmsg+0x19b/0x260 [ 157.644882][ T7993] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 157.644916][ T7993] ? __pfx_ksys_write+0x10/0x10 [ 157.644952][ T7993] ? do_syscall_64+0xbe/0xfa0 [ 157.644988][ T7993] do_syscall_64+0xfa/0xfa0 [ 157.645019][ T7993] ? lockdep_hardirqs_on+0x9c/0x150 [ 157.645050][ T7993] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.645072][ T7993] ? clear_bhb_loop+0x60/0xb0 [ 157.645097][ T7993] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.645118][ T7993] RIP: 0033:0x7f65e6d8f749 [ 157.645137][ T7993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.645155][ T7993] RSP: 002b:00007f65e7cfc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 157.645178][ T7993] RAX: ffffffffffffffda RBX: 00007f65e6fe5fa0 RCX: 00007f65e6d8f749 [ 157.645192][ T7993] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003 [ 157.645205][ T7993] RBP: 00007f65e7cfc090 R08: 0000000000000000 R09: 0000000000000000 [ 157.645217][ T7993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 157.645228][ T7993] R13: 00007f65e6fe6038 R14: 00007f65e6fe5fa0 R15: 00007fff52c80cd8 [ 157.645262][ T7993] [ 157.951639][ T7995] net_ratelimit: 51 callbacks suppressed [ 157.951663][ T7995] IPVS: lc: FWM 3 0x00000003 - no destination available [ 158.292305][ T8010] netlink: 56 bytes leftover after parsing attributes in process `syz.0.743'. [ 158.725914][ T8032] FAULT_INJECTION: forcing a failure. [ 158.725914][ T8032] name failslab, interval 1, probability 0, space 0, times 0 [ 158.796393][ T8032] CPU: 1 UID: 0 PID: 8032 Comm: syz.1.749 Not tainted syzkaller #0 PREEMPT(full) [ 158.796422][ T8032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 158.796435][ T8032] Call Trace: [ 158.796442][ T8032] [ 158.796451][ T8032] dump_stack_lvl+0x189/0x250 [ 158.796488][ T8032] ? __pfx____ratelimit+0x10/0x10 [ 158.796518][ T8032] ? __pfx_dump_stack_lvl+0x10/0x10 [ 158.796548][ T8032] ? __pfx__printk+0x10/0x10 [ 158.796575][ T8032] ? __pfx___might_resched+0x10/0x10 [ 158.796597][ T8032] ? fs_reclaim_acquire+0x7d/0x100 [ 158.796637][ T8032] should_fail_ex+0x414/0x560 [ 158.796674][ T8032] should_failslab+0xa8/0x100 [ 158.796699][ T8032] kmem_cache_alloc_node_noprof+0x77/0x710 [ 158.796730][ T8032] ? __alloc_skb+0x112/0x2d0 [ 158.796750][ T8032] ? netlink_autobind+0xdb/0x300 [ 158.796778][ T8032] __alloc_skb+0x112/0x2d0 [ 158.796803][ T8032] netlink_sendmsg+0x5c6/0xb30 [ 158.796837][ T8032] ? __pfx_netlink_sendmsg+0x10/0x10 [ 158.796864][ T8032] ? aa_sock_msg_perm+0xf1/0x1d0 [ 158.796900][ T8032] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 158.796920][ T8032] ? __pfx_netlink_sendmsg+0x10/0x10 [ 158.796944][ T8032] __sock_sendmsg+0x21c/0x270 [ 158.796978][ T8032] ____sys_sendmsg+0x505/0x830 [ 158.797008][ T8032] ? __pfx_____sys_sendmsg+0x10/0x10 [ 158.797042][ T8032] ? import_iovec+0x74/0xa0 [ 158.797076][ T8032] ___sys_sendmsg+0x21f/0x2a0 [ 158.797103][ T8032] ? __pfx____sys_sendmsg+0x10/0x10 [ 158.797169][ T8032] ? __fget_files+0x2a/0x420 [ 158.797190][ T8032] ? __fget_files+0x3a0/0x420 [ 158.797223][ T8032] __x64_sys_sendmsg+0x19b/0x260 [ 158.797251][ T8032] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 158.797287][ T8032] ? __pfx_ksys_write+0x10/0x10 [ 158.797332][ T8032] ? do_syscall_64+0xbe/0xfa0 [ 158.797369][ T8032] do_syscall_64+0xfa/0xfa0 [ 158.797400][ T8032] ? lockdep_hardirqs_on+0x9c/0x150 [ 158.797432][ T8032] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.797454][ T8032] ? clear_bhb_loop+0x60/0xb0 [ 158.797480][ T8032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.797502][ T8032] RIP: 0033:0x7ff395f8f749 [ 158.797522][ T8032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.797540][ T8032] RSP: 002b:00007ff396e48038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 158.797563][ T8032] RAX: ffffffffffffffda RBX: 00007ff3961e5fa0 RCX: 00007ff395f8f749 [ 158.797579][ T8032] RDX: 0000000000068840 RSI: 0000200000000180 RDI: 0000000000000003 [ 158.797593][ T8032] RBP: 00007ff396e48090 R08: 0000000000000000 R09: 0000000000000000 [ 158.797607][ T8032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.797620][ T8032] R13: 00007ff3961e6038 R14: 00007ff3961e5fa0 R15: 00007ffc3bff6c18 [ 158.797656][ T8032] [ 159.631082][ T8051] netlink: 'syz.4.756': attribute type 10 has an invalid length. [ 159.639285][ T8051] team0: Device veth1_macvtap is up. Set it down before adding it as a team port [ 159.774694][ T8055] netlink: 24 bytes leftover after parsing attributes in process `syz.1.757'. [ 159.786680][ T8053] netlink: 8 bytes leftover after parsing attributes in process `syz.0.755'. [ 160.244657][ T8078] netlink: 8 bytes leftover after parsing attributes in process `syz.4.764'. [ 160.254189][ T8076] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 160.989159][ T8115] netlink: 'syz.2.778': attribute type 10 has an invalid length. [ 161.005843][ T8115] dummy0: entered promiscuous mode [ 161.011637][ T8115] bridge0: port 3(dummy0) entered blocking state [ 161.019834][ T8115] bridge0: port 3(dummy0) entered disabled state [ 161.027628][ T8115] dummy0: entered allmulticast mode [ 161.037646][ T8115] bridge0: port 3(dummy0) entered blocking state [ 161.044265][ T8115] bridge0: port 3(dummy0) entered forwarding state [ 161.334676][ T8124] FAULT_INJECTION: forcing a failure. [ 161.334676][ T8124] name failslab, interval 1, probability 0, space 0, times 0 [ 161.347568][ T8124] CPU: 1 UID: 0 PID: 8124 Comm: syz.4.782 Not tainted syzkaller #0 PREEMPT(full) [ 161.347600][ T8124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 161.347615][ T8124] Call Trace: [ 161.347627][ T8124] [ 161.347639][ T8124] dump_stack_lvl+0x189/0x250 [ 161.347667][ T8124] ? __pfx____ratelimit+0x10/0x10 [ 161.347690][ T8124] ? __pfx_dump_stack_lvl+0x10/0x10 [ 161.347713][ T8124] ? __pfx__printk+0x10/0x10 [ 161.347730][ T8124] ? __lock_acquire+0xab9/0xd20 [ 161.347754][ T8124] should_fail_ex+0x414/0x560 [ 161.347783][ T8124] should_failslab+0xa8/0x100 [ 161.347802][ T8124] kmem_cache_alloc_noprof+0x74/0x6e0 [ 161.347825][ T8124] ? dst_alloc+0x105/0x170 [ 161.347850][ T8124] dst_alloc+0x105/0x170 [ 161.347873][ T8124] ip_route_output_key_hash_rcu+0x1560/0x23e0 [ 161.347905][ T8124] ? ip_route_output_key_hash+0xc1/0x280 [ 161.347929][ T8124] ip_route_output_key_hash+0x174/0x280 [ 161.347952][ T8124] ? __lock_acquire+0xab9/0xd20 [ 161.347968][ T8124] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 161.348006][ T8124] ip_route_output_flow+0x2a/0x150 [ 161.348025][ T8124] ? security_sk_classify_flow+0x70/0x180 [ 161.348046][ T8124] udp_sendmsg+0x142e/0x2170 [ 161.348074][ T8124] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 161.348107][ T8124] ? __pfx_udp_sendmsg+0x10/0x10 [ 161.348137][ T8124] ? get_random_u32+0x155/0x940 [ 161.348163][ T8124] ? register_lock_class+0x51/0x320 [ 161.348177][ T8124] ? get_random_u32+0x155/0x940 [ 161.348197][ T8124] ? __lock_acquire+0xab9/0xd20 [ 161.348221][ T8124] udpv6_sendmsg+0xc1c/0x2510 [ 161.348255][ T8124] ? udp_lib_get_port+0x164b/0x1b10 [ 161.348281][ T8124] ? udp_lib_get_port+0x164b/0x1b10 [ 161.348305][ T8124] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 161.348334][ T8124] ? __lock_acquire+0xab9/0xd20 [ 161.348366][ T8124] ? __local_bh_enable_ip+0x12d/0x1c0 [ 161.348384][ T8124] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 161.348408][ T8124] ? inet_send_prepare+0x1b9/0x270 [ 161.348425][ T8124] ? inet_send_prepare+0x1b9/0x270 [ 161.348444][ T8124] ? inet6_sendmsg+0xe4/0x120 [ 161.348465][ T8124] __sock_sendmsg+0xe5/0x270 [ 161.348500][ T8124] ____sys_sendmsg+0x505/0x830 [ 161.348533][ T8124] ? __pfx_____sys_sendmsg+0x10/0x10 [ 161.348569][ T8124] ? import_iovec+0x74/0xa0 [ 161.348603][ T8124] ___sys_sendmsg+0x21f/0x2a0 [ 161.348632][ T8124] ? __pfx____sys_sendmsg+0x10/0x10 [ 161.348704][ T8124] ? __fget_files+0x2a/0x420 [ 161.348725][ T8124] ? __fget_files+0x3a0/0x420 [ 161.348760][ T8124] __x64_sys_sendmsg+0x19b/0x260 [ 161.348781][ T8124] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 161.348827][ T8124] ? __pfx_ksys_write+0x10/0x10 [ 161.348854][ T8124] ? do_syscall_64+0xbe/0xfa0 [ 161.348881][ T8124] do_syscall_64+0xfa/0xfa0 [ 161.348904][ T8124] ? lockdep_hardirqs_on+0x9c/0x150 [ 161.348928][ T8124] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.348944][ T8124] ? clear_bhb_loop+0x60/0xb0 [ 161.348963][ T8124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.348980][ T8124] RIP: 0033:0x7f3fa398f749 [ 161.348995][ T8124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.349009][ T8124] RSP: 002b:00007f3fa1bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 161.349026][ T8124] RAX: ffffffffffffffda RBX: 00007f3fa3be5fa0 RCX: 00007f3fa398f749 [ 161.349038][ T8124] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003 [ 161.349048][ T8124] RBP: 00007f3fa1bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 161.349058][ T8124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 161.349067][ T8124] R13: 00007f3fa3be6038 R14: 00007f3fa3be5fa0 R15: 00007ffe98604198 [ 161.349100][ T8124] [ 162.024553][ T8138] netlink: 'syz.0.789': attribute type 4 has an invalid length. [ 162.032410][ T8138] __nla_validate_parse: 1 callbacks suppressed [ 162.032429][ T8138] netlink: 228 bytes leftover after parsing attributes in process `syz.0.789'. [ 162.128266][ T8142] FAULT_INJECTION: forcing a failure. [ 162.128266][ T8142] name failslab, interval 1, probability 0, space 0, times 0 [ 162.142170][ T8142] CPU: 1 UID: 0 PID: 8142 Comm: syz.3.792 Not tainted syzkaller #0 PREEMPT(full) [ 162.142200][ T8142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 162.142213][ T8142] Call Trace: [ 162.142222][ T8142] [ 162.142231][ T8142] dump_stack_lvl+0x189/0x250 [ 162.142266][ T8142] ? __pfx____ratelimit+0x10/0x10 [ 162.142307][ T8142] ? __pfx_dump_stack_lvl+0x10/0x10 [ 162.142337][ T8142] ? __pfx__printk+0x10/0x10 [ 162.142367][ T8142] ? __pfx___might_resched+0x10/0x10 [ 162.142389][ T8142] ? fs_reclaim_acquire+0x7d/0x100 [ 162.142430][ T8142] should_fail_ex+0x414/0x560 [ 162.142470][ T8142] should_failslab+0xa8/0x100 [ 162.142494][ T8142] __kmalloc_noprof+0xcb/0x7f0 [ 162.142525][ T8142] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 162.142557][ T8142] ? __local_bh_enable_ip+0x12d/0x1c0 [ 162.142586][ T8142] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 162.142625][ T8142] genl_family_rcv_msg_doit+0xb8/0x300 [ 162.142663][ T8142] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 162.142703][ T8142] ? apparmor_capable+0x137/0x1b0 [ 162.142730][ T8142] ? bpf_lsm_capable+0x9/0x20 [ 162.142757][ T8142] ? security_capable+0x7e/0x2e0 [ 162.142795][ T8142] genl_rcv_msg+0x60e/0x790 [ 162.142831][ T8142] ? __pfx_genl_rcv_msg+0x10/0x10 [ 162.142858][ T8142] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 162.142882][ T8142] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 162.142914][ T8142] ? __pfx_nl80211_post_doit+0x10/0x10 [ 162.142942][ T8142] ? __asan_memcpy+0x40/0x70 [ 162.142970][ T8142] ? __pfx_ref_tracker_free+0x10/0x10 [ 162.143001][ T8142] netlink_rcv_skb+0x208/0x470 [ 162.143020][ T8142] ? __lock_acquire+0xab9/0xd20 [ 162.143042][ T8142] ? __pfx_genl_rcv_msg+0x10/0x10 [ 162.143073][ T8142] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 162.143124][ T8142] ? down_read+0x1ad/0x2e0 [ 162.143149][ T8142] genl_rcv+0x28/0x40 [ 162.143175][ T8142] netlink_unicast+0x82f/0x9e0 [ 162.143218][ T8142] ? __pfx_netlink_unicast+0x10/0x10 [ 162.143253][ T8142] ? netlink_sendmsg+0x642/0xb30 [ 162.143273][ T8142] ? skb_put+0x11b/0x210 [ 162.143300][ T8142] netlink_sendmsg+0x805/0xb30 [ 162.143334][ T8142] ? __pfx_netlink_sendmsg+0x10/0x10 [ 162.143361][ T8142] ? aa_sock_msg_perm+0xf1/0x1d0 [ 162.143397][ T8142] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 162.143418][ T8142] ? __pfx_netlink_sendmsg+0x10/0x10 [ 162.143442][ T8142] __sock_sendmsg+0x21c/0x270 [ 162.143477][ T8142] ____sys_sendmsg+0x505/0x830 [ 162.143508][ T8142] ? __pfx_____sys_sendmsg+0x10/0x10 [ 162.143544][ T8142] ? import_iovec+0x74/0xa0 [ 162.143577][ T8142] ___sys_sendmsg+0x21f/0x2a0 [ 162.143604][ T8142] ? __pfx____sys_sendmsg+0x10/0x10 [ 162.143672][ T8142] ? __fget_files+0x2a/0x420 [ 162.143692][ T8142] ? __fget_files+0x3a0/0x420 [ 162.143726][ T8142] __x64_sys_sendmsg+0x19b/0x260 [ 162.143754][ T8142] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 162.143790][ T8142] ? __pfx_ksys_write+0x10/0x10 [ 162.143832][ T8142] ? do_syscall_64+0xbe/0xfa0 [ 162.143886][ T8142] do_syscall_64+0xfa/0xfa0 [ 162.143916][ T8142] ? lockdep_hardirqs_on+0x9c/0x150 [ 162.143948][ T8142] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.143969][ T8142] ? clear_bhb_loop+0x60/0xb0 [ 162.143996][ T8142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.144018][ T8142] RIP: 0033:0x7f58d798f749 [ 162.144037][ T8142] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.144055][ T8142] RSP: 002b:00007f58d5bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 162.144085][ T8142] RAX: ffffffffffffffda RBX: 00007f58d7be5fa0 RCX: 00007f58d798f749 [ 162.144101][ T8142] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 162.144114][ T8142] RBP: 00007f58d5bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 162.144128][ T8142] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.144140][ T8142] R13: 00007f58d7be6038 R14: 00007f58d7be5fa0 R15: 00007ffd876930a8 [ 162.144177][ T8142] [ 162.605749][ T8145] netlink: 36 bytes leftover after parsing attributes in process `syz.2.790'. [ 162.655792][ T8149] FAULT_INJECTION: forcing a failure. [ 162.655792][ T8149] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 162.669395][ T8149] CPU: 1 UID: 0 PID: 8149 Comm: syz.4.794 Not tainted syzkaller #0 PREEMPT(full) [ 162.669424][ T8149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 162.669438][ T8149] Call Trace: [ 162.669446][ T8149] [ 162.669455][ T8149] dump_stack_lvl+0x189/0x250 [ 162.669491][ T8149] ? __pfx____ratelimit+0x10/0x10 [ 162.669522][ T8149] ? __pfx_dump_stack_lvl+0x10/0x10 [ 162.669552][ T8149] ? __pfx__printk+0x10/0x10 [ 162.669574][ T8149] ? __might_fault+0xb0/0x130 [ 162.669616][ T8149] should_fail_ex+0x414/0x560 [ 162.669655][ T8149] _copy_from_iter+0x1de/0x1790 [ 162.669687][ T8149] ? rcu_is_watching+0x15/0xb0 [ 162.669717][ T8149] ? kmalloc_reserve+0xbd/0x290 [ 162.669739][ T8149] ? __pfx__copy_from_iter+0x10/0x10 [ 162.669766][ T8149] ? __build_skb_around+0x262/0x3f0 [ 162.669791][ T8149] ? netlink_sendmsg+0x642/0xb30 [ 162.669812][ T8149] ? skb_put+0x11b/0x210 [ 162.669837][ T8149] netlink_sendmsg+0x6b2/0xb30 [ 162.669871][ T8149] ? __pfx_netlink_sendmsg+0x10/0x10 [ 162.669897][ T8149] ? aa_sock_msg_perm+0xf1/0x1d0 [ 162.669932][ T8149] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 162.669954][ T8149] ? __pfx_netlink_sendmsg+0x10/0x10 [ 162.669977][ T8149] __sock_sendmsg+0x21c/0x270 [ 162.670012][ T8149] ____sys_sendmsg+0x505/0x830 [ 162.670043][ T8149] ? __pfx_____sys_sendmsg+0x10/0x10 [ 162.670078][ T8149] ? import_iovec+0x74/0xa0 [ 162.670110][ T8149] ___sys_sendmsg+0x21f/0x2a0 [ 162.670137][ T8149] ? __pfx____sys_sendmsg+0x10/0x10 [ 162.670201][ T8149] ? __fget_files+0x2a/0x420 [ 162.670222][ T8149] ? __fget_files+0x3a0/0x420 [ 162.670262][ T8149] __x64_sys_sendmsg+0x19b/0x260 [ 162.670290][ T8149] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 162.670325][ T8149] ? __pfx_ksys_write+0x10/0x10 [ 162.670359][ T8149] ? do_syscall_64+0xbe/0xfa0 [ 162.670394][ T8149] do_syscall_64+0xfa/0xfa0 [ 162.670423][ T8149] ? lockdep_hardirqs_on+0x9c/0x150 [ 162.670455][ T8149] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.670475][ T8149] ? clear_bhb_loop+0x60/0xb0 [ 162.670501][ T8149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.670520][ T8149] RIP: 0033:0x7f3fa398f749 [ 162.670538][ T8149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.670555][ T8149] RSP: 002b:00007f3fa1bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 162.670577][ T8149] RAX: ffffffffffffffda RBX: 00007f3fa3be5fa0 RCX: 00007f3fa398f749 [ 162.670592][ T8149] RDX: 0000000000068840 RSI: 0000200000000180 RDI: 0000000000000003 [ 162.670606][ T8149] RBP: 00007f3fa1bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 162.670618][ T8149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.670630][ T8149] R13: 00007f3fa3be6038 R14: 00007f3fa3be5fa0 R15: 00007ffe98604198 [ 162.670666][ T8149] [ 163.140181][ T8165] netlink: 12 bytes leftover after parsing attributes in process `syz.4.799'. [ 163.306497][ T8168] syzkaller0: entered promiscuous mode [ 163.315264][ T8168] syzkaller0: entered allmulticast mode [ 163.338822][ T8178] netlink: 'syz.3.801': attribute type 2 has an invalid length. [ 163.343310][ T8172] macsec1: entered promiscuous mode [ 163.346788][ T8178] netlink: 84 bytes leftover after parsing attributes in process `syz.3.801'. [ 163.362907][ T8172] macsec1: entered allmulticast mode [ 163.370500][ T8172] bond1: (slave macsec1): Error -34 calling dev_set_mtu [ 163.394270][ T8176] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 163.411538][ T8185] 8021q: VLANs not supported on ip_vti0 [ 163.440303][ T8186] IPVS: lc: FWM 3 0x00000003 - no destination available [ 163.870018][ T8191] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 164.124747][ T8203] netlink: 24 bytes leftover after parsing attributes in process `syz.1.807'. [ 164.202656][ T8209] netlink: 20 bytes leftover after parsing attributes in process `syz.4.810'. [ 164.212406][ T8209] netlink: 24 bytes leftover after parsing attributes in process `syz.4.810'. [ 164.313427][ T8213] netlink: 44 bytes leftover after parsing attributes in process `syz.0.811'. [ 164.384199][ T8215] netlink: 8 bytes leftover after parsing attributes in process `syz.1.812'. [ 164.426878][ T8218] pim6reg527: entered allmulticast mode [ 165.006272][ T8246] netlink: 28 bytes leftover after parsing attributes in process `syz.0.824'. [ 165.027776][ T8249] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 165.665977][ T8241] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 165.672674][ T8241] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 165.740556][ T8241] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 165.761956][ T8241] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 165.797580][ T8241] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 165.813139][ T8241] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 165.849509][ T8241] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 165.853939][ T8279] netlink: 'syz.4.836': attribute type 21 has an invalid length. [ 165.864577][ T8241] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 165.890349][ T8241] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 165.901271][ T8241] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 166.366502][ T8306] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 166.499913][ T8315] openvswitch: netlink: Flow actions attr not present in new flow. [ 166.511525][ T8315] IPVS: lc: FWM 3 0x00000003 - no destination available [ 166.702173][ T8323] syzkaller1: entered promiscuous mode [ 166.708144][ T8323] syzkaller1: entered allmulticast mode [ 167.372516][ T8348] __nla_validate_parse: 4 callbacks suppressed [ 167.372537][ T8348] netlink: 24 bytes leftover after parsing attributes in process `syz.3.864'. [ 167.556109][ T8354] tipc: Enabled bearer , priority 0 [ 167.564605][ T8354] syzkaller0: entered promiscuous mode [ 167.593662][ T8354] syzkaller0: entered allmulticast mode [ 167.626495][ T8354] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 167.658190][ T8354] tipc: Resetting bearer [ 167.698681][ T8353] tipc: Resetting bearer [ 167.764654][ T8365] netlink: 36 bytes leftover after parsing attributes in process `syz.3.872'. [ 167.781213][ T8353] tipc: Disabling bearer [ 167.879990][ T8368] netlink: 32 bytes leftover after parsing attributes in process `syz.3.872'. [ 167.905605][ T8365] netlink: 32 bytes leftover after parsing attributes in process `syz.3.872'. [ 168.288656][ T8379] netlink: 116 bytes leftover after parsing attributes in process `syz.0.878'. [ 168.301398][ T8379] netlink: 24 bytes leftover after parsing attributes in process `syz.0.878'. [ 168.520052][ T8387] syzkaller1: entered promiscuous mode [ 168.526679][ T8387] syzkaller1: entered allmulticast mode [ 168.943256][ T8395] FAULT_INJECTION: forcing a failure. [ 168.943256][ T8395] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 168.959197][ T8395] CPU: 1 UID: 0 PID: 8395 Comm: syz.0.885 Not tainted syzkaller #0 PREEMPT(full) [ 168.959226][ T8395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 168.959239][ T8395] Call Trace: [ 168.959248][ T8395] [ 168.959257][ T8395] dump_stack_lvl+0x189/0x250 [ 168.959293][ T8395] ? __pfx____ratelimit+0x10/0x10 [ 168.959324][ T8395] ? __pfx_dump_stack_lvl+0x10/0x10 [ 168.959354][ T8395] ? __pfx__printk+0x10/0x10 [ 168.959377][ T8395] ? __might_fault+0xb0/0x130 [ 168.959422][ T8395] should_fail_ex+0x414/0x560 [ 168.959462][ T8395] _copy_from_user+0x2d/0xb0 [ 168.959491][ T8395] ____sys_sendmsg+0x2fe/0x830 [ 168.959523][ T8395] ? __pfx_____sys_sendmsg+0x10/0x10 [ 168.959565][ T8395] ? import_iovec+0x74/0xa0 [ 168.959597][ T8395] ___sys_sendmsg+0x21f/0x2a0 [ 168.959624][ T8395] ? __pfx____sys_sendmsg+0x10/0x10 [ 168.959689][ T8395] ? __fget_files+0x2a/0x420 [ 168.959709][ T8395] ? __fget_files+0x3a0/0x420 [ 168.959742][ T8395] __x64_sys_sendmsg+0x19b/0x260 [ 168.959770][ T8395] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 168.959806][ T8395] ? __pfx_ksys_write+0x10/0x10 [ 168.959842][ T8395] ? do_syscall_64+0xbe/0xfa0 [ 168.959879][ T8395] do_syscall_64+0xfa/0xfa0 [ 168.959909][ T8395] ? lockdep_hardirqs_on+0x9c/0x150 [ 168.959941][ T8395] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.959960][ T8395] ? clear_bhb_loop+0x60/0xb0 [ 168.959987][ T8395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.960009][ T8395] RIP: 0033:0x7f65e6d8f749 [ 168.960028][ T8395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.960046][ T8395] RSP: 002b:00007f65e7cfc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 168.960069][ T8395] RAX: ffffffffffffffda RBX: 00007f65e6fe5fa0 RCX: 00007f65e6d8f749 [ 168.960085][ T8395] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003 [ 168.960098][ T8395] RBP: 00007f65e7cfc090 R08: 0000000000000000 R09: 0000000000000000 [ 168.960111][ T8395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 168.960124][ T8395] R13: 00007f65e6fe6038 R14: 00007f65e6fe5fa0 R15: 00007fff52c80cd8 [ 168.960160][ T8395] [ 169.578372][ T8407] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 169.599992][ T8407] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 169.629752][ T8408] netlink: 'syz.4.889': attribute type 2 has an invalid length. [ 169.649341][ T8408] netlink: 84 bytes leftover after parsing attributes in process `syz.4.889'. [ 170.013315][ T8417] syzkaller1: entered promiscuous mode [ 170.019091][ T8417] syzkaller1: entered allmulticast mode [ 170.279718][ T8421] netlink: 48 bytes leftover after parsing attributes in process `syz.4.894'. [ 171.115860][ T8442] netlink: 8 bytes leftover after parsing attributes in process `syz.4.901'. [ 171.478371][ T8447] syzkaller1: entered promiscuous mode [ 171.484215][ T8447] syzkaller1: entered allmulticast mode [ 171.817651][ T8352] Set syz1 is full, maxelem 65536 reached [ 171.993123][ T8459] netlink: 'syz.2.907': attribute type 1 has an invalid length. [ 199.727339][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.733807][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.156922][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.163250][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.597724][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.604644][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 329.635441][ T31] INFO: task kworker/1:0:24 blocked for more than 143 seconds. [ 329.643123][ T31] Not tainted syzkaller #0 [ 329.648199][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 329.657019][ T31] task:kworker/1:0 state:D stack:24240 pid:24 tgid:24 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 329.669229][ T31] Workqueue: events rfkill_sync_work [ 329.674723][ T31] Call Trace: [ 329.678031][ T31] [ 329.680973][ T31] __schedule+0x1798/0x4cc0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 329.685685][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 329.692070][ T31] ? __pfx___schedule+0x10/0x10 [ 329.697459][ T31] ? schedule+0x91/0x360 [ 329.701759][ T31] schedule+0x165/0x360 [ 329.707472][ T31] schedule_preempt_disabled+0x13/0x30 [ 329.712995][ T31] __mutex_lock+0x7e6/0x1350 [ 329.718672][ T31] ? __mutex_lock+0x5bb/0x1350 [ 329.735202][ T31] ? rfkill_sync_work+0x2e/0x200 [ 329.740260][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 329.759499][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 329.767645][ T31] rfkill_sync_work+0x2e/0x200 [ 329.772484][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 329.779746][ T31] process_scheduled_works+0xae1/0x17b0 [ 329.794634][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 329.800708][ T31] worker_thread+0x8a0/0xda0 [ 329.817001][ T31] kthread+0x711/0x8a0 [ 329.821170][ T31] ? __pfx_worker_thread+0x10/0x10 [ 329.828487][ T31] ? __pfx_kthread+0x10/0x10 [ 329.833556][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 329.839683][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 329.846128][ T31] ? __pfx_kthread+0x10/0x10 [ 329.850755][ T31] ret_from_fork+0x4bc/0x870 [ 329.856042][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 329.861199][ T31] ? __switch_to_asm+0x39/0x70 [ 329.866674][ T31] ? __switch_to_asm+0x33/0x70 [ 329.871477][ T31] ? __pfx_kthread+0x10/0x10 [ 329.876916][ T31] ret_from_fork_asm+0x1a/0x30 [ 329.881728][ T31] [ 329.885513][ T31] INFO: task kworker/0:5:5906 blocked for more than 143 seconds. [ 329.893254][ T31] Not tainted syzkaller #0 [ 329.898843][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 329.908094][ T31] task:kworker/0:5 state:D stack:22888 pid:5906 tgid:5906 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 329.920725][ T31] Workqueue: events rfkill_sync_work [ 329.926994][ T31] Call Trace: [ 329.930326][ T31] [ 329.933276][ T31] __schedule+0x1798/0x4cc0 [ 329.938524][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 329.944544][ T31] ? __pfx___schedule+0x10/0x10 [ 329.949436][ T31] ? schedule+0x91/0x360 [ 329.953692][ T31] schedule+0x165/0x360 [ 329.959362][ T31] schedule_preempt_disabled+0x13/0x30 [ 329.965477][ T31] __mutex_lock+0x7e6/0x1350 [ 329.970102][ T31] ? __mutex_lock+0x5bb/0x1350 [ 329.975074][ T31] ? nfc_rfkill_set_block+0x50/0x2e0 [ 329.980393][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 329.985686][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 329.990935][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 329.996916][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 330.003294][ T31] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 330.009718][ T31] nfc_rfkill_set_block+0x50/0x2e0 [ 330.015457][ T31] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 330.021193][ T31] rfkill_set_block+0x1d2/0x440 [ 330.026706][ T31] rfkill_sync_work+0x114/0x200 [ 330.031585][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 330.038687][ T31] process_scheduled_works+0xae1/0x17b0 [ 330.045042][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 330.051070][ T31] worker_thread+0x8a0/0xda0 [ 330.056395][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 330.062772][ T31] ? __kthread_parkme+0x7b/0x200 [ 330.068918][ T31] kthread+0x711/0x8a0 [ 330.073028][ T31] ? __pfx_worker_thread+0x10/0x10 [ 330.078761][ T31] ? __pfx_kthread+0x10/0x10 [ 330.083373][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 330.089212][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 330.095144][ T31] ? __pfx_kthread+0x10/0x10 [ 330.099770][ T31] ret_from_fork+0x4bc/0x870 [ 330.104979][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 330.110133][ T31] ? __switch_to_asm+0x39/0x70 [ 330.115706][ T31] ? __switch_to_asm+0x33/0x70 [ 330.120484][ T31] ? __pfx_kthread+0x10/0x10 [ 330.125863][ T31] ret_from_fork_asm+0x1a/0x30 [ 330.130671][ T31] [ 330.133718][ T31] INFO: task syz.1.835:8275 blocked for more than 143 seconds. [ 330.142040][ T31] Not tainted syzkaller #0 [ 330.148004][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 330.157439][ T31] task:syz.1.835 state:D stack:25960 pid:8275 tgid:8275 ppid:5827 task_flags:0x400040 flags:0x00080002 [ 330.170011][ T31] Call Trace: [ 330.173312][ T31] [ 330.177352][ T31] __schedule+0x1798/0x4cc0 [ 330.181920][ T31] ? validate_chain+0x897/0x2140 [ 330.187549][ T31] ? __lock_acquire+0xab9/0xd20 [ 330.192432][ T31] ? __pfx___schedule+0x10/0x10 [ 330.198167][ T31] ? schedule+0x91/0x360 [ 330.202442][ T31] schedule+0x165/0x360 [ 330.207355][ T31] schedule_timeout+0x9a/0x270 [ 330.212348][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 330.218415][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 330.223655][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 330.229578][ T31] ? wait_for_completion+0x267/0x5d0 [ 330.235489][ T31] wait_for_completion+0x2bf/0x5d0 [ 330.240635][ T31] ? __pfx_wait_for_completion+0x10/0x10 [ 330.247021][ T31] ? __flush_work+0xd2/0xbc0 [ 330.251682][ T31] ? __flush_work+0xd2/0xbc0 [ 330.257157][ T31] __flush_work+0x9b9/0xbc0 [ 330.261710][ T31] ? __flush_work+0xd2/0xbc0 [ 330.266488][ T31] ? __pfx___flush_work+0x10/0x10 [ 330.271553][ T31] ? __pfx_wq_barrier_func+0x10/0x10 [ 330.276955][ T31] ? __pfx___cancel_work+0x10/0x10 [ 330.282143][ T31] ? nfc_genl_device_removed+0x23c/0x330 [ 330.288282][ T31] __cancel_work_sync+0xbe/0x110 [ 330.293364][ T31] rfkill_unregister+0x92/0x220 [ 330.298384][ T31] nfc_unregister_device+0x96/0x2a0 [ 330.303629][ T31] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 330.309475][ T31] virtual_ncidev_close+0x56/0x90 [ 330.314731][ T31] __fput+0x44c/0xa70 [ 330.319382][ T31] task_work_run+0x1d4/0x260 [ 330.324726][ T31] ? __pfx_task_work_run+0x10/0x10 [ 330.329966][ T31] ? exit_to_user_mode_loop+0x40/0x130 [ 330.336072][ T31] exit_to_user_mode_loop+0xe9/0x130 [ 330.341394][ T31] do_syscall_64+0x2bd/0xfa0 [ 330.346621][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 330.351859][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.358580][ T31] ? clear_bhb_loop+0x60/0xb0 [ 330.363388][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.370059][ T31] RIP: 0033:0x7ff395f8f749 [ 330.375297][ T31] RSP: 002b:00007ffc3bff6d78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 330.383731][ T31] RAX: 0000000000000000 RBX: 00007ff3961e7da0 RCX: 00007ff395f8f749 [ 330.392461][ T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 330.401565][ T31] RBP: 00007ff3961e7da0 R08: 00000000000000ec R09: 0000000d3bff706f [ 330.410234][ T31] R10: 00000000003ffcf0 R11: 0000000000000246 R12: 0000000000028a88 [ 330.418803][ T31] R13: 00007ff3961e6090 R14: ffffffffffffffff R15: 00007ffc3bff6e90 [ 330.427477][ T31] [ 330.430525][ T31] INFO: task syz.0.898:8434 blocked for more than 144 seconds. [ 330.441207][ T31] Not tainted syzkaller #0 [ 330.446827][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 330.456155][ T31] task:syz.0.898 state:D stack:23368 pid:8434 tgid:8433 ppid:5846 task_flags:0x400140 flags:0x00080002 [ 330.468719][ T31] Call Trace: [ 330.472015][ T31] [ 330.475562][ T31] __schedule+0x1798/0x4cc0 [ 330.480096][ T31] ? __lock_acquire+0xab9/0xd20 [ 330.485919][ T31] ? __lock_acquire+0xab9/0xd20 [ 330.490787][ T31] ? __pfx___schedule+0x10/0x10 [ 330.496357][ T31] ? schedule+0x91/0x360 [ 330.500643][ T31] schedule+0x165/0x360 [ 330.505870][ T31] schedule_preempt_disabled+0x13/0x30 [ 330.511352][ T31] __mutex_lock+0x7e6/0x1350 [ 330.516588][ T31] ? rcu_is_watching+0x15/0xb0 [ 330.521372][ T31] ? __mutex_lock+0x5bb/0x1350 [ 330.526759][ T31] ? rfkill_register+0x37/0x8e0 [ 330.531633][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 330.537359][ T31] ? netdev_run_todo+0xe1d/0xea0 [ 330.542329][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 330.548161][ T31] ? __pfx_netdev_run_todo+0x10/0x10 [ 330.553472][ T31] ? __pfx_mod_delayed_work_on+0x10/0x10 [ 330.559285][ T31] rfkill_register+0x37/0x8e0 [ 330.564091][ T31] wiphy_register+0x2231/0x2aa0 [ 330.569020][ T31] ? __pfx_wiphy_register+0x10/0x10 [ 330.574397][ T31] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 330.579543][ T31] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 330.586212][ T31] ieee80211_register_hw+0x3473/0x40d0 [ 330.591790][ T31] ? ieee80211_register_hw+0x13f1/0x40d0 [ 330.598321][ T31] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 330.604852][ T31] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 330.610892][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 330.617918][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 330.624894][ T31] ? __hrtimer_setup+0x187/0x210 [ 330.629854][ T31] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 330.636310][ T31] mac80211_hwsim_new_radio+0x2f7a/0x5220 [ 330.642098][ T31] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 330.649634][ T31] ? trace_kmalloc+0x1f/0xd0 [ 330.654996][ T31] ? __kmalloc_node_track_caller_noprof+0x587/0x800 [ 330.661640][ T31] ? kstrndup+0xbf/0x160 [ 330.666488][ T31] hwsim_new_radio_nl+0xf5b/0x1bd0 [ 330.671634][ T31] ? __pfx___nla_validate_parse+0x10/0x10 [ 330.677983][ T31] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 330.683565][ T31] ? rcu_is_watching+0x15/0xb0 [ 330.688949][ T31] ? __nla_parse+0x40/0x60 [ 330.693386][ T31] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 330.700348][ T31] genl_family_rcv_msg_doit+0x215/0x300 [ 330.706741][ T31] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 330.712869][ T31] ? bpf_lsm_capable+0x9/0x20 [ 330.718266][ T31] ? security_capable+0x7e/0x2e0 [ 330.723466][ T31] genl_rcv_msg+0x60e/0x790 [ 330.729498][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 330.735424][ T31] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 330.741135][ T31] netlink_rcv_skb+0x208/0x470 [ 330.746541][ T31] ? __lock_acquire+0xab9/0xd20 [ 330.751407][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 330.757088][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 330.762405][ T31] ? down_read+0x1ad/0x2e0 [ 330.767523][ T31] genl_rcv+0x28/0x40 [ 330.771550][ T31] netlink_unicast+0x82f/0x9e0 [ 330.777003][ T31] ? __pfx_netlink_unicast+0x10/0x10 [ 330.782342][ T31] ? netlink_sendmsg+0x642/0xb30 [ 330.787912][ T31] ? skb_put+0x11b/0x210 [ 330.792176][ T31] netlink_sendmsg+0x805/0xb30 [ 330.797607][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 330.803120][ T31] ? aa_sock_msg_perm+0xf1/0x1d0 [ 330.808713][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 330.814846][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 330.820252][ T31] __sock_sendmsg+0x21c/0x270 [ 330.825566][ T31] ____sys_sendmsg+0x505/0x830 [ 330.830357][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 330.836762][ T31] ? import_iovec+0x74/0xa0 [ 330.841310][ T31] ___sys_sendmsg+0x21f/0x2a0 [ 330.846174][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 330.851436][ T31] ? __fget_files+0x2a/0x420 [ 330.856113][ T31] ? __fget_files+0x3a0/0x420 [ 330.860839][ T31] __x64_sys_sendmsg+0x19b/0x260 [ 330.865872][ T31] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 330.871386][ T31] ? do_syscall_64+0xbe/0xfa0 [ 330.876684][ T31] do_syscall_64+0xfa/0xfa0 [ 330.881217][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 330.887205][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.893306][ T31] ? clear_bhb_loop+0x60/0xb0 [ 330.898654][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.905152][ T31] RIP: 0033:0x7f65e6d8f749 [ 330.909583][ T31] RSP: 002b:00007f65e7cfc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 330.918692][ T31] RAX: ffffffffffffffda RBX: 00007f65e6fe5fa0 RCX: 00007f65e6d8f749 [ 330.927535][ T31] RDX: 0000000004000010 RSI: 0000200000000100 RDI: 0000000000000003 [ 330.936117][ T31] RBP: 00007f65e6e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 330.945532][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 330.953540][ T31] R13: 00007f65e6fe6038 R14: 00007f65e6fe5fa0 R15: 00007fff52c80cd8 [ 330.962131][ T31] [ 330.965751][ T31] INFO: task syz.4.901:8442 blocked for more than 144 seconds. [ 330.973351][ T31] Not tainted syzkaller #0 [ 330.978927][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 330.988616][ T31] task:syz.4.901 state:D stack:23560 pid:8442 tgid:8441 ppid:5842 task_flags:0x400140 flags:0x00080002 [ 331.001502][ T31] Call Trace: [ 331.005411][ T31] [ 331.008358][ T31] __schedule+0x1798/0x4cc0 [ 331.012910][ T31] ? __lock_acquire+0xab9/0xd20 [ 331.018549][ T31] ? __lock_acquire+0xab9/0xd20 [ 331.023459][ T31] ? __pfx___schedule+0x10/0x10 [ 331.029098][ T31] ? schedule+0x91/0x360 [ 331.033372][ T31] schedule+0x165/0x360 [ 331.038382][ T31] schedule_preempt_disabled+0x13/0x30 [ 331.044585][ T31] __mutex_lock+0x7e6/0x1350 [ 331.049232][ T31] ? __mutex_lock+0x5bb/0x1350 [ 331.055158][ T31] ? genl_rcv_msg+0x10d/0x790 [ 331.059864][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 331.065677][ T31] ? __dev_queue_xmit+0x27b/0x3b50 [ 331.070843][ T31] ? radix_tree_lookup+0x240/0x290 [ 331.076576][ T31] genl_rcv_msg+0x10d/0x790 [ 331.081124][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 331.086922][ T31] ? ref_tracker_free+0x63a/0x7d0 [ 331.092005][ T31] ? __asan_memcpy+0x40/0x70 [ 331.097195][ T31] ? __pfx_ref_tracker_free+0x10/0x10 [ 331.102593][ T31] netlink_rcv_skb+0x208/0x470 [ 331.108111][ T31] ? __lock_acquire+0xab9/0xd20 [ 331.113093][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 331.118763][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 331.124695][ T31] ? down_read+0x1ad/0x2e0 [ 331.129134][ T31] genl_rcv+0x28/0x40 [ 331.133123][ T31] netlink_unicast+0x82f/0x9e0 [ 331.138092][ T31] ? __pfx_netlink_unicast+0x10/0x10 [ 331.143419][ T31] ? netlink_sendmsg+0x642/0xb30 [ 331.148674][ T31] ? skb_put+0x11b/0x210 [ 331.152984][ T31] netlink_sendmsg+0x805/0xb30 [ 331.158274][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 331.163606][ T31] ? aa_sock_msg_perm+0xf1/0x1d0 [ 331.169386][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 331.175635][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 331.180941][ T31] __sock_sendmsg+0x21c/0x270 [ 331.186372][ T31] __sys_sendto+0x3bd/0x520 [ 331.190920][ T31] ? __pfx___sys_sendto+0x10/0x10 [ 331.196543][ T31] ? count_memcg_event_mm+0x21/0x260 [ 331.201902][ T31] ? exc_page_fault+0x82/0x100 [ 331.207303][ T31] ? do_user_addr_fault+0xc85/0x1380 [ 331.212616][ T31] __x64_sys_sendto+0xde/0x100 [ 331.218061][ T31] do_syscall_64+0xfa/0xfa0 [ 331.222695][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 331.228644][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.235328][ T31] ? clear_bhb_loop+0x60/0xb0 [ 331.240023][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.246624][ T31] RIP: 0033:0x7f3fa39915dc [ 331.251079][ T31] RSP: 002b:00007f3fa1bf4ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 331.260377][ T31] RAX: ffffffffffffffda RBX: 00007f3fa1bf4fc0 RCX: 00007f3fa39915dc [ 331.269014][ T31] RDX: 0000000000000020 RSI: 00007f3fa1bf5010 RDI: 0000000000000005 [ 331.277602][ T31] RBP: 0000000000000000 R08: 00007f3fa1bf4f14 R09: 000000000000000c [ 331.286727][ T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005 [ 331.295494][ T31] R13: 00007f3fa1bf4f68 R14: 00007f3fa1bf5010 R15: 0000000000000000 [ 331.303510][ T31] [ 331.307215][ T31] INFO: task syz.3.905:8451 blocked for more than 145 seconds. [ 331.315392][ T31] Not tainted syzkaller #0 [ 331.320339][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 331.329673][ T31] task:syz.3.905 state:D stack:28360 pid:8451 tgid:8450 ppid:5837 task_flags:0x400040 flags:0x00080002 [ 331.342341][ T31] Call Trace: [ 331.346888][ T31] [ 331.349854][ T31] __schedule+0x1798/0x4cc0 [ 331.355208][ T31] ? __lock_acquire+0xab9/0xd20 [ 331.360165][ T31] ? __lock_acquire+0xab9/0xd20 [ 331.365903][ T31] ? __pfx___schedule+0x10/0x10 [ 331.370814][ T31] ? schedule+0x91/0x360 [ 331.375697][ T31] schedule+0x165/0x360 [ 331.379881][ T31] schedule_preempt_disabled+0x13/0x30 [ 331.385966][ T31] __mutex_lock+0x7e6/0x1350 [ 331.390586][ T31] ? __mutex_lock+0x5bb/0x1350 [ 331.396538][ T31] ? genl_rcv_msg+0x10d/0x790 [ 331.401245][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 331.406895][ T31] ? __dev_queue_xmit+0x27b/0x3b50 [ 331.412047][ T31] ? radix_tree_lookup+0x240/0x290 [ 331.417902][ T31] genl_rcv_msg+0x10d/0x790 [ 331.422542][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 331.427949][ T31] ? ref_tracker_free+0x63a/0x7d0 [ 331.433021][ T31] ? __asan_memcpy+0x40/0x70 [ 331.437687][ T31] ? __pfx_ref_tracker_free+0x10/0x10 [ 331.443101][ T31] netlink_rcv_skb+0x208/0x470 [ 331.447950][ T31] ? __lock_acquire+0xab9/0xd20 [ 331.452843][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 331.458467][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 331.464517][ T31] ? down_read+0x1ad/0x2e0 [ 331.469034][ T31] genl_rcv+0x28/0x40 [ 331.473029][ T31] netlink_unicast+0x82f/0x9e0 [ 331.478683][ T31] ? __pfx_netlink_unicast+0x10/0x10 [ 331.484721][ T31] ? netlink_sendmsg+0x642/0xb30 [ 331.489728][ T31] ? skb_put+0x11b/0x210 [ 331.494570][ T31] netlink_sendmsg+0x805/0xb30 [ 331.499363][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 331.505761][ T31] ? aa_sock_msg_perm+0xf1/0x1d0 [ 331.510732][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 331.516642][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 331.521973][ T31] __sock_sendmsg+0x21c/0x270 [ 331.527357][ T31] __sys_sendto+0x3bd/0x520 [ 331.531883][ T31] ? __pfx___sys_sendto+0x10/0x10 [ 331.537568][ T31] ? count_memcg_event_mm+0x21/0x260 [ 331.542910][ T31] ? exc_page_fault+0x82/0x100 [ 331.548343][ T31] ? do_user_addr_fault+0xc85/0x1380 [ 331.553651][ T31] __x64_sys_sendto+0xde/0x100 [ 331.559047][ T31] do_syscall_64+0xfa/0xfa0 [ 331.563577][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 331.569496][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.576160][ T31] ? clear_bhb_loop+0x60/0xb0 [ 331.580856][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.587644][ T31] RIP: 0033:0x7f58d79915dc [ 331.592098][ T31] RSP: 002b:00007f58d5bf4ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 331.600940][ T31] RAX: ffffffffffffffda RBX: 00007f58d5bf4fc0 RCX: 00007f58d79915dc [ 331.609658][ T31] RDX: 0000000000000020 RSI: 00007f58d5bf5010 RDI: 0000000000000004 [ 331.618513][ T31] RBP: 0000000000000000 R08: 00007f58d5bf4f14 R09: 000000000000000c [ 331.627561][ T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 331.636316][ T31] R13: 00007f58d5bf4f68 R14: 00007f58d5bf5010 R15: 0000000000000000 [ 331.644837][ T31] [ 331.647908][ T31] INFO: task syz.2.908:8461 blocked for more than 145 seconds. [ 331.656363][ T31] Not tainted syzkaller #0 [ 331.661334][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 331.670612][ T31] task:syz.2.908 state:D stack:25992 pid:8461 tgid:8460 ppid:5828 task_flags:0x400140 flags:0x00080002 [ 331.683216][ T31] Call Trace: [ 331.687120][ T31] [ 331.690074][ T31] __schedule+0x1798/0x4cc0 [ 331.695437][ T31] ? __lock_acquire+0xab9/0xd20 [ 331.700328][ T31] ? __lock_acquire+0xab9/0xd20 [ 331.705892][ T31] ? __pfx___schedule+0x10/0x10 [ 331.710810][ T31] ? schedule+0x91/0x360 [ 331.715402][ T31] schedule+0x165/0x360 [ 331.719677][ T31] schedule_preempt_disabled+0x13/0x30 [ 331.725804][ T31] __mutex_lock+0x7e6/0x1350 [ 331.730458][ T31] ? __mutex_lock+0x5bb/0x1350 [ 331.735615][ T31] ? genl_rcv_msg+0x10d/0x790 [ 331.740332][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 331.746365][ T31] ? __dev_queue_xmit+0x27b/0x3b50 [ 331.751512][ T31] ? radix_tree_lookup+0x240/0x290 [ 331.757312][ T31] genl_rcv_msg+0x10d/0x790 [ 331.761984][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 331.767629][ T31] ? ref_tracker_free+0x63a/0x7d0 [ 331.772674][ T31] ? __asan_memcpy+0x40/0x70 [ 331.777891][ T31] ? __pfx_ref_tracker_free+0x10/0x10 [ 331.783285][ T31] netlink_rcv_skb+0x208/0x470 [ 331.788657][ T31] ? __lock_acquire+0xab9/0xd20 [ 331.793552][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 331.799388][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 331.805757][ T31] ? down_read+0x1ad/0x2e0 [ 331.810213][ T31] genl_rcv+0x28/0x40 [ 331.814792][ T31] netlink_unicast+0x82f/0x9e0 [ 331.819590][ T31] ? __pfx_netlink_unicast+0x10/0x10 [ 331.825609][ T31] ? netlink_sendmsg+0x642/0xb30 [ 331.830589][ T31] ? skb_put+0x11b/0x210 [ 331.835448][ T31] netlink_sendmsg+0x805/0xb30 [ 331.840250][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 331.846183][ T31] ? aa_sock_msg_perm+0xf1/0x1d0 [ 331.851149][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 331.857640][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 331.862949][ T31] __sock_sendmsg+0x21c/0x270 [ 331.868268][ T31] __sys_sendto+0x3bd/0x520 [ 331.872810][ T31] ? __pfx___sys_sendto+0x10/0x10 [ 331.878542][ T31] ? __lock_acquire+0xab9/0xd20 [ 331.883491][ T31] ? fd_install+0x97/0x540 [ 331.888585][ T31] ? fd_install+0x30d/0x540 [ 331.893120][ T31] __x64_sys_sendto+0xde/0x100 [ 331.898516][ T31] do_syscall_64+0xfa/0xfa0 [ 331.903051][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 331.908882][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.915784][ T31] ? clear_bhb_loop+0x60/0xb0 [ 331.920486][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.927001][ T31] RIP: 0033:0x7fdc925915dc [ 331.931581][ T31] RSP: 002b:00007fdc93455ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 331.940664][ T31] RAX: ffffffffffffffda RBX: 00007fdc93455fc0 RCX: 00007fdc925915dc [ 331.949391][ T31] RDX: 0000000000000020 RSI: 00007fdc93456010 RDI: 0000000000000005 [ 331.957980][ T31] RBP: 0000000000000000 R08: 00007fdc93455f14 R09: 000000000000000c [ 331.967302][ T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005 [ 331.975649][ T31] R13: 00007fdc93455f68 R14: 00007fdc93456010 R15: 0000000000000000 [ 331.984328][ T31] [ 331.987405][ T31] INFO: task syz-executor:8464 blocked for more than 145 seconds. [ 331.995639][ T31] Not tainted syzkaller #0 [ 332.000630][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 332.009437][ T31] task:syz-executor state:D stack:28008 pid:8464 tgid:8464 ppid:1 task_flags:0x400040 flags:0x00080000 [ 332.021441][ T31] Call Trace: [ 332.024833][ T31] [ 332.027823][ T31] __schedule+0x1798/0x4cc0 [ 332.032365][ T31] ? __lock_acquire+0xab9/0xd20 [ 332.037723][ T31] ? __lock_acquire+0xab9/0xd20 [ 332.042634][ T31] ? __pfx___schedule+0x10/0x10 [ 332.048243][ T31] ? schedule+0x91/0x360 [ 332.052538][ T31] schedule+0x165/0x360 [ 332.057393][ T31] schedule_preempt_disabled+0x13/0x30 [ 332.062883][ T31] __mutex_lock+0x7e6/0x1350 [ 332.068234][ T31] ? __mutex_lock+0x5bb/0x1350 [ 332.073038][ T31] ? rfkill_register+0x37/0x8e0 [ 332.078668][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 332.083727][ T31] ? __raw_spin_lock_init+0x45/0x100 [ 332.090327][ T31] ? __init_waitqueue_head+0xa9/0x150 [ 332.096305][ T31] ? device_initialize+0x24b/0x440 [ 332.101440][ T31] rfkill_register+0x37/0x8e0 [ 332.106750][ T31] hci_register_dev+0x3f5/0x890 [ 332.111635][ T31] vhci_create_device+0x39c/0x650 [ 332.117464][ T31] vhci_write+0x3ce/0x4a0 [ 332.121845][ T31] vfs_write+0x5c9/0xb30 [ 332.126926][ T31] ? __pfx_vhci_write+0x10/0x10 [ 332.131926][ T31] ? __pfx_vfs_write+0x10/0x10 [ 332.137788][ T31] ? count_memcg_event_mm+0x21/0x260 [ 332.143216][ T31] ksys_write+0x145/0x250 [ 332.148223][ T31] ? __pfx_ksys_write+0x10/0x10 [ 332.153102][ T31] ? do_syscall_64+0xbe/0xfa0 [ 332.158427][ T31] do_syscall_64+0xfa/0xfa0 [ 332.162960][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 332.168783][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.175495][ T31] ? clear_bhb_loop+0x60/0xb0 [ 332.180199][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.186848][ T31] RIP: 0033:0x7f9e1838e1c0 [ 332.191290][ T31] RSP: 002b:00007ffd1622cf58 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 332.202017][ T31] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f9e1838e1c0 [ 332.210637][ T31] RDX: 0000000000000002 RSI: 00007ffd1622cf6a RDI: 00000000000000ca [ 332.219243][ T31] RBP: 00007f9e185e67b8 R08: 0000000000000000 R09: 00007f9e1911d6c0 [ 332.227824][ T31] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008 [ 332.236440][ T31] R13: 0000000000000003 R14: 00007ffd1622d2b8 R15: 0000000000000000 [ 332.245262][ T31] [ 332.248345][ T31] INFO: task syz-executor:8467 blocked for more than 145 seconds. [ 332.256850][ T31] Not tainted syzkaller #0 [ 332.261807][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 332.271099][ T31] task:syz-executor state:D stack:27400 pid:8467 tgid:8467 ppid:1 task_flags:0x400040 flags:0x00080000 [ 332.283633][ T31] Call Trace: [ 332.287661][ T31] [ 332.290619][ T31] __schedule+0x1798/0x4cc0 [ 332.295324][ T31] ? __lock_acquire+0xab9/0xd20 [ 332.300214][ T31] ? __lock_acquire+0xab9/0xd20 [ 332.305852][ T31] ? __pfx___schedule+0x10/0x10 [ 332.310766][ T31] ? schedule+0x91/0x360 [ 332.315494][ T31] schedule+0x165/0x360 [ 332.319747][ T31] schedule_preempt_disabled+0x13/0x30 [ 332.325857][ T31] __mutex_lock+0x7e6/0x1350 [ 332.330518][ T31] ? __mutex_lock+0x5bb/0x1350 [ 332.335926][ T31] ? rfkill_register+0x37/0x8e0 [ 332.340817][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 332.346476][ T31] ? __raw_spin_lock_init+0x45/0x100 [ 332.351799][ T31] ? __init_waitqueue_head+0xa9/0x150 [ 332.357836][ T31] ? device_initialize+0x24b/0x440 [ 332.362978][ T31] rfkill_register+0x37/0x8e0 [ 332.368474][ T31] hci_register_dev+0x3f5/0x890 [ 332.373360][ T31] vhci_create_device+0x39c/0x650 [ 332.379066][ T31] vhci_write+0x3ce/0x4a0 [ 332.383439][ T31] vfs_write+0x5c9/0xb30 [ 332.388383][ T31] ? __pfx_vhci_write+0x10/0x10 [ 332.393292][ T31] ? __pfx_vfs_write+0x10/0x10 [ 332.398690][ T31] ? count_memcg_event_mm+0x21/0x260 [ 332.404746][ T31] ksys_write+0x145/0x250 [ 332.409129][ T31] ? __pfx_ksys_write+0x10/0x10 [ 332.415096][ T31] ? do_syscall_64+0xbe/0xfa0 [ 332.419813][ T31] do_syscall_64+0xfa/0xfa0 [ 332.425122][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 332.430354][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.437173][ T31] ? clear_bhb_loop+0x60/0xb0 [ 332.441876][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.448453][ T31] RIP: 0033:0x7f287678e1c0 [ 332.452890][ T31] RSP: 002b:00007ffcbc54acb8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 332.462035][ T31] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f287678e1c0 [ 332.470623][ T31] RDX: 0000000000000002 RSI: 00007ffcbc54acca RDI: 00000000000000ca [ 332.479446][ T31] RBP: 00007f28769e67b8 R08: 0000000000000000 R09: 00007f287751d6c0 [ 332.488011][ T31] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008 [ 332.496573][ T31] R13: 0000000000000003 R14: 00007ffcbc54b018 R15: 0000000000000000 [ 332.505149][ T31] [ 332.508228][ T31] [ 332.508228][ T31] Showing all locks held in the system: [ 332.516594][ T31] 3 locks held by kworker/1:0/24: [ 332.521629][ T31] #0: ffff88801a055948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 332.533717][ T31] #1: ffffc900001e7ba0 ((work_completion)(&rfkill->sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 332.546500][ T31] #2: ffffffff8f5abc68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_sync_work+0x2e/0x200 [ 332.557293][ T31] 1 lock held by khungtaskd/31: [ 332.562168][ T31] #0: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 332.572682][ T31] 2 locks held by getty/5587: [ 332.577948][ T31] #0: ffff88802fbdc0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 332.587944][ T31] #1: ffffc900036c62f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 332.598424][ T31] 4 locks held by kworker/0:5/5906: [ 332.603642][ T31] #0: ffff88801a055948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 332.615237][ T31] #1: ffffc900042afba0 ((work_completion)(&rfkill->sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 332.628220][ T31] #2: ffffffff8f5abc68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_sync_work+0x2e/0x200 [ 332.638986][ T31] #3: ffff8880587fa100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0 [ 332.649902][ T31] 1 lock held by syz.1.835/8275: [ 332.655552][ T31] #0: ffff8880587fa100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0 [ 332.665853][ T31] 3 locks held by syz.0.898/8434: [ 332.670892][ T31] #0: ffffffff8f331bd0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 332.679848][ T31] #1: ffffffff8f3319e8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 332.689451][ T31] #2: ffffffff8f5abc68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 332.700000][ T31] 2 locks held by syz.4.901/8442: [ 332.705842][ T31] #0: ffffffff8f331bd0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 332.714653][ T31] #1: ffffffff8f3319e8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 332.723667][ T31] 2 locks held by syz.3.905/8451: [ 332.729358][ T31] #0: ffffffff8f331bd0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 332.738185][ T31] #1: ffffffff8f3319e8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 332.747907][ T31] 2 locks held by syz.2.908/8461: [ 332.752961][ T31] #0: ffffffff8f331bd0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 332.762244][ T31] #1: ffffffff8f3319e8 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 332.771977][ T31] 2 locks held by syz-executor/8464: [ 332.777878][ T31] #0: ffff888054a97918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650 [ 332.788521][ T31] #1: ffffffff8f5abc68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 332.799246][ T31] 2 locks held by syz-executor/8467: [ 332.805170][ T31] #0: ffff888032bb2118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650 [ 332.816155][ T31] #1: ffffffff8f5abc68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 332.826951][ T31] 2 locks held by syz-executor/8470: [ 332.832261][ T31] #0: ffff888032bb6118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650 [ 332.845452][ T31] #1: ffffffff8f5abc68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 332.856194][ T31] 2 locks held by syz-executor/8473: [ 332.861496][ T31] #0: ffff88807c74e118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650 [ 332.872656][ T31] #1: ffffffff8f5abc68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 332.883293][ T31] 2 locks held by syz-executor/8474: [ 332.888775][ T31] #0: ffff8880577fa918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650 [ 332.899344][ T31] #1: ffffffff8f5abc68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 332.909421][ T31] 2 locks held by syz-executor/8479: [ 332.915292][ T31] #0: ffff888075f81918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650 [ 332.926233][ T31] #1: ffffffff8f5abc68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 332.936887][ T31] 2 locks held by syz-executor/8482: [ 332.942195][ T31] #0: ffff888023d3f118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650 [ 332.953012][ T31] #1: ffffffff8f5abc68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 332.963558][ T31] 2 locks held by syz-executor/8485: [ 332.969725][ T31] #0: ffff888023d39118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650 [ 332.980713][ T31] #1: ffffffff8f5abc68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 332.991448][ T31] 2 locks held by syz-executor/8488: [ 332.997327][ T31] #0: ffff8880563fc918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650 [ 333.007966][ T31] #1: ffffffff8f5abc68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 333.018572][ T31] 2 locks held by syz-executor/8489: [ 333.024508][ T31] #0: ffff88807de57918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650 [ 333.035378][ T31] #1: ffffffff8f5abc68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 333.046067][ T31] 2 locks held by syz-executor/8494: [ 333.051406][ T31] #0: ffff888078888918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650 [ 333.062102][ T31] #1: ffffffff8f5abc68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 333.072752][ T31] 2 locks held by syz-executor/8497: [ 333.078837][ T31] #0: ffff888023737918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650 [ 333.090001][ T31] #1: ffffffff8f5abc68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 333.100559][ T31] 2 locks held by syz-executor/8500: [ 333.106430][ T31] #0: ffff888023731918 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650 [ 333.117061][ T31] #1: ffffffff8f5abc68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 333.127709][ T31] 2 locks held by syz-executor/8503: [ 333.133010][ T31] #0: ffff88807c44e118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650 [ 333.143726][ T31] #1: ffffffff8f5abc68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 333.155110][ T31] 2 locks held by syz-executor/8504: [ 333.160403][ T31] #0: ffff88807c44d118 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x650 [ 333.171157][ T31] #1: ffffffff8f5abc68 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_register+0x37/0x8e0 [ 333.181384][ T31] [ 333.183733][ T31] ============================================= [ 333.183733][ T31] [ 333.192407][ T31] NMI backtrace for cpu 0 [ 333.192429][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 333.192452][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 333.192464][ T31] Call Trace: [ 333.192473][ T31] [ 333.192481][ T31] dump_stack_lvl+0x189/0x250 [ 333.192517][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 333.192548][ T31] ? __pfx__printk+0x10/0x10 [ 333.192584][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 333.192612][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 333.192640][ T31] ? __pfx__printk+0x10/0x10 [ 333.192667][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 333.192704][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 333.192733][ T31] watchdog+0xf60/0xfa0 [ 333.192760][ T31] ? watchdog+0x1e2/0xfa0 [ 333.192788][ T31] kthread+0x711/0x8a0 [ 333.192830][ T31] ? __pfx_watchdog+0x10/0x10 [ 333.192850][ T31] ? __pfx_kthread+0x10/0x10 [ 333.192881][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 333.192910][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 333.192939][ T31] ? __pfx_kthread+0x10/0x10 [ 333.192968][ T31] ret_from_fork+0x4bc/0x870 [ 333.192994][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 333.193026][ T31] ? __switch_to_asm+0x39/0x70 [ 333.193042][ T31] ? __switch_to_asm+0x33/0x70 [ 333.193058][ T31] ? __pfx_kthread+0x10/0x10 [ 333.193085][ T31] ret_from_fork_asm+0x1a/0x30 [ 333.193121][ T31] [ 333.193129][ T31] Sending NMI from CPU 0 to CPUs 1: [ 333.346453][ C1] NMI backtrace for cpu 1 [ 333.346486][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) [ 333.346507][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 333.346519][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 333.346551][ C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 93 b1 21 00 f3 0f 1e fa fb f4 c8 e6 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 333.346568][ C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6 [ 333.346585][ C1] RAX: d22015bf0f452d00 RBX: ffffffff81967b47 RCX: d22015bf0f452d00 [ 333.346600][ C1] RDX: 0000000000000001 RSI: ffffffff8d70e436 RDI: ffffffff8bbf08e0 [ 333.346613][ C1] RBP: ffffc90000197f10 R08: ffff8880b8932fdb R09: 1ffff110171265fb [ 333.346627][ C1] R10: dffffc0000000000 R11: ffffed10171265fc R12: ffffffff8f7cee70 [ 333.346641][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003952b58 [ 333.346655][ C1] FS: 0000000000000000(0000) GS:ffff88812623b000(0000) knlGS:0000000000000000 [ 333.346670][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 333.346682][ C1] CR2: 0000564b9f4a0f40 CR3: 000000000dd38000 CR4: 00000000003526f0 [ 333.346699][ C1] Call Trace: [ 333.346707][ C1] [ 333.346714][ C1] default_idle+0x13/0x20 [ 333.346732][ C1] default_idle_call+0x73/0xb0 [ 333.346751][ C1] do_idle+0x1e7/0x510 [ 333.346776][ C1] ? __pfx_do_idle+0x10/0x10 [ 333.346805][ C1] cpu_startup_entry+0x44/0x60 [ 333.346824][ C1] start_secondary+0x101/0x110 [ 333.346854][ C1] common_startup_64+0x13e/0x147 [ 333.346890][ C1]