last executing test programs: 1m36.451873625s ago: executing program 4 (id=919): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffffffff4f7}, {}, 0x0, 0x0, 0x0, 0x1}, {{@in=@multicast1, 0x4d6, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3}}, 0xe8) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, 0x0, 0x4081) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) close(0x3) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0xb, 0x0, 0x0) r4 = socket(0x11, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bind$packet(r4, 0x0, 0x0) sendmsg$nl_route_sched(r3, 0x0, 0x4) r5 = getpid() r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r7, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r5}}]}, 0x3c}}, 0x4000084) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) 1m24.560433893s ago: executing program 4 (id=919): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffffffff4f7}, {}, 0x0, 0x0, 0x0, 0x1}, {{@in=@multicast1, 0x4d6, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3}}, 0xe8) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, 0x0, 0x4081) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) close(0x3) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0xb, 0x0, 0x0) r4 = socket(0x11, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bind$packet(r4, 0x0, 0x0) sendmsg$nl_route_sched(r3, 0x0, 0x4) r5 = getpid() r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r7, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r5}}]}, 0x3c}}, 0x4000084) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) 1m11.9782863s ago: executing program 4 (id=919): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffffffff4f7}, {}, 0x0, 0x0, 0x0, 0x1}, {{@in=@multicast1, 0x4d6, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3}}, 0xe8) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, 0x0, 0x4081) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) close(0x3) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0xb, 0x0, 0x0) r4 = socket(0x11, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bind$packet(r4, 0x0, 0x0) sendmsg$nl_route_sched(r3, 0x0, 0x4) r5 = getpid() r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r7, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r5}}]}, 0x3c}}, 0x4000084) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) 1m1.032190203s ago: executing program 4 (id=919): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffffffff4f7}, {}, 0x0, 0x0, 0x0, 0x1}, {{@in=@multicast1, 0x4d6, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3}}, 0xe8) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, 0x0, 0x4081) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) close(0x3) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0xb, 0x0, 0x0) r4 = socket(0x11, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bind$packet(r4, 0x0, 0x0) sendmsg$nl_route_sched(r3, 0x0, 0x4) r5 = getpid() r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r7, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r5}}]}, 0x3c}}, 0x4000084) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) 46.575528974s ago: executing program 4 (id=919): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffffffff4f7}, {}, 0x0, 0x0, 0x0, 0x1}, {{@in=@multicast1, 0x4d6, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3}}, 0xe8) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, 0x0, 0x4081) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) close(0x3) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0xb, 0x0, 0x0) r4 = socket(0x11, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bind$packet(r4, 0x0, 0x0) sendmsg$nl_route_sched(r3, 0x0, 0x4) r5 = getpid() r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r7, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r5}}]}, 0x3c}}, 0x4000084) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) 40.813637433s ago: executing program 1 (id=1967): r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r0, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, 0x0}, 0x209}, {{0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000002980)=""/4098, 0x1002}, {&(0x7f0000000040)=""/6, 0x6}, {&(0x7f00000006c0)=""/219, 0xdb}, {&(0x7f00000008c0)=""/31, 0x1f}, {&(0x7f00000007c0)=""/229, 0xe5}, {&(0x7f0000000c00)=""/193, 0xc1}], 0x6}, 0x80000000}], 0x4, 0x20, 0x0) 39.504618284s ago: executing program 1 (id=1975): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) (async) sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000b00)={0x18, 0x5a, 0x30d, 0x4000, 0x0, "", [@nested={0x4}, @nested={0x4, 0x3}]}, 0x18}], 0x1, 0x0, 0x0, 0x440d4}, 0x0) r1 = epoll_create1(0x0) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) pselect6(0x40, &(0x7f0000000100)={0x2a, 0x803, 0x14, 0x575, 0x7fffffff, 0x0, 0x7, 0xffffffff}, 0x0, 0x0, 0x0, 0x0) writev(r3, &(0x7f0000000180)=[{&(0x7f0000000000)="9c", 0xffffff7d}], 0x1) (async) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000600)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) (async) r5 = accept4(r4, 0x0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_SET(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={0x14, 0x0, 0x400, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000001}, 0x48800) sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_WDS_PEER(r5, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x88, r6, 0x800, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @random="36b48dacfa62"}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_MAC={0xa, 0x6, @random="507061a6e04b"}, @NL80211_ATTR_MAC={0xa, 0x6, @random="78d61a9674bf"}, @NL80211_ATTR_MAC={0xa, 0x6, @random="bbc31f6353d2"}, @NL80211_ATTR_MAC={0xa, 0x6, @random="3cffa7a98c19"}, @NL80211_ATTR_MAC={0xa}]}, 0x88}, 0x1, 0x0, 0x0, 0x10}, 0x800) (async) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)) (async) shutdown(r2, 0x0) 39.110126389s ago: executing program 1 (id=1978): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e1f, @multicast1}, 0x10) syz_emit_ethernet(0x3e, &(0x7f0000000580)=ANY=[@ANYBLOB="0380c200450000300000000000019078ac1e0001ac1414aaff0000001200183f2501000000000aabb466c02aced1914b59a1f6f37fd8d43b131de819829b39931b61589b64337ccef51c983285f8"], 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='sample_threshold\x00', r1, 0x0, 0xffffffffffff0001}, 0x18) getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x3, &(0x7f0000000280)=""/199, &(0x7f0000000180)=0xc7) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) sendmsg$NFNL_MSG_ACCT_GET(r0, &(0x7f0000000700)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000006c0)={&(0x7f0000000480)={0x30, 0x1, 0x7, 0x801, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFACCT_FLAGS={0x8}, @NFACCT_FLAGS={0x8}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x40080}, 0x48000) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) r4 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000100)={0x0, 0x60, &(0x7f0000001680)={&(0x7f0000000580)=@newtaction={0x70, 0x30, 0x53b, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_simple={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0xf, 0x3, '\\^]!${{%@:\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x0, 0x0, 0xe4ffffff}}]}, {0x59}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x70}}, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000003c0)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="02"], 0x10) socketpair(0x2, 0x1, 0x100, &(0x7f0000002b40)) r5 = openat$cgroup_devices(r2, &(0x7f00000001c0)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r5, &(0x7f0000000640)=ANY=[@ANYBLOB="62202a3a2a20776d00776b50ff9ca322dfaaef7de3f008ed7db528a28bb0764212aba2b5b2fce8a1efcd54eb2beae5fda6cdc613fb344135067288c84fd87bc397ef9beb424263818028a92a645403fa5a30"], 0x9) socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001440)=ANY=[@ANYBLOB="2c0000001a00010000000000000000000200000000000000", @ANYRES32=0x0, @ANYBLOB='\b'], 0x2c}}, 0x0) 38.852492745s ago: executing program 1 (id=1983): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r1}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000005000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0xa, 0x6, &(0x7f0000000140)=ANY=[@ANYBLOB="05000000000000006b110800000000008510000002000000850000000000000095000000000000009500a50500000000389230606378b65aa92ac1ac2a77cdc867e41e3acbda96d4b848d263de77bf1e6d8b17e03ac18017c094eb881e"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$can_j1939(0x1d, 0x2, 0x7) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000400500040000000000050005000a00000014000780050015000a00000008001240"], 0x60}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r2}, 0x10) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000180)) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000680), &(0x7f00000006c0)=0xc) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) gettid() r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00'}) r7 = socket(0x28, 0x805, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r7) sendmsg$NL80211_CMD_START_P2P_DEVICE(r7, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0xc050}, 0x4080) sendmsg$RDMA_NLDEV_CMD_DELLINK(r7, &(0x7f0000000700)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x20, 0x1404, 0x8, 0x70bd26, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x20}}, 0x10) recvmmsg$unix(r7, &(0x7f0000003100)=[{{0x0, 0x0, &(0x7f0000002ac0)=[{&(0x7f0000000380)=""/215, 0xd7}, {&(0x7f0000000300)}, {&(0x7f0000003300)=""/4096, 0x1000}, {&(0x7f00000004c0)=""/85, 0x55}, {0x0}, {&(0x7f0000001940)=""/184, 0xb8}, {&(0x7f0000001a00)=""/4096, 0x1000}, {&(0x7f0000002a00)=""/180, 0xfffffe61}, {&(0x7f0000000600)=""/62, 0x3e}], 0x9, &(0x7f0000002b80)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x78}}, {{&(0x7f0000000740)=@abs, 0x6e, &(0x7f0000003000)=[{&(0x7f0000000640)}, {&(0x7f0000003240)=""/144, 0x90}, {&(0x7f0000000800)=""/29, 0x1d}, {&(0x7f0000000840)=""/40, 0x28}, {&(0x7f0000002d00)=""/227, 0xe3}, {&(0x7f0000002e00)=""/176, 0xb0}, {&(0x7f0000002ec0)=""/5, 0x5}, {&(0x7f0000002f00)}, {&(0x7f0000002f40)=""/180, 0xb4}], 0x9, &(0x7f00000030c0)=[@cred={{0x1c}}], 0x20}}], 0x2, 0x101, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x4, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @sit={{0x8}, {0x4}}}]}, 0x30}}, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000340)=@kern={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000480)=[{0x0}], 0x1, &(0x7f0000003180)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000010000000000000000100000001000000d5437f47a8062181fe52bce4b930dfe94284119c999313fb75389b2db241c16fa3d17e97cceb21ae46ed8cc859235c1c4529beff20ad1af11ad7b1a17851e065dc08c8a4edbf9651e4cdae19417bc7dab6a41f575acd4cc59afc0df67189276b20c7027fa1ba3d77c4297847b8befd373bafc5cd8a73"], 0x30, 0x8885}, 0x40041) sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x34, 0x2d, 0x1, 0x0, 0x6000, "", [@nested={0x24, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback={0x100000000000000}}]}]}, 0x34}], 0x1}, 0x0) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB="400000000906010800000001000000000200ffff0900020073797a310000000008000940000000390600010007000000100008800c0007800800094000000002"], 0x40}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r8, 0x84, 0x2, &(0x7f0000000000)={0xfffc, 0xffff, 0x0, 0x7}, 0x8) sendto$inet6(r8, &(0x7f0000000580)="81", 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @loopback, 0x81}, 0x7e) setsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, 0x0, 0x0) 38.612460768s ago: executing program 1 (id=1985): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) r2 = socket(0x15, 0x5, 0x0) getsockopt(r2, 0x200000000114, 0x2716, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) openat$cgroup_ro(r1, &(0x7f0000000040)='blkio.bfq.io_merged\x00', 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000040), 0x0, 0x20000045, &(0x7f00000002c0)={0xa, 0x2, 0x9, @empty}, 0x1c) 29.863500409s ago: executing program 4 (id=919): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffffffff4f7}, {}, 0x0, 0x0, 0x0, 0x1}, {{@in=@multicast1, 0x4d6, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3}}, 0xe8) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, 0x0, 0x4081) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) close(0x3) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0xb, 0x0, 0x0) r4 = socket(0x11, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bind$packet(r4, 0x0, 0x0) sendmsg$nl_route_sched(r3, 0x0, 0x4) r5 = getpid() r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r7, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r5}}]}, 0x3c}}, 0x4000084) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) 25.858940243s ago: executing program 1 (id=1985): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) r2 = socket(0x15, 0x5, 0x0) getsockopt(r2, 0x200000000114, 0x2716, 0x0, &(0x7f0000000000)) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) openat$cgroup_ro(r1, &(0x7f0000000040)='blkio.bfq.io_merged\x00', 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000040), 0x0, 0x20000045, &(0x7f00000002c0)={0xa, 0x2, 0x9, @empty}, 0x1c) 19.740569299s ago: executing program 3 (id=2093): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000140)={'wlan0\x00', &(0x7f0000000040)=@ethtool_ringparam={0x11, 0x1, 0x5, 0x7, 0x356, 0x80, 0xb, 0x2, 0x4}}) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)=ANY=[@ANYRES32, @ANYBLOB='6\x00\x00\x00\x00\x00', @ANYRES32], 0x20) socket$inet6_udp(0xa, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x1f, 0xf, &(0x7f00000000c0)=@ringbuf={{0x18, 0x6}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x2a}, {0x7, 0x0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0xb5}}}, &(0x7f0000000940)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = socket(0x1e, 0x1, 0x0) connect$tipc(r1, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) r2 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000001600)={'filter\x00', 0xb001, 0x4, 0x3f8, 0x110, 0x110, 0x0, 0x310, 0x310, 0x310, 0x7fffffe, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@link_local, @private=0xa010100, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x7, 0xffffffff}}}, {{@uncond, 0xc0, 0x110, 0x0, {0x0, 0x1e03}}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@local, @rand_addr=0x64010102, @local, 0x2, 0xfffffffe}}}, {{@uncond, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0x10b, 0x0, 0x1}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x448) (fail_nth: 4) 19.729485733s ago: executing program 0 (id=2094): sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) syz_init_net_socket$ax25(0x3, 0x3, 0x6) listen(0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x16, 0x0, &(0x7f0000000000)="b9ff03076044238c9e9e15f088a84cb688a84d720800", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) listen(r0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="09000000070000000300000048"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r2}, 0x18) bpf$MAP_CREATE(0x2100000000000000, &(0x7f0000000840)=@base={0xa, 0x101, 0x7ffb, 0xcc, 0x8, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) 19.340117793s ago: executing program 3 (id=2095): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) r2 = socket$inet6(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000280)=ANY=[@ANYRES8=r1, @ANYBLOB="587d5bbb5bb0a41aaed83a957bcd01f6db553b93b0d98d48e3dac50f605fca83dbde39219c74e585aad7f77947a2539f9a6fea89342af69d576a817b0ef1d9acc8f78cbd946d1da80f218d8d9d9d608373834b4a6ad4c43133e42420e1ea4feeff58de04ab0d6908b7ec004b99010eb068ce03bae5b361f6e1e2e7ca7859d2b43aa4726837ac5b5ac9741f24f3179b22785b8dd7a18d3b33dfabc2761d26c8301077f3cb8400e3338cc5ed227040d03e39db5203", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f60000008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001000)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002"], 0x0, 0x2, 0x0, 0x0, 0x0, 0xd5e93709d453f02a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdbd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r4}, 0x10) sendto$inet6(r2, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x43, &(0x7f0000000000)={0x77359400}, 0x10) close(r0) r5 = socket$can_raw(0x1d, 0x3, 0x1) r6 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) socket$rds(0x15, 0x5, 0x0) getsockopt$sock_buf(r6, 0x1, 0x1c, 0x0, &(0x7f00000001c0)) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000080)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r5, &(0x7f0000000240)={&(0x7f0000000780)={0x1d, r7}, 0x10, &(0x7f0000000200)={&(0x7f00000007c0)=@can={{0x2, 0x0, 0x1, 0x1}, 0x1, 0x2, 0x0, 0x0, "f97003b8750e5566"}, 0x10}}, 0x0) r8 = socket(0x23, 0x4, 0x10003) r9 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), r8) r10 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r12 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r12, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x11c, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r11, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x140, 0x2, {{0xa, [0xb, 0x2, 0xb, 0x8c, 0xd, 0x4, 0x1, 0x6, 0xa, 0xf, 0x10, 0x2, 0xd, 0x8, 0x5, 0x9], 0x1, [0x9, 0x67ef, 0x2, 0x4, 0x4, 0x8, 0x3, 0xfff9, 0x9, 0xd4e8, 0x6, 0x200, 0x10, 0x0, 0xc73, 0x5], [0x800, 0x1, 0x4, 0x3d3e, 0xff, 0x4, 0x2, 0x50ad, 0x81, 0xc5, 0x8000, 0xc, 0x3, 0x7, 0x8, 0xce]}, [@TCA_MQPRIO_MAX_RATE64={0x70, 0x4, 0x0, 0x1, [{0xc, 0x4, 0x8}, {0xc, 0x4, 0xffffffffffffe3f2}, {0xc, 0x4, 0xffffffffffff0001}, {0xc, 0x4, 0x5}, {0xc, 0x4, 0x5}, {0xc, 0x4, 0x2}, {0xc, 0x4, 0x7}, {0xc, 0x4, 0x9}, {0xc, 0x4, 0x2800000000000000}]}, @TCA_MQPRIO_SHAPER={0x6}, @TCA_MQPRIO_MIN_RATE64={0x1c, 0x3, 0x0, 0x1, [{0xc, 0x3, 0x8000000000000001}, {0xc, 0x3, 0x8000}]}]}}}]}, 0x11c}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r8, &(0x7f00000004c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f0000000800)={0x204, r9, 0x400, 0x70bd2d, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x7}, @ETHTOOL_A_LINKMODES_HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @ETHTOOL_A_LINKMODES_OURS={0x88, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_BITS={0x78, 0x3, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, ')@\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'vxcan0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x401}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, 'GPL\x00'}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x10001}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}, {0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x45}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x1}]}, @ETHTOOL_A_LINKMODES_OURS={0x120, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0xa8, 0x4, "bf106bbcb5d638f569db82feaa11226dc8d06bca933448767da2ac478aecdfddff7488eded675dedae9593ae37bb3432b04634c398a922f89b6634789a5781e3b9d5b6b78515e7605bd861b638b6c9f8183c8f73453857f6e9db03cc4faddf11fe9741bf89b481f1958d7206996e8b3b6245be78daa2bc8442aa5d16c9f7ee9f1b42c286739aa2c90deb84f993dc0d2dac4ee046a0953da33dc1120f0dcdafa52fa69324"}, @ETHTOOL_A_BITSET_BITS={0x74, 0x3, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x10001}]}, {0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xffffffa3}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'vxcan0\x00'}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '@:\x19\xde!\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x86}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x62}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x192}]}]}]}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x4}]}, 0x204}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 18.934175265s ago: executing program 3 (id=2097): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000780)={0x1d, r1}, 0x10, &(0x7f0000000200)={&(0x7f00000007c0)=@can={{0x2, 0x0, 0x1, 0x1}, 0x1, 0x2, 0x0, 0x0, "f97003b8750e5566"}, 0x10}, 0x1, 0x2000000}, 0x0) 18.677612625s ago: executing program 3 (id=2099): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) 18.676593352s ago: executing program 0 (id=2100): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000) r0 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r0, &(0x7f0000000040)="363c8f3fca5d66571e583e7c88a8", 0x36, 0x0, &(0x7f0000000200)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14) 18.331597403s ago: executing program 0 (id=2101): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000700)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x4, @mcast2, 0x9}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='batadv0\x00', 0x10) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$inet(0x2, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) setsockopt$inet_mreqsrc(r2, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={r1}) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f00000001c0)={0x0, 0xaa, "2f8194b3b962cff8b69910c23cdd5262a208b8eb623538ae81512173e1eebde2821e699008ed224104bfdefc27a4971cdf61b17d4e399e2840789c40aae0e4794e781f04d59e124ce2a8a79f0d4850b5ae14adf839b7916f3f21283fa99045332b2bc9e8618ccada93dfb2e61f2a8c3b2158b9cec7bdbd8ba1e29e7ac9e4b8d744605924ff249c74c055da1be8763b1e5d8c5ca68904e4d3fc5cf9fe417f16bd8b8615dca2c743ef5b8d"}, &(0x7f0000000040)=0xb2) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000280)={r4, @in={{0x2, 0x4e23, @broadcast}}, 0x9, 0xfff, 0x2, 0x5, 0x44, 0x908, 0x6}, 0x9c) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) clock_gettime(0x0, &(0x7f0000002d80)={0x0, 0x0}) recvmmsg(r2, &(0x7f0000002bc0)=[{{&(0x7f0000000340)=@nfc_llcp, 0x80, &(0x7f0000000100)=[{&(0x7f0000000480)=""/191, 0xbf}], 0x1, &(0x7f00000005c0)=""/144, 0x90}, 0x2}, {{&(0x7f0000000780)=@nfc_llcp, 0x80, &(0x7f0000000540)=[{&(0x7f0000000800)=""/92, 0x5c}, {&(0x7f0000000880)=""/225, 0xe1}, {&(0x7f0000000980)=""/87, 0x57}], 0x3, &(0x7f0000000a00)=""/169, 0xa9}, 0x57328359}, {{&(0x7f0000000ac0)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000000680)=[{&(0x7f0000000b40)=""/169, 0xa9}], 0x1}, 0x3}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000c00)=""/156, 0x9c}, {&(0x7f0000000cc0)=""/240, 0xf0}, {&(0x7f0000000dc0)=""/156, 0x9c}, {&(0x7f0000000e80)=""/67, 0x43}], 0x4, &(0x7f0000000f00)=""/15, 0xf}, 0x3}, {{&(0x7f0000000f40)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000000fc0)=[{&(0x7f0000001080)=""/124, 0x7c}, {&(0x7f0000001100)=""/215, 0xd7}, {&(0x7f0000001200)=""/134, 0x86}], 0x3, &(0x7f00000012c0)=""/233, 0xe9}, 0x7}, {{&(0x7f00000013c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x80, &(0x7f0000001640)=[{&(0x7f0000001440)=""/81, 0x51}, {&(0x7f00000014c0)=""/207, 0xcf}, {&(0x7f00000015c0)=""/8, 0x8}, {&(0x7f0000001600)=""/37, 0x25}], 0x4, &(0x7f0000001680)=""/130, 0x82}, 0x8}, {{&(0x7f0000001740)=@hci, 0x80, &(0x7f0000002a80)=[{&(0x7f00000017c0)=""/255, 0xff}, {&(0x7f00000018c0)=""/230, 0xe6}, {&(0x7f00000019c0)=""/143, 0x8f}, {&(0x7f0000001a80)=""/4096, 0x1000}], 0x4, &(0x7f0000002ac0)=""/243, 0xf3}, 0xa5000000}], 0x7, 0x40000002, &(0x7f0000002dc0)={r6, r7+60000000}) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002e00)=ANY=[@ANYBLOB="1400000010000100000000000085d16b7bb3563d93000000080a050000000000000000000200000a0900020073797a32000000000900010073797a3000000000140000001100010000000000000000000100000a6699526d227b8b754a746e8ceee2ff521e3d65f92c624fb93d942dcdcfaf1539cbc1db2e68f128aabc0319d7a6f0b1f5d1e6790ad6ffa3e0f39e9f31829d04f5e4efabeec3a71fff0e04914683950b74fff5b8ce5412cadd9de549884c63cff96dcafea534b5c761acfbf4315299db623c3e1dd419c966b7f0282756f3ea986674ea8e8318e20e8d75200f0c4bd4edcfe69f0e99bc1ebb4e546a0343ddc2680f53ec4e7c31ad5735e08cfdc7b4393f296cfcf74ca3100344a7233b"], 0x54}}, 0x0) sendmsg$inet(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000000c0)="02f17efd288422a5d06fab0b", 0xc}], 0x1}, 0x40000) 18.330792733s ago: executing program 3 (id=2102): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r1, 0x0, 0x39000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000040)={0xa, 0x0, &(0x7f0000000340)={&(0x7f0000000b00)=ANY=[@ANYBLOB="020300000b0000000000000000000000030006000000000002000000e000000100000000000000000200010000001c000000fb18000000000300050000000000020000007f0000010000000000000000010018"], 0x58}, 0x1, 0x7}, 0x0) r5 = bpf$MAP_CREATE(0x100000000000000, &(0x7f00000005c0)=ANY=[@ANYBLOB="120000003a000000080000000200000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000005c759c593754f26227153d0e2158196ad9f17cbbf40cfbd746f84b923e74be110dda58520ca7626599da34066de56e5ce88f2bf8994909", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$BPF_PROG_ATTACH(0x1c, &(0x7f00000004c0)=ANY=[@ANYRES32=r5, @ANYRES32, @ANYBLOB=',\x00\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="6256668517ee0983a0aca28635295a1f21c8ab8ea429c7", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20) r6 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) sendmsg$nl_route_sched(r6, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=@newtaction={0xc4, 0x30, 0x1, 0x4000000, 0x0, {0x0, 0x0, 0x6a00}, [{0xb0, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0x10000000, 0x0, 0x4}, 0x3, r8}}]}, {0x4, 0xa}, {0xc}, {0xffac, 0x8, {0x0, 0x2}}}}, @m_mpls={0x5c, 0x2, 0x0, 0x0, {{0x9}, {0x30}, {0x4}, {0xc}, {0xc}}}]}]}, 0xc4}}, 0x0) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) r10 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r10, 0x1, 0x2e, &(0x7f0000000080)=0xfffe0000, 0x4) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c40)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x20, 0x20, 0x5, [@enum={0x0, 0x1, 0x0, 0xf, 0x4, [{}]}, @struct]}, {0x0, [0x0, 0x0, 0x61]}}, 0x0, 0x3d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000080)=@mangle={'mangle\x00', 0x1f, 0x6, 0x3a0, 0x118, 0x0, 0x330, 0x298, 0x330, 0x3f0, 0x3f0, 0x3f0, 0x3f0, 0x3f0, 0x6, 0x0, {[{{@ip={@multicast1, @remote, 0x0, 0x0, 'ip6erspan0\x00', 'pimreg0\x00'}, 0x0, 0x70, 0xa8}, @common=@inet=@SET3={0x38}}, {{@ip={@multicast2, @dev, 0x0, 0x0, 'veth0_to_bond\x00', 'syzkaller1\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, 0x0, 0x0, 'vlan0\x00', 'veth1_to_bridge\x00'}, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x400) r11 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r11, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0) sendmsg$nl_xfrm(r9, &(0x7f0000000480)={0x0, 0x2500, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="6501000014"], 0x188}}, 0x0) sendmsg$AUDIT_DEL_RULE(0xffffffffffffffff, &(0x7f0000000bc0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x1808000}, 0xc, &(0x7f0000000b80)={&(0x7f00000006c0)={0x428, 0x3f4, 0x1, 0x70bd27, 0x25dfdbfd, {0x4, 0x2, 0x34, [0x3, 0x9, 0xfde4, 0x8, 0x9, 0x3, 0x2, 0x69, 0x5, 0x7, 0x8, 0x8, 0x8, 0x8000, 0x1ff, 0x1, 0x9a75, 0xfffffffe, 0xfffffff9, 0x0, 0x8, 0xc26, 0x7, 0x2, 0x4, 0x15, 0x7af, 0x1, 0xdf2, 0x9, 0x3, 0x4, 0x2, 0x7bd9dace, 0x0, 0xffffffff, 0x9, 0x7, 0x2, 0xf8b8, 0x3, 0x3, 0x9, 0xf, 0xffffffff, 0x6, 0x8001, 0x5, 0x1, 0x301, 0xff, 0x2537, 0x3, 0x2, 0x9e, 0x8000, 0x9, 0x1, 0x0, 0x200, 0x7, 0x7fff, 0x1000, 0xb9], [0x1, 0x9ce, 0xffffffff, 0x7ff, 0x40, 0x1000, 0x1, 0x0, 0x3ff, 0x8, 0x40, 0x4f, 0x4, 0x7, 0x5, 0xdfa, 0x7ff, 0x10000, 0x2b, 0x6, 0x3, 0x2, 0x4, 0x7, 0xffffffff, 0x9, 0x69, 0x2, 0x9, 0x17c68f46, 0x9, 0x2, 0x15c6, 0x6, 0xfffffffc, 0xed, 0x7cd1, 0x0, 0x3, 0x40, 0xfffffffa, 0xfffffff9, 0x3ff, 0x1, 0xf14, 0x3a65, 0x400, 0xa, 0x3863, 0xffffffff, 0xffffff01, 0x3fc00, 0x8, 0x5, 0xcc, 0x81, 0x401, 0x0, 0xcb, 0x4, 0x200, 0x0, 0x10, 0x4], [0x7, 0x40, 0x10, 0x3, 0x7, 0xfffffffc, 0x8, 0x3, 0x6, 0xfffffff9, 0xc8, 0xfffffffc, 0x1, 0x7f, 0x9, 0x6, 0x4c78, 0x6, 0x6, 0x4, 0x7, 0x1, 0x1, 0x8, 0x7, 0xfffffffe, 0xfffffffd, 0xc4, 0xb, 0x7fffffff, 0x2, 0xd4, 0x8, 0xffff, 0x9, 0xb, 0x7, 0x572, 0x0, 0x10, 0xfe, 0xa38d, 0x1, 0xf, 0x4, 0x1, 0x1, 0x1, 0x7, 0xd, 0x1ff, 0x101, 0x6, 0x8, 0xffff0000, 0x1, 0x2, 0x7fffffff, 0x3, 0x40, 0x1270b27e, 0x400, 0x6, 0x4b9], [0x8, 0x0, 0x0, 0x1, 0x8, 0x81, 0x8000, 0x9, 0x7, 0x2, 0x1, 0x5, 0x679, 0x3, 0xffffff7f, 0x2, 0xfffffff4, 0x6, 0x2, 0x628c, 0x3, 0x7, 0x2, 0x5, 0x45b3da98, 0xfffffff7, 0x4, 0x2, 0x4, 0x2, 0x9, 0xf84, 0x7, 0x1, 0x101, 0x0, 0x2, 0x40, 0x9, 0xfffff000, 0x8, 0x9, 0xf, 0x2, 0x3, 0x2, 0x2, 0xfffffffc, 0xc8, 0x4000800, 0x6, 0x8, 0x7, 0x0, 0x6, 0x800, 0x7f, 0x9, 0xc, 0x0, 0x0, 0xffff, 0x3, 0xfa51], 0x7, ['C}\x13^![\x00']}, ["", "", "", "", "", "", ""]}, 0x428}, 0x1, 0x0, 0x0, 0x40000000}, 0x4000000) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000040)=ANY=[@ANYRESHEX=r2, @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', r8, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r13 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r13, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmsg$IPSET_CMD_FLUSH(r13, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000540)={0x74, 0x4, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0xfffffffffffffece}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x0, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x74}, 0x1, 0x0, 0x0, 0x40090}, 0x20000084) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r12, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 17.662488123s ago: executing program 2 (id=2106): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000400000008"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_int(r1, 0x1, 0x2f, &(0x7f0000000180)=0x85c, 0x4) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="14000000130001040000000000000000"], 0x14}], 0x1}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x1c, 0x8, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c00038008000140000000000800024000000000180003801400010076657468305f746f5f6873720000000058000000160a0101000b000000000000010000000900020073797a32000000000900010073797a30000000002c000380180003801400010076657468305f746f5f687372000000000800024000440000080001"], 0xf8}, 0x1, 0x0, 0x0, 0xc000}, 0x40) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000008000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d40)={r4, 0x0, 0xe, 0x0, &(0x7f0000000500)="00ffffff26a00ae12cc1955298bd", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 17.500043867s ago: executing program 2 (id=2107): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x12, 0x4, 0x4, 0xa4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000400)={r1, &(0x7f0000000300), 0x0}, 0x20) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x16, 0x13, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c252500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000180100002020702500000000002020207b1ad8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000080000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$rds(0x15, 0x5, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_init_net_socket$netrom(0x6, 0x5, 0x0) socket(0x40000000015, 0x5, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) socket(0x10, 0x2, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0) 17.376381537s ago: executing program 0 (id=2108): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYRES8=0x0, @ANYRES64=0x0, @ANYBLOB="0dfa130016000000240012000c", @ANYRES32], 0x44}, 0x1, 0x0, 0x0, 0x880}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)={0x34, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x34}}, 0x0) r1 = socket(0x10, 0x803, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000480)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010003000000ffdbdf25010000000c0006004000001e515be60004000780080001000000"], 0x38}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x8000000004) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="740000000002010400000000000000000a000000200001800c000280050001000000000006000340000400000600034000010000040003803c0002800c00028005002100000000002c0001801400030000000000000000000000000000000001140004"], 0x74}}, 0x0) writev(r4, &(0x7f0000000280)=[{0x0}], 0x1) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r6, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, 0x0, 0x0) unshare(0x22020600) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000020000000000000080000000950000000000000018180000", @ANYRES32, @ANYBLOB="00000000000000000000000010ffffff00b15b84000000000000001812f70df20f84a8", @ANYRES32=0x1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000085200000030000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x3, 0x2e, &(0x7f00000000c0)=""/41, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0xa, 0x6, 0x9}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000180)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1], &(0x7f00000001c0)=[{0x3, 0x1, 0x6, 0x3}, {0x2, 0x6, 0x5, 0x5}], 0x10, 0xffff, @void, @value}, 0x9f) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x1, &(0x7f0000000300)=@gcm_128={{0x303}, "a83e4871e80838ad", "5478450c12966a112de83c81c2b105c7", "6810e567", "ff280500"}, 0x28) sendto$inet6(r6, &(0x7f00000001c0), 0xffffffffffffff90, 0x0, 0x0, 0x3000137) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000280)={0xffffffffffffffff, 0x53, 0xd, 0x9}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H\x00\x00\x00'], 0x48}, 0x1, 0x0, 0x0, 0x20004810}, 0x0) 17.263682782s ago: executing program 0 (id=2109): ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={0xffffffffffffffff, 0x9, 0x165d, 0xfffffffffffffffc}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000240)={'sit0\x00', &(0x7f00000000c0)={'syztnl1\x00', 0x0, 0x40, 0x7800, 0xf6a, 0x6, {{0xa, 0x4, 0x0, 0x6, 0x28, 0x67, 0x0, 0x3, 0x2f, 0x0, @empty, @multicast1, {[@generic={0x44, 0x9, "7c4cc9756bd38f"}, @timestamp={0x44, 0x8, 0x5a, 0x0, 0xa, [0xffffffff]}]}}}}}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0xffffffff, 0x0, 0x0, 0x40f00, 0x0, '\x00', r1, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10) (async) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)={0x14, 0x31, 0x701, 0x70bd2a, 0x0, {0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x4044840}, 0x0) 17.187317572s ago: executing program 2 (id=2110): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000340)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_OCB(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010027bd700000dcdf256c00000008000300", @ANYRES32=r3], 0x24}}, 0x40080) 17.108203192s ago: executing program 0 (id=2111): socket$alg(0x26, 0x5, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)={0x38, 0x0, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x3fffffffffffff}, @NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x38}}, 0x20000000) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, r1, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24040090}, 0x200000c0) 16.976877253s ago: executing program 2 (id=2112): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0) 16.902140757s ago: executing program 2 (id=2113): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, 0x0, &(0x7f0000000180)) r2 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=ANY=[@ANYBLOB="600000000206010100000000000000000000800005000100070000000500040003000000050005000200000014000780080013400000000408000b400000000009000200738b7a320000000011000300686173683a69702c6d61726b"], 0x60}}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000280)={r3, 0x5, 0x10}, &(0x7f00000002c0)=0xc) 16.816812103s ago: executing program 2 (id=2114): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) (async) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x4, 0x1, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x4, 0x1, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='rss_stat\x00', r2}, 0x18) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x18, 0x4, 0x0, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0xffffffff, 0x0, 0x0, @void, @value, @void, @value}, 0x48) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e21, 0x5, @loopback, 0xa}}, 0x0, 0x0, 0x22, 0x0, "bb353738cb473fc7c9f1cf53b6a7b4e23602a3c364ca41d6e5615445244740bd4c0b42a21d7214bf92594925208a0e2f964e654dc534a6324d4993fcf19b2df3ee818a118a7c49462189316d556d2ccd"}, 0xd8) sendto$inet6(r0, &(0x7f00000000c0)="e9", 0x1, 0x20008045, &(0x7f00000001c0)={0xa, 0x2, 0x1000, @empty}, 0x1c) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f0000000040), 0x4) socket$inet6_sctp(0xa, 0x1, 0x84) (async) socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, 0x0, 0x0, 0x2400ed80, &(0x7f0000000080)={0xa, 0x4621, 0x0, @local}, 0x1c) (async) sendto$inet6(r3, 0x0, 0x0, 0x2400ed80, &(0x7f0000000080)={0xa, 0x4621, 0x0, @local}, 0x1c) writev(r3, &(0x7f0000001180)=[{&(0x7f0000001240)="06367d6d", 0x4}], 0x1) 15.192472367s ago: executing program 3 (id=2115): socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x67) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)=ANY=[@ANYRES32=0x0, @ANYBLOB='6\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="addaced30a01a7fe46005a6cdee853229216446b411c8d9e63e3d3cdab8325cdc8faa5cb28989108c94e95a12489c73629f24aaef11a6cafca29547a05f362658b4964f4c208f6"], 0x20) socket$inet6_udp(0xa, 0x2, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) sendmsg$NET_DM_CMD_START(r0, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x14, 0x0, 0x400, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x80) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x3, 0x10004, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000008000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r3}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$alg(0x26, 0x5, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008"], 0x7c}}, 0x10) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r6 = accept4(r5, 0x0, 0x0, 0x800) sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r7, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r8, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2.010051172s ago: executing program 32 (id=2111): socket$alg(0x26, 0x5, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)={0x38, 0x0, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x3fffffffffffff}, @NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r3}}]}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x38}}, 0x20000000) sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, r1, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24040090}, 0x200000c0) 1.005350303s ago: executing program 33 (id=2114): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) (async) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x4, 0x1, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x4, 0x1, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='rss_stat\x00', r2}, 0x18) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x18, 0x4, 0x0, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0xffffffff, 0x0, 0x0, @void, @value, @void, @value}, 0x48) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e21, 0x5, @loopback, 0xa}}, 0x0, 0x0, 0x22, 0x0, "bb353738cb473fc7c9f1cf53b6a7b4e23602a3c364ca41d6e5615445244740bd4c0b42a21d7214bf92594925208a0e2f964e654dc534a6324d4993fcf19b2df3ee818a118a7c49462189316d556d2ccd"}, 0xd8) sendto$inet6(r0, &(0x7f00000000c0)="e9", 0x1, 0x20008045, &(0x7f00000001c0)={0xa, 0x2, 0x1000, @empty}, 0x1c) r3 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f0000000040), 0x4) socket$inet6_sctp(0xa, 0x1, 0x84) (async) socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, 0x0, 0x0, 0x2400ed80, &(0x7f0000000080)={0xa, 0x4621, 0x0, @local}, 0x1c) (async) sendto$inet6(r3, 0x0, 0x0, 0x2400ed80, &(0x7f0000000080)={0xa, 0x4621, 0x0, @local}, 0x1c) writev(r3, &(0x7f0000001180)=[{&(0x7f0000001240)="06367d6d", 0x4}], 0x1) 0s ago: executing program 34 (id=2115): socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x67) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)=ANY=[@ANYRES32=0x0, @ANYBLOB='6\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="addaced30a01a7fe46005a6cdee853229216446b411c8d9e63e3d3cdab8325cdc8faa5cb28989108c94e95a12489c73629f24aaef11a6cafca29547a05f362658b4964f4c208f6"], 0x20) socket$inet6_udp(0xa, 0x2, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) sendmsg$NET_DM_CMD_START(r0, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)={0x14, 0x0, 0x400, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x80) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x3, 0x10004, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000008000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r3}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$alg(0x26, 0x5, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008"], 0x7c}}, 0x10) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r6 = accept4(r5, 0x0, 0x0, 0x800) sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r7, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r8, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) kernel console output (not intermixed with test programs): ed [ 284.367935][T11770] __nla_validate_parse: 3 callbacks suppressed [ 284.367952][T11770] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1718'. [ 284.461491][T11806] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1726'. [ 284.488930][T11805] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1727'. [ 284.502955][T11804] syzkaller0: entered allmulticast mode [ 284.510231][T11805] nbd: must specify a size in bytes for the device [ 284.518322][T11718] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 284.525748][T11718] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 284.532557][T11805] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1727'. [ 284.551952][T11718] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 284.556271][T11803] syzkaller0: left allmulticast mode [ 284.579986][T11718] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 284.589672][T11718] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 284.638027][T11718] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 284.786466][T11814] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1731'. [ 285.023894][T11821] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1733'. [ 285.025643][T11811] vlan3: entered promiscuous mode [ 285.122074][T11819] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 285.163702][T11718] hsr_slave_0: entered promiscuous mode [ 285.183451][T11718] hsr_slave_1: entered promiscuous mode [ 285.201851][T11718] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 285.210118][T11718] Cannot create hsr debugfs directory [ 285.353258][T11831] RDS: rds_bind could not find a transport for fc00::1, load rds_tcp or rds_rdma? [ 285.401959][T11838] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1737'. [ 285.717401][T11855] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1741'. [ 285.767698][ T5849] Bluetooth: hci2: command tx timeout [ 285.930950][T11859] bridge0: port 1(ipvlan2) entered blocking state [ 285.937978][T11859] bridge0: port 1(ipvlan2) entered disabled state [ 285.944664][T11859] ipvlan2: entered allmulticast mode [ 285.950741][T11859] bridge0: entered allmulticast mode [ 285.963350][T11859] ipvlan2: left allmulticast mode [ 285.969182][T11859] bridge0: left allmulticast mode [ 286.293223][T11871] syzkaller0: entered promiscuous mode [ 286.299073][T11871] syzkaller0: entered allmulticast mode [ 286.488240][T11882] RDS: rds_bind could not find a transport for fc00::1, load rds_tcp or rds_rdma? [ 286.533948][T11883] netlink: 'syz.3.1752': attribute type 21 has an invalid length. [ 286.576164][T11883] netlink: 'syz.3.1752': attribute type 1 has an invalid length. [ 286.825790][T11890] 8021q: VLANs not supported on vcan0 [ 286.841642][T11896] sctp: [Deprecated]: syz.3.1758 (pid 11896) Use of int in max_burst socket option. [ 286.841642][T11896] Use struct sctp_assoc_value instead [ 286.878287][T11718] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 286.942342][T11718] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 287.030146][T11718] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 287.054342][T11718] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 287.500018][T11718] 8021q: adding VLAN 0 to HW filter on device bond0 [ 287.586510][T11718] 8021q: adding VLAN 0 to HW filter on device team0 [ 287.737141][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.744308][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 287.744776][T11926] netlink: 'syz.0.1767': attribute type 10 has an invalid length. [ 287.761927][ T3514] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.769127][ T3514] bridge0: port 2(bridge_slave_1) entered forwarding state [ 287.796875][T11926] team0: Device hsr_slave_0 failed to register rx_handler [ 287.828051][T11927] RDS: rds_bind could not find a transport for fc00::1, load rds_tcp or rds_rdma? [ 287.845611][ T5849] Bluetooth: hci2: command tx timeout [ 287.918146][T11933] sctp: [Deprecated]: syz.3.1769 (pid 11933) Use of int in max_burst socket option. [ 287.918146][T11933] Use struct sctp_assoc_value instead [ 287.942251][T11718] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 288.153092][T11944] IPVS: set_ctl: invalid protocol: 0 224.0.0.2:20002 [ 288.251531][T11940] 8021q: VLANs not supported on vcan0 [ 288.284286][T11946] veth2: entered allmulticast mode [ 288.332216][T11718] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 288.509790][T11960] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1778'. [ 288.541472][T11960] vlan2: entered promiscuous mode [ 288.726769][T11972] RDS: rds_bind could not find a transport for fc00::1, load rds_tcp or rds_rdma? [ 288.879110][T11718] veth0_vlan: entered promiscuous mode [ 288.901488][T11718] veth1_vlan: entered promiscuous mode [ 288.980496][T11718] veth0_macvtap: entered promiscuous mode [ 289.032139][T11718] veth1_macvtap: entered promiscuous mode [ 289.122439][T11718] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 289.139906][T11718] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 289.160215][T11718] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.169137][T11718] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.199876][T11718] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.210208][T11718] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.332928][ T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 289.361316][ T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 289.483557][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 289.506396][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 289.573814][T11997] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1791'. [ 289.590487][T11997] nbd: must specify a size in bytes for the device [ 289.627137][T11999] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1791'. [ 289.915132][T12013] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1796'. [ 290.347220][T12028] FAULT_INJECTION: forcing a failure. [ 290.347220][T12028] name failslab, interval 1, probability 0, space 0, times 0 [ 290.363677][T12029] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1800'. [ 290.373119][T12028] CPU: 1 UID: 0 PID: 12028 Comm: syz.2.1801 Not tainted 6.15.0-rc3-syzkaller-00618-gff61a4a5dfc2 #0 PREEMPT(full) [ 290.373158][T12028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 290.373171][T12028] Call Trace: [ 290.373178][T12028] [ 290.373187][T12028] dump_stack_lvl+0x189/0x250 [ 290.373242][T12028] ? __pfx_dump_stack_lvl+0x10/0x10 [ 290.373272][T12028] ? __pfx__printk+0x10/0x10 [ 290.373298][T12028] ? __pfx___might_resched+0x10/0x10 [ 290.373328][T12028] ? fs_reclaim_acquire+0x7d/0x100 [ 290.373364][T12028] should_fail_ex+0x414/0x560 [ 290.373400][T12028] should_failslab+0xa8/0x100 [ 290.373429][T12028] __kmalloc_cache_noprof+0x70/0x3d0 [ 290.373454][T12028] ? __xdp_reg_mem_model+0x1d8/0x5a0 [ 290.373481][T12028] __xdp_reg_mem_model+0x1d8/0x5a0 [ 290.373508][T12028] ? __pfx___xdp_reg_mem_model+0x10/0x10 [ 290.373532][T12028] ? page_pool_create_percpu+0x800/0xbe0 [ 290.373562][T12028] xdp_reg_mem_model+0x22/0x40 [ 290.373595][T12028] bpf_test_run_xdp_live+0x218/0x1aa0 [ 290.373638][T12028] ? stack_trace_save+0x9c/0xe0 [ 290.373674][T12028] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 290.373703][T12028] ? kasan_save_track+0x4f/0x80 [ 290.373723][T12028] ? kasan_save_track+0x3e/0x80 [ 290.373743][T12028] ? __kasan_kmalloc+0x93/0xb0 [ 290.373763][T12028] ? __kmalloc_noprof+0x27a/0x4f0 [ 290.373785][T12028] ? bpf_test_init+0xc2/0x170 [ 290.373842][T12028] ? __lock_acquire+0xaac/0xd20 [ 290.373879][T12028] ? __might_fault+0xb0/0x130 [ 290.373917][T12028] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 290.373948][T12028] ? _copy_from_user+0x94/0xb0 [ 290.373975][T12028] ? bpf_test_init+0x133/0x170 [ 290.374002][T12028] ? xdp_convert_md_to_buff+0x5b/0x330 [ 290.374047][T12028] bpf_prog_test_run_xdp+0x713/0xf90 [ 290.374093][T12028] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 290.374128][T12028] ? __fget_files+0x2a/0x420 [ 290.374159][T12028] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 290.374190][T12028] bpf_prog_test_run+0x2a9/0x340 [ 290.374221][T12028] __sys_bpf+0x4a4/0x860 [ 290.374246][T12028] ? __pfx___sys_bpf+0x10/0x10 [ 290.374283][T12028] ? ksys_write+0x1f0/0x250 [ 290.374304][T12028] ? rcu_is_watching+0x15/0xb0 [ 290.374345][T12028] __x64_sys_bpf+0x7c/0x90 [ 290.374367][T12028] do_syscall_64+0xf6/0x210 [ 290.374393][T12028] ? clear_bhb_loop+0x45/0xa0 [ 290.374417][T12028] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.374436][T12028] RIP: 0033:0x7fca0a78e969 [ 290.374453][T12028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 290.374470][T12028] RSP: 002b:00007fca0b63f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 290.374490][T12028] RAX: ffffffffffffffda RBX: 00007fca0a9b5fa0 RCX: 00007fca0a78e969 [ 290.374504][T12028] RDX: 0000000000000050 RSI: 0000200000000b80 RDI: 000000000000000a [ 290.374517][T12028] RBP: 00007fca0b63f090 R08: 0000000000000000 R09: 0000000000000000 [ 290.374529][T12028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 290.374541][T12028] R13: 0000000000000000 R14: 00007fca0a9b5fa0 R15: 00007ffe62fd8ac8 [ 290.374572][T12028] [ 290.907166][T12034] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1802'. [ 291.099480][ T52] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.207581][ T52] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.819476][ T52] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.956531][ T52] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.047262][T12046] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1803'. [ 292.404431][T12056] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1808'. [ 292.437442][T12057] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1807'. [ 292.447012][T12057] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1807'. [ 292.466039][T12057] netlink: 'syz.2.1807': attribute type 1 has an invalid length. [ 292.481485][T12057] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1807'. [ 292.696022][ T52] bridge_slave_1: left allmulticast mode [ 292.718858][ T5852] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 292.729889][ T5852] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 292.737564][ T52] bridge_slave_1: left promiscuous mode [ 292.743404][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 292.751469][ T5852] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 292.766184][ T5852] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 292.776206][ T5852] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 292.813641][ T52] bridge_slave_0: left allmulticast mode [ 292.831590][ T52] bridge_slave_0: left promiscuous mode [ 292.837678][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 293.214100][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 293.225067][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 293.235112][ T52] bond0 (unregistering): Released all slaves [ 294.202629][ T52] hsr_slave_0: left promiscuous mode [ 294.221711][ T52] hsr_slave_1: left promiscuous mode [ 294.236086][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 294.251509][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 294.270096][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 294.293824][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 294.354275][ T52] veth1_macvtap: left promiscuous mode [ 294.366978][ T52] veth0_macvtap: left promiscuous mode [ 294.372839][ T52] veth1_vlan: left promiscuous mode [ 294.381411][ T52] veth0_vlan: left promiscuous mode [ 294.805802][ T5849] Bluetooth: hci2: command tx timeout [ 294.825187][ T52] team0 (unregistering): Port device team_slave_1 removed [ 294.864064][ T52] team0 (unregistering): Port device team_slave_0 removed [ 295.501335][T12125] bridge_slave_0: default FDB implementation only supports local addresses [ 295.548147][T12065] chnl_net:caif_netlink_parms(): no params data found [ 295.668193][T12140] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 295.872826][T12149] __nla_validate_parse: 6 callbacks suppressed [ 295.872844][T12149] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1834'. [ 295.964908][T12151] RDS: rds_bind could not find a transport for fc00::1, load rds_tcp or rds_rdma? [ 296.060416][T12065] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.071266][T12065] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.085988][T12065] bridge_slave_0: entered allmulticast mode [ 296.098551][T12065] bridge_slave_0: entered promiscuous mode [ 296.118663][T12065] bridge0: port 2(bridge_slave_1) entered blocking state [ 296.134898][T12065] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.154951][T12157] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1837'. [ 296.164510][T12065] bridge_slave_1: entered allmulticast mode [ 296.173573][T12065] bridge_slave_1: entered promiscuous mode [ 296.180100][T12157] nbd: must specify a size in bytes for the device [ 296.203863][T12157] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1837'. [ 296.403994][T12065] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 296.438031][T12065] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 296.500860][T12163] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1836'. [ 296.526596][T12169] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1839'. [ 296.691913][T12065] team0: Port device team_slave_0 added [ 296.694749][T12173] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1842'. [ 296.698995][T12176] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1841'. [ 296.831098][T12179] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1841'. [ 296.846495][T12065] team0: Port device team_slave_1 added [ 296.895612][ T5849] Bluetooth: hci2: command tx timeout [ 297.057336][T12188] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1848'. [ 297.075171][T12188] nbd: must specify a size in bytes for the device [ 297.083362][T12065] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 297.094127][T12188] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1848'. [ 297.096730][T12065] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 297.106810][T12192] nbd: must specify a size in bytes for the device [ 297.141275][T12065] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 297.163589][T12065] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 297.170969][T12065] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 297.235516][T12065] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 297.778690][T12065] hsr_slave_0: entered promiscuous mode [ 297.798333][T12214] netlink: 'syz.2.1856': attribute type 1 has an invalid length. [ 297.815055][T12065] hsr_slave_1: entered promiscuous mode [ 297.832627][T12065] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 297.840804][T12214] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 297.855353][T12065] Cannot create hsr debugfs directory [ 297.948109][T12222] FAULT_INJECTION: forcing a failure. [ 297.948109][T12222] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 298.055618][T12222] CPU: 0 UID: 0 PID: 12222 Comm: syz.3.1857 Not tainted 6.15.0-rc3-syzkaller-00618-gff61a4a5dfc2 #0 PREEMPT(full) [ 298.055652][T12222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 298.055666][T12222] Call Trace: [ 298.055674][T12222] [ 298.055683][T12222] dump_stack_lvl+0x189/0x250 [ 298.055722][T12222] ? __pfx_dump_stack_lvl+0x10/0x10 [ 298.055751][T12222] ? __pfx__printk+0x10/0x10 [ 298.055785][T12222] should_fail_ex+0x414/0x560 [ 298.055822][T12222] _copy_to_user+0x31/0xb0 [ 298.055851][T12222] simple_read_from_buffer+0xe1/0x170 [ 298.055882][T12222] proc_fail_nth_read+0x1df/0x250 [ 298.055914][T12222] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 298.055946][T12222] ? rw_verify_area+0x258/0x650 [ 298.055967][T12222] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 298.055997][T12222] vfs_read+0x1fd/0x980 [ 298.056024][T12222] ? __pfx___mutex_lock+0x10/0x10 [ 298.056052][T12222] ? __pfx_vfs_read+0x10/0x10 [ 298.056076][T12222] ? __fget_files+0x2a/0x420 [ 298.056107][T12222] ? __fget_files+0x3a0/0x420 [ 298.056131][T12222] ? __fget_files+0x2a/0x420 [ 298.056167][T12222] ksys_read+0x145/0x250 [ 298.056187][T12222] ? rcu_is_watching+0x15/0xb0 [ 298.056220][T12222] ? __pfx_ksys_read+0x10/0x10 [ 298.056246][T12222] ? do_syscall_64+0xba/0x210 [ 298.056277][T12222] do_syscall_64+0xf6/0x210 [ 298.056305][T12222] ? clear_bhb_loop+0x45/0xa0 [ 298.056342][T12222] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.056361][T12222] RIP: 0033:0x7f1e2778d37c [ 298.056379][T12222] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 298.056396][T12222] RSP: 002b:00007f1e2861d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 298.056416][T12222] RAX: ffffffffffffffda RBX: 00007f1e279b5fa0 RCX: 00007f1e2778d37c [ 298.056431][T12222] RDX: 000000000000000f RSI: 00007f1e2861d0a0 RDI: 0000000000000004 [ 298.056443][T12222] RBP: 00007f1e2861d090 R08: 0000000000000000 R09: 0000000000000000 [ 298.056455][T12222] R10: 000000000000006e R11: 0000000000000246 R12: 0000000000000001 [ 298.056466][T12222] R13: 0000000000000000 R14: 00007f1e279b5fa0 R15: 00007ffcdd3e4d08 [ 298.056498][T12222] [ 298.641376][T12230] bond1: entered promiscuous mode [ 298.690556][T12230] 8021q: adding VLAN 0 to HW filter on device bond1 [ 298.914781][T12230] bond1 (unregistering): Released all slaves [ 298.975604][ T5849] Bluetooth: hci2: command tx timeout [ 299.196702][T12256] nbd: must specify a size in bytes for the device [ 300.263489][T12297] tipc: Enabled bearer , priority 0 [ 300.346972][T12299] netlink: 'syz.3.1869': attribute type 21 has an invalid length. [ 300.410378][T12299] netlink: 'syz.3.1869': attribute type 1 has an invalid length. [ 300.468392][T12278] Bluetooth: hci3: Opcode 0x0401 failed: -4 [ 300.754658][T12311] netlink: 'syz.3.1874': attribute type 1 has an invalid length. [ 300.783968][T12313] nbd: must specify a size in bytes for the device [ 301.024690][T12065] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 301.060162][ T5849] Bluetooth: hci2: command tx timeout [ 301.139990][T12065] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 301.176399][T12065] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 301.209082][T12065] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 301.401251][T12324] __nla_validate_parse: 10 callbacks suppressed [ 301.401274][T12324] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1876'. [ 301.606872][ T5849] Bluetooth: hci3: command 0x0406 tx timeout [ 301.744625][T12065] 8021q: adding VLAN 0 to HW filter on device bond0 [ 301.832620][T12065] 8021q: adding VLAN 0 to HW filter on device team0 [ 301.866431][T12334] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1881'. [ 301.898786][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 301.906004][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 301.928586][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 301.935797][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 302.007157][T12340] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1880'. [ 302.043646][T12340] xt_recent: Unsupported userspace flags (00000048) [ 302.083822][T12340] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1880'. [ 302.157159][T12350] xt_hashlimit: overflow, rate too high: 1125899906842624 [ 302.203292][T12348] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1880'. [ 302.255205][T12348] nbd: device at index 64 is going down [ 302.533751][ T6059] udevd[6059]: setting mode of /dev/nbd64 to 060660 failed: No such file or directory [ 302.552495][ T6059] udevd[6059]: setting owner of /dev/nbd64 to uid=0, gid=6 failed: No such file or directory [ 302.561599][T12065] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 302.804629][T12380] netlink: 'syz.2.1892': attribute type 1 has an invalid length. [ 303.323208][T12065] veth0_vlan: entered promiscuous mode [ 303.361990][T12065] veth1_vlan: entered promiscuous mode [ 303.382826][T12403] sctp: [Deprecated]: syz.3.1900 (pid 12403) Use of int in max_burst socket option. [ 303.382826][T12403] Use struct sctp_assoc_value instead [ 303.497964][T12065] veth0_macvtap: entered promiscuous mode [ 303.577393][T12065] veth1_macvtap: entered promiscuous mode [ 304.024121][T12065] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 304.068230][T12065] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 304.077782][T12424] xt_connbytes: Forcing CT accounting to be enabled [ 304.084672][T12424] Cannot find del_set index 1 as target [ 304.127108][T12065] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.150695][T12065] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.182132][T12065] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.191141][T12065] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 304.229857][T12431] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1911'. [ 304.572844][T12439] RDS: rds_bind could not find a transport for fc00::1, load rds_tcp or rds_rdma? [ 304.673001][T12448] netlink: 'syz.2.1918': attribute type 1 has an invalid length. [ 304.785029][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 304.810348][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 304.893435][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 304.904053][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 305.023705][T12461] netlink: 'syz.3.1923': attribute type 1 has an invalid length. [ 305.031942][T12464] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1924'. [ 305.248192][T12471] netlink: 248 bytes leftover after parsing attributes in process `syz.0.1926'. [ 305.357398][ T36] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.578713][ T36] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.683253][ T36] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.019175][ T36] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 306.208446][ T36] bridge_slave_1: left allmulticast mode [ 306.214268][ T36] bridge_slave_1: left promiscuous mode [ 306.220370][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 306.229404][ T36] bridge_slave_0: left allmulticast mode [ 306.235052][ T36] bridge_slave_0: left promiscuous mode [ 306.241038][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 306.533571][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 306.544740][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 306.556666][ T36] bond0 (unregistering): Released all slaves [ 306.784443][T12484] RDS: rds_bind could not find a transport for fc00::1, load rds_tcp or rds_rdma? [ 306.972593][T12494] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 306.986544][T12497] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1936'. [ 307.002432][T12494] xt_TCPMSS: Only works on TCP SYN packets [ 307.117766][ T36] hsr_slave_0: left promiscuous mode [ 307.165581][ T36] hsr_slave_1: left promiscuous mode [ 307.171661][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 307.182735][T12499] FAULT_INJECTION: forcing a failure. [ 307.182735][T12499] name failslab, interval 1, probability 0, space 0, times 0 [ 307.205490][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 307.212886][T12499] CPU: 0 UID: 0 PID: 12499 Comm: syz.1.1938 Not tainted 6.15.0-rc3-syzkaller-00618-gff61a4a5dfc2 #0 PREEMPT(full) [ 307.212913][T12499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 307.212928][T12499] Call Trace: [ 307.212940][T12499] [ 307.212948][T12499] dump_stack_lvl+0x189/0x250 [ 307.212984][T12499] ? __pfx_dump_stack_lvl+0x10/0x10 [ 307.213012][T12499] ? __pfx__printk+0x10/0x10 [ 307.213033][T12499] ? __pfx___might_resched+0x10/0x10 [ 307.213051][T12499] ? fs_reclaim_acquire+0x7d/0x100 [ 307.213085][T12499] should_fail_ex+0x414/0x560 [ 307.213119][T12499] should_failslab+0xa8/0x100 [ 307.213143][T12499] __kmalloc_cache_noprof+0x70/0x3d0 [ 307.213165][T12499] ? hash_netport_create+0x2fe/0xfe0 [ 307.213189][T12499] hash_netport_create+0x2fe/0xfe0 [ 307.213217][T12499] ? __nla_parse+0x40/0x60 [ 307.213239][T12499] ? __pfx_hash_netport_create+0x10/0x10 [ 307.213260][T12499] ip_set_create+0xa94/0x1940 [ 307.213285][T12499] ? ip_set_create+0x4a2/0x1940 [ 307.213321][T12499] ? __pfx_ip_set_create+0x10/0x10 [ 307.213381][T12499] nfnetlink_rcv_msg+0xb4a/0x1130 [ 307.213405][T12499] ? unwind_get_return_address+0x4d/0x90 [ 307.213427][T12499] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 307.213447][T12499] ? nfnetlink_rcv_msg+0x20d/0x1130 [ 307.213492][T12499] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 307.213514][T12499] ? stack_depot_save_flags+0x40/0x910 [ 307.213594][T12499] netlink_rcv_skb+0x219/0x490 [ 307.213619][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 307.213626][T12499] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 307.213652][T12499] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 307.213680][T12499] ? kasan_quarantine_put+0xdd/0x220 [ 307.213752][T12499] ? apparmor_capable+0x137/0x1b0 [ 307.213783][T12499] ? bpf_lsm_capable+0x9/0x20 [ 307.213810][T12499] ? security_capable+0x7e/0x2e0 [ 307.213847][T12499] nfnetlink_rcv+0x273/0x2530 [ 307.213876][T12499] ? __dev_queue_xmit+0x27e/0x3a70 [ 307.213901][T12499] ? __dev_queue_xmit+0x27e/0x3a70 [ 307.213923][T12499] ? __dev_queue_xmit+0x27e/0x3a70 [ 307.213950][T12499] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 307.213986][T12499] ? __dev_queue_xmit+0x27e/0x3a70 [ 307.214011][T12499] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.214036][T12499] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 307.214069][T12499] ? __pfx___dev_queue_xmit+0x10/0x10 [ 307.214110][T12499] ? ref_tracker_free+0x63a/0x7d0 [ 307.214128][T12499] ? __copy_skb_header+0xa7/0x550 [ 307.214154][T12499] ? __pfx_ref_tracker_free+0x10/0x10 [ 307.214174][T12499] ? __skb_clone+0x63/0x7a0 [ 307.214202][T12499] ? __skb_clone+0x483/0x7a0 [ 307.214233][T12499] ? skb_clone+0x246/0x3a0 [ 307.214260][T12499] ? __netlink_deliver_tap+0x807/0x850 [ 307.214291][T12499] ? netlink_deliver_tap+0x2e/0x1b0 [ 307.214330][T12499] ? netlink_deliver_tap+0x2e/0x1b0 [ 307.214360][T12499] ? netlink_deliver_tap+0x2e/0x1b0 [ 307.214398][T12499] netlink_unicast+0x758/0x8d0 [ 307.214440][T12499] netlink_sendmsg+0x805/0xb30 [ 307.214471][T12499] ? __pfx_netlink_sendmsg+0x10/0x10 [ 307.214494][T12499] ? aa_sock_msg_perm+0x94/0x160 [ 307.214517][T12499] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 307.214539][T12499] ? __pfx_netlink_sendmsg+0x10/0x10 [ 307.214560][T12499] __sock_sendmsg+0x219/0x270 [ 307.214591][T12499] ____sys_sendmsg+0x505/0x830 [ 307.214620][T12499] ? __pfx_____sys_sendmsg+0x10/0x10 [ 307.214654][T12499] ? import_iovec+0x74/0xa0 [ 307.214685][T12499] ___sys_sendmsg+0x21f/0x2a0 [ 307.214710][T12499] ? __pfx____sys_sendmsg+0x10/0x10 [ 307.214773][T12499] ? __fget_files+0x2a/0x420 [ 307.214799][T12499] ? __fget_files+0x3a0/0x420 [ 307.214842][T12499] __x64_sys_sendmsg+0x19b/0x260 [ 307.214869][T12499] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 307.214912][T12499] ? do_syscall_64+0xba/0x210 [ 307.214943][T12499] do_syscall_64+0xf6/0x210 [ 307.214971][T12499] ? clear_bhb_loop+0x45/0xa0 [ 307.214996][T12499] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.215016][T12499] RIP: 0033:0x7f374ff8e969 [ 307.215035][T12499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 307.215052][T12499] RSP: 002b:00007f3750d3e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 307.215075][T12499] RAX: ffffffffffffffda RBX: 00007f37501b5fa0 RCX: 00007f374ff8e969 [ 307.215091][T12499] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 000000000000000d [ 307.215105][T12499] RBP: 00007f3750d3e090 R08: 0000000000000000 R09: 0000000000000000 [ 307.215118][T12499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 307.215131][T12499] R13: 0000000000000000 R14: 00007f37501b5fa0 R15: 00007ffc11e2b288 [ 307.215165][T12499] [ 307.223424][T12499] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1938'. [ 307.240404][T12503] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1939'. [ 307.448688][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 307.636289][ T5851] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 307.643390][T12503] nbd: must specify a size in bytes for the device [ 307.652624][ T5851] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 307.720051][ T5851] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 307.728782][ T5851] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 307.736840][ T5851] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 307.782370][ T36] veth1_macvtap: left promiscuous mode [ 307.792343][ T36] veth0_macvtap: left promiscuous mode [ 307.804288][ T36] veth1_vlan: left promiscuous mode [ 307.820636][ T36] veth0_vlan: left promiscuous mode [ 307.856398][T12519] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1941'. [ 308.288322][ T36] team0 (unregistering): Port device team_slave_1 removed [ 308.324596][ T36] team0 (unregistering): Port device team_slave_0 removed [ 308.910277][T12522] netlink: 'syz.3.1942': attribute type 1 has an invalid length. [ 308.919843][T12522] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1942'. [ 308.972244][T12528] netlink: 'syz.0.1943': attribute type 1 has an invalid length. [ 308.981166][T12528] netlink: 'syz.0.1943': attribute type 1 has an invalid length. [ 309.381635][T12539] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1947'. [ 309.448692][T12541] RDS: rds_bind could not find a transport for fc00::1, load rds_tcp or rds_rdma? [ 309.526799][T12510] chnl_net:caif_netlink_parms(): no params data found [ 309.690807][T12551] C: renamed from team_slave_0 [ 309.777909][T12551] netlink: 'syz.3.1951': attribute type 1 has an invalid length. [ 309.787493][ T5851] Bluetooth: hci2: command tx timeout [ 309.826380][T12551] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 309.959739][T12510] bridge0: port 1(bridge_slave_0) entered blocking state [ 309.978314][T12510] bridge0: port 1(bridge_slave_0) entered disabled state [ 310.030685][T12510] bridge_slave_0: entered allmulticast mode [ 310.039004][T12567] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1955'. [ 310.045667][T12510] bridge_slave_0: entered promiscuous mode [ 310.135982][T12566] vxcan3: entered allmulticast mode [ 310.249901][T12510] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.263003][T12510] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.281972][T12510] bridge_slave_1: entered allmulticast mode [ 310.306256][T12510] bridge_slave_1: entered promiscuous mode [ 310.418847][T12577] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1960'. [ 310.562354][T12579] netlink: 'syz.1.1962': attribute type 1 has an invalid length. [ 310.587435][T12582] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1961'. [ 310.612949][T12510] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 310.622340][T12583] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1962'. [ 310.652765][T12588] FAULT_INJECTION: forcing a failure. [ 310.652765][T12588] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 310.700098][T12510] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 310.702810][T12588] CPU: 0 UID: 0 PID: 12588 Comm: syz.3.1964 Not tainted 6.15.0-rc3-syzkaller-00618-gff61a4a5dfc2 #0 PREEMPT(full) [ 310.702837][T12588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 310.702850][T12588] Call Trace: [ 310.702858][T12588] [ 310.702866][T12588] dump_stack_lvl+0x189/0x250 [ 310.702903][T12588] ? __pfx_dump_stack_lvl+0x10/0x10 [ 310.702931][T12588] ? __pfx__printk+0x10/0x10 [ 310.702964][T12588] should_fail_ex+0x414/0x560 [ 310.702999][T12588] _copy_to_user+0x31/0xb0 [ 310.703028][T12588] simple_read_from_buffer+0xe1/0x170 [ 310.703058][T12588] proc_fail_nth_read+0x1df/0x250 [ 310.703089][T12588] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 310.703119][T12588] ? rw_verify_area+0x258/0x650 [ 310.703139][T12588] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 310.703168][T12588] vfs_read+0x1fd/0x980 [ 310.703195][T12588] ? do_sock_setsockopt+0x267/0x3e0 [ 310.703215][T12588] ? __pfx_vfs_read+0x10/0x10 [ 310.703246][T12588] ? do_sock_setsockopt+0x267/0x3e0 [ 310.703264][T12588] ? kfree+0x4d/0x440 [ 310.703285][T12588] ? __pfx_pppol2tp_setsockopt+0x10/0x10 [ 310.703310][T12588] ? do_sock_setsockopt+0x267/0x3e0 [ 310.703332][T12588] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 310.703360][T12588] ksys_read+0x145/0x250 [ 310.703383][T12588] ? __pfx_ksys_read+0x10/0x10 [ 310.703409][T12588] ? do_syscall_64+0xba/0x210 [ 310.703439][T12588] do_syscall_64+0xf6/0x210 [ 310.703465][T12588] ? clear_bhb_loop+0x45/0xa0 [ 310.703488][T12588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.703508][T12588] RIP: 0033:0x7f1e2778d37c [ 310.703525][T12588] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 310.703543][T12588] RSP: 002b:00007f1e2861d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 310.703564][T12588] RAX: ffffffffffffffda RBX: 00007f1e279b5fa0 RCX: 00007f1e2778d37c [ 310.703579][T12588] RDX: 000000000000000f RSI: 00007f1e2861d0a0 RDI: 0000000000000004 [ 310.703591][T12588] RBP: 00007f1e2861d090 R08: 0000000000000000 R09: 0000000000000000 [ 310.703603][T12588] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 310.703633][T12588] R13: 0000000000000000 R14: 00007f1e279b5fa0 R15: 00007ffcdd3e4d08 [ 310.703666][T12588] [ 310.947683][T12583] syz.1.1962 (12583) used greatest stack depth: 19528 bytes left [ 311.004987][T12595] netlink: 'syz.0.1965': attribute type 1 has an invalid length. [ 311.023256][T12595] netlink: 'syz.0.1965': attribute type 1 has an invalid length. [ 311.112097][T12510] team0: Port device team_slave_0 added [ 311.197564][T12510] team0: Port device team_slave_1 added [ 311.253575][T12510] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 311.263707][T12510] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 311.299778][T12510] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 311.318432][T12510] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 311.327629][T12510] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 311.357378][T12510] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 311.389507][T12610] FAULT_INJECTION: forcing a failure. [ 311.389507][T12610] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 311.414781][T12610] CPU: 0 UID: 0 PID: 12610 Comm: syz.3.1969 Not tainted 6.15.0-rc3-syzkaller-00618-gff61a4a5dfc2 #0 PREEMPT(full) [ 311.414809][T12610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 311.414822][T12610] Call Trace: [ 311.414830][T12610] [ 311.414840][T12610] dump_stack_lvl+0x189/0x250 [ 311.414863][T12610] ? __lock_acquire+0xaac/0xd20 [ 311.414885][T12610] ? __pfx_dump_stack_lvl+0x10/0x10 [ 311.414906][T12610] ? __pfx__printk+0x10/0x10 [ 311.414919][T12610] ? __might_fault+0xb0/0x130 [ 311.414950][T12610] should_fail_ex+0x414/0x560 [ 311.414985][T12610] _copy_from_user+0x2d/0xb0 [ 311.415011][T12610] ___sys_recvmsg+0x12e/0x510 [ 311.415041][T12610] ? __pfx____sys_recvmsg+0x10/0x10 [ 311.415103][T12610] ? __might_fault+0xb0/0x130 [ 311.415124][T12610] do_recvmmsg+0x307/0x760 [ 311.415147][T12610] ? __pfx_do_recvmmsg+0x10/0x10 [ 311.415182][T12610] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 311.415227][T12610] __x64_sys_recvmmsg+0x190/0x240 [ 311.415251][T12610] ? rcu_is_watching+0x15/0xb0 [ 311.415286][T12610] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 311.415314][T12610] ? do_syscall_64+0xba/0x210 [ 311.415344][T12610] do_syscall_64+0xf6/0x210 [ 311.415371][T12610] ? clear_bhb_loop+0x45/0xa0 [ 311.415396][T12610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.415423][T12610] RIP: 0033:0x7f1e2778e969 [ 311.415440][T12610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.415458][T12610] RSP: 002b:00007f1e2861d038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 311.415479][T12610] RAX: ffffffffffffffda RBX: 00007f1e279b5fa0 RCX: 00007f1e2778e969 [ 311.415493][T12610] RDX: 0000000000000f02 RSI: 00002000000004c0 RDI: 0000000000000006 [ 311.415516][T12610] RBP: 00007f1e2861d090 R08: 0000000000000000 R09: 0000000000000000 [ 311.415527][T12610] R10: 00000000000000f0 R11: 0000000000000246 R12: 0000000000000002 [ 311.415536][T12610] R13: 0000000000000000 R14: 00007f1e279b5fa0 R15: 00007ffcdd3e4d08 [ 311.415575][T12610] [ 311.712109][T12510] hsr_slave_0: entered promiscuous mode [ 311.724819][T12510] hsr_slave_1: entered promiscuous mode [ 311.740316][T12510] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 311.755629][T12510] Cannot create hsr debugfs directory [ 311.834681][T12612] FAULT_INJECTION: forcing a failure. [ 311.834681][T12612] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 311.850665][ T5851] Bluetooth: hci2: command tx timeout [ 311.866448][T12612] CPU: 1 UID: 0 PID: 12612 Comm: syz.2.1970 Not tainted 6.15.0-rc3-syzkaller-00618-gff61a4a5dfc2 #0 PREEMPT(full) [ 311.866475][T12612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 311.866487][T12612] Call Trace: [ 311.866494][T12612] [ 311.866502][T12612] dump_stack_lvl+0x189/0x250 [ 311.866531][T12612] ? __lock_acquire+0xaac/0xd20 [ 311.866560][T12612] ? __pfx_dump_stack_lvl+0x10/0x10 [ 311.866586][T12612] ? __pfx__printk+0x10/0x10 [ 311.866605][T12612] ? __might_fault+0xb0/0x130 [ 311.866639][T12612] should_fail_ex+0x414/0x560 [ 311.866673][T12612] _copy_from_iter+0x1db/0x15a0 [ 311.866695][T12612] ? __alloc_frozen_pages_noprof+0x1d6/0x370 [ 311.866733][T12612] ? __pfx__copy_from_iter+0x10/0x10 [ 311.866754][T12612] ? policy_nodemask+0x27c/0x720 [ 311.866776][T12612] ? aa_file_perm+0x11f/0xed0 [ 311.866803][T12612] ? page_copy_sane+0x4e/0x280 [ 311.866826][T12612] copy_page_from_iter+0x7b/0x100 [ 311.866850][T12612] anon_pipe_write+0x99a/0x1360 [ 311.866897][T12612] ? __pfx_anon_pipe_write+0x10/0x10 [ 311.866938][T12612] ? common_file_perm+0x199/0x200 [ 311.866961][T12612] ? bpf_lsm_file_permission+0x9/0x20 [ 311.866985][T12612] ? security_file_permission+0x75/0x290 [ 311.867022][T12612] vfs_write+0x548/0xa90 [ 311.867049][T12612] ? __pfx_anon_pipe_write+0x10/0x10 [ 311.867075][T12612] ? __pfx_vfs_write+0x10/0x10 [ 311.867108][T12612] ? __fget_files+0x2a/0x420 [ 311.867143][T12612] ksys_write+0x145/0x250 [ 311.867163][T12612] ? rcu_is_watching+0x15/0xb0 [ 311.867193][T12612] ? __pfx_ksys_write+0x10/0x10 [ 311.867219][T12612] ? do_syscall_64+0xba/0x210 [ 311.867249][T12612] do_syscall_64+0xf6/0x210 [ 311.867275][T12612] ? clear_bhb_loop+0x45/0xa0 [ 311.867300][T12612] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.867319][T12612] RIP: 0033:0x7fca0a78e969 [ 311.867336][T12612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.867359][T12612] RSP: 002b:00007fca0b63f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 311.867380][T12612] RAX: ffffffffffffffda RBX: 00007fca0a9b5fa0 RCX: 00007fca0a78e969 [ 311.867395][T12612] RDX: 00000000fffffdef RSI: 00002000000001c0 RDI: 0000000000000000 [ 311.867407][T12612] RBP: 00007fca0b63f090 R08: 0000000000000000 R09: 0000000000000000 [ 311.867420][T12612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 311.867431][T12612] R13: 0000000000000000 R14: 00007fca0a9b5fa0 R15: 00007ffe62fd8ac8 [ 311.867462][T12612] [ 312.364263][T12619] tipc: Enabling of bearer rejected, failed to enable media [ 312.416312][T12619] FAULT_INJECTION: forcing a failure. [ 312.416312][T12619] name failslab, interval 1, probability 0, space 0, times 0 [ 312.433780][T12619] CPU: 0 UID: 0 PID: 12619 Comm: syz.3.1972 Not tainted 6.15.0-rc3-syzkaller-00618-gff61a4a5dfc2 #0 PREEMPT(full) [ 312.433809][T12619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 312.433821][T12619] Call Trace: [ 312.433829][T12619] [ 312.433837][T12619] dump_stack_lvl+0x189/0x250 [ 312.433873][T12619] ? __pfx_dump_stack_lvl+0x10/0x10 [ 312.433901][T12619] ? __pfx__printk+0x10/0x10 [ 312.433926][T12619] ? __pfx___might_resched+0x10/0x10 [ 312.433943][T12619] ? fs_reclaim_acquire+0x7d/0x100 [ 312.433976][T12619] should_fail_ex+0x414/0x560 [ 312.434011][T12619] should_failslab+0xa8/0x100 [ 312.434038][T12619] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 312.434068][T12619] ? __alloc_skb+0x112/0x2d0 [ 312.434092][T12619] __alloc_skb+0x112/0x2d0 [ 312.434114][T12619] mgmt_cmd_status+0x41/0x4c0 [ 312.434139][T12619] ? hci_dev_get+0x40/0x190 [ 312.434172][T12619] mesh_features+0x145/0x340 [ 312.434194][T12619] ? __pfx_mesh_features+0x10/0x10 [ 312.434225][T12619] hci_mgmt_cmd+0x9c6/0xef0 [ 312.434256][T12619] hci_sock_sendmsg+0x6ca/0xee0 [ 312.434283][T12619] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 312.434303][T12619] ? aa_sock_msg_perm+0x94/0x160 [ 312.434324][T12619] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 312.434346][T12619] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 312.434373][T12619] __sock_sendmsg+0x219/0x270 [ 312.434403][T12619] sock_write_iter+0x258/0x330 [ 312.434430][T12619] ? __pfx_sock_write_iter+0x10/0x10 [ 312.434465][T12619] ? bpf_lsm_file_permission+0x9/0x20 [ 312.434488][T12619] ? security_file_permission+0x75/0x290 [ 312.434525][T12619] vfs_write+0x548/0xa90 [ 312.434552][T12619] ? __pfx_sock_write_iter+0x10/0x10 [ 312.434577][T12619] ? __pfx_vfs_write+0x10/0x10 [ 312.434610][T12619] ? __fget_files+0x2a/0x420 [ 312.434644][T12619] ksys_write+0x145/0x250 [ 312.434664][T12619] ? rcu_is_watching+0x15/0xb0 [ 312.434693][T12619] ? __pfx_ksys_write+0x10/0x10 [ 312.434719][T12619] ? do_syscall_64+0xba/0x210 [ 312.434748][T12619] do_syscall_64+0xf6/0x210 [ 312.434775][T12619] ? clear_bhb_loop+0x45/0xa0 [ 312.434798][T12619] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.434816][T12619] RIP: 0033:0x7f1e2778e969 [ 312.434834][T12619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.434850][T12619] RSP: 002b:00007f1e2861d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 312.434871][T12619] RAX: ffffffffffffffda RBX: 00007f1e279b5fa0 RCX: 00007f1e2778e969 [ 312.434886][T12619] RDX: 0000000000000006 RSI: 0000200000000080 RDI: 0000000000000004 [ 312.434898][T12619] RBP: 00007f1e2861d090 R08: 0000000000000000 R09: 0000000000000000 [ 312.434909][T12619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 312.434920][T12619] R13: 0000000000000000 R14: 00007f1e279b5fa0 R15: 00007ffcdd3e4d08 [ 312.434952][T12619] [ 312.881620][T12631] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1978'. [ 312.911514][T12631] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1978'. [ 312.941296][T12640] sctp: [Deprecated]: syz.2.1981 (pid 12640) Use of int in max_burst socket option. [ 312.941296][T12640] Use struct sctp_assoc_value instead [ 313.103685][T12644] tipc: Bearer : already 2 bearers with priority 10 [ 313.117933][T12644] tipc: Bearer : trying with adjusted priority [ 313.129852][T12644] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 313.196250][T12646] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1980'. [ 313.785009][T12510] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 313.816279][T12655] FAULT_INJECTION: forcing a failure. [ 313.816279][T12655] name failslab, interval 1, probability 0, space 0, times 0 [ 313.858321][T12655] CPU: 0 UID: 0 PID: 12655 Comm: syz.2.1988 Not tainted 6.15.0-rc3-syzkaller-00618-gff61a4a5dfc2 #0 PREEMPT(full) [ 313.858350][T12655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 313.858361][T12655] Call Trace: [ 313.858368][T12655] [ 313.858376][T12655] dump_stack_lvl+0x189/0x250 [ 313.858411][T12655] ? __pfx_dump_stack_lvl+0x10/0x10 [ 313.858438][T12655] ? __pfx__printk+0x10/0x10 [ 313.858471][T12655] should_fail_ex+0x414/0x560 [ 313.858504][T12655] should_failslab+0xa8/0x100 [ 313.858529][T12655] __kmalloc_cache_noprof+0x70/0x3d0 [ 313.858553][T12655] ? sctp_add_bind_addr+0x8c/0x370 [ 313.858581][T12655] sctp_add_bind_addr+0x8c/0x370 [ 313.858610][T12655] sctp_copy_local_addr_list+0x30b/0x4e0 [ 313.858639][T12655] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 313.858663][T12655] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 313.858690][T12655] ? sctp_v6_is_any+0x64/0x80 [ 313.858718][T12655] ? sctp_copy_one_addr+0x93/0x360 [ 313.858745][T12655] sctp_bind_addr_copy+0xb3/0x3c0 [ 313.858768][T12655] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 313.858791][T12655] sctp_connect_new_asoc+0x2e0/0x690 [ 313.858812][T12655] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 313.858826][T12655] ? __local_bh_enable_ip+0x12d/0x1c0 [ 313.858858][T12655] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 313.858886][T12655] ? security_sctp_bind_connect+0x7e/0x2e0 [ 313.858913][T12655] sctp_sendmsg+0x155c/0x2810 [ 313.858939][T12655] ? __pfx_sctp_sendmsg+0x10/0x10 [ 313.858958][T12655] ? aa_sk_perm+0x81e/0x950 [ 313.858987][T12655] ? __pfx_aa_sk_perm+0x10/0x10 [ 313.859013][T12655] ? sock_rps_record_flow+0x19/0x410 [ 313.859037][T12655] ? inet_sendmsg+0x2f4/0x370 [ 313.859060][T12655] __sock_sendmsg+0x19c/0x270 [ 313.859086][T12655] __sys_sendto+0x3bd/0x520 [ 313.859104][T12655] ? __pfx___sys_sendto+0x10/0x10 [ 313.859140][T12655] ? do_sys_openat2+0x154/0x1c0 [ 313.859175][T12655] ? ksys_write+0x1e1/0x250 [ 313.859191][T12655] ? rcu_is_watching+0x15/0xb0 [ 313.859223][T12655] __x64_sys_sendto+0xde/0x100 [ 313.859242][T12655] do_syscall_64+0xf6/0x210 [ 313.859265][T12655] ? clear_bhb_loop+0x45/0xa0 [ 313.859285][T12655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.859301][T12655] RIP: 0033:0x7fca0a78e969 [ 313.859316][T12655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.859330][T12655] RSP: 002b:00007fca0b63f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 313.859348][T12655] RAX: ffffffffffffffda RBX: 00007fca0a9b5fa0 RCX: 00007fca0a78e969 [ 313.859359][T12655] RDX: 0000000000034000 RSI: 0000200000000500 RDI: 0000000000000003 [ 313.859369][T12655] RBP: 00007fca0b63f090 R08: 0000200000000140 R09: 000000000000001c [ 313.859380][T12655] R10: 000000002000c851 R11: 0000000000000246 R12: 0000000000000002 [ 313.859389][T12655] R13: 0000000000000000 R14: 00007fca0a9b5fa0 R15: 00007ffe62fd8ac8 [ 313.859416][T12655] [ 313.863117][T12510] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 313.954291][ T5851] Bluetooth: hci2: command tx timeout [ 314.193184][T12510] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 314.219770][T12510] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 314.491457][ T5849] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 314.500462][ T5849] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 314.508715][ T5849] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 314.519441][ T5849] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 314.527475][ T5849] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 314.561040][T12667] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1990'. [ 314.574395][T12667] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1990'. [ 314.577753][T12510] 8021q: adding VLAN 0 to HW filter on device bond0 [ 314.621283][T12510] 8021q: adding VLAN 0 to HW filter on device team0 [ 314.668810][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.676044][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 314.715227][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 314.722432][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 314.825490][T12675] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1991'. [ 314.888946][T12672] xt_hashlimit: size too large, truncated to 1048576 [ 315.173311][T12686] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1993'. [ 315.251231][T12510] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 315.414606][T12664] chnl_net:caif_netlink_parms(): no params data found [ 315.745135][T12664] bridge0: port 1(bridge_slave_0) entered blocking state [ 315.771583][T12664] bridge0: port 1(bridge_slave_0) entered disabled state [ 315.836857][T12664] bridge_slave_0: entered allmulticast mode [ 315.872423][T12664] bridge_slave_0: entered promiscuous mode [ 315.901352][T12664] bridge0: port 2(bridge_slave_1) entered blocking state [ 315.934753][T12664] bridge0: port 2(bridge_slave_1) entered disabled state [ 315.950546][T12664] bridge_slave_1: entered allmulticast mode [ 315.958995][T12664] bridge_slave_1: entered promiscuous mode [ 316.071450][T12717] siw: device registration error -23 [ 316.102874][T12713] can: request_module (can-proto-0) failed. [ 316.223798][T12510] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 316.246593][ T5851] Bluetooth: hci2: command tx timeout [ 316.263483][T12664] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 316.327347][T12664] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 316.371628][T12727] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2002'. [ 316.414948][T12664] team0: Port device team_slave_0 added [ 316.433634][T12729] netlink: 'syz.0.2002': attribute type 21 has an invalid length. [ 316.453504][T12664] team0: Port device team_slave_1 added [ 316.464843][T12729] netlink: 'syz.0.2002': attribute type 1 has an invalid length. [ 316.490534][T12727] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2002'. [ 316.567583][ T5851] Bluetooth: hci4: command tx timeout [ 316.589067][T12664] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 316.605707][T12664] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 316.649530][T12664] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 316.664989][T12664] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 316.672601][T12664] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 316.698754][T12737] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2003'. [ 316.728079][T12664] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 316.761097][T12741] FAULT_INJECTION: forcing a failure. [ 316.761097][T12741] name failslab, interval 1, probability 0, space 0, times 0 [ 316.778390][T12741] CPU: 0 UID: 0 PID: 12741 Comm: syz.3.2004 Not tainted 6.15.0-rc3-syzkaller-00618-gff61a4a5dfc2 #0 PREEMPT(full) [ 316.778420][T12741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 316.778432][T12741] Call Trace: [ 316.778440][T12741] [ 316.778448][T12741] dump_stack_lvl+0x189/0x250 [ 316.778485][T12741] ? __pfx_dump_stack_lvl+0x10/0x10 [ 316.778515][T12741] ? __pfx__printk+0x10/0x10 [ 316.778541][T12741] ? __pfx___might_resched+0x10/0x10 [ 316.778566][T12741] should_fail_ex+0x414/0x560 [ 316.778607][T12741] should_failslab+0xa8/0x100 [ 316.778635][T12741] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 316.778660][T12741] ? __alloc_skb+0x112/0x2d0 [ 316.778684][T12741] __alloc_skb+0x112/0x2d0 [ 316.778707][T12741] netlink_dump+0x245/0xe70 [ 316.778752][T12741] ? __pfx_netlink_dump+0x10/0x10 [ 316.778800][T12741] ? __asan_memset+0x22/0x50 [ 316.778830][T12741] ? genl_start+0x499/0x6c0 [ 316.778860][T12741] __netlink_dump_start+0x5cb/0x7e0 [ 316.778897][T12741] genl_family_rcv_msg_dumpit+0x1e7/0x2c0 [ 316.778924][T12741] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 316.778946][T12741] ? genl_get_cmd+0x7d9/0x910 [ 316.778973][T12741] ? __pfx_genl_start+0x10/0x10 [ 316.778992][T12741] ? __pfx_genl_dumpit+0x10/0x10 [ 316.779012][T12741] ? __pfx_genl_done+0x10/0x10 [ 316.779039][T12741] ? stack_depot_save_flags+0x40/0x910 [ 316.779074][T12741] genl_rcv_msg+0x5da/0x790 [ 316.779103][T12741] ? __pfx_genl_rcv_msg+0x10/0x10 [ 316.779124][T12741] ? __pfx_nl80211_dump_scan+0x10/0x10 [ 316.779166][T12741] netlink_rcv_skb+0x219/0x490 [ 316.779212][T12741] ? __pfx_genl_rcv_msg+0x10/0x10 [ 316.779238][T12741] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 316.779296][T12741] ? down_read+0x1ad/0x2e0 [ 316.779324][T12741] genl_rcv+0x28/0x40 [ 316.779345][T12741] netlink_unicast+0x758/0x8d0 [ 316.779385][T12741] netlink_sendmsg+0x805/0xb30 [ 316.779415][T12741] ? __pfx_netlink_sendmsg+0x10/0x10 [ 316.779438][T12741] ? aa_sock_msg_perm+0x94/0x160 [ 316.779460][T12741] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 316.779482][T12741] ? __pfx_netlink_sendmsg+0x10/0x10 [ 316.779502][T12741] __sock_sendmsg+0x219/0x270 [ 316.779532][T12741] ____sys_sendmsg+0x505/0x830 [ 316.779561][T12741] ? __pfx_____sys_sendmsg+0x10/0x10 [ 316.779599][T12741] ? import_iovec+0x74/0xa0 [ 316.779629][T12741] ___sys_sendmsg+0x21f/0x2a0 [ 316.779654][T12741] ? __pfx____sys_sendmsg+0x10/0x10 [ 316.779737][T12741] ? __fget_files+0x2a/0x420 [ 316.779762][T12741] ? __fget_files+0x3a0/0x420 [ 316.779800][T12741] __x64_sys_sendmsg+0x19b/0x260 [ 316.779826][T12741] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 316.779869][T12741] ? do_syscall_64+0xba/0x210 [ 316.779901][T12741] do_syscall_64+0xf6/0x210 [ 316.779928][T12741] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 316.779948][T12741] ? clear_bhb_loop+0x45/0xa0 [ 316.779974][T12741] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.779994][T12741] RIP: 0033:0x7f1e2778e969 [ 316.780012][T12741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 316.780029][T12741] RSP: 002b:00007f1e2861d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 316.780051][T12741] RAX: ffffffffffffffda RBX: 00007f1e279b5fa0 RCX: 00007f1e2778e969 [ 316.780066][T12741] RDX: 0000000000004000 RSI: 0000200000000f00 RDI: 0000000000000003 [ 316.780080][T12741] RBP: 00007f1e2861d090 R08: 0000000000000000 R09: 0000000000000000 [ 316.780092][T12741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 316.780104][T12741] R13: 0000000000000000 R14: 00007f1e279b5fa0 R15: 00007ffcdd3e4d08 [ 316.780138][T12741] [ 317.157994][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.673290][ T3499] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 317.685391][ T3499] bond0 (unregistering): Released all slaves [ 317.710520][T12664] hsr_slave_0: entered promiscuous mode [ 317.720198][T12664] hsr_slave_1: entered promiscuous mode [ 317.726794][T12664] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 317.734367][T12664] Cannot create hsr debugfs directory [ 317.991059][T12764] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2012'. [ 318.101991][T12764] 8021q: adding VLAN 0 to HW filter on device team1 [ 318.352164][ T3499] hsr_slave_0: left promiscuous mode [ 318.358216][ T3499] hsr_slave_1: left promiscuous mode [ 318.384120][ T3499] veth1_macvtap: left promiscuous mode [ 318.393717][ T3499] veth0_macvtap: left promiscuous mode [ 318.401316][ T3499] veth1_vlan: left promiscuous mode [ 318.410450][ T3499] veth0_vlan: left promiscuous mode [ 318.648488][ T5851] Bluetooth: hci4: command tx timeout [ 319.348378][T12510] veth0_vlan: entered promiscuous mode [ 319.518931][T12510] veth1_vlan: entered promiscuous mode [ 319.565890][T12664] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 319.657669][T12664] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 319.818802][T12510] veth0_macvtap: entered promiscuous mode [ 319.847771][T12664] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 319.883273][T12790] netlink: 124 bytes leftover after parsing attributes in process `syz.0.2020'. [ 319.920712][T12794] netlink: 248 bytes leftover after parsing attributes in process `syz.3.2022'. [ 319.946063][T12510] veth1_macvtap: entered promiscuous mode [ 320.010507][T12797] netlink: 300 bytes leftover after parsing attributes in process `syz.2.2023'. [ 320.030386][T12664] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.039212][T12797] netlink: 'syz.2.2023': attribute type 13 has an invalid length. [ 320.318318][T12510] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 320.522252][T12807] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2027'. [ 320.532507][T12807] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2027'. [ 320.541625][T12510] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 320.577990][T12809] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2028'. [ 320.603767][T12809] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2028'. [ 320.629864][T12510] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.650322][T12510] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.659786][T12510] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.668867][T12510] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.726221][ T5851] Bluetooth: hci4: command tx timeout [ 320.980250][T12816] netlink: 'syz.3.2029': attribute type 15 has an invalid length. [ 321.051904][T12664] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 321.093479][T12664] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 321.160927][T12664] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 321.187622][T12664] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 321.305586][ T3460] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 321.323647][ T3460] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 321.438154][ T3460] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 321.466911][ T3460] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 321.536697][T12810] xt_hashlimit: size too large, truncated to 1048576 [ 321.804874][T12664] 8021q: adding VLAN 0 to HW filter on device bond0 [ 321.894447][T12832] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2034'. [ 321.977944][T12664] 8021q: adding VLAN 0 to HW filter on device team0 [ 322.005966][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 322.013146][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 322.043089][T12837] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2036'. [ 322.109485][ T3499] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.126886][T12838] netlink: 'syz.2.2036': attribute type 21 has an invalid length. [ 322.224180][T12838] netlink: 'syz.2.2036': attribute type 1 has an invalid length. [ 322.237853][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 322.245014][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 322.358113][ T3499] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.432160][ T3499] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.519648][ T3499] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.678806][T12664] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 322.689639][ T3499] bridge_slave_1: left allmulticast mode [ 322.696337][ T3499] bridge_slave_1: left promiscuous mode [ 322.702017][ T3499] bridge0: port 2(bridge_slave_1) entered disabled state [ 322.711433][ T3499] bridge_slave_0: left allmulticast mode [ 322.717874][ T3499] bridge_slave_0: left promiscuous mode [ 322.723565][ T3499] bridge0: port 1(bridge_slave_0) entered disabled state [ 322.805560][ T5851] Bluetooth: hci4: command tx timeout [ 323.031567][ T3499] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 323.042545][ T3499] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 323.053759][ T3499] bond0 (unregistering): Released all slaves [ 323.138157][T12664] veth0_vlan: entered promiscuous mode [ 323.174091][T12664] veth1_vlan: entered promiscuous mode [ 323.210466][T12664] veth0_macvtap: entered promiscuous mode [ 323.221872][T12664] veth1_macvtap: entered promiscuous mode [ 323.263537][T12664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 323.274169][T12664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 323.286253][T12664] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 323.309280][T12664] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 323.330576][T12664] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 323.342876][T12664] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 323.357464][ T3499] hsr_slave_0: left promiscuous mode [ 323.363325][ T3499] hsr_slave_1: left promiscuous mode [ 323.370888][ T3499] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 323.379335][ T3499] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 323.387614][ T3499] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 323.395123][ T3499] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 323.414840][ T3499] veth1_macvtap: left promiscuous mode [ 323.420636][ T3499] veth0_macvtap: left promiscuous mode [ 323.426433][ T3499] veth1_vlan: left promiscuous mode [ 323.431725][ T3499] veth0_vlan: left promiscuous mode [ 324.026309][ T5849] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 324.036350][ T5849] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 324.052256][ T5849] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 324.062887][ T5849] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 324.071201][ T5849] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 324.301444][T12868] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2042'. [ 324.324929][ T3499] team0 (unregistering): Port device team_slave_1 removed [ 324.364464][T12869] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2042'. [ 324.374536][ T3499] team0 (unregistering): Port device team_slave_0 removed [ 324.516596][T12871] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2042'. [ 324.862677][T12664] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 324.878689][T12664] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 324.889951][T12664] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 324.905356][T12664] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 325.252256][ T965] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 325.278839][ T965] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 325.381450][T12885] netlink: 'syz.2.2048': attribute type 21 has an invalid length. [ 325.397320][ T965] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 325.419156][ T965] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 325.433761][T12885] netlink: 'syz.2.2048': attribute type 1 has an invalid length. [ 325.751533][T12862] chnl_net:caif_netlink_parms(): no params data found [ 326.066562][T12910] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2055'. [ 326.163049][T12862] bridge0: port 1(bridge_slave_0) entered blocking state [ 326.170322][ T5849] Bluetooth: hci2: command tx timeout [ 326.198215][T12862] bridge0: port 1(bridge_slave_0) entered disabled state [ 326.216404][T12862] bridge_slave_0: entered allmulticast mode [ 326.224175][T12862] bridge_slave_0: entered promiscuous mode [ 326.252958][T12862] bridge0: port 2(bridge_slave_1) entered blocking state [ 326.265437][T12862] bridge0: port 2(bridge_slave_1) entered disabled state [ 326.272774][T12862] bridge_slave_1: entered allmulticast mode [ 326.298304][T12862] bridge_slave_1: entered promiscuous mode [ 326.419781][T12862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 326.448456][T12862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 326.568476][T12920] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2058'. [ 326.611117][ T965] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.650884][T12862] team0: Port device team_slave_0 added [ 326.671865][T12862] team0: Port device team_slave_1 added [ 326.679621][T12920] vlan0: entered promiscuous mode [ 326.730043][T12918] FAULT_INJECTION: forcing a failure. [ 326.730043][T12918] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 326.748507][ T965] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.762098][T12918] CPU: 1 UID: 0 PID: 12918 Comm: syz.2.2057 Not tainted 6.15.0-rc3-syzkaller-00618-gff61a4a5dfc2 #0 PREEMPT(full) [ 326.762125][T12918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 326.762137][T12918] Call Trace: [ 326.762144][T12918] [ 326.762152][T12918] dump_stack_lvl+0x189/0x250 [ 326.762186][T12918] ? __pfx_dump_stack_lvl+0x10/0x10 [ 326.762212][T12918] ? __pfx__printk+0x10/0x10 [ 326.762244][T12918] should_fail_ex+0x414/0x560 [ 326.762277][T12918] _copy_from_user+0x2d/0xb0 [ 326.762303][T12918] copy_from_sockptr_offset+0x66/0xa0 [ 326.762327][T12918] do_ip6t_set_ctl+0x8b7/0xce0 [ 326.762352][T12918] ? rcu_is_watching+0x15/0xb0 [ 326.762379][T12918] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 326.762416][T12918] ? __pfx___mutex_lock+0x10/0x10 [ 326.762441][T12918] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 326.762464][T12918] ? smc_setsockopt+0x181/0xab0 [ 326.762489][T12918] ? __pfx___mutex_lock+0x10/0x10 [ 326.762514][T12918] ? rcu_read_lock_any_held+0xb3/0x120 [ 326.762541][T12918] nf_setsockopt+0x26c/0x290 [ 326.762562][T12918] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 326.762592][T12918] smc_setsockopt+0x22f/0xab0 [ 326.762621][T12918] ? __pfx_smc_setsockopt+0x10/0x10 [ 326.762647][T12918] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 326.762667][T12918] ? __pfx_smc_setsockopt+0x10/0x10 [ 326.762690][T12918] do_sock_setsockopt+0x257/0x3e0 [ 326.762713][T12918] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 326.762729][T12918] ? __fget_files+0x2a/0x420 [ 326.762757][T12918] ? __fget_files+0x3a0/0x420 [ 326.762779][T12918] ? __fget_files+0x2a/0x420 [ 326.762817][T12918] __x64_sys_setsockopt+0x18b/0x220 [ 326.762843][T12918] do_syscall_64+0xf6/0x210 [ 326.762869][T12918] ? clear_bhb_loop+0x45/0xa0 [ 326.762892][T12918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.762909][T12918] RIP: 0033:0x7fca0a78e969 [ 326.762926][T12918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 326.762943][T12918] RSP: 002b:00007fca0b63f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 326.762964][T12918] RAX: ffffffffffffffda RBX: 00007fca0a9b5fa0 RCX: 00007fca0a78e969 [ 326.762977][T12918] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 326.762988][T12918] RBP: 00007fca0b63f090 R08: 0000000000000428 R09: 0000000000000000 [ 326.763000][T12918] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 326.763011][T12918] R13: 0000000000000000 R14: 00007fca0a9b5fa0 R15: 00007ffe62fd8ac8 [ 326.763042][T12918] [ 327.062744][ T5851] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 327.071691][ T5851] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 327.082495][ T5851] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 327.113213][ T5851] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 327.139067][ T5851] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 327.171496][T12935] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2061'. [ 327.180521][T12935] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2061'. [ 327.192430][T12862] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 327.199525][T12862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 327.226432][T12862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 327.254722][ T965] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.307688][T12862] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 327.314681][T12862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 327.345544][T12862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 327.474839][ T965] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.681732][T12862] hsr_slave_0: entered promiscuous mode [ 327.698175][T12862] hsr_slave_1: entered promiscuous mode [ 327.704669][T12862] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 327.714808][T12862] Cannot create hsr debugfs directory [ 328.011166][ T965] bridge_slave_1: left allmulticast mode [ 328.026265][T12950] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2065'. [ 328.029471][ T965] bridge_slave_1: left promiscuous mode [ 328.042067][T12951] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2065'. [ 328.051954][ T965] bridge0: port 2(bridge_slave_1) entered disabled state [ 328.096621][ T965] bridge_slave_0: left allmulticast mode [ 328.103164][ T965] bridge_slave_0: left promiscuous mode [ 328.109321][ T965] bridge0: port 1(bridge_slave_0) entered disabled state [ 328.245557][ T5849] Bluetooth: hci2: command tx timeout [ 328.498095][ T965] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 328.509422][ T965] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 328.520547][ T965] bond0 (unregistering): Released all slaves [ 328.856296][T12930] chnl_net:caif_netlink_parms(): no params data found [ 329.168373][T12970] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2071'. [ 329.205734][ T5849] Bluetooth: hci4: command tx timeout [ 329.227245][ T965] hsr_slave_0: left promiscuous mode [ 329.252067][T12974] nbd: must specify a size in bytes for the device [ 329.259851][ T965] hsr_slave_1: left promiscuous mode [ 329.276716][ T965] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 329.313614][ T965] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 329.336957][ T965] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 329.344415][ T965] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 329.397092][T12981] __nla_validate_parse: 3 callbacks suppressed [ 329.397114][T12981] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2075'. [ 329.403743][ T965] veth1_macvtap: left promiscuous mode [ 329.413628][T12981] nbd: must specify a size in bytes for the device [ 329.424408][ T965] veth0_macvtap: left promiscuous mode [ 329.431957][ T965] veth1_vlan: left promiscuous mode [ 329.442880][ T965] veth0_vlan: left promiscuous mode [ 330.023433][ T965] team0 (unregistering): Port device team_slave_1 removed [ 330.063097][ T965] team0 (unregistering): Port device team_slave_0 removed [ 330.325625][ T5849] Bluetooth: hci2: command tx timeout [ 330.496456][T12930] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.513336][T12930] bridge0: port 1(bridge_slave_0) entered disabled state [ 330.522101][T12930] bridge_slave_0: entered allmulticast mode [ 330.534334][T12930] bridge_slave_0: entered promiscuous mode [ 330.544486][T12930] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.556646][T12930] bridge0: port 2(bridge_slave_1) entered disabled state [ 330.564000][T12930] bridge_slave_1: entered allmulticast mode [ 330.572354][T12930] bridge_slave_1: entered promiscuous mode [ 330.740278][T12995] FAULT_INJECTION: forcing a failure. [ 330.740278][T12995] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 330.759770][T12995] CPU: 0 UID: 0 PID: 12995 Comm: syz.2.2080 Not tainted 6.15.0-rc3-syzkaller-00618-gff61a4a5dfc2 #0 PREEMPT(full) [ 330.759799][T12995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 330.759811][T12995] Call Trace: [ 330.759819][T12995] [ 330.759827][T12995] dump_stack_lvl+0x189/0x250 [ 330.759858][T12995] ? __lock_acquire+0xaac/0xd20 [ 330.759888][T12995] ? __pfx_dump_stack_lvl+0x10/0x10 [ 330.759915][T12995] ? __pfx__printk+0x10/0x10 [ 330.759934][T12995] ? __might_fault+0xb0/0x130 [ 330.759969][T12995] should_fail_ex+0x414/0x560 [ 330.760004][T12995] _copy_from_user+0x2d/0xb0 [ 330.760029][T12995] __sys_connect+0x123/0x440 [ 330.760059][T12995] ? __fget_files+0x3a0/0x420 [ 330.760084][T12995] ? __pfx___sys_connect+0x10/0x10 [ 330.760136][T12995] __x64_sys_connect+0x7a/0x90 [ 330.760167][T12995] do_syscall_64+0xf6/0x210 [ 330.760194][T12995] ? clear_bhb_loop+0x45/0xa0 [ 330.760217][T12995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.760235][T12995] RIP: 0033:0x7fca0a78e969 [ 330.760252][T12995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 330.760269][T12995] RSP: 002b:00007fca0b63f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 330.760289][T12995] RAX: ffffffffffffffda RBX: 00007fca0a9b5fa0 RCX: 00007fca0a78e969 [ 330.760303][T12995] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000003 [ 330.760315][T12995] RBP: 00007fca0b63f090 R08: 0000000000000000 R09: 0000000000000000 [ 330.760326][T12995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 330.760337][T12995] R13: 0000000000000000 R14: 00007fca0a9b5fa0 R15: 00007ffe62fd8ac8 [ 330.760368][T12995] [ 330.982640][T12930] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 330.996326][T12930] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 331.068129][T12930] team0: Port device team_slave_0 added [ 331.089204][T12930] team0: Port device team_slave_1 added [ 331.224717][T12930] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 331.233180][T13006] sctp: [Deprecated]: syz.2.2083 (pid 13006) Use of int in maxseg socket option. [ 331.233180][T13006] Use struct sctp_assoc_value instead [ 331.253395][T12930] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 331.285650][T12930] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 331.287553][ T5849] Bluetooth: hci4: command tx timeout [ 331.315079][T12930] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 331.322263][T12930] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 331.359879][T12930] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 331.386960][T13011] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2085'. [ 331.396222][T13011] nbd: must specify a size in bytes for the device [ 331.440234][T12862] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 331.483735][T12862] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 331.504833][T12862] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 331.556736][T12862] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 331.621433][T12930] hsr_slave_0: entered promiscuous mode [ 331.628641][T12930] hsr_slave_1: entered promiscuous mode [ 331.635039][T12930] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 331.650947][T12930] Cannot create hsr debugfs directory [ 331.737656][ T53] IPVS: starting estimator thread 0... [ 331.743521][T13016] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 331.837898][T13018] IPVS: using max 27 ests per chain, 64800 per kthread [ 332.049474][T13027] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2091'. [ 332.154220][T13030] FAULT_INJECTION: forcing a failure. [ 332.154220][T13030] name failslab, interval 1, probability 0, space 0, times 0 [ 332.180828][T13030] CPU: 1 UID: 0 PID: 13030 Comm: syz.3.2093 Not tainted 6.15.0-rc3-syzkaller-00618-gff61a4a5dfc2 #0 PREEMPT(full) [ 332.180858][T13030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 332.180869][T13030] Call Trace: [ 332.180877][T13030] [ 332.180885][T13030] dump_stack_lvl+0x189/0x250 [ 332.180921][T13030] ? __pfx_dump_stack_lvl+0x10/0x10 [ 332.180950][T13030] ? __pfx__printk+0x10/0x10 [ 332.180978][T13030] ? __pfx___might_resched+0x10/0x10 [ 332.181002][T13030] should_fail_ex+0x414/0x560 [ 332.181039][T13030] ? translate_table+0x1a8/0x1f90 [ 332.181060][T13030] should_failslab+0xa8/0x100 [ 332.181088][T13030] __kvmalloc_node_noprof+0x168/0x5e0 [ 332.181115][T13030] ? translate_table+0x1a8/0x1f90 [ 332.181143][T13030] translate_table+0x1a8/0x1f90 [ 332.181210][T13030] ? __pfx_translate_table+0x10/0x10 [ 332.181260][T13030] ? _copy_from_user+0x94/0xb0 [ 332.181291][T13030] do_arpt_set_ctl+0x993/0xf10 [ 332.181317][T13030] ? __mutex_trylock_common+0x153/0x260 [ 332.181341][T13030] ? __pfx_do_arpt_set_ctl+0x10/0x10 [ 332.181367][T13030] ? rcu_is_watching+0x15/0xb0 [ 332.181414][T13030] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 332.181443][T13030] ? __pfx___mutex_lock+0x10/0x10 [ 332.181469][T13030] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 332.181511][T13030] ? smc_setsockopt+0x181/0xab0 [ 332.181537][T13030] ? __pfx___mutex_lock+0x10/0x10 [ 332.181564][T13030] ? rcu_read_lock_any_held+0xb3/0x120 [ 332.181592][T13030] nf_setsockopt+0x26c/0x290 [ 332.181616][T13030] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 332.181648][T13030] smc_setsockopt+0x22f/0xab0 [ 332.181680][T13030] ? __pfx_smc_setsockopt+0x10/0x10 [ 332.181709][T13030] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 332.181731][T13030] ? __pfx_smc_setsockopt+0x10/0x10 [ 332.181757][T13030] do_sock_setsockopt+0x257/0x3e0 [ 332.181781][T13030] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 332.181800][T13030] ? __fget_files+0x2a/0x420 [ 332.181831][T13030] ? __fget_files+0x3a0/0x420 [ 332.181855][T13030] ? __fget_files+0x2a/0x420 [ 332.181889][T13030] __x64_sys_setsockopt+0x18b/0x220 [ 332.181918][T13030] do_syscall_64+0xf6/0x210 [ 332.181946][T13030] ? clear_bhb_loop+0x45/0xa0 [ 332.181972][T13030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.181991][T13030] RIP: 0033:0x7f1e2778e969 [ 332.182013][T13030] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 332.182030][T13030] RSP: 002b:00007f1e2861d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 332.182051][T13030] RAX: ffffffffffffffda RBX: 00007f1e279b5fa0 RCX: 00007f1e2778e969 [ 332.182064][T13030] RDX: 0000000000000060 RSI: 0000000000000000 RDI: 0000000000000006 [ 332.182075][T13030] RBP: 00007f1e2861d090 R08: 0000000000000448 R09: 0000000000000000 [ 332.182088][T13030] R10: 0000200000001600 R11: 0000000000000246 R12: 0000000000000001 [ 332.182101][T13030] R13: 0000000000000000 R14: 00007f1e279b5fa0 R15: 00007ffcdd3e4d08 [ 332.182134][T13030] [ 332.488650][ T5849] Bluetooth: hci2: command tx timeout [ 332.643003][T13037] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2095'. [ 332.776143][T13041] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2096'. [ 332.785133][T13041] nbd: must specify a size in bytes for the device [ 332.879328][T13039] netlink: 236 bytes leftover after parsing attributes in process `syz.3.2095'. [ 333.072040][T12862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 333.271412][T12862] 8021q: adding VLAN 0 to HW filter on device team0 [ 333.323673][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 333.330899][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 333.374177][ T5849] Bluetooth: hci4: command tx timeout [ 333.402502][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 333.409737][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 333.469462][T12862] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 333.647013][T12930] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 333.659384][T12930] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 333.688204][T12930] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 333.714090][T12930] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 333.738611][T13070] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2102'. [ 333.753916][T13070] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2102'. [ 333.768329][T13070] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2102'. [ 333.791161][T13067] netlink: 165 bytes leftover after parsing attributes in process `syz.3.2102'. [ 333.893214][T13076] x_tables: duplicate underflow at hook 1 [ 333.956775][T12930] 8021q: adding VLAN 0 to HW filter on device bond0 [ 334.004226][T12930] 8021q: adding VLAN 0 to HW filter on device team0 [ 334.019277][T12862] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 334.054252][ T3460] bridge0: port 1(bridge_slave_0) entered blocking state [ 334.061538][ T3460] bridge0: port 1(bridge_slave_0) entered forwarding state [ 334.117904][ T3460] bridge0: port 2(bridge_slave_1) entered blocking state [ 334.125131][ T3460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 334.462841][T12862] veth0_vlan: entered promiscuous mode [ 334.496525][T12862] veth1_vlan: entered promiscuous mode [ 334.514110][T13092] vlan3: entered promiscuous mode [ 334.522527][T13094] __nla_validate_parse: 3 callbacks suppressed [ 334.522544][T13094] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2108'. [ 334.538926][T13094] nbd: must specify a size in bytes for the device [ 334.579499][T12930] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 334.623361][T12862] veth0_macvtap: entered promiscuous mode [ 334.634663][T12862] veth1_macvtap: entered promiscuous mode [ 334.701347][T12862] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 334.741812][T12862] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 334.760941][T12862] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.769894][T12862] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.774330][T13099] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2110'. [ 334.778811][T12862] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.803022][T12862] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.815085][T13101] block nbd0: NBD_DISCONNECT [ 334.845440][T13101] block nbd0: Send disconnect failed -107 [ 334.851640][T13101] block nbd0: Disconnected due to user request. [ 334.869035][T13101] block nbd0: shutting down sockets [ 334.880091][T12930] veth0_vlan: entered promiscuous mode [ 334.932122][T12930] veth1_vlan: entered promiscuous mode [ 334.969349][T12930] veth0_macvtap: entered promiscuous mode [ 334.990396][T12930] veth1_macvtap: entered promiscuous mode [ 335.021630][T12930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 335.036789][T12930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.050380][T12930] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 335.068861][T12930] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 335.081301][T12930] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.098216][T12930] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 335.111230][T12930] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.121421][T12930] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.131857][T12930] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.141275][T12930] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.445428][ T5849] Bluetooth: hci4: command tx timeout [ 350.067617][ T5851] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 350.077819][ T5851] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 350.088168][ T5851] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 350.096807][ T5851] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 350.104600][ T5851] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 350.267970][T13114] chnl_net:caif_netlink_parms(): no params data found [ 350.352934][T13114] bridge0: port 1(bridge_slave_0) entered blocking state [ 350.361392][T13114] bridge0: port 1(bridge_slave_0) entered disabled state [ 350.368672][T13114] bridge_slave_0: entered allmulticast mode [ 350.376916][T13114] bridge_slave_0: entered promiscuous mode [ 350.385636][T13114] bridge0: port 2(bridge_slave_1) entered blocking state [ 350.392769][T13114] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.400319][T13114] bridge_slave_1: entered allmulticast mode [ 350.409366][T13114] bridge_slave_1: entered promiscuous mode [ 350.446139][T13114] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 350.458733][T13114] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 350.497765][T13114] team0: Port device team_slave_0 added [ 350.505914][T13114] team0: Port device team_slave_1 added [ 350.538983][T13114] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 350.545974][T13114] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 350.572206][T13114] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 350.584350][T13114] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 350.591382][T13114] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 350.617319][T13114] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 350.668653][T13114] hsr_slave_0: entered promiscuous mode [ 350.675063][T13114] hsr_slave_1: entered promiscuous mode [ 350.681213][T13114] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 350.688823][T13114] Cannot create hsr debugfs directory [ 351.078134][ T5851] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 351.088848][ T5851] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 351.097313][ T5851] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 351.105592][ T5851] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 351.113381][ T5851] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 351.301196][T13124] chnl_net:caif_netlink_parms(): no params data found [ 351.383893][T13124] bridge0: port 1(bridge_slave_0) entered blocking state [ 351.391138][T13124] bridge0: port 1(bridge_slave_0) entered disabled state [ 351.398959][T13124] bridge_slave_0: entered allmulticast mode [ 351.406380][T13124] bridge_slave_0: entered promiscuous mode [ 351.414235][T13124] bridge0: port 2(bridge_slave_1) entered blocking state [ 351.421773][T13124] bridge0: port 2(bridge_slave_1) entered disabled state [ 351.429045][T13124] bridge_slave_1: entered allmulticast mode [ 351.437475][T13124] bridge_slave_1: entered promiscuous mode [ 351.475049][T13124] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 351.487927][T13124] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 351.528415][T13124] team0: Port device team_slave_0 added [ 351.537434][T13124] team0: Port device team_slave_1 added [ 351.570825][T13124] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 351.578309][T13124] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 351.606374][T13124] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 351.619247][T13124] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 351.626542][T13124] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 351.652596][T13124] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 351.702822][T13124] hsr_slave_0: entered promiscuous mode [ 351.709833][T13124] hsr_slave_1: entered promiscuous mode [ 351.716277][T13124] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 351.723845][T13124] Cannot create hsr debugfs directory [ 352.105193][ T5851] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 352.114575][ T5851] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 352.122983][ T5851] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 352.131907][ T5851] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 352.140850][ T5851] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 352.165797][ T5849] Bluetooth: hci5: command tx timeout [ 352.323495][T13134] chnl_net:caif_netlink_parms(): no params data found [ 352.429453][T13134] bridge0: port 1(bridge_slave_0) entered blocking state [ 352.436866][T13134] bridge0: port 1(bridge_slave_0) entered disabled state [ 352.444141][T13134] bridge_slave_0: entered allmulticast mode [ 352.452686][T13134] bridge_slave_0: entered promiscuous mode [ 352.460894][T13134] bridge0: port 2(bridge_slave_1) entered blocking state [ 352.468561][T13134] bridge0: port 2(bridge_slave_1) entered disabled state [ 352.475949][T13134] bridge_slave_1: entered allmulticast mode [ 352.483171][T13134] bridge_slave_1: entered promiscuous mode [ 352.523294][T13134] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 352.535439][T13134] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 352.575929][T13134] team0: Port device team_slave_0 added [ 352.583892][T13134] team0: Port device team_slave_1 added [ 352.616007][T13134] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 352.622979][T13134] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 352.649278][T13134] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 352.662094][T13134] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 352.670124][T13134] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 352.696330][T13134] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 352.746123][T13134] hsr_slave_0: entered promiscuous mode [ 352.752582][T13134] hsr_slave_1: entered promiscuous mode [ 352.758923][T13134] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 352.767038][T13134] Cannot create hsr debugfs directory [ 353.125432][ T5849] Bluetooth: hci6: command tx timeout [ 354.165758][ T5851] Bluetooth: hci7: command tx timeout [ 354.245524][ T5851] Bluetooth: hci5: command tx timeout [ 355.205380][ T5851] Bluetooth: hci6: command tx timeout [ 356.255370][ T5851] Bluetooth: hci7: command tx timeout [ 356.325386][ T5851] Bluetooth: hci5: command tx timeout [ 357.295363][ T5851] Bluetooth: hci6: command tx timeout [ 358.325391][ T5851] Bluetooth: hci7: command tx timeout [ 358.405443][ T5851] Bluetooth: hci5: command tx timeout [ 359.365451][ T5851] Bluetooth: hci6: command tx timeout [ 360.405371][ T5851] Bluetooth: hci7: command tx timeout [ 378.489358][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.824120][ T5849] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 385.832713][ T5849] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 385.841676][ T5849] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 385.852419][ T5849] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 385.861945][ T5849] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 386.035817][T13143] chnl_net:caif_netlink_parms(): no params data found [ 386.120037][T13143] bridge0: port 1(bridge_slave_0) entered blocking state [ 386.127459][T13143] bridge0: port 1(bridge_slave_0) entered disabled state [ 386.134784][T13143] bridge_slave_0: entered allmulticast mode [ 386.142342][T13143] bridge_slave_0: entered promiscuous mode [ 386.151013][T13143] bridge0: port 2(bridge_slave_1) entered blocking state [ 386.158335][T13143] bridge0: port 2(bridge_slave_1) entered disabled state [ 386.166723][T13143] bridge_slave_1: entered allmulticast mode [ 386.174167][T13143] bridge_slave_1: entered promiscuous mode [ 386.214479][T13143] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 386.227202][T13143] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 386.264565][T13143] team0: Port device team_slave_0 added [ 386.274133][T13143] team0: Port device team_slave_1 added [ 386.305992][T13143] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 386.312974][T13143] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 386.338929][T13143] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 386.354359][T13143] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 386.361436][T13143] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 386.388310][T13143] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 386.441510][T13143] hsr_slave_0: entered promiscuous mode [ 386.447910][T13143] hsr_slave_1: entered promiscuous mode [ 386.453975][T13143] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 386.461568][T13143] Cannot create hsr debugfs directory [ 386.599690][T13143] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.674075][T13143] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.751144][T13143] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.824903][T13143] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.160634][ T5849] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 387.169889][ T5849] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 387.177737][ T5849] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 387.187646][ T5849] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 387.195687][ T5849] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 387.373621][T13153] chnl_net:caif_netlink_parms(): no params data found [ 387.458666][T13153] bridge0: port 1(bridge_slave_0) entered blocking state [ 387.466214][T13153] bridge0: port 1(bridge_slave_0) entered disabled state [ 387.473409][T13153] bridge_slave_0: entered allmulticast mode [ 387.480694][T13153] bridge_slave_0: entered promiscuous mode [ 387.489393][T13153] bridge0: port 2(bridge_slave_1) entered blocking state [ 387.496638][T13153] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.503959][T13153] bridge_slave_1: entered allmulticast mode [ 387.512460][T13153] bridge_slave_1: entered promiscuous mode [ 387.550014][T13153] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 387.563334][T13153] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 387.601871][T13153] team0: Port device team_slave_0 added [ 387.613035][T13153] team0: Port device team_slave_1 added [ 387.646237][T13153] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 387.653224][T13153] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 387.679286][T13153] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 387.693262][T13153] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 387.700292][T13153] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 387.726422][T13153] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 387.777038][T13153] hsr_slave_0: entered promiscuous mode [ 387.783418][T13153] hsr_slave_1: entered promiscuous mode [ 387.790385][T13153] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 387.798021][T13153] Cannot create hsr debugfs directory [ 387.926048][ T5849] Bluetooth: hci8: command tx timeout [ 387.942309][T13153] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.996007][T13153] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.063252][T13153] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.139640][T13153] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.285655][ T5849] Bluetooth: hci9: command tx timeout [ 390.017027][ T5849] Bluetooth: hci8: command tx timeout [ 391.365402][ T5851] Bluetooth: hci9: command tx timeout [ 392.085571][ T5851] Bluetooth: hci8: command tx timeout [ 393.445406][ T5851] Bluetooth: hci9: command tx timeout [ 394.165448][ T5851] Bluetooth: hci8: command tx timeout [ 395.525406][ T5851] Bluetooth: hci9: command tx timeout [ 410.152554][ T5849] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 410.161347][ T5849] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 410.169790][ T5849] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 410.178703][ T5849] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 410.187720][ T5849] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 410.360632][T13162] chnl_net:caif_netlink_parms(): no params data found [ 410.449732][T13162] bridge0: port 1(bridge_slave_0) entered blocking state [ 410.457296][T13162] bridge0: port 1(bridge_slave_0) entered disabled state [ 410.464479][T13162] bridge_slave_0: entered allmulticast mode [ 410.472714][T13162] bridge_slave_0: entered promiscuous mode [ 410.481400][T13162] bridge0: port 2(bridge_slave_1) entered blocking state [ 410.493080][T13162] bridge0: port 2(bridge_slave_1) entered disabled state [ 410.504277][T13162] bridge_slave_1: entered allmulticast mode [ 410.511681][T13162] bridge_slave_1: entered promiscuous mode [ 410.551179][T13162] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 410.564679][T13162] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 410.608025][T13162] team0: Port device team_slave_0 added [ 410.617467][T13162] team0: Port device team_slave_1 added [ 410.651053][T13162] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 410.658154][T13162] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 410.684654][T13162] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 410.697980][T13162] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 410.704939][T13162] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 410.731668][T13162] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 410.789855][T13162] hsr_slave_0: entered promiscuous mode [ 410.798031][T13162] hsr_slave_1: entered promiscuous mode [ 410.804164][T13162] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 410.812874][T13162] Cannot create hsr debugfs directory [ 411.216096][ T5849] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 411.225985][ T5849] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 411.233947][ T5849] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 411.245448][ T5849] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 411.254603][ T5849] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 411.483590][T13172] chnl_net:caif_netlink_parms(): no params data found [ 411.576381][T13172] bridge0: port 1(bridge_slave_0) entered blocking state [ 411.583653][T13172] bridge0: port 1(bridge_slave_0) entered disabled state [ 411.591352][T13172] bridge_slave_0: entered allmulticast mode [ 411.598957][T13172] bridge_slave_0: entered promiscuous mode [ 411.608679][T13172] bridge0: port 2(bridge_slave_1) entered blocking state [ 411.616521][T13172] bridge0: port 2(bridge_slave_1) entered disabled state [ 411.623832][T13172] bridge_slave_1: entered allmulticast mode [ 411.631155][T13172] bridge_slave_1: entered promiscuous mode [ 411.669029][T13172] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 411.682046][T13172] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 411.724399][T13172] team0: Port device team_slave_0 added [ 411.733221][T13172] team0: Port device team_slave_1 added [ 411.775056][T13172] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 411.782464][T13172] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 411.808997][T13172] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 411.821693][T13172] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 411.828789][T13172] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 411.854892][T13172] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 411.908085][T13172] hsr_slave_0: entered promiscuous mode [ 411.914538][T13172] hsr_slave_1: entered promiscuous mode [ 411.920790][T13172] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 411.928558][T13172] Cannot create hsr debugfs directory [ 412.245600][ T5851] Bluetooth: hci10: command tx timeout [ 412.675864][ T5849] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 412.684498][ T5849] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 412.692395][ T5849] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 412.700743][ T5849] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 412.714135][ T5849] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 412.919845][T13182] chnl_net:caif_netlink_parms(): no params data found [ 413.013595][T13182] bridge0: port 1(bridge_slave_0) entered blocking state [ 413.020981][T13182] bridge0: port 1(bridge_slave_0) entered disabled state [ 413.028310][T13182] bridge_slave_0: entered allmulticast mode [ 413.035837][T13182] bridge_slave_0: entered promiscuous mode [ 413.044862][T13182] bridge0: port 2(bridge_slave_1) entered blocking state [ 413.052615][T13182] bridge0: port 2(bridge_slave_1) entered disabled state [ 413.060166][T13182] bridge_slave_1: entered allmulticast mode [ 413.068352][T13182] bridge_slave_1: entered promiscuous mode [ 413.106886][T13182] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 413.121204][T13182] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 413.162012][T13182] team0: Port device team_slave_0 added [ 413.172530][T13182] team0: Port device team_slave_1 added [ 413.208165][T13182] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 413.215159][T13182] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 413.242001][T13182] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 413.254624][T13182] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 413.261681][T13182] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 413.288011][ T5851] Bluetooth: hci11: command tx timeout [ 413.293624][T13182] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 413.346521][T13182] hsr_slave_0: entered promiscuous mode [ 413.353479][T13182] hsr_slave_1: entered promiscuous mode [ 413.360368][T13182] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 413.368036][T13182] Cannot create hsr debugfs directory [ 414.325642][ T5851] Bluetooth: hci10: command tx timeout [ 414.805451][ T5851] Bluetooth: hci12: command tx timeout [ 415.365445][ T5851] Bluetooth: hci11: command tx timeout [ 416.405407][ T5851] Bluetooth: hci10: command tx timeout [ 416.885444][ T5851] Bluetooth: hci12: command tx timeout [ 417.445439][ T5851] Bluetooth: hci11: command tx timeout [ 418.485466][ T5851] Bluetooth: hci10: command tx timeout [ 418.975364][ T5851] Bluetooth: hci12: command tx timeout [ 419.525582][ T5851] Bluetooth: hci11: command tx timeout [ 421.045529][ T5851] Bluetooth: hci12: command tx timeout [ 439.929492][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 447.126580][ T5852] Bluetooth: hci2: command 0x0406 tx timeout [ 447.536846][ T5852] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 447.545892][ T5852] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 447.553694][ T5852] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 447.562954][ T5852] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 447.570842][ T5852] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 447.797312][T13192] chnl_net:caif_netlink_parms(): no params data found [ 448.025972][T13192] bridge0: port 1(bridge_slave_0) entered blocking state [ 448.037504][ T5852] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 448.038366][T13192] bridge0: port 1(bridge_slave_0) entered disabled state [ 448.047417][ T5852] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 448.059848][T13192] bridge_slave_0: entered allmulticast mode [ 448.060723][ T5852] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 448.074098][ T5852] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 448.077419][T13192] bridge_slave_0: entered promiscuous mode [ 448.082107][ T5852] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 448.102645][T13192] bridge0: port 2(bridge_slave_1) entered blocking state [ 448.116759][T13192] bridge0: port 2(bridge_slave_1) entered disabled state [ 448.124036][T13192] bridge_slave_1: entered allmulticast mode [ 448.132624][T13192] bridge_slave_1: entered promiscuous mode [ 448.178307][T13192] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 448.191755][T13192] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 448.244573][T13192] team0: Port device team_slave_0 added [ 448.259626][T13192] team0: Port device team_slave_1 added [ 448.321305][T13192] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 448.328404][T13192] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 448.354435][T13192] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 448.371853][T13192] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 448.379006][T13192] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 448.404959][T13192] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 448.478750][T13192] hsr_slave_0: entered promiscuous mode [ 448.485123][T13192] hsr_slave_1: entered promiscuous mode [ 448.492694][T13192] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 448.500669][T13192] Cannot create hsr debugfs directory [ 448.764178][T13202] chnl_net:caif_netlink_parms(): no params data found [ 448.886791][T13202] bridge0: port 1(bridge_slave_0) entered blocking state [ 448.894048][T13202] bridge0: port 1(bridge_slave_0) entered disabled state [ 448.901493][T13202] bridge_slave_0: entered allmulticast mode [ 448.908811][T13202] bridge_slave_0: entered promiscuous mode [ 448.918550][T13202] bridge0: port 2(bridge_slave_1) entered blocking state [ 448.925812][T13202] bridge0: port 2(bridge_slave_1) entered disabled state [ 448.932993][T13202] bridge_slave_1: entered allmulticast mode [ 448.940381][T13202] bridge_slave_1: entered promiscuous mode [ 449.001454][T13202] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 449.024094][T13202] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 449.079306][T13202] team0: Port device team_slave_0 added [ 449.090219][T13202] team0: Port device team_slave_1 added [ 449.157358][T13202] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 449.164484][T13202] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 449.191069][T13202] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 449.203832][T13202] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 449.211359][T13202] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 449.239563][T13202] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 449.294549][T13202] hsr_slave_0: entered promiscuous mode [ 449.301490][T13202] hsr_slave_1: entered promiscuous mode [ 449.308015][T13202] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 449.316079][T13202] Cannot create hsr debugfs directory [ 449.605661][ T5851] Bluetooth: hci13: command tx timeout [ 450.167064][ T5851] Bluetooth: hci14: command tx timeout [ 451.685326][ T5851] Bluetooth: hci13: command tx timeout [ 452.245677][ T5851] Bluetooth: hci14: command tx timeout [ 453.775457][ T5851] Bluetooth: hci13: command tx timeout [ 454.325716][ T5851] Bluetooth: hci14: command tx timeout [ 455.845471][ T5852] Bluetooth: hci13: command tx timeout [ 456.405432][ T5852] Bluetooth: hci14: command tx timeout [ 457.365379][ T5852] Bluetooth: hci4: command 0x0406 tx timeout [ 470.268877][ T5852] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 470.279174][ T5852] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 470.287928][ T5852] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 470.296492][ T5852] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 470.304673][ T5852] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 470.496446][T13212] chnl_net:caif_netlink_parms(): no params data found [ 470.586508][T13212] bridge0: port 1(bridge_slave_0) entered blocking state [ 470.593652][T13212] bridge0: port 1(bridge_slave_0) entered disabled state [ 470.601490][T13212] bridge_slave_0: entered allmulticast mode [ 470.609721][T13212] bridge_slave_0: entered promiscuous mode [ 470.618493][T13212] bridge0: port 2(bridge_slave_1) entered blocking state [ 470.625996][T13212] bridge0: port 2(bridge_slave_1) entered disabled state [ 470.633185][T13212] bridge_slave_1: entered allmulticast mode [ 470.641044][T13212] bridge_slave_1: entered promiscuous mode [ 470.686584][T13212] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 470.699509][T13212] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 470.742881][T13212] team0: Port device team_slave_0 added [ 470.752896][T13212] team0: Port device team_slave_1 added [ 470.789482][T13212] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 470.796744][T13212] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 470.822909][T13212] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 470.836685][T13212] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 470.843649][T13212] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 470.870036][T13212] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 470.928788][T13212] hsr_slave_0: entered promiscuous mode [ 470.935979][T13212] hsr_slave_1: entered promiscuous mode [ 470.942154][T13212] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 470.949921][T13212] Cannot create hsr debugfs directory [ 471.319875][ T5849] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 471.330074][ T5849] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 471.338278][ T5849] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 471.347759][ T5849] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 471.362113][ T5849] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 471.684258][T13222] chnl_net:caif_netlink_parms(): no params data found [ 471.790630][T13222] bridge0: port 1(bridge_slave_0) entered blocking state [ 471.798118][T13222] bridge0: port 1(bridge_slave_0) entered disabled state [ 471.805749][T13222] bridge_slave_0: entered allmulticast mode [ 471.813578][T13222] bridge_slave_0: entered promiscuous mode [ 471.822790][T13222] bridge0: port 2(bridge_slave_1) entered blocking state [ 471.830409][T13222] bridge0: port 2(bridge_slave_1) entered disabled state [ 471.837980][T13222] bridge_slave_1: entered allmulticast mode [ 471.845358][T13222] bridge_slave_1: entered promiscuous mode [ 471.884225][T13222] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 471.898714][T13222] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 471.944307][T13222] team0: Port device team_slave_0 added [ 471.952700][T13222] team0: Port device team_slave_1 added [ 471.988213][T13222] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 471.995428][T13222] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 472.022093][T13222] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 472.036828][T13222] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 472.043802][T13222] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 472.069928][T13222] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 472.135128][T13222] hsr_slave_0: entered promiscuous mode [ 472.142380][T13222] hsr_slave_1: entered promiscuous mode [ 472.149200][T13222] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 472.156836][T13222] Cannot create hsr debugfs directory [ 472.406062][ T5852] Bluetooth: hci15: command tx timeout [ 472.728329][ T5852] Bluetooth: hci5: command 0x0406 tx timeout [ 472.852170][ T5851] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 472.861782][ T5851] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 472.872160][ T5851] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 472.884787][ T5851] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 472.893649][ T5851] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 473.096317][T13232] chnl_net:caif_netlink_parms(): no params data found [ 473.228077][T13232] bridge0: port 1(bridge_slave_0) entered blocking state [ 473.235408][T13232] bridge0: port 1(bridge_slave_0) entered disabled state [ 473.242962][T13232] bridge_slave_0: entered allmulticast mode [ 473.250703][T13232] bridge_slave_0: entered promiscuous mode [ 473.258985][T13232] bridge0: port 2(bridge_slave_1) entered blocking state [ 473.266812][T13232] bridge0: port 2(bridge_slave_1) entered disabled state [ 473.274100][T13232] bridge_slave_1: entered allmulticast mode [ 473.282126][T13232] bridge_slave_1: entered promiscuous mode [ 473.322321][T13232] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 473.336112][T13232] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 473.377782][T13232] team0: Port device team_slave_0 added [ 473.386651][T13232] team0: Port device team_slave_1 added [ 473.424530][T13232] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 473.431707][T13232] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 473.458529][T13232] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 473.469778][ T5851] Bluetooth: hci16: command tx timeout [ 473.478721][T13232] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 473.486345][T13232] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 473.512754][T13232] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 473.572132][T13232] hsr_slave_0: entered promiscuous mode [ 473.578977][T13232] hsr_slave_1: entered promiscuous mode [ 473.585762][T13232] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 473.593358][T13232] Cannot create hsr debugfs directory [ 474.486109][ T5851] Bluetooth: hci15: command tx timeout [ 474.965509][ T5851] Bluetooth: hci17: command tx timeout [ 475.526246][ T5851] Bluetooth: hci16: command tx timeout [ 476.565999][ T5853] Bluetooth: hci15: command tx timeout [ 477.058052][ T5853] Bluetooth: hci17: command tx timeout [ 477.606955][ T5853] Bluetooth: hci16: command tx timeout [ 477.847432][ T5849] Bluetooth: hci7: command 0x0406 tx timeout [ 477.853520][ T5853] Bluetooth: hci6: command 0x0406 tx timeout [ 478.655909][ T5851] Bluetooth: hci15: command tx timeout [ 479.125513][ T5851] Bluetooth: hci17: command tx timeout [ 479.686254][ T5851] Bluetooth: hci16: command tx timeout [ 481.205762][ T5851] Bluetooth: hci17: command tx timeout [ 484.085856][ T31] INFO: task syz-executor:12862 blocked for more than 143 seconds. [ 484.093802][ T31] Not tainted 6.15.0-rc3-syzkaller-00618-gff61a4a5dfc2 #0 [ 484.101582][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 484.110395][ T31] task:syz-executor state:D stack:21880 pid:12862 tgid:12862 ppid:1 task_flags:0x400140 flags:0x00000004 [ 484.122400][ T31] Call Trace: [ 484.125740][ T31] [ 484.128696][ T31] __schedule+0x16e2/0x4cd0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 484.133329][ T31] ? __lock_acquire+0xaac/0xd20 [ 484.138281][ T31] ? schedule+0x165/0x360 [ 484.142640][ T31] ? __pfx___schedule+0x10/0x10 [ 484.148034][ T31] ? schedule+0x91/0x360 [ 484.152343][ T31] schedule+0x165/0x360 [ 484.156944][ T31] schedule_preempt_disabled+0x13/0x30 [ 484.162620][ T31] __mutex_lock+0x724/0xe80 [ 484.167244][ T31] ? __mutex_lock+0x51b/0xe80 [ 484.171996][ T31] ? genl_rcv_msg+0x10d/0x790 [ 484.176797][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 484.181873][ T31] ? __dev_queue_xmit+0x27e/0x3a70 [ 484.187115][ T31] ? radix_tree_lookup+0x240/0x290 [ 484.215270][ T31] genl_rcv_msg+0x10d/0x790 [ 484.219860][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 484.224921][ T31] ? ref_tracker_free+0x63a/0x7d0 [ 484.260731][ T31] ? __copy_skb_header+0xa7/0x550 [ 484.266103][ T31] netlink_rcv_skb+0x219/0x490 [ 484.270907][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 484.276044][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 484.281392][ T31] ? down_read+0x1ad/0x2e0 [ 484.285932][ T31] genl_rcv+0x28/0x40 [ 484.289929][ T31] netlink_unicast+0x758/0x8d0 [ 484.294740][ T31] netlink_sendmsg+0x805/0xb30 [ 484.299613][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 484.304901][ T31] ? aa_sock_msg_perm+0x94/0x160 [ 484.309913][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 484.315377][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 484.320689][ T31] __sock_sendmsg+0x219/0x270 [ 484.325607][ T31] __sys_sendto+0x3bd/0x520 [ 484.330130][ T31] ? __pfx___sys_sendto+0x10/0x10 [ 484.335243][ T31] ? fd_install+0x97/0x540 [ 484.339689][ T31] ? fd_install+0x30d/0x540 [ 484.344232][ T31] __x64_sys_sendto+0xde/0x100 [ 484.349068][ T31] do_syscall_64+0xf6/0x210 [ 484.353590][ T31] ? clear_bhb_loop+0x45/0xa0 [ 484.358319][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 484.364306][ T31] RIP: 0033:0x7f707a3907fc [ 484.369007][ T31] RSP: 002b:00007ffca24e0ce0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 484.377506][ T31] RAX: ffffffffffffffda RBX: 00007f707b0e4620 RCX: 00007f707a3907fc [ 484.385594][ T31] RDX: 0000000000000028 RSI: 00007f707b0e4670 RDI: 0000000000000003 [ 484.393594][ T31] RBP: 0000000000000000 R08: 00007ffca24e0d34 R09: 000000000000000c [ 484.401630][ T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 484.409948][ T31] R13: 00007ffca24e0d88 R14: 00007f707b0e4670 R15: 0000000000000000 [ 484.418738][ T31] [ 484.421789][ T31] INFO: task syz-executor:12930 blocked for more than 143 seconds. [ 484.429869][ T31] Not tainted 6.15.0-rc3-syzkaller-00618-gff61a4a5dfc2 #0 [ 484.437788][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 484.446593][ T31] task:syz-executor state:D stack:21352 pid:12930 tgid:12930 ppid:1 task_flags:0x400140 flags:0x00000004 [ 484.458608][ T31] Call Trace: [ 484.461918][ T31] [ 484.464849][ T31] __schedule+0x16e2/0x4cd0 [ 484.469565][ T31] ? __lock_acquire+0xaac/0xd20 [ 484.474452][ T31] ? schedule+0x165/0x360 [ 484.478974][ T31] ? __pfx___schedule+0x10/0x10 [ 484.483856][ T31] ? schedule+0x91/0x360 [ 484.488418][ T31] schedule+0x165/0x360 [ 484.492598][ T31] schedule_preempt_disabled+0x13/0x30 [ 484.498118][ T31] __mutex_lock+0x724/0xe80 [ 484.502654][ T31] ? __mutex_lock+0x51b/0xe80 [ 484.507732][ T31] ? genl_rcv_msg+0x10d/0x790 [ 484.512436][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 484.517556][ T31] ? __dev_queue_xmit+0x27e/0x3a70 [ 484.522732][ T31] ? radix_tree_lookup+0x240/0x290 [ 484.528008][ T31] genl_rcv_msg+0x10d/0x790 [ 484.532549][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 484.537720][ T31] ? ref_tracker_free+0x63a/0x7d0 [ 484.542797][ T31] ? __copy_skb_header+0xa7/0x550 [ 484.548014][ T31] netlink_rcv_skb+0x219/0x490 [ 484.552812][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 484.557890][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 484.563236][ T31] ? down_read+0x1ad/0x2e0 [ 484.573680][ T31] genl_rcv+0x28/0x40 [ 484.577767][ T31] netlink_unicast+0x758/0x8d0 [ 484.583282][ T31] netlink_sendmsg+0x805/0xb30 [ 484.588481][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 484.593912][ T31] ? aa_sock_msg_perm+0x94/0x160 [ 484.599171][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 484.605288][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 484.611175][ T31] __sock_sendmsg+0x219/0x270 [ 484.616204][ T31] __sys_sendto+0x3bd/0x520 [ 484.621181][ T31] ? __pfx___sys_sendto+0x10/0x10 [ 484.627040][ T31] ? fd_install+0x97/0x540 [ 484.632118][ T31] ? fd_install+0x30d/0x540 [ 484.636748][ T31] __x64_sys_sendto+0xde/0x100 [ 484.641627][ T31] do_syscall_64+0xf6/0x210 [ 484.646703][ T31] ? clear_bhb_loop+0x45/0xa0 [ 484.651638][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 484.657762][ T31] RIP: 0033:0x7fb0087907fc [ 484.662243][ T31] RSP: 002b:00007fff665c5810 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 484.670759][ T31] RAX: ffffffffffffffda RBX: 00007fb0094e4620 RCX: 00007fb0087907fc [ 484.678845][ T31] RDX: 0000000000000028 RSI: 00007fb0094e4670 RDI: 0000000000000003 [ 484.686937][ T31] RBP: 0000000000000000 R08: 00007fff665c5864 R09: 000000000000000c [ 484.694917][ T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 484.702937][ T31] R13: 00007fff665c58b8 R14: 00007fb0094e4670 R15: 0000000000000000 [ 484.711048][ T31] [ 484.714129][ T31] INFO: task syz.0.2111:13101 blocked for more than 143 seconds. [ 484.721914][ T31] Not tainted 6.15.0-rc3-syzkaller-00618-gff61a4a5dfc2 #0 [ 484.733452][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 484.742490][ T31] task:syz.0.2111 state:D stack:25448 pid:13101 tgid:13100 ppid:5832 task_flags:0x400140 flags:0x00004004 [ 484.754607][ T31] Call Trace: [ 484.757964][ T31] [ 484.760919][ T31] __schedule+0x16e2/0x4cd0 [ 484.765642][ T31] ? validate_chain+0x897/0x2140 [ 484.770607][ T31] ? schedule+0x165/0x360 [ 484.775092][ T31] ? __pfx___schedule+0x10/0x10 [ 484.780042][ T31] ? schedule+0x91/0x360 [ 484.784292][ T31] schedule+0x165/0x360 [ 484.788502][ T31] schedule_timeout+0x9a/0x270 [ 484.793271][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 484.798745][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 484.803965][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 484.809489][ T31] ? wait_for_completion+0x267/0x5d0 [ 484.814782][ T31] wait_for_completion+0x2bf/0x5d0 [ 484.820116][ T31] ? __pfx_wait_for_completion+0x10/0x10 [ 484.825795][ T31] ? flush_workqueue_prep_pwqs+0x47c/0x4f0 [ 484.831620][ T31] ? check_flush_dependency+0x88/0x400 [ 484.837302][ T31] __flush_workqueue+0x6f7/0x14b0 [ 484.842363][ T31] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 484.848320][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 484.853559][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 484.859103][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 484.865032][ T31] ? __wake_up_common_lock+0x190/0x1f0 [ 484.870554][ T31] nbd_disconnect_and_put+0x9e/0x2a0 [ 484.876169][ T31] nbd_genl_disconnect+0x485/0x570 [ 484.881321][ T31] ? __pfx_nbd_genl_disconnect+0x10/0x10 [ 484.887665][ T31] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 484.894036][ T31] genl_family_rcv_msg_doit+0x212/0x300 [ 484.899812][ T31] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 484.905964][ T31] ? stack_depot_save_flags+0x40/0x910 [ 484.911507][ T31] genl_rcv_msg+0x60e/0x790 [ 484.916106][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 484.921164][ T31] ? __pfx_nbd_genl_disconnect+0x10/0x10 [ 484.927047][ T31] netlink_rcv_skb+0x219/0x490 [ 484.931825][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 484.937001][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 484.942338][ T31] ? down_read+0x1ad/0x2e0 [ 484.946824][ T31] genl_rcv+0x28/0x40 [ 484.950837][ T31] netlink_unicast+0x758/0x8d0 [ 484.955708][ T31] netlink_sendmsg+0x805/0xb30 [ 484.960511][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 484.966419][ T31] ? aa_sock_msg_perm+0x94/0x160 [ 484.971393][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 484.976736][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 484.982180][ T31] __sock_sendmsg+0x219/0x270 [ 484.987044][ T31] ____sys_sendmsg+0x505/0x830 [ 484.991819][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 484.997237][ T31] ? import_iovec+0x74/0xa0 [ 485.001769][ T31] ___sys_sendmsg+0x21f/0x2a0 [ 485.006546][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 485.011813][ T31] ? __fget_files+0x2a/0x420 [ 485.016499][ T31] ? __fget_files+0x3a0/0x420 [ 485.021207][ T31] __x64_sys_sendmsg+0x19b/0x260 [ 485.026212][ T31] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 485.031703][ T31] ? do_syscall_64+0xba/0x210 [ 485.036661][ T31] do_syscall_64+0xf6/0x210 [ 485.041198][ T31] ? clear_bhb_loop+0x45/0xa0 [ 485.046057][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.052022][ T31] RIP: 0033:0x7f0c9618e969 [ 485.056536][ T31] RSP: 002b:00007f0c96f2a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 485.064968][ T31] RAX: ffffffffffffffda RBX: 00007f0c963b5fa0 RCX: 00007f0c9618e969 [ 485.073006][ T31] RDX: 00000000200000c0 RSI: 0000200000000280 RDI: 0000000000000005 [ 485.081269][ T31] RBP: 00007f0c96210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 485.089314][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 485.097481][ T31] R13: 0000000000000000 R14: 00007f0c963b5fa0 R15: 00007ffdf3203448 [ 485.105522][ T31] [ 485.108549][ T31] INFO: task syz.2.2114:13107 blocked for more than 144 seconds. [ 485.121224][ T31] Not tainted 6.15.0-rc3-syzkaller-00618-gff61a4a5dfc2 #0 [ 485.128959][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 485.137693][ T31] task:syz.2.2114 state:D stack:24696 pid:13107 tgid:13106 ppid:5837 task_flags:0x400140 flags:0x00000004 [ 485.149947][ T31] Call Trace: [ 485.153254][ T31] [ 485.156267][ T31] __schedule+0x16e2/0x4cd0 [ 485.160814][ T31] ? __lock_acquire+0xaac/0xd20 [ 485.165749][ T31] ? schedule+0x165/0x360 [ 485.170101][ T31] ? __pfx___schedule+0x10/0x10 [ 485.174963][ T31] ? schedule+0x91/0x360 [ 485.179355][ T31] schedule+0x165/0x360 [ 485.183643][ T31] schedule_preempt_disabled+0x13/0x30 [ 485.189156][ T31] __mutex_lock+0x724/0xe80 [ 485.193684][ T31] ? __mutex_lock+0x51b/0xe80 [ 485.198567][ T31] ? genl_rcv_msg+0x10d/0x790 [ 485.203270][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 485.208549][ T31] ? stack_depot_save_flags+0x40/0x910 [ 485.214041][ T31] ? radix_tree_lookup+0x240/0x290 [ 485.219235][ T31] genl_rcv_msg+0x10d/0x790 [ 485.223772][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 485.228865][ T31] ? __lock_acquire+0xaac/0xd20 [ 485.233748][ T31] netlink_rcv_skb+0x219/0x490 [ 485.238618][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 485.243664][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 485.249045][ T31] ? down_read+0x1ad/0x2e0 [ 485.253534][ T31] genl_rcv+0x28/0x40 [ 485.257821][ T31] netlink_unicast+0x758/0x8d0 [ 485.262616][ T31] netlink_sendmsg+0x805/0xb30 [ 485.267582][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 485.272893][ T31] ? aa_sock_msg_perm+0x94/0x160 [ 485.277961][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 485.283265][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 485.288849][ T31] __sock_sendmsg+0x219/0x270 [ 485.293563][ T31] __sys_sendto+0x3bd/0x520 [ 485.298136][ T31] ? __pfx___sys_sendto+0x10/0x10 [ 485.303186][ T31] ? count_memcg_event_mm+0x92/0x3b0 [ 485.308603][ T31] __x64_sys_sendto+0xde/0x100 [ 485.313386][ T31] do_syscall_64+0xf6/0x210 [ 485.318025][ T31] ? clear_bhb_loop+0x45/0xa0 [ 485.322710][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.328665][ T31] RIP: 0033:0x7fca0a7907fc [ 485.333104][ T31] RSP: 002b:00007fca0b63dec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 485.341598][ T31] RAX: ffffffffffffffda RBX: 00007fca0b63dfc0 RCX: 00007fca0a7907fc [ 485.349638][ T31] RDX: 0000000000000020 RSI: 00007fca0b63e010 RDI: 0000000000000009 [ 485.357664][ T31] RBP: 0000000000000000 R08: 00007fca0b63df14 R09: 000000000000000c [ 485.365921][ T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000009 [ 485.373908][ T31] R13: 00007fca0b63df68 R14: 00007fca0b63e010 R15: 0000000000000000 [ 485.382100][ T31] [ 485.385144][ T31] INFO: task syz.3.2115:13111 blocked for more than 144 seconds. [ 485.393087][ T31] Not tainted 6.15.0-rc3-syzkaller-00618-gff61a4a5dfc2 #0 [ 485.400849][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 485.409596][ T31] task:syz.3.2115 state:D stack:26296 pid:13111 tgid:13110 ppid:5830 task_flags:0x400140 flags:0x00000004 [ 485.421611][ T31] Call Trace: [ 485.424907][ T31] [ 485.428005][ T31] __schedule+0x16e2/0x4cd0 [ 485.432526][ T31] ? is_bpf_text_address+0x26/0x2b0 [ 485.437835][ T31] ? __lock_acquire+0xaac/0xd20 [ 485.442704][ T31] ? schedule+0x165/0x360 [ 485.447400][ T31] ? __pfx___schedule+0x10/0x10 [ 485.452309][ T31] ? schedule+0x91/0x360 [ 485.456645][ T31] schedule+0x165/0x360 [ 485.460832][ T31] schedule_preempt_disabled+0x13/0x30 [ 485.466374][ T31] __mutex_lock+0x724/0xe80 [ 485.470906][ T31] ? __mutex_lock+0x51b/0xe80 [ 485.475887][ T31] ? genl_rcv_msg+0x10d/0x790 [ 485.480598][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 485.485722][ T31] ? stack_depot_save_flags+0x40/0x910 [ 485.491337][ T31] ? radix_tree_lookup+0x240/0x290 [ 485.496534][ T31] genl_rcv_msg+0x10d/0x790 [ 485.501065][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 485.506152][ T31] ? __lock_acquire+0xaac/0xd20 [ 485.511039][ T31] netlink_rcv_skb+0x219/0x490 [ 485.515910][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 485.520958][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 485.526401][ T31] ? down_read+0x1ad/0x2e0 [ 485.530844][ T31] genl_rcv+0x28/0x40 [ 485.534824][ T31] netlink_unicast+0x758/0x8d0 [ 485.539810][ T31] netlink_sendmsg+0x805/0xb30 [ 485.544604][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 485.549945][ T31] ? aa_sock_msg_perm+0x94/0x160 [ 485.554903][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 485.560276][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 485.565639][ T31] __sock_sendmsg+0x219/0x270 [ 485.570353][ T31] __sys_sendto+0x3bd/0x520 [ 485.574873][ T31] ? __pfx___sys_sendto+0x10/0x10 [ 485.579983][ T31] ? count_memcg_event_mm+0x92/0x3b0 [ 485.585572][ T31] __x64_sys_sendto+0xde/0x100 [ 485.590366][ T31] do_syscall_64+0xf6/0x210 [ 485.595033][ T31] ? clear_bhb_loop+0x45/0xa0 [ 485.599797][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.606874][ T31] RIP: 0033:0x7f1e277907fc [ 485.611323][ T31] RSP: 002b:00007f1e2861bec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 485.620027][ T31] RAX: ffffffffffffffda RBX: 00007f1e2861bfc0 RCX: 00007f1e277907fc [ 485.628118][ T31] RDX: 0000000000000020 RSI: 00007f1e2861c010 RDI: 0000000000000010 [ 485.636185][ T31] RBP: 0000000000000000 R08: 00007f1e2861bf14 R09: 000000000000000c [ 485.644163][ T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000010 [ 485.652236][ T31] R13: 00007f1e2861bf68 R14: 00007f1e2861c010 R15: 0000000000000000 [ 485.660290][ T31] [ 485.663359][ T31] [ 485.663359][ T31] Showing all locks held in the system: [ 485.671223][ T31] 1 lock held by khungtaskd/31: [ 485.676147][ T31] #0: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 485.686653][ T31] 2 locks held by kworker/u8:3/52: [ 485.691780][ T31] #0: ffff8880b8939b58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 485.701989][ T31] #1: ffff8880b8923b08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39e/0x6d0 [ 485.713518][ T31] 2 locks held by kworker/u9:0/55: [ 485.718737][ T31] #0: ffff888024865948 ((wq_completion)nbd0-recv){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0 [ 485.730058][ T31] #1: ffffc9000121fc60 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0 [ 485.741909][ T31] 2 locks held by getty/5588: [ 485.746634][ T31] #0: ffff88803051f0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 485.756573][ T31] #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 485.767017][ T31] 2 locks held by syz-executor/12862: [ 485.772412][ T31] #0: ffffffff8f358170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 485.780712][ T31] #1: ffffffff8f357f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 485.789819][ T31] 2 locks held by syz-executor/12930: [ 485.795242][ T31] #0: ffffffff8f358170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 485.803595][ T31] #1: ffffffff8f357f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 485.812764][ T31] 3 locks held by syz.0.2111/13101: [ 485.818002][ T31] #0: ffffffff8f358170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 485.826276][ T31] #1: ffffffff8f357f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 485.835347][ T31] #2: ffff888024861998 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_disconnect_and_put+0x2f/0x2a0 [ 485.845766][ T31] 2 locks held by syz.2.2114/13107: [ 485.850948][ T31] #0: ffffffff8f358170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 485.859210][ T31] #1: ffffffff8f357f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 485.868403][ T31] 2 locks held by syz.3.2115/13111: [ 485.873604][ T31] #0: ffffffff8f358170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 485.881845][ T31] #1: ffffffff8f357f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 485.890897][ T31] 2 locks held by syz-executor/13114: [ 485.896374][ T31] #0: ffffffff8f358170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 485.904745][ T31] #1: ffffffff8f357f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 485.913774][ T31] 2 locks held by syz-executor/13124: [ 485.919391][ T31] #0: ffffffff8f358170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 485.928303][ T31] #1: ffffffff8f357f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 485.937467][ T31] 2 locks held by syz-executor/13134: [ 485.942938][ T31] #0: ffffffff8f358170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 485.951194][ T31] #1: ffffffff8f357f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 485.960264][ T31] 2 locks held by syz-executor/13143: [ 485.965697][ T31] #0: ffffffff8f358170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 485.973915][ T31] #1: ffffffff8f357f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 485.983010][ T31] 2 locks held by syz-executor/13153: [ 485.988424][ T31] #0: ffffffff8f358170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 485.996698][ T31] #1: ffffffff8f357f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 486.006332][ T31] 2 locks held by syz-executor/13162: [ 486.011734][ T31] #0: ffffffff8f358170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 486.020037][ T31] #1: ffffffff8f357f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 486.029309][ T31] 2 locks held by syz-executor/13172: [ 486.034693][ T31] #0: ffffffff8f358170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 486.043024][ T31] #1: ffffffff8f357f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 486.052081][ T31] 2 locks held by syz-executor/13182: [ 486.057504][ T31] #0: ffffffff8f358170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 486.065811][ T31] #1: ffffffff8f357f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 486.074824][ T31] 2 locks held by syz-executor/13192: [ 486.080243][ T31] #0: ffffffff8f358170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 486.088629][ T31] #1: ffffffff8f357f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 486.097774][ T31] 2 locks held by syz-executor/13202: [ 486.103168][ T31] #0: ffffffff8f358170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 486.111567][ T31] #1: ffffffff8f357f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 486.120608][ T31] 2 locks held by syz-executor/13212: [ 486.126025][ T31] #0: ffffffff8f358170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 486.134352][ T31] #1: ffffffff8f357f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 486.143584][ T31] 2 locks held by syz-executor/13222: [ 486.149010][ T31] #0: ffffffff8f358170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 486.157272][ T31] #1: ffffffff8f357f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 486.166354][ T31] 2 locks held by syz-executor/13232: [ 486.171740][ T31] #0: ffffffff8f358170 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 486.180032][ T31] #1: ffffffff8f357f88 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 486.189092][ T31] [ 486.191434][ T31] ============================================= [ 486.191434][ T31] [ 486.200139][ T31] NMI backtrace for cpu 0 [ 486.200157][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc3-syzkaller-00618-gff61a4a5dfc2 #0 PREEMPT(full) [ 486.200202][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 486.200229][ T31] Call Trace: [ 486.200237][ T31] [ 486.200248][ T31] dump_stack_lvl+0x189/0x250 [ 486.200279][ T31] ? __wake_up_klogd+0xd9/0x110 [ 486.200305][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 486.200335][ T31] ? __pfx__printk+0x10/0x10 [ 486.200369][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 486.200395][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 486.200413][ T31] ? _printk+0xcf/0x120 [ 486.200438][ T31] ? __pfx__printk+0x10/0x10 [ 486.200461][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 486.200485][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 486.200510][ T31] watchdog+0xfee/0x1030 [ 486.200539][ T31] ? watchdog+0x1de/0x1030 [ 486.200573][ T31] kthread+0x70e/0x8a0 [ 486.200600][ T31] ? __pfx_watchdog+0x10/0x10 [ 486.200624][ T31] ? __pfx_kthread+0x10/0x10 [ 486.200649][ T31] ? __pfx_kthread+0x10/0x10 [ 486.200672][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 486.200694][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 486.200718][ T31] ? __pfx_kthread+0x10/0x10 [ 486.200740][ T31] ret_from_fork+0x4b/0x80 [ 486.200759][ T31] ? __pfx_kthread+0x10/0x10 [ 486.200783][ T31] ret_from_fork_asm+0x1a/0x30 [ 486.200819][ T31] [ 486.200827][ T31] Sending NMI from CPU 0 to CPUs 1: [ 486.348513][ C1] NMI backtrace for cpu 1 [ 486.348530][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.15.0-rc3-syzkaller-00618-gff61a4a5dfc2 #0 PREEMPT(full) [ 486.348549][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 486.348560][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 486.348584][ C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 bb 11 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 486.348598][ C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6 [ 486.348612][ C1] RAX: 3afefa9c8a67d100 RBX: ffffffff81973d78 RCX: 3afefa9c8a67d100 [ 486.348624][ C1] RDX: 0000000000000001 RSI: ffffffff8d74d8e8 RDI: ffffffff8bc1ca60 [ 486.348636][ C1] RBP: ffffc90000197f20 R08: ffff8880b8932b5b R09: 1ffff1101712656b [ 486.348648][ C1] R10: dffffc0000000000 R11: ffffed101712656c R12: ffffffff8f7f1870 [ 486.348660][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110037deb40 [ 486.348670][ C1] FS: 0000000000000000(0000) GS:ffff8881261c4000(0000) knlGS:0000000000000000 [ 486.348684][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 486.348694][ C1] CR2: 0000564170970088 CR3: 000000000dd36000 CR4: 00000000003526f0 [ 486.348709][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 486.348719][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 486.348729][ C1] Call Trace: [ 486.348736][ C1] [ 486.348742][ C1] default_idle+0x13/0x20 [ 486.348764][ C1] default_idle_call+0x74/0xb0 [ 486.348787][ C1] do_idle+0x1e8/0x510 [ 486.348805][ C1] ? __pfx_do_idle+0x10/0x10 [ 486.348828][ C1] cpu_startup_entry+0x44/0x60 [ 486.348843][ C1] start_secondary+0x101/0x110 [ 486.348857][ C1] common_startup_64+0x13e/0x147 [ 486.348887][ C1] [ 486.349606][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 486.534178][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc3-syzkaller-00618-gff61a4a5dfc2 #0 PREEMPT(full) [ 486.545998][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 486.556058][ T31] Call Trace: [ 486.559339][ T31] [ 486.562274][ T31] dump_stack_lvl+0x99/0x250 [ 486.566880][ T31] ? __asan_memcpy+0x40/0x70 [ 486.571475][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 486.576686][ T31] ? __pfx__printk+0x10/0x10 [ 486.581286][ T31] panic+0x2db/0x790 [ 486.585204][ T31] ? __pfx_panic+0x10/0x10 [ 486.589625][ T31] ? tick_nohz_tick_stopped+0x86/0xb0 [ 486.595013][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 486.600394][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 486.606561][ T31] watchdog+0x102d/0x1030 [ 486.610897][ T31] ? watchdog+0x1de/0x1030 [ 486.615344][ T31] kthread+0x70e/0x8a0 [ 486.619419][ T31] ? __pfx_watchdog+0x10/0x10 [ 486.624095][ T31] ? __pfx_kthread+0x10/0x10 [ 486.628687][ T31] ? __pfx_kthread+0x10/0x10 [ 486.633276][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 486.638469][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 486.643665][ T31] ? __pfx_kthread+0x10/0x10 [ 486.648280][ T31] ret_from_fork+0x4b/0x80 [ 486.652712][ T31] ? __pfx_kthread+0x10/0x10 [ 486.657316][ T31] ret_from_fork_asm+0x1a/0x30 [ 486.662104][ T31] [ 486.665473][ T31] Kernel Offset: disabled [ 486.669818][ T31] Rebooting in 86400 seconds..