last executing test programs: 1.78156516s ago: executing program 0 (id=318): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="680000001000010026bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="8427000000000000140003006e657464657673696d3000000000000034001680300001802c000c802800010081ffffff"], 0x68}, 0x1, 0x0, 0x0, 0x20000084}, 0x4800) 1.686287647s ago: executing program 2 (id=319): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0x4080}, 0x8000) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x6}, {0xfff1, 0xffff}, {0x1b6dd91e85e94ce1}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@delchain={0x24, 0x2e, 0x3, 0x0, 0x3, {0x0, 0x0, 0x0, r3, {0xfff2, 0x7}, {0xfff3, 0xffff}, {0x7, 0xe}}}, 0x24}}, 0x0) 1.642011465s ago: executing program 3 (id=320): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x47, 0xfffffffffffffffe, 0xe5) 1.52634935s ago: executing program 4 (id=322): socket$nl_generic(0x10, 0x3, 0x10) socket$inet(0x2, 0x3, 0x2) socket(0x1, 0x803, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x43}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x76}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6}, 0x70) socket$netlink(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-224-generic\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES16=r1], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 1.511779457s ago: executing program 2 (id=323): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0xa, [@enum={0x8}]}, {0x0, [0x61, 0x2e, 0x0, 0x0, 0x0, 0x30, 0x61, 0x5f]}}, 0x0, 0x2e, 0x0, 0x1, 0x2}, 0x28) 1.34730924s ago: executing program 3 (id=324): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x4, 0xffffffff, 0xfffffff8, 0xfffffffc}, 0x10) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="240000001a0001000600000000000000023020"], 0x24}}, 0x48010) 1.347094952s ago: executing program 0 (id=325): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000300)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f00000000c0)="8033", 0x2, 0x40801, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f00000006c0)='\r', 0x1}], 0x1}}], 0x1, 0x40091) sendto$inet(r0, &(0x7f0000000100)="bbe3429b", 0x4, 0x8000, 0x0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000002240)=""/4096, 0x1000, 0x0, 0x0}, &(0x7f0000000040)=0x40) 1.270267343s ago: executing program 1 (id=326): unshare(0x400) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x1a, 0x4, 0x0, 0x1, 0x8000, 0x1, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x4}, 0x50) 1.21194329s ago: executing program 2 (id=327): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x34, 0x10, 0x40d, 0x70bd25, 0x25ffdbfc, {0x0, 0x0, 0x0, 0x0, 0x10}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.171284179s ago: executing program 3 (id=328): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @local}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xac}}, 0x0) 1.170867065s ago: executing program 4 (id=329): r0 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10) sendmmsg$inet(r0, &(0x7f0000003e00)=[{{&(0x7f0000002a00)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10, 0x0, 0x0, &(0x7f0000004c80)=[@ip_ttl={{0x14, 0x0, 0x2, 0x3}}], 0x18}}], 0x1, 0x0) 1.018366613s ago: executing program 0 (id=330): r0 = socket$inet(0xa, 0x801, 0x84) listen(r0, 0x2) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600030000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1) 1.017985751s ago: executing program 1 (id=331): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket(0x23, 0x80805, 0x0) listen(r1, 0x0) ppoll(&(0x7f0000000140)=[{r1, 0x80}, {r0, 0x348d}], 0x2, 0x0, 0x0, 0x0) 937.105509ms ago: executing program 3 (id=332): socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10) bind$tipc(r1, 0x0, 0x0) sendmsg$tipc(r0, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41, 0x4}}}, 0x10, 0x0}, 0x40) 851.574333ms ago: executing program 4 (id=333): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r1) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000880)={0x4c, r2, 0x1, 0x70bd25, 0x25dfdc01, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @private2={0xfc, 0x2, '\x00', 0x1}}, @NLBL_MGMT_A_DOMAIN={0x8, 0x1, 'GPL\x00'}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000081}, 0x4c000) 798.412223ms ago: executing program 1 (id=334): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a64000000060a09040000000000000000020000033800048020000180080001006c6f67001400028006000140000400000800034000000008140001800c000100636f756e74657200040002800900010073797a30000000000900020073797a32"], 0x8c}, 0x1, 0x0, 0x0, 0x40010}, 0x0) 786.867605ms ago: executing program 2 (id=335): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x5c}}, 0x0) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x4, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) 758.976682ms ago: executing program 0 (id=336): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000840)="ebe3a0e9796cfd16471805f4e376fdba128280b372219d205e81f4bc8b9e8e3182363c7aa43ecc3494a7f71c1926aae1ef5da2054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb0958730", 0x5a}, {&(0x7f0000000600)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722", 0x44}], 0x3}], 0x1, 0x0) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f00000002c0)=""/92, 0x5c}], 0x2}, 0x0) 630.344557ms ago: executing program 3 (id=337): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000840)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0x0, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x7, 0x800, 0x3, 0x4, 0xfffffffd}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x4004810) ioctl$SIOCAX25GETINFO(r5, 0x89ed, &(0x7f0000000140)) 550.785503ms ago: executing program 4 (id=338): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000300), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x32) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, 0x0, 0x0, 0x4}, 0x94) sendmsg$L2TP_CMD_TUNNEL_DELETE(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010028bd7000fcdbdf25020000000800090002"], 0x1c}}, 0x20000050) 541.660755ms ago: executing program 2 (id=339): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg(r0, &(0x7f0000000640)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000200)='$', 0x1}], 0x1, &(0x7f0000001a80)=ANY=[], 0xc}}], 0x1, 0x4004804) 521.337631ms ago: executing program 1 (id=340): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f00000000c0), r0) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)={0x24, r1, 0x209, 0x0, 0x0, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e20}]}, 0x24}}, 0x0) syz_emit_ethernet(0x37, &(0x7f00000006c0)={@local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x29, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x100, 0x4e20, 0x15, 0x0, @gue={{0x2, 0x1, 0x0, 0xc0, 0x100}, "1228fefbd1"}}}}}}, 0x0) 450.440452ms ago: executing program 0 (id=341): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_FLUSH(r0, 0x0, 0xd1, &(0x7f0000000000)=0x6, 0x4) setsockopt$MRT_DONE(r0, 0x0, 0xc9, 0x0, 0x0) 305.411377ms ago: executing program 1 (id=342): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x40, r1, 0x1, 0x4, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x2}, @NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x40}}, 0x0) 285.37134ms ago: executing program 2 (id=343): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x1, 0x81, 0xc}}}}]}, 0x44}}, 0x44080) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=@newqdisc={0x34, 0x24, 0xd0f, 0x70bd25, 0x0, {0x60, 0x0, 0x0, r2, {}, {0x9, 0xa}, {0x0, 0x15}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000) 222.311006ms ago: executing program 0 (id=344): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r0, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) shutdown(r0, 0x1) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000040)={r2, 0x7fff}, 0x8) 222.012212ms ago: executing program 3 (id=345): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r1) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x14, r2, 0x100, 0x70bd27, 0x25dfdbfe, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x24000050}, 0x8000) sendmsg$alg(r1, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) 221.839229ms ago: executing program 4 (id=346): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x4000000) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9c000000", @ANYRES16=r1, @ANYBLOB="050000000000fbdbdf250f00000008000300", @ANYRES32=r2, @ANYBLOB="4c000e0080000000ffffffffffff080211000000ffffffffffff00000000000000000000a8011102000601010101010101000301ae25030024042a01013c04000724007107000000010006080f000f0072060303030303032a010200080026006c09000008000c006400000008000d00000000000c005a800400010400038032f68f9d54edef78fc742869cc373e8d97"], 0x9c}}, 0x40000) 17.950921ms ago: executing program 1 (id=347): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f00000005c0)=@newsa={0x184, 0x10, 0x1, 0x0, 0x0, {{@in=@local, @in=@loopback, 0x0, 0x0, 0x1ffd, 0x200, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@mcast1, 0x4d2, 0x6c}, @in=@multicast1, {0x0, 0x0, 0x0, 0xfffffff7fffffffd, 0xfffffffffffffffe}, {0x80000000, 0x4, 0x3, 0x6}, {}, 0x0, 0x0, 0xa, 0x3, 0x6, 0x46}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @algo_aead={0x4c, 0x12, {{'morus1280-generic\x00'}, 0x0, 0x40}}]}, 0x184}, 0x1, 0x0, 0x0, 0x4004050}, 0x20000080) 0s ago: executing program 4 (id=348): r0 = socket(0x28, 0x5, 0x0) setsockopt$sock_linger(r0, 0x28, 0xd, &(0x7f0000000140)={0x1, 0x9}, 0x8) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.8' (ED25519) to the list of known hosts. [ 80.980443][ T5836] cgroup: Unknown subsys name 'net' [ 81.147884][ T5836] cgroup: Unknown subsys name 'cpuset' [ 81.156776][ T5836] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.861011][ T5836] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.399525][ T5854] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.408276][ T5854] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.416058][ T5854] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.425670][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.434079][ T5866] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.442163][ T5866] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.450420][ T5866] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 86.459445][ T5866] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.467536][ T5866] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.475252][ T5866] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 86.483924][ T5866] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.492062][ T5866] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.500147][ T5866] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 86.510230][ T5866] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.518462][ T5866] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.526565][ T5866] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 86.537001][ T5860] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.537798][ T5866] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.546797][ T5867] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.564847][ T5866] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.572757][ T5867] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.582533][ T5866] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.594531][ T5869] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.602668][ T5869] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.604405][ T5867] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 87.418829][ T5863] chnl_net:caif_netlink_parms(): no params data found [ 87.487663][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 87.612698][ T5847] chnl_net:caif_netlink_parms(): no params data found [ 87.645697][ T5858] chnl_net:caif_netlink_parms(): no params data found [ 87.781362][ T5863] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.789332][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.796892][ T5863] bridge_slave_0: entered allmulticast mode [ 87.804871][ T5863] bridge_slave_0: entered promiscuous mode [ 87.849464][ T5848] chnl_net:caif_netlink_parms(): no params data found [ 87.868630][ T5863] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.876310][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.883429][ T5863] bridge_slave_1: entered allmulticast mode [ 87.890810][ T5863] bridge_slave_1: entered promiscuous mode [ 87.909685][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.916868][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.924422][ T5846] bridge_slave_0: entered allmulticast mode [ 87.931493][ T5846] bridge_slave_0: entered promiscuous mode [ 87.996392][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.003709][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.011409][ T5846] bridge_slave_1: entered allmulticast mode [ 88.018846][ T5846] bridge_slave_1: entered promiscuous mode [ 88.048437][ T5863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.060301][ T5863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.201778][ T5863] team0: Port device team_slave_0 added [ 88.222165][ T5858] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.229669][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.237260][ T5858] bridge_slave_0: entered allmulticast mode [ 88.244875][ T5858] bridge_slave_0: entered promiscuous mode [ 88.252860][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.260637][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.267990][ T5858] bridge_slave_1: entered allmulticast mode [ 88.275308][ T5858] bridge_slave_1: entered promiscuous mode [ 88.286906][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.326180][ T5863] team0: Port device team_slave_1 added [ 88.332275][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.339659][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.346986][ T5847] bridge_slave_0: entered allmulticast mode [ 88.354405][ T5847] bridge_slave_0: entered promiscuous mode [ 88.380405][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.390448][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.397764][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.405456][ T5848] bridge_slave_0: entered allmulticast mode [ 88.412620][ T5848] bridge_slave_0: entered promiscuous mode [ 88.431982][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.439270][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.446626][ T5847] bridge_slave_1: entered allmulticast mode [ 88.453778][ T5847] bridge_slave_1: entered promiscuous mode [ 88.503719][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.511746][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.519109][ T5848] bridge_slave_1: entered allmulticast mode [ 88.526745][ T5848] bridge_slave_1: entered promiscuous mode [ 88.564230][ T5858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.576419][ T5846] team0: Port device team_slave_0 added [ 88.585588][ T51] Bluetooth: hci3: command tx timeout [ 88.585952][ T5858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.591223][ T51] Bluetooth: hci4: command tx timeout [ 88.639975][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.647006][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.664588][ T51] Bluetooth: hci1: command tx timeout [ 88.673124][ T5866] Bluetooth: hci2: command tx timeout [ 88.682137][ T51] Bluetooth: hci0: command tx timeout [ 88.684514][ T5863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.713532][ T5846] team0: Port device team_slave_1 added [ 88.736273][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.746708][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.753691][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.780131][ T5863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.793754][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.832658][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.852477][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.875424][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.882393][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.909234][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.922986][ T5858] team0: Port device team_slave_0 added [ 88.932393][ T5858] team0: Port device team_slave_1 added [ 88.966097][ T5848] team0: Port device team_slave_0 added [ 88.975200][ T5848] team0: Port device team_slave_1 added [ 88.993613][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.001336][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.027729][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.115820][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.122803][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.149637][ T5858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.190929][ T5847] team0: Port device team_slave_0 added [ 89.198434][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.205939][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.232524][ T5858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.253159][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.260202][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.286944][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.304825][ T5863] hsr_slave_0: entered promiscuous mode [ 89.311404][ T5863] hsr_slave_1: entered promiscuous mode [ 89.320220][ T5847] team0: Port device team_slave_1 added [ 89.379105][ T5846] hsr_slave_0: entered promiscuous mode [ 89.385765][ T5846] hsr_slave_1: entered promiscuous mode [ 89.391962][ T5846] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.400164][ T5846] Cannot create hsr debugfs directory [ 89.406486][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.413427][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.440097][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.472658][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.479749][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.506514][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.584789][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.591780][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.618081][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.669490][ T5858] hsr_slave_0: entered promiscuous mode [ 89.676389][ T5858] hsr_slave_1: entered promiscuous mode [ 89.682459][ T5858] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.690163][ T5858] Cannot create hsr debugfs directory [ 89.730866][ T5848] hsr_slave_0: entered promiscuous mode [ 89.737454][ T5848] hsr_slave_1: entered promiscuous mode [ 89.743449][ T5848] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.751083][ T5848] Cannot create hsr debugfs directory [ 89.991198][ T5847] hsr_slave_0: entered promiscuous mode [ 89.999456][ T5847] hsr_slave_1: entered promiscuous mode [ 90.006159][ T5847] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.014386][ T5847] Cannot create hsr debugfs directory [ 90.444986][ T5863] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 90.459095][ T5863] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 90.479976][ T5863] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 90.501088][ T5863] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 90.563299][ T5848] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 90.602653][ T5848] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 90.627440][ T5848] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 90.640771][ T5848] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 90.674126][ T51] Bluetooth: hci4: command tx timeout [ 90.674371][ T5867] Bluetooth: hci3: command tx timeout [ 90.735974][ T5858] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 90.743969][ T5867] Bluetooth: hci2: command tx timeout [ 90.744455][ T51] Bluetooth: hci1: command tx timeout [ 90.749479][ T5867] Bluetooth: hci0: command tx timeout [ 90.787487][ T5858] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 90.802894][ T5858] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 90.828240][ T5858] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 90.952326][ T5846] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 90.968432][ T5846] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 90.987268][ T5846] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.008492][ T5846] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 91.080042][ T5863] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.108360][ T5847] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 91.122118][ T5847] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 91.138534][ T5847] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 91.151340][ T5847] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 91.227214][ T5863] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.252951][ T3479] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.260253][ T3479] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.291670][ T3479] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.298932][ T3479] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.339160][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.421476][ T5848] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.479112][ T3552] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.486400][ T3552] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.507173][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.529059][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.536321][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.619958][ T5858] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.668310][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.722139][ T3479] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.729327][ T3479] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.761520][ T3479] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.768808][ T3479] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.839995][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.890774][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.931256][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.938518][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.952073][ T3090] cfg80211: failed to load regulatory.db [ 91.963471][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.970700][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.062456][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.097363][ T1319] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.104603][ T1319] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.145643][ T1319] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.152762][ T1319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.222099][ T5863] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.303235][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.568269][ T5848] veth0_vlan: entered promiscuous mode [ 92.581592][ T5863] veth0_vlan: entered promiscuous mode [ 92.640021][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.701175][ T5863] veth1_vlan: entered promiscuous mode [ 92.735195][ T5848] veth1_vlan: entered promiscuous mode [ 92.753643][ T5867] Bluetooth: hci3: command tx timeout [ 92.759276][ T5866] Bluetooth: hci4: command tx timeout [ 92.825306][ T5867] Bluetooth: hci0: command tx timeout [ 92.830773][ T5867] Bluetooth: hci1: command tx timeout [ 92.836756][ T5866] Bluetooth: hci2: command tx timeout [ 92.882249][ T5858] veth0_vlan: entered promiscuous mode [ 92.938946][ T5858] veth1_vlan: entered promiscuous mode [ 92.964715][ T5848] veth0_macvtap: entered promiscuous mode [ 92.988121][ T5863] veth0_macvtap: entered promiscuous mode [ 93.002919][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.012799][ T5848] veth1_macvtap: entered promiscuous mode [ 93.039346][ T5863] veth1_macvtap: entered promiscuous mode [ 93.062008][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.120217][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.148211][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.160672][ T5858] veth0_macvtap: entered promiscuous mode [ 93.204597][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.212413][ T5858] veth1_macvtap: entered promiscuous mode [ 93.246654][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.285391][ T3535] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.303238][ T3535] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.330388][ T3535] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.361483][ T3535] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.370505][ T3535] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.383149][ T3535] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.395335][ T5846] veth0_vlan: entered promiscuous mode [ 93.416452][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.444386][ T3535] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.471999][ T1319] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.499748][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.513760][ T5846] veth1_vlan: entered promiscuous mode [ 93.587594][ T36] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.599115][ T36] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.631899][ T36] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.641934][ T36] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.703619][ T5846] veth0_macvtap: entered promiscuous mode [ 93.741139][ T1319] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.757876][ T5846] veth1_macvtap: entered promiscuous mode [ 93.765422][ T1319] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.810613][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.828045][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.841324][ T5847] veth0_vlan: entered promiscuous mode [ 93.881264][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.896283][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.916961][ T5847] veth1_vlan: entered promiscuous mode [ 93.934647][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.986786][ T3479] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.999808][ T3479] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.023714][ T5863] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 94.040326][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.089739][ T3479] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.118410][ T3479] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.155044][ T49] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.177957][ T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.219544][ T5847] veth0_macvtap: entered promiscuous mode [ 94.231426][ T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.250530][ T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.269284][ T3479] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.280091][ T5847] veth1_macvtap: entered promiscuous mode [ 94.286973][ T3479] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.457939][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.497556][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.562613][ T5976] netlink: 'syz.1.2': attribute type 13 has an invalid length. [ 94.598219][ T5976] netlink: 'syz.1.2': attribute type 17 has an invalid length. [ 94.606984][ T3522] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.824760][ T5867] Bluetooth: hci3: command tx timeout [ 94.830233][ T5867] Bluetooth: hci4: command tx timeout [ 94.855824][ T5976] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 94.904725][ T5866] Bluetooth: hci1: command tx timeout [ 94.907322][ T51] Bluetooth: hci2: command tx timeout [ 94.910428][ T5867] Bluetooth: hci0: command tx timeout [ 94.945547][ T3522] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.949670][ T5976] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 94.990566][ T5988] netlink: 'syz.3.4': attribute type 13 has an invalid length. [ 95.019688][ T3535] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.036527][ T3522] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.057122][ T3535] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.069923][ T3522] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.072959][ T5988] netlink: 'syz.3.4': attribute type 17 has an invalid length. [ 95.096807][ T5986] Illegal XDP return value 4294967274 on prog (id 4) dev N/A, expect packet loss! [ 95.458560][ T5988] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 95.483414][ T5996] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 95.604068][ T3522] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.636248][ T3522] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.720427][ T5979] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 95.912189][ T5974] syz.1.2 (5974) used greatest stack depth: 19048 bytes left [ 95.921427][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.954122][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.970773][ T6004] netlink: 44 bytes leftover after parsing attributes in process `syz.2.9'. [ 96.059411][ T6004] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.093862][ T6004] bridge0: port 2(bridge_slave_1) entered disabled state [ 96.252686][ T6010] netlink: 14 bytes leftover after parsing attributes in process `syz.1.11'. [ 96.370052][ T6013] Zero length message leads to an empty skb [ 96.740005][ T6007] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 96.792296][ T6007] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 97.150542][ T1319] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.170254][ T1319] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.324536][ T6041] netlink: 28 bytes leftover after parsing attributes in process `syz.0.13'. [ 97.336276][ T6041] netlink: 28 bytes leftover after parsing attributes in process `syz.0.13'. [ 97.387498][ T6010] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 97.400235][ T6010] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 97.411588][ T6010] bond0 (unregistering): Released all slaves [ 97.440616][ T3479] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.602150][ T3479] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.642062][ T3479] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.676589][ T36] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.814902][ T6065] netlink: 'syz.4.20': attribute type 13 has an invalid length. [ 98.848403][ T6065] netlink: 'syz.4.20': attribute type 17 has an invalid length. [ 99.022284][ T6082] syz.3.24 uses obsolete (PF_INET,SOCK_PACKET) [ 99.158343][ T6065] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 99.203412][ T6076] warning: `syz.3.24' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 99.303240][ T6080] netlink: 'syz.1.26': attribute type 13 has an invalid length. [ 99.325498][ T6080] netlink: 'syz.1.26': attribute type 17 has an invalid length. [ 99.477383][ T6080] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 99.535286][ T6065] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 99.710163][ T6087] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 99.977305][ T6079] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 100.173634][ T6113] veth0: entered promiscuous mode [ 100.791523][ T6112] veth0: left promiscuous mode [ 100.835282][ T6135] netlink: 28 bytes leftover after parsing attributes in process `syz.4.38'. [ 101.065379][ T6144] netlink: 36 bytes leftover after parsing attributes in process `syz.2.41'. [ 101.130182][ T6149] netlink: 'syz.0.42': attribute type 11 has an invalid length. [ 101.782842][ T6170] netlink: 'syz.0.47': attribute type 13 has an invalid length. [ 101.795803][ T6170] netlink: 'syz.0.47': attribute type 17 has an invalid length. [ 101.814938][ T6168] netlink: 'syz.3.46': attribute type 13 has an invalid length. [ 101.830210][ T6168] netlink: 'syz.3.46': attribute type 17 has an invalid length. [ 101.982537][ T6170] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 102.059550][ T6168] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 102.096411][ T6183] netlink: 'syz.1.50': attribute type 13 has an invalid length. [ 102.130453][ T6183] netlink: 'syz.1.50': attribute type 17 has an invalid length. [ 102.211405][ T6186] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 102.245836][ T6188] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 102.357620][ T6194] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 102.411064][ T6195] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 102.450106][ T6183] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 102.461922][ T6168] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 102.552579][ T6170] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 102.850029][ T6181] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 102.851649][ T6198] veth0: entered promiscuous mode [ 103.032488][ T6205] FAULT_INJECTION: forcing a failure. [ 103.032488][ T6205] name failslab, interval 1, probability 0, space 0, times 1 [ 103.046187][ T6205] CPU: 1 UID: 0 PID: 6205 Comm: syz.2.53 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) [ 103.046215][ T6205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 103.046226][ T6205] Call Trace: [ 103.046235][ T6205] [ 103.046242][ T6205] dump_stack_lvl+0x189/0x250 [ 103.046274][ T6205] ? __pfx____ratelimit+0x10/0x10 [ 103.046301][ T6205] ? __pfx_dump_stack_lvl+0x10/0x10 [ 103.046324][ T6205] ? __pfx__printk+0x10/0x10 [ 103.046353][ T6205] ? __pfx___might_resched+0x10/0x10 [ 103.046377][ T6205] ? fs_reclaim_acquire+0x7d/0x100 [ 103.046411][ T6205] should_fail_ex+0x414/0x560 [ 103.046447][ T6205] should_failslab+0xa8/0x100 [ 103.046476][ T6205] kmem_cache_alloc_noprof+0x73/0x3c0 [ 103.046501][ T6205] ? __anon_vma_prepare+0x117/0x4a0 [ 103.046535][ T6205] __anon_vma_prepare+0x117/0x4a0 [ 103.046561][ T6205] ? __pte_alloc+0x15e/0x1a0 [ 103.046594][ T6205] __handle_mm_fault+0x4d02/0x5620 [ 103.046641][ T6205] ? __pfx___handle_mm_fault+0x10/0x10 [ 103.046688][ T6205] ? find_vma+0xe7/0x160 [ 103.046712][ T6205] ? __pfx_find_vma+0x10/0x10 [ 103.046738][ T6205] handle_mm_fault+0x40a/0x8e0 [ 103.046774][ T6205] do_user_addr_fault+0x764/0x1390 [ 103.046812][ T6205] exc_page_fault+0x76/0xf0 [ 103.046840][ T6205] asm_exc_page_fault+0x26/0x30 [ 103.046859][ T6205] RIP: 0010:__put_user_4+0xd/0x20 [ 103.046886][ T6205] Code: 66 89 01 31 c9 0f 01 ca e9 40 3b 03 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca e9 17 3b 03 00 90 90 90 90 90 90 90 90 90 90 [ 103.046902][ T6205] RSP: 0018:ffffc9000be17578 EFLAGS: 00050206 [ 103.046920][ T6205] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00002000000011c0 [ 103.046934][ T6205] RDX: dffffc0000000000 RSI: ffffffff8db89bbe RDI: ffffffff8be28f80 [ 103.046948][ T6205] RBP: ffffc9000be176f0 R08: 0000000000000000 R09: ffffffff820c5770 [ 103.046961][ T6205] R10: dffffc0000000000 R11: fffffbfff1f440bf R12: 0000000000000000 [ 103.046975][ T6205] R13: ffffffff8f5e9668 R14: 1ffff920017c2eb4 R15: ffff88801b74b600 [ 103.046996][ T6205] ? __might_fault+0xb0/0x130 [ 103.047032][ T6205] sk_ioctl+0x406/0x600 [ 103.047072][ T6205] ? __pfx_sk_ioctl+0x10/0x10 [ 103.047111][ T6205] ? __lock_acquire+0xab9/0xd20 [ 103.047153][ T6205] inet_ioctl+0x416/0x4c0 [ 103.047180][ T6205] ? __pfx_inet_ioctl+0x10/0x10 [ 103.047206][ T6205] ? is_bpf_text_address+0x292/0x2b0 [ 103.047229][ T6205] ? is_bpf_text_address+0x26/0x2b0 [ 103.047283][ T6205] sock_do_ioctl+0xd9/0x300 [ 103.047310][ T6205] ? __pfx_sock_do_ioctl+0x10/0x10 [ 103.047343][ T6205] ? kasan_save_track+0x4f/0x80 [ 103.047364][ T6205] ? kasan_save_track+0x3e/0x80 [ 103.047382][ T6205] ? kasan_save_free_info+0x46/0x50 [ 103.047408][ T6205] ? __kasan_slab_free+0x62/0x70 [ 103.047434][ T6205] sock_ioctl+0x576/0x790 [ 103.047458][ T6205] ? __pfx_sock_ioctl+0x10/0x10 [ 103.047496][ T6205] ? __pfx_sock_ioctl+0x10/0x10 [ 103.047516][ T6205] do_vfs_ioctl+0x1256/0x1990 [ 103.047542][ T6205] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 103.047572][ T6205] ? kasan_quarantine_put+0xdd/0x220 [ 103.047606][ T6205] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 103.047637][ T6205] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 103.047665][ T6205] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 103.047691][ T6205] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 103.047720][ T6205] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 103.047769][ T6205] ? __lock_acquire+0xab9/0xd20 [ 103.047813][ T6205] ? __fget_files+0x2a/0x420 [ 103.047845][ T6205] ? __fget_files+0x2a/0x420 [ 103.047871][ T6205] ? __fget_files+0x3a0/0x420 [ 103.047897][ T6205] ? __fget_files+0x2a/0x420 [ 103.047928][ T6205] ? bpf_lsm_file_ioctl+0x9/0x20 [ 103.047954][ T6205] __se_sys_ioctl+0x82/0x170 [ 103.047980][ T6205] do_syscall_64+0xfa/0x3b0 [ 103.048005][ T6205] ? lockdep_hardirqs_on+0x9c/0x150 [ 103.048030][ T6205] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.048058][ T6205] ? clear_bhb_loop+0x60/0xb0 [ 103.048083][ T6205] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.048102][ T6205] RIP: 0033:0x7f281478e929 [ 103.048120][ T6205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 103.048136][ T6205] RSP: 002b:00007f28156e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 103.048157][ T6205] RAX: ffffffffffffffda RBX: 00007f28149b5fa0 RCX: 00007f281478e929 [ 103.048171][ T6205] RDX: 00002000000011c0 RSI: 000000000000541b RDI: 0000000000000003 [ 103.048183][ T6205] RBP: 00007f28156e3090 R08: 0000000000000000 R09: 0000000000000000 [ 103.048195][ T6205] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 103.048206][ T6205] R13: 0000000000000000 R14: 00007f28149b5fa0 R15: 00007ffd000ab728 [ 103.048239][ T6205] [ 103.593164][ T6197] veth0: left promiscuous mode [ 104.397721][ T6237] netlink: 'syz.3.64': attribute type 1 has an invalid length. [ 104.607357][ T6242] netlink: 'syz.4.62': attribute type 6 has an invalid length. [ 104.722023][ T6242] netlink: 'syz.4.62': attribute type 7 has an invalid length. [ 104.822338][ T6243] veth0: entered promiscuous mode [ 105.073386][ T6257] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 105.094421][ T6257] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 105.131882][ T6257] netlink: 8 bytes leftover after parsing attributes in process `syz.0.68'. [ 105.538036][ T6241] veth0: left promiscuous mode [ 105.588216][ T6264] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 105.969314][ T6267] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 106.038750][ T6267] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 106.111298][ T6264] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 112.596377][ T6291] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 112.946819][ T6304] netlink: 8 bytes leftover after parsing attributes in process `syz.3.85'. [ 112.965281][ T6304] netlink: 24 bytes leftover after parsing attributes in process `syz.3.85'. [ 113.193503][ T6306] validate_nla: 3 callbacks suppressed [ 113.193523][ T6306] netlink: 'syz.0.86': attribute type 1 has an invalid length. [ 113.366955][ T6312] netlink: 'syz.1.87': attribute type 13 has an invalid length. [ 113.404363][ T6312] netlink: 'syz.1.87': attribute type 17 has an invalid length. [ 113.487216][ T6312] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 113.617607][ T6312] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 113.750931][ T6332] netlink: 28 bytes leftover after parsing attributes in process `syz.3.96'. [ 113.761132][ T6332] netlink: 60 bytes leftover after parsing attributes in process `syz.3.96'. [ 113.780229][ T6326] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 113.882035][ T6312] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 114.034961][ T6335] syzkaller1: entered promiscuous mode [ 114.054036][ T6335] syzkaller1: entered allmulticast mode [ 118.923703][ T6373] netlink: 40 bytes leftover after parsing attributes in process `syz.1.110'. [ 119.356531][ T6391] FAULT_INJECTION: forcing a failure. [ 119.356531][ T6391] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 119.409717][ T6391] CPU: 1 UID: 0 PID: 6391 Comm: syz.2.118 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) [ 119.409747][ T6391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 119.409758][ T6391] Call Trace: [ 119.409766][ T6391] [ 119.409775][ T6391] dump_stack_lvl+0x189/0x250 [ 119.409804][ T6391] ? __pfx____ratelimit+0x10/0x10 [ 119.409829][ T6391] ? __pfx_dump_stack_lvl+0x10/0x10 [ 119.409853][ T6391] ? __pfx__printk+0x10/0x10 [ 119.409879][ T6391] ? __might_fault+0xb0/0x130 [ 119.409917][ T6391] should_fail_ex+0x414/0x560 [ 119.409952][ T6391] _copy_from_user+0x2d/0xb0 [ 119.409976][ T6391] ___sys_sendmsg+0x158/0x2a0 [ 119.410009][ T6391] ? __pfx____sys_sendmsg+0x10/0x10 [ 119.410080][ T6391] ? __fget_files+0x2a/0x420 [ 119.410106][ T6391] ? __fget_files+0x3a0/0x420 [ 119.410142][ T6391] __x64_sys_sendmsg+0x19b/0x260 [ 119.410163][ T6391] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 119.410205][ T6391] ? __pfx_ksys_write+0x10/0x10 [ 119.410234][ T6391] ? do_syscall_64+0xbe/0x3b0 [ 119.410264][ T6391] do_syscall_64+0xfa/0x3b0 [ 119.410288][ T6391] ? lockdep_hardirqs_on+0x9c/0x150 [ 119.410313][ T6391] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.410332][ T6391] ? clear_bhb_loop+0x60/0xb0 [ 119.410356][ T6391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 119.410375][ T6391] RIP: 0033:0x7f281478e929 [ 119.410392][ T6391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 119.410408][ T6391] RSP: 002b:00007f28156c2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 119.410429][ T6391] RAX: ffffffffffffffda RBX: 00007f28149b6080 RCX: 00007f281478e929 [ 119.410443][ T6391] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000007 [ 119.410454][ T6391] RBP: 00007f28156c2090 R08: 0000000000000000 R09: 0000000000000000 [ 119.410465][ T6391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 119.410476][ T6391] R13: 0000000000000000 R14: 00007f28149b6080 R15: 00007ffd000ab728 [ 119.410510][ T6391] [ 119.462769][ T6392] netlink: 'syz.0.119': attribute type 13 has an invalid length. [ 119.640410][ T6392] netlink: 'syz.0.119': attribute type 17 has an invalid length. [ 119.722489][ T6392] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 119.864863][ T6408] netlink: 20 bytes leftover after parsing attributes in process `syz.1.124'. [ 119.893257][ T6408] netlink: 32 bytes leftover after parsing attributes in process `syz.1.124'. [ 119.894041][ T6392] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 119.960721][ T6402] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 120.085897][ T6392] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 120.376297][ T6424] FAULT_INJECTION: forcing a failure. [ 120.376297][ T6424] name failslab, interval 1, probability 0, space 0, times 0 [ 120.398886][ T6424] CPU: 0 UID: 0 PID: 6424 Comm: syz.4.130 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) [ 120.398917][ T6424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 120.398928][ T6424] Call Trace: [ 120.398936][ T6424] [ 120.398944][ T6424] dump_stack_lvl+0x189/0x250 [ 120.398974][ T6424] ? __pfx____ratelimit+0x10/0x10 [ 120.398999][ T6424] ? __pfx_dump_stack_lvl+0x10/0x10 [ 120.399022][ T6424] ? __pfx__printk+0x10/0x10 [ 120.399056][ T6424] ? __pfx___might_resched+0x10/0x10 [ 120.399077][ T6424] ? fs_reclaim_acquire+0x7d/0x100 [ 120.399111][ T6424] should_fail_ex+0x414/0x560 [ 120.399144][ T6424] should_failslab+0xa8/0x100 [ 120.399173][ T6424] kmem_cache_alloc_noprof+0x73/0x3c0 [ 120.399196][ T6424] ? security_inode_alloc+0x39/0x330 [ 120.399220][ T6424] security_inode_alloc+0x39/0x330 [ 120.399242][ T6424] inode_init_always_gfp+0x9ed/0xdc0 [ 120.399275][ T6424] ? __pfx_sock_alloc_inode+0x10/0x10 [ 120.399297][ T6424] alloc_inode+0x82/0x1b0 [ 120.399329][ T6424] __sock_create+0x12d/0x9f0 [ 120.399364][ T6424] __sys_socket+0xd7/0x1b0 [ 120.399393][ T6424] __x64_sys_socket+0x7a/0x90 [ 120.399419][ T6424] do_syscall_64+0xfa/0x3b0 [ 120.399443][ T6424] ? lockdep_hardirqs_on+0x9c/0x150 [ 120.399467][ T6424] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.399486][ T6424] ? clear_bhb_loop+0x60/0xb0 [ 120.399510][ T6424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.399529][ T6424] RIP: 0033:0x7fb55878e929 [ 120.399557][ T6424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.399571][ T6424] RSP: 002b:00007fb55955a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 120.399591][ T6424] RAX: ffffffffffffffda RBX: 00007fb5589b5fa0 RCX: 00007fb55878e929 [ 120.399604][ T6424] RDX: 0000000000000002 RSI: 0000000000000003 RDI: 000000000000000f [ 120.399615][ T6424] RBP: 00007fb55955a090 R08: 0000000000000000 R09: 0000000000000000 [ 120.399627][ T6424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 120.399639][ T6424] R13: 0000000000000000 R14: 00007fb5589b5fa0 R15: 00007ffff9ed0678 [ 120.399670][ T6424] [ 120.399900][ T6424] socket: no more sockets [ 120.676277][ T6407] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 121.033015][ T6439] netlink: 'syz.3.135': attribute type 72 has an invalid length. [ 121.079603][ T6439] netlink: 8 bytes leftover after parsing attributes in process `syz.3.135'. [ 121.149428][ T6441] Bluetooth: MGMT ver 1.23 [ 121.193088][ T6445] netlink: 'syz.0.137': attribute type 4 has an invalid length. [ 121.261527][ T6447] netlink: 20 bytes leftover after parsing attributes in process `syz.0.137'. [ 121.420586][ T6455] netlink: 4 bytes leftover after parsing attributes in process `syz.4.141'. [ 121.720012][ T6460] netlink: 60 bytes leftover after parsing attributes in process `syz.3.143'. [ 121.777996][ T6466] netlink: 'syz.4.145': attribute type 1 has an invalid length. [ 121.952664][ T5867] Bluetooth: hci1: command 0x0c1a tx timeout [ 121.985851][ T6466] 8021q: adding VLAN 0 to HW filter on device bond1 [ 122.085626][ T6467] 8021q: adding VLAN 0 to HW filter on device bond1 [ 122.092790][ T6467] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 122.130372][ T6479] netlink: 'syz.0.148': attribute type 13 has an invalid length. [ 122.140202][ T6479] netlink: 'syz.0.148': attribute type 17 has an invalid length. [ 122.152181][ T6467] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 122.317395][ T6479] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 122.436625][ T6479] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 122.556506][ T6491] netlink: 'syz.4.151': attribute type 72 has an invalid length. [ 122.569264][ T6491] netlink: 8 bytes leftover after parsing attributes in process `syz.4.151'. [ 122.579724][ T6479] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 122.720621][ T6488] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 122.789973][ T6503] netlink: 'syz.3.154': attribute type 4 has an invalid length. [ 122.847293][ T6505] netlink: 20 bytes leftover after parsing attributes in process `syz.3.154'. [ 122.905212][ T6507] netlink: 4 bytes leftover after parsing attributes in process `syz.4.156'. [ 123.766059][ T6533] ªªªªªª: renamed from bond_slave_0 [ 124.102166][ T6554] netlink: 'syz.3.167': attribute type 72 has an invalid length. [ 124.154616][ T6554] __nla_validate_parse: 3 callbacks suppressed [ 124.154637][ T6554] netlink: 8 bytes leftover after parsing attributes in process `syz.3.167'. [ 124.364476][ T6561] netlink: 20 bytes leftover after parsing attributes in process `syz.1.170'. [ 124.505132][ T6568] netlink: 240 bytes leftover after parsing attributes in process `syz.3.174'. [ 124.690711][ T6572] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 124.805386][ T6582] netlink: 240 bytes leftover after parsing attributes in process `syz.4.177'. [ 124.881309][ T6576] validate_nla: 1 callbacks suppressed [ 124.881330][ T6576] netlink: 'syz.1.176': attribute type 13 has an invalid length. [ 124.907443][ T6582] FAULT_INJECTION: forcing a failure. [ 124.907443][ T6582] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 124.962715][ T6582] CPU: 0 UID: 0 PID: 6582 Comm: syz.4.177 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) [ 124.962746][ T6582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 124.962757][ T6582] Call Trace: [ 124.962765][ T6582] [ 124.962774][ T6582] dump_stack_lvl+0x189/0x250 [ 124.962805][ T6582] ? __pfx____ratelimit+0x10/0x10 [ 124.962831][ T6582] ? __pfx_dump_stack_lvl+0x10/0x10 [ 124.962855][ T6582] ? __pfx__printk+0x10/0x10 [ 124.962883][ T6582] ? __might_fault+0xb0/0x130 [ 124.962923][ T6582] should_fail_ex+0x414/0x560 [ 124.962959][ T6582] _copy_from_user+0x2d/0xb0 [ 124.962985][ T6582] sctp_getsockopt_default_prinfo+0xbe/0x550 [ 124.963019][ T6582] ? __pfx_sctp_getsockopt_default_prinfo+0x10/0x10 [ 124.963061][ T6582] sctp_getsockopt+0x6fd/0xb60 [ 124.963094][ T6582] do_sock_getsockopt+0x35d/0x650 [ 124.963130][ T6582] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 124.963158][ T6582] ? do_syscall_64+0x40/0x3b0 [ 124.963183][ T6582] ? __fget_files+0x3a0/0x420 [ 124.963210][ T6582] ? __fget_files+0x2a/0x420 [ 124.963245][ T6582] __x64_sys_getsockopt+0x1a5/0x250 [ 124.963275][ T6582] ? do_syscall_64+0x40/0x3b0 [ 124.963302][ T6582] ? do_syscall_64+0x40/0x3b0 [ 124.963333][ T6582] do_syscall_64+0xfa/0x3b0 [ 124.963356][ T6582] ? lockdep_hardirqs_on+0x9c/0x150 [ 124.963378][ T6582] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.963396][ T6582] ? clear_bhb_loop+0x60/0xb0 [ 124.963420][ T6582] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.963437][ T6582] RIP: 0033:0x7fb55878e929 [ 124.963454][ T6582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.963470][ T6582] RSP: 002b:00007fb55955a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 124.963490][ T6582] RAX: ffffffffffffffda RBX: 00007fb5589b5fa0 RCX: 00007fb55878e929 [ 124.963515][ T6582] RDX: 0000000000000072 RSI: 0000000000000084 RDI: 0000000000000004 [ 124.963527][ T6582] RBP: 00007fb55955a090 R08: 0000200000000080 R09: 0000000000000000 [ 124.963539][ T6582] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001 [ 124.963550][ T6582] R13: 0000000000000000 R14: 00007fb5589b5fa0 R15: 00007ffff9ed0678 [ 124.963582][ T6582] [ 124.965238][ T6576] netlink: 'syz.1.176': attribute type 17 has an invalid length. [ 125.024181][ T6592] netlink: 'syz.3.178': attribute type 10 has an invalid length. [ 125.304866][ T6576] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 125.359131][ T6592] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.367098][ T6592] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.429061][ T6592] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.436376][ T6592] bridge0: port 2(bridge_slave_1) entered forwarding state [ 125.444089][ T6592] bridge0: port 1(bridge_slave_0) entered blocking state [ 125.451295][ T6592] bridge0: port 1(bridge_slave_0) entered forwarding state [ 125.500519][ T6576] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 125.531109][ T6592] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 125.644191][ T6576] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 125.728659][ T6599] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 125.929714][ T6621] netlink: 48 bytes leftover after parsing attributes in process `syz.0.185'. [ 126.060790][ T6624] netlink: 'syz.2.187': attribute type 4 has an invalid length. [ 126.112337][ T6629] netlink: 20 bytes leftover after parsing attributes in process `syz.2.187'. [ 126.279229][ T6637] FAULT_INJECTION: forcing a failure. [ 126.279229][ T6637] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 126.303230][ T6637] CPU: 0 UID: 0 PID: 6637 Comm: syz.4.191 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) [ 126.303260][ T6637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 126.303271][ T6637] Call Trace: [ 126.303279][ T6637] [ 126.303288][ T6637] dump_stack_lvl+0x189/0x250 [ 126.303318][ T6637] ? __pfx____ratelimit+0x10/0x10 [ 126.303344][ T6637] ? __pfx_dump_stack_lvl+0x10/0x10 [ 126.303367][ T6637] ? __pfx__printk+0x10/0x10 [ 126.303394][ T6637] ? __might_fault+0xb0/0x130 [ 126.303433][ T6637] should_fail_ex+0x414/0x560 [ 126.303467][ T6637] _copy_from_user+0x2d/0xb0 [ 126.303493][ T6637] ___sys_sendmsg+0x158/0x2a0 [ 126.303527][ T6637] ? __pfx____sys_sendmsg+0x10/0x10 [ 126.303598][ T6637] ? __fget_files+0x2a/0x420 [ 126.303623][ T6637] ? __fget_files+0x3a0/0x420 [ 126.303659][ T6637] __x64_sys_sendmsg+0x19b/0x260 [ 126.303682][ T6637] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 126.303719][ T6637] ? __pfx_ksys_write+0x10/0x10 [ 126.303740][ T6637] ? rcu_is_watching+0x15/0xb0 [ 126.303767][ T6637] ? do_syscall_64+0xbe/0x3b0 [ 126.303809][ T6637] do_syscall_64+0xfa/0x3b0 [ 126.303832][ T6637] ? lockdep_hardirqs_on+0x9c/0x150 [ 126.303855][ T6637] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.303874][ T6637] ? clear_bhb_loop+0x60/0xb0 [ 126.303897][ T6637] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.303914][ T6637] RIP: 0033:0x7fb55878e929 [ 126.303933][ T6637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.303948][ T6637] RSP: 002b:00007fb55955a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 126.303969][ T6637] RAX: ffffffffffffffda RBX: 00007fb5589b5fa0 RCX: 00007fb55878e929 [ 126.303983][ T6637] RDX: 000000000404c080 RSI: 0000200000000040 RDI: 0000000000000004 [ 126.303995][ T6637] RBP: 00007fb55955a090 R08: 0000000000000000 R09: 0000000000000000 [ 126.304007][ T6637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 126.304018][ T6637] R13: 0000000000000000 R14: 00007fb5589b5fa0 R15: 00007ffff9ed0678 [ 126.304049][ T6637] [ 126.531237][ T6640] netlink: 'syz.2.192': attribute type 10 has an invalid length. [ 126.545111][ T6640] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 126.936408][ T6655] FAULT_INJECTION: forcing a failure. [ 126.936408][ T6655] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 126.982038][ T6651] netlink: 32 bytes leftover after parsing attributes in process `syz.0.195'. [ 126.989797][ T6655] CPU: 0 UID: 0 PID: 6655 Comm: syz.4.197 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) [ 126.989833][ T6655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 126.989843][ T6655] Call Trace: [ 126.989850][ T6655] [ 126.989858][ T6655] dump_stack_lvl+0x189/0x250 [ 126.989886][ T6655] ? __pfx____ratelimit+0x10/0x10 [ 126.989909][ T6655] ? __pfx_dump_stack_lvl+0x10/0x10 [ 126.989930][ T6655] ? __pfx__printk+0x10/0x10 [ 126.989954][ T6655] ? __might_fault+0xb0/0x130 [ 126.989987][ T6655] should_fail_ex+0x414/0x560 [ 126.990017][ T6655] _copy_from_user+0x2d/0xb0 [ 126.990040][ T6655] ___sys_sendmsg+0x158/0x2a0 [ 126.990070][ T6655] ? __pfx____sys_sendmsg+0x10/0x10 [ 126.990134][ T6655] ? __fget_files+0x2a/0x420 [ 126.990156][ T6655] ? __fget_files+0x3a0/0x420 [ 126.990190][ T6655] __x64_sys_sendmsg+0x19b/0x260 [ 126.990210][ T6655] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 126.990246][ T6655] ? __pfx_ksys_write+0x10/0x10 [ 126.990265][ T6655] ? rcu_is_watching+0x15/0xb0 [ 126.990291][ T6655] ? do_syscall_64+0xbe/0x3b0 [ 126.990317][ T6655] do_syscall_64+0xfa/0x3b0 [ 126.990338][ T6655] ? lockdep_hardirqs_on+0x9c/0x150 [ 126.990359][ T6655] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.990376][ T6655] ? clear_bhb_loop+0x60/0xb0 [ 126.990398][ T6655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.990415][ T6655] RIP: 0033:0x7fb55878e929 [ 126.990432][ T6655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 126.990446][ T6655] RSP: 002b:00007fb55955a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 126.990465][ T6655] RAX: ffffffffffffffda RBX: 00007fb5589b5fa0 RCX: 00007fb55878e929 [ 126.990478][ T6655] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 126.990488][ T6655] RBP: 00007fb55955a090 R08: 0000000000000000 R09: 0000000000000000 [ 126.990499][ T6655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 126.990509][ T6655] R13: 0000000000000000 R14: 00007fb5589b5fa0 R15: 00007ffff9ed0678 [ 126.990538][ T6655] [ 127.569861][ T6671] netlink: 48 bytes leftover after parsing attributes in process `syz.0.200'. [ 127.763621][ T6675] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 127.829187][ T6678] netlink: 96 bytes leftover after parsing attributes in process `syz.1.203'. [ 127.856684][ T6678] 8021q: VLANs not supported on sit0 [ 127.889637][ T6684] FAULT_INJECTION: forcing a failure. [ 127.889637][ T6684] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 127.925463][ T6684] CPU: 1 UID: 0 PID: 6684 Comm: syz.0.206 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) [ 127.925493][ T6684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 127.925503][ T6684] Call Trace: [ 127.925511][ T6684] [ 127.925520][ T6684] dump_stack_lvl+0x189/0x250 [ 127.925559][ T6684] ? __pfx____ratelimit+0x10/0x10 [ 127.925586][ T6684] ? __pfx_dump_stack_lvl+0x10/0x10 [ 127.925609][ T6684] ? __pfx__printk+0x10/0x10 [ 127.925637][ T6684] ? __might_fault+0xb0/0x130 [ 127.925674][ T6684] should_fail_ex+0x414/0x560 [ 127.925708][ T6684] _copy_from_user+0x2d/0xb0 [ 127.925733][ T6684] ___sys_sendmsg+0x158/0x2a0 [ 127.925768][ T6684] ? __pfx____sys_sendmsg+0x10/0x10 [ 127.925834][ T6684] ? __fget_files+0x2a/0x420 [ 127.925860][ T6684] ? __fget_files+0x3a0/0x420 [ 127.925897][ T6684] __x64_sys_sendmsg+0x19b/0x260 [ 127.925920][ T6684] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 127.925962][ T6684] ? __pfx_ksys_write+0x10/0x10 [ 127.925982][ T6684] ? rcu_is_watching+0x15/0xb0 [ 127.926012][ T6684] ? do_syscall_64+0xbe/0x3b0 [ 127.926043][ T6684] do_syscall_64+0xfa/0x3b0 [ 127.926067][ T6684] ? lockdep_hardirqs_on+0x9c/0x150 [ 127.926091][ T6684] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.926110][ T6684] ? clear_bhb_loop+0x60/0xb0 [ 127.926135][ T6684] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.926153][ T6684] RIP: 0033:0x7fab4878e929 [ 127.926171][ T6684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.926187][ T6684] RSP: 002b:00007fab495c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 127.926209][ T6684] RAX: ffffffffffffffda RBX: 00007fab489b5fa0 RCX: 00007fab4878e929 [ 127.926223][ T6684] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000003 [ 127.926235][ T6684] RBP: 00007fab495c5090 R08: 0000000000000000 R09: 0000000000000000 [ 127.926247][ T6684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 127.926258][ T6684] R13: 0000000000000000 R14: 00007fab489b5fa0 R15: 00007ffca0e8b558 [ 127.926290][ T6684] [ 128.188785][ T6686] netlink: 'syz.3.207': attribute type 13 has an invalid length. [ 128.196839][ T6686] netlink: 'syz.3.207': attribute type 17 has an invalid length. [ 128.274887][ T6689] netlink: 'syz.0.209': attribute type 1 has an invalid length. [ 128.433196][ T6686] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 128.548072][ T6701] netlink: 4 bytes leftover after parsing attributes in process `syz.2.210'. [ 128.615953][ T6691] bond1: (slave bridge1): making interface the new active one [ 128.625403][ T6691] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 128.637339][ T6704] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 128.654359][ T6695] netlink: 'syz.2.210': attribute type 1 has an invalid length. [ 128.773141][ T6686] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 128.898085][ T6707] FAULT_INJECTION: forcing a failure. [ 128.898085][ T6707] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 128.963443][ T6707] CPU: 1 UID: 0 PID: 6707 Comm: syz.0.212 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) [ 128.963498][ T6707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 128.963510][ T6707] Call Trace: [ 128.963518][ T6707] [ 128.963527][ T6707] dump_stack_lvl+0x189/0x250 [ 128.963556][ T6707] ? __pfx____ratelimit+0x10/0x10 [ 128.963583][ T6707] ? __pfx_dump_stack_lvl+0x10/0x10 [ 128.963606][ T6707] ? __pfx__printk+0x10/0x10 [ 128.963634][ T6707] ? __might_fault+0xb0/0x130 [ 128.963671][ T6707] should_fail_ex+0x414/0x560 [ 128.963706][ T6707] _copy_from_user+0x2d/0xb0 [ 128.963731][ T6707] ___sys_sendmsg+0x158/0x2a0 [ 128.963769][ T6707] ? __pfx____sys_sendmsg+0x10/0x10 [ 128.963838][ T6707] ? __fget_files+0x2a/0x420 [ 128.963865][ T6707] ? __fget_files+0x3a0/0x420 [ 128.963902][ T6707] __x64_sys_sendmsg+0x19b/0x260 [ 128.963925][ T6707] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 128.963966][ T6707] ? __pfx_ksys_write+0x10/0x10 [ 128.963985][ T6707] ? rcu_is_watching+0x15/0xb0 [ 128.964014][ T6707] ? do_syscall_64+0xbe/0x3b0 [ 128.964043][ T6707] do_syscall_64+0xfa/0x3b0 [ 128.964066][ T6707] ? lockdep_hardirqs_on+0x9c/0x150 [ 128.964090][ T6707] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.964109][ T6707] ? clear_bhb_loop+0x60/0xb0 [ 128.964142][ T6707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.964161][ T6707] RIP: 0033:0x7fab4878e929 [ 128.964178][ T6707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.964194][ T6707] RSP: 002b:00007fab495c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 128.964216][ T6707] RAX: ffffffffffffffda RBX: 00007fab489b5fa0 RCX: 00007fab4878e929 [ 128.964229][ T6707] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000007 [ 128.964241][ T6707] RBP: 00007fab495c5090 R08: 0000000000000000 R09: 0000000000000000 [ 128.964253][ T6707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 128.964264][ T6707] R13: 0000000000000000 R14: 00007fab489b5fa0 R15: 00007ffca0e8b558 [ 128.964296][ T6707] [ 129.216581][ T6696] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 129.292777][ T6719] netlink: 'syz.4.216': attribute type 9 has an invalid length. [ 129.314650][ T6719] netlink: 16 bytes leftover after parsing attributes in process `syz.4.216'. [ 129.562022][ T6730] netlink: 28 bytes leftover after parsing attributes in process `syz.0.219'. [ 129.701700][ T6735] netlink: 44 bytes leftover after parsing attributes in process `syz.1.221'. [ 129.778147][ T6737] FAULT_INJECTION: forcing a failure. [ 129.778147][ T6737] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 129.815551][ T6741] FAULT_INJECTION: forcing a failure. [ 129.815551][ T6741] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 129.850068][ T6737] CPU: 1 UID: 0 PID: 6737 Comm: syz.2.222 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) [ 129.850098][ T6737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 129.850109][ T6737] Call Trace: [ 129.850117][ T6737] [ 129.850126][ T6737] dump_stack_lvl+0x189/0x250 [ 129.850156][ T6737] ? __pfx____ratelimit+0x10/0x10 [ 129.850182][ T6737] ? __pfx_dump_stack_lvl+0x10/0x10 [ 129.850207][ T6737] ? __pfx__printk+0x10/0x10 [ 129.850235][ T6737] ? __might_fault+0xb0/0x130 [ 129.850274][ T6737] should_fail_ex+0x414/0x560 [ 129.850309][ T6737] _copy_from_user+0x2d/0xb0 [ 129.850334][ T6737] ___sys_sendmsg+0x158/0x2a0 [ 129.850369][ T6737] ? __pfx____sys_sendmsg+0x10/0x10 [ 129.850442][ T6737] ? __fget_files+0x2a/0x420 [ 129.850468][ T6737] ? __fget_files+0x3a0/0x420 [ 129.850507][ T6737] __x64_sys_sendmsg+0x19b/0x260 [ 129.850529][ T6737] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 129.850571][ T6737] ? __pfx_ksys_write+0x10/0x10 [ 129.850592][ T6737] ? rcu_is_watching+0x15/0xb0 [ 129.850622][ T6737] ? do_syscall_64+0xbe/0x3b0 [ 129.850652][ T6737] do_syscall_64+0xfa/0x3b0 [ 129.850677][ T6737] ? lockdep_hardirqs_on+0x9c/0x150 [ 129.850701][ T6737] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.850720][ T6737] ? clear_bhb_loop+0x60/0xb0 [ 129.850745][ T6737] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.850773][ T6737] RIP: 0033:0x7f281478e929 [ 129.850792][ T6737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.850809][ T6737] RSP: 002b:00007f28156e3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 129.850831][ T6737] RAX: ffffffffffffffda RBX: 00007f28149b5fa0 RCX: 00007f281478e929 [ 129.850845][ T6737] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000003 [ 129.850857][ T6737] RBP: 00007f28156e3090 R08: 0000000000000000 R09: 0000000000000000 [ 129.850869][ T6737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 129.850881][ T6737] R13: 0000000000000000 R14: 00007f28149b5fa0 R15: 00007ffd000ab728 [ 129.850913][ T6737] [ 129.881676][ T6741] CPU: 0 UID: 0 PID: 6741 Comm: syz.0.224 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) [ 129.881703][ T6741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 129.881714][ T6741] Call Trace: [ 129.881722][ T6741] [ 129.881730][ T6741] dump_stack_lvl+0x189/0x250 [ 129.881756][ T6741] ? __pfx____ratelimit+0x10/0x10 [ 129.881779][ T6741] ? __pfx_dump_stack_lvl+0x10/0x10 [ 129.881801][ T6741] ? __pfx__printk+0x10/0x10 [ 129.881825][ T6741] ? __might_fault+0xb0/0x130 [ 129.881859][ T6741] should_fail_ex+0x414/0x560 [ 129.881890][ T6741] _copy_from_user+0x2d/0xb0 [ 129.881912][ T6741] kstrtouint_from_user+0xc4/0x170 [ 129.881933][ T6741] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 129.881969][ T6741] proc_fail_nth_write+0x88/0x240 [ 129.881996][ T6741] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 129.882027][ T6741] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 129.882053][ T6741] vfs_write+0x27e/0xa90 [ 129.882085][ T6741] ? __pfx_vfs_write+0x10/0x10 [ 129.882107][ T6741] ? __fget_files+0x2a/0x420 [ 129.882136][ T6741] ? __fget_files+0x3a0/0x420 [ 129.882157][ T6741] ? __fget_files+0x2a/0x420 [ 129.882191][ T6741] ksys_write+0x145/0x250 [ 129.882214][ T6741] ? __pfx_ksys_write+0x10/0x10 [ 129.882232][ T6741] ? rcu_is_watching+0x15/0xb0 [ 129.882259][ T6741] ? do_syscall_64+0xbe/0x3b0 [ 129.882286][ T6741] do_syscall_64+0xfa/0x3b0 [ 129.882306][ T6741] ? lockdep_hardirqs_on+0x9c/0x150 [ 129.882330][ T6741] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.882347][ T6741] ? clear_bhb_loop+0x60/0xb0 [ 129.882369][ T6741] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.882387][ T6741] RIP: 0033:0x7fab4878d3df [ 129.882403][ T6741] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 129.882418][ T6741] RSP: 002b:00007fab495c5030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 129.882438][ T6741] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fab4878d3df [ 129.882450][ T6741] RDX: 0000000000000001 RSI: 00007fab495c50a0 RDI: 0000000000000005 [ 129.882460][ T6741] RBP: 00007fab495c5090 R08: 0000000000000000 R09: 0000000000000000 [ 129.882471][ T6741] R10: 0000000000000036 R11: 0000000000000293 R12: 0000000000000001 [ 129.882481][ T6741] R13: 0000000000000000 R14: 00007fab489b5fa0 R15: 00007ffca0e8b558 [ 129.882518][ T6741] [ 130.655615][ T6758] netlink: 12 bytes leftover after parsing attributes in process `syz.1.225'. [ 130.721308][ T6756] sit1: entered promiscuous mode [ 131.458783][ T6788] validate_nla: 3 callbacks suppressed [ 131.458804][ T6788] netlink: 'syz.4.237': attribute type 13 has an invalid length. [ 131.477882][ T6788] netlink: 'syz.4.237': attribute type 17 has an invalid length. [ 131.526185][ T6788] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 131.836749][ T6786] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 131.913304][ T6801] netlink: 'syz.2.244': attribute type 4 has an invalid length. [ 131.942771][ T6801] netlink: 8 bytes leftover after parsing attributes in process `syz.2.244'. [ 132.001429][ T6805] netlink: 'syz.0.243': attribute type 2 has an invalid length. [ 132.004108][ T6786] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.028865][ T6805] netlink: 1168 bytes leftover after parsing attributes in process `syz.0.243'. [ 132.128550][ T6786] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 132.380287][ T6821] tipc: Started in network mode [ 132.387177][ T6821] tipc: Node identity 16ae0da10fa5, cluster identity 4711 [ 132.398694][ T6821] tipc: Enabled bearer , priority 0 [ 132.412785][ T6821] syzkaller0: entered promiscuous mode [ 132.418600][ T6821] syzkaller0: entered allmulticast mode [ 132.450265][ T6821] tipc: Resetting bearer [ 132.468279][ T6820] tipc: Resetting bearer [ 132.528942][ T6820] tipc: Disabling bearer [ 132.914568][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.921113][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.208108][ T6848] netlink: 'syz.2.262': attribute type 1 has an invalid length. [ 133.981397][ T6876] netlink: 8 bytes leftover after parsing attributes in process `syz.1.275'. [ 134.971488][ T6916] xt_hashlimit: size too large, truncated to 1048576 [ 135.431410][ T6934] netlink: 'syz.1.302': attribute type 1 has an invalid length. [ 135.449380][ T6935] netlink: 'syz.4.304': attribute type 1 has an invalid length. [ 135.469848][ T6935] netlink: 'syz.4.304': attribute type 3 has an invalid length. [ 135.498420][ T6935] netlink: 224 bytes leftover after parsing attributes in process `syz.4.304'. [ 135.586680][ T6938] netlink: 8 bytes leftover after parsing attributes in process `syz.3.305'. [ 135.634311][ T6938] syz_tun: entered allmulticast mode [ 135.790865][ T6946] netlink: 'syz.2.309': attribute type 1 has an invalid length. [ 135.820339][ T6946] netlink: 'syz.2.309': attribute type 4 has an invalid length. [ 135.843216][ T6946] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.309'. [ 136.186782][ T6961] geneve2: entered allmulticast mode [ 136.356152][ T6967] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 136.393958][ T6967] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 136.856237][ T6989] netlink: 4 bytes leftover after parsing attributes in process `syz.2.327'. [ 136.955379][ T6989] netlink: 4 bytes leftover after parsing attributes in process `syz.2.327'. [ 136.962382][ T3552] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 136.999274][ T3552] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.035448][ T3552] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.062576][ T3552] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 137.946266][ T7033] Oops: general protection fault, probably for non-canonical address 0xdffffc000000005d: 0000 [#1] SMP KASAN PTI [ 137.958215][ T7033] KASAN: null-ptr-deref in range [0x00000000000002e8-0x00000000000002ef] [ 137.966665][ T7033] CPU: 0 UID: 0 PID: 7033 Comm: syz.2.343 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) [ 137.978591][ T7033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 137.988848][ T7033] RIP: 0010:hfsc_qlen_notify+0x2e/0x160 [ 137.994514][ T7033] Code: 55 41 57 41 56 41 55 41 54 53 48 89 f3 49 bc 00 00 00 00 00 fc ff df e8 80 94 3d f8 4c 8d b3 ec 02 00 00 4c 89 f0 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 e8 00 00 00 41 8b 2e 31 ff 89 ee e8 99 [ 138.014129][ T7033] RSP: 0018:ffffc9000c1b70b0 EFLAGS: 00010203 [ 138.020208][ T7033] RAX: 000000000000005d RBX: 0000000000000000 RCX: 0000000000080000 [ 138.028179][ T7033] RDX: ffffc9000c5e9000 RSI: 000000000000029c RDI: 000000000000029d [ 138.036152][ T7033] RBP: dffffc0000000000 R08: ffff8880767b3c00 R09: 0000000000000002 [ 138.044132][ T7033] R10: 00000000ffffffff R11: ffffffff8982cb60 R12: dffffc0000000000 [ 138.052107][ T7033] R13: ffff8880613c4000 R14: 00000000000002ec R15: ffff8880613c4000 [ 138.060088][ T7033] FS: 00007f28156e36c0(0000) GS:ffff888125c16000(0000) knlGS:0000000000000000 [ 138.069018][ T7033] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 138.075601][ T7033] CR2: 000056268b8af008 CR3: 000000007e1d8000 CR4: 00000000003526f0 [ 138.083581][ T7033] Call Trace: [ 138.086859][ T7033] [ 138.089816][ T7033] qdisc_tree_reduce_backlog+0x299/0x480 [ 138.095462][ T7033] ? qdisc_tree_reduce_backlog+0x3c/0x480 [ 138.101186][ T7033] codel_change+0x859/0xae0 [ 138.105695][ T7033] ? is_dynamic_key+0xd6/0x1c0 [ 138.110460][ T7033] ? qdisc_alloc+0x789/0xaa0 [ 138.115057][ T7033] ? qdisc_create+0x12c/0xea0 [ 138.119733][ T7033] ? rtnetlink_rcv_msg+0x77c/0xb70 [ 138.124848][ T7033] ? netlink_rcv_skb+0x205/0x470 [ 138.129787][ T7033] ? netlink_unicast+0x758/0x8d0 [ 138.134726][ T7033] ? netlink_sendmsg+0x805/0xb30 [ 138.139670][ T7033] ? __sock_sendmsg+0x219/0x270 [ 138.144523][ T7033] ? ____sys_sendmsg+0x505/0x830 [ 138.149467][ T7033] ? ___sys_sendmsg+0x21f/0x2a0 [ 138.154323][ T7033] ? __x64_sys_sendmsg+0x19b/0x260 [ 138.159443][ T7033] ? __pfx_codel_change+0x10/0x10 [ 138.164475][ T7033] codel_init+0x1f7/0x3e0 [ 138.168806][ T7033] ? __pfx_codel_init+0x10/0x10 [ 138.173656][ T7033] qdisc_create+0x7a9/0xea0 [ 138.178167][ T7033] tc_modify_qdisc+0x1426/0x2010 [ 138.183115][ T7033] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 138.188412][ T7033] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 138.193803][ T7033] rtnetlink_rcv_msg+0x77c/0xb70 [ 138.198835][ T7033] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 138.203954][ T7033] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 138.209429][ T7033] netlink_rcv_skb+0x205/0x470 [ 138.214202][ T7033] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 138.219664][ T7033] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 138.224958][ T7033] ? netlink_deliver_tap+0x2e/0x1b0 [ 138.230160][ T7033] ? netlink_deliver_tap+0x2e/0x1b0 [ 138.235363][ T7033] netlink_unicast+0x758/0x8d0 [ 138.240133][ T7033] netlink_sendmsg+0x805/0xb30 [ 138.244907][ T7033] ? __pfx_netlink_sendmsg+0x10/0x10 [ 138.250197][ T7033] ? aa_sock_msg_perm+0x94/0x160 [ 138.255145][ T7033] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 138.260434][ T7033] ? __pfx_netlink_sendmsg+0x10/0x10 [ 138.265724][ T7033] __sock_sendmsg+0x219/0x270 [ 138.270513][ T7033] ____sys_sendmsg+0x505/0x830 [ 138.275486][ T7033] ? __pfx_____sys_sendmsg+0x10/0x10 [ 138.280901][ T7033] ? import_iovec+0x74/0xa0 [ 138.285413][ T7033] ___sys_sendmsg+0x21f/0x2a0 [ 138.290102][ T7033] ? __pfx____sys_sendmsg+0x10/0x10 [ 138.295319][ T7033] ? __fget_files+0x2a/0x420 [ 138.299915][ T7033] ? __fget_files+0x3a0/0x420 [ 138.304600][ T7033] __x64_sys_sendmsg+0x19b/0x260 [ 138.309539][ T7033] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 138.315006][ T7033] ? rcu_is_watching+0x15/0xb0 [ 138.319772][ T7033] ? do_syscall_64+0xbe/0x3b0 [ 138.324452][ T7033] do_syscall_64+0xfa/0x3b0 [ 138.328960][ T7033] ? lockdep_hardirqs_on+0x9c/0x150 [ 138.334161][ T7033] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.340227][ T7033] ? clear_bhb_loop+0x60/0xb0 [ 138.344902][ T7033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.350799][ T7033] RIP: 0033:0x7f281478e929 [ 138.355213][ T7033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 138.374817][ T7033] RSP: 002b:00007f28156e3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 138.383230][ T7033] RAX: ffffffffffffffda RBX: 00007f28149b5fa0 RCX: 00007f281478e929 [ 138.391289][ T7033] RDX: 0000000000004000 RSI: 0000200000000280 RDI: 0000000000000003 [ 138.399266][ T7033] RBP: 00007f2814810b39 R08: 0000000000000000 R09: 0000000000000000 [ 138.407238][ T7033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 138.415211][ T7033] R13: 0000000000000000 R14: 00007f28149b5fa0 R15: 00007ffd000ab728 [ 138.423184][ T7033] [ 138.426201][ T7033] Modules linked in: [ 138.430266][ T7033] ---[ end trace 0000000000000000 ]--- [ 138.435766][ T7033] RIP: 0010:hfsc_qlen_notify+0x2e/0x160 [ 138.441352][ T7033] Code: 55 41 57 41 56 41 55 41 54 53 48 89 f3 49 bc 00 00 00 00 00 fc ff df e8 80 94 3d f8 4c 8d b3 ec 02 00 00 4c 89 f0 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 e8 00 00 00 41 8b 2e 31 ff 89 ee e8 99 [ 138.461287][ T7033] RSP: 0018:ffffc9000c1b70b0 EFLAGS: 00010203 [ 138.467608][ T7033] RAX: 000000000000005d RBX: 0000000000000000 RCX: 0000000000080000 [ 138.475663][ T7033] RDX: ffffc9000c5e9000 RSI: 000000000000029c RDI: 000000000000029d [ 138.483679][ T7033] RBP: dffffc0000000000 R08: ffff8880767b3c00 R09: 0000000000000002 [ 138.491717][ T7033] R10: 00000000ffffffff R11: ffffffff8982cb60 R12: dffffc0000000000 [ 138.500362][ T7033] R13: ffff8880613c4000 R14: 00000000000002ec R15: ffff8880613c4000 [ 138.508405][ T7033] FS: 00007f28156e36c0(0000) GS:ffff888125c16000(0000) knlGS:0000000000000000 [ 138.517437][ T7033] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 138.524080][ T7033] CR2: 000056268b8af008 CR3: 000000007e1d8000 CR4: 00000000003526f0 [ 138.532436][ T7033] Kernel panic - not syncing: Fatal exception in interrupt [ 138.539938][ T7033] Kernel Offset: disabled [ 138.544260][ T7033] Rebooting in 86400 seconds..