last executing test programs: 1m52.635033621s ago: executing program 1 (id=37): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x20048000}, 0x814) 1m36.402827015s ago: executing program 1 (id=37): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x20048000}, 0x814) 1m35.832152353s ago: executing program 4 (id=428): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x44}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x800) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1m29.271416723s ago: executing program 2 (id=880): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="14000049c7d958aec852291f8d579d42e00dd17ef2eb4391d549352765a17a009b92"], 0x14}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000940)=ANY=[@ANYBLOB="440000001e3e3965edd7849172aa8b833b399e24fd5e765fb09ecb1b37adc7a9c4d0c16824962966eb509d591359dd3721f11d60b837b4b05e41d116db560b7f9c486699905ad8aaa49d1824bdd8f80c6c89ebdccd7c211406cc4e43a971050a49c5a9936f9db866c88e47882d1270b5cc7608fd99c5c363113b1506f7ba3effd5f5db3e42ea8ec4eaed8affe917f639053ee3bcf223507dc88ce7d93708a4b55a8f59141fb8215f9fb25780aaa00dc628badd13ac21a31572df6d310ba698a44bee3cdc2828a75a83290344667fbbe6111aae0f0e8954bb19", @ANYBLOB="010800000000000000000b", @ANYRES32, @ANYBLOB], 0x44}}, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0), 0xffffffffffffffff) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1m28.919632604s ago: executing program 2 (id=881): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000500)=@filter={'filter\x00', 0x2, 0x4, 0x400, 0xffffffff, 0x138, 0x228, 0x0, 0xfeffffff, 0xffffffff, 0x330, 0x330, 0x330, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0x110, 0x138, 0x0, {}, [@common=@unspec=@devgroup={{0x38}}, @common=@srh={{0x30}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f00}}]}, @REJECT={0x28}}, {{@ipv6={@dev, @empty, [], [], 'sit0\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@loopback, @dev, [], [], 'erspan0\x00', 'veth0_to_bridge\x00'}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@multicast1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x460) bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0700000004000000008000000900000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000dd0026643eb00"/28], 0x48) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000100000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x3, 0x25, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) close(0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_DYING(r2, &(0x7f0000000d40)={0xffffffffffffffff, 0x0, &(0x7f0000000d00)={&(0x7f0000000cc0)={0x14, 0x6, 0x1, 0x201, 0x0, 0x0, {0xa, 0x0, 0x5}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x80010) r3 = socket(0x10, 0x3, 0x0) r4 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r4, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000080)="96bc1480bb58", 0x6}], 0x2, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @empty}}}], 0x20}, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="180000001600010a"], 0x78}, 0x1, 0x0, 0x0, 0x8000}, 0x0) recvmsg$unix(r3, &(0x7f0000000c40)={&(0x7f0000000140), 0x6e, &(0x7f0000000ac0)=[{&(0x7f0000000280)=""/207, 0xcf}, {&(0x7f0000000980)=""/249, 0xf9}, {&(0x7f0000000380)=""/97, 0x61}, {&(0x7f00000001c0)=""/6, 0x6}, {&(0x7f0000000d80)=""/168, 0xa8}, {&(0x7f0000000a80)=""/14, 0xe}], 0x6, &(0x7f0000000b40)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xc8}, 0x102) recvmmsg(r3, &(0x7f000001ef40)=[{{0x0, 0x0, 0x0}, 0xf}, {{0x0, 0x0, &(0x7f000001c980)=[{&(0x7f0000002480)=""/75, 0x4b}, {&(0x7f000001c900)=""/115, 0x73}, {&(0x7f000001b640)=""/195, 0xc3}, {0x0}], 0x4, &(0x7f000001ca40)=""/4096, 0x1000}, 0x9}, {{0x0, 0x0, 0x0}, 0x100}], 0x3, 0x20, 0x0) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000000000)={0xfff, 0x8, 0x1, 0x7ff}, &(0x7f0000000240)=0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000c80), r5) 1m20.314782364s ago: executing program 1 (id=37): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x20048000}, 0x814) 1m19.114532132s ago: executing program 2 (id=881): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000500)=@filter={'filter\x00', 0x2, 0x4, 0x400, 0xffffffff, 0x138, 0x228, 0x0, 0xfeffffff, 0xffffffff, 0x330, 0x330, 0x330, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0x110, 0x138, 0x0, {}, [@common=@unspec=@devgroup={{0x38}}, @common=@srh={{0x30}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f00}}]}, @REJECT={0x28}}, {{@ipv6={@dev, @empty, [], [], 'sit0\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@loopback, @dev, [], [], 'erspan0\x00', 'veth0_to_bridge\x00'}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@multicast1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x460) bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0700000004000000008000000900000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000dd0026643eb00"/28], 0x48) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000100000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x3, 0x25, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) close(0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_DYING(r2, &(0x7f0000000d40)={0xffffffffffffffff, 0x0, &(0x7f0000000d00)={&(0x7f0000000cc0)={0x14, 0x6, 0x1, 0x201, 0x0, 0x0, {0xa, 0x0, 0x5}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x80010) r3 = socket(0x10, 0x3, 0x0) r4 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r4, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000080)="96bc1480bb58", 0x6}], 0x2, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @empty}}}], 0x20}, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="180000001600010a"], 0x78}, 0x1, 0x0, 0x0, 0x8000}, 0x0) recvmsg$unix(r3, &(0x7f0000000c40)={&(0x7f0000000140), 0x6e, &(0x7f0000000ac0)=[{&(0x7f0000000280)=""/207, 0xcf}, {&(0x7f0000000980)=""/249, 0xf9}, {&(0x7f0000000380)=""/97, 0x61}, {&(0x7f00000001c0)=""/6, 0x6}, {&(0x7f0000000d80)=""/168, 0xa8}, {&(0x7f0000000a80)=""/14, 0xe}], 0x6, &(0x7f0000000b40)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xc8}, 0x102) recvmmsg(r3, &(0x7f000001ef40)=[{{0x0, 0x0, 0x0}, 0xf}, {{0x0, 0x0, &(0x7f000001c980)=[{&(0x7f0000002480)=""/75, 0x4b}, {&(0x7f000001c900)=""/115, 0x73}, {&(0x7f000001b640)=""/195, 0xc3}, {0x0}], 0x4, &(0x7f000001ca40)=""/4096, 0x1000}, 0x9}, {{0x0, 0x0, 0x0}, 0x100}], 0x3, 0x20, 0x0) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000000000)={0xfff, 0x8, 0x1, 0x7ff}, &(0x7f0000000240)=0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000c80), r5) 1m18.686969191s ago: executing program 4 (id=428): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x44}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x800) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 58.579280645s ago: executing program 4 (id=428): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x44}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x800) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 57.382577208s ago: executing program 1 (id=37): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x20048000}, 0x814) 56.189101022s ago: executing program 2 (id=881): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000500)=@filter={'filter\x00', 0x2, 0x4, 0x400, 0xffffffff, 0x138, 0x228, 0x0, 0xfeffffff, 0xffffffff, 0x330, 0x330, 0x330, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0x110, 0x138, 0x0, {}, [@common=@unspec=@devgroup={{0x38}}, @common=@srh={{0x30}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f00}}]}, @REJECT={0x28}}, {{@ipv6={@dev, @empty, [], [], 'sit0\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@loopback, @dev, [], [], 'erspan0\x00', 'veth0_to_bridge\x00'}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@multicast1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x460) bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0700000004000000008000000900000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000dd0026643eb00"/28], 0x48) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000100000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x3, 0x25, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) close(0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_DYING(r2, &(0x7f0000000d40)={0xffffffffffffffff, 0x0, &(0x7f0000000d00)={&(0x7f0000000cc0)={0x14, 0x6, 0x1, 0x201, 0x0, 0x0, {0xa, 0x0, 0x5}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x80010) r3 = socket(0x10, 0x3, 0x0) r4 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r4, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000080)="96bc1480bb58", 0x6}], 0x2, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @empty}}}], 0x20}, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="180000001600010a"], 0x78}, 0x1, 0x0, 0x0, 0x8000}, 0x0) recvmsg$unix(r3, &(0x7f0000000c40)={&(0x7f0000000140), 0x6e, &(0x7f0000000ac0)=[{&(0x7f0000000280)=""/207, 0xcf}, {&(0x7f0000000980)=""/249, 0xf9}, {&(0x7f0000000380)=""/97, 0x61}, {&(0x7f00000001c0)=""/6, 0x6}, {&(0x7f0000000d80)=""/168, 0xa8}, {&(0x7f0000000a80)=""/14, 0xe}], 0x6, &(0x7f0000000b40)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xc8}, 0x102) recvmmsg(r3, &(0x7f000001ef40)=[{{0x0, 0x0, 0x0}, 0xf}, {{0x0, 0x0, &(0x7f000001c980)=[{&(0x7f0000002480)=""/75, 0x4b}, {&(0x7f000001c900)=""/115, 0x73}, {&(0x7f000001b640)=""/195, 0xc3}, {0x0}], 0x4, &(0x7f000001ca40)=""/4096, 0x1000}, 0x9}, {{0x0, 0x0, 0x0}, 0x100}], 0x3, 0x20, 0x0) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000000000)={0xfff, 0x8, 0x1, 0x7ff}, &(0x7f0000000240)=0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000c80), r5) 39.816113228s ago: executing program 4 (id=428): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x44}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x800) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 38.840676754s ago: executing program 1 (id=37): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x20048000}, 0x814) 37.428552633s ago: executing program 2 (id=881): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000500)=@filter={'filter\x00', 0x2, 0x4, 0x400, 0xffffffff, 0x138, 0x228, 0x0, 0xfeffffff, 0xffffffff, 0x330, 0x330, 0x330, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0x110, 0x138, 0x0, {}, [@common=@unspec=@devgroup={{0x38}}, @common=@srh={{0x30}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f00}}]}, @REJECT={0x28}}, {{@ipv6={@dev, @empty, [], [], 'sit0\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@loopback, @dev, [], [], 'erspan0\x00', 'veth0_to_bridge\x00'}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@multicast1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x460) bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0700000004000000008000000900000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000dd0026643eb00"/28], 0x48) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000100000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x3, 0x25, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) close(0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_DYING(r2, &(0x7f0000000d40)={0xffffffffffffffff, 0x0, &(0x7f0000000d00)={&(0x7f0000000cc0)={0x14, 0x6, 0x1, 0x201, 0x0, 0x0, {0xa, 0x0, 0x5}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x80010) r3 = socket(0x10, 0x3, 0x0) r4 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r4, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000080)="96bc1480bb58", 0x6}], 0x2, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @empty}}}], 0x20}, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="180000001600010a"], 0x78}, 0x1, 0x0, 0x0, 0x8000}, 0x0) recvmsg$unix(r3, &(0x7f0000000c40)={&(0x7f0000000140), 0x6e, &(0x7f0000000ac0)=[{&(0x7f0000000280)=""/207, 0xcf}, {&(0x7f0000000980)=""/249, 0xf9}, {&(0x7f0000000380)=""/97, 0x61}, {&(0x7f00000001c0)=""/6, 0x6}, {&(0x7f0000000d80)=""/168, 0xa8}, {&(0x7f0000000a80)=""/14, 0xe}], 0x6, &(0x7f0000000b40)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xc8}, 0x102) recvmmsg(r3, &(0x7f000001ef40)=[{{0x0, 0x0, 0x0}, 0xf}, {{0x0, 0x0, &(0x7f000001c980)=[{&(0x7f0000002480)=""/75, 0x4b}, {&(0x7f000001c900)=""/115, 0x73}, {&(0x7f000001b640)=""/195, 0xc3}, {0x0}], 0x4, &(0x7f000001ca40)=""/4096, 0x1000}, 0x9}, {{0x0, 0x0, 0x0}, 0x100}], 0x3, 0x20, 0x0) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000000000)={0xfff, 0x8, 0x1, 0x7ff}, &(0x7f0000000240)=0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000c80), r5) 20.318311051s ago: executing program 4 (id=428): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x44}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x800) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 19.014195982s ago: executing program 2 (id=881): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000500)=@filter={'filter\x00', 0x2, 0x4, 0x400, 0xffffffff, 0x138, 0x228, 0x0, 0xfeffffff, 0xffffffff, 0x330, 0x330, 0x330, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0x110, 0x138, 0x0, {}, [@common=@unspec=@devgroup={{0x38}}, @common=@srh={{0x30}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f00}}]}, @REJECT={0x28}}, {{@ipv6={@dev, @empty, [], [], 'sit0\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@loopback, @dev, [], [], 'erspan0\x00', 'veth0_to_bridge\x00'}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@multicast1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x460) bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="0700000004000000008000000900000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000dd0026643eb00"/28], 0x48) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000100000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x3, 0x25, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) close(0x4) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_DYING(r2, &(0x7f0000000d40)={0xffffffffffffffff, 0x0, &(0x7f0000000d00)={&(0x7f0000000cc0)={0x14, 0x6, 0x1, 0x201, 0x0, 0x0, {0xa, 0x0, 0x5}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x80010) r3 = socket(0x10, 0x3, 0x0) r4 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r4, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000080)="96bc1480bb58", 0x6}], 0x2, &(0x7f0000000100)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @empty}}}], 0x20}, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="180000001600010a"], 0x78}, 0x1, 0x0, 0x0, 0x8000}, 0x0) recvmsg$unix(r3, &(0x7f0000000c40)={&(0x7f0000000140), 0x6e, &(0x7f0000000ac0)=[{&(0x7f0000000280)=""/207, 0xcf}, {&(0x7f0000000980)=""/249, 0xf9}, {&(0x7f0000000380)=""/97, 0x61}, {&(0x7f00000001c0)=""/6, 0x6}, {&(0x7f0000000d80)=""/168, 0xa8}, {&(0x7f0000000a80)=""/14, 0xe}], 0x6, &(0x7f0000000b40)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xc8}, 0x102) recvmmsg(r3, &(0x7f000001ef40)=[{{0x0, 0x0, 0x0}, 0xf}, {{0x0, 0x0, &(0x7f000001c980)=[{&(0x7f0000002480)=""/75, 0x4b}, {&(0x7f000001c900)=""/115, 0x73}, {&(0x7f000001b640)=""/195, 0xc3}, {0x0}], 0x4, &(0x7f000001ca40)=""/4096, 0x1000}, 0x9}, {{0x0, 0x0, 0x0}, 0x100}], 0x3, 0x20, 0x0) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000000000)={0xfff, 0x8, 0x1, 0x7ff}, &(0x7f0000000240)=0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000c80), r5) 17.900803627s ago: executing program 1 (id=37): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x20048000}, 0x814) 2.712114486s ago: executing program 0 (id=1311): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r1, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="4000000003000305000000000007000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000100000180012800e0001007769726567756172640000000400028008000a00", @ANYRES32=r2, @ANYBLOB="123428ec5f18181d273ea0c703538817e3e58cd42c27e03a6cbb6c9bcbae268e926da512ee5f9f956dbf4f264e3d264176917464aee6c60424768caf522357a71097580bf82037768489574f963b8a047b649410aeda0a7f5f56035d4b74cea9fc3b1d066990a894f8f91c7b7ff3ffef8c576b11"], 0x40}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0) 2.458789434s ago: executing program 0 (id=1313): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0xff00, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c) 1.424127358s ago: executing program 0 (id=1320): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000500)="d8000000180081054e81f782db4cb904021d0800fe207c05e8fe55a10a0015000200142603600e12080005007f370401a8001600200006000500027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2e98a61e284ce5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e970392", 0xd8}], 0x1}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, 0x0, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000d40), 0xffffffffffffffff) sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000d80)={0x38, r2, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x101}]}]}, 0x38}}, 0x0) accept4$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @private}, &(0x7f0000000180)=0x10, 0x800) socket(0x10, 0x803, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000001040)={'sit0\x00', &(0x7f0000001000)={'syztnl2\x00', 0x0, 0x0, 0xa000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x64, 0x0, 0x0, 0x4, 0x0, @empty, @rand_addr=0x3}}}}) 1.176736087s ago: executing program 0 (id=1322): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@mcast2, 0x10011, 0x1, 0x2, 0x2, 0xc}, 0x20) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) ioctl(r0, 0xffffffff, &(0x7f0000000640)="a422eb418d9f9a1877c4e704fa874e5a2c5b86a72636b709f9f74895c5c2ce10b35bf46380f8cd16addde73ab2140d340973f1d06127529b423d39aeb362ad09827c63e03fa27f3a4a97a3c2714c50a957cceb285c05ffffffff8c5d1b68af12cc4eb00cfeb88f3bcd0bdbc1269795be2ed69905bfe2c76b973adb4ba31dc3cc7b486483c0e36cbee94c2edf6565454115c4cf0bcde6f9b2ab9e4a1d69284ccdbbdfafa5cb7325219d5db6c82318595fbafbbebe93231dae0498a28afdff27f92630361c899841271e53628188ba8dc96e99312e076dd39eddc9271af87ba09f09f0fdd2e2c0377b0a645991a489405541fe5a7515e2b8b649415d4edee89a9696f34bc33090bee1a07968aae65968c17ca17d32db34430c9138d3fbf1c9eb42f0faf2b76a1414de0bb9dc9967469de644eaaa2af865bf17063d1ea1a2b4618dd66296d0f6e5a27802ca56fe70435f4d12494c6fa4d5d4c8ca4a28cc3aaedbc25c5da21259") r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001bc0)=@deltfilter={0x24, 0x2d, 0x1, 0x78bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xfff3, 0x8}, {0xffff, 0xffff}, {0x0, 0xf}}}, 0x24}}, 0x20044000) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), r4) getsockopt$bt_BT_SECURITY(r1, 0x112, 0x4, &(0x7f0000000000), 0x2) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000007c0)={0x1e4, r5, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0xdc, 0xe, {{{}, {}, @device_a, @device_a, @from_mac}, 0x3, @random=0x8, 0x1, @void, @val, @val={0x3, 0x1, 0x84}, @val={0x4, 0x6, {0x40, 0x3, 0x1, 0x81}}, @void, @val={0x5, 0x83, {0x12, 0x4c, 0x4, "57f1983916ba13b3423557b4c1e66a0c1c447543e8a490687fda01e829744b2224e71c2b7ce7e3a7101168bac233ace128e667b81e4c2e85990d5e212542c8f5f1ad39b4575b25154d5217d7d6cf6da20e7cc720cd142459ca3bfde4a3f4d7ab909eb73977401ebdccc113cacadaaa3c7b713e81776754e00ec851b0e2cff2c8"}}, @void, @void, @val={0x3c, 0x4, {0x1, 0x7, 0xb1, 0x3}}, @val={0x2d, 0x1a, {0x2, 0x0, 0x7, 0x0, {0x6, 0x2, 0x0, 0xbc}, 0x400, 0x3, 0x9}}, @void, @void, @void}}, @NL80211_ATTR_FTM_RESPONDER={0xd4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xca, 0x3, "e210d16062d16c491f69630c497c2bd417596004690232f8ded64c254121888dffaf00079f3e5ed630bb15619696948faacde8cf57f369118455e09d62bb87d20f94fb3030fdaa422b0c46814d112b7262dd1d1b4857a4b80ddfc5a81a681d079ae5100abd8cc521ee7886995ad274e5be081e4bfa57de5ab02e961be5136cd2b71e1b202edf6adcd6ff9dfddfc91c496d68576132ade78a5adcf5e632578add0872b79f6e0e9c2d66e6371f0e6dd39e4ee4a2738d2a82e56fa17a9506345a5bec0f73b73097"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_INACTIVITY_TIMEOUT={0x6, 0x96, 0x8}]}, 0x1e4}}, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r7) sendmsg$NLBL_MGMT_C_ADD(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="40024000f3f7ed7f91f67d254e2c336ca10ef51ae789ae51ff8c7b104141c778d2104275154531f3cc05f53b3a0aca48d9a806d0316c167739081353bc0a5b161e020db93c617cca8f4a9e02607c3970b160aa320d6aee0c924989528c2d6bb02b88e46abf6ae755a04da340a0430c9d675d46f30992aaa5efa826bc4d88ec14b87e0f58064a540632c196cc7bd4b825f632f7c13e142b4a84c2f8d564ba44c1d7797d5a90ce0b6316af3e35c23d58fd8496fc23718858af93adca72f9000000", @ANYRES16=r8, @ANYBLOB="010026bd7000fddbdf25010000000800020004000000070001002c2a0000080008000a01010114000600ff020000000000000000000000000001"], 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x20000014) 896.165834ms ago: executing program 0 (id=1323): r0 = socket$netlink(0x10, 0x3, 0x0) socket(0x200000000000011, 0x2, 0x0) (async) r1 = socket(0x200000000000011, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001080)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000200000005000000180001801400020073797a5f74756e0000000000000000000500070003000000"], 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x4000010) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="48000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r4, @ANYBLOB="0a0001"], 0x48}}, 0x0) 687.837827ms ago: executing program 0 (id=1326): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200)=0x5, 0xfffffe97) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, 0xffffffffffffffff, 0x0) recvfrom(r0, 0x0, 0x0, 0x102, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000100), 0x0, 0x0, &(0x7f0000001100)={0x2, 0x0, @private}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="d5950e2d89e117a31f3f898180323fb36a52400e56509a774f5d3d6d15c172b731d8a67782a67db75a4b60c2f74b1084df79f54b380d0f130a39a93a74f86317", @ANYRES64=r2], 0x50}, 0x1, 0x0, 0x0, 0x20004094}, 0x40000) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x4}, 0x8) sendto$inet6(r4, &(0x7f0000000040)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r4, 0x84, 0x7c, &(0x7f0000000400)={0x0, 0x8, 0x800a}, 0x8) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r5, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000080)={r6, 0x46}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f00000003c0)={r6, 0x1}, 0x8) r7 = socket$inet_udplite(0x2, 0x2, 0x88) bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000080850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN_LIVE(0xa, &(0x7f0000000080)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x50) r9 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$ARPT_SO_SET_REPLACE(r9, 0x0, 0x60, &(0x7f0000000a40)={'filter\x00', 0xd, 0x4, 0x3f0, 0x110, 0x0, 0x1f8, 0x110, 0x308, 0x308, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@link_local, @empty, @multicast2, @empty}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x11, {@empty, @empty, @multicast2, @dev}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440) sendmsg$IPCTNL_MSG_EXP_GET(r3, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="0400000001020500000000000000000002000008080008400000000208000840000000010800094000000007"], 0x2c}}, 0x1) setsockopt$IPT_SO_SET_REPLACE(r7, 0x9003000000000000, 0x40, &(0x7f0000000b40)=@raw={'raw\x00', 0x2, 0x3, 0x2c8, 0x0, 0x178, 0x178, 0x178, 0x178, 0x230, 0x230, 0x230, 0x230, 0x230, 0x3, 0x0, {[{{@uncond, 0x0, 0x158, 0x178, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'kmp\x00', "d9d9e63590ab5471c46924e95540949f0cd7e2b0a94d71d9d944acb7f0a1297674a95b30cee19db4c1725572ba928385b1635c89b58ae9a0e1ea500b26f006da3fa8a134552f7980e92de5a784cd4f46e799e191835d7d5ea776f04bef524e22f0bb6ed4b00f44ceb936943e13fa1caa6b4b159c673db1efa9a08b1ddc74ce6c", 0x43, 0x3}}, @common=@inet=@socket3={{0x28}, 0x51}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@set2={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x328) 633.392272ms ago: executing program 3 (id=1327): socket$inet_udp(0x2, 0x2, 0x0) socket(0x10, 0x2, 0x0) pipe(&(0x7f0000000080)) socket$netlink(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$l2tp6(0xa, 0x2, 0x73) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x801, 0x84) socket$igmp(0x2, 0x3, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0xb) socket$inet6_udplite(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000080)) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) socket$pppoe(0x18, 0x1, 0x0) pipe(&(0x7f0000000040)) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000006000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r1, @ANYRESOCT=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 446.834202ms ago: executing program 3 (id=1328): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="14000049c7d958aec852291f8d579d42e00dd17ef2eb4391d549352765a17a009b92"], 0x14}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000940)=ANY=[@ANYBLOB="440000001e3e3965edd7849172aa8b833b399e24fd5e765fb09ecb1b37adc7a9c4d0c16824962966eb509d591359dd3721f11d60b837b4b05e41d116db560b7f9c486699905ad8aaa49d1824bdd8f80c6c89ebdccd7c211406cc4e43a971050a49c5a9936f9db866c88e47882d1270b5cc7608fd99c5c363113b1506f7ba3effd5f5db3e42ea8ec4eaed8affe917f639053ee3bcf223507dc88ce7d93708a4b55a8f59141fb8215f9fb257", @ANYBLOB="010800000000000000000b", @ANYRES32, @ANYBLOB="28005080110001004abee3"], 0x44}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f00000006c0)={0x58, r2, 0x2, 0x70bd2d, 0xff, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME={0x3f, 0x33, @probe_request={{{0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x5}, @broadcast, @broadcast, @initial, {0xe, 0x5}, @value=@ver_80211n={0x0, 0x6, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}}, @void, @void, @val={0x3, 0x1, 0xb0}, @val={0x2d, 0x1a, {0x10, 0x0, 0x1, 0x0, {0xb, 0x1292, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3}, 0x800, 0x9, 0xd}}, @void}}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}]}, 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x800) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0), 0xffffffffffffffff) r3 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 276.152931ms ago: executing program 3 (id=1329): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x3c, 0xa, 0xa, 0x301, 0x0, 0x0, {0x3, 0x0, 0x9}, [@NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff00}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x2}, @NFTA_SET_DESC={0x8, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x4}]}, @NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0x7}, @NFTA_SET_ID={0x8}]}, 0x3c}, 0x1, 0x0, 0xffffffffffffffa6, 0x4000080}, 0x80) 214.432631ms ago: executing program 3 (id=1330): r0 = socket$netlink(0x10, 0x3, 0xa) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000020900010073797a30000000002c000000030a010200000000000000000100fffe0900010073797a30000000000900030073797a30000000007c000000060a010400000000000000000100000008000b400000000054000480400001800e000100696d6d6564696174650000002c0002800800014002000000040002801c0002801800028008000180fffffffc0900020073797a3000000000100001800a0001006c696d69740000000900010073797a30"], 0xf0}}, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0x5, &(0x7f0000000000)=0xffffffff, 0x4) sendmsg$NL80211_CMD_LEAVE_MESH(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[], 0x33fe0}}, 0x0) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="4c0000001200001b4778f600"/56, @ANYRES32=0x0, @ANYBLOB='\x00'/16], 0x4c}}, 0x0) 125.709268ms ago: executing program 3 (id=1331): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="180000002239000000000000000a00007301170000000000950000000000000056dcaade5791bf4515fdc411249cb887232e46478cbf570a2cc14234ed102651d1de174ae5aa0da2066e2aa8b43e39b7d5e705a9c2d192b1c8f1060a4453eb014c2c5d16d943018be3a99a88715f9c129bef8abc95dd"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80) 41.830041ms ago: executing program 4 (id=428): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x44}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x800) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 0s ago: executing program 3 (id=1332): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000500)="d8000000180081054e81f782db4cb904021d0800fe207c05e8fe55a10a0015000200142603600e12080005007f370401a8001600200006000500027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2e98a61e284ce5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e970392", 0xd8}], 0x1}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, 0x0, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000d40), 0xffffffffffffffff) sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000d80)={0x38, r2, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x101}]}]}, 0x38}}, 0x0) accept4$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @private}, &(0x7f0000000180)=0x10, 0x800) socket(0x10, 0x803, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000001040)={'sit0\x00', &(0x7f0000001000)={'syztnl2\x00', 0x0, 0x0, 0xa000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x64, 0x0, 0x0, 0x4, 0x0, @empty, @rand_addr=0x3}}}}) kernel console output (not intermixed with test programs): und [ 208.732367][ T9902] netlink: 4 bytes leftover after parsing attributes in process `syz.0.955'. [ 208.928666][ T9838] chnl_net:caif_netlink_parms(): no params data found [ 209.260874][ T9926] xt_bpf: check failed: parse error [ 209.426386][ T9836] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.433632][ T9836] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.486550][ T9836] bridge_slave_0: entered allmulticast mode [ 209.518486][ T9836] bridge_slave_0: entered promiscuous mode [ 209.532074][ T9836] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.541230][ T9836] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.548712][ T9836] bridge_slave_1: entered allmulticast mode [ 209.557239][ T9836] bridge_slave_1: entered promiscuous mode [ 209.570371][ T9943] FAULT_INJECTION: forcing a failure. [ 209.570371][ T9943] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 209.583966][ T9943] CPU: 0 UID: 0 PID: 9943 Comm: syz.0.964 Not tainted 6.16.0-rc2-syzkaller-00177-g1fd26729e013 #0 PREEMPT(full) [ 209.583990][ T9943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 209.584000][ T9943] Call Trace: [ 209.584008][ T9943] [ 209.584015][ T9943] dump_stack_lvl+0x189/0x250 [ 209.584042][ T9943] ? __pfx____ratelimit+0x10/0x10 [ 209.584065][ T9943] ? __pfx_dump_stack_lvl+0x10/0x10 [ 209.584087][ T9943] ? __pfx__printk+0x10/0x10 [ 209.584105][ T9943] ? __might_fault+0xb0/0x130 [ 209.584131][ T9943] should_fail_ex+0x414/0x560 [ 209.584154][ T9943] _copy_from_iter+0x1db/0x16f0 [ 209.584176][ T9943] ? rcu_is_watching+0x15/0xb0 [ 209.584200][ T9943] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 209.584218][ T9943] ? __pfx__copy_from_iter+0x10/0x10 [ 209.584242][ T9943] ? __build_skb_around+0x257/0x3e0 [ 209.584262][ T9943] ? netlink_sendmsg+0x642/0xb30 [ 209.584279][ T9943] ? skb_put+0x11b/0x210 [ 209.584299][ T9943] netlink_sendmsg+0x6b2/0xb30 [ 209.584326][ T9943] ? __pfx_netlink_sendmsg+0x10/0x10 [ 209.584346][ T9943] ? aa_sock_msg_perm+0x94/0x160 [ 209.584368][ T9943] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 209.584387][ T9943] ? __pfx_netlink_sendmsg+0x10/0x10 [ 209.584404][ T9943] __sock_sendmsg+0x219/0x270 [ 209.584430][ T9943] ____sys_sendmsg+0x505/0x830 [ 209.584454][ T9943] ? __pfx_____sys_sendmsg+0x10/0x10 [ 209.584483][ T9943] ? import_iovec+0x74/0xa0 [ 209.584502][ T9943] ___sys_sendmsg+0x21f/0x2a0 [ 209.584525][ T9943] ? __pfx____sys_sendmsg+0x10/0x10 [ 209.584580][ T9943] ? __fget_files+0x2a/0x420 [ 209.584597][ T9943] ? __fget_files+0x3a0/0x420 [ 209.584624][ T9943] __x64_sys_sendmsg+0x19b/0x260 [ 209.584647][ T9943] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 209.584676][ T9943] ? __pfx_ksys_write+0x10/0x10 [ 209.584689][ T9943] ? rcu_is_watching+0x15/0xb0 [ 209.584716][ T9943] ? do_syscall_64+0xbe/0x3b0 [ 209.584742][ T9943] do_syscall_64+0xfa/0x3b0 [ 209.584755][ T9943] ? lockdep_hardirqs_on+0x9c/0x150 [ 209.584775][ T9943] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.584791][ T9943] ? clear_bhb_loop+0x60/0xb0 [ 209.584810][ T9943] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.584824][ T9943] RIP: 0033:0x7fa64698e929 [ 209.584839][ T9943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.584853][ T9943] RSP: 002b:00007fa647856038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 209.584871][ T9943] RAX: ffffffffffffffda RBX: 00007fa646bb5fa0 RCX: 00007fa64698e929 [ 209.584881][ T9943] RDX: 0000000000000080 RSI: 0000200000000200 RDI: 0000000000000003 [ 209.584892][ T9943] RBP: 00007fa647856090 R08: 0000000000000000 R09: 0000000000000000 [ 209.584903][ T9943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 209.584913][ T9943] R13: 0000000000000000 R14: 00007fa646bb5fa0 R15: 00007ffe99941c68 [ 209.584945][ T9943] [ 209.888028][ T5853] Bluetooth: hci0: command tx timeout [ 209.899420][ T9844] chnl_net:caif_netlink_parms(): no params data found [ 210.033953][ T51] Bluetooth: hci2: command tx timeout [ 210.098292][ T9836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 210.113624][ T9836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 210.145949][ T9951] netlink: 8 bytes leftover after parsing attributes in process `syz.3.967'. [ 210.163620][ T9954] netlink: 4 bytes leftover after parsing attributes in process `syz.0.968'. [ 210.298070][ T9836] team0: Port device team_slave_0 added [ 210.327286][ T9836] team0: Port device team_slave_1 added [ 210.333595][ T9838] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.351715][ T9838] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.354763][ T51] Bluetooth: hci4: command tx timeout [ 210.361911][ T9838] bridge_slave_0: entered allmulticast mode [ 210.375156][ T9838] bridge_slave_0: entered promiscuous mode [ 210.388910][ T9838] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.403118][ T9838] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.410738][ T9838] bridge_slave_1: entered allmulticast mode [ 210.420430][ T9838] bridge_slave_1: entered promiscuous mode [ 210.590722][ T9836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 210.613853][ T9836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.673556][ T9836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 210.760089][ T4120] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.824402][ T9836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 210.831382][ T9836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.880721][ T9836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 210.949571][ T9838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 210.970643][ T9838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 211.002297][ T4120] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.019647][ T9983] FAULT_INJECTION: forcing a failure. [ 211.019647][ T9983] name failslab, interval 1, probability 0, space 0, times 0 [ 211.037006][ T9983] CPU: 0 UID: 0 PID: 9983 Comm: syz.3.976 Not tainted 6.16.0-rc2-syzkaller-00177-g1fd26729e013 #0 PREEMPT(full) [ 211.037031][ T9983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 211.037042][ T9983] Call Trace: [ 211.037049][ T9983] [ 211.037056][ T9983] dump_stack_lvl+0x189/0x250 [ 211.037084][ T9983] ? __pfx____ratelimit+0x10/0x10 [ 211.037107][ T9983] ? __pfx_dump_stack_lvl+0x10/0x10 [ 211.037130][ T9983] ? __pfx__printk+0x10/0x10 [ 211.037155][ T9983] ? ref_tracker_alloc+0x318/0x460 [ 211.037180][ T9983] should_fail_ex+0x414/0x560 [ 211.037206][ T9983] should_failslab+0xa8/0x100 [ 211.037226][ T9983] kmem_cache_alloc_noprof+0x73/0x3c0 [ 211.037250][ T9983] ? skb_clone+0x212/0x3a0 [ 211.037275][ T9983] skb_clone+0x212/0x3a0 [ 211.037299][ T9983] __netlink_deliver_tap+0x404/0x850 [ 211.037340][ T9983] ? netlink_deliver_tap+0x2e/0x1b0 [ 211.037362][ T9983] netlink_deliver_tap+0x19c/0x1b0 [ 211.037382][ T9983] netlink_unicast+0x72f/0x8d0 [ 211.037412][ T9983] netlink_sendmsg+0x805/0xb30 [ 211.037442][ T9983] ? __pfx_netlink_sendmsg+0x10/0x10 [ 211.037464][ T9983] ? aa_sock_msg_perm+0x94/0x160 [ 211.037487][ T9983] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 211.037506][ T9983] ? __pfx_netlink_sendmsg+0x10/0x10 [ 211.037526][ T9983] __sock_sendmsg+0x219/0x270 [ 211.037556][ T9983] ____sys_sendmsg+0x505/0x830 [ 211.037582][ T9983] ? __pfx_____sys_sendmsg+0x10/0x10 [ 211.037612][ T9983] ? import_iovec+0x74/0xa0 [ 211.037633][ T9983] ___sys_sendmsg+0x21f/0x2a0 [ 211.037656][ T9983] ? __pfx____sys_sendmsg+0x10/0x10 [ 211.037716][ T9983] ? __fget_files+0x2a/0x420 [ 211.037733][ T9983] ? __fget_files+0x3a0/0x420 [ 211.037762][ T9983] __x64_sys_sendmsg+0x19b/0x260 [ 211.037785][ T9983] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 211.037816][ T9983] ? __pfx_ksys_write+0x10/0x10 [ 211.037830][ T9983] ? rcu_is_watching+0x15/0xb0 [ 211.037859][ T9983] ? do_syscall_64+0xbe/0x3b0 [ 211.037879][ T9983] do_syscall_64+0xfa/0x3b0 [ 211.037893][ T9983] ? lockdep_hardirqs_on+0x9c/0x150 [ 211.037913][ T9983] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.037928][ T9983] ? clear_bhb_loop+0x60/0xb0 [ 211.037946][ T9983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.037959][ T9983] RIP: 0033:0x7f94b0f8e929 [ 211.037973][ T9983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.037985][ T9983] RSP: 002b:00007f94b1d1a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 211.038002][ T9983] RAX: ffffffffffffffda RBX: 00007f94b11b5fa0 RCX: 00007f94b0f8e929 [ 211.038012][ T9983] RDX: 0000000000000080 RSI: 0000200000000200 RDI: 0000000000000003 [ 211.038023][ T9983] RBP: 00007f94b1d1a090 R08: 0000000000000000 R09: 0000000000000000 [ 211.038034][ T9983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 211.038044][ T9983] R13: 0000000000000000 R14: 00007f94b11b5fa0 R15: 00007ffed0fd86c8 [ 211.038074][ T9983] [ 211.386783][ T9988] netlink: 32 bytes leftover after parsing attributes in process `syz.3.977'. [ 211.411856][ T9844] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.419070][ T9844] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.426603][ T9844] bridge_slave_0: entered allmulticast mode [ 211.434403][ T9844] bridge_slave_0: entered promiscuous mode [ 211.545342][ T9844] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.552594][ T9844] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.561517][ T9844] bridge_slave_1: entered allmulticast mode [ 211.569824][ T9844] bridge_slave_1: entered promiscuous mode [ 211.618355][ T9997] netlink: 4 bytes leftover after parsing attributes in process `syz.3.979'. [ 211.647957][ T4120] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.690458][ T9838] team0: Port device team_slave_0 added [ 211.758468][ T9836] hsr_slave_0: entered promiscuous mode [ 211.767485][ T9836] hsr_slave_1: entered promiscuous mode [ 211.776201][ T9836] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 211.783872][ T9836] Cannot create hsr debugfs directory [ 211.793623][ T9838] team0: Port device team_slave_1 added [ 211.803074][ T9844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 211.824636][ T9844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 211.947889][ T4120] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.963944][ T51] Bluetooth: hci0: command tx timeout [ 211.990580][T10005] veth1_macvtap: left promiscuous mode [ 212.005610][T10005] macsec0: entered promiscuous mode [ 212.011201][T10005] macsec0: entered allmulticast mode [ 212.114877][ T51] Bluetooth: hci2: command tx timeout [ 212.288133][ T9844] team0: Port device team_slave_0 added [ 212.299077][ T9844] team0: Port device team_slave_1 added [ 212.355685][ T9838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 212.374773][ T9838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 212.424015][ T9838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 212.434753][ T51] Bluetooth: hci4: command tx timeout [ 212.531164][ T9838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 212.555983][ T9838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 212.567108][T10033] netlink: 28 bytes leftover after parsing attributes in process `syz.0.986'. [ 212.591949][ T9838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 212.641061][ T9844] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 212.672596][ T9844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 212.676724][T10036] FAULT_INJECTION: forcing a failure. [ 212.676724][T10036] name failslab, interval 1, probability 0, space 0, times 0 [ 212.712814][T10036] CPU: 0 UID: 0 PID: 10036 Comm: syz.3.987 Not tainted 6.16.0-rc2-syzkaller-00177-g1fd26729e013 #0 PREEMPT(full) [ 212.712840][T10036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 212.712851][T10036] Call Trace: [ 212.712858][T10036] [ 212.712866][T10036] dump_stack_lvl+0x189/0x250 [ 212.712893][T10036] ? __pfx____ratelimit+0x10/0x10 [ 212.712917][T10036] ? __pfx_dump_stack_lvl+0x10/0x10 [ 212.712940][T10036] ? __pfx__printk+0x10/0x10 [ 212.712956][T10036] ? rcu_is_watching+0x15/0xb0 [ 212.712979][T10036] ? trace_contention_end+0x39/0x120 [ 212.712997][T10036] ? __mutex_lock+0x330/0xe80 [ 212.713041][T10036] should_fail_ex+0x414/0x560 [ 212.713068][T10036] should_failslab+0xa8/0x100 [ 212.713088][T10036] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 212.713106][T10036] ? nf_tables_dump_sets_start+0x49/0x90 [ 212.713130][T10036] kmemdup_noprof+0x2b/0x70 [ 212.713152][T10036] nf_tables_dump_sets_start+0x49/0x90 [ 212.713180][T10036] __netlink_dump_start+0x469/0x7e0 [ 212.713205][T10036] ? nft_netlink_dump_start_rcu+0xb6/0x1a0 [ 212.713229][T10036] nft_netlink_dump_start_rcu+0xdb/0x1a0 [ 212.713255][T10036] nf_tables_getset+0x599/0xa90 [ 212.713290][T10036] ? __pfx_nf_tables_getset+0x10/0x10 [ 212.713316][T10036] ? nfnl_pernet+0x23/0x240 [ 212.713338][T10036] ? __pfx_nf_tables_dump_sets_start+0x10/0x10 [ 212.713354][T10036] ? __pfx_nf_tables_dump_sets+0x10/0x10 [ 212.713367][T10036] ? __pfx_nf_tables_dump_sets_done+0x10/0x10 [ 212.713390][T10036] ? __nla_parse+0x40/0x60 [ 212.713411][T10036] ? __pfx_nf_tables_getset+0x10/0x10 [ 212.713434][T10036] nfnetlink_rcv_msg+0x80e/0x1130 [ 212.713455][T10036] ? nfnetlink_rcv_msg+0x20d/0x1130 [ 212.713497][T10036] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 212.713517][T10036] ? kasan_save_free_info+0x46/0x50 [ 212.713590][T10036] netlink_rcv_skb+0x205/0x470 [ 212.713610][T10036] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 212.713634][T10036] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 212.713666][T10036] ? bpf_lsm_capable+0x9/0x20 [ 212.713681][T10036] ? security_capable+0x7e/0x2e0 [ 212.713709][T10036] nfnetlink_rcv+0x26a/0x2520 [ 212.713736][T10036] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 212.713762][T10036] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 212.713790][T10036] ? __dev_queue_xmit+0x27e/0x3a70 [ 212.713811][T10036] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.713839][T10036] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 212.713861][T10036] ? __pfx___dev_queue_xmit+0x10/0x10 [ 212.713897][T10036] ? ref_tracker_free+0x63a/0x7d0 [ 212.713917][T10036] ? __copy_skb_header+0xa7/0x550 [ 212.713940][T10036] ? __pfx_ref_tracker_free+0x10/0x10 [ 212.713980][T10036] ? skb_clone+0x246/0x3a0 [ 212.714004][T10036] ? __netlink_deliver_tap+0x807/0x850 [ 212.714023][T10036] ? netlink_deliver_tap+0x2e/0x1b0 [ 212.714049][T10036] ? netlink_deliver_tap+0x2e/0x1b0 [ 212.714067][T10036] ? netlink_deliver_tap+0x2e/0x1b0 [ 212.714092][T10036] netlink_unicast+0x758/0x8d0 [ 212.714123][T10036] netlink_sendmsg+0x805/0xb30 [ 212.714152][T10036] ? __pfx_netlink_sendmsg+0x10/0x10 [ 212.714180][T10036] ? aa_sock_msg_perm+0x94/0x160 [ 212.714204][T10036] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 212.714224][T10036] ? __pfx_netlink_sendmsg+0x10/0x10 [ 212.714244][T10036] __sock_sendmsg+0x219/0x270 [ 212.714271][T10036] ____sys_sendmsg+0x505/0x830 [ 212.714298][T10036] ? __pfx_____sys_sendmsg+0x10/0x10 [ 212.714328][T10036] ? import_iovec+0x74/0xa0 [ 212.714350][T10036] ___sys_sendmsg+0x21f/0x2a0 [ 212.714373][T10036] ? __pfx____sys_sendmsg+0x10/0x10 [ 212.714431][T10036] ? __fget_files+0x2a/0x420 [ 212.714448][T10036] ? __fget_files+0x3a0/0x420 [ 212.714477][T10036] __x64_sys_sendmsg+0x19b/0x260 [ 212.714501][T10036] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 212.714532][T10036] ? __pfx_ksys_write+0x10/0x10 [ 212.714546][T10036] ? rcu_is_watching+0x15/0xb0 [ 212.714574][T10036] ? do_syscall_64+0xbe/0x3b0 [ 212.714595][T10036] do_syscall_64+0xfa/0x3b0 [ 212.714609][T10036] ? lockdep_hardirqs_on+0x9c/0x150 [ 212.714631][T10036] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.714647][T10036] ? clear_bhb_loop+0x60/0xb0 [ 212.714669][T10036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.714685][T10036] RIP: 0033:0x7f94b0f8e929 [ 212.714701][T10036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.714715][T10036] RSP: 002b:00007f94b1d1a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 212.714734][T10036] RAX: ffffffffffffffda RBX: 00007f94b11b5fa0 RCX: 00007f94b0f8e929 [ 212.714747][T10036] RDX: 0000000000000080 RSI: 0000200000000200 RDI: 0000000000000003 [ 212.714757][T10036] RBP: 00007f94b1d1a090 R08: 0000000000000000 R09: 0000000000000000 [ 212.714768][T10036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 212.714778][T10036] R13: 0000000000000000 R14: 00007f94b11b5fa0 R15: 00007ffed0fd86c8 [ 212.714809][T10036] [ 213.210244][ T9844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 213.227262][ T9844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 213.234781][ T9844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.261956][ T9844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 213.430622][T10043] netlink: 4 bytes leftover after parsing attributes in process `syz.3.989'. [ 213.562617][ T9838] hsr_slave_0: entered promiscuous mode [ 213.570379][ T9838] hsr_slave_1: entered promiscuous mode [ 213.583528][ T9838] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 213.600045][ T9838] Cannot create hsr debugfs directory [ 213.711620][ T9844] hsr_slave_0: entered promiscuous mode [ 213.727239][T10055] netlink: 4 bytes leftover after parsing attributes in process `syz.0.991'. [ 213.741775][ T9844] hsr_slave_1: entered promiscuous mode [ 213.765886][ T9844] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 213.773505][ T9844] Cannot create hsr debugfs directory [ 213.781100][T10057] netlink: 12 bytes leftover after parsing attributes in process `syz.0.991'. [ 214.033766][ T51] Bluetooth: hci0: command tx timeout [ 214.127658][ T4120] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.204493][ T51] Bluetooth: hci2: command tx timeout [ 214.246074][T10070] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.993'. [ 214.353587][ T4120] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.514759][ T51] Bluetooth: hci4: command tx timeout [ 214.524653][ T4120] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.536507][T10085] FAULT_INJECTION: forcing a failure. [ 214.536507][T10085] name failslab, interval 1, probability 0, space 0, times 0 [ 214.549389][T10085] CPU: 0 UID: 0 PID: 10085 Comm: syz.3.998 Not tainted 6.16.0-rc2-syzkaller-00177-g1fd26729e013 #0 PREEMPT(full) [ 214.549413][T10085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 214.549423][T10085] Call Trace: [ 214.549430][T10085] [ 214.549436][T10085] dump_stack_lvl+0x189/0x250 [ 214.549464][T10085] ? __pfx____ratelimit+0x10/0x10 [ 214.549487][T10085] ? __pfx_dump_stack_lvl+0x10/0x10 [ 214.549509][T10085] ? __pfx__printk+0x10/0x10 [ 214.549534][T10085] ? __pfx___might_resched+0x10/0x10 [ 214.549562][T10085] should_fail_ex+0x414/0x560 [ 214.549588][T10085] should_failslab+0xa8/0x100 [ 214.549608][T10085] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 214.549626][T10085] ? __alloc_skb+0x112/0x2d0 [ 214.549650][T10085] __alloc_skb+0x112/0x2d0 [ 214.549672][T10085] netlink_dump+0x22b/0xe20 [ 214.549705][T10085] ? __pfx_netlink_dump+0x10/0x10 [ 214.549747][T10085] __netlink_dump_start+0x5cb/0x7e0 [ 214.549772][T10085] ? nft_netlink_dump_start_rcu+0xb6/0x1a0 [ 214.549796][T10085] nft_netlink_dump_start_rcu+0xdb/0x1a0 [ 214.549822][T10085] nf_tables_getset+0x599/0xa90 [ 214.549856][T10085] ? __pfx_nf_tables_getset+0x10/0x10 [ 214.549882][T10085] ? nfnl_pernet+0x23/0x240 [ 214.549904][T10085] ? __pfx_nf_tables_dump_sets_start+0x10/0x10 [ 214.549920][T10085] ? __pfx_nf_tables_dump_sets+0x10/0x10 [ 214.549935][T10085] ? __pfx_nf_tables_dump_sets_done+0x10/0x10 [ 214.549969][T10085] ? __nla_parse+0x40/0x60 [ 214.549991][T10085] ? __pfx_nf_tables_getset+0x10/0x10 [ 214.550014][T10085] nfnetlink_rcv_msg+0x80e/0x1130 [ 214.550038][T10085] ? nfnetlink_rcv_msg+0x20d/0x1130 [ 214.550079][T10085] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 214.550099][T10085] ? kasan_save_free_info+0x46/0x50 [ 214.550174][T10085] netlink_rcv_skb+0x205/0x470 [ 214.550194][T10085] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 214.550222][T10085] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 214.550255][T10085] ? bpf_lsm_capable+0x9/0x20 [ 214.550270][T10085] ? security_capable+0x7e/0x2e0 [ 214.550299][T10085] nfnetlink_rcv+0x26a/0x2520 [ 214.550336][T10085] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 214.550363][T10085] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 214.550390][T10085] ? __dev_queue_xmit+0x27e/0x3a70 [ 214.550412][T10085] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.550441][T10085] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 214.550463][T10085] ? __pfx___dev_queue_xmit+0x10/0x10 [ 214.550499][T10085] ? ref_tracker_free+0x63a/0x7d0 [ 214.550518][T10085] ? __copy_skb_header+0xa7/0x550 [ 214.550541][T10085] ? __pfx_ref_tracker_free+0x10/0x10 [ 214.550581][T10085] ? skb_clone+0x246/0x3a0 [ 214.550605][T10085] ? __netlink_deliver_tap+0x807/0x850 [ 214.550624][T10085] ? netlink_deliver_tap+0x2e/0x1b0 [ 214.550650][T10085] ? netlink_deliver_tap+0x2e/0x1b0 [ 214.550669][T10085] ? netlink_deliver_tap+0x2e/0x1b0 [ 214.550694][T10085] netlink_unicast+0x758/0x8d0 [ 214.550724][T10085] netlink_sendmsg+0x805/0xb30 [ 214.550754][T10085] ? __pfx_netlink_sendmsg+0x10/0x10 [ 214.550774][T10085] ? aa_sock_msg_perm+0x94/0x160 [ 214.550794][T10085] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 214.550811][T10085] ? __pfx_netlink_sendmsg+0x10/0x10 [ 214.550828][T10085] __sock_sendmsg+0x219/0x270 [ 214.550853][T10085] ____sys_sendmsg+0x505/0x830 [ 214.550875][T10085] ? __pfx_____sys_sendmsg+0x10/0x10 [ 214.550902][T10085] ? import_iovec+0x74/0xa0 [ 214.550922][T10085] ___sys_sendmsg+0x21f/0x2a0 [ 214.550941][T10085] ? __pfx____sys_sendmsg+0x10/0x10 [ 214.551001][T10085] ? __fget_files+0x2a/0x420 [ 214.551018][T10085] ? __fget_files+0x3a0/0x420 [ 214.551045][T10085] __x64_sys_sendmsg+0x19b/0x260 [ 214.551066][T10085] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 214.551096][T10085] ? __pfx_ksys_write+0x10/0x10 [ 214.551111][T10085] ? rcu_is_watching+0x15/0xb0 [ 214.551136][T10085] ? do_syscall_64+0xbe/0x3b0 [ 214.551155][T10085] do_syscall_64+0xfa/0x3b0 [ 214.551168][T10085] ? lockdep_hardirqs_on+0x9c/0x150 [ 214.551189][T10085] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.551202][T10085] ? clear_bhb_loop+0x60/0xb0 [ 214.551220][T10085] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 214.551235][T10085] RIP: 0033:0x7f94b0f8e929 [ 214.551250][T10085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 214.551262][T10085] RSP: 002b:00007f94b1d1a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 214.551278][T10085] RAX: ffffffffffffffda RBX: 00007f94b11b5fa0 RCX: 00007f94b0f8e929 [ 214.551288][T10085] RDX: 0000000000000080 RSI: 0000200000000200 RDI: 0000000000000003 [ 214.551298][T10085] RBP: 00007f94b1d1a090 R08: 0000000000000000 R09: 0000000000000000 [ 214.551308][T10085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 214.551316][T10085] R13: 0000000000000000 R14: 00007f94b11b5fa0 R15: 00007ffed0fd86c8 [ 214.551341][T10085] [ 215.083415][ T4120] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.417577][T10102] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1001'. [ 215.515505][T10108] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1002'. [ 215.915350][ T4120] bridge_slave_1: left allmulticast mode [ 215.921045][ T4120] bridge_slave_1: left promiscuous mode [ 215.951188][ T4120] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.988007][ T4120] bridge_slave_0: left allmulticast mode [ 215.994388][T10120] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1004'. [ 215.998355][ T4120] bridge_slave_0: left promiscuous mode [ 216.013407][ T4120] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.031982][ T4120] bridge_slave_1: left allmulticast mode [ 216.052050][T10125] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1004'. [ 216.061319][ T4120] bridge_slave_1: left promiscuous mode [ 216.069247][ T4120] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.084932][ T4120] bridge_slave_0: left allmulticast mode [ 216.090628][ T4120] bridge_slave_0: left promiscuous mode [ 216.113954][ T4120] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.210447][T10131] netlink: 'syz.3.1007': attribute type 1 has an invalid length. [ 216.551236][ T4120] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 216.562760][ T4120] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 216.573292][ T4120] bond0 (unregistering): Released all slaves [ 216.859908][ T4120] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 216.871751][ T4120] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 216.882132][ T4120] bond0 (unregistering): Released all slaves [ 216.923768][T10131] lo: left allmulticast mode [ 216.928600][T10131] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 217.017431][T10135] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1008'. [ 217.415460][T10150] tipc: Enabled bearer , priority 0 [ 217.522737][T10148] ªªªªª»: renamed from veth1_to_team (while UP) [ 217.548053][T10148] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1011'. [ 217.571571][T10147] tipc: Disabling bearer [ 217.709828][ T9844] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 217.742316][ T9844] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 217.811767][ T4120] hsr_slave_0: left promiscuous mode [ 217.820665][ T4120] hsr_slave_1: left promiscuous mode [ 217.854689][ T4120] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 217.862472][ T4120] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 217.892749][ T4120] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 217.905333][ T4120] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 217.934041][ T4120] hsr_slave_0: left promiscuous mode [ 217.957407][ T4120] hsr_slave_1: left promiscuous mode [ 217.963517][ T4120] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 217.976663][ T4120] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 217.987908][ T4120] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 218.000388][ T4120] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 218.045632][ T4120] veth1_macvtap: left promiscuous mode [ 218.051195][ T4120] veth0_macvtap: left promiscuous mode [ 218.056928][ T4120] veth1_vlan: left promiscuous mode [ 218.062218][ T4120] veth0_vlan: left promiscuous mode [ 218.069677][ T4120] veth1_macvtap: left promiscuous mode [ 218.075515][ T4120] veth0_macvtap: left promiscuous mode [ 218.081100][ T4120] veth1_vlan: left promiscuous mode [ 218.086500][ T4120] veth0_vlan: left promiscuous mode [ 218.587987][ T4120] team0 (unregistering): Port device team_slave_1 removed [ 218.626138][ T4120] team0 (unregistering): Port device team_slave_0 removed [ 219.308844][ T4120] team0 (unregistering): Port device team_slave_1 removed [ 219.345104][ T4120] team0 (unregistering): Port device team_slave_0 removed [ 219.725639][ T9844] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 219.922033][ T9844] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 220.056733][T10183] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1018'. [ 220.078383][T10183] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1018'. [ 220.273030][T10189] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1019'. [ 220.498084][ T9838] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 220.545064][ T9844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.599894][ T9838] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 220.633235][ T9838] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 220.727403][ T9838] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 220.848038][ T9844] 8021q: adding VLAN 0 to HW filter on device team0 [ 221.016576][ T9836] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 221.040170][ T9836] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 221.080686][ T9836] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 221.092776][T10220] netlink: 'syz.3.1023': attribute type 1 has an invalid length. [ 221.109104][ T1321] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.116325][ T1321] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.161990][ T9836] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 221.176115][T10224] FAULT_INJECTION: forcing a failure. [ 221.176115][T10224] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 221.197422][T10224] CPU: 0 UID: 0 PID: 10224 Comm: syz.3.1023 Not tainted 6.16.0-rc2-syzkaller-00177-g1fd26729e013 #0 PREEMPT(full) [ 221.197449][T10224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 221.197460][T10224] Call Trace: [ 221.197467][T10224] [ 221.197474][T10224] dump_stack_lvl+0x189/0x250 [ 221.197503][T10224] ? __pfx____ratelimit+0x10/0x10 [ 221.197527][T10224] ? __pfx_dump_stack_lvl+0x10/0x10 [ 221.197548][T10224] ? __pfx__printk+0x10/0x10 [ 221.197563][T10224] ? __might_fault+0xb0/0x130 [ 221.197588][T10224] should_fail_ex+0x414/0x560 [ 221.197610][T10224] _copy_from_iter+0x1db/0x16f0 [ 221.197636][T10224] ? rcu_is_watching+0x15/0xb0 [ 221.197657][T10224] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 221.197673][T10224] ? __pfx__copy_from_iter+0x10/0x10 [ 221.197693][T10224] ? __build_skb_around+0x257/0x3e0 [ 221.197714][T10224] ? netlink_sendmsg+0x642/0xb30 [ 221.197730][T10224] ? skb_put+0x11b/0x210 [ 221.197750][T10224] netlink_sendmsg+0x6b2/0xb30 [ 221.197775][T10224] ? __pfx_netlink_sendmsg+0x10/0x10 [ 221.197797][T10224] ? aa_sock_msg_perm+0x94/0x160 [ 221.197819][T10224] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 221.197837][T10224] ? __pfx_netlink_sendmsg+0x10/0x10 [ 221.197856][T10224] __sock_sendmsg+0x219/0x270 [ 221.197882][T10224] ____sys_sendmsg+0x505/0x830 [ 221.197908][T10224] ? __pfx_____sys_sendmsg+0x10/0x10 [ 221.197936][T10224] ? import_iovec+0x74/0xa0 [ 221.197956][T10224] ___sys_sendmsg+0x21f/0x2a0 [ 221.197978][T10224] ? __pfx____sys_sendmsg+0x10/0x10 [ 221.198034][T10224] ? __fget_files+0x2a/0x420 [ 221.198051][T10224] ? __fget_files+0x3a0/0x420 [ 221.198079][T10224] __x64_sys_sendmsg+0x19b/0x260 [ 221.198102][T10224] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 221.198132][T10224] ? __pfx_ksys_write+0x10/0x10 [ 221.198146][T10224] ? rcu_is_watching+0x15/0xb0 [ 221.198172][T10224] ? do_syscall_64+0xbe/0x3b0 [ 221.198193][T10224] do_syscall_64+0xfa/0x3b0 [ 221.198207][T10224] ? lockdep_hardirqs_on+0x9c/0x150 [ 221.198229][T10224] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.198243][T10224] ? clear_bhb_loop+0x60/0xb0 [ 221.198262][T10224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.198278][T10224] RIP: 0033:0x7f94b0f8e929 [ 221.198294][T10224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 221.198307][T10224] RSP: 002b:00007f94aedf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 221.198326][T10224] RAX: ffffffffffffffda RBX: 00007f94b11b6080 RCX: 00007f94b0f8e929 [ 221.198338][T10224] RDX: 000000000000c0b0 RSI: 0000200000000280 RDI: 0000000000000004 [ 221.198355][T10224] RBP: 00007f94aedf6090 R08: 0000000000000000 R09: 0000000000000000 [ 221.198366][T10224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 221.198376][T10224] R13: 0000000000000000 R14: 00007f94b11b6080 R15: 00007ffed0fd86c8 [ 221.198402][T10224] [ 221.539674][T10220] bond4: entered promiscuous mode [ 221.548339][T10220] 8021q: adding VLAN 0 to HW filter on device bond4 [ 221.599577][ T1321] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.606854][ T1321] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.689945][T10235] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1027'. [ 222.199511][ T9838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.290734][ T9838] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.376820][ T4120] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.384036][ T4120] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.426808][ T4120] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.434015][ T4120] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.465967][ T9844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 222.511724][ T9836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.640349][ T9836] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.697602][ T9838] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 222.723416][ T165] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.730668][ T165] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.760737][ T165] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.768005][ T165] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.979174][ T9836] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 223.428751][T10315] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1043'. [ 223.479606][T10315] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1043'. [ 223.492817][ T9838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 223.543467][ T9844] veth0_vlan: entered promiscuous mode [ 223.613164][ T9844] veth1_vlan: entered promiscuous mode [ 223.637024][ T9836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 223.639540][T10320] netlink: 'syz.0.1044': attribute type 1 has an invalid length. [ 223.710001][T10320] bond4: entered promiscuous mode [ 223.716953][T10320] 8021q: adding VLAN 0 to HW filter on device bond4 [ 223.808894][T10320] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 223.815397][T10320] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 223.876462][ T9844] veth0_macvtap: entered promiscuous mode [ 223.884558][T10320] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 223.891048][T10320] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 223.912160][ T9838] veth0_vlan: entered promiscuous mode [ 223.922193][T10320] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 223.928704][T10320] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 223.950474][ T9844] veth1_macvtap: entered promiscuous mode [ 223.970046][ T9838] veth1_vlan: entered promiscuous mode [ 223.975902][T10320] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 223.983092][T10320] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 223.993507][T10320] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 224.000012][T10320] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 224.112270][T10331] 8021q: adding VLAN 0 to HW filter on device bond4 [ 224.125373][T10331] bond4: (slave wireguard0): The slave device specified does not support setting the MAC address [ 224.138813][T10331] bond4: (slave wireguard0): Setting fail_over_mac to active for active-backup mode [ 224.157519][T10331] bond4: (slave wireguard0): making interface the new active one [ 224.165563][T10331] wireguard0: entered promiscuous mode [ 224.172461][T10331] bond4: (slave wireguard0): Enslaving as an active interface with an up link [ 224.188285][ T9836] veth0_vlan: entered promiscuous mode [ 224.263227][ T9836] veth1_vlan: entered promiscuous mode [ 224.300294][ T9844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 224.337768][ T9844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 224.388817][ T9844] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.398386][ T9844] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.410945][ T9844] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.422280][ T9844] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.515364][ T9838] veth0_macvtap: entered promiscuous mode [ 224.563111][ T9836] veth0_macvtap: entered promiscuous mode [ 224.587227][ T9838] veth1_macvtap: entered promiscuous mode [ 224.600714][T10349] netlink: 'syz.0.1048': attribute type 1 has an invalid length. [ 224.612737][ T9836] veth1_macvtap: entered promiscuous mode [ 224.692106][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.718182][ T9836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 224.730026][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.755560][ T9838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 224.782958][ T9836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 224.825464][ T9838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 224.877106][ T9838] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.887796][ T1321] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 224.903406][ T9838] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.912404][ T1321] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 224.931445][ T9838] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.940637][ T9838] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.982649][ T9836] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.013770][ T9836] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.032774][ T9836] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.050066][ T9836] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.379979][ T165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.400958][ T165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.491966][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.510301][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.550881][ T1321] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.630204][ T8791] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.672909][ T8791] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.702188][ T165] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.722251][ T165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.739311][ T1321] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.908383][ T1321] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.055692][ T1321] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.358538][ T1321] bridge_slave_1: left allmulticast mode [ 226.388907][ T1321] bridge_slave_1: left promiscuous mode [ 226.397598][ T1321] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.431722][ T1321] bridge_slave_0: left allmulticast mode [ 226.453830][ T1321] bridge_slave_0: left promiscuous mode [ 226.459649][ T1321] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.715972][T10394] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1055'. [ 226.759449][T10394] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1055'. [ 227.126041][ T5853] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 227.135870][ T5853] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 227.144603][ T5853] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 227.160809][ T5853] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 227.173321][ T5853] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 227.252632][ T1321] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 227.264165][ T1321] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 227.274631][ T1321] bond0 (unregistering): Released all slaves [ 227.603769][ T1321] hsr_slave_0: left promiscuous mode [ 227.609994][ T1321] hsr_slave_1: left promiscuous mode [ 227.618097][ T1321] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 227.631961][ T1321] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 227.645501][ T1321] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 227.652985][ T1321] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 227.687147][ T1321] veth1_macvtap: left promiscuous mode [ 227.692756][ T1321] veth0_macvtap: left promiscuous mode [ 227.698934][ T1321] veth1_vlan: left promiscuous mode [ 227.705225][ T1321] veth0_vlan: left promiscuous mode [ 228.108660][T10425] netlink: 'syz.3.1056': attribute type 10 has an invalid length. [ 228.255233][T10428] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1058'. [ 228.410921][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 228.431910][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 228.455960][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 228.472728][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 228.481752][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 228.555071][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 228.571237][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 228.585692][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 228.603622][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 228.621010][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 228.751057][ T1321] team0 (unregistering): Port device team_slave_1 removed [ 228.798389][ T1321] team0 (unregistering): Port device team_slave_0 removed [ 229.219559][T10421] batman_adv: batadv0: Removing interface: team0 [ 229.232634][T10421] bond0: (slave bond_slave_0): Releasing backup interface [ 229.239907][ T51] Bluetooth: hci0: command tx timeout [ 229.260378][T10421] bond0: (slave bond_slave_1): Releasing backup interface [ 229.276625][T10421] team0: Port device C removed [ 229.290728][T10421] team0: Port device team_slave_1 removed [ 229.297056][T10421] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 229.304923][T10421] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 229.313334][T10421] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 229.321911][T10421] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 229.339241][T10421] team0: Port device geneve0 removed [ 229.346315][T10421] bond0: (slave netdevsim0): Releasing backup interface [ 229.363255][T10421] bond1: (slave wireguard0): Releasing backup interface [ 229.370310][T10421] wireguard0: left promiscuous mode [ 229.389836][T10425] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.401290][T10425] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 229.424619][T10426] bond0: (slave wlan1): Releasing backup interface [ 229.907851][T10452] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1063'. [ 229.928947][T10397] chnl_net:caif_netlink_parms(): no params data found [ 229.953062][T10453] net_ratelimit: 67 callbacks suppressed [ 229.953080][T10453] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 230.276202][T10470] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1066'. [ 230.351228][T10475] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1067'. [ 230.373584][T10475] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1067'. [ 230.396818][T10470] geneve2: entered promiscuous mode [ 230.513893][ T51] Bluetooth: hci2: command tx timeout [ 230.527447][T10397] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.550908][T10397] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.563378][T10397] bridge_slave_0: entered allmulticast mode [ 230.582674][T10397] bridge_slave_0: entered promiscuous mode [ 230.583283][T10485] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1069'. [ 230.656965][T10489] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1069'. [ 230.673894][ T51] Bluetooth: hci4: command tx timeout [ 230.698526][T10397] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.706060][T10397] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.713306][T10397] bridge_slave_1: entered allmulticast mode [ 230.721128][T10397] bridge_slave_1: entered promiscuous mode [ 230.746266][T10485] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1069'. [ 230.759409][ T1321] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.949950][ T1321] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.009339][T10429] chnl_net:caif_netlink_parms(): no params data found [ 231.032821][T10431] chnl_net:caif_netlink_parms(): no params data found [ 231.059204][T10397] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 231.083996][T10397] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 231.207303][T10489] infiniband syz0: set active [ 231.214406][T10489] infiniband syz0: added bond_slave_0 [ 231.268720][T10489] RDS/IB: syz0: added [ 231.286531][T10489] smc: adding ib device syz0 with port count 1 [ 231.294417][T10489] smc: ib device syz0 port 1 has pnetid [ 231.324754][ T1321] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.326093][ T51] Bluetooth: hci0: command tx timeout [ 231.372931][T10397] team0: Port device team_slave_0 added [ 231.464474][ T1321] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.480192][T10397] team0: Port device team_slave_1 added [ 231.574462][T10397] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 231.581471][T10397] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 231.608025][T10397] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 231.622269][T10397] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 231.630415][T10397] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 231.657081][T10397] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 231.790488][T10431] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.803939][T10431] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.827785][T10431] bridge_slave_0: entered allmulticast mode [ 231.846098][T10431] bridge_slave_0: entered promiscuous mode [ 231.979302][T10431] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.004363][T10431] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.011746][T10431] bridge_slave_1: entered allmulticast mode [ 232.032811][T10431] bridge_slave_1: entered promiscuous mode [ 232.040346][T10429] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.048128][T10429] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.055696][T10429] bridge_slave_0: entered allmulticast mode [ 232.063487][T10429] bridge_slave_0: entered promiscuous mode [ 232.072482][T10429] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.080058][T10429] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.087732][T10429] bridge_slave_1: entered allmulticast mode [ 232.095925][T10429] bridge_slave_1: entered promiscuous mode [ 232.309333][T10397] hsr_slave_0: entered promiscuous mode [ 232.334522][T10397] hsr_slave_1: entered promiscuous mode [ 232.346610][T10431] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 232.388462][T10431] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 232.416694][T10429] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 232.522213][T10526] netlink: 'syz.3.1074': attribute type 75 has an invalid length. [ 232.595626][ T51] Bluetooth: hci2: command tx timeout [ 232.606272][T10429] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 232.754224][ T51] Bluetooth: hci4: command tx timeout [ 232.762134][ T1321] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.820533][T10431] team0: Port device team_slave_0 added [ 232.931078][T10431] team0: Port device team_slave_1 added [ 233.013133][ T1321] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 233.118912][T10429] team0: Port device team_slave_0 added [ 233.146348][T10429] team0: Port device team_slave_1 added [ 233.282323][T10544] __nla_validate_parse: 1 callbacks suppressed [ 233.282341][T10544] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1076'. [ 233.372399][ T1321] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 233.394218][ T51] Bluetooth: hci0: command tx timeout [ 233.535417][T10429] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 233.542416][T10429] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 233.606347][T10552] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1077'. [ 233.610030][T10429] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 233.640749][T10431] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 233.655988][T10431] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 233.716350][T10431] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 233.774939][T10429] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 233.789725][T10429] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 233.849715][T10429] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 233.914435][ T1321] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 233.949404][T10431] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 233.970871][T10431] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.011734][T10431] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 234.227105][T10564] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1078'. [ 234.236177][T10564] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1078'. [ 234.260336][T10429] hsr_slave_0: entered promiscuous mode [ 234.273088][T10429] hsr_slave_1: entered promiscuous mode [ 234.290895][T10429] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 234.323794][T10429] Cannot create hsr debugfs directory [ 234.532801][T10431] hsr_slave_0: entered promiscuous mode [ 234.547684][T10431] hsr_slave_1: entered promiscuous mode [ 234.566609][T10431] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 234.584931][T10431] Cannot create hsr debugfs directory [ 234.686526][ T51] Bluetooth: hci2: command tx timeout [ 234.837035][ T51] Bluetooth: hci4: command tx timeout [ 235.259355][ T1321] bridge_slave_1: left allmulticast mode [ 235.268091][ T1321] bridge_slave_1: left promiscuous mode [ 235.290650][ T1321] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.319648][ T1321] bridge_slave_0: left allmulticast mode [ 235.339262][ T1321] bridge_slave_0: left promiscuous mode [ 235.353991][ T1321] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.366061][ T1321] bridge_slave_1: left allmulticast mode [ 235.382015][ T1321] bridge_slave_1: left promiscuous mode [ 235.392374][ T1321] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.408366][ T1321] bridge_slave_0: left allmulticast mode [ 235.414222][ T1321] bridge_slave_0: left promiscuous mode [ 235.420084][ T1321] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.489638][ T51] Bluetooth: hci0: command tx timeout [ 235.933160][ T1321] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 235.947765][ T1321] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 235.958102][ T1321] bond0 (unregistering): Released all slaves [ 236.249942][ T1321] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 236.260973][ T1321] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 236.271534][ T1321] bond0 (unregistering): Released all slaves [ 236.332595][T10581] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 236.608693][T10588] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1081'. [ 236.758610][ T51] Bluetooth: hci2: command tx timeout [ 236.843998][T10592] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1083'. [ 236.882093][T10397] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 236.915546][ T51] Bluetooth: hci4: command tx timeout [ 236.970813][T10397] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 237.182456][T10397] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 237.215398][T10397] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 237.695951][T10627] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1089'. [ 237.714769][T10627] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1089'. [ 237.769920][T10397] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.958134][T10397] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.150521][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.157741][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 238.350810][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.358039][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.369566][T10644] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.1094'. [ 238.390874][ T1321] hsr_slave_0: left promiscuous mode [ 238.398685][ T1321] hsr_slave_1: left promiscuous mode [ 238.409191][ T1321] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 238.418929][ T1321] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 238.426956][ T1321] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 238.436232][ T1321] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 238.448735][ T1321] hsr_slave_0: left promiscuous mode [ 238.454106][T10648] openvswitch: netlink: Flow actions attr not present in new flow. [ 238.463067][ T1321] hsr_slave_1: left promiscuous mode [ 238.469357][ T1321] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 238.477112][ T1321] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 238.485925][ T1321] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 238.493457][ T1321] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 238.525603][ T1321] veth1_macvtap: left promiscuous mode [ 238.531149][ T1321] veth0_macvtap: left promiscuous mode [ 238.537156][ T1321] veth1_vlan: left promiscuous mode [ 238.542449][ T1321] veth0_vlan: left promiscuous mode [ 238.549356][ T1321] veth1_macvtap: left promiscuous mode [ 238.555341][ T1321] veth0_macvtap: left promiscuous mode [ 238.561006][ T1321] veth1_vlan: left promiscuous mode [ 238.566952][ T1321] veth0_vlan: left promiscuous mode [ 239.072952][ T1321] team0 (unregistering): Port device team_slave_1 removed [ 239.117302][ T1321] team0 (unregistering): Port device team_slave_0 removed [ 239.803318][ T1321] team0 (unregistering): Port device team_slave_1 removed [ 239.841077][ T1321] team0 (unregistering): Port device team_slave_0 removed [ 240.355556][T10652] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1097'. [ 240.460416][T10397] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 240.605749][T10660] netlink: 'syz.3.1098': attribute type 1 has an invalid length. [ 240.719018][T10429] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 240.753318][T10663] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1100'. [ 240.775864][T10429] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 240.806149][T10663] FAULT_INJECTION: forcing a failure. [ 240.806149][T10663] name failslab, interval 1, probability 0, space 0, times 0 [ 240.852433][T10663] CPU: 0 UID: 0 PID: 10663 Comm: syz.0.1100 Not tainted 6.16.0-rc2-syzkaller-00177-g1fd26729e013 #0 PREEMPT(full) [ 240.852458][T10663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 240.852468][T10663] Call Trace: [ 240.852475][T10663] [ 240.852483][T10663] dump_stack_lvl+0x189/0x250 [ 240.852512][T10663] ? __pfx____ratelimit+0x10/0x10 [ 240.852535][T10663] ? __pfx_dump_stack_lvl+0x10/0x10 [ 240.852557][T10663] ? __pfx__printk+0x10/0x10 [ 240.852580][T10663] ? __pfx___might_resched+0x10/0x10 [ 240.852618][T10663] ? fs_reclaim_acquire+0x7d/0x100 [ 240.852639][T10663] should_fail_ex+0x414/0x560 [ 240.852661][T10663] ? rhashtable_init_noprof+0x4ee/0xbb0 [ 240.852681][T10663] should_failslab+0xa8/0x100 [ 240.852699][T10663] __kvmalloc_node_noprof+0x161/0x5f0 [ 240.852717][T10663] ? rhashtable_init_noprof+0x4ee/0xbb0 [ 240.852743][T10663] rhashtable_init_noprof+0x4ee/0xbb0 [ 240.852771][T10663] rhltable_init_noprof+0x1e/0x60 [ 240.852795][T10663] sta_info_init+0x28/0x130 [ 240.852815][T10663] ieee80211_alloc_hw_nm+0x7f0/0x1f20 [ 240.852837][T10663] ? __pfx_ieee80211_emulate_add_chanctx+0x10/0x10 [ 240.852866][T10663] mac80211_hwsim_new_radio+0x1ee/0x5340 [ 240.852892][T10663] ? __pfx____ratelimit+0x10/0x10 [ 240.852918][T10663] ? __pfx__printk+0x10/0x10 [ 240.852934][T10663] ? ___sys_sendmsg+0x21f/0x2a0 [ 240.852961][T10663] ? rcu_is_watching+0x15/0xb0 [ 240.852984][T10663] ? do_trace_netlink_extack+0x7e/0x1d0 [ 240.853002][T10663] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 240.853016][T10663] ? __nla_validate_parse+0x251c/0x2d40 [ 240.853036][T10663] ? __sock_sendmsg+0x219/0x270 [ 240.853054][T10663] ? ____sys_sendmsg+0x505/0x830 [ 240.853081][T10663] hwsim_new_radio_nl+0xea4/0x1b10 [ 240.853098][T10663] ? __pfx___nla_validate_parse+0x10/0x10 [ 240.853130][T10663] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 240.853147][T10663] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 240.853174][T10663] ? __nla_parse+0x40/0x60 [ 240.853195][T10663] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 240.853221][T10663] genl_family_rcv_msg_doit+0x212/0x300 [ 240.853247][T10663] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 240.853277][T10663] ? bpf_lsm_capable+0x9/0x20 [ 240.853290][T10663] ? security_capable+0x7e/0x2e0 [ 240.853313][T10663] genl_rcv_msg+0x60e/0x790 [ 240.853338][T10663] ? __pfx_genl_rcv_msg+0x10/0x10 [ 240.853355][T10663] ? ref_tracker_free+0x63a/0x7d0 [ 240.853372][T10663] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 240.853387][T10663] ? __pfx_ref_tracker_free+0x10/0x10 [ 240.853414][T10663] netlink_rcv_skb+0x205/0x470 [ 240.853431][T10663] ? __pfx_genl_rcv_msg+0x10/0x10 [ 240.853451][T10663] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 240.853484][T10663] ? down_read+0x1ad/0x2e0 [ 240.853501][T10663] genl_rcv+0x28/0x40 [ 240.853518][T10663] netlink_unicast+0x758/0x8d0 [ 240.853544][T10663] netlink_sendmsg+0x805/0xb30 [ 240.853569][T10663] ? __pfx_netlink_sendmsg+0x10/0x10 [ 240.853595][T10663] ? aa_sock_msg_perm+0x94/0x160 [ 240.853615][T10663] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 240.853632][T10663] ? __pfx_netlink_sendmsg+0x10/0x10 [ 240.853652][T10663] __sock_sendmsg+0x219/0x270 [ 240.853676][T10663] ____sys_sendmsg+0x505/0x830 [ 240.853700][T10663] ? __pfx_____sys_sendmsg+0x10/0x10 [ 240.853727][T10663] ? import_iovec+0x74/0xa0 [ 240.853745][T10663] ___sys_sendmsg+0x21f/0x2a0 [ 240.853765][T10663] ? __pfx____sys_sendmsg+0x10/0x10 [ 240.853818][T10663] ? __fget_files+0x2a/0x420 [ 240.853832][T10663] ? __fget_files+0x3a0/0x420 [ 240.853857][T10663] __x64_sys_sendmsg+0x19b/0x260 [ 240.853877][T10663] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 240.853905][T10663] ? __pfx_ksys_write+0x10/0x10 [ 240.853916][T10663] ? rcu_is_watching+0x15/0xb0 [ 240.853941][T10663] ? do_syscall_64+0xbe/0x3b0 [ 240.853960][T10663] do_syscall_64+0xfa/0x3b0 [ 240.853971][T10663] ? lockdep_hardirqs_on+0x9c/0x150 [ 240.853991][T10663] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.854005][T10663] ? clear_bhb_loop+0x60/0xb0 [ 240.854023][T10663] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.854037][T10663] RIP: 0033:0x7fa64698e929 [ 240.854052][T10663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 240.854064][T10663] RSP: 002b:00007fa647856038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 240.854081][T10663] RAX: ffffffffffffffda RBX: 00007fa646bb5fa0 RCX: 00007fa64698e929 [ 240.854092][T10663] RDX: 0000000020008010 RSI: 0000200000000140 RDI: 0000000000000004 [ 240.854102][T10663] RBP: 00007fa647856090 R08: 0000000000000000 R09: 0000000000000000 [ 240.854111][T10663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 240.854119][T10663] R13: 0000000000000000 R14: 00007fa646bb5fa0 R15: 00007ffe99941c68 [ 240.854146][T10663] [ 241.349978][T10429] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 241.358820][T10667] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1102'. [ 241.370553][T10667] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1102'. [ 241.372010][T10429] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 241.564814][T10397] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 241.709379][T10431] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 241.755861][T10431] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 241.841181][T10431] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 241.900107][T10431] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 242.047906][T10429] 8021q: adding VLAN 0 to HW filter on device bond0 [ 242.128052][T10429] 8021q: adding VLAN 0 to HW filter on device team0 [ 242.178820][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.186064][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 242.241941][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.249129][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 242.378690][T10431] 8021q: adding VLAN 0 to HW filter on device bond0 [ 242.446586][T10397] veth0_vlan: entered promiscuous mode [ 242.471482][T10431] 8021q: adding VLAN 0 to HW filter on device team0 [ 242.513393][ T1321] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.520629][ T1321] bridge0: port 1(bridge_slave_0) entered forwarding state [ 242.541483][T10397] veth1_vlan: entered promiscuous mode [ 242.571682][ T1321] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.578917][ T1321] bridge0: port 2(bridge_slave_1) entered forwarding state [ 242.838080][T10732] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1113'. [ 242.840704][T10397] veth0_macvtap: entered promiscuous mode [ 242.866830][T10732] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1113'. [ 242.915545][T10397] veth1_macvtap: entered promiscuous mode [ 242.982514][T10397] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 243.056427][T10397] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 243.112751][T10429] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 243.143218][T10397] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.158490][T10397] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.170876][T10397] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.184769][T10397] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.212166][T10742] netlink: 'syz.0.1116': attribute type 1 has an invalid length. [ 243.261346][T10742] bond5: entered promiscuous mode [ 243.267573][T10742] 8021q: adding VLAN 0 to HW filter on device bond5 [ 243.353483][T10742] 8021q: adding VLAN 0 to HW filter on device bond5 [ 243.360958][T10742] bond5: (slave wireguard2): The slave device specified does not support setting the MAC address [ 243.373807][T10742] bond5: (slave wireguard2): Setting fail_over_mac to active for active-backup mode [ 243.388386][T10742] bond5: (slave wireguard2): making interface the new active one [ 243.398093][T10742] wireguard2: entered promiscuous mode [ 243.405925][T10742] bond5: (slave wireguard2): Enslaving as an active interface with an up link [ 243.570150][T10429] veth0_vlan: entered promiscuous mode [ 243.588241][T10431] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 243.624717][T10429] veth1_vlan: entered promiscuous mode [ 243.635881][T10757] netlink: 'syz.3.1120': attribute type 1 has an invalid length. [ 243.659520][T10757] netlink: 228 bytes leftover after parsing attributes in process `syz.3.1120'. [ 243.670329][T10757] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1120'. [ 243.674881][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.692124][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.792652][T10429] veth0_macvtap: entered promiscuous mode [ 243.812213][ T8791] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.818897][T10429] veth1_macvtap: entered promiscuous mode [ 243.836617][ T8791] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.899989][T10429] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 243.936274][T10429] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 243.950827][T10429] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.964993][T10429] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.974760][T10429] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.983469][T10429] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.025904][T10431] veth0_vlan: entered promiscuous mode [ 244.076066][T10431] veth1_vlan: entered promiscuous mode [ 244.131639][T10767] netlink: 'syz.0.1124': attribute type 1 has an invalid length. [ 244.173361][T10767] bond6: entered promiscuous mode [ 244.179603][T10767] 8021q: adding VLAN 0 to HW filter on device bond6 [ 244.249819][ T1149] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.277931][T10431] veth0_macvtap: entered promiscuous mode [ 244.330463][T10767] 8021q: adding VLAN 0 to HW filter on device bond6 [ 244.348378][T10767] bond6: (slave wireguard3): The slave device specified does not support setting the MAC address [ 244.364296][T10767] bond6: (slave wireguard3): Setting fail_over_mac to active for active-backup mode [ 244.382702][T10767] bond6: (slave wireguard3): making interface the new active one [ 244.397791][T10767] wireguard3: entered promiscuous mode [ 244.405888][T10767] bond6: (slave wireguard3): Enslaving as an active interface with an up link [ 244.436607][T10431] veth1_macvtap: entered promiscuous mode [ 244.468577][ T1149] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.493433][ T4120] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.521861][ T4120] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.552525][ T1149] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.581499][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.590771][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.594150][T10431] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 244.618623][T10431] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 244.644321][ T1149] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.663131][T10431] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.676165][T10431] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.685316][T10431] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.694220][T10431] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.859917][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.870781][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.970280][ T1149] bridge_slave_1: left allmulticast mode [ 244.976514][ T8791] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.976824][ T1149] bridge_slave_1: left promiscuous mode [ 244.990311][ T8791] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.995290][ T1149] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.008516][ T1149] bridge_slave_0: left allmulticast mode [ 245.015228][ T1149] bridge_slave_0: left promiscuous mode [ 245.020927][ T1149] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.222696][T10774] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1125'. [ 245.261158][T10774] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1125'. [ 245.652199][ T5853] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 245.661165][ T5853] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 245.679557][ T1149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 245.688378][ T5853] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 245.690697][ T5853] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 245.704211][ T5853] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 245.717584][ T1149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 245.739835][ T1149] bond0 (unregistering): Released all slaves [ 246.713088][ T1149] hsr_slave_0: left promiscuous mode [ 246.728666][ T1149] hsr_slave_1: left promiscuous mode [ 246.739736][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 246.754389][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 246.774613][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 246.782088][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 246.842312][ T1149] veth1_macvtap: left promiscuous mode [ 246.854088][ T1149] veth0_macvtap: left promiscuous mode [ 246.859822][ T1149] veth1_vlan: left promiscuous mode [ 246.877901][ T1149] veth0_vlan: left promiscuous mode [ 246.991380][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 247.002368][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 247.019363][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 247.032365][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 247.048185][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 247.080488][T10803] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1128'. [ 247.450730][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 247.473615][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 247.485121][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 247.494169][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 247.505457][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 247.632736][ T1149] team0 (unregistering): Port device team_slave_1 removed [ 247.678115][ T1149] team0 (unregistering): Port device team_slave_0 removed [ 247.794883][ T5853] Bluetooth: hci0: command tx timeout [ 248.462266][T10777] chnl_net:caif_netlink_parms(): no params data found [ 248.800413][T10833] netlink: 'syz.3.1135': attribute type 1 has an invalid length. [ 248.917435][T10833] bond5: entered promiscuous mode [ 248.951934][T10833] 8021q: adding VLAN 0 to HW filter on device bond5 [ 248.990950][T10843] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1137'. [ 249.027252][T10843] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1137'. [ 249.109424][T10839] 8021q: adding VLAN 0 to HW filter on device bond5 [ 249.134306][T10839] bond5: (slave wireguard2): The slave device specified does not support setting the MAC address [ 249.145329][T10839] bond5: (slave wireguard2): Setting fail_over_mac to active for active-backup mode [ 249.155760][ T5853] Bluetooth: hci2: command tx timeout [ 249.176051][T10839] bond5: (slave wireguard2): making interface the new active one [ 249.200547][T10839] wireguard2: entered promiscuous mode [ 249.211886][T10839] bond5: (slave wireguard2): Enslaving as an active interface with an up link [ 249.245759][T10777] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.253009][T10777] bridge0: port 1(bridge_slave_0) entered disabled state [ 249.260369][T10777] bridge_slave_0: entered allmulticast mode [ 249.268448][T10777] bridge_slave_0: entered promiscuous mode [ 249.286259][T10777] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.293434][T10777] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.316323][T10777] bridge_slave_1: entered allmulticast mode [ 249.338622][T10777] bridge_slave_1: entered promiscuous mode [ 249.353329][T10856] netlink: 'syz.3.1139': attribute type 21 has an invalid length. [ 249.428362][T10856] netlink: 'syz.3.1139': attribute type 6 has an invalid length. [ 249.440315][T10856] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1139'. [ 249.554981][ T5853] Bluetooth: hci4: command tx timeout [ 249.577439][T10777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 249.590515][T10777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 249.702892][T10777] team0: Port device team_slave_0 added [ 249.712765][T10777] team0: Port device team_slave_1 added [ 249.836068][T10777] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 249.843639][T10777] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 249.878635][ T5853] Bluetooth: hci0: command tx timeout [ 249.884251][T10777] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 249.896279][T10799] chnl_net:caif_netlink_parms(): no params data found [ 249.919046][T10777] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 249.926453][T10777] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 249.965113][T10777] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 250.110865][T10874] netlink: 'syz.0.1144': attribute type 3 has an invalid length. [ 250.122098][T10777] hsr_slave_0: entered promiscuous mode [ 250.130283][T10777] hsr_slave_1: entered promiscuous mode [ 250.139522][T10874] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1144'. [ 250.199681][ T1149] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.510370][T10894] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1148'. [ 250.515491][ T1149] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.525047][T10894] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1148'. [ 250.689066][T10804] chnl_net:caif_netlink_parms(): no params data found [ 250.727903][T10904] netlink: 'syz.3.1150': attribute type 21 has an invalid length. [ 250.843207][ T1149] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.940911][T10904] netlink: 'syz.3.1150': attribute type 6 has an invalid length. [ 250.953736][T10904] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1150'. [ 251.090983][ T1149] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.112987][T10799] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.122918][T10799] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.136667][T10799] bridge_slave_0: entered allmulticast mode [ 251.149353][T10799] bridge_slave_0: entered promiscuous mode [ 251.196359][T10799] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.222976][T10799] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.231755][T10799] bridge_slave_1: entered allmulticast mode [ 251.237903][ T5853] Bluetooth: hci2: command tx timeout [ 251.249886][T10799] bridge_slave_1: entered promiscuous mode [ 251.443554][T10799] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 251.568763][T10804] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.583938][T10804] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.591227][T10804] bridge_slave_0: entered allmulticast mode [ 251.595487][T10940] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1156'. [ 251.611756][T10940] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1156'. [ 251.621103][T10804] bridge_slave_0: entered promiscuous mode [ 251.634239][ T5853] Bluetooth: hci4: command tx timeout [ 251.677277][T10799] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 251.750549][T10804] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.766576][T10804] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.774716][T10804] bridge_slave_1: entered allmulticast mode [ 251.787194][T10804] bridge_slave_1: entered promiscuous mode [ 251.955596][ T5853] Bluetooth: hci0: command tx timeout [ 251.968879][T10799] team0: Port device team_slave_0 added [ 252.041076][T10804] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 252.069713][T10799] team0: Port device team_slave_1 added [ 252.104306][T10957] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1159'. [ 252.117985][T10804] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 252.263138][ T1149] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.303966][T10966] netlink: 'syz.0.1162': attribute type 21 has an invalid length. [ 252.386262][T10966] netlink: 'syz.0.1162': attribute type 6 has an invalid length. [ 252.543222][ T1149] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.568421][T10799] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 252.576742][T10799] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 252.604307][T10799] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 252.640796][T10804] team0: Port device team_slave_0 added [ 252.767403][ T1149] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 252.812870][T10799] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 252.823544][T10799] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 252.851687][T10799] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 252.875108][T10804] team0: Port device team_slave_1 added [ 253.046699][ T1149] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.162573][T10804] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 253.172308][T10804] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 253.198629][T10804] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 253.256069][T10799] hsr_slave_0: entered promiscuous mode [ 253.263110][T10799] hsr_slave_1: entered promiscuous mode [ 253.275632][T10799] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 253.283397][T10995] netlink: 'syz.3.1173': attribute type 21 has an invalid length. [ 253.289035][T10799] Cannot create hsr debugfs directory [ 253.298310][T10804] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 253.311238][T10804] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 253.344715][ T5853] Bluetooth: hci2: command tx timeout [ 253.350286][T10804] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 253.370487][T10995] netlink: 'syz.3.1173': attribute type 6 has an invalid length. [ 253.622115][T10804] hsr_slave_0: entered promiscuous mode [ 253.641876][T10804] hsr_slave_1: entered promiscuous mode [ 253.650021][T10804] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 253.658545][T10804] Cannot create hsr debugfs directory [ 253.714011][ T5853] Bluetooth: hci4: command tx timeout [ 254.034032][ T5853] Bluetooth: hci0: command tx timeout [ 254.631834][T11019] __nla_validate_parse: 7 callbacks suppressed [ 254.631852][T11019] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1182'. [ 254.660764][T11019] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1182'. [ 254.768773][T10777] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 254.769759][T11022] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1183'. [ 254.797012][T10777] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 254.820927][T10777] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 254.874836][ T1149] bridge_slave_1: left allmulticast mode [ 254.881379][ T1149] bridge_slave_1: left promiscuous mode [ 254.881725][T11026] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1183'. [ 254.894997][ T1149] bridge0: port 2(bridge_slave_1) entered disabled state [ 254.921294][ T1149] bridge_slave_0: left allmulticast mode [ 254.950540][ T1149] bridge_slave_0: left promiscuous mode [ 254.959851][ T1149] bridge0: port 1(bridge_slave_0) entered disabled state [ 254.985267][ T1149] bridge_slave_1: left allmulticast mode [ 255.006580][ T1149] bridge_slave_1: left promiscuous mode [ 255.012538][ T1149] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.031258][ T1149] bridge_slave_0: left allmulticast mode [ 255.037202][ T1149] bridge_slave_0: left promiscuous mode [ 255.042927][ T1149] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.403880][ T5853] Bluetooth: hci2: command tx timeout [ 255.443597][ T1149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 255.457851][ T1149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 255.470743][ T1149] bond0 (unregistering): Released all slaves [ 255.720122][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.732850][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.804923][ T5853] Bluetooth: hci4: command tx timeout [ 255.826355][ T1149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 255.837082][ T1149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 255.847489][ T1149] bond0 (unregistering): Released all slaves [ 255.866782][T10777] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 256.028393][T11034] validate_nla: 1 callbacks suppressed [ 256.028412][T11034] netlink: 'syz.0.1186': attribute type 21 has an invalid length. [ 256.086650][T11034] netlink: 'syz.0.1186': attribute type 6 has an invalid length. [ 256.099333][T11034] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1186'. [ 256.696288][T10777] 8021q: adding VLAN 0 to HW filter on device bond0 [ 256.860492][T10777] 8021q: adding VLAN 0 to HW filter on device team0 [ 256.947849][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.955082][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 256.984559][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.991762][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 257.411647][ T1149] hsr_slave_0: left promiscuous mode [ 257.463712][ T1149] hsr_slave_1: left promiscuous mode [ 257.480193][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 257.550887][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 257.572738][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 257.588241][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 257.609337][ T1149] hsr_slave_0: left promiscuous mode [ 257.616418][ T1149] hsr_slave_1: left promiscuous mode [ 257.623525][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 257.639263][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 257.648758][ T1149] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 257.658307][ T1149] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 257.705238][ T1149] veth1_macvtap: left promiscuous mode [ 257.710827][ T1149] veth0_macvtap: left promiscuous mode [ 257.717817][ T1149] veth1_vlan: left promiscuous mode [ 257.729561][ T1149] veth0_vlan: left promiscuous mode [ 257.741730][ T1149] veth1_macvtap: left promiscuous mode [ 257.747430][ T1149] veth0_macvtap: left promiscuous mode [ 257.753110][ T1149] veth1_vlan: left promiscuous mode [ 257.759474][ T1149] veth0_vlan: left promiscuous mode [ 258.081125][T11084] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1194'. [ 258.096153][T11084] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1194'. [ 258.474949][ T1149] team0 (unregistering): Port device team_slave_1 removed [ 258.515826][ T1149] team0 (unregistering): Port device team_slave_0 removed [ 259.253635][ T1149] team0 (unregistering): Port device team_slave_1 removed [ 259.292082][ T1149] team0 (unregistering): Port device team_slave_0 removed [ 259.706634][T10804] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 259.740207][T10804] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 259.852165][T10804] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 259.876289][T10804] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 259.922175][T11103] netlink: 'syz.3.1200': attribute type 21 has an invalid length. [ 259.940876][T11097] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1198'. [ 260.004027][T11103] netlink: 'syz.3.1200': attribute type 6 has an invalid length. [ 260.035209][T11103] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1200'. [ 260.185245][T11116] Bluetooth: MGMT ver 1.23 [ 260.254339][T10799] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 260.280578][T10799] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 260.334796][T10799] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 260.367104][T10799] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 260.415425][T10777] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 260.535107][T10804] 8021q: adding VLAN 0 to HW filter on device bond0 [ 260.553317][T11132] netlink: 'syz.3.1204': attribute type 29 has an invalid length. [ 260.570816][T11132] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1204'. [ 260.672550][T10804] 8021q: adding VLAN 0 to HW filter on device team0 [ 260.704667][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.711929][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 260.755215][ T4120] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.762401][ T4120] bridge0: port 2(bridge_slave_1) entered forwarding state [ 260.941357][T10799] 8021q: adding VLAN 0 to HW filter on device bond0 [ 261.047776][T10799] 8021q: adding VLAN 0 to HW filter on device team0 [ 261.155565][T11147] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1205'. [ 261.181998][T11147] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1205'. [ 261.193361][ T8791] bridge0: port 1(bridge_slave_0) entered blocking state [ 261.200564][ T8791] bridge0: port 1(bridge_slave_0) entered forwarding state [ 261.294529][ T165] bridge0: port 2(bridge_slave_1) entered blocking state [ 261.301731][ T165] bridge0: port 2(bridge_slave_1) entered forwarding state [ 261.395411][T11154] netlink: 'syz.0.1207': attribute type 11 has an invalid length. [ 261.427934][T11154] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1207'. [ 261.557588][T10777] veth0_vlan: entered promiscuous mode [ 261.613612][T10777] veth1_vlan: entered promiscuous mode [ 261.707767][T10804] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 261.750638][T10777] veth0_macvtap: entered promiscuous mode [ 261.798084][T10777] veth1_macvtap: entered promiscuous mode [ 261.885325][T11168] FAULT_INJECTION: forcing a failure. [ 261.885325][T11168] name failslab, interval 1, probability 0, space 0, times 0 [ 261.946429][T10777] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 261.965497][T11168] CPU: 1 UID: 0 PID: 11168 Comm: syz.0.1211 Not tainted 6.16.0-rc2-syzkaller-00177-g1fd26729e013 #0 PREEMPT(full) [ 261.965524][T11168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 261.965535][T11168] Call Trace: [ 261.965543][T11168] [ 261.965550][T11168] dump_stack_lvl+0x189/0x250 [ 261.965586][T11168] ? __pfx____ratelimit+0x10/0x10 [ 261.965610][T11168] ? __pfx_dump_stack_lvl+0x10/0x10 [ 261.965633][T11168] ? __pfx__printk+0x10/0x10 [ 261.965655][T11168] ? __pfx___might_resched+0x10/0x10 [ 261.965676][T11168] ? fs_reclaim_acquire+0x7d/0x100 [ 261.965698][T11168] should_fail_ex+0x414/0x560 [ 261.965723][T11168] should_failslab+0xa8/0x100 [ 261.965742][T11168] __kmalloc_noprof+0xcb/0x4f0 [ 261.965757][T11168] ? security_sk_alloc+0x52/0x390 [ 261.965776][T11168] security_sk_alloc+0x52/0x390 [ 261.965795][T11168] sk_prot_alloc+0x101/0x220 [ 261.965813][T11168] ? sk_alloc+0x24/0x370 [ 261.965833][T11168] sk_alloc+0x3a/0x370 [ 261.965849][T11168] ? bpf_ctx_init+0x167/0x1d0 [ 261.965871][T11168] bpf_prog_test_run_skb+0x2ed/0x1560 [ 261.965888][T11168] ? __fget_files+0x2a/0x420 [ 261.965921][T11168] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 261.965940][T11168] bpf_prog_test_run+0x2c4/0x340 [ 261.965967][T11168] __sys_bpf+0x4a4/0x860 [ 261.965990][T11168] ? __pfx___sys_bpf+0x10/0x10 [ 261.966023][T11168] ? ksys_write+0x22a/0x250 [ 261.966041][T11168] ? __pfx_ksys_write+0x10/0x10 [ 261.966054][T11168] ? rcu_is_watching+0x15/0xb0 [ 261.966085][T11168] __x64_sys_bpf+0x7c/0x90 [ 261.966105][T11168] do_syscall_64+0xfa/0x3b0 [ 261.966120][T11168] ? lockdep_hardirqs_on+0x9c/0x150 [ 261.966143][T11168] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.966159][T11168] ? clear_bhb_loop+0x60/0xb0 [ 261.966179][T11168] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.966195][T11168] RIP: 0033:0x7fa64698e929 [ 261.966210][T11168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 261.966223][T11168] RSP: 002b:00007fa647856038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 261.966241][T11168] RAX: ffffffffffffffda RBX: 00007fa646bb5fa0 RCX: 00007fa64698e929 [ 261.966254][T11168] RDX: 0000000000000050 RSI: 0000200000002300 RDI: 000000000000000a [ 261.966264][T11168] RBP: 00007fa647856090 R08: 0000000000000000 R09: 0000000000000000 [ 261.966274][T11168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 261.966285][T11168] R13: 0000000000000000 R14: 00007fa646bb5fa0 R15: 00007ffe99941c68 [ 261.966311][T11168] [ 262.005424][T10777] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 262.243522][T11176] netlink: 'syz.3.1212': attribute type 21 has an invalid length. [ 262.313056][T11176] netlink: 'syz.3.1212': attribute type 6 has an invalid length. [ 262.338782][T11176] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1212'. [ 262.367058][T10804] veth0_vlan: entered promiscuous mode [ 262.384582][T10777] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.408173][T10777] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.426528][T10777] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.447404][T10777] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.492200][T10804] veth1_vlan: entered promiscuous mode [ 262.511756][T10799] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 262.637850][T11193] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1217'. [ 262.654581][T11193] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1217'. [ 262.767051][T10804] veth0_macvtap: entered promiscuous mode [ 262.897717][ T8791] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 262.908312][T10799] veth0_vlan: entered promiscuous mode [ 262.921268][ T8791] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 262.931945][T10804] veth1_macvtap: entered promiscuous mode [ 263.003404][T10799] veth1_vlan: entered promiscuous mode [ 263.040460][T10804] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 263.097573][T10804] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 263.135017][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 263.150059][T10804] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.164261][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 263.181865][T10804] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.196865][T10804] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.225054][T10804] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.253422][T10799] veth0_macvtap: entered promiscuous mode [ 263.327913][T10799] veth1_macvtap: entered promiscuous mode [ 263.336689][T11214] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1225'. [ 263.462307][T10799] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 263.521353][T11220] netlink: 'syz.3.1226': attribute type 21 has an invalid length. [ 263.590307][T11220] netlink: 'syz.3.1226': attribute type 6 has an invalid length. [ 263.617014][T10799] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 263.642986][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 263.656283][T10799] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.678633][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 263.704118][T10799] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.747813][T10799] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.772089][T10799] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 263.868679][ T8791] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.027540][ T8791] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.120455][ T165] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 264.165674][ T165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 264.186292][ T8791] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.313439][ T1321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 264.338918][ T1321] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 264.359927][ T8791] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.552030][ T165] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 264.575316][ T165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 264.670167][ T8791] bridge_slave_1: left allmulticast mode [ 264.683282][ T8791] bridge_slave_1: left promiscuous mode [ 264.709629][ T8791] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.742944][ T8791] bridge_slave_0: left allmulticast mode [ 264.754564][ T8791] bridge_slave_0: left promiscuous mode [ 264.760387][ T8791] bridge0: port 1(bridge_slave_0) entered disabled state [ 265.064056][T11254] __nla_validate_parse: 1 callbacks suppressed [ 265.064076][T11254] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1230'. [ 265.114333][T11254] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1230'. [ 265.489250][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 265.508474][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 265.517046][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 265.533345][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 265.548787][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 265.785546][ T8791] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 265.817433][ T8791] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 265.848775][ T8791] bond0 (unregistering): Released all slaves [ 266.207983][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 266.217472][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 266.230717][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 266.241110][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 266.256654][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 267.297573][T11262] chnl_net:caif_netlink_parms(): no params data found [ 267.543444][ T8791] hsr_slave_0: left promiscuous mode [ 267.549413][ T8791] hsr_slave_1: left promiscuous mode [ 267.561294][ T8791] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 267.568991][ T8791] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 267.582124][ T8791] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 267.589725][ T8791] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 267.610405][ T8791] veth1_macvtap: left promiscuous mode [ 267.616259][ T8791] veth0_macvtap: left promiscuous mode [ 267.621918][ T8791] veth1_vlan: left promiscuous mode [ 267.627325][ T8791] veth0_vlan: left promiscuous mode [ 267.634081][ T5853] Bluetooth: hci0: command tx timeout [ 267.985995][T11311] FAULT_INJECTION: forcing a failure. [ 267.985995][T11311] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 267.999335][T11311] CPU: 0 UID: 0 PID: 11311 Comm: syz.3.1236 Not tainted 6.16.0-rc2-syzkaller-00177-g1fd26729e013 #0 PREEMPT(full) [ 267.999360][T11311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 267.999371][T11311] Call Trace: [ 267.999378][T11311] [ 267.999386][T11311] dump_stack_lvl+0x189/0x250 [ 267.999413][T11311] ? __pfx____ratelimit+0x10/0x10 [ 267.999436][T11311] ? __pfx_dump_stack_lvl+0x10/0x10 [ 267.999459][T11311] ? __pfx__printk+0x10/0x10 [ 267.999491][T11311] should_fail_ex+0x414/0x560 [ 267.999517][T11311] _copy_to_user+0x31/0xb0 [ 267.999537][T11311] bpf_test_finish+0x1ab/0x700 [ 267.999565][T11311] ? __pfx_bpf_test_finish+0x10/0x10 [ 267.999597][T11311] bpf_prog_test_run_skb+0xed5/0x1560 [ 267.999633][T11311] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 267.999653][T11311] bpf_prog_test_run+0x2c4/0x340 [ 267.999687][T11311] __sys_bpf+0x4a4/0x860 [ 267.999710][T11311] ? __pfx___sys_bpf+0x10/0x10 [ 267.999744][T11311] ? ksys_write+0x22a/0x250 [ 267.999762][T11311] ? __pfx_ksys_write+0x10/0x10 [ 267.999776][T11311] ? rcu_is_watching+0x15/0xb0 [ 267.999806][T11311] __x64_sys_bpf+0x7c/0x90 [ 267.999827][T11311] do_syscall_64+0xfa/0x3b0 [ 267.999842][T11311] ? lockdep_hardirqs_on+0x9c/0x150 [ 267.999864][T11311] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.999880][T11311] ? clear_bhb_loop+0x60/0xb0 [ 267.999900][T11311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.999916][T11311] RIP: 0033:0x7f94b0f8e929 [ 267.999933][T11311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 267.999947][T11311] RSP: 002b:00007f94b1d1a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 267.999965][T11311] RAX: ffffffffffffffda RBX: 00007f94b11b5fa0 RCX: 00007f94b0f8e929 [ 267.999978][T11311] RDX: 0000000000000050 RSI: 0000200000002300 RDI: 000000000000000a [ 267.999989][T11311] RBP: 00007f94b1d1a090 R08: 0000000000000000 R09: 0000000000000000 [ 268.000000][T11311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 268.000010][T11311] R13: 0000000000000000 R14: 00007f94b11b5fa0 R15: 00007ffed0fd86c8 [ 268.000039][T11311] [ 268.248646][T11312] netlink: 192 bytes leftover after parsing attributes in process `syz.0.1235'. [ 268.319207][T11314] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1237'. [ 268.359558][ T5853] Bluetooth: hci2: command tx timeout [ 268.379010][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 268.388456][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 268.396821][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 268.407227][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 268.440620][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 268.561391][T11320] netlink: 'syz.3.1239': attribute type 21 has an invalid length. [ 268.585544][ T8791] team0 (unregistering): Port device team_slave_1 removed [ 268.627441][ T8791] team0 (unregistering): Port device team_slave_0 removed [ 269.058111][T11320] netlink: 'syz.3.1239': attribute type 6 has an invalid length. [ 269.075397][T11320] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1239'. [ 269.139683][T11262] bridge0: port 1(bridge_slave_0) entered blocking state [ 269.147091][T11262] bridge0: port 1(bridge_slave_0) entered disabled state [ 269.157731][T11262] bridge_slave_0: entered allmulticast mode [ 269.168013][T11262] bridge_slave_0: entered promiscuous mode [ 269.180825][T11262] bridge0: port 2(bridge_slave_1) entered blocking state [ 269.189492][T11262] bridge0: port 2(bridge_slave_1) entered disabled state [ 269.198698][T11262] bridge_slave_1: entered allmulticast mode [ 269.206756][T11262] bridge_slave_1: entered promiscuous mode [ 269.367721][T11325] bond6: entered promiscuous mode [ 269.381679][T11325] bond6: entered allmulticast mode [ 269.404282][T11325] 8021q: adding VLAN 0 to HW filter on device bond6 [ 269.473333][T11262] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 269.509598][T11340] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1242'. [ 269.522340][T11262] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 269.724438][ T51] Bluetooth: hci0: command tx timeout [ 269.757553][T11262] team0: Port device team_slave_0 added [ 269.801758][T11262] team0: Port device team_slave_1 added [ 269.942681][T11356] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1244'. [ 270.129389][T11262] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 270.145772][T11262] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 270.207958][T11262] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 270.236042][T11262] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 270.243112][T11262] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 270.289514][T11262] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 270.448104][ T5853] Bluetooth: hci2: command tx timeout [ 270.514182][ T51] Bluetooth: hci4: command tx timeout [ 270.580842][T11262] hsr_slave_0: entered promiscuous mode [ 270.596720][T11262] hsr_slave_1: entered promiscuous mode [ 270.647452][T11280] chnl_net:caif_netlink_parms(): no params data found [ 270.813519][T11384] netlink: 'syz.0.1251': attribute type 21 has an invalid length. [ 270.848541][ T8791] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.040013][T11384] netlink: 'syz.0.1251': attribute type 6 has an invalid length. [ 271.063995][T11384] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1251'. [ 271.185730][ T8791] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.288793][ T8791] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.316958][T11404] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1253'. [ 271.510902][ T8791] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.693742][T11280] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.700919][T11280] bridge0: port 1(bridge_slave_0) entered disabled state [ 271.717856][T11280] bridge_slave_0: entered allmulticast mode [ 271.727233][T11280] bridge_slave_0: entered promiscuous mode [ 271.740521][T11280] bridge0: port 2(bridge_slave_1) entered blocking state [ 271.751709][T11280] bridge0: port 2(bridge_slave_1) entered disabled state [ 271.762661][T11280] bridge_slave_1: entered allmulticast mode [ 271.772166][T11280] bridge_slave_1: entered promiscuous mode [ 271.793885][ T51] Bluetooth: hci0: command tx timeout [ 272.029509][T11280] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 272.108159][T11280] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 272.298383][T11315] chnl_net:caif_netlink_parms(): no params data found [ 272.461196][T11280] team0: Port device team_slave_0 added [ 272.516652][ T51] Bluetooth: hci2: command tx timeout [ 272.527017][ T8791] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.557442][T11280] team0: Port device team_slave_1 added [ 272.594118][ T51] Bluetooth: hci4: command tx timeout [ 272.664458][ T8791] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.741210][T11280] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 272.750969][T11280] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 272.780504][T11280] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 272.817664][T11452] netlink: 'syz.0.1263': attribute type 6 has an invalid length. [ 272.881449][ T8791] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.903512][T11280] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 272.911012][T11455] netlink: 'syz.0.1264': attribute type 21 has an invalid length. [ 272.919534][T11280] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 272.946162][T11280] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 272.981385][ T8791] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.026831][T11455] netlink: 'syz.0.1264': attribute type 6 has an invalid length. [ 273.043613][T11455] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1264'. [ 273.114526][T11461] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1266'. [ 273.219943][T11315] bridge0: port 1(bridge_slave_0) entered blocking state [ 273.233876][T11315] bridge0: port 1(bridge_slave_0) entered disabled state [ 273.241151][T11315] bridge_slave_0: entered allmulticast mode [ 273.252019][T11315] bridge_slave_0: entered promiscuous mode [ 273.314762][T11315] bridge0: port 2(bridge_slave_1) entered blocking state [ 273.324236][T11315] bridge0: port 2(bridge_slave_1) entered disabled state [ 273.331817][T11315] bridge_slave_1: entered allmulticast mode [ 273.339779][T11315] bridge_slave_1: entered promiscuous mode [ 273.379748][T11280] hsr_slave_0: entered promiscuous mode [ 273.391595][T11280] hsr_slave_1: entered promiscuous mode [ 273.399341][T11280] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 273.407539][T11280] Cannot create hsr debugfs directory [ 273.413251][T11262] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 273.539808][T11477] Bluetooth: MGMT ver 1.23 [ 273.608700][T11262] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 273.636825][T11315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 273.676868][T11315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 273.751027][T11262] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 273.776227][T11262] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 273.874009][ T51] Bluetooth: hci0: command tx timeout [ 274.000873][T11497] netlink: 'syz.3.1276': attribute type 21 has an invalid length. [ 274.052654][T11315] team0: Port device team_slave_0 added [ 274.095579][T11497] netlink: 'syz.3.1276': attribute type 6 has an invalid length. [ 274.103551][T11497] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1276'. [ 274.156539][T11315] team0: Port device team_slave_1 added [ 274.256527][ T8791] bridge_slave_1: left allmulticast mode [ 274.269927][T11510] netlink: 146840 bytes leftover after parsing attributes in process `syz.3.1277'. [ 274.275262][ T8791] bridge_slave_1: left promiscuous mode [ 274.300370][ T8791] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.326054][ T8791] bridge_slave_0: left allmulticast mode [ 274.331738][ T8791] bridge_slave_0: left promiscuous mode [ 274.338112][ T8791] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.356488][ T8791] bridge_slave_1: left allmulticast mode [ 274.362179][ T8791] bridge_slave_1: left promiscuous mode [ 274.381227][ T8791] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.390792][ T8791] bridge_slave_0: left allmulticast mode [ 274.396706][ T8791] bridge_slave_0: left promiscuous mode [ 274.402378][ T8791] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.603846][ T51] Bluetooth: hci2: command tx timeout [ 274.673945][ T51] Bluetooth: hci4: command tx timeout [ 274.780520][ T8791] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 274.792226][ T8791] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 274.802765][ T8791] bond0 (unregistering): Released all slaves [ 275.088262][ T8791] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 275.100469][ T8791] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 275.112216][ T8791] bond0 (unregistering): Released all slaves [ 275.168513][T11315] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 275.175997][T11315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 275.202735][T11315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 275.300366][T11517] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1279'. [ 275.333226][T11315] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 275.361709][T11315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 275.415939][T11315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 275.956733][ T51] Bluetooth: hci0: command tx timeout [ 275.981593][T11315] hsr_slave_0: entered promiscuous mode [ 276.001174][T11315] hsr_slave_1: entered promiscuous mode [ 276.021621][T11315] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 276.043752][T11315] Cannot create hsr debugfs directory [ 276.490734][T11566] netlink: 'syz.3.1290': attribute type 1 has an invalid length. [ 276.583901][T11566] bond7: entered promiscuous mode [ 276.589413][T11566] 8021q: adding VLAN 0 to HW filter on device bond7 [ 276.672607][T11569] 8021q: adding VLAN 0 to HW filter on device bond7 [ 276.683279][T11569] bond7: (slave wireguard3): The slave device specified does not support setting the MAC address [ 276.702739][T11569] bond7: (slave wireguard3): Setting fail_over_mac to active for active-backup mode [ 276.719154][T11569] bond7: (slave wireguard3): making interface the new active one [ 276.733341][T11569] wireguard3: entered promiscuous mode [ 276.741106][T11569] bond7: (slave wireguard3): Enslaving as an active interface with an up link [ 276.754040][ T51] Bluetooth: hci4: command tx timeout [ 276.990688][T11576] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1291'. [ 277.403506][ T8791] hsr_slave_0: left promiscuous mode [ 277.443588][ T8791] hsr_slave_1: left promiscuous mode [ 277.456011][ T8791] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 277.468363][ T8791] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 277.477200][ T8791] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 277.487596][ T8791] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 277.507411][ T8791] hsr_slave_0: left promiscuous mode [ 277.513501][ T8791] hsr_slave_1: left promiscuous mode [ 277.534945][ T8791] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 277.542413][ T8791] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 277.555059][ T8791] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 277.563043][ T8791] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 277.636341][ T8791] veth1_macvtap: left promiscuous mode [ 277.641947][ T8791] veth0_macvtap: left promiscuous mode [ 277.648136][ T8791] veth1_vlan: left promiscuous mode [ 277.653497][ T8791] veth0_vlan: left promiscuous mode [ 277.661704][ T8791] veth1_macvtap: left promiscuous mode [ 277.668221][ T8791] veth0_macvtap: left promiscuous mode [ 277.674367][ T8791] veth1_vlan: left promiscuous mode [ 277.682839][ T8791] veth0_vlan: left promiscuous mode [ 277.767035][T11604] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1297'. [ 277.801537][T11604] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1297'. [ 278.586052][ T8791] team0 (unregistering): Port device team_slave_1 removed [ 278.636918][ T8791] team0 (unregistering): Port device team_slave_0 removed [ 279.460915][ T8791] team0 (unregistering): Port device team_slave_1 removed [ 279.499794][ T8791] team0 (unregistering): Port device team_slave_0 removed [ 279.948341][T11262] 8021q: adding VLAN 0 to HW filter on device bond0 [ 279.992991][T11280] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 280.110516][T11280] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 280.163552][T11262] 8021q: adding VLAN 0 to HW filter on device team0 [ 280.200208][ T165] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.207432][ T165] bridge0: port 1(bridge_slave_0) entered forwarding state [ 280.262259][T11280] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 280.466096][T11280] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 280.479163][ T1321] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.486385][ T1321] bridge0: port 2(bridge_slave_1) entered forwarding state [ 280.523363][T11655] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1302'. [ 280.569166][T11659] dvmrp0: entered allmulticast mode [ 280.794453][T11681] netlink: 'syz.3.1307': attribute type 21 has an invalid length. [ 280.894880][T11681] netlink: 'syz.3.1307': attribute type 6 has an invalid length. [ 280.902744][T11681] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1307'. [ 280.981842][T11262] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 281.336691][T11701] netlink: 'syz.0.1311': attribute type 1 has an invalid length. [ 281.378007][T11280] 8021q: adding VLAN 0 to HW filter on device bond0 [ 281.466863][T11701] bond7: entered promiscuous mode [ 281.472469][T11701] 8021q: adding VLAN 0 to HW filter on device bond7 [ 281.585123][T11280] 8021q: adding VLAN 0 to HW filter on device team0 [ 281.607094][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.614304][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 281.658007][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.665226][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 281.708431][T11715] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1314'. [ 281.722668][T11315] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 281.766455][T11315] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 281.813610][T11262] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 281.849946][T11315] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 281.890872][T11315] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 282.257956][T11315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 282.306489][T11315] 8021q: adding VLAN 0 to HW filter on device team0 [ 282.332446][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.339704][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 282.387400][ T1321] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.394647][ T1321] bridge0: port 2(bridge_slave_1) entered forwarding state [ 282.620633][T11280] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 282.638635][T11262] veth0_vlan: entered promiscuous mode [ 282.645813][T11750] netlink: 'syz.0.1320': attribute type 21 has an invalid length. [ 282.682221][T11750] netlink: 'syz.0.1320': attribute type 6 has an invalid length. [ 282.711631][T11750] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1320'. [ 282.727460][T11262] veth1_vlan: entered promiscuous mode [ 282.837329][T11262] veth0_macvtap: entered promiscuous mode [ 282.868234][T11280] veth0_vlan: entered promiscuous mode [ 282.893078][T11262] veth1_macvtap: entered promiscuous mode [ 282.937048][T11280] veth1_vlan: entered promiscuous mode [ 282.970720][T11262] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 283.016281][T11262] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 283.046765][T11262] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.059284][T11262] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.071200][T11262] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.087547][T11262] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.173189][T11315] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 283.282067][T11770] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1325'. [ 283.293637][T11280] veth0_macvtap: entered promiscuous mode [ 283.331050][T11280] veth1_macvtap: entered promiscuous mode [ 283.359473][ T8791] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 283.379967][ T8791] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 283.398733][T11773] x_tables: unsorted underflow at hook 3 [ 283.406160][T11773] xt_socket: unknown flags 0x50 [ 283.456815][ T4120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 283.467715][ T4120] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 283.476518][T11315] veth0_vlan: entered promiscuous mode [ 283.491255][T11280] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 283.512377][T11280] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 283.540605][T11280] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.563619][T11280] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.573589][T11280] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.582493][T11280] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 283.604219][T11315] veth1_vlan: entered promiscuous mode [ 283.830584][T11315] veth0_macvtap: entered promiscuous mode [ 283.862679][T11315] veth1_macvtap: entered promiscuous mode [ 283.871966][ T1321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 283.895988][T11315] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 283.916085][ T1321] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 283.941915][T11315] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 283.994517][T11315] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.013954][T11315] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.023157][T11315] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.043323][T11315] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.079482][T11785] netlink: 'syz.3.1332': attribute type 21 has an invalid length. [ 284.092365][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.112567][ T4120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 284.131233][ T4120] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 284.133570][T11785] netlink: 'syz.3.1332': attribute type 6 has an invalid length. [ 284.164340][T11785] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1332'. [ 284.265472][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.422614][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.477480][ T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 284.496610][ T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 284.526116][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.578167][ T44] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 284.595366][ T44] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 284.707142][T11315] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN PTI [ 284.719078][T11315] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f] [ 284.727502][T11315] CPU: 1 UID: 0 PID: 11315 Comm: syz-executor Not tainted 6.16.0-rc2-syzkaller-00177-g1fd26729e013 #0 PREEMPT(full) [ 284.739753][T11315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 284.749807][T11315] RIP: 0010:klist_remove+0x14a/0x340 [ 284.755092][T11315] Code: 4d 89 f5 49 c1 ed 03 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 d9 41 c7 f6 4d 8b 26 49 83 e4 fe 49 8d 7c 24 58 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 74 05 e8 ba 41 c7 f6 49 8b 44 24 58 48 89 44 24 08 [ 284.774700][T11315] RSP: 0018:ffffc900033f7840 EFLAGS: 00010202 [ 284.780766][T11315] RAX: 000000000000000b RBX: ffff88802dffbc00 RCX: 0000000000000000 [ 284.788725][T11315] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000058 [ 284.796681][T11315] RBP: ffffc900033f7928 R08: ffffffff8f8798c3 R09: 1ffffffff1f0f318 [ 284.804640][T11315] R10: dffffc0000000000 R11: fffffbfff1f0f319 R12: 0000000000000000 [ 284.812600][T11315] R13: 1ffff1100523848c R14: ffff8880291c2460 R15: dffffc0000000000 [ 284.820555][T11315] FS: 0000000000000000(0000) GS:ffff888125d51000(0000) knlGS:0000000000000000 [ 284.829470][T11315] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 284.836038][T11315] CR2: 00007fffb67d8ff8 CR3: 000000002f3a6000 CR4: 00000000003526f0 [ 284.843995][T11315] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 284.851950][T11315] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 284.859908][T11315] Call Trace: [ 284.863173][T11315] [ 284.866118][T11315] ? __pfx_klist_remove+0x10/0x10 [ 284.871152][T11315] ? __pfx_kobject_move+0x10/0x10 [ 284.876170][T11315] ? get_device_parent+0x366/0x3a0 [ 284.881279][T11315] device_move+0x193/0x700 [ 284.885703][T11315] hci_conn_del_sysfs+0xb8/0x170 [ 284.890631][T11315] hci_conn_del+0x8ff/0xcb0 [ 284.895127][T11315] hci_conn_hash_flush+0x191/0x230 [ 284.900228][T11315] hci_dev_close_sync+0xaef/0x1330 [ 284.905331][T11315] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 284.910862][T11315] ? up_write+0x1c4/0x420 [ 284.915179][T11315] hci_unregister_dev+0x21a/0x510 [ 284.920190][T11315] vhci_release+0x80/0xd0 [ 284.924508][T11315] ? __pfx_vhci_release+0x10/0x10 [ 284.929522][T11315] __fput+0x44c/0xa70 [ 284.933498][T11315] task_work_run+0x1d1/0x260 [ 284.938076][T11315] ? __pfx_task_work_run+0x10/0x10 [ 284.943175][T11315] ? kmem_cache_free+0x18f/0x400 [ 284.948106][T11315] do_exit+0x6ad/0x22e0 [ 284.952255][T11315] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 284.957616][T11315] ? __pfx_do_exit+0x10/0x10 [ 284.962195][T11315] ? _raw_spin_unlock_irq+0x23/0x50 [ 284.967387][T11315] ? lockdep_hardirqs_on+0x9c/0x150 [ 284.972576][T11315] do_group_exit+0x21c/0x2d0 [ 284.977156][T11315] __x64_sys_exit_group+0x3f/0x40 [ 284.982166][T11315] x64_sys_call+0x21ba/0x21c0 [ 284.986827][T11315] do_syscall_64+0xfa/0x3b0 [ 284.991400][T11315] ? lockdep_hardirqs_on+0x9c/0x150 [ 284.996585][T11315] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.002635][T11315] ? clear_bhb_loop+0x60/0xb0 [ 285.007300][T11315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.013173][T11315] RIP: 0033:0x7f09ae98e929 [ 285.017570][T11315] Code: Unable to access opcode bytes at 0x7f09ae98e8ff. [ 285.024567][T11315] RSP: 002b:00007fff94488968 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 285.032968][T11315] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f09ae98e929 [ 285.040926][T11315] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 285.048882][T11315] RBP: 00007f09ae9ee8f0 R08: 00007fff94486707 R09: 0000000000000003 [ 285.056924][T11315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 285.064881][T11315] R13: 0000000000000003 R14: 00000000ffffffff R15: 00007fff94488b20 [ 285.072845][T11315] [ 285.075850][T11315] Modules linked in: [ 285.081740][T11315] ---[ end trace 0000000000000000 ]--- [ 285.119556][T11315] RIP: 0010:klist_remove+0x14a/0x340 [ 285.126797][T11315] Code: 4d 89 f5 49 c1 ed 03 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 d9 41 c7 f6 4d 8b 26 49 83 e4 fe 49 8d 7c 24 58 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 74 05 e8 ba 41 c7 f6 49 8b 44 24 58 48 89 44 24 08 [ 285.152354][T11315] RSP: 0018:ffffc900033f7840 EFLAGS: 00010202 [ 285.159553][T11315] RAX: 000000000000000b RBX: ffff88802dffbc00 RCX: 0000000000000000 [ 285.168770][T11315] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000058 [ 285.177431][T11315] RBP: ffffc900033f7928 R08: ffffffff8f8798c3 R09: 1ffffffff1f0f318 [ 285.187442][T11315] R10: dffffc0000000000 R11: fffffbfff1f0f319 R12: 0000000000000000 [ 285.198080][T11315] R13: 1ffff1100523848c R14: ffff8880291c2460 R15: dffffc0000000000 [ 285.206476][T11315] FS: 0000000000000000(0000) GS:ffff888125c51000(0000) knlGS:0000000000000000 [ 285.217229][T11315] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 285.224167][T11315] CR2: 0000555571a3b808 CR3: 0000000034580000 CR4: 00000000003526f0 [ 285.232163][T11315] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 285.242692][T11315] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 285.251760][T11315] Kernel panic - not syncing: Fatal exception [ 285.258140][T11315] Kernel Offset: disabled [ 285.262466][T11315] Rebooting in 86400 seconds..