last executing test programs: 1m8.201492961s ago: executing program 3 (id=2150): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000070000000900010073797a300000000054000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000c08000340000000080800074020000031080006"], 0x128}}, 0x1b00000000000000) 57.096648516s ago: executing program 3 (id=2150): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000070000000900010073797a300000000054000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000c08000340000000080800074020000031080006"], 0x128}}, 0x1b00000000000000) 42.428807553s ago: executing program 3 (id=2150): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000070000000900010073797a300000000054000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000c08000340000000080800074020000031080006"], 0x128}}, 0x1b00000000000000) 31.689121335s ago: executing program 3 (id=2150): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000070000000900010073797a300000000054000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000c08000340000000080800074020000031080006"], 0x128}}, 0x1b00000000000000) 16.623873405s ago: executing program 3 (id=2150): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000070000000900010073797a300000000054000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000c08000340000000080800074020000031080006"], 0x128}}, 0x1b00000000000000) 8.4404725s ago: executing program 1 (id=2991): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) syz_emit_ethernet(0x7c, &(0x7f0000000640)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaa5aa86dd6038e5ec3de52f00fc000000000000000000000000000000ff0200000000005e742b8426783b8e01042081000000892f008000000800000086dd88a888be00000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800000000b2c3cc0e2e78e8c41df13ae3889b6300000000000000014a13f5fc761ac900b78806b2828c83"], 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x3b, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0) socket$kcm(0x10, 0x2, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r2) sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)={0x14, r3, 0x72b}, 0x14}}, 0x0) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x26e1, 0x0) close(r4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) ioctl$SIOCSIFHWADDR(r4, 0x8b26, &(0x7f0000000040)={'wlan1\x00', @random="0000000600"}) r5 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002e00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000440)=ANY=[@ANYRES32=r5, @ANYRES32=r6, @ANYBLOB="05000000f9d28fe7bb8ec915bdd9c20ea2b9900000000000000000", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x10) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@map=r5, 0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r7 = socket(0x10, 0x3, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x34, r9, 0x5, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="8b"}, @crypto_settings=[@NL80211_ATTR_AKM_SUITES={0x10, 0x4c, [0x1, 0xfac03, 0xfac09]}]]}, 0x34}, 0x1, 0x0, 0x0, 0x20000840}, 0x488c0) sendmsg$inet(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000002c0)="9fa7e443444e04d6e3dbfc6f0f3708ac850c0cadccfeae8a3b9648a46b99a6d66b5d83c8b3b5ee26b7c6df05a75f95c19ac6d03ddf50cf84d7364ab9425ac83da9aa226d8b76b8c5684e1ce8d012ec48582be25898ae77abb6b8a9744283b6fae0bbc7537ce5043da6c736"}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x844) 8.246195953s ago: executing program 1 (id=2994): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r1) sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000f82818110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000480)='percpu_alloc_percpu\x00', r4}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0100000006000000080000000b0000000000feff189178e58c3ea62ce75c87da6f35e56a0664920c7e41bc97daf34b7ab3b9b4c72783359955baa508402b8dbfc67dcfa6c03b28760d99014710006c7577943e2c587f841e938429a2a0ed49c3c56a96394f1382cb15704a4c4940248d878da33a27a70346ab661335d46f83c3d04587530190fecc003f1b65413beb59e469cabad11d1e573dae32cc6f5383e904e39a3c035ad3335c5a1282d0a9b61c9d72dedecaf931000000000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c00178018"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000000)=0x887) socket$netlink(0x10, 0x3, 0xe) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001000010800"/19, @ANYRES32=0x0, @ANYBLOB="314400800027000013449b5b2c99cab6d1a44443d31cb064e7dba015925576f14fa388ec4d41cfd88f0774f11113568e5ff6c71582c8a24d712ab6f7c483f7b8e6d00573b4c5b0a65608373a2e76d8f606e8466e38fda1328a73a4c14a4457da6ac455a2815c5e55341f60d92a64300c1d35701b87bc864e49b23be938057882a13fc8b6e5235d844d8153804a4e437d159823d3527c09a0108ee26abe5282066d0d41b5e57e130b8a916e3b5eb72ad852323818c9b7c337e83bbd2b6020ad9ec729e0a19d73556d9270b41c1a960c7dbb5ec94c88dda5100d089994e33f1ad4f7e3eb16a686d9"], 0x3c}, 0x1, 0x0, 0x0, 0x20048054}, 0x0) r6 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r6, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0xc7ec}, 0x1c) r7 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) sendmsg(r6, &(0x7f00000000c0)={0x0, 0x9521, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xffd8}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) socket(0x26, 0xa, 0x0) 7.886308459s ago: executing program 1 (id=2997): r0 = socket$inet6(0xa, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000640)={0x6, 0xf, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x8000}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000004c0)='GPL\x00', 0x5, 0x5f, &(0x7f0000000500)=""/95, 0x0, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf}, 0x94) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='devices.list\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000200)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, 0x0, &(0x7f0000000300)) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r4, &(0x7f0000000940)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14) sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@mpls_newroute={0xe4, 0x18, 0x1, 0x70bd28, 0x25dfdbfb, {0x1c, 0x10, 0x0, 0xff, 0xfc, 0x1, 0xc8, 0xa, 0x200}, [@RTA_TTL_PROPAGATE={0x5, 0x1a, 0x10}, @RTA_NEWDST={0x84, 0x13, [{0x6, 0x0, 0x1}, {0x2, 0x0, 0x1}, {0x1}, {0x8, 0x0, 0x1}, {0x4, 0x0, 0x1}, {0x1, 0x0, 0x1}, {0x8, 0x0, 0x1}, {0xffffd}, {0x80}, {0x3}, {0x8, 0x0, 0x1}, {0x1}, {0xb}, {0x2e7d, 0x0, 0x1}, {0x8}, {0x5, 0x0, 0x1}, {0x1}, {0x9, 0x0, 0x1}, {0xffff7, 0x0, 0x1}, {0x6, 0x0, 0x1}, {0x40}, {0x10, 0x0, 0x1}, {0x9}, {0x401}, {0x5}, {0xb, 0x0, 0x1}, {0x1ee, 0x0, 0x1}, {0xe, 0x0, 0x1}, {0x1}, {0xffffc}, {0x6}, {0x7}]}, @RTA_DST={0x8, 0x1, {0x3}}, @RTA_DST={0x8, 0x1, {0x8000, 0x0, 0x1}}, @RTA_OIF={0x8, 0x4, r5}, @RTA_VIA={0x14, 0x12, {0x0, "bf869faae869170d7a193574ec54"}}, @RTA_OIF={0x8, 0x4, r5}, @RTA_DST={0x8, 0x1, {0x8}}]}, 0xe4}, 0x1, 0x0, 0x0, 0x55}, 0x40004) sendmmsg$inet(r0, &(0x7f00000017c0)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @empty, @dev={0xac, 0x14, 0x14, 0x27}}}}], 0x20}}], 0x1, 0x80) 7.749615153s ago: executing program 1 (id=2999): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x80, &(0x7f00000002c0), 0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) connect$tipc(r1, &(0x7f0000003100)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x2}}, 0x10) sendmmsg$inet(r1, &(0x7f0000002f40)=[{{0x0, 0x0, &(0x7f00000016c0)}}], 0x1, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000040)=0x5d74, 0x4) setsockopt(r0, 0x84, 0x81, &(0x7f00000003c0)="1a00000002000100", 0x8) socket$inet6_sctp(0xa, 0x1, 0x84) r2 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x4e24, 0x1ff, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2a}}, 0x6}, 0x1c) r3 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x34, 0x24, 0xd0f, 0x70bd26, 0x0, {0x60, 0x0, 0x0, r5, {}, {0xfff2, 0xa}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4}}]}, 0x34}}, 0x800) sendmmsg$inet6(r2, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 7.467499422s ago: executing program 1 (id=3002): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x4c, 0x2c, 0xd27, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r1, {0x0, 0xfff3}, {}, {0x2, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x14, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE={0x5, 0x2, 0x19}]}]}]}}]}, 0x4c}}, 0x20000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r2) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) (fail_nth: 23) 7.099763391s ago: executing program 1 (id=3004): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$rxrpc(0x21, 0x2, 0x2) listen(r1, 0x5) r2 = socket$kcm(0x2, 0x200000000000001, 0x106) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="140100000000b2000500000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) close(0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffff44}, 0x90) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x10) sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="24000000020281327ed49e1b359900000280050001008200000000000000"], 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) setsockopt$sock_attach_bpf(r2, 0x6, 0xd, &(0x7f0000000000), 0x4) sendmsg$sock(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000180)="50b115289c3b0999b3f8c3f16e6d7c9bc96939f2263351b8386209ad9849c383dc21e101718ef8210634c40eb40cbd4d113dc074201933ca1504c923d69d9cd768e8a1398cc4ca05f86795ca20cfc0f725cc414e6647cc7175429ffe89c1816fae044788fb069eb5", 0x68}, {0x0}], 0x2, &(0x7f00000002c0)}, 0x48400) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, &(0x7f00000002c0), &(0x7f0000000300)=0x4) socket$nl_route(0x10, 0x3, 0x0) bind$rxrpc(r1, &(0x7f0000000240)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e23, @remote}}, 0x24) 6.211920463s ago: executing program 3 (id=2150): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000070000000900010073797a300000000054000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000c08000340000000080800074020000031080006"], 0x128}}, 0x1b00000000000000) 2.804452589s ago: executing program 0 (id=3029): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000100)=0x1800, 0x4) getpid() r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x4040010}, 0x0) sendmsg$NL80211_CMD_DEL_INTERFACE(r2, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, 0x0, 0x2, 0x70bd2b, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0xffff, 0x69}}}}, ["", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x50}, 0x4040000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) 2.742259614s ago: executing program 0 (id=3030): socket$pppoe(0x18, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b52710aeee835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5bc6d3fd0500000022eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe326c2ed0a432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0) socket$packet(0x11, 0x3, 0x300) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r3, 0x0, &(0x7f0000000040)) sendmmsg(r2, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 2.669792849s ago: executing program 2 (id=3031): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000020000007b8a00fe0000000087080000000000007b8af0ff00000000bda100000000000027000000f8fffdffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000301850000004900000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 2.596495443s ago: executing program 0 (id=3032): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000004840)={0x64, r1, 0x731, 0x0, 0x0, {0x38}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x73}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0x64}, 0x1, 0x2}, 0x0) (async) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000004840)={0x64, r1, 0x731, 0x0, 0x0, {0x38}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x73}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0x64}, 0x1, 0x2}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000d00)=ANY=[@ANYBLOB="b70000008100003bbfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071104b00000000001d400500000000004704000001ed00000f030000000000001d440000000000006b0a00fe000000007313000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff31a8fd3c0fd8b7ff831028e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646c0200000000000000020000e35208b0bb0d2cd829e654400e2438ec649dc76128610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda82fc9c4d7ecc7a803bf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714f62ba7a54f0c33d39000d0bfed3a6a59ff616236fd8f2477184bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06fa2e04cfe0649226c697d9e8eaade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00023ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a83469620c6e74e1f46132559c4f8700a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88f15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a920099c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40fc5d2f55ff07c53147de202ce517b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661061173f359e9052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff26b61aac8aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3ba18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e26534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336dfaa6d5d164301190bc2d4c04087729033342045804a28082abc3b4762302a271722fb515f31e0dd115a292f1e68481a62c49d15ea5460a29c60b1058fb7aa9bf4ee3cbe11b03711a15d730646b72d074dab1e8c429339f3460d324c17a4a8bfc7d7eab45bef00664d6dc82300000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1e00000000000000fdfe0700c300000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) (async) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1e00000000000000fdfe0700c300000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000008000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000800085000000820000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x4}, 0x94) 2.553886343s ago: executing program 2 (id=3033): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000002c0)=@ipv6_newroute={0x30, 0x18, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0xfe, 0x3}, [@RTA_GATEWAY={0x14, 0x5, @loopback}]}, 0x30}}, 0x80) (fail_nth: 11) 2.533690837s ago: executing program 0 (id=3034): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x80, &(0x7f00000002c0)="1a000000", 0x4) r1 = socket$tipc(0x1e, 0x2, 0x0) connect$tipc(r1, &(0x7f0000003100)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x2}}, 0x10) sendmmsg$inet(r1, &(0x7f0000002f40)=[{{0x0, 0x0, &(0x7f00000016c0)}}], 0x1, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000040)=0x5d74, 0x4) setsockopt(r0, 0x84, 0x81, &(0x7f00000003c0)="1a00000002000100", 0x8) socket$inet6_sctp(0xa, 0x1, 0x84) r2 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x4e24, 0x1ff, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2a}}, 0x6}, 0x1c) r3 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x34, 0x24, 0xd0f, 0x70bd26, 0x0, {0x60, 0x0, 0x0, r5, {}, {0xfff2, 0xa}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4}}]}, 0x34}}, 0x800) sendmmsg$inet6(r2, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 2.16359006s ago: executing program 2 (id=3035): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_pressure(r0, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0) write$cgroup_pressure(r1, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xff}, 0x2f) r2 = openat$cgroup_pressure(r0, &(0x7f00000000c0)='io.pressure\x00', 0x2, 0x0) ppoll(&(0x7f0000000180)=[{r1}], 0x1, 0x0, 0x0, 0x0) write$cgroup_pressure(r2, &(0x7f0000000340)={'some', 0x20, 0x4, 0x20, 0xffffa}, 0x2f) close(r2) 1.765239329s ago: executing program 0 (id=3036): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000006c0)="0d18687da3e7f33aed145cf8ff2d1e5a18c0d5f9856f4824f41040f6987d0b531da10713ed151bc4867681f28e033aef683334d03864ed30590dd4ea64a20ecbbc1346c9f42510d91eec0632885b7da95ca85f4b1435c5c1e993a85257df5f19bdfc5e038a16e6a8aef907e347081fdb93cee93217e11f19cde423e6138bd1b79ee615527ccaf8049959ac6e32af46d777ccb8c26ca925f69590df13a81aee3213e80ba5cacf1f930b3cc49093d11594ef13325790b55efbdc2dd99ed1c3c609a49cc151", 0xc4}, {&(0x7f00000002c0)="9c811ff500139d7d28a5f0de630ec6041ed353d314e58721edf306c382ac611fe34479cb9e2585745ff3c61da74b06eb64f69a4e90d706178176dc533f123b66d04d51fb740c1efdf8db3b99ed18fb67c1f7", 0x52}], 0x2}}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000c40)="5c5eafd3ae55a73702d6befaee97f47f4be65587e1fca708cee084691e4587d887a5eaab43ac5edc4886496910cd7a153cd84b93208c7b1a625b3ea990092389b19dab4f61e30ee60a4d7e51ffc9a5accbe20844356dd0ce192542d5e58d80657b3b5fb7a3d39337df9305959f", 0x6d}, {&(0x7f0000000800)="104b0b7073fbd7f77a847bdbfdf6da474f700bf113b18d16d8380f42e296b49f1326c7d0d97be798e205654b8a885df6ee57ec7b690491c55ca484b54170549c7a72b8a579005ffcb0b309dae34571b17126534a763ca881f12d750072abc05a7cb8f0e32fc3ec3ed14c33", 0x6b}, {&(0x7f0000000900)="5c3eb8799e8565193cf737e01055d298a4", 0x11}], 0x3}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000001800)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc9e48fa101b89215bd330c4e706c1f09d781a5a50aef5e424a7a88b3241a338ca7411cda28aa167b5628b79e8a7d588efb69636181b9c54f6d296386c95f8a08e27d5", 0x104}], 0x1}}], 0x3, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, 0x0, 0x0, 0x10008095, 0x0, 0x0) 1.749508763s ago: executing program 4 (id=3037): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x800) 1.608359041s ago: executing program 4 (id=3038): socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r0) syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r2, 0x1, 0x200000010, &(0x7f0000000000)=0x7, 0x4) sendto$unix(r1, &(0x7f0000000240)="0014", 0x2, 0x4040081, 0x0, 0x0) recvfrom$unix(r2, 0x0, 0x0, 0x10102, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000}, 0x94) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r5}, 0x10) r6 = socket$phonet_pipe(0x23, 0x5, 0x2) close(r6) sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001800dd8d000000ba7e9698ed1fbfa80e00000000000200000000000005001f00000600140005000000180016801400010000000000000000"], 0x3c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000280)='contention_end\x00', r3}, 0x18) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x8, 0x3, 0x460, 0xf0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x390, 0xffffffff, 0xffffffff, 0x390, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00', {}, {}, 0x2f, 0x0, 0x3}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@local, 'nicvf0\x00', {0x3f66}}}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3d}}, [0xffffffff], [], 'wg1\x00', 'gre0\x00', {}, {0xff}}, 0x0, 0x258, 0x2a0, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x563e4515, 0x0, 0x7, 0x3fc, 0x20}}}, @common=@inet=@hashlimit3={{0x158}, {'veth0_vlan\x00', {0x3, 0x0, 0x48, 0x0, 0x15ab, 0x1000, 0x6, 0x5}}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x2, 0x5, {0x6}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x4c0) 1.222925251s ago: executing program 2 (id=3039): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000006c0)="0d18687da3e7f33aed145cf8ff2d1e5a18c0d5f9856f4824f41040f6987d0b531da10713ed151bc4867681f28e033aef683334d03864ed30590dd4ea64a20ecbbc1346c9f42510d91eec0632885b7da95ca85f4b1435c5c1e993a85257df5f19bdfc5e038a16e6a8aef907e347081fdb93cee93217e11f19cde423e6138bd1b79ee615527ccaf8049959ac6e32af46d777ccb8c26ca925f69590df13a81aee3213e80ba5cacf1f930b3cc49093d11594ef13325790b55efbdc2dd99ed1c3c609a49cc151", 0xc4}, {&(0x7f00000002c0)="9c811ff500139d7d28a5f0de630ec6041ed353d314e58721edf306c382ac611fe34479cb9e2585745ff3c61da74b06eb64f69a4e90d706178176dc533f123b66d04d51fb740c1efdf8db3b99ed18fb67c1f7", 0x52}], 0x2}}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000c40)="5c5eafd3ae55a73702d6befaee97f47f4be65587e1fca708cee084691e4587d887a5eaab43ac5edc4886496910cd7a153cd84b93208c7b1a625b3ea990092389b19dab4f61e30ee60a4d7e51ffc9a5accbe20844356dd0ce192542d5e58d80657b3b5fb7a3d39337df9305959f", 0x6d}, {&(0x7f0000000800)="104b0b7073fbd7f77a847bdbfdf6da474f700bf113b18d16d8380f42e296b49f1326c7d0d97be798e205654b8a885df6ee57ec7b690491c55ca484b54170549c7a72b8a579005ffcb0b309dae34571b17126534a763ca881f12d750072abc05a7cb8f0e32fc3ec3ed14c33", 0x6b}, {&(0x7f0000000900)="5c3eb8799e8565193cf737e01055d298a4", 0x11}], 0x3}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000001800)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc9e48fa101b89215bd330c4e706c1f09d781a5a50aef5e424a7a88b3241a338ca7411cda28aa167b5628b79e8a7d588efb69636181b9c54f6d296386c95f8a08e27d5", 0x104}], 0x1}}], 0x3, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 837.064883ms ago: executing program 0 (id=3040): socket$inet6_tcp(0xa, 0x1, 0x0) (async) socket$inet6_tcp(0xa, 0x1, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') socket$nl_route(0x10, 0x3, 0x0) (async) r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000040000000400000001"], 0x50) socket$kcm(0xa, 0xf, 0x0) socket$kcm(0x2, 0x5, 0x84) (async) socket$kcm(0x2, 0x5, 0x84) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x14) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000740)=ANY=[], 0x50}}, 0x0) (async) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000740)=ANY=[], 0x50}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) (async) socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x200, @private2={0xfc, 0x2, '\x00', 0x1}, 0x4ac2d78a}}, 0x0, 0x0, 0x3f, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x303}, "0100", "acba84f0a6731f234db1cc7f3f382ad796bd667c4000a9959087310300", "129c9707", "ec3fff9afd96e6c0"}, 0x38) (async) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x303}, "0100", "acba84f0a6731f234db1cc7f3f382ad796bd667c4000a9959087310300", "129c9707", "ec3fff9afd96e6c0"}, 0x38) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) ioctl$int_in(r3, 0x5421, &(0x7f0000000140)=0x1) (async) ioctl$int_in(r3, 0x5421, &(0x7f0000000140)=0x1) writev(r3, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1) close(0x4) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@delqdisc={0x88, 0x25, 0x10, 0x70bd06, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x5}, {0xb, 0x1}, {0xc, 0x8}}, [@TCA_STAB={0x30, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x80, 0x9, 0x1, 0x5, 0x4, 0x5}}, {0xe, 0x2, [0x2, 0xd72, 0x9, 0x1, 0x2]}}]}, @qdisc_kind_options=@q_pie={{0x8}, {0x2c, 0x2, [@TCA_PIE_TARGET={0x8, 0x1, 0x3}, @TCA_PIE_LIMIT={0x8, 0x2, 0xf}, @TCA_PIE_LIMIT={0x8, 0x2, 0x3}, @TCA_PIE_TARGET={0x8}, @TCA_PIE_TUPDATE={0x8}]}}]}, 0x88}}, 0x20000849) (async) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@delqdisc={0x88, 0x25, 0x10, 0x70bd06, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x5}, {0xb, 0x1}, {0xc, 0x8}}, [@TCA_STAB={0x30, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0x0, 0x80, 0x9, 0x1, 0x5, 0x4, 0x5}}, {0xe, 0x2, [0x2, 0xd72, 0x9, 0x1, 0x2]}}]}, @qdisc_kind_options=@q_pie={{0x8}, {0x2c, 0x2, [@TCA_PIE_TARGET={0x8, 0x1, 0x3}, @TCA_PIE_LIMIT={0x8, 0x2, 0xf}, @TCA_PIE_LIMIT={0x8, 0x2, 0x3}, @TCA_PIE_TARGET={0x8}, @TCA_PIE_TUPDATE={0x8}]}}]}, 0x88}}, 0x20000849) unshare(0x6a040000) (async) unshare(0x6a040000) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x12) sendmsg$IPVS_CMD_NEW_DAEMON(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[], 0x8}}, 0x2400c800) 648.832095ms ago: executing program 4 (id=3041): socket$pppoe(0x18, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b52710aeee835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5bc6d3fd0500000022eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe326c2ed0a432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0) socket$packet(0x11, 0x3, 0x300) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r3, 0x0, &(0x7f0000000040)) sendmmsg(r2, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 478.616943ms ago: executing program 4 (id=3042): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000020000007b8a00fe0000000087080000000000007b8af0ff00000000bda100000000000027000000f8fffdffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000102850000004900000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 444.107292ms ago: executing program 4 (id=3043): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000008b80)={&(0x7f0000008a40)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x2, [@func_proto={0x0, 0x4, 0x0, 0xd, 0x0, [{0x1, 0x3}, {0xb}, {0x0, 0x3}, {0x7, 0x1}]}]}}, 0x0, 0x46, 0x0, 0x1, 0x3}, 0x28) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000001c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x56) r3 = socket$unix(0x1, 0x1, 0x0) connect$unix(r3, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK/file0\x00'}, 0x6e) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000180)={0x2d8}, 0x10) write(r1, &(0x7f0000000000)="240000001a005f0400f9f407000904018020200000000000000000000800010000000000", 0x24) accept4$inet(r1, &(0x7f0000000040)={0x2, 0x0, @initdev}, &(0x7f00000000c0)=0x10, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup/syz1\x00', 0x200002, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0xf0b, 0x3, 0x25dfdc00, {0x60, 0x0, 0x0, 0x0, {0xfff3, 0xfff2}, {0x2, 0xfffc}, {0xfff3, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_WASH={0x8, 0xd, 0x1}, @TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x44045}, 0xc090) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000) 306.445677ms ago: executing program 2 (id=3044): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000640)=ANY=[@ANYBLOB="9feb01001800000000000000680000006800000002000000000000000000000d0a00000000000000010000060400000007000008"], &(0x7f0000000f40)=""/4089, 0x82, 0xff9, 0x5, 0x2000000}, 0x28) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000180)={0x6}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @sock_ops}, 0x94) r3 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000340)={r3}) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x10, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18080000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000580)="d8001c00180081064e81f782db44fd56170d12a0b9b545c7", 0x18}], 0x1}, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000040)={r4}) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e3, &(0x7f0000000180)={r3, r5}) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001a00010000000000000000001c000000000000000000000014", @ANYRES8=0x0, @ANYRES32=r2], 0x30}}, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_P2P_DEVICE(r1, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r6, 0x4, 0x70bd2d, 0x25dfdbfb, {{}, {@void, @void}}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x88040}, 0x400c0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) sendmsg$NL80211_CMD_TDLS_MGMT(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRESHEX=r1, @ANYBLOB="01002bbd7000fbdbdf255200000008000300", @ANYRES16=r6, @ANYRES32=r6], 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x20004000) r8 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r8, 0x10e, 0xc, &(0x7f0000000000)={0x10003, 0x0, 0xd7c4, 0xfffffff9}, 0x10) write(r8, &(0x7f00000000c0)="240000001e005f0214fffffffffffff8070000001d00000000000000050009000d000000", 0x24) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x48, 0x10, 0x401, 0x0, 0x25dfdbff, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_ARPTABLES={0x5, 0x26, 0x8}, @IFLA_BR_MULTI_BOOLOPT={0xc, 0x2e, {0x1}}]}}}]}, 0x48}}, 0x0) 460.696µs ago: executing program 4 (id=3045): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, 0x0, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) sendmmsg$inet(r0, 0x0, 0x0, 0x4880) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.time\x00', 0x26e1, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$alg(0x26, 0x5, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$inet(r5, &(0x7f0000001940)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000002540)="955232d6c924037daed352087a08237337131faef13945bfaaa58d01e5f858e96271cde18577054eb145e62abd8150646072c75137606c9eca87c894182ee54fa975990ac5f7b8f2ced1bc37588f08efcfba84054e1bf5de3ae4fe95d64222f92b12be73478c249144accca8d10df2f204b2905167cb", 0x76}, {&(0x7f00000001c0)="96607e121729ff5ba084661b14fc7202e7b510092e7dbe48", 0x18}], 0x2}}], 0x1, 0x4044805) splice(r4, 0x0, r5, 0x0, 0x8000000000025a5, 0x0) bind$alg(r3, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58) accept4(r3, 0x0, 0x0, 0x0) socket(0x2, 0x80805, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff}) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000003c0)={r2, 0x20, &(0x7f0000000380)={&(0x7f0000000300)=""/36, 0x24, 0x0, &(0x7f0000000580)=""/229, 0xe5}}, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_SET(r7, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e008000000008", @ANYRES16=r6], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 0s ago: executing program 2 (id=3046): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x80, &(0x7f00000002c0)="1a000000", 0x4) r1 = socket$tipc(0x1e, 0x2, 0x0) connect$tipc(r1, &(0x7f0000003100)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x2}}, 0x10) sendmmsg$inet(r1, &(0x7f0000002f40)=[{{0x0, 0x0, &(0x7f00000016c0)}}], 0x1, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r1, 0x10f, 0x80, &(0x7f0000000040)=0x5d74, 0x4) setsockopt(r0, 0x84, 0x81, &(0x7f00000003c0)="1a00000002000100", 0x8) socket$inet6_sctp(0xa, 0x1, 0x84) r2 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x4e24, 0x1ff, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2a}}, 0x6}, 0x1c) r3 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x34, 0x24, 0xd0f, 0x70bd26, 0x0, {0x60, 0x0, 0x0, r5, {}, {0xfff2, 0xa}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4}}]}, 0x34}}, 0x800) sendmmsg$inet6(r2, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) kernel console output (not intermixed with test programs): around+0x257/0x3e0 [ 386.610265][T15109] ? netlink_sendmsg+0x642/0xb30 [ 386.610289][T15109] ? skb_put+0x11b/0x210 [ 386.610320][T15109] netlink_sendmsg+0x6b2/0xb30 [ 386.610355][T15109] ? __pfx_netlink_sendmsg+0x10/0x10 [ 386.610384][T15109] ? aa_sock_msg_perm+0x94/0x160 [ 386.610414][T15109] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 386.610431][T15109] ? __pfx_netlink_sendmsg+0x10/0x10 [ 386.610460][T15109] __sock_sendmsg+0x219/0x270 [ 386.610486][T15109] ____sys_sendmsg+0x505/0x830 [ 386.610520][T15109] ? __pfx_____sys_sendmsg+0x10/0x10 [ 386.610559][T15109] ? import_iovec+0x74/0xa0 [ 386.610585][T15109] ___sys_sendmsg+0x21f/0x2a0 [ 386.610605][T15109] ? __pfx____sys_sendmsg+0x10/0x10 [ 386.610660][T15109] ? __fget_files+0x2a/0x420 [ 386.610685][T15109] ? __fget_files+0x3a0/0x420 [ 386.610721][T15109] __x64_sys_sendmsg+0x19b/0x260 [ 386.610741][T15109] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 386.610769][T15109] ? __pfx_ksys_write+0x10/0x10 [ 386.610789][T15109] ? rcu_is_watching+0x15/0xb0 [ 386.610816][T15109] ? do_syscall_64+0xbe/0x3b0 [ 386.610844][T15109] do_syscall_64+0xfa/0x3b0 [ 386.610867][T15109] ? lockdep_hardirqs_on+0x9c/0x150 [ 386.610890][T15109] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.610909][T15109] ? clear_bhb_loop+0x60/0xb0 [ 386.610932][T15109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.610949][T15109] RIP: 0033:0x7fe4a9f8e929 [ 386.610966][T15109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 386.610982][T15109] RSP: 002b:00007fe4aad46038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 386.611001][T15109] RAX: ffffffffffffffda RBX: 00007fe4aa1b5fa0 RCX: 00007fe4a9f8e929 [ 386.611015][T15109] RDX: 0000000004008000 RSI: 0000200000000000 RDI: 0000000000000003 [ 386.611027][T15109] RBP: 00007fe4aad46090 R08: 0000000000000000 R09: 0000000000000000 [ 386.611039][T15109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 386.611049][T15109] R13: 0000000000000000 R14: 00007fe4aa1b5fa0 R15: 00007ffe71c6cd98 [ 386.611079][T15109] [ 387.457757][T15134] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2683'. [ 387.648155][T15136] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2684'. [ 387.709934][T15138] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 387.754659][T15138] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 387.845232][ T7662] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.909234][T15138] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 388.001416][T15138] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 388.092623][ T7647] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 388.113640][ T7647] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 388.127333][ T7647] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 388.145025][ T7643] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 389.251439][ T7662] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.317124][T15160] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2688'. [ 389.339120][T15156] openvswitch: netlink: Duplicate or invalid key (type 0). [ 389.351015][T15156] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 389.389653][T15164] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2693'. [ 389.557743][ T7662] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.711288][ T7662] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.748309][ T5848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 389.759054][ T5848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 389.768407][T15167] openvswitch: netlink: Duplicate or invalid key (type 0). [ 389.776372][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 389.796575][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 389.797689][T15167] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 389.824075][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 389.915102][T15168] lo speed is unknown, defaulting to 1000 [ 389.940451][ T7662] bridge_slave_1: left allmulticast mode [ 389.946192][ T7662] bridge_slave_1: left promiscuous mode [ 389.966380][ T7662] bridge0: port 2(bridge_slave_1) entered disabled state [ 390.077565][ T7662] bridge_slave_0: left allmulticast mode [ 390.099039][ T7662] bridge_slave_0: left promiscuous mode [ 390.119836][ T7662] bridge0: port 1(bridge_slave_0) entered disabled state [ 390.742212][ T7662] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 390.754953][ T7662] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 390.772625][ T7662] bond0 (unregistering): Released all slaves [ 391.027864][T15191] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 48747 - 0 [ 391.043017][T15191] netdevsim netdevsim4 eth3 (unregistering): unset [1, 1] type 2 family 0 port 44350 - 0 [ 391.053859][T15191] netdevsim netdevsim4 eth3 (unregistering): unset [1, 2] type 2 family 0 port 6081 - 0 [ 391.156538][T15191] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 48747 - 0 [ 391.171124][T15191] netdevsim netdevsim4 eth2 (unregistering): unset [1, 1] type 2 family 0 port 44350 - 0 [ 391.181256][T15191] netdevsim netdevsim4 eth2 (unregistering): unset [1, 2] type 2 family 0 port 6081 - 0 [ 391.195494][T15198] batadv_slave_0: entered promiscuous mode [ 391.294633][T15191] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 48747 - 0 [ 391.309667][T15191] netdevsim netdevsim4 eth1 (unregistering): unset [1, 1] type 2 family 0 port 44350 - 0 [ 391.319804][T15191] netdevsim netdevsim4 eth1 (unregistering): unset [1, 2] type 2 family 0 port 6081 - 0 [ 391.363600][T15202] FAULT_INJECTION: forcing a failure. [ 391.363600][T15202] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 391.392653][T15202] CPU: 0 UID: 0 PID: 15202 Comm: syz.2.2702 Not tainted 6.16.0-rc4-syzkaller-01070-gd23647fd547b #0 PREEMPT(full) [ 391.392683][T15202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 391.392696][T15202] Call Trace: [ 391.392705][T15202] [ 391.392714][T15202] dump_stack_lvl+0x189/0x250 [ 391.392745][T15202] ? __pfx____ratelimit+0x10/0x10 [ 391.392772][T15202] ? __pfx_dump_stack_lvl+0x10/0x10 [ 391.392798][T15202] ? __pfx__printk+0x10/0x10 [ 391.392828][T15202] ? __might_fault+0xb0/0x130 [ 391.392868][T15202] should_fail_ex+0x414/0x560 [ 391.392924][T15202] _copy_from_user+0x2d/0xb0 [ 391.392953][T15202] restore_altstack+0x9d/0x4b0 [ 391.392988][T15202] ? freezing_slow_path+0x10d/0x150 [ 391.393020][T15202] ? __pfx_restore_altstack+0x10/0x10 [ 391.393059][T15202] ? _raw_spin_unlock_irq+0x23/0x50 [ 391.393085][T15202] ? lockdep_hardirqs_on+0x9c/0x150 [ 391.393121][T15202] __ia32_sys_rt_sigreturn+0x1ac/0x7b0 [ 391.393148][T15202] ? lockdep_hardirqs_on+0x9c/0x150 [ 391.393177][T15202] ? __pfx___ia32_sys_rt_sigreturn+0x10/0x10 [ 391.393197][T15202] ? _raw_spin_unlock_irq+0x2e/0x50 [ 391.393221][T15202] ? signal_setup_done+0x230/0x310 [ 391.393252][T15202] ? __lock_acquire+0xab9/0xd20 [ 391.393300][T15202] ? __task_pid_nr_ns+0x28/0x470 [ 391.393339][T15202] ? do_syscall_64+0xbe/0x3b0 [ 391.393374][T15202] do_syscall_64+0xfa/0x3b0 [ 391.393402][T15202] ? lockdep_hardirqs_on+0x9c/0x150 [ 391.393429][T15202] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 391.393451][T15202] ? clear_bhb_loop+0x60/0xb0 [ 391.393479][T15202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 391.393500][T15202] RIP: 0033:0x7f3dac92ab19 [ 391.393520][T15202] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 391.393538][T15202] RSP: 002b:00007f3dad820a80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f [ 391.393561][T15202] RAX: ffffffffffffffda RBX: 00007f3dacbb5fa0 RCX: 00007f3dac92ab19 [ 391.393577][T15202] RDX: 00007f3dad820a80 RSI: 00007f3dad820bb0 RDI: 0000000000000021 [ 391.393592][T15202] RBP: 00007f3dad821090 R08: 0000000000000000 R09: 0000000000000000 [ 391.393613][T15202] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 391.393626][T15202] R13: 0000000000000000 R14: 00007f3dacbb5fa0 R15: 00007ffe82f43738 [ 391.393661][T15202] [ 391.641773][T15191] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 48747 - 0 [ 391.659653][T15191] netdevsim netdevsim4 eth0 (unregistering): unset [1, 1] type 2 family 0 port 44350 - 0 [ 391.679675][T15191] netdevsim netdevsim4 eth0 (unregistering): unset [1, 2] type 2 family 0 port 6081 - 0 [ 391.805289][ T7662] hsr_slave_0: left promiscuous mode [ 391.816253][ T7662] hsr_slave_1: left promiscuous mode [ 391.829290][ T7662] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 391.836971][ T7662] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 391.852246][ T7662] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 391.860715][ T5848] Bluetooth: hci1: command tx timeout [ 391.871333][ T7662] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 391.895457][T15216] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 391.909461][T15217] openvswitch: netlink: Duplicate or invalid key (type 0). [ 391.933102][ T7662] veth1_macvtap: left promiscuous mode [ 391.934958][T15217] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 392.010300][ T7662] veth0_macvtap: left promiscuous mode [ 392.015993][ T7662] veth1_vlan: left promiscuous mode [ 392.047587][ T7662] veth0_vlan: left promiscuous mode [ 392.695788][ T7662] team0 (unregistering): Port device team_slave_1 removed [ 392.728676][ T7662] team0 (unregistering): Port device team_slave_0 removed [ 392.785617][T15223] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2707'. [ 392.797844][T15223] netlink: 'syz.2.2707': attribute type 7 has an invalid length. [ 392.809661][T15223] netlink: 'syz.2.2707': attribute type 8 has an invalid length. [ 392.822548][T15223] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2707'. [ 393.208069][T15168] chnl_net:caif_netlink_parms(): no params data found [ 393.225487][T15226] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2708'. [ 393.235076][T15226] netlink: 'syz.0.2708': attribute type 7 has an invalid length. [ 393.264388][T15226] netlink: 'syz.0.2708': attribute type 8 has an invalid length. [ 393.264906][ T7643] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 48747 - 0 [ 393.281724][ T7643] netdevsim netdevsim4 eth0: set [1, 1] type 2 family 0 port 44350 - 0 [ 393.290059][ T7643] netdevsim netdevsim4 eth0: set [1, 2] type 2 family 0 port 6081 - 0 [ 393.296472][T15226] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2708'. [ 393.437270][ T7643] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 48747 - 0 [ 393.452405][ T7643] netdevsim netdevsim4 eth1: set [1, 1] type 2 family 0 port 44350 - 0 [ 393.466330][ T7643] netdevsim netdevsim4 eth1: set [1, 2] type 2 family 0 port 6081 - 0 [ 393.489085][ T7643] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 48747 - 0 [ 393.498484][ T7643] netdevsim netdevsim4 eth2: set [1, 1] type 2 family 0 port 44350 - 0 [ 393.518238][ T7643] netdevsim netdevsim4 eth2: set [1, 2] type 2 family 0 port 6081 - 0 [ 393.531427][ T7643] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 48747 - 0 [ 393.549547][ T7643] netdevsim netdevsim4 eth3: set [1, 1] type 2 family 0 port 44350 - 0 [ 393.558024][ T7643] netdevsim netdevsim4 eth3: set [1, 2] type 2 family 0 port 6081 - 0 [ 393.746844][T15168] bridge0: port 1(bridge_slave_0) entered blocking state [ 393.771706][T15168] bridge0: port 1(bridge_slave_0) entered disabled state [ 393.790241][T15168] bridge_slave_0: entered allmulticast mode [ 393.821867][T15168] bridge_slave_0: entered promiscuous mode [ 393.873250][T15168] bridge0: port 2(bridge_slave_1) entered blocking state [ 393.896680][T15168] bridge0: port 2(bridge_slave_1) entered disabled state [ 393.913859][T15168] bridge_slave_1: entered allmulticast mode [ 393.929923][T15247] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2713'. [ 393.937249][T15168] bridge_slave_1: entered promiscuous mode [ 393.946475][ T5848] Bluetooth: hci1: command tx timeout [ 393.988225][T15247] batadv2: entered promiscuous mode [ 394.037725][T15247] batadv2: entered allmulticast mode [ 394.180289][T15247] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2713'. [ 394.283690][T15168] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 394.328689][T15168] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 394.541142][T15168] team0: Port device team_slave_0 added [ 394.552345][T15168] team0: Port device team_slave_1 added [ 394.644865][T15168] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 394.653379][T15268] openvswitch: netlink: Duplicate or invalid key (type 0). [ 394.661087][T15268] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 394.673561][T15168] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 394.702976][T15168] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 394.736092][T15168] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 394.764203][T15168] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 394.837336][T15168] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 394.877320][T15285] netlink: 'syz.4.2721': attribute type 13 has an invalid length. [ 394.886788][T15285] netlink: 'syz.4.2721': attribute type 17 has an invalid length. [ 394.907177][T15270] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.2722'. [ 394.981602][T15285] gretap0: left promiscuous mode [ 394.985058][T15275] netlink: 'syz.2.2722': attribute type 10 has an invalid length. [ 394.996806][T15275] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2722'. [ 395.082473][T15285] bridge0: port 2(bridge_slave_1) entered blocking state [ 395.089742][T15285] bridge0: port 2(bridge_slave_1) entered forwarding state [ 395.097250][T15285] bridge0: port 1(bridge_slave_0) entered blocking state [ 395.104513][T15285] bridge0: port 1(bridge_slave_0) entered forwarding state [ 395.135369][T15285] 8021q: adding VLAN 0 to HW filter on device bond0 [ 395.212646][T15288] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 395.252263][T15285] bridge0: port 3(team0) entered blocking state [ 395.258641][T15285] bridge0: port 3(team0) entered forwarding state [ 395.265785][T15285] 8021q: adding VLAN 0 to HW filter on device team0 [ 395.275958][T15285] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 395.286303][T15288] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 395.345909][T15275] batman_adv: batadv0: Adding interface: virt_wifi0 [ 395.352867][T15275] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. If you experience problems getting traffic through try increasing the MTU to 1560. [ 395.389996][T15275] batman_adv: batadv0: Interface activated: virt_wifi0 [ 395.450041][T15285] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 395.515024][T15168] hsr_slave_0: entered promiscuous mode [ 395.527236][T15168] hsr_slave_1: entered promiscuous mode [ 395.535731][T15168] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 395.549817][T15168] Cannot create hsr debugfs directory [ 395.556538][T15270] lo speed is unknown, defaulting to 1000 [ 395.568453][T15291] FAULT_INJECTION: forcing a failure. [ 395.568453][T15291] name failslab, interval 1, probability 0, space 0, times 0 [ 395.584052][T15291] CPU: 0 UID: 0 PID: 15291 Comm: syz.1.2724 Not tainted 6.16.0-rc4-syzkaller-01070-gd23647fd547b #0 PREEMPT(full) [ 395.584082][T15291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 395.584096][T15291] Call Trace: [ 395.584104][T15291] [ 395.584114][T15291] dump_stack_lvl+0x189/0x250 [ 395.584145][T15291] ? __pfx____ratelimit+0x10/0x10 [ 395.584174][T15291] ? __pfx_dump_stack_lvl+0x10/0x10 [ 395.584201][T15291] ? __pfx__printk+0x10/0x10 [ 395.584239][T15291] ? ref_tracker_alloc+0x318/0x460 [ 395.584264][T15291] should_fail_ex+0x414/0x560 [ 395.584313][T15291] should_failslab+0xa8/0x100 [ 395.584354][T15291] kmem_cache_alloc_noprof+0x73/0x3c0 [ 395.584376][T15291] ? skb_clone+0x212/0x3a0 [ 395.584399][T15291] skb_clone+0x212/0x3a0 [ 395.584422][T15291] __netlink_deliver_tap+0x404/0x850 [ 395.584460][T15291] ? netlink_deliver_tap+0x2e/0x1b0 [ 395.584494][T15291] netlink_deliver_tap+0x19c/0x1b0 [ 395.584520][T15291] netlink_unicast+0x72f/0x8d0 [ 395.584554][T15291] netlink_sendmsg+0x805/0xb30 [ 395.584590][T15291] ? __pfx_netlink_sendmsg+0x10/0x10 [ 395.584619][T15291] ? aa_sock_msg_perm+0x94/0x160 [ 395.584649][T15291] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 395.584666][T15291] ? __pfx_netlink_sendmsg+0x10/0x10 [ 395.584693][T15291] __sock_sendmsg+0x219/0x270 [ 395.584719][T15291] ____sys_sendmsg+0x505/0x830 [ 395.584754][T15291] ? __pfx_____sys_sendmsg+0x10/0x10 [ 395.584793][T15291] ? import_iovec+0x74/0xa0 [ 395.584820][T15291] ___sys_sendmsg+0x21f/0x2a0 [ 395.584840][T15291] ? __pfx____sys_sendmsg+0x10/0x10 [ 395.584895][T15291] ? __fget_files+0x2a/0x420 [ 395.584920][T15291] ? __fget_files+0x3a0/0x420 [ 395.584956][T15291] __x64_sys_sendmsg+0x19b/0x260 [ 395.584977][T15291] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 395.585004][T15291] ? __pfx_ksys_write+0x10/0x10 [ 395.585024][T15291] ? rcu_is_watching+0x15/0xb0 [ 395.585052][T15291] ? do_syscall_64+0xbe/0x3b0 [ 395.585082][T15291] do_syscall_64+0xfa/0x3b0 [ 395.585104][T15291] ? lockdep_hardirqs_on+0x9c/0x150 [ 395.585128][T15291] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 395.585147][T15291] ? clear_bhb_loop+0x60/0xb0 [ 395.585170][T15291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 395.585188][T15291] RIP: 0033:0x7fdc4f78e929 [ 395.585204][T15291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 395.585221][T15291] RSP: 002b:00007fdc50627038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 395.585240][T15291] RAX: ffffffffffffffda RBX: 00007fdc4f9b5fa0 RCX: 00007fdc4f78e929 [ 395.585254][T15291] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000004 [ 395.585265][T15291] RBP: 00007fdc50627090 R08: 0000000000000000 R09: 0000000000000000 [ 395.585276][T15291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 395.585287][T15291] R13: 0000000000000000 R14: 00007fdc4f9b5fa0 R15: 00007ffca51a3e68 [ 395.585317][T15291] [ 395.959666][T15273] lo speed is unknown, defaulting to 1000 [ 396.024158][ T51] Bluetooth: hci1: command tx timeout [ 396.256025][T15300] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2727'. [ 396.969214][T15321] openvswitch: netlink: Duplicate or invalid key (type 0). [ 396.977668][T15321] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 397.183326][T15168] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 397.206895][T15168] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 397.245433][T15168] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 397.271627][T15168] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 397.449023][T15168] 8021q: adding VLAN 0 to HW filter on device bond0 [ 397.493946][T15338] FAULT_INJECTION: forcing a failure. [ 397.493946][T15338] name failslab, interval 1, probability 0, space 0, times 0 [ 397.548248][T15338] CPU: 1 UID: 0 PID: 15338 Comm: syz.0.2737 Not tainted 6.16.0-rc4-syzkaller-01070-gd23647fd547b #0 PREEMPT(full) [ 397.548275][T15338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 397.548288][T15338] Call Trace: [ 397.548295][T15338] [ 397.548303][T15338] dump_stack_lvl+0x189/0x250 [ 397.548331][T15338] ? __pfx____ratelimit+0x10/0x10 [ 397.548356][T15338] ? __pfx_dump_stack_lvl+0x10/0x10 [ 397.548378][T15338] ? __pfx__printk+0x10/0x10 [ 397.548410][T15338] ? __pfx___might_resched+0x10/0x10 [ 397.548440][T15338] should_fail_ex+0x414/0x560 [ 397.548473][T15338] should_failslab+0xa8/0x100 [ 397.548499][T15338] __kmalloc_cache_noprof+0x70/0x3d0 [ 397.548523][T15338] ? tcf_proto_create+0x65/0x330 [ 397.548546][T15338] tcf_proto_create+0x65/0x330 [ 397.548570][T15338] tc_new_tfilter+0x11aa/0x15b0 [ 397.548626][T15338] ? __pfx_tc_new_tfilter+0x10/0x10 [ 397.548690][T15338] ? __pfx_tc_new_tfilter+0x10/0x10 [ 397.548719][T15338] rtnetlink_rcv_msg+0x7cc/0xb70 [ 397.548749][T15338] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 397.548773][T15338] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 397.548817][T15338] netlink_rcv_skb+0x205/0x470 [ 397.548843][T15338] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 397.548871][T15338] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 397.548910][T15338] ? netlink_deliver_tap+0x2e/0x1b0 [ 397.548935][T15338] ? netlink_deliver_tap+0x2e/0x1b0 [ 397.548966][T15338] netlink_unicast+0x758/0x8d0 [ 397.549001][T15338] netlink_sendmsg+0x805/0xb30 [ 397.549038][T15338] ? __pfx_netlink_sendmsg+0x10/0x10 [ 397.549074][T15338] ? aa_sock_msg_perm+0x94/0x160 [ 397.549105][T15338] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 397.549122][T15338] ? __pfx_netlink_sendmsg+0x10/0x10 [ 397.549149][T15338] __sock_sendmsg+0x219/0x270 [ 397.549176][T15338] ____sys_sendmsg+0x505/0x830 [ 397.549212][T15338] ? __pfx_____sys_sendmsg+0x10/0x10 [ 397.549251][T15338] ? import_iovec+0x74/0xa0 [ 397.549279][T15338] ___sys_sendmsg+0x21f/0x2a0 [ 397.549299][T15338] ? __pfx____sys_sendmsg+0x10/0x10 [ 397.549354][T15338] ? __fget_files+0x2a/0x420 [ 397.549380][T15338] ? __fget_files+0x3a0/0x420 [ 397.549417][T15338] __x64_sys_sendmsg+0x19b/0x260 [ 397.549437][T15338] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 397.549465][T15338] ? __pfx_ksys_write+0x10/0x10 [ 397.549485][T15338] ? rcu_is_watching+0x15/0xb0 [ 397.549512][T15338] ? do_syscall_64+0xbe/0x3b0 [ 397.549542][T15338] do_syscall_64+0xfa/0x3b0 [ 397.549565][T15338] ? lockdep_hardirqs_on+0x9c/0x150 [ 397.549589][T15338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.549607][T15338] ? clear_bhb_loop+0x60/0xb0 [ 397.549631][T15338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.549648][T15338] RIP: 0033:0x7fe4a9f8e929 [ 397.549665][T15338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 397.549681][T15338] RSP: 002b:00007fe4aad46038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 397.549702][T15338] RAX: ffffffffffffffda RBX: 00007fe4aa1b5fa0 RCX: 00007fe4a9f8e929 [ 397.549715][T15338] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000004 [ 397.549727][T15338] RBP: 00007fe4aad46090 R08: 0000000000000000 R09: 0000000000000000 [ 397.549739][T15338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 397.549750][T15338] R13: 0000000000000000 R14: 00007fe4aa1b5fa0 R15: 00007ffe71c6cd98 [ 397.549780][T15338] [ 397.924213][T15342] FAULT_INJECTION: forcing a failure. [ 397.924213][T15342] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 397.944087][T15342] CPU: 0 UID: 0 PID: 15342 Comm: syz.4.2738 Not tainted 6.16.0-rc4-syzkaller-01070-gd23647fd547b #0 PREEMPT(full) [ 397.944118][T15342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 397.944133][T15342] Call Trace: [ 397.944141][T15342] [ 397.944150][T15342] dump_stack_lvl+0x189/0x250 [ 397.944182][T15342] ? __pfx____ratelimit+0x10/0x10 [ 397.944212][T15342] ? __pfx_dump_stack_lvl+0x10/0x10 [ 397.944239][T15342] ? __pfx__printk+0x10/0x10 [ 397.944299][T15342] should_fail_ex+0x414/0x560 [ 397.944337][T15342] _copy_to_user+0x31/0xb0 [ 397.944376][T15342] bpf_test_finish+0x1ab/0x700 [ 397.944408][T15342] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 397.944436][T15342] ? __pfx_bpf_test_finish+0x10/0x10 [ 397.944467][T15342] ? bpf_test_init+0x133/0x170 [ 397.944494][T15342] bpf_prog_test_run_xdp+0x79a/0x1000 [ 397.944537][T15342] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 397.944569][T15342] ? __fget_files+0x2a/0x420 [ 397.944601][T15342] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 397.944628][T15342] bpf_prog_test_run+0x2c4/0x340 [ 397.944652][T15342] __sys_bpf+0x4a4/0x860 [ 397.944672][T15342] ? __pfx___sys_bpf+0x10/0x10 [ 397.944704][T15342] ? ksys_write+0x22a/0x250 [ 397.944729][T15342] ? __pfx_ksys_write+0x10/0x10 [ 397.944749][T15342] ? rcu_is_watching+0x15/0xb0 [ 397.944778][T15342] __x64_sys_bpf+0x7c/0x90 [ 397.944807][T15342] do_syscall_64+0xfa/0x3b0 [ 397.944831][T15342] ? lockdep_hardirqs_on+0x9c/0x150 [ 397.944854][T15342] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.944874][T15342] ? clear_bhb_loop+0x60/0xb0 [ 397.944897][T15342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.944915][T15342] RIP: 0033:0x7fce9bb8e929 [ 397.944931][T15342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 397.944948][T15342] RSP: 002b:00007fce999f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 397.944967][T15342] RAX: ffffffffffffffda RBX: 00007fce9bdb5fa0 RCX: 00007fce9bb8e929 [ 397.944981][T15342] RDX: 0000000000000050 RSI: 0000200000000640 RDI: 000000000000000a [ 397.944993][T15342] RBP: 00007fce999f6090 R08: 0000000000000000 R09: 0000000000000000 [ 397.945004][T15342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 397.945015][T15342] R13: 0000000000000000 R14: 00007fce9bdb5fa0 R15: 00007ffdba492348 [ 397.945051][T15342] [ 398.199862][ T51] Bluetooth: hci1: command 0x0419 tx timeout [ 398.255113][T15344] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2739'. [ 398.315054][T15168] 8021q: adding VLAN 0 to HW filter on device team0 [ 398.384956][ T7661] bridge0: port 1(bridge_slave_0) entered blocking state [ 398.392144][ T7661] bridge0: port 1(bridge_slave_0) entered forwarding state [ 398.429392][ T7658] bridge0: port 2(bridge_slave_1) entered blocking state [ 398.436596][ T7658] bridge0: port 2(bridge_slave_1) entered forwarding state [ 398.580934][T15355] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2743'. [ 398.620106][T15355] batadv1: entered promiscuous mode [ 398.635876][T15355] batadv1: entered allmulticast mode [ 398.828202][T15362] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2743'. [ 398.973831][T15168] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 399.108321][T15168] veth0_vlan: entered promiscuous mode [ 399.132860][T15168] veth1_vlan: entered promiscuous mode [ 399.202031][T15168] veth0_macvtap: entered promiscuous mode [ 399.213709][T15367] sock: sock_timestamping_bind_phc: sock not bind to device [ 399.242517][T15168] veth1_macvtap: entered promiscuous mode [ 399.295739][T15168] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 399.354110][T15168] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 399.384691][ T7643] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.403003][ T7643] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.440562][ T7643] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.461144][ T7643] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.737209][ T7648] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 399.772957][ T7648] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 399.847929][ T7648] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 399.862381][ T7648] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 399.885219][T15389] FAULT_INJECTION: forcing a failure. [ 399.885219][T15389] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 399.900349][T15389] CPU: 1 UID: 0 PID: 15389 Comm: syz.4.2751 Not tainted 6.16.0-rc4-syzkaller-01070-gd23647fd547b #0 PREEMPT(full) [ 399.900375][T15389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 399.900386][T15389] Call Trace: [ 399.900392][T15389] [ 399.900399][T15389] dump_stack_lvl+0x189/0x250 [ 399.900421][T15389] ? __pfx____ratelimit+0x10/0x10 [ 399.900441][T15389] ? __pfx_dump_stack_lvl+0x10/0x10 [ 399.900458][T15389] ? __pfx__printk+0x10/0x10 [ 399.900488][T15389] should_fail_ex+0x414/0x560 [ 399.900514][T15389] _copy_to_user+0x31/0xb0 [ 399.900533][T15389] bpf_test_finish+0x24e/0x700 [ 399.900565][T15389] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 399.900587][T15389] ? __pfx_bpf_test_finish+0x10/0x10 [ 399.900611][T15389] ? bpf_test_init+0x133/0x170 [ 399.900631][T15389] bpf_prog_test_run_xdp+0x79a/0x1000 [ 399.900664][T15389] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 399.900687][T15389] ? __fget_files+0x2a/0x420 [ 399.900712][T15389] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 399.900733][T15389] bpf_prog_test_run+0x2c4/0x340 [ 399.900752][T15389] __sys_bpf+0x4a4/0x860 [ 399.900767][T15389] ? __pfx___sys_bpf+0x10/0x10 [ 399.900791][T15389] ? ksys_write+0x22a/0x250 [ 399.900811][T15389] ? __pfx_ksys_write+0x10/0x10 [ 399.900826][T15389] ? rcu_is_watching+0x15/0xb0 [ 399.900849][T15389] __x64_sys_bpf+0x7c/0x90 [ 399.900871][T15389] do_syscall_64+0xfa/0x3b0 [ 399.900890][T15389] ? lockdep_hardirqs_on+0x9c/0x150 [ 399.900909][T15389] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.900923][T15389] ? clear_bhb_loop+0x60/0xb0 [ 399.900941][T15389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.900956][T15389] RIP: 0033:0x7fce9bb8e929 [ 399.900970][T15389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 399.900983][T15389] RSP: 002b:00007fce999f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 399.901016][T15389] RAX: ffffffffffffffda RBX: 00007fce9bdb5fa0 RCX: 00007fce9bb8e929 [ 399.901028][T15389] RDX: 0000000000000050 RSI: 0000200000000640 RDI: 000000000000000a [ 399.901038][T15389] RBP: 00007fce999f6090 R08: 0000000000000000 R09: 0000000000000000 [ 399.901047][T15389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 399.901056][T15389] R13: 0000000000000000 R14: 00007fce9bdb5fa0 R15: 00007ffdba492348 [ 399.901081][T15389] [ 400.258310][T15393] FAULT_INJECTION: forcing a failure. [ 400.258310][T15393] name failslab, interval 1, probability 0, space 0, times 0 [ 400.278166][ T5848] Bluetooth: hci1: command 0x0419 tx timeout [ 400.284575][T15393] CPU: 0 UID: 0 PID: 15393 Comm: syz.1.2753 Not tainted 6.16.0-rc4-syzkaller-01070-gd23647fd547b #0 PREEMPT(full) [ 400.284602][T15393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 400.284613][T15393] Call Trace: [ 400.284621][T15393] [ 400.284629][T15393] dump_stack_lvl+0x189/0x250 [ 400.284652][T15393] ? __pfx____ratelimit+0x10/0x10 [ 400.284671][T15393] ? __pfx_dump_stack_lvl+0x10/0x10 [ 400.284687][T15393] ? __pfx__printk+0x10/0x10 [ 400.284710][T15393] ? __pfx___might_resched+0x10/0x10 [ 400.284729][T15393] should_fail_ex+0x414/0x560 [ 400.284753][T15393] should_failslab+0xa8/0x100 [ 400.284773][T15393] __kmalloc_cache_noprof+0x70/0x3d0 [ 400.284791][T15393] ? tcf_proto_create+0x65/0x330 [ 400.284807][T15393] tcf_proto_create+0x65/0x330 [ 400.284830][T15393] tc_new_tfilter+0x11aa/0x15b0 [ 400.284869][T15393] ? __pfx_tc_new_tfilter+0x10/0x10 [ 400.284914][T15393] ? __pfx_tc_new_tfilter+0x10/0x10 [ 400.284933][T15393] rtnetlink_rcv_msg+0x7cc/0xb70 [ 400.284955][T15393] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 400.284972][T15393] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 400.284988][T15393] ? ref_tracker_free+0x63a/0x7d0 [ 400.284999][T15393] ? __copy_skb_header+0xa7/0x550 [ 400.285013][T15393] ? __pfx_ref_tracker_free+0x10/0x10 [ 400.285033][T15393] netlink_rcv_skb+0x205/0x470 [ 400.285052][T15393] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 400.285072][T15393] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 400.285100][T15393] ? netlink_deliver_tap+0x2e/0x1b0 [ 400.285117][T15393] ? netlink_deliver_tap+0x2e/0x1b0 [ 400.285139][T15393] netlink_unicast+0x758/0x8d0 [ 400.285163][T15393] netlink_sendmsg+0x805/0xb30 [ 400.285188][T15393] ? __pfx_netlink_sendmsg+0x10/0x10 [ 400.285209][T15393] ? aa_sock_msg_perm+0x94/0x160 [ 400.285230][T15393] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 400.285242][T15393] ? __pfx_netlink_sendmsg+0x10/0x10 [ 400.285261][T15393] __sock_sendmsg+0x219/0x270 [ 400.285279][T15393] ____sys_sendmsg+0x505/0x830 [ 400.285304][T15393] ? __pfx_____sys_sendmsg+0x10/0x10 [ 400.285332][T15393] ? import_iovec+0x74/0xa0 [ 400.285350][T15393] ___sys_sendmsg+0x21f/0x2a0 [ 400.285364][T15393] ? __pfx____sys_sendmsg+0x10/0x10 [ 400.285403][T15393] ? __fget_files+0x2a/0x420 [ 400.285421][T15393] ? __fget_files+0x3a0/0x420 [ 400.285446][T15393] __x64_sys_sendmsg+0x19b/0x260 [ 400.285460][T15393] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 400.285480][T15393] ? __pfx_ksys_write+0x10/0x10 [ 400.285494][T15393] ? rcu_is_watching+0x15/0xb0 [ 400.285514][T15393] ? do_syscall_64+0xbe/0x3b0 [ 400.285534][T15393] do_syscall_64+0xfa/0x3b0 [ 400.285550][T15393] ? lockdep_hardirqs_on+0x9c/0x150 [ 400.285567][T15393] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.285580][T15393] ? clear_bhb_loop+0x60/0xb0 [ 400.285596][T15393] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.285609][T15393] RIP: 0033:0x7fdc4f78e929 [ 400.285621][T15393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 400.285633][T15393] RSP: 002b:00007fdc50627038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 400.285647][T15393] RAX: ffffffffffffffda RBX: 00007fdc4f9b5fa0 RCX: 00007fdc4f78e929 [ 400.285657][T15393] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000004 [ 400.285666][T15393] RBP: 00007fdc50627090 R08: 0000000000000000 R09: 0000000000000000 [ 400.285674][T15393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 400.285682][T15393] R13: 0000000000000000 R14: 00007fdc4f9b5fa0 R15: 00007ffca51a3e68 [ 400.285703][T15393] [ 400.702688][T15399] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2756'. [ 400.758115][T15399] batadv2: entered promiscuous mode [ 400.786526][T15399] batadv2: entered allmulticast mode [ 400.923297][T15399] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2756'. [ 401.209834][T15418] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2759'. [ 401.280617][T15420] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2761'. [ 401.294473][T15420] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2761'. [ 401.305064][T15420] netlink: 'syz.4.2761': attribute type 18 has an invalid length. [ 401.922451][T15430] lo speed is unknown, defaulting to 1000 [ 402.108512][T15439] syzkaller0: entered promiscuous mode [ 402.117526][T15439] syzkaller0: entered allmulticast mode [ 403.556147][T15442] tipc: Enabled bearer , priority 0 [ 403.563362][T15446] syzkaller0: entered promiscuous mode [ 403.568937][T15446] syzkaller0: entered allmulticast mode [ 403.617926][ T7648] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 403.685493][T15441] tipc: Resetting bearer [ 403.732654][T15441] tipc: Disabling bearer [ 403.788809][T15453] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 403.919241][ T7648] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 403.957515][T15453] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.031457][ T7648] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.064334][T15453] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.089069][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 404.098074][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 404.107247][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 404.116385][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 404.124717][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 404.161707][ T7648] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.177898][T15466] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2776'. [ 404.226641][T15453] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.499306][T15462] lo speed is unknown, defaulting to 1000 [ 404.679386][ T7643] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.731363][T15476] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2778'. [ 404.769268][ T7658] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.820763][ T7648] bridge_slave_1: left allmulticast mode [ 404.826440][ T7648] bridge_slave_1: left promiscuous mode [ 404.851368][ T7648] bridge0: port 2(bridge_slave_1) entered disabled state [ 404.948195][ T7648] bridge_slave_0: left allmulticast mode [ 404.962436][ T7648] bridge_slave_0: left promiscuous mode [ 404.973851][ T7648] bridge0: port 1(bridge_slave_0) entered disabled state [ 405.538806][ T7648] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 405.557415][ T7648] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 405.569402][ T7648] bond0 (unregistering): Released all slaves [ 405.616819][ T7658] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 405.661469][ T7658] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 405.802342][T15484] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 406.259632][ T5848] Bluetooth: hci1: command tx timeout [ 406.306377][T15462] chnl_net:caif_netlink_parms(): no params data found [ 406.384654][T15501] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2787'. [ 406.429117][ T7648] hsr_slave_0: left promiscuous mode [ 406.439247][ T7648] hsr_slave_1: left promiscuous mode [ 406.445265][ T7648] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 406.452766][ T7648] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 406.461720][ T7648] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 406.469125][ T7648] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 406.494900][ T7648] veth1_macvtap: left promiscuous mode [ 406.500808][ T7648] veth0_macvtap: left promiscuous mode [ 406.506383][ T7648] veth1_vlan: left promiscuous mode [ 406.512006][ T7648] veth0_vlan: left promiscuous mode [ 406.956737][T15517] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 407.171315][ T7648] team0 (unregistering): Port device team_slave_1 removed [ 407.217222][ T7648] team0 (unregistering): Port device team_slave_0 removed [ 407.682210][T15462] bridge0: port 1(bridge_slave_0) entered blocking state [ 407.698150][T15462] bridge0: port 1(bridge_slave_0) entered disabled state [ 407.706502][T15462] bridge_slave_0: entered allmulticast mode [ 407.721215][T15462] bridge_slave_0: entered promiscuous mode [ 407.735267][T15503] lo speed is unknown, defaulting to 1000 [ 407.746237][T15462] bridge0: port 2(bridge_slave_1) entered blocking state [ 407.768662][T15462] bridge0: port 2(bridge_slave_1) entered disabled state [ 407.796713][T15462] bridge_slave_1: entered allmulticast mode [ 407.819346][T15462] bridge_slave_1: entered promiscuous mode [ 407.890991][T15528] tipc: Enabled bearer , priority 0 [ 408.011283][T15462] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 408.031058][T15528] tipc: Resetting bearer [ 408.051747][T15521] tipc: Disabling bearer [ 408.112547][T15462] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 408.267492][T15462] team0: Port device team_slave_0 added [ 408.293666][T15462] team0: Port device team_slave_1 added [ 408.340423][ T5848] Bluetooth: hci1: command tx timeout [ 408.391125][T15548] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 408.417786][T15548] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2801'. [ 408.468874][T15462] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 408.489585][T15462] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 408.542413][T15462] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 408.572575][T15462] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 408.590123][T15462] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 408.622279][T15462] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 408.773974][T15462] hsr_slave_0: entered promiscuous mode [ 408.785020][T15462] hsr_slave_1: entered promiscuous mode [ 408.805679][T15462] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 408.815027][T15462] Cannot create hsr debugfs directory [ 409.047885][T15564] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 409.312757][T15573] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2810'. [ 409.313251][T15574] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2809'. [ 409.613336][T15462] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 409.629379][T15462] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 409.646117][T15584] Bluetooth: MGMT ver 1.23 [ 409.657750][T15462] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 409.673799][T15462] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 409.839025][T15462] 8021q: adding VLAN 0 to HW filter on device bond0 [ 409.848098][T15598] tipc: Enabling of bearer rejected, failed to enable media [ 409.886510][T15462] 8021q: adding VLAN 0 to HW filter on device team0 [ 409.903864][ T7662] bridge0: port 1(bridge_slave_0) entered blocking state [ 409.911062][ T7662] bridge0: port 1(bridge_slave_0) entered forwarding state [ 409.926947][T15594] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2817'. [ 409.936088][T15594] netem: unknown loss type 0 [ 409.941853][T15594] netem: change failed [ 409.954548][ T7648] bridge0: port 2(bridge_slave_1) entered blocking state [ 409.961827][ T7648] bridge0: port 2(bridge_slave_1) entered forwarding state [ 410.238307][T15462] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 410.305647][T15462] veth0_vlan: entered promiscuous mode [ 410.325614][T15462] veth1_vlan: entered promiscuous mode [ 410.366229][T15462] veth0_macvtap: entered promiscuous mode [ 410.378737][T15462] veth1_macvtap: entered promiscuous mode [ 410.413789][T15462] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 410.429913][ T5848] Bluetooth: hci1: command tx timeout [ 410.434171][T15462] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 410.475786][ T7659] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.495995][ T7659] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.526475][ T7659] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.562268][ T7659] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.706142][ T7643] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 410.741497][ T7643] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 410.898311][ T7659] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 410.933794][ T7659] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 411.105532][T15628] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2827'. [ 411.118387][T15628] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2827'. [ 411.681779][T15644] FAULT_INJECTION: forcing a failure. [ 411.681779][T15644] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 411.699721][T15644] CPU: 1 UID: 0 PID: 15644 Comm: syz.0.2831 Not tainted 6.16.0-rc4-syzkaller-01070-gd23647fd547b #0 PREEMPT(full) [ 411.699749][T15644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 411.699762][T15644] Call Trace: [ 411.699770][T15644] [ 411.699778][T15644] dump_stack_lvl+0x189/0x250 [ 411.699808][T15644] ? __pfx____ratelimit+0x10/0x10 [ 411.699843][T15644] ? __pfx_dump_stack_lvl+0x10/0x10 [ 411.699867][T15644] ? __pfx__printk+0x10/0x10 [ 411.699903][T15644] ? __might_fault+0xb0/0x130 [ 411.699938][T15644] should_fail_ex+0x414/0x560 [ 411.699971][T15644] _copy_from_user+0x2d/0xb0 [ 411.699995][T15644] restore_altstack+0x9d/0x4b0 [ 411.700024][T15644] ? freezing_slow_path+0x10d/0x150 [ 411.700068][T15644] ? __pfx_restore_altstack+0x10/0x10 [ 411.700114][T15644] ? _raw_spin_unlock_irq+0x23/0x50 [ 411.700136][T15644] ? lockdep_hardirqs_on+0x9c/0x150 [ 411.700162][T15644] __ia32_sys_rt_sigreturn+0x1ac/0x7b0 [ 411.700185][T15644] ? lockdep_hardirqs_on+0x9c/0x150 [ 411.700210][T15644] ? __pfx___ia32_sys_rt_sigreturn+0x10/0x10 [ 411.700226][T15644] ? _raw_spin_unlock_irq+0x2e/0x50 [ 411.700246][T15644] ? signal_setup_done+0x230/0x310 [ 411.700272][T15644] ? __lock_acquire+0xab9/0xd20 [ 411.700311][T15644] ? __task_pid_nr_ns+0x28/0x470 [ 411.700344][T15644] ? do_syscall_64+0xbe/0x3b0 [ 411.700373][T15644] do_syscall_64+0xfa/0x3b0 [ 411.700397][T15644] ? lockdep_hardirqs_on+0x9c/0x150 [ 411.700421][T15644] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.700440][T15644] ? clear_bhb_loop+0x60/0xb0 [ 411.700463][T15644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.700481][T15644] RIP: 0033:0x7fe4a9f2ab19 [ 411.700498][T15644] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 411.700514][T15644] RSP: 002b:00007fe4aad45a80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f [ 411.700534][T15644] RAX: ffffffffffffffda RBX: 00007fe4aa1b5fa0 RCX: 00007fe4a9f2ab19 [ 411.700547][T15644] RDX: 00007fe4aad45a80 RSI: 00007fe4aad45bb0 RDI: 0000000000000021 [ 411.700560][T15644] RBP: 00007fe4aad46090 R08: 0000000000000000 R09: 0000000000000000 [ 411.700571][T15644] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 411.700582][T15644] R13: 0000000000000000 R14: 00007fe4aa1b5fa0 R15: 00007ffe71c6cd98 [ 411.700612][T15644] [ 412.097811][T15647] tipc: Enabled bearer , priority 0 [ 412.124233][T15647] tipc: Resetting bearer [ 412.140865][T15646] tipc: Disabling bearer [ 412.464404][T15656] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2836'. [ 412.624001][T15667] No such timeout policy "syz1" [ 412.671004][T15671] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2838'. [ 412.861711][T15681] FAULT_INJECTION: forcing a failure. [ 412.861711][T15681] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 412.877206][T15681] CPU: 1 UID: 0 PID: 15681 Comm: syz.1.2843 Not tainted 6.16.0-rc4-syzkaller-01070-gd23647fd547b #0 PREEMPT(full) [ 412.877225][T15681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 412.877233][T15681] Call Trace: [ 412.877239][T15681] [ 412.877244][T15681] dump_stack_lvl+0x189/0x250 [ 412.877264][T15681] ? __pfx____ratelimit+0x10/0x10 [ 412.877281][T15681] ? __pfx_dump_stack_lvl+0x10/0x10 [ 412.877297][T15681] ? __pfx__printk+0x10/0x10 [ 412.877316][T15681] ? __might_fault+0xb0/0x130 [ 412.877341][T15681] should_fail_ex+0x414/0x560 [ 412.877364][T15681] _copy_from_iter+0x1db/0x16f0 [ 412.877381][T15681] ? rcu_is_watching+0x15/0xb0 [ 412.877398][T15681] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 412.877416][T15681] ? __pfx__copy_from_iter+0x10/0x10 [ 412.877431][T15681] ? __build_skb_around+0x257/0x3e0 [ 412.877454][T15681] ? netlink_sendmsg+0x642/0xb30 [ 412.877471][T15681] ? skb_put+0x11b/0x210 [ 412.877493][T15681] netlink_sendmsg+0x6b2/0xb30 [ 412.877524][T15681] ? __pfx_netlink_sendmsg+0x10/0x10 [ 412.877554][T15681] ? aa_sock_msg_perm+0x94/0x160 [ 412.877584][T15681] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 412.877611][T15681] ? __pfx_netlink_sendmsg+0x10/0x10 [ 412.877655][T15681] __sock_sendmsg+0x219/0x270 [ 412.877675][T15681] ____sys_sendmsg+0x52d/0x830 [ 412.877701][T15681] ? __pfx_____sys_sendmsg+0x10/0x10 [ 412.877735][T15681] ? import_iovec+0x74/0xa0 [ 412.877754][T15681] ___sys_sendmsg+0x21f/0x2a0 [ 412.877769][T15681] ? __pfx____sys_sendmsg+0x10/0x10 [ 412.877815][T15681] ? __might_fault+0xb0/0x130 [ 412.877834][T15681] __sys_sendmmsg+0x227/0x430 [ 412.877852][T15681] ? __pfx___sys_sendmmsg+0x10/0x10 [ 412.877863][T15681] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 412.877902][T15681] ? ksys_write+0x22a/0x250 [ 412.877921][T15681] ? __pfx_ksys_write+0x10/0x10 [ 412.877936][T15681] ? rcu_is_watching+0x15/0xb0 [ 412.877957][T15681] __x64_sys_sendmmsg+0xa0/0xc0 [ 412.877974][T15681] do_syscall_64+0xfa/0x3b0 [ 412.877992][T15681] ? lockdep_hardirqs_on+0x9c/0x150 [ 412.878010][T15681] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.878024][T15681] ? clear_bhb_loop+0x60/0xb0 [ 412.878041][T15681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.878055][T15681] RIP: 0033:0x7fdc4f78e929 [ 412.878067][T15681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 412.878079][T15681] RSP: 002b:00007fdc50627038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 412.878094][T15681] RAX: ffffffffffffffda RBX: 00007fdc4f9b5fa0 RCX: 00007fdc4f78e929 [ 412.878104][T15681] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000005 [ 412.878114][T15681] RBP: 00007fdc50627090 R08: 0000000000000000 R09: 0000000000000000 [ 412.878122][T15681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 412.878131][T15681] R13: 0000000000000000 R14: 00007fdc4f9b5fa0 R15: 00007ffca51a3e68 [ 412.878152][T15681] [ 413.499237][ T7662] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.567688][T15689] IPv6: syztnl1: Disabled Multicast RS [ 413.608102][T15692] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.706729][T15692] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.788174][T15692] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.931810][T15692] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.001883][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 414.012986][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 414.026095][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 414.037728][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 414.050849][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 414.086083][ T7643] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.102067][ T7660] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.136766][ T7643] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.147701][ T7643] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.171012][T15700] lo speed is unknown, defaulting to 1000 [ 414.465166][T15700] chnl_net:caif_netlink_parms(): no params data found [ 414.540578][T15700] bridge0: port 1(bridge_slave_0) entered blocking state [ 414.547914][T15700] bridge0: port 1(bridge_slave_0) entered disabled state [ 414.555110][T15700] bridge_slave_0: entered allmulticast mode [ 414.562578][T15700] bridge_slave_0: entered promiscuous mode [ 414.570950][T15700] bridge0: port 2(bridge_slave_1) entered blocking state [ 414.578084][T15700] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.585940][T15700] bridge_slave_1: entered allmulticast mode [ 414.594450][T15700] bridge_slave_1: entered promiscuous mode [ 414.810060][T15717] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2852'. [ 414.897911][ C0] vcan0: j1939_session_tx_dat: 0xffff888053942800: queue data error: -100 [ 414.906588][ C0] vcan0: j1939_xtp_rx_dpo: no connection found [ 414.912776][ C0] vcan0: j1939_xtp_rx_dpo: no connection found [ 414.919012][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 414.926852][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 414.934786][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 414.942640][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 414.950597][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 414.958444][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 414.966393][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 414.974292][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 414.982228][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 414.990066][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 414.997976][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.005826][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.013757][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.021603][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.029525][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.037354][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.045322][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.053192][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.061126][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.068946][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.076865][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.084708][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.092634][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.100479][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.108374][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.116213][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.124148][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.131995][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.139911][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.147733][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.155679][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.163531][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.171471][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.179301][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.187248][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.195099][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.203027][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.210869][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.218756][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.226592][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.234507][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.242351][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.250251][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.258060][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.265962][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.273809][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.281723][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.289660][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.297549][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.305386][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.313331][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.321180][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.329069][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.336901][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.344798][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.352632][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.360551][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.368366][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.376268][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.376330][ T5848] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 415.384109][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.384215][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.384234][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.384338][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.384355][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.384449][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.384465][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.384560][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.384577][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.384662][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.384678][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.384765][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.394684][ T5848] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 415.399617][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.399743][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.408698][ T5848] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 415.415349][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.415451][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.415469][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.415592][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.426492][ T5848] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 415.431171][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.431267][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.449129][ T5848] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 415.454681][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.454800][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 415.592237][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 415.626671][T15700] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 415.666458][T15700] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 415.768226][T15700] team0: Port device team_slave_0 added [ 415.777442][T15700] team0: Port device team_slave_1 added [ 415.824690][T15732] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 415.842444][T15700] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 415.849684][T15700] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 415.877690][T15700] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 415.892503][T15700] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 415.899703][T15700] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 415.925775][T15700] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 415.954614][T15733] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2854'. [ 415.959755][T15724] lo speed is unknown, defaulting to 1000 [ 416.006869][ T7662] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.099739][T15739] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2855'. [ 416.116033][ T5848] Bluetooth: hci1: command tx timeout [ 416.161950][T15700] hsr_slave_0: entered promiscuous mode [ 416.168496][T15700] hsr_slave_1: entered promiscuous mode [ 416.180480][T15700] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 416.198194][T15700] Cannot create hsr debugfs directory [ 416.235211][ T7662] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.349368][ T7662] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.558124][T15700] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 48747 - 0 [ 416.569204][T15700] netdevsim netdevsim4 eth3 (unregistering): unset [1, 1] type 2 family 0 port 44350 - 0 [ 416.579796][T15700] netdevsim netdevsim4 eth3 (unregistering): unset [1, 2] type 2 family 0 port 6081 - 0 [ 416.608609][ T7662] bridge_slave_1: left allmulticast mode [ 416.614505][ T7662] bridge_slave_1: left promiscuous mode [ 416.621367][ T7662] bridge0: port 2(bridge_slave_1) entered disabled state [ 416.666895][ T7662] bridge_slave_0: left allmulticast mode [ 416.690652][ T7662] bridge_slave_0: left promiscuous mode [ 416.710713][ T7662] bridge0: port 1(bridge_slave_0) entered disabled state [ 417.061674][ T7662] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 417.072993][ T7662] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 417.083655][ T7662] bond0 (unregistering): Released all slaves [ 417.148037][T15700] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 48747 - 0 [ 417.180288][T15700] netdevsim netdevsim4 eth2 (unregistering): unset [1, 1] type 2 family 0 port 44350 - 0 [ 417.205325][T15700] netdevsim netdevsim4 eth2 (unregistering): unset [1, 2] type 2 family 0 port 6081 - 0 [ 417.266126][T15758] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 417.298501][T15700] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 48747 - 0 [ 417.316132][T15700] netdevsim netdevsim4 eth1 (unregistering): unset [1, 1] type 2 family 0 port 44350 - 0 [ 417.327359][T15700] netdevsim netdevsim4 eth1 (unregistering): unset [1, 2] type 2 family 0 port 6081 - 0 [ 417.364901][T15758] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 417.415792][T15724] chnl_net:caif_netlink_parms(): no params data found [ 417.437599][T15700] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 48747 - 0 [ 417.452856][T15700] netdevsim netdevsim4 eth0 (unregistering): unset [1, 1] type 2 family 0 port 44350 - 0 [ 417.462791][T15700] netdevsim netdevsim4 eth0 (unregistering): unset [1, 2] type 2 family 0 port 6081 - 0 [ 417.478391][T15758] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 417.539714][ T5848] Bluetooth: hci3: command tx timeout [ 417.608864][T15758] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 417.851247][T15724] bridge0: port 1(bridge_slave_0) entered blocking state [ 417.858688][T15724] bridge0: port 1(bridge_slave_0) entered disabled state [ 417.866164][T15724] bridge_slave_0: entered allmulticast mode [ 417.874204][T15724] bridge_slave_0: entered promiscuous mode [ 417.922192][ T7662] hsr_slave_0: left promiscuous mode [ 417.928409][ T7662] hsr_slave_1: left promiscuous mode [ 417.934781][ T7662] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 417.942575][ T7662] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 417.951887][ T7662] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 417.960629][ T7662] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 417.987680][ T7662] veth1_macvtap: left promiscuous mode [ 417.993550][ T7662] veth0_macvtap: left promiscuous mode [ 417.999286][ T7662] veth1_vlan: left promiscuous mode [ 418.005081][ T7662] veth0_vlan: left promiscuous mode [ 418.192048][ T5848] Bluetooth: hci1: command tx timeout [ 418.435733][ T7662] team0 (unregistering): Port device team_slave_1 removed [ 418.472693][ T7662] team0 (unregistering): Port device team_slave_0 removed [ 418.805507][T15724] bridge0: port 2(bridge_slave_1) entered blocking state [ 418.812864][T15724] bridge0: port 2(bridge_slave_1) entered disabled state [ 418.822899][T15724] bridge_slave_1: entered allmulticast mode [ 418.842210][T15724] bridge_slave_1: entered promiscuous mode [ 418.884218][T15724] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 418.936373][T15724] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 418.978060][ T7659] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 419.027598][ T7659] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 419.045105][T15724] team0: Port device team_slave_0 added [ 419.054261][T15700] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 419.073842][T15700] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 419.116753][ T7661] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 419.160779][ T7661] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 419.185355][T15724] team0: Port device team_slave_1 added [ 419.263895][T15700] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 419.347191][T15700] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 419.380220][T15724] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 419.387282][T15724] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 419.415234][T15724] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 419.440579][T15724] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 419.454927][T15724] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 419.482860][T15724] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 419.497177][T15798] openvswitch: netlink: Duplicate or invalid key (type 0). [ 419.521653][T15785] tipc: Enabled bearer , priority 0 [ 419.523947][T15798] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 419.619360][T15724] hsr_slave_0: entered promiscuous mode [ 419.625295][ T51] Bluetooth: hci3: command tx timeout [ 419.634051][T15724] hsr_slave_1: entered promiscuous mode [ 419.641321][T15724] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 419.648974][T15724] Cannot create hsr debugfs directory [ 419.736843][ T7662] team0: left allmulticast mode [ 419.745370][ T7662] team_slave_0: left allmulticast mode [ 419.754721][ T7662] team_slave_1: left allmulticast mode [ 419.764126][ T7662] batadv1: left allmulticast mode [ 419.769442][ T7662] team0: left promiscuous mode [ 419.778223][ T7662] team_slave_0: left promiscuous mode [ 419.794363][ T7662] team_slave_1: left promiscuous mode [ 419.804495][ T7662] batadv1: left promiscuous mode [ 419.812639][ T7662] bridge0: port 3(team0) entered disabled state [ 419.823914][ T7662] bridge_slave_1: left allmulticast mode [ 419.832080][ T7662] bridge_slave_1: left promiscuous mode [ 419.837890][ T7662] bridge0: port 2(bridge_slave_1) entered disabled state [ 419.852151][ T7662] bridge_slave_0: left allmulticast mode [ 419.864480][ T7662] bridge_slave_0: left promiscuous mode [ 419.871997][ T7662] bridge0: port 1(bridge_slave_0) entered disabled state [ 420.029239][T15810] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 420.153862][ T7662] erspan0 (unregistering): left promiscuous mode [ 420.217325][ T7662] dvmrp0 (unregistering): left allmulticast mode [ 420.259850][ T51] Bluetooth: hci1: command tx timeout [ 420.321853][T15813] netlink: 'syz.1.2875': attribute type 1 has an invalid length. [ 420.998419][ T7662] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 421.009869][ T7662] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 421.022580][ T7662] bond0 (unregistering): (slave dummy0): Releasing backup interface [ 421.034550][ T7662] bond0 (unregistering): Released all slaves [ 421.051015][ T7662] bond1 (unregistering): Released all slaves [ 421.066005][ T7662] bond2 (unregistering): Released all slaves [ 421.086327][T15784] tipc: Disabling bearer [ 421.176183][T15813] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR [ 421.176580][ T7662] : left promiscuous mode [ 421.313853][T15825] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2878'. [ 421.350114][ T7662] tipc: Left network mode [ 421.379737][ T51] Bluetooth: hci4: command 0x0405 tx timeout [ 421.437944][T15700] 8021q: adding VLAN 0 to HW filter on device bond0 [ 421.524894][ T7662] IPVS: stopping backup sync thread 13172 ... [ 421.567452][T15700] 8021q: adding VLAN 0 to HW filter on device team0 [ 421.592600][T15835] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2880'. [ 421.615893][T15838] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 421.630049][ T7660] bridge0: port 1(bridge_slave_0) entered blocking state [ 421.637212][ T7660] bridge0: port 1(bridge_slave_0) entered forwarding state [ 421.676923][ T7643] bridge0: port 2(bridge_slave_1) entered blocking state [ 421.684089][ T7643] bridge0: port 2(bridge_slave_1) entered forwarding state [ 421.699689][ T5848] Bluetooth: hci3: command tx timeout [ 422.205168][ T7662] batadv_slave_1: left promiscuous mode [ 422.217746][ T7662] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 422.230802][ T7662] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 422.238303][ T7662] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 422.257842][ T7662] veth1_macvtap: left promiscuous mode [ 422.267242][ T7662] veth0_macvtap: left promiscuous mode [ 422.273534][ T7662] veth1_vlan: left promiscuous mode [ 422.278849][ T7662] veth0_vlan: left promiscuous mode [ 422.339793][ T5848] Bluetooth: hci1: command tx timeout [ 422.675554][ T7662] team0 (unregistering): Port device batadv1 removed [ 422.968649][ T7662] team0 (unregistering): Port device team_slave_1 removed [ 423.006412][ T7662] team0 (unregistering): Port device team_slave_0 removed [ 423.325095][T15724] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 423.336218][T15724] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 423.353183][T15724] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 423.365776][T15724] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 423.426094][T15700] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 423.597100][T15869] tipc: Enabled bearer , priority 0 [ 423.653610][T15869] openvswitch: netlink: Duplicate or invalid key (type 0). [ 423.682994][T15869] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 423.780434][ T5848] Bluetooth: hci3: command tx timeout [ 423.806012][T15724] 8021q: adding VLAN 0 to HW filter on device bond0 [ 423.894999][T15724] 8021q: adding VLAN 0 to HW filter on device team0 [ 423.925473][T15868] tipc: Disabling bearer [ 423.966728][ T7643] bridge0: port 1(bridge_slave_0) entered blocking state [ 423.973966][ T7643] bridge0: port 1(bridge_slave_0) entered forwarding state [ 424.012300][ T7643] bridge0: port 2(bridge_slave_1) entered blocking state [ 424.019506][ T7643] bridge0: port 2(bridge_slave_1) entered forwarding state [ 424.030939][ T7662] IPVS: stop unused estimator thread 0... [ 424.333799][T15895] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 424.398235][T15700] veth0_vlan: entered promiscuous mode [ 424.442952][T15700] veth1_vlan: entered promiscuous mode [ 424.504189][T15700] veth0_macvtap: entered promiscuous mode [ 424.531328][T15700] veth1_macvtap: entered promiscuous mode [ 424.577939][T15700] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 424.603740][T15700] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 424.617856][T15724] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 424.631349][ T7658] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.680420][ T7658] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.694853][ T7658] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.717692][ T7658] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 424.828275][T15724] veth0_vlan: entered promiscuous mode [ 424.871085][ T7662] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 424.883071][T15724] veth1_vlan: entered promiscuous mode [ 424.888628][ T7662] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 424.960991][ T7643] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 424.968103][T15724] veth0_macvtap: entered promiscuous mode [ 424.975100][ T7643] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 424.979761][T15910] nbd: socks must be embedded in a SOCK_ITEM attr [ 425.003089][T15910] block nbd1: shutting down sockets [ 425.038339][T15724] veth1_macvtap: entered promiscuous mode [ 425.093669][T15724] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 425.148417][T15724] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 425.206932][ T7643] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.244446][ T7643] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.274920][ T7643] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.308262][T15918] FAULT_INJECTION: forcing a failure. [ 425.308262][T15918] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 425.308671][ T7643] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.344655][T15918] CPU: 0 UID: 0 PID: 15918 Comm: syz.0.2901 Not tainted 6.16.0-rc4-syzkaller-01070-gd23647fd547b #0 PREEMPT(full) [ 425.344681][T15918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 425.344692][T15918] Call Trace: [ 425.344699][T15918] [ 425.344707][T15918] dump_stack_lvl+0x189/0x250 [ 425.344734][T15918] ? __pfx____ratelimit+0x10/0x10 [ 425.344758][T15918] ? __pfx_dump_stack_lvl+0x10/0x10 [ 425.344781][T15918] ? __pfx__printk+0x10/0x10 [ 425.344807][T15918] ? __might_fault+0xb0/0x130 [ 425.344840][T15918] should_fail_ex+0x414/0x560 [ 425.344871][T15918] _copy_from_user+0x2d/0xb0 [ 425.344900][T15918] restore_altstack+0x9d/0x4b0 [ 425.344924][T15918] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 425.344949][T15918] ? __pfx_restore_altstack+0x10/0x10 [ 425.344981][T15918] ? _raw_spin_unlock_irq+0x23/0x50 [ 425.345002][T15918] ? lockdep_hardirqs_on+0x9c/0x150 [ 425.345028][T15918] __ia32_sys_rt_sigreturn+0x1ac/0x7b0 [ 425.345050][T15918] ? lockdep_hardirqs_on+0x9c/0x150 [ 425.345072][T15918] ? __pfx___ia32_sys_rt_sigreturn+0x10/0x10 [ 425.345089][T15918] ? _raw_spin_unlock_irq+0x2e/0x50 [ 425.345109][T15918] ? signal_setup_done+0x230/0x310 [ 425.345134][T15918] ? __lock_acquire+0xab9/0xd20 [ 425.345173][T15918] ? __task_pid_nr_ns+0x28/0x470 [ 425.345204][T15918] ? do_syscall_64+0xbe/0x3b0 [ 425.345233][T15918] do_syscall_64+0xfa/0x3b0 [ 425.345257][T15918] ? lockdep_hardirqs_on+0x9c/0x150 [ 425.345279][T15918] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.345297][T15918] ? clear_bhb_loop+0x60/0xb0 [ 425.345321][T15918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.345338][T15918] RIP: 0033:0x7fe4a9f2ab19 [ 425.345355][T15918] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 425.345371][T15918] RSP: 002b:00007fe4aad45a80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f [ 425.345391][T15918] RAX: ffffffffffffffda RBX: 00007fe4aa1b5fa0 RCX: 00007fe4a9f2ab19 [ 425.345405][T15918] RDX: 00007fe4aad45a80 RSI: 00007fe4aad45bb0 RDI: 0000000000000021 [ 425.345417][T15918] RBP: 00007fe4aad46090 R08: 0000000000000000 R09: 0000000000000000 [ 425.345429][T15918] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 425.345441][T15918] R13: 0000000000000000 R14: 00007fe4aa1b5fa0 R15: 00007ffe71c6cd98 [ 425.345470][T15918] [ 425.680526][T15926] syzkaller0: entered promiscuous mode [ 425.704667][T15926] syzkaller0: entered allmulticast mode [ 425.847401][T15934] FAULT_INJECTION: forcing a failure. [ 425.847401][T15934] name failslab, interval 1, probability 0, space 0, times 0 [ 425.884631][T15934] CPU: 0 UID: 0 PID: 15934 Comm: syz.0.2905 Not tainted 6.16.0-rc4-syzkaller-01070-gd23647fd547b #0 PREEMPT(full) [ 425.884658][T15934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 425.884669][T15934] Call Trace: [ 425.884677][T15934] [ 425.884685][T15934] dump_stack_lvl+0x189/0x250 [ 425.884712][T15934] ? __pfx____ratelimit+0x10/0x10 [ 425.884737][T15934] ? __pfx_dump_stack_lvl+0x10/0x10 [ 425.884760][T15934] ? __pfx__printk+0x10/0x10 [ 425.884791][T15934] ? __pfx___might_resched+0x10/0x10 [ 425.884818][T15934] should_fail_ex+0x414/0x560 [ 425.884858][T15934] should_failslab+0xa8/0x100 [ 425.884886][T15934] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 425.884910][T15934] ? __alloc_skb+0x112/0x2d0 [ 425.884941][T15934] __alloc_skb+0x112/0x2d0 [ 425.884971][T15934] netlink_sendmsg+0x5c6/0xb30 [ 425.885007][T15934] ? __pfx_netlink_sendmsg+0x10/0x10 [ 425.885037][T15934] ? aa_sock_msg_perm+0x94/0x160 [ 425.885068][T15934] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 425.885085][T15934] ? __pfx_netlink_sendmsg+0x10/0x10 [ 425.885111][T15934] __sock_sendmsg+0x219/0x270 [ 425.885137][T15934] ____sys_sendmsg+0x505/0x830 [ 425.885171][T15934] ? __pfx_____sys_sendmsg+0x10/0x10 [ 425.885209][T15934] ? import_iovec+0x74/0xa0 [ 425.885236][T15934] ___sys_sendmsg+0x21f/0x2a0 [ 425.885256][T15934] ? __pfx____sys_sendmsg+0x10/0x10 [ 425.885309][T15934] ? __fget_files+0x2a/0x420 [ 425.885334][T15934] ? __fget_files+0x3a0/0x420 [ 425.885370][T15934] __x64_sys_sendmsg+0x19b/0x260 [ 425.885390][T15934] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 425.885418][T15934] ? __pfx_ksys_write+0x10/0x10 [ 425.885438][T15934] ? rcu_is_watching+0x15/0xb0 [ 425.885466][T15934] ? do_syscall_64+0xbe/0x3b0 [ 425.885494][T15934] do_syscall_64+0xfa/0x3b0 [ 425.885518][T15934] ? lockdep_hardirqs_on+0x9c/0x150 [ 425.885541][T15934] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.885559][T15934] ? clear_bhb_loop+0x60/0xb0 [ 425.885582][T15934] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.885600][T15934] RIP: 0033:0x7fe4a9f8e929 [ 425.885617][T15934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 425.885632][T15934] RSP: 002b:00007fe4aad46038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 425.885652][T15934] RAX: ffffffffffffffda RBX: 00007fe4aa1b5fa0 RCX: 00007fe4a9f8e929 [ 425.885666][T15934] RDX: 0000000000000080 RSI: 00002000000000c0 RDI: 0000000000000003 [ 425.885678][T15934] RBP: 00007fe4aad46090 R08: 0000000000000000 R09: 0000000000000000 [ 425.885689][T15934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 425.885700][T15934] R13: 0000000000000000 R14: 00007fe4aa1b5fa0 R15: 00007ffe71c6cd98 [ 425.885729][T15934] [ 426.207247][ T7662] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 426.208771][T15933] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2902'. [ 426.239878][ T7662] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 426.248062][ T7662] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 426.268411][ T7662] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 426.665058][T15949] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 426.785134][T15957] FAULT_INJECTION: forcing a failure. [ 426.785134][T15957] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 426.798796][T15957] CPU: 1 UID: 0 PID: 15957 Comm: syz.4.2914 Not tainted 6.16.0-rc4-syzkaller-01070-gd23647fd547b #0 PREEMPT(full) [ 426.798822][T15957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 426.798833][T15957] Call Trace: [ 426.798841][T15957] [ 426.798848][T15957] dump_stack_lvl+0x189/0x250 [ 426.798875][T15957] ? __pfx____ratelimit+0x10/0x10 [ 426.798899][T15957] ? __pfx_dump_stack_lvl+0x10/0x10 [ 426.798922][T15957] ? __pfx__printk+0x10/0x10 [ 426.798948][T15957] ? __might_fault+0xb0/0x130 [ 426.798983][T15957] should_fail_ex+0x414/0x560 [ 426.799015][T15957] _copy_from_iter+0x1db/0x16f0 [ 426.799039][T15957] ? rcu_is_watching+0x15/0xb0 [ 426.799063][T15957] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 426.799088][T15957] ? __pfx__copy_from_iter+0x10/0x10 [ 426.799109][T15957] ? __build_skb_around+0x257/0x3e0 [ 426.799140][T15957] ? netlink_sendmsg+0x642/0xb30 [ 426.799163][T15957] ? skb_put+0x11b/0x210 [ 426.799193][T15957] netlink_sendmsg+0x6b2/0xb30 [ 426.799228][T15957] ? __pfx_netlink_sendmsg+0x10/0x10 [ 426.799256][T15957] ? aa_sock_msg_perm+0x94/0x160 [ 426.799286][T15957] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 426.799303][T15957] ? __pfx_netlink_sendmsg+0x10/0x10 [ 426.799329][T15957] __sock_sendmsg+0x219/0x270 [ 426.799354][T15957] ____sys_sendmsg+0x52d/0x830 [ 426.799389][T15957] ? __pfx_____sys_sendmsg+0x10/0x10 [ 426.799427][T15957] ? import_iovec+0x74/0xa0 [ 426.799453][T15957] ___sys_sendmsg+0x21f/0x2a0 [ 426.799477][T15957] ? __pfx____sys_sendmsg+0x10/0x10 [ 426.799546][T15957] ? __might_fault+0xb0/0x130 [ 426.799573][T15957] __sys_sendmmsg+0x227/0x430 [ 426.799596][T15957] ? __pfx___sys_sendmmsg+0x10/0x10 [ 426.799612][T15957] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 426.799665][T15957] ? ksys_write+0x22a/0x250 [ 426.799689][T15957] ? __pfx_ksys_write+0x10/0x10 [ 426.799709][T15957] ? rcu_is_watching+0x15/0xb0 [ 426.799737][T15957] __x64_sys_sendmmsg+0xa0/0xc0 [ 426.799757][T15957] do_syscall_64+0xfa/0x3b0 [ 426.799783][T15957] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.799800][T15957] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 426.799819][T15957] ? clear_bhb_loop+0x60/0xb0 [ 426.799842][T15957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.799860][T15957] RIP: 0033:0x7fec9878e929 [ 426.799876][T15957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 426.799892][T15957] RSP: 002b:00007fec965f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 426.799912][T15957] RAX: ffffffffffffffda RBX: 00007fec989b5fa0 RCX: 00007fec9878e929 [ 426.799925][T15957] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000005 [ 426.799938][T15957] RBP: 00007fec965f6090 R08: 0000000000000000 R09: 0000000000000000 [ 426.799949][T15957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 426.799960][T15957] R13: 0000000000000000 R14: 00007fec989b5fa0 R15: 00007ffd2f6ec588 [ 426.799989][T15957] [ 427.185816][T15966] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 427.318209][T15971] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2917'. [ 427.403513][T15973] syzkaller0: entered promiscuous mode [ 427.409005][T15973] syzkaller0: entered allmulticast mode [ 427.796943][T15991] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2926'. [ 427.808024][T15991] netlink: 'syz.4.2926': attribute type 7 has an invalid length. [ 427.816504][T15991] netlink: 'syz.4.2926': attribute type 8 has an invalid length. [ 427.825265][T15991] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2926'. [ 428.144974][T15997] RDS: rds_bind could not find a transport for ::ffff:10.1.1.1, load rds_tcp or rds_rdma? [ 428.285472][ T7660] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 428.705992][ T7660] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 428.773765][ T7660] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 428.824501][ T7660] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 428.958742][ T7660] bridge_slave_1: left allmulticast mode [ 428.965093][ T7660] bridge_slave_1: left promiscuous mode [ 428.970967][ T7660] bridge0: port 2(bridge_slave_1) entered disabled state [ 428.980260][ T7660] bridge_slave_0: left allmulticast mode [ 428.986576][ T7660] bridge_slave_0: left promiscuous mode [ 428.993182][ T7660] bridge0: port 1(bridge_slave_0) entered disabled state [ 429.255731][ T7660] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 429.266977][ T7660] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 429.285899][ T7660] bond0 (unregistering): Released all slaves [ 429.595754][ T7660] hsr_slave_0: left promiscuous mode [ 429.602076][ T7660] hsr_slave_1: left promiscuous mode [ 429.607823][ T7660] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 429.615558][ T7660] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 429.630015][ T7660] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 429.637403][ T7660] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 429.656787][ T7660] veth1_macvtap: left promiscuous mode [ 429.662386][ T7660] veth0_macvtap: left promiscuous mode [ 429.668042][ T7660] veth1_vlan: left promiscuous mode [ 429.673509][ T7660] veth0_vlan: left promiscuous mode [ 429.764897][T16011] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 429.785271][T16012] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2932'. [ 430.333749][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 430.342432][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 430.350927][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 430.359437][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 430.367558][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 430.606657][ T7660] team0 (unregistering): Port device team_slave_1 removed [ 430.668496][ T7660] team0 (unregistering): Port device team_slave_0 removed [ 431.082963][T16049] syzkaller0: entered promiscuous mode [ 431.089356][T16049] syzkaller0: entered allmulticast mode [ 431.103999][T16013] sysfs: cannot create duplicate filename '/class/ieee80211/!ÿ' [ 431.121790][T16013] CPU: 1 UID: 0 PID: 16013 Comm: syz.2.2933 Not tainted 6.16.0-rc4-syzkaller-01070-gd23647fd547b #0 PREEMPT(full) [ 431.121820][T16013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 431.121834][T16013] Call Trace: [ 431.121843][T16013] [ 431.121852][T16013] dump_stack_lvl+0x189/0x250 [ 431.121888][T16013] ? __pfx_dump_stack_lvl+0x10/0x10 [ 431.121916][T16013] ? __pfx__printk+0x10/0x10 [ 431.121948][T16013] ? kernfs_path_from_node+0x2c/0x260 [ 431.121982][T16013] ? kernfs_path_from_node+0x2c/0x260 [ 431.122014][T16013] ? kernfs_path_from_node+0x2c/0x260 [ 431.122049][T16013] ? kernfs_path_from_node+0x22c/0x260 [ 431.122079][T16013] ? kernfs_path_from_node+0x2c/0x260 [ 431.122116][T16013] sysfs_warn_dup+0x8e/0xa0 [ 431.122147][T16013] sysfs_do_create_link_sd+0xc0/0x110 [ 431.122296][T16013] device_add_class_symlinks+0x1cf/0x240 [ 431.122334][T16013] device_add+0x475/0xb50 [ 431.122368][T16013] wiphy_register+0x1ba6/0x28d0 [ 431.122426][T16013] ? __pfx_wiphy_register+0x10/0x10 [ 431.122456][T16013] ? minstrel_ht_alloc+0x6dd/0x7e0 [ 431.122486][T16013] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 431.122527][T16013] ieee80211_register_hw+0x33e1/0x4120 [ 431.122570][T16013] ? ieee80211_register_hw+0x1441/0x4120 [ 431.122603][T16013] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 431.122630][T16013] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 431.122666][T16013] ? __hrtimer_setup+0x187/0x210 [ 431.122690][T16013] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 431.122730][T16013] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 431.122798][T16013] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 431.122828][T16013] ? trace_kmalloc+0x1f/0xd0 [ 431.122863][T16013] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 431.122890][T16013] ? kstrndup+0xbf/0x160 [ 431.122932][T16013] hwsim_new_radio_nl+0xea4/0x1b10 [ 431.122964][T16013] ? __pfx___nla_validate_parse+0x10/0x10 [ 431.123002][T16013] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 431.123046][T16013] ? __nla_parse+0x40/0x60 [ 431.123072][T16013] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 431.123104][T16013] genl_family_rcv_msg_doit+0x215/0x300 [ 431.123135][T16013] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 431.123191][T16013] ? bpf_lsm_capable+0x9/0x20 [ 431.123217][T16013] ? security_capable+0x7e/0x2e0 [ 431.123276][T16013] genl_rcv_msg+0x60e/0x790 [ 431.123308][T16013] ? __pfx_genl_rcv_msg+0x10/0x10 [ 431.123329][T16013] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 431.123381][T16013] netlink_rcv_skb+0x205/0x470 [ 431.123427][T16013] ? __pfx_genl_rcv_msg+0x10/0x10 [ 431.123452][T16013] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 431.123505][T16013] ? down_read+0x1ad/0x2e0 [ 431.123541][T16013] genl_rcv+0x28/0x40 [ 431.123561][T16013] netlink_unicast+0x758/0x8d0 [ 431.123603][T16013] netlink_sendmsg+0x805/0xb30 [ 431.123647][T16013] ? __pfx_netlink_sendmsg+0x10/0x10 [ 431.123683][T16013] ? aa_sock_msg_perm+0x94/0x160 [ 431.123720][T16013] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 431.123740][T16013] ? __pfx_netlink_sendmsg+0x10/0x10 [ 431.123774][T16013] __sock_sendmsg+0x219/0x270 [ 431.123805][T16013] ____sys_sendmsg+0x505/0x830 [ 431.123849][T16013] ? __pfx_____sys_sendmsg+0x10/0x10 [ 431.123896][T16013] ? import_iovec+0x74/0xa0 [ 431.123929][T16013] ___sys_sendmsg+0x21f/0x2a0 [ 431.123954][T16013] ? __pfx____sys_sendmsg+0x10/0x10 [ 431.124022][T16013] ? __fget_files+0x2a/0x420 [ 431.124053][T16013] ? __fget_files+0x3a0/0x420 [ 431.124098][T16013] __x64_sys_sendmsg+0x19b/0x260 [ 431.124123][T16013] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 431.124159][T16013] ? rcu_is_watching+0x15/0xb0 [ 431.124193][T16013] ? do_syscall_64+0xbe/0x3b0 [ 431.124229][T16013] do_syscall_64+0xfa/0x3b0 [ 431.124258][T16013] ? lockdep_hardirqs_on+0x9c/0x150 [ 431.124298][T16013] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.124319][T16013] ? clear_bhb_loop+0x60/0xb0 [ 431.124347][T16013] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.124368][T16013] RIP: 0033:0x7f3dac98e929 [ 431.124388][T16013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 431.124428][T16013] RSP: 002b:00007f3dad821038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 431.124451][T16013] RAX: ffffffffffffffda RBX: 00007f3dacbb5fa0 RCX: 00007f3dac98e929 [ 431.124467][T16013] RDX: 000000002400c040 RSI: 0000200000000040 RDI: 0000000000000004 [ 431.124480][T16013] RBP: 00007f3daca10b39 R08: 0000000000000000 R09: 0000000000000000 [ 431.124493][T16013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 431.124505][T16013] R13: 0000000000000000 R14: 00007f3dacbb5fa0 R15: 00007ffe82f43738 [ 431.124538][T16013] [ 431.704851][T16033] lo speed is unknown, defaulting to 1000 [ 431.785188][T16062] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2944'. [ 431.838846][T16063] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2945'. [ 432.096172][T16069] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 432.107895][T16069] batman_adv: batadv0: Removing interface: virt_wifi0 [ 432.130138][T16073] netlink: 'syz.2.2948': attribute type 10 has an invalid length. [ 432.168369][T16075] tipc: Enabling of bearer rejected, failed to enable media [ 432.184524][T16073] mac80211_hwsim hwsim5 wlan1: left allmulticast mode [ 432.197312][T16075] openvswitch: netlink: Duplicate or invalid key (type 0). [ 432.216655][T16073] 8021q: adding VLAN 0 to HW filter on device bond0 [ 432.241513][T16075] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 432.251955][T16073] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode [ 432.270922][T16073] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 432.386862][T16081] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2952'. [ 432.419907][ T51] Bluetooth: hci3: command tx timeout [ 432.447988][T16081] batadv1: entered promiscuous mode [ 432.455054][T16084] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 432.455083][T16081] batadv1: entered allmulticast mode [ 432.521551][T16033] chnl_net:caif_netlink_parms(): no params data found [ 432.730556][T16081] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2952'. [ 432.766634][T16033] bridge0: port 1(bridge_slave_0) entered blocking state [ 432.790250][T16033] bridge0: port 1(bridge_slave_0) entered disabled state [ 432.814141][T16033] bridge_slave_0: entered allmulticast mode [ 432.833049][T16033] bridge_slave_0: entered promiscuous mode [ 432.860110][T16033] bridge0: port 2(bridge_slave_1) entered blocking state [ 432.877988][T16033] bridge0: port 2(bridge_slave_1) entered disabled state [ 432.895499][T16033] bridge_slave_1: entered allmulticast mode [ 432.903287][T16099] netlink: 'syz.4.2956': attribute type 83 has an invalid length. [ 432.917512][T16033] bridge_slave_1: entered promiscuous mode [ 433.013670][T16033] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 433.039115][T16101] netlink: 3 bytes leftover after parsing attributes in process `syz.4.2957'. [ 433.041543][T16033] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 433.058619][T16103] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2958'. [ 433.150864][T16101] batadv1: entered promiscuous mode [ 433.156120][T16101] batadv1: entered allmulticast mode [ 433.183526][T16033] team0: Port device team_slave_0 added [ 433.205363][T16033] team0: Port device team_slave_1 added [ 433.304756][T16101] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2957'. [ 433.445055][T16033] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 433.462917][T16033] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 433.499271][T16033] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 433.520099][T16033] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 433.527228][T16033] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 433.561789][T16033] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 433.725668][T16033] hsr_slave_0: entered promiscuous mode [ 433.741771][T16033] hsr_slave_1: entered promiscuous mode [ 433.747993][T16033] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 433.759558][T16033] Cannot create hsr debugfs directory [ 434.104145][T16135] FAULT_INJECTION: forcing a failure. [ 434.104145][T16135] name failslab, interval 1, probability 0, space 0, times 0 [ 434.155322][T16135] CPU: 1 UID: 0 PID: 16135 Comm: syz.1.2967 Not tainted 6.16.0-rc4-syzkaller-01070-gd23647fd547b #0 PREEMPT(full) [ 434.155351][T16135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 434.155363][T16135] Call Trace: [ 434.155370][T16135] [ 434.155378][T16135] dump_stack_lvl+0x189/0x250 [ 434.155406][T16135] ? __pfx____ratelimit+0x10/0x10 [ 434.155430][T16135] ? __pfx_dump_stack_lvl+0x10/0x10 [ 434.155452][T16135] ? __pfx__printk+0x10/0x10 [ 434.155493][T16135] should_fail_ex+0x414/0x560 [ 434.155526][T16135] should_failslab+0xa8/0x100 [ 434.155553][T16135] kmem_cache_alloc_noprof+0x73/0x3c0 [ 434.155575][T16135] ? skb_clone+0x212/0x3a0 [ 434.155599][T16135] skb_clone+0x212/0x3a0 [ 434.155620][T16135] __netlink_deliver_tap+0x404/0x850 [ 434.155659][T16135] ? netlink_deliver_tap+0x2e/0x1b0 [ 434.155685][T16135] netlink_deliver_tap+0x19c/0x1b0 [ 434.155711][T16135] netlink_sendskb+0x68/0x140 [ 434.155747][T16135] netlink_rcv_skb+0x28c/0x470 [ 434.155773][T16135] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 434.155801][T16135] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 434.155840][T16135] ? netlink_deliver_tap+0x2e/0x1b0 [ 434.155865][T16135] ? netlink_deliver_tap+0x2e/0x1b0 [ 434.155901][T16135] netlink_unicast+0x758/0x8d0 [ 434.155936][T16135] netlink_sendmsg+0x805/0xb30 [ 434.155971][T16135] ? __pfx_netlink_sendmsg+0x10/0x10 [ 434.156001][T16135] ? aa_sock_msg_perm+0x94/0x160 [ 434.156031][T16135] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 434.156048][T16135] ? __pfx_netlink_sendmsg+0x10/0x10 [ 434.156074][T16135] __sock_sendmsg+0x219/0x270 [ 434.156101][T16135] ____sys_sendmsg+0x52d/0x830 [ 434.156136][T16135] ? __pfx_____sys_sendmsg+0x10/0x10 [ 434.156175][T16135] ? import_iovec+0x74/0xa0 [ 434.156202][T16135] ___sys_sendmsg+0x21f/0x2a0 [ 434.156222][T16135] ? __pfx____sys_sendmsg+0x10/0x10 [ 434.156285][T16135] ? __might_fault+0xb0/0x130 [ 434.156312][T16135] __sys_sendmmsg+0x227/0x430 [ 434.156336][T16135] ? __pfx___sys_sendmmsg+0x10/0x10 [ 434.156351][T16135] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 434.156404][T16135] ? ksys_write+0x22a/0x250 [ 434.156429][T16135] ? __pfx_ksys_write+0x10/0x10 [ 434.156459][T16135] __x64_sys_sendmmsg+0xa0/0xc0 [ 434.156479][T16135] do_syscall_64+0xfa/0x3b0 [ 434.156502][T16135] ? lockdep_hardirqs_on+0x9c/0x150 [ 434.156525][T16135] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.156543][T16135] ? clear_bhb_loop+0x60/0xb0 [ 434.156567][T16135] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.156585][T16135] RIP: 0033:0x7fdc4f78e929 [ 434.156602][T16135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 434.156618][T16135] RSP: 002b:00007fdc50627038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 434.156637][T16135] RAX: ffffffffffffffda RBX: 00007fdc4f9b5fa0 RCX: 00007fdc4f78e929 [ 434.156650][T16135] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000005 [ 434.156663][T16135] RBP: 00007fdc50627090 R08: 0000000000000000 R09: 0000000000000000 [ 434.156675][T16135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 434.156686][T16135] R13: 0000000000000000 R14: 00007fdc4f9b5fa0 R15: 00007ffca51a3e68 [ 434.156716][T16135] [ 434.517652][ T51] Bluetooth: hci3: command tx timeout [ 434.551420][T16140] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2969'. [ 434.576692][T16143] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2970'. [ 434.626379][T16146] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 434.637729][T16147] xt_addrtype: ipv6 BLACKHOLE matching not supported [ 434.665078][T16144] bridge0: port 1(veth7) entered blocking state [ 434.672040][T16144] bridge0: port 1(veth7) entered disabled state [ 434.686671][T16144] veth7: entered allmulticast mode [ 434.706310][T16144] veth7: entered promiscuous mode [ 434.776382][T16152] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 434.809412][T16140] bridge0: port 2(veth0_to_bond) entered blocking state [ 434.829828][T16140] bridge0: port 2(veth0_to_bond) entered disabled state [ 434.840972][T16140] veth0_to_bond: entered allmulticast mode [ 434.848833][T16140] veth0_to_bond: entered promiscuous mode [ 434.892726][T16155] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2975'. [ 434.911498][T16155] netlink: 'syz.1.2975': attribute type 7 has an invalid length. [ 434.919415][T16155] netlink: 'syz.1.2975': attribute type 8 has an invalid length. [ 434.928526][T16155] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2975'. [ 435.028624][T16160] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 435.115602][T16033] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 435.126759][T16033] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 435.138965][T16033] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 435.157732][T16033] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 435.277727][T16033] 8021q: adding VLAN 0 to HW filter on device bond0 [ 435.305855][T16033] 8021q: adding VLAN 0 to HW filter on device team0 [ 435.322462][ T7659] bridge0: port 1(bridge_slave_0) entered blocking state [ 435.329660][ T7659] bridge0: port 1(bridge_slave_0) entered forwarding state [ 435.354292][ T7643] bridge0: port 2(bridge_slave_1) entered blocking state [ 435.361495][ T7643] bridge0: port 2(bridge_slave_1) entered forwarding state [ 435.543061][T16177] FAULT_INJECTION: forcing a failure. [ 435.543061][T16177] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 435.583427][T16177] CPU: 0 UID: 0 PID: 16177 Comm: syz.4.2981 Not tainted 6.16.0-rc4-syzkaller-01070-gd23647fd547b #0 PREEMPT(full) [ 435.583458][T16177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 435.583472][T16177] Call Trace: [ 435.583481][T16177] [ 435.583489][T16177] dump_stack_lvl+0x189/0x250 [ 435.583522][T16177] ? __pfx____ratelimit+0x10/0x10 [ 435.583551][T16177] ? __pfx_dump_stack_lvl+0x10/0x10 [ 435.583578][T16177] ? __pfx__printk+0x10/0x10 [ 435.583609][T16177] ? __might_fault+0xb0/0x130 [ 435.583650][T16177] should_fail_ex+0x414/0x560 [ 435.583689][T16177] _copy_from_user+0x2d/0xb0 [ 435.583717][T16177] ___sys_sendmsg+0x158/0x2a0 [ 435.583741][T16177] ? __pfx____sys_sendmsg+0x10/0x10 [ 435.583809][T16177] ? __might_fault+0xb0/0x130 [ 435.583840][T16177] __sys_sendmmsg+0x227/0x430 [ 435.583866][T16177] ? __pfx___sys_sendmmsg+0x10/0x10 [ 435.583883][T16177] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 435.583944][T16177] ? ksys_write+0x22a/0x250 [ 435.583973][T16177] ? __pfx_ksys_write+0x10/0x10 [ 435.584005][T16177] ? rcu_is_watching+0x15/0xb0 [ 435.584039][T16177] __x64_sys_sendmmsg+0xa0/0xc0 [ 435.584067][T16177] do_syscall_64+0xfa/0x3b0 [ 435.584094][T16177] ? lockdep_hardirqs_on+0x9c/0x150 [ 435.584121][T16177] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.584142][T16177] ? clear_bhb_loop+0x60/0xb0 [ 435.584168][T16177] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.584189][T16177] RIP: 0033:0x7fec9878e929 [ 435.584208][T16177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 435.584227][T16177] RSP: 002b:00007fec965f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 435.584250][T16177] RAX: ffffffffffffffda RBX: 00007fec989b5fa0 RCX: 00007fec9878e929 [ 435.584266][T16177] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000005 [ 435.584280][T16177] RBP: 00007fec965f6090 R08: 0000000000000000 R09: 0000000000000000 [ 435.584294][T16177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 435.584322][T16177] R13: 0000000000000000 R14: 00007fec989b5fa0 R15: 00007ffd2f6ec588 [ 435.584355][T16177] [ 436.015601][T16190] netlink: 3 bytes leftover after parsing attributes in process `syz.4.2987'. [ 436.029262][T16033] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 436.046130][T16191] Bluetooth: MGMT ver 1.23 [ 436.058985][T16190] batadv2: entered promiscuous mode [ 436.064716][T16190] batadv2: entered allmulticast mode [ 436.098206][T16193] tipc: Enabled bearer , priority 0 [ 436.137955][T16193] syzkaller0: entered promiscuous mode [ 436.146095][T16193] syzkaller0: entered allmulticast mode [ 436.220491][T16193] tipc: Resetting bearer [ 436.259926][T16191] ip6gretap0: entered promiscuous mode [ 436.285102][T16191] ip6gretap0: left promiscuous mode [ 436.392926][T16033] veth0_vlan: entered promiscuous mode [ 436.426012][T16192] tipc: Resetting bearer [ 436.520459][T16192] tipc: Disabling bearer [ 436.553347][T16033] veth1_vlan: entered promiscuous mode [ 436.562304][T16209] tipc: Enabling of bearer rejected, failed to enable media [ 436.589720][ T51] Bluetooth: hci3: command tx timeout [ 436.595839][T16209] openvswitch: netlink: Duplicate or invalid key (type 0). [ 436.618307][T16212] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 436.636800][T16209] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 436.665878][T16214] tipc: Enabling of bearer rejected, failed to enable media [ 436.708095][T16033] veth0_macvtap: entered promiscuous mode [ 436.729758][T16214] openvswitch: netlink: Duplicate or invalid key (type 0). [ 436.745308][T16033] veth1_macvtap: entered promiscuous mode [ 436.756959][T16214] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 436.767302][T16219] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 436.797640][T16033] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 436.821678][T16033] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 436.871986][ T7643] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 436.893150][ T7643] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 436.923347][ T7643] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 436.961999][ T7643] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 437.130558][ T7648] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 437.158024][ T7648] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 437.242057][ T7659] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 437.251606][ T7659] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 437.452378][T16238] FAULT_INJECTION: forcing a failure. [ 437.452378][T16238] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 437.470059][T16238] CPU: 0 UID: 0 PID: 16238 Comm: syz.1.3002 Not tainted 6.16.0-rc4-syzkaller-01070-gd23647fd547b #0 PREEMPT(full) [ 437.470086][T16238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 437.470098][T16238] Call Trace: [ 437.470105][T16238] [ 437.470113][T16238] dump_stack_lvl+0x189/0x250 [ 437.470140][T16238] ? __pfx____ratelimit+0x10/0x10 [ 437.470165][T16238] ? __pfx_dump_stack_lvl+0x10/0x10 [ 437.470188][T16238] ? __pfx__printk+0x10/0x10 [ 437.470226][T16238] should_fail_ex+0x414/0x560 [ 437.470260][T16238] _copy_to_user+0x31/0xb0 [ 437.470285][T16238] simple_read_from_buffer+0xe1/0x170 [ 437.470316][T16238] proc_fail_nth_read+0x1df/0x250 [ 437.470347][T16238] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 437.470378][T16238] ? rw_verify_area+0x258/0x650 [ 437.470399][T16238] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 437.470428][T16238] vfs_read+0x200/0x980 [ 437.470455][T16238] ? __pfx___mutex_lock+0x10/0x10 [ 437.470482][T16238] ? __pfx_vfs_read+0x10/0x10 [ 437.470506][T16238] ? __fget_files+0x2a/0x420 [ 437.470536][T16238] ? __fget_files+0x3a0/0x420 [ 437.470560][T16238] ? __fget_files+0x2a/0x420 [ 437.470604][T16238] ksys_read+0x145/0x250 [ 437.470628][T16238] ? __pfx_ksys_read+0x10/0x10 [ 437.470648][T16238] ? rcu_is_watching+0x15/0xb0 [ 437.470675][T16238] ? do_syscall_64+0xbe/0x3b0 [ 437.470705][T16238] do_syscall_64+0xfa/0x3b0 [ 437.470728][T16238] ? lockdep_hardirqs_on+0x9c/0x150 [ 437.470752][T16238] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 437.470771][T16238] ? clear_bhb_loop+0x60/0xb0 [ 437.470794][T16238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 437.470812][T16238] RIP: 0033:0x7fdc4f78d33c [ 437.470828][T16238] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 437.470843][T16238] RSP: 002b:00007fdc50627030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 437.470863][T16238] RAX: ffffffffffffffda RBX: 00007fdc4f9b5fa0 RCX: 00007fdc4f78d33c [ 437.470876][T16238] RDX: 000000000000000f RSI: 00007fdc506270a0 RDI: 0000000000000006 [ 437.470887][T16238] RBP: 00007fdc50627090 R08: 0000000000000000 R09: 0000000000000000 [ 437.470899][T16238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 437.470909][T16238] R13: 0000000000000000 R14: 00007fdc4f9b5fa0 R15: 00007ffca51a3e68 [ 437.470939][T16238] [ 437.875646][T16247] __nla_validate_parse: 3 callbacks suppressed [ 437.875663][T16247] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3004'. [ 437.957894][T16251] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 438.159284][T16256] tipc: Enabling of bearer rejected, failed to enable media [ 438.183687][T16256] openvswitch: netlink: Duplicate or invalid key (type 0). [ 438.192125][T16256] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 438.329117][T16263] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3009'. [ 438.480851][T16269] netlink: 3 bytes leftover after parsing attributes in process `syz.4.3012'. [ 438.497476][T16269] batadv3: entered promiscuous mode [ 438.503312][T16269] batadv3: entered allmulticast mode [ 438.512069][T16271] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 438.696875][T16269] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3012'. [ 438.744054][ T7648] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 439.262115][ T5848] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 439.277637][ T5848] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 439.286118][ T5848] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 439.295742][ T5848] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 439.307334][ T5848] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 439.378388][T16278] lo speed is unknown, defaulting to 1000 [ 439.444591][ T7648] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 439.662017][T16278] chnl_net:caif_netlink_parms(): no params data found [ 439.696604][ T7648] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 439.768743][ T7648] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 439.803040][T16278] bridge0: port 1(bridge_slave_0) entered blocking state [ 439.810308][T16278] bridge0: port 1(bridge_slave_0) entered disabled state [ 439.819347][T16278] bridge_slave_0: entered allmulticast mode [ 439.826619][T16278] bridge_slave_0: entered promiscuous mode [ 439.835033][T16278] bridge0: port 2(bridge_slave_1) entered blocking state [ 439.843984][T16278] bridge0: port 2(bridge_slave_1) entered disabled state [ 439.851404][T16278] bridge_slave_1: entered allmulticast mode [ 439.858945][T16278] bridge_slave_1: entered promiscuous mode [ 439.897423][T16278] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 439.909367][T16278] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 439.974077][T16278] team0: Port device team_slave_0 added [ 439.999036][T16278] team0: Port device team_slave_1 added [ 440.036854][ T7648] bridge_slave_1: left allmulticast mode [ 440.046694][ T7648] bridge_slave_1: left promiscuous mode [ 440.052494][ T7648] bridge0: port 2(bridge_slave_1) entered disabled state [ 440.062813][ T7648] bridge_slave_0: left allmulticast mode [ 440.068461][ T7648] bridge_slave_0: left promiscuous mode [ 440.074670][ T7648] bridge0: port 1(bridge_slave_0) entered disabled state [ 440.344190][ T7648] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 440.356312][ T7648] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 440.367073][ T7648] bond0 (unregistering): Released all slaves [ 440.398208][T16278] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 440.405891][T16278] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 440.432034][T16278] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 440.444857][T16278] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 440.451991][T16278] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 440.479143][T16278] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 440.776056][T16299] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3020'. [ 440.795763][T16299] netlink: 'syz.0.3020': attribute type 5 has an invalid length. [ 440.803893][T16299] netlink: 'syz.0.3020': attribute type 7 has an invalid length. [ 440.814639][T16302] netlink: 'syz.2.3018': attribute type 9 has an invalid length. [ 440.837741][T16299] netlink: 'syz.0.3020': attribute type 8 has an invalid length. [ 440.855299][T16278] hsr_slave_0: entered promiscuous mode [ 440.878124][T16278] hsr_slave_1: entered promiscuous mode [ 440.885633][T16299] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3020'. [ 440.904978][T16278] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 440.922702][T16278] Cannot create hsr debugfs directory [ 440.924101][T16305] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3021'. [ 441.082755][T16307] netlink: 'syz.4.3022': attribute type 21 has an invalid length. [ 441.114753][T16307] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3022'. [ 441.165997][T16313] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 441.187320][T16307] netlink: 'syz.4.3022': attribute type 5 has an invalid length. [ 441.191228][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 441.203093][T16307] netlink: 'syz.4.3022': attribute type 6 has an invalid length. [ 441.205630][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 441.219649][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 441.227058][T16307] netlink: 3 bytes leftover after parsing attributes in process `syz.4.3022'. [ 441.237370][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 441.245142][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 441.380334][ T51] Bluetooth: hci3: command tx timeout [ 441.393730][T16321] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 441.529621][T16314] lo speed is unknown, defaulting to 1000 [ 441.578154][ T7648] hsr_slave_0: left promiscuous mode [ 441.598578][ T7648] hsr_slave_1: left promiscuous mode [ 441.606801][ T7648] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 441.615064][ T7648] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 441.623551][ T7648] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 441.631233][ T7648] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 441.662885][T16326] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3028'. [ 441.677050][ T7648] veth1_macvtap: left promiscuous mode [ 441.690384][ T7648] veth0_macvtap: left promiscuous mode [ 441.696194][ T7648] veth1_vlan: left promiscuous mode [ 441.707845][ T7648] veth0_vlan: left promiscuous mode [ 442.222344][ T7648] team0 (unregistering): Port device team_slave_1 removed [ 442.283785][ T7648] team0 (unregistering): Port device team_slave_0 removed [ 442.378134][T16339] FAULT_INJECTION: forcing a failure. [ 442.378134][T16339] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 442.392782][T16339] CPU: 0 UID: 0 PID: 16339 Comm: syz.2.3033 Not tainted 6.16.0-rc4-syzkaller-01070-gd23647fd547b #0 PREEMPT(full) [ 442.392811][T16339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 442.392824][T16339] Call Trace: [ 442.392833][T16339] [ 442.392842][T16339] dump_stack_lvl+0x189/0x250 [ 442.392871][T16339] ? __pfx____ratelimit+0x10/0x10 [ 442.392898][T16339] ? __pfx_dump_stack_lvl+0x10/0x10 [ 442.392922][T16339] ? __pfx__printk+0x10/0x10 [ 442.392961][T16339] should_fail_ex+0x414/0x560 [ 442.392996][T16339] _copy_to_user+0x31/0xb0 [ 442.393022][T16339] simple_read_from_buffer+0xe1/0x170 [ 442.393054][T16339] proc_fail_nth_read+0x1df/0x250 [ 442.393087][T16339] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 442.393126][T16339] ? rw_verify_area+0x258/0x650 [ 442.393156][T16339] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 442.393188][T16339] vfs_read+0x200/0x980 [ 442.393236][T16339] ? __pfx___mutex_lock+0x10/0x10 [ 442.393264][T16339] ? __pfx_vfs_read+0x10/0x10 [ 442.393288][T16339] ? __fget_files+0x2a/0x420 [ 442.393321][T16339] ? __fget_files+0x3a0/0x420 [ 442.393349][T16339] ? __fget_files+0x2a/0x420 [ 442.393390][T16339] ksys_read+0x145/0x250 [ 442.393418][T16339] ? __pfx_ksys_read+0x10/0x10 [ 442.393442][T16339] ? rcu_is_watching+0x15/0xb0 [ 442.393475][T16339] ? do_syscall_64+0xbe/0x3b0 [ 442.393510][T16339] do_syscall_64+0xfa/0x3b0 [ 442.393538][T16339] ? lockdep_hardirqs_on+0x9c/0x150 [ 442.393566][T16339] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 442.393589][T16339] ? clear_bhb_loop+0x60/0xb0 [ 442.393621][T16339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 442.393643][T16339] RIP: 0033:0x7f3dac98d33c [ 442.393663][T16339] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 442.393683][T16339] RSP: 002b:00007f3dad821030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 442.393707][T16339] RAX: ffffffffffffffda RBX: 00007f3dacbb5fa0 RCX: 00007f3dac98d33c [ 442.393724][T16339] RDX: 000000000000000f RSI: 00007f3dad8210a0 RDI: 0000000000000004 [ 442.393738][T16339] RBP: 00007f3dad821090 R08: 0000000000000000 R09: 0000000000000000 [ 442.393753][T16339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 442.393767][T16339] R13: 0000000000000000 R14: 00007f3dacbb5fa0 R15: 00007ffe82f43738 [ 442.393803][T16339] [ 443.138978][T16278] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 443.160212][T16278] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.181239][T16347] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 443.262875][T16278] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 443.275369][T16278] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.299787][ T51] Bluetooth: hci4: command tx timeout [ 443.373755][T16278] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 443.383900][T16278] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.459538][ T51] Bluetooth: hci3: command tx timeout [ 443.554018][T16314] chnl_net:caif_netlink_parms(): no params data found [ 443.578726][T16278] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 443.590274][T16278] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.688389][T16357] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 443.782063][T16314] bridge0: port 1(bridge_slave_0) entered blocking state [ 443.791453][T16314] bridge0: port 1(bridge_slave_0) entered disabled state [ 443.798713][T16314] bridge_slave_0: entered allmulticast mode [ 443.806761][T16314] bridge_slave_0: entered promiscuous mode [ 443.829307][T16314] bridge0: port 2(bridge_slave_1) entered blocking state [ 443.837574][T16314] bridge0: port 2(bridge_slave_1) entered disabled state [ 443.847592][T16314] bridge_slave_1: entered allmulticast mode [ 443.855481][T16314] bridge_slave_1: entered promiscuous mode [ 443.929956][T16314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 443.943252][T16314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 443.964028][T16278] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 444.011941][T16278] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 444.076587][T16314] team0: Port device team_slave_0 added [ 444.097932][T16314] team0: Port device team_slave_1 added [ 444.114433][T16278] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 444.213444][T16278] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 444.238709][T16314] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 444.261308][T16314] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 444.288007][T16314] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 444.309714][T16314] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 444.316688][T16314] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 444.351289][T16314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 444.407071][T16365] lo speed is unknown, defaulting to 1000 [ 444.437690][T16363] lo speed is unknown, defaulting to 1000 [ 444.473702][T16314] hsr_slave_0: entered promiscuous mode [ 444.484796][T16314] hsr_slave_1: entered promiscuous mode [ 444.495636][T16314] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 444.504094][T16314] Cannot create hsr debugfs directory [ 444.555034][T16377] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3043'. [ 444.587463][T16377] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3043'. [ 444.610305][T16377] netlink: 'syz.4.3043': attribute type 13 has an invalid length. [ 444.618143][T16377] netlink: 'syz.4.3043': attribute type 12 has an invalid length. [ 444.958865][T16381] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000035: 0000 [#1] SMP KASAN PTI [ 444.970804][T16381] KASAN: null-ptr-deref in range [0x00000000000001a8-0x00000000000001af] [ 444.979223][T16381] CPU: 0 UID: 0 PID: 16381 Comm: syz.2.3046 Not tainted 6.16.0-rc4-syzkaller-01070-gd23647fd547b #0 PREEMPT(full) [ 444.991293][T16381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 445.001353][T16381] RIP: 0010:htb_qlen_notify+0x31/0xc0 [ 445.006743][T16381] Code: 41 56 41 55 41 54 53 49 89 f6 49 89 ff 49 bc 00 00 00 00 00 fc ff df e8 fd 54 3e f8 49 8d 9e a8 01 00 00 49 89 dd 49 c1 ed 03 <43> 0f b6 44 25 00 84 c0 75 4d 8b 2b 31 ff 89 ee e8 1a 59 3e f8 85 [ 445.026347][T16381] RSP: 0018:ffffc900035270b0 EFLAGS: 00010206 [ 445.032415][T16381] RAX: ffffffff89820b03 RBX: 00000000000001a8 RCX: 0000000000080000 [ 445.040378][T16381] RDX: ffffc9000bdbb000 RSI: 0000000000000370 RDI: 0000000000000371 [ 445.048347][T16381] RBP: dffffc0000000000 R08: ffff88802641bc00 R09: 0000000000000002 [ 445.056315][T16381] R10: 00000000ffffffff R11: ffffffff89820ae0 R12: dffffc0000000000 [ 445.064285][T16381] R13: 0000000000000035 R14: 0000000000000000 R15: ffff88803092c000 [ 445.072273][T16381] FS: 00007f3dad8216c0(0000) GS:ffff888125c14000(0000) knlGS:0000000000000000 [ 445.081202][T16381] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 445.087780][T16381] CR2: 0000001b3071fffc CR3: 000000007b01e000 CR4: 00000000003526f0 [ 445.095753][T16381] Call Trace: [ 445.099036][T16381] [ 445.101969][T16381] qdisc_tree_reduce_backlog+0x29c/0x480 [ 445.107604][T16381] ? qdisc_tree_reduce_backlog+0x3c/0x480 [ 445.113328][T16381] codel_change+0x859/0xae0 [ 445.117844][T16381] ? is_dynamic_key+0xd6/0x1c0 [ 445.122625][T16381] ? qdisc_alloc+0x789/0xaa0 [ 445.127216][T16381] ? qdisc_create+0x12c/0xea0 [ 445.131887][T16381] ? rtnetlink_rcv_msg+0x779/0xb70 [ 445.137021][T16381] ? netlink_rcv_skb+0x205/0x470 [ 445.141980][T16381] ? netlink_unicast+0x758/0x8d0 [ 445.146926][T16381] ? netlink_sendmsg+0x805/0xb30 [ 445.151862][T16381] ? __sock_sendmsg+0x219/0x270 [ 445.156716][T16381] ? ____sys_sendmsg+0x505/0x830 [ 445.161659][T16381] ? ___sys_sendmsg+0x21f/0x2a0 [ 445.166513][T16381] ? __x64_sys_sendmsg+0x19b/0x260 [ 445.171619][T16381] ? __pfx_codel_change+0x10/0x10 [ 445.176653][T16381] codel_init+0x1f7/0x3e0 [ 445.180981][T16381] ? __pfx_codel_init+0x10/0x10 [ 445.185921][T16381] qdisc_create+0x7ac/0xea0 [ 445.190429][T16381] tc_modify_qdisc+0x1426/0x2010 [ 445.195379][T16381] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 445.200673][T16381] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 445.205964][T16381] rtnetlink_rcv_msg+0x779/0xb70 [ 445.210906][T16381] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 445.216039][T16381] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 445.221508][T16381] ? ref_tracker_free+0x63a/0x7d0 [ 445.226526][T16381] ? __copy_skb_header+0xa7/0x550 [ 445.231547][T16381] ? __pfx_ref_tracker_free+0x10/0x10 [ 445.237002][T16381] netlink_rcv_skb+0x205/0x470 [ 445.241768][T16381] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 445.247224][T16381] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 445.252515][T16381] ? netlink_deliver_tap+0x2e/0x1b0 [ 445.257712][T16381] ? netlink_deliver_tap+0x2e/0x1b0 [ 445.262915][T16381] netlink_unicast+0x758/0x8d0 [ 445.267689][T16381] netlink_sendmsg+0x805/0xb30 [ 445.272468][T16381] ? __pfx_netlink_sendmsg+0x10/0x10 [ 445.277764][T16381] ? aa_sock_msg_perm+0x94/0x160 [ 445.282711][T16381] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 445.287997][T16381] ? __pfx_netlink_sendmsg+0x10/0x10 [ 445.293294][T16381] __sock_sendmsg+0x219/0x270 [ 445.297982][T16381] ____sys_sendmsg+0x505/0x830 [ 445.302750][T16381] ? __pfx_____sys_sendmsg+0x10/0x10 [ 445.308134][T16381] ? import_iovec+0x74/0xa0 [ 445.312647][T16381] ___sys_sendmsg+0x21f/0x2a0 [ 445.317323][T16381] ? __pfx____sys_sendmsg+0x10/0x10 [ 445.322528][T16381] ? __fget_files+0x2a/0x420 [ 445.327118][T16381] ? __fget_files+0x3a0/0x420 [ 445.331815][T16381] __x64_sys_sendmsg+0x19b/0x260 [ 445.336770][T16381] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 445.342234][T16381] ? rcu_is_watching+0x15/0xb0 [ 445.347021][T16381] ? do_syscall_64+0xbe/0x3b0 [ 445.351703][T16381] do_syscall_64+0xfa/0x3b0 [ 445.356206][T16381] ? lockdep_hardirqs_on+0x9c/0x150 [ 445.361406][T16381] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 445.367469][T16381] ? clear_bhb_loop+0x60/0xb0 [ 445.372232][T16381] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 445.378132][T16381] RIP: 0033:0x7f3dac98e929 [ 445.382544][T16381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 445.402151][T16381] RSP: 002b:00007f3dad821038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 445.410566][T16381] RAX: ffffffffffffffda RBX: 00007f3dacbb5fa0 RCX: 00007f3dac98e929 [ 445.418535][T16381] RDX: 0000000000000800 RSI: 0000200000000100 RDI: 0000000000000007 [ 445.426499][T16381] RBP: 00007f3daca10b39 R08: 0000000000000000 R09: 0000000000000000 [ 445.434466][T16381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 445.442449][T16381] R13: 0000000000000000 R14: 00007f3dacbb5fa0 R15: 00007ffe82f43738 [ 445.450430][T16381] [ 445.453592][T16381] Modules linked in: [ 445.457592][T16381] ---[ end trace 0000000000000000 ]--- [ 445.458860][ T51] Bluetooth: hci4: command tx timeout [ 445.463080][T16381] RIP: 0010:htb_qlen_notify+0x31/0xc0 [ 445.463114][T16381] Code: 41 56 41 55 41 54 53 49 89 f6 49 89 ff 49 bc 00 00 00 00 00 fc ff df e8 fd 54 3e f8 49 8d 9e a8 01 00 00 49 89 dd 49 c1 ed 03 <43> 0f b6 44 25 00 84 c0 75 4d 8b 2b 31 ff 89 ee e8 1a 59 3e f8 85 [ 445.463133][T16381] RSP: 0018:ffffc900035270b0 EFLAGS: 00010206 [ 445.463157][T16381] RAX: ffffffff89820b03 RBX: 00000000000001a8 RCX: 0000000000080000 [ 445.463172][T16381] RDX: ffffc9000bdbb000 RSI: 0000000000000370 RDI: 0000000000000371 [ 445.463187][T16381] RBP: dffffc0000000000 R08: ffff88802641bc00 R09: 0000000000000002 [ 445.463220][T16381] R10: 00000000ffffffff R11: ffffffff89820ae0 R12: dffffc0000000000 [ 445.463238][T16381] R13: 0000000000000035 R14: 0000000000000000 R15: ffff88803092c000 [ 445.539732][T16381] FS: 00007f3dad8216c0(0000) GS:ffff888125c14000(0000) knlGS:0000000000000000 [ 445.548666][T16381] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 445.549721][ T51] Bluetooth: hci3: command tx timeout [ 445.555277][T16381] CR2: 0000001b3071fffc CR3: 000000007b01e000 CR4: 00000000003526f0 [ 445.568751][T16381] Kernel panic - not syncing: Fatal exception in interrupt [ 445.576269][T16381] Kernel Offset: disabled [ 445.580591][T16381] Rebooting in 86400 seconds..