last executing test programs: 57.361897753s ago: executing program 4 (id=197): sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003480)=[{{0x0, 0x0, &(0x7f0000001200)=[{&(0x7f00000000c0)="91a2604f6bac00f578e4366d6fd2afa1ac8b092fd1747be714ca8523f68bed455ef5ee8fc246a73e1676334e17317f4451c96b9481fe", 0x36}, {&(0x7f0000000200)="3fcf84a4fe6cbd7b10a69b830167d858798e30d4cc740c2896892f99", 0x1c}], 0x2}}], 0x1, 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) sendmmsg(r0, &(0x7f0000001640)=[{{0x0, 0x0, 0x0}}], 0x34000, 0xffffff97) 56.83599931s ago: executing program 4 (id=204): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) (async) sendmmsg(r1, &(0x7f00000058c0)=[{{0x0, 0x0, &(0x7f0000001900), 0x0, &(0x7f0000000700)=ANY=[@ANYRES32=r1, @ANYRES8=r0], 0x40}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000004780)=ANY=[], 0x278}}, {{&(0x7f0000004a40)=@l2tp6={0xa, 0x0, 0x200, @mcast1, 0x8, 0x3}, 0x80, &(0x7f0000006b80)}}, {{&(0x7f0000005340)=@un=@abs={0x0, 0x0, 0x4e22}, 0x80, &(0x7f0000005540), 0x0, &(0x7f0000005580)}}], 0x4, 0x40000) (async, rerun: 64) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) (rerun: 64) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) (async) setsockopt$sock_int(r2, 0x1, 0x20, &(0x7f0000000100)=0x9, 0x4) (async) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000008000000000000000000611200000000000095", @ANYBLOB="51378b5b84b4f1872262062475b56eb5f0b0362b442a3efddaaf357a1573564182e4350962aaebf73155cc1b7fb4e865e324ffd91d966218237a8e8dd42cf36158a1273824de2aeb9f08016b76fa589637243533450cdbd6a0463e7d7cd5493e948398efaa8946b6fa99897ca6631549c43fd54c3b8977ce761b982d872cef1c76a5542c7153139dd1ef1435251dbd4c923ec00785de32e89be73cc5b1e3494f74992710f289c254432f5b464245147780cb5cf13fb44ecfd34f30dcb7e9ec4526a62550c52f98abb227c1591cc0588824f7e760a379", @ANYRES8=r1, @ANYRESOCT=r1, @ANYRES8=r1, @ANYRESOCT=r2], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x8, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async) ioctl$BTRFS_IOC_INO_PATHS(r2, 0xc0389423, &(0x7f0000000380)={0xffffffffffffffff, 0x0, [0x1, 0xffffffffffffff1d, 0x5, 0xb85], &(0x7f0000000340)}) write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[], 0x32600) (async) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0700000004000000180000008e02000000000000", @ANYRES32, @ANYBLOB="18010000100300000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000001a00"/28], 0x48) r4 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r4, &(0x7f0000000000), 0x10) (async) setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, 0x0, 0xfffffda9) (async) socket$inet_udplite(0x2, 0x2, 0x88) (async) r5 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) r6 = socket$tipc(0x1e, 0x5, 0x0) (async) r7 = syz_genetlink_get_family_id$smc(&(0x7f0000000400), r3) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb0100180000000200000000"], 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) sendmsg$SMC_PNETID_GET(r3, &(0x7f00000006c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000640)=ANY=[@ANYBLOB="6c000300", @ANYRES16=r7, @ANYBLOB="000426bd7000fbdbdf25010000000900030073797a31000000000900030073797a32000000000900030073797a300000000005000400010000000900030073797a310000000014000200767863616e31000000000000000000000900010073797a3100000000"], 0x6c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40042) (async, rerun: 64) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) (rerun: 64) r8 = socket$tipc(0x1e, 0x2, 0x0) (async, rerun: 64) r9 = socket$tipc(0x1e, 0x2, 0x0) (rerun: 64) setsockopt$TIPC_GROUP_JOIN(r9, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r8, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r8, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f00000002c0)={&(0x7f0000000140)="eca815787e378ad41abb3da017d11fd0bc464113356ee7641ed55d711a10706329e41e73281ddec339c7468b602742444e26fa0c6187c9156dccfd4dbf293d3407e98c80", &(0x7f0000000a00)=""/4096, &(0x7f00000001c0)="e2a110df945073da499537cb1d01492d4b687cd784f05c3557014b8cce886272fb533d5fd018da2fd74d285df1de92e93ddfb4c8c084f7c9f13e690ad850567bd9880e008b5888d3f3d8262ed4249c23d878ef5bb8d969c9aa8be0e4a2c42f3ac558a219bbcd7da7afcbe9de7aeedd15e141970620c3afe450da8e590847af210bf8fa7138c4e9cc202b349a46170c326a4a09f8ab7c8c2aed5768b5e7ba02eb553668bdd31786b4ed8682eff1a7a60cb9596cc14e023cdf487a32dcd47dc582d0595d6a2a70308618efb692b0873066f7", &(0x7f0000000000)="9cf88698ce75317aed06817e9f55821d2d877233b5ab0f3259bfc5ea9a95af16c9c676ff497494d6b6d1f4a320e073b2", 0x0, r3}, 0x38) 42.92080947s ago: executing program 4 (id=204): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) (async) sendmmsg(r1, &(0x7f00000058c0)=[{{0x0, 0x0, &(0x7f0000001900), 0x0, &(0x7f0000000700)=ANY=[@ANYRES32=r1, @ANYRES8=r0], 0x40}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000004780)=ANY=[], 0x278}}, {{&(0x7f0000004a40)=@l2tp6={0xa, 0x0, 0x200, @mcast1, 0x8, 0x3}, 0x80, &(0x7f0000006b80)}}, {{&(0x7f0000005340)=@un=@abs={0x0, 0x0, 0x4e22}, 0x80, &(0x7f0000005540), 0x0, &(0x7f0000005580)}}], 0x4, 0x40000) (async, rerun: 64) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) (rerun: 64) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) (async) setsockopt$sock_int(r2, 0x1, 0x20, &(0x7f0000000100)=0x9, 0x4) (async) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000008000000000000000000611200000000000095", @ANYBLOB="51378b5b84b4f1872262062475b56eb5f0b0362b442a3efddaaf357a1573564182e4350962aaebf73155cc1b7fb4e865e324ffd91d966218237a8e8dd42cf36158a1273824de2aeb9f08016b76fa589637243533450cdbd6a0463e7d7cd5493e948398efaa8946b6fa99897ca6631549c43fd54c3b8977ce761b982d872cef1c76a5542c7153139dd1ef1435251dbd4c923ec00785de32e89be73cc5b1e3494f74992710f289c254432f5b464245147780cb5cf13fb44ecfd34f30dcb7e9ec4526a62550c52f98abb227c1591cc0588824f7e760a379", @ANYRES8=r1, @ANYRESOCT=r1, @ANYRES8=r1, @ANYRESOCT=r2], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x8, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async) ioctl$BTRFS_IOC_INO_PATHS(r2, 0xc0389423, &(0x7f0000000380)={0xffffffffffffffff, 0x0, [0x1, 0xffffffffffffff1d, 0x5, 0xb85], &(0x7f0000000340)}) write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[], 0x32600) (async) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0700000004000000180000008e02000000000000", @ANYRES32, @ANYBLOB="18010000100300000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000001a00"/28], 0x48) r4 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r4, &(0x7f0000000000), 0x10) (async) setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, 0x0, 0xfffffda9) (async) socket$inet_udplite(0x2, 0x2, 0x88) (async) r5 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) r6 = socket$tipc(0x1e, 0x5, 0x0) (async) r7 = syz_genetlink_get_family_id$smc(&(0x7f0000000400), r3) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb0100180000000200000000"], 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) sendmsg$SMC_PNETID_GET(r3, &(0x7f00000006c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000640)=ANY=[@ANYBLOB="6c000300", @ANYRES16=r7, @ANYBLOB="000426bd7000fbdbdf25010000000900030073797a31000000000900030073797a32000000000900030073797a300000000005000400010000000900030073797a310000000014000200767863616e31000000000000000000000900010073797a3100000000"], 0x6c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40042) (async, rerun: 64) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) (rerun: 64) r8 = socket$tipc(0x1e, 0x2, 0x0) (async, rerun: 64) r9 = socket$tipc(0x1e, 0x2, 0x0) (rerun: 64) setsockopt$TIPC_GROUP_JOIN(r9, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r8, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r8, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f00000002c0)={&(0x7f0000000140)="eca815787e378ad41abb3da017d11fd0bc464113356ee7641ed55d711a10706329e41e73281ddec339c7468b602742444e26fa0c6187c9156dccfd4dbf293d3407e98c80", &(0x7f0000000a00)=""/4096, &(0x7f00000001c0)="e2a110df945073da499537cb1d01492d4b687cd784f05c3557014b8cce886272fb533d5fd018da2fd74d285df1de92e93ddfb4c8c084f7c9f13e690ad850567bd9880e008b5888d3f3d8262ed4249c23d878ef5bb8d969c9aa8be0e4a2c42f3ac558a219bbcd7da7afcbe9de7aeedd15e141970620c3afe450da8e590847af210bf8fa7138c4e9cc202b349a46170c326a4a09f8ab7c8c2aed5768b5e7ba02eb553668bdd31786b4ed8682eff1a7a60cb9596cc14e023cdf487a32dcd47dc582d0595d6a2a70308618efb692b0873066f7", &(0x7f0000000000)="9cf88698ce75317aed06817e9f55821d2d877233b5ab0f3259bfc5ea9a95af16c9c676ff497494d6b6d1f4a320e073b2", 0x0, r3}, 0x38) 28.970934831s ago: executing program 4 (id=204): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) (async) sendmmsg(r1, &(0x7f00000058c0)=[{{0x0, 0x0, &(0x7f0000001900), 0x0, &(0x7f0000000700)=ANY=[@ANYRES32=r1, @ANYRES8=r0], 0x40}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000004780)=ANY=[], 0x278}}, {{&(0x7f0000004a40)=@l2tp6={0xa, 0x0, 0x200, @mcast1, 0x8, 0x3}, 0x80, &(0x7f0000006b80)}}, {{&(0x7f0000005340)=@un=@abs={0x0, 0x0, 0x4e22}, 0x80, &(0x7f0000005540), 0x0, &(0x7f0000005580)}}], 0x4, 0x40000) (async, rerun: 64) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) (rerun: 64) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) (async) setsockopt$sock_int(r2, 0x1, 0x20, &(0x7f0000000100)=0x9, 0x4) (async) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000008000000000000000000611200000000000095", @ANYBLOB="51378b5b84b4f1872262062475b56eb5f0b0362b442a3efddaaf357a1573564182e4350962aaebf73155cc1b7fb4e865e324ffd91d966218237a8e8dd42cf36158a1273824de2aeb9f08016b76fa589637243533450cdbd6a0463e7d7cd5493e948398efaa8946b6fa99897ca6631549c43fd54c3b8977ce761b982d872cef1c76a5542c7153139dd1ef1435251dbd4c923ec00785de32e89be73cc5b1e3494f74992710f289c254432f5b464245147780cb5cf13fb44ecfd34f30dcb7e9ec4526a62550c52f98abb227c1591cc0588824f7e760a379", @ANYRES8=r1, @ANYRESOCT=r1, @ANYRES8=r1, @ANYRESOCT=r2], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x8, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async) ioctl$BTRFS_IOC_INO_PATHS(r2, 0xc0389423, &(0x7f0000000380)={0xffffffffffffffff, 0x0, [0x1, 0xffffffffffffff1d, 0x5, 0xb85], &(0x7f0000000340)}) write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[], 0x32600) (async) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0700000004000000180000008e02000000000000", @ANYRES32, @ANYBLOB="18010000100300000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000001a00"/28], 0x48) r4 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r4, &(0x7f0000000000), 0x10) (async) setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, 0x0, 0xfffffda9) (async) socket$inet_udplite(0x2, 0x2, 0x88) (async) r5 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) r6 = socket$tipc(0x1e, 0x5, 0x0) (async) r7 = syz_genetlink_get_family_id$smc(&(0x7f0000000400), r3) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb0100180000000200000000"], 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) sendmsg$SMC_PNETID_GET(r3, &(0x7f00000006c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000640)=ANY=[@ANYBLOB="6c000300", @ANYRES16=r7, @ANYBLOB="000426bd7000fbdbdf25010000000900030073797a31000000000900030073797a32000000000900030073797a300000000005000400010000000900030073797a310000000014000200767863616e31000000000000000000000900010073797a3100000000"], 0x6c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40042) (async, rerun: 64) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) (rerun: 64) r8 = socket$tipc(0x1e, 0x2, 0x0) (async, rerun: 64) r9 = socket$tipc(0x1e, 0x2, 0x0) (rerun: 64) setsockopt$TIPC_GROUP_JOIN(r9, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r8, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r8, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f00000002c0)={&(0x7f0000000140)="eca815787e378ad41abb3da017d11fd0bc464113356ee7641ed55d711a10706329e41e73281ddec339c7468b602742444e26fa0c6187c9156dccfd4dbf293d3407e98c80", &(0x7f0000000a00)=""/4096, &(0x7f00000001c0)="e2a110df945073da499537cb1d01492d4b687cd784f05c3557014b8cce886272fb533d5fd018da2fd74d285df1de92e93ddfb4c8c084f7c9f13e690ad850567bd9880e008b5888d3f3d8262ed4249c23d878ef5bb8d969c9aa8be0e4a2c42f3ac558a219bbcd7da7afcbe9de7aeedd15e141970620c3afe450da8e590847af210bf8fa7138c4e9cc202b349a46170c326a4a09f8ab7c8c2aed5768b5e7ba02eb553668bdd31786b4ed8682eff1a7a60cb9596cc14e023cdf487a32dcd47dc582d0595d6a2a70308618efb692b0873066f7", &(0x7f0000000000)="9cf88698ce75317aed06817e9f55821d2d877233b5ab0f3259bfc5ea9a95af16c9c676ff497494d6b6d1f4a320e073b2", 0x0, r3}, 0x38) 15.892319698s ago: executing program 4 (id=204): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) (async) sendmmsg(r1, &(0x7f00000058c0)=[{{0x0, 0x0, &(0x7f0000001900), 0x0, &(0x7f0000000700)=ANY=[@ANYRES32=r1, @ANYRES8=r0], 0x40}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000004780)=ANY=[], 0x278}}, {{&(0x7f0000004a40)=@l2tp6={0xa, 0x0, 0x200, @mcast1, 0x8, 0x3}, 0x80, &(0x7f0000006b80)}}, {{&(0x7f0000005340)=@un=@abs={0x0, 0x0, 0x4e22}, 0x80, &(0x7f0000005540), 0x0, &(0x7f0000005580)}}], 0x4, 0x40000) (async, rerun: 64) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) (rerun: 64) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) (async) setsockopt$sock_int(r2, 0x1, 0x20, &(0x7f0000000100)=0x9, 0x4) (async) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000008000000000000000000611200000000000095", @ANYBLOB="51378b5b84b4f1872262062475b56eb5f0b0362b442a3efddaaf357a1573564182e4350962aaebf73155cc1b7fb4e865e324ffd91d966218237a8e8dd42cf36158a1273824de2aeb9f08016b76fa589637243533450cdbd6a0463e7d7cd5493e948398efaa8946b6fa99897ca6631549c43fd54c3b8977ce761b982d872cef1c76a5542c7153139dd1ef1435251dbd4c923ec00785de32e89be73cc5b1e3494f74992710f289c254432f5b464245147780cb5cf13fb44ecfd34f30dcb7e9ec4526a62550c52f98abb227c1591cc0588824f7e760a379", @ANYRES8=r1, @ANYRESOCT=r1, @ANYRES8=r1, @ANYRESOCT=r2], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x8, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async) ioctl$BTRFS_IOC_INO_PATHS(r2, 0xc0389423, &(0x7f0000000380)={0xffffffffffffffff, 0x0, [0x1, 0xffffffffffffff1d, 0x5, 0xb85], &(0x7f0000000340)}) write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[], 0x32600) (async) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0700000004000000180000008e02000000000000", @ANYRES32, @ANYBLOB="18010000100300000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000001a00"/28], 0x48) r4 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r4, &(0x7f0000000000), 0x10) (async) setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, 0x0, 0xfffffda9) (async) socket$inet_udplite(0x2, 0x2, 0x88) (async) r5 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) r6 = socket$tipc(0x1e, 0x5, 0x0) (async) r7 = syz_genetlink_get_family_id$smc(&(0x7f0000000400), r3) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb0100180000000200000000"], 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) sendmsg$SMC_PNETID_GET(r3, &(0x7f00000006c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000640)=ANY=[@ANYBLOB="6c000300", @ANYRES16=r7, @ANYBLOB="000426bd7000fbdbdf25010000000900030073797a31000000000900030073797a32000000000900030073797a300000000005000400010000000900030073797a310000000014000200767863616e31000000000000000000000900010073797a3100000000"], 0x6c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40042) (async, rerun: 64) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) (rerun: 64) r8 = socket$tipc(0x1e, 0x2, 0x0) (async, rerun: 64) r9 = socket$tipc(0x1e, 0x2, 0x0) (rerun: 64) setsockopt$TIPC_GROUP_JOIN(r9, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r8, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r8, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f00000002c0)={&(0x7f0000000140)="eca815787e378ad41abb3da017d11fd0bc464113356ee7641ed55d711a10706329e41e73281ddec339c7468b602742444e26fa0c6187c9156dccfd4dbf293d3407e98c80", &(0x7f0000000a00)=""/4096, &(0x7f00000001c0)="e2a110df945073da499537cb1d01492d4b687cd784f05c3557014b8cce886272fb533d5fd018da2fd74d285df1de92e93ddfb4c8c084f7c9f13e690ad850567bd9880e008b5888d3f3d8262ed4249c23d878ef5bb8d969c9aa8be0e4a2c42f3ac558a219bbcd7da7afcbe9de7aeedd15e141970620c3afe450da8e590847af210bf8fa7138c4e9cc202b349a46170c326a4a09f8ab7c8c2aed5768b5e7ba02eb553668bdd31786b4ed8682eff1a7a60cb9596cc14e023cdf487a32dcd47dc582d0595d6a2a70308618efb692b0873066f7", &(0x7f0000000000)="9cf88698ce75317aed06817e9f55821d2d877233b5ab0f3259bfc5ea9a95af16c9c676ff497494d6b6d1f4a320e073b2", 0x0, r3}, 0x38) 4.260920594s ago: executing program 1 (id=653): socket(0x10, 0x3, 0x0) (async) r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x3c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x4}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24000080}, 0x20000000) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="18000000000000000000000000000000711213000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r5) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="410000000000000001000603000014000300060a0004090300f006e8ffffffffffff07000700263a0909140002"], 0x44}, 0x1, 0x1000000}, 0x0) sendmsg$NLBL_UNLABEL_C_ACCEPT(r3, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x18000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000180)={0x68, r6, 0x424, 0x70bd28, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'ip6gretap0\x00'}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @rand_addr=0x64010101}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'wg1\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'virt_wifi0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @local}]}, 0x68}, 0x1, 0x0, 0x0, 0x24004880}, 0x40) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000004c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x18}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x80000000}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) (async) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000004c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x18}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x80000000}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r7, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 3.940287043s ago: executing program 0 (id=655): r0 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001040)=ANY=[@ANYBLOB="380000000414010000000000fff0000008"], 0x38}}, 0x0) 3.804268498s ago: executing program 1 (id=657): syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) close(r0) r1 = socket$caif_stream(0x25, 0x1, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket(0x840000000002, 0x3, 0x100) sendmmsg$inet(r2, 0x0, 0x0, 0x401eb94) unshare(0x6a040000) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket$phonet_pipe(0x23, 0x5, 0x2) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @private2}], 0x1c) connect$caif(r1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="611570000000000061136c0000000000bfa000000000000014000000ee0016055e03010000000000160500000001000069163e0000000000bf07000000000000260507000fff07206706000020000000140600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r4 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000280)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_PMKSA(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="88000000", @ANYRES16=r6, @ANYBLOB="e1528e3c9f0c000000003400000008000300", @ANYRES32=r7, @ANYBLOB="08001f01ff0100000a00060050505050505000000600fd0001000000140055"], 0x88}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x12, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r4}, @generic={0x66}, @initr0, @exit, @printk={@x={0x18, 0x0}, {0x3, 0x0, 0x6, 0xa, 0x1, 0xfff8, 0xa0}, {}, {}, {}, {0x5, 0x0, 0xb, 0x2}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 3.631422026s ago: executing program 0 (id=658): socket$kcm(0x10, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000100001005d790000000000000500000a60000000060a0b0400000000000000000200000234000480300001800b00010074617267657400002000028008000240000000010800030002b511120c0001004e465155455545000900010073797a30000000000900020073797a320000000014000000"], 0x88}}, 0x0) close(r0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x50) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r1, 0x84, 0x80, &(0x7f00000002c0)="1a00000002000000", 0x8) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, &(0x7f0000000240), &(0x7f0000000300)}, 0x20) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x78}}, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x80800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f00000008c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11877ad46aa1d9e6b6ac064446d395cb03d0ec0e43bc749bdbecd8cf8588d0625a94811b5c57333c8d1007acd0145d2c815c84c91c79645c54bad483f08e0aab0079f5bbabde1ccca69e7e279dcd1444e81410e1ae8938054cd64ff652f028a92019c536b11506105ed05b92d5fc6d4d921270f5ea828e0f0d9b2c380dc9206d9e4e330b06b88310ac0898efadb64477ffcc059affb10b4db44c36b163b5e5938437785d8569b38923a32e0eb4ce068e780fceb08177d981b19894", 0x188}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800c0001006d6163766c616e001c0002800800060000000000100005"], 0x4c}}, 0x0) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000440)={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x32}}, {0x306}, 0x40, {0x2, 0x4e22, @empty}, 'vlan0\x00'}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000200)={'veth1_to_bridge\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000100)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x0, r7}) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCADDRT(r8, 0x890b, &(0x7f0000000140)={@mcast1, @mcast1, @ipv4={'\x00', '\xff\xff', @local}, 0x0, 0x0, 0x0, 0x100, 0x2000000000000000, 0xa0022, r7}) sendmsg$NFT_MSG_GETCHAIN(r4, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000540)={&(0x7f0000000740)=ANY=[@ANYBLOB="18010000040a0102000000000000000001000002f7000c00b6a1d688ce2188475491f266defa0f0cac75a9898a5065298ad3a10f95812bb7d984e4be69164c9e83d9ff8ca5ec5d93e6c460f5c818434e845a7a5b664300391af8ae9f04b49e2ad20f1f2c4aa07b98b046abd6b07066dffb8b5bbf6fe749a30ce0a7c49dda97d3d009c8b31a711b6002d3c63f9fe11f4fd9b8f0cf2e3214cf7120f52c464131744bb63bea7a6490ace813324ddc0ffd9a15260d290042ff2f528c12d289cd26b62810cb1ba1446df7c2bddf864ce5fc744977573566189ca9e35f3a9c4b9bf783a61bd9ef84f9e49de73077983d5d0ad1730b765863093948f38bea323d1efe9dc5eb2bfabc2a550b37386b000900030073797a32000000008ab4f519d8c796f30e7ef192800f8d2c1771fbf023cb9302d58e139781980a447b3e12e643dce06844ff86a1849cb4d6ad24017de3ac7846e0f7f4d0c74ff3639814d5e997a3fde07bf206fcf2702863e9bb18b722"], 0x118}, 0x1, 0x0, 0x0, 0x4000084}, 0x2000c804) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) 3.631120762s ago: executing program 2 (id=659): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000fff400000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a05000000000000000000010000000900010073797a30000000000900030073797a310000000058000000060a010400000000000000000100000008000b4000000000300004802c00018008000100636d7000200002800c00038005000100ac000000080001400000000908000243000000010900010073797a300000"], 0xcc}}, 0x0) 3.324712412s ago: executing program 0 (id=661): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000080)={&(0x7f00000019c0)=ANY=[@ANYBLOB="0203f3031600000000000000000000000200090040000000e90000000000000503000600000000000200000000000000000000000000000002000100000000000000030200000020030005000000000002000000ac1414aa00000000000000000a00080008"], 0xb0}, 0x1, 0x7}, 0x58010) 3.268391879s ago: executing program 2 (id=662): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(r0, 0x0, 0x0, 0x24000000, &(0x7f00000000c0)={0xa, 0x1, 0x3088, @ipv4={'\x00', '\xff\xff', @loopback}, 0x8}, 0x1c) recvmsg(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x2) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1, 0x31, r0, 0x8871b000) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x937, @ipv4={'\x00', '\xff\xff', @local}, 0x7f}, 0x1c) 3.267704828s ago: executing program 3 (id=663): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x36, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f00000004c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1011000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c0000", @ANYRES16=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x868ba492bf926a55}, 0x0) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c00000002060103000000000000000000000000050001000700000016000300686173683a6e65742c706f72742c6e65740000000900020073797a3000000300050004000000000005000500020000000c000780080012400011"], 0x5c}}, 0x0) setsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, 0x0, 0x0) 3.016051767s ago: executing program 2 (id=664): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x4, &(0x7f00000001c0)=@framed={{}, [@ldst={0x6, 0x0, 0x6, 0x0, 0x0, 0xfffffffffffffffe, 0xa000000}], {0x95, 0x0, 0x80ff, 0x1000000}}, &(0x7f0000000000)='syzkaller\x00', 0x5, 0x93, &(0x7f0000000100)=""/147, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)={0x1b, 0x0, 0x0, 0x6, 0x0, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x1, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{r2}, &(0x7f0000000700), 0x0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000280), &(0x7f00000002c0)=r0}, 0x20) pipe(&(0x7f00000004c0)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) recvmsg(r5, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001) recvmsg(r5, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x10002) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000300)={'batadv0\x00', 0x0}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000800)={0xffffffffffffffff, 0xe0, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f00000003c0)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0xa, 0x8, &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x28, &(0x7f0000000740)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000000500), &(0x7f00000006c0), 0x8, 0x61, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffff0997597229f90879d0486996b86e8fffb702000000000000b703000003000000850000007000000095"], &(0x7f00000004c0)='syzkaller\x00', 0xfd86, 0x0, 0x0, 0x0, 0xd, '\x00', r6, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000005c0)={{0x1, 0xffffffffffffffff}, &(0x7f0000000540), &(0x7f0000000580)='%pI4 \x00'}, 0x20) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000680)={{0x1, 0xffffffffffffffff}, &(0x7f0000000600), &(0x7f0000000640)='%ps \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x8, 0x20, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}, @cb_func={0x18, 0x1}, @map_fd={0x18, 0x5, 0x1, 0x0, r3}], {{}, {}, {0x85, 0x0, 0x0, 0xc7}}}, &(0x7f0000000440)='GPL\x00', 0x3, 0x0, &(0x7f0000000480), 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, r4, 0x8, &(0x7f0000000500)={0x8, 0x4}, 0x8, 0x10, 0x0, 0x0, r7, r0, 0x0, &(0x7f00000006c0)=[r8, r9, 0x1], 0x0, 0x10, 0x7, @void, @value}, 0x94) 2.942713143s ago: executing program 4 (id=204): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) (async) sendmmsg(r1, &(0x7f00000058c0)=[{{0x0, 0x0, &(0x7f0000001900), 0x0, &(0x7f0000000700)=ANY=[@ANYRES32=r1, @ANYRES8=r0], 0x40}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000004780)=ANY=[], 0x278}}, {{&(0x7f0000004a40)=@l2tp6={0xa, 0x0, 0x200, @mcast1, 0x8, 0x3}, 0x80, &(0x7f0000006b80)}}, {{&(0x7f0000005340)=@un=@abs={0x0, 0x0, 0x4e22}, 0x80, &(0x7f0000005540), 0x0, &(0x7f0000005580)}}], 0x4, 0x40000) (async, rerun: 64) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) (rerun: 64) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) (async) setsockopt$sock_int(r2, 0x1, 0x20, &(0x7f0000000100)=0x9, 0x4) (async) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000008000000000000000000611200000000000095", @ANYBLOB="51378b5b84b4f1872262062475b56eb5f0b0362b442a3efddaaf357a1573564182e4350962aaebf73155cc1b7fb4e865e324ffd91d966218237a8e8dd42cf36158a1273824de2aeb9f08016b76fa589637243533450cdbd6a0463e7d7cd5493e948398efaa8946b6fa99897ca6631549c43fd54c3b8977ce761b982d872cef1c76a5542c7153139dd1ef1435251dbd4c923ec00785de32e89be73cc5b1e3494f74992710f289c254432f5b464245147780cb5cf13fb44ecfd34f30dcb7e9ec4526a62550c52f98abb227c1591cc0588824f7e760a379", @ANYRES8=r1, @ANYRESOCT=r1, @ANYRES8=r1, @ANYRESOCT=r2], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x1f00, 0x8, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async) ioctl$BTRFS_IOC_INO_PATHS(r2, 0xc0389423, &(0x7f0000000380)={0xffffffffffffffff, 0x0, [0x1, 0xffffffffffffff1d, 0x5, 0xb85], &(0x7f0000000340)}) write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[], 0x32600) (async) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0700000004000000180000008e02000000000000", @ANYRES32, @ANYBLOB="18010000100300000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000001a00"/28], 0x48) r4 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r4, &(0x7f0000000000), 0x10) (async) setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, 0x0, 0xfffffda9) (async) socket$inet_udplite(0x2, 0x2, 0x88) (async) r5 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) r6 = socket$tipc(0x1e, 0x5, 0x0) (async) r7 = syz_genetlink_get_family_id$smc(&(0x7f0000000400), r3) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb0100180000000200000000"], 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) sendmsg$SMC_PNETID_GET(r3, &(0x7f00000006c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000640)=ANY=[@ANYBLOB="6c000300", @ANYRES16=r7, @ANYBLOB="000426bd7000fbdbdf25010000000900030073797a31000000000900030073797a32000000000900030073797a300000000005000400010000000900030073797a310000000014000200767863616e31000000000000000000000900010073797a3100000000"], 0x6c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40042) (async, rerun: 64) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) (rerun: 64) r8 = socket$tipc(0x1e, 0x2, 0x0) (async, rerun: 64) r9 = socket$tipc(0x1e, 0x2, 0x0) (rerun: 64) setsockopt$TIPC_GROUP_JOIN(r9, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r8, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r8, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f00000002c0)={&(0x7f0000000140)="eca815787e378ad41abb3da017d11fd0bc464113356ee7641ed55d711a10706329e41e73281ddec339c7468b602742444e26fa0c6187c9156dccfd4dbf293d3407e98c80", &(0x7f0000000a00)=""/4096, &(0x7f00000001c0)="e2a110df945073da499537cb1d01492d4b687cd784f05c3557014b8cce886272fb533d5fd018da2fd74d285df1de92e93ddfb4c8c084f7c9f13e690ad850567bd9880e008b5888d3f3d8262ed4249c23d878ef5bb8d969c9aa8be0e4a2c42f3ac558a219bbcd7da7afcbe9de7aeedd15e141970620c3afe450da8e590847af210bf8fa7138c4e9cc202b349a46170c326a4a09f8ab7c8c2aed5768b5e7ba02eb553668bdd31786b4ed8682eff1a7a60cb9596cc14e023cdf487a32dcd47dc582d0595d6a2a70308618efb692b0873066f7", &(0x7f0000000000)="9cf88698ce75317aed06817e9f55821d2d877233b5ab0f3259bfc5ea9a95af16c9c676ff497494d6b6d1f4a320e073b2", 0x0, r3}, 0x38) 2.879145254s ago: executing program 3 (id=665): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {0x2}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x12}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x0) (fail_nth: 4) 1.806608308s ago: executing program 0 (id=666): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@newtaction={0x7c, 0x30, 0x871a15abc695fb3d, 0x0, 0x25dfdbfe, {}, [{0x68, 0x1, [@m_tunnel_key={0x64, 0x1, 0x0, 0x0, {{0xf}, {0x34, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @mcast1}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x77a, 0x4, 0x20000000, 0x0, 0x1ff}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x7a07}, 0x4044) 1.806248201s ago: executing program 1 (id=667): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x20, 0x2d, 0x1, 0x0, 0x6000, "", [@nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}]}, 0x20}], 0x1}, 0x0) ioctl$BTRFS_IOC_START_SYNC(0xffffffffffffffff, 0x80089418, &(0x7f0000000440)=0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000200)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0}) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c89425, &(0x7f0000000080)={"f31c6930928f42288193e6ac76393e7c", r1, r2, {0x3, 0x3}, {0x0, 0x4}, 0x2, [0x6, 0x1, 0xfffffffffffffff8, 0x2, 0x5, 0x59, 0xe, 0x8, 0x9, 0xe, 0x72aa655d, 0x3ff, 0x8000000000000000, 0x7f, 0x7, 0x7]}) 1.805859607s ago: executing program 2 (id=668): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1}, &(0x7f0000000200), &(0x7f0000000300)=r2}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000b4a8b1541206000000e9c79077fa15ba36eca61299de54cf77c9062c30bc068829afff36b31fa7e358e95cfa"], &(0x7f0000281ffc)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000001a40)={r3, 0x2000000, 0x2b, 0x0, &(0x7f0000000900)="ffdf1fc42f5a733b805cdb3e60464ae80ec756434150a4c87949fad403ad91776ff2cc4f87c1e117d88e55", 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYRESOCT=r3, @ANYRES32=r2, @ANYRESOCT=r2], 0x20dc}}, 0x90) 1.805513325s ago: executing program 3 (id=669): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)=ANY=[], 0x48) r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$NFNL_MSG_CTHELPER_DEL(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x38, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xac}, 0x1, 0x0, 0x0, 0x8040}, 0x0) (fail_nth: 12) 1.188290168s ago: executing program 1 (id=670): syz_emit_ethernet(0x8a, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb08004500007c0000000000069078ac1414bbac1414aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="a4000000907800000101030307020405001374ab519c9940eb04000000c52b43aee4a2052600000009ffff00000000004300000001000000080000fa39000080000000000800000009131203000000fc97dc524d8a397b7b38957f00"], 0x0) r0 = socket$netlink(0x10, 0x3, 0x5) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNSETTXFILTER(r1, 0x400454d1, &(0x7f0000000180)=ANY=[@ANYBLOB="016eb17a5c95a29bdaaaaaaaaaaaaabb0a8007bbbbbbbbbb00000000ec7a6dbba3b12723f991a8dd2294feade93d84414504bf123b34d3aac9bf11"]) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r2, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f0000000040)={0x34, r3, 0x30b, 0x0, 0x0, {0x26}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) socket$inet_smc(0x2b, 0x1, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0) syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), r0) 1.188043986s ago: executing program 2 (id=671): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100000000020000000000000000", @ANYRES32=r1], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 1.187466518s ago: executing program 3 (id=672): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x98, 0x24, 0x10, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r2, {}, {0xffff, 0xffff}, {0x2}}, [@TCA_STAB={0x74, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xcd, 0x4, 0x8, 0x2, 0x2, 0x456, 0x2000007, 0x2}}, {0x8, 0x2, [0x4, 0x8]}}, {{0x1c, 0x1, {0x3, 0x3, 0xcde0, 0x7ff, 0x0, 0xf, 0x200, 0x4}}, {0xc, 0x2, [0x101, 0x10, 0x7, 0x401]}}, {{0x1c, 0x1, {0xc, 0x0, 0xc, 0x107, 0x1, 0x1, 0x3, 0x1}}, {0x6, 0x2, [0x1]}}]}]}, 0x98}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000580)={'wlan1\x00', 0x0}) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf22, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r6, 0xffffffffffffffff}, &(0x7f00000003c0), &(0x7f0000000400)}, 0x20) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000280), &(0x7f0000000380), 0xffffd6c0, r7}, 0x38) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x4, &(0x7f0000000000)=@framed={{}, [@alu={0x7, 0x0, 0x9, 0x0, 0x0, 0x1, 0xfffffffffffffff0}]}, &(0x7f00000000c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x13, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x18, 0x63, 0xa, 0x2}, [@call]}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd0c, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x23) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@ipv4_newroute={0x30, 0x18, 0x1, 0x0, 0x0, {0x2, 0x0, 0x20, 0x0, 0xfc, 0x0, 0xfe, 0x7}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x2}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @LWTUNNEL_IP_SRC={0x8, 0x3, @local}}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x4008000) r10 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r8}, 0x10) r11 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r11, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) r12 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_STATISTICS(r12, 0x11b, 0x7, &(0x7f0000000040), &(0x7f0000001100)=0x30) r13 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r13, 0x800448d3, &(0x7f0000000440)={@any, 0x9, 0x8, 0x7, 0x1, 0xd9f6, "9008a2388a4fd9db334d35c2b30077c901617ff0b6b4fee278f9e99085eca4ad317b59d43e5fbbfd9f7d815b35687f0306d79270ce3a53c42c51cd0f2da3afb586936972c4286914ab0bb5f360b930ab9cdbd03f5c0720a10895e13832c817753afa726a39448cc03be7357f2dc1612bf8d62baa43235c294f48204fbddcf667"}) write$bt_hci(r11, &(0x7f0000000280)=ANY=[@ANYBLOB="0e000100020075", @ANYRES8, @ANYRES32=0x0, @ANYRES8=r12, @ANYRESOCT=r11, @ANYRES16=r10, @ANYRES32], 0x8) r14 = socket$nl_generic(0x10, 0x3, 0x10) r15 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(r14, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$ \x00\x00', @ANYRES16=r15, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=0x0, @ANYBLOB="0800050002000000"], 0x24}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) sendmsg$NL80211_CMD_CONNECT(r14, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="340000004e10c449eca5bfc88ae32d4b53a276ac8496116e2a6a92b52dfcdcc9abe87253339f057a1598c5a3a5c49373d1c8a274d97d2d", @ANYRES16=r15, @ANYBLOB="050000000000000000002e00000008000300", @ANYRES32=0x0, @ANYBLOB="0c009900cd050000220000000a0034000202020202020000"], 0x34}}, 0x0) sendmsg$NL80211_CMD_DEL_INTERFACE(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={0x1c, r15, 0x201, 0x70bd25, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}, 0x1, 0x700}, 0x40040) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x3, 0x8, 0x3}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) pipe(&(0x7f00000002c0)) 588.322454ms ago: executing program 0 (id=673): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, 0x0, 0x20000000) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001540)={0x1c, r2, 0x1, 0x5000000, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 401.142794ms ago: executing program 2 (id=674): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000210000040000002a420600c39c1e"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030040000b05", 0x8}], 0x1}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r6, 0x0, 0x2}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x40004}, @IFLA_BOND_USE_CARRIER={0x5}]}}}]}, 0x44}}, 0x0) sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) 224.23727ms ago: executing program 1 (id=675): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x84000000, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x8c, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x60, 0x3, 0x0, 0x1, [{0x5c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x50, 0xb, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc}]}}}, {0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x3}]}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x110}}, 0x0) 213.476695ms ago: executing program 3 (id=676): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {0x2}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xfffffffffffffd05, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x53}]}, @IPSET_ATTR_PROTOCOL, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x0) 136.493252ms ago: executing program 1 (id=677): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newtaction={0x74, 0x30, 0xb, 0x0, 0x0, {}, [{0x60, 0x1, [@m_skbmod={0x5c, 0x1, 0x0, 0x0, {{0xb}, {0x32, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{}, 0x4000}}, @TCA_SKBMOD_ETYPE={0x6}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x74}}, 0x0) 84.400576ms ago: executing program 0 (id=678): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c00000010004b0400000000fcdbdf257a000000", @ANYRES32=r2, @ANYBLOB="00000000000000001d0012800b00010062726964676500000c0002800800080088a8ffff"], 0x3c}}, 0x0) 0s ago: executing program 3 (id=679): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000fc0)=@newlink={0x44, 0x10, 0x1, 0x0, 0x21000000, {0x0, 0x0, 0x0, r1, 0x2800, 0xf9000}, [@IFLA_MTU={0x8, 0x4, 0x4}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_REMOTE={0x8, 0x2, @broadcast}]}}}]}, 0x44}, 0x1, 0x2}, 0x0) kernel console output (not intermixed with test programs): dy present! [ 62.006452][ T5830] Cannot create hsr debugfs directory [ 62.060419][ T5841] hsr_slave_0: entered promiscuous mode [ 62.067016][ T5841] hsr_slave_1: entered promiscuous mode [ 62.072860][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.080586][ T5841] Cannot create hsr debugfs directory [ 62.109301][ T5843] hsr_slave_0: entered promiscuous mode [ 62.115595][ T5843] hsr_slave_1: entered promiscuous mode [ 62.121457][ T5843] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.129185][ T5843] Cannot create hsr debugfs directory [ 62.416778][ T5831] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 62.429972][ T5831] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 62.459436][ T5831] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 62.479184][ T5831] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 62.507921][ T5839] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 62.524994][ T5839] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 62.546205][ T5839] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 62.561446][ T5839] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 62.615276][ T5841] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 62.624866][ T5841] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 62.646400][ T5841] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 62.658099][ T5841] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 62.731278][ T5830] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 62.746003][ T5830] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 62.756508][ T5830] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 62.768116][ T5830] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 62.808543][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.861074][ T5843] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 62.890979][ T5843] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 62.915644][ T5843] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 62.926053][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.932836][ T5843] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 62.978586][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.007559][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.017002][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.024290][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.038018][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.068077][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.075181][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.101831][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.123415][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.141641][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.152643][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.159733][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.184396][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.191462][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.211820][ T2902] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.218945][ T2902] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.244090][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.251200][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.260777][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.267872][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.279928][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.287045][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.396298][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.469703][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.509078][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.516241][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.586252][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.593422][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.681600][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.799766][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.837108][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.881473][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.923894][ T5849] Bluetooth: hci0: command tx timeout [ 63.985633][ T5841] veth0_vlan: entered promiscuous mode [ 64.006787][ T5830] veth0_vlan: entered promiscuous mode [ 64.014510][ T5849] Bluetooth: hci3: command tx timeout [ 64.014529][ T5844] Bluetooth: hci1: command tx timeout [ 64.019911][ T5849] Bluetooth: hci4: command tx timeout [ 64.026277][ T5834] Bluetooth: hci2: command tx timeout [ 64.070775][ T5841] veth1_vlan: entered promiscuous mode [ 64.096129][ T5831] veth0_vlan: entered promiscuous mode [ 64.111958][ T5839] veth0_vlan: entered promiscuous mode [ 64.134605][ T5830] veth1_vlan: entered promiscuous mode [ 64.147270][ T5839] veth1_vlan: entered promiscuous mode [ 64.167195][ T5831] veth1_vlan: entered promiscuous mode [ 64.220613][ T5841] veth0_macvtap: entered promiscuous mode [ 64.228432][ T5839] veth0_macvtap: entered promiscuous mode [ 64.240898][ T5839] veth1_macvtap: entered promiscuous mode [ 64.250165][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.270070][ T5831] veth0_macvtap: entered promiscuous mode [ 64.281283][ T5841] veth1_macvtap: entered promiscuous mode [ 64.296990][ T5830] veth0_macvtap: entered promiscuous mode [ 64.307205][ T5831] veth1_macvtap: entered promiscuous mode [ 64.328682][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.337775][ T5830] veth1_macvtap: entered promiscuous mode [ 64.356782][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.367996][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.379388][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.389089][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.399844][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.410830][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.421402][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.435371][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.447084][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.457880][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.470987][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.481514][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.491908][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.502403][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.513303][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.530775][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.540903][ T5839] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.551112][ T5839] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.560215][ T5839] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.570043][ T5839] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.587871][ T5831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.598622][ T5831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.610583][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.620943][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.631758][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.641707][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.653443][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.664723][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.672298][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.683526][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.693532][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.704210][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.714479][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.725650][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.737288][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.752662][ T5831] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.762668][ T5831] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.771682][ T5831] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.782386][ T5831] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.797401][ T5830] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.806925][ T5830] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.816440][ T5830] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.825245][ T5830] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.837447][ T5841] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.846266][ T5841] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.855156][ T5841] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.863915][ T5841] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.906166][ T5843] veth0_vlan: entered promiscuous mode [ 64.987401][ T5843] veth1_vlan: entered promiscuous mode [ 65.027603][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.036700][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.079271][ T1173] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.092875][ T1173] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.125447][ T5843] veth0_macvtap: entered promiscuous mode [ 65.142662][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.157472][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.184545][ T5843] veth1_macvtap: entered promiscuous mode [ 65.210564][ T1173] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.218997][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.227739][ T1173] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.233438][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.262875][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.288081][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.297555][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.302675][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.326412][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.348368][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.358654][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.369301][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.379180][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.389721][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.399575][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.410135][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.421968][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.442236][ T1173] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.455425][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.459216][ T5831] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 65.473405][ T1173] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.488752][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.499847][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.510673][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.520751][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.531998][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.541899][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.552582][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.572701][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.598309][ T5843] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.616855][ T5843] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.626696][ T5843] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.635513][ T5843] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.785343][ T5921] sctp: [Deprecated]: syz.4.5 (pid 5921) Use of int in max_burst socket option. [ 65.785343][ T5921] Use struct sctp_assoc_value instead [ 65.802621][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.833285][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.867610][ T5921] netlink: 68 bytes leftover after parsing attributes in process `syz.4.5'. [ 65.936387][ T73] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.947378][ T73] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.005198][ T5844] Bluetooth: hci0: command tx timeout [ 66.006553][ T5931] Zero length message leads to an empty skb [ 66.083395][ T5838] Bluetooth: hci2: command tx timeout [ 66.090390][ T5834] Bluetooth: hci4: command tx timeout [ 66.090470][ T5849] Bluetooth: hci3: command tx timeout [ 66.096538][ T5844] Bluetooth: hci1: command tx timeout [ 66.540176][ T5947] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check. [ 66.546553][ T5949] openvswitch: netlink: Flow actions attr not present in new flow. [ 66.565126][ T5885] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 66.638265][ T5946] syzkaller0: entered promiscuous mode [ 66.662576][ T5946] syzkaller0: entered allmulticast mode [ 66.888094][ T29] audit: type=1804 audit(1738936914.619:2): pid=5927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1" name="/newroot/0/cgroup.controllers" dev="tmpfs" ino=18 res=1 errno=0 [ 66.918245][ T5927] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 66.964538][ T29] audit: type=1800 audit(1738936914.649:3): pid=5927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1" name="cgroup.controllers" dev="tmpfs" ino=18 res=0 errno=0 [ 66.994770][ T29] audit: type=1804 audit(1738936914.649:4): pid=5927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1" name="/newroot/0/cgroup.controllers" dev="tmpfs" ino=18 res=1 errno=0 [ 67.019105][ T29] audit: type=1800 audit(1738936914.649:5): pid=5927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1" name="cgroup.controllers" dev="tmpfs" ino=18 res=0 errno=0 [ 67.183304][ T52] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 67.329664][ T5968] Illegal XDP return value 2858973321 on prog (id 7) dev N/A, expect packet loss! [ 68.062381][ T5982] netlink: 8 bytes leftover after parsing attributes in process `syz.0.19'. [ 68.084414][ T5844] Bluetooth: hci0: command tx timeout [ 68.163302][ T5844] Bluetooth: hci1: command tx timeout [ 68.164064][ T5849] Bluetooth: hci4: command tx timeout [ 68.168720][ T5844] Bluetooth: hci2: command tx timeout [ 68.168749][ T5844] Bluetooth: hci3: command tx timeout [ 68.232522][ T5987] netlink: 1284 bytes leftover after parsing attributes in process `syz.3.17'. [ 68.962892][ T5985] warning: `syz.3.17' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 69.255084][ T5995] netlink: 24 bytes leftover after parsing attributes in process `syz.3.23'. [ 69.276050][ T5993] netlink: 2 bytes leftover after parsing attributes in process `syz.1.22'. [ 69.299535][ T5995] bridge0: port 3(vlan2) entered blocking state [ 69.313406][ T5995] bridge0: port 3(vlan2) entered disabled state [ 69.325591][ T5995] vlan2: entered allmulticast mode [ 69.354376][ T5995] vlan2: left allmulticast mode [ 70.103455][ T6031] FAULT_INJECTION: forcing a failure. [ 70.103455][ T6031] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 70.170456][ T6033] netlink: 8 bytes leftover after parsing attributes in process `syz.3.35'. [ 70.177588][ T6031] CPU: 1 UID: 0 PID: 6031 Comm: syz.2.33 Not tainted 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 [ 70.177611][ T6031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 70.177632][ T6031] Call Trace: [ 70.177638][ T6031] [ 70.177645][ T6031] dump_stack_lvl+0x241/0x360 [ 70.177678][ T6031] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.177694][ T6031] ? __pfx__printk+0x10/0x10 [ 70.177718][ T6031] ? __pfx_lock_release+0x10/0x10 [ 70.177746][ T6031] should_fail_ex+0x40a/0x550 [ 70.177767][ T6031] _copy_from_iter+0x1e9/0x1c20 [ 70.177788][ T6031] ? __virt_addr_valid+0x183/0x530 [ 70.177818][ T6031] ? __alloc_skb+0x28f/0x440 [ 70.177840][ T6031] ? __pfx__copy_from_iter+0x10/0x10 [ 70.177863][ T6031] ? __virt_addr_valid+0x183/0x530 [ 70.177882][ T6031] ? __virt_addr_valid+0x183/0x530 [ 70.177901][ T6031] ? __virt_addr_valid+0x45f/0x530 [ 70.177922][ T6031] ? __phys_addr_symbol+0x2f/0x70 [ 70.177942][ T6031] ? __check_object_size+0x47a/0x730 [ 70.177962][ T6031] netlink_sendmsg+0x73d/0xcb0 [ 70.177988][ T6031] ? __pfx_netlink_sendmsg+0x10/0x10 [ 70.178007][ T6031] ? aa_sock_msg_perm+0x91/0x160 [ 70.178031][ T6031] ? __pfx_netlink_sendmsg+0x10/0x10 [ 70.178045][ T6031] __sock_sendmsg+0x221/0x270 [ 70.178065][ T6031] ____sys_sendmsg+0x52a/0x7e0 [ 70.178087][ T6031] ? __pfx_____sys_sendmsg+0x10/0x10 [ 70.178100][ T6031] ? __fget_files+0x2a/0x410 [ 70.178119][ T6031] ? __fget_files+0x2a/0x410 [ 70.178142][ T6031] __sys_sendmsg+0x269/0x350 [ 70.178165][ T6031] ? __pfx___sys_sendmsg+0x10/0x10 [ 70.178190][ T6031] ? do_sys_openat2+0x17a/0x1d0 [ 70.178229][ T6031] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 70.178249][ T6031] ? do_syscall_64+0x100/0x230 [ 70.178272][ T6031] ? do_syscall_64+0xb6/0x230 [ 70.178293][ T6031] do_syscall_64+0xf3/0x230 [ 70.178313][ T6031] ? clear_bhb_loop+0x35/0x90 [ 70.178336][ T6031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.178354][ T6031] RIP: 0033:0x7efd7e78cde9 [ 70.178372][ T6031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.178384][ T6031] RSP: 002b:00007efd7f6cd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 70.178402][ T6031] RAX: ffffffffffffffda RBX: 00007efd7e9a5fa0 RCX: 00007efd7e78cde9 [ 70.178414][ T6031] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 70.178423][ T6031] RBP: 00007efd7f6cd090 R08: 0000000000000000 R09: 0000000000000000 [ 70.178433][ T6031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 70.178442][ T6031] R13: 0000000000000000 R14: 00007efd7e9a5fa0 R15: 00007ffe028f16c8 [ 70.178465][ T6031] [ 70.222746][ T6036] netlink: 24 bytes leftover after parsing attributes in process `syz.4.36'. [ 70.253421][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 70.320680][ T6036] netlink: 24 bytes leftover after parsing attributes in process `syz.4.36'. [ 70.357832][ T6041] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 70.370762][ T6033] netlink: 'syz.3.35': attribute type 1 has an invalid length. [ 70.397371][ T6041] sctp: [Deprecated]: syz.1.37 (pid 6041) Use of struct sctp_assoc_value in delayed_ack socket option. [ 70.397371][ T6041] Use struct sctp_sack_info instead [ 70.420201][ T6033] netlink: 176 bytes leftover after parsing attributes in process `syz.3.35'. [ 70.637603][ T6047] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 70.881380][ T6054] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 70.908648][ T6060] netlink: 12 bytes leftover after parsing attributes in process `syz.3.42'. [ 71.139317][ T6066] netlink: 4 bytes leftover after parsing attributes in process `syz.0.45'. [ 71.161825][ T6066] veth1_to_bond: entered promiscuous mode [ 71.167989][ T6066] veth1_to_bond: entered allmulticast mode [ 71.518998][ T6078] ip6gre1: entered promiscuous mode [ 71.610938][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.617639][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.918594][ T6101] Bluetooth: MGMT ver 1.23 [ 72.112997][ T6115] netlink: 16 bytes leftover after parsing attributes in process `syz.2.55'. [ 72.536470][ T6126] netlink: 36 bytes leftover after parsing attributes in process `syz.4.61'. [ 72.599129][ T6130] netlink: 1284 bytes leftover after parsing attributes in process `syz.0.63'. [ 72.910783][ T6141] netlink: 8 bytes leftover after parsing attributes in process `syz.4.67'. [ 72.963753][ T6141] netlink: 'syz.4.67': attribute type 30 has an invalid length. [ 73.793519][ T6192] netlink: 104 bytes leftover after parsing attributes in process `syz.0.79'. [ 73.932182][ T6197] netlink: 412 bytes leftover after parsing attributes in process `syz.4.82'. [ 74.438350][ T6215] tipc: Started in network mode [ 74.466814][ T6215] tipc: Node identity , cluster identity 4711 [ 74.727409][ T6234] netlink: 4952 bytes leftover after parsing attributes in process `syz.3.91'. [ 74.787390][ T6234] x_tables: duplicate underflow at hook 3 [ 74.843771][ T6234] syz.3.91 uses obsolete (PF_INET,SOCK_PACKET) [ 74.901853][ T6234] netlink: 32 bytes leftover after parsing attributes in process `syz.3.91'. [ 75.458538][ T5834] Bluetooth: hci4: command 0x0405 tx timeout [ 75.635961][ T6257] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 75.653212][ T6257] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 75.702279][ T6257] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 75.734472][ T6257] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 76.044154][ T6273] syz.0.102 uses old SIOCAX25GETINFO [ 76.197634][ T6266] __nla_validate_parse: 1 callbacks suppressed [ 76.197652][ T6266] netlink: 8 bytes leftover after parsing attributes in process `syz.0.102'. [ 76.619823][ T6295] netlink: 40 bytes leftover after parsing attributes in process `syz.1.111'. [ 76.737388][ T973] cfg80211: failed to load regulatory.db [ 76.823821][ T6302] netlink: 60 bytes leftover after parsing attributes in process `syz.4.112'. [ 77.241199][ T6318] sysfs: cannot create duplicate filename '/class/ieee80211/!å' [ 77.273561][ T6318] CPU: 0 UID: 0 PID: 6318 Comm: syz.4.115 Not tainted 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 [ 77.273586][ T6318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 77.273596][ T6318] Call Trace: [ 77.273603][ T6318] [ 77.273611][ T6318] dump_stack_lvl+0x241/0x360 [ 77.273639][ T6318] ? __pfx_dump_stack_lvl+0x10/0x10 [ 77.273657][ T6318] ? __pfx__printk+0x10/0x10 [ 77.273689][ T6318] ? __kmalloc_cache_noprof+0x243/0x390 [ 77.273707][ T6318] ? sysfs_warn_dup+0x51/0xa0 [ 77.273735][ T6318] sysfs_warn_dup+0x8e/0xa0 [ 77.273761][ T6318] sysfs_do_create_link_sd+0xbe/0x110 [ 77.273787][ T6318] device_add_class_symlinks+0x1c5/0x250 [ 77.273808][ T6318] device_add+0x553/0xbf0 [ 77.273832][ T6318] wiphy_register+0x1a58/0x27b0 [ 77.273867][ T6318] ? __pfx_wiphy_register+0x10/0x10 [ 77.273884][ T6318] ? minstrel_ht_alloc+0x72b/0x860 [ 77.273913][ T6318] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 77.273939][ T6318] ieee80211_register_hw+0x354e/0x4240 [ 77.273976][ T6318] ? ieee80211_register_hw+0x1641/0x4240 [ 77.274007][ T6318] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 77.274041][ T6318] ? __asan_memset+0x23/0x50 [ 77.274062][ T6318] ? __hrtimer_init+0x170/0x250 [ 77.274091][ T6318] mac80211_hwsim_new_radio+0x2a9f/0x4aa0 [ 77.274148][ T6318] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 77.274171][ T6318] ? kstrndup+0x5c/0xb0 [ 77.274191][ T6318] ? __asan_memcpy+0x40/0x70 [ 77.274217][ T6318] hwsim_new_radio_nl+0xece/0x2290 [ 77.274255][ T6318] ? __pfx___nla_validate_parse+0x10/0x10 [ 77.274282][ T6318] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 77.274343][ T6318] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 77.274374][ T6318] genl_rcv_msg+0xb14/0xec0 [ 77.274405][ T6318] ? __pfx_genl_rcv_msg+0x10/0x10 [ 77.274457][ T6318] ? __pfx_lock_acquire+0x10/0x10 [ 77.274478][ T6318] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 77.274503][ T6318] ? __pfx___might_resched+0x10/0x10 [ 77.274544][ T6318] netlink_rcv_skb+0x1e3/0x430 [ 77.274563][ T6318] ? __pfx_genl_rcv_msg+0x10/0x10 [ 77.274586][ T6318] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 77.274648][ T6318] genl_rcv+0x28/0x40 [ 77.274666][ T6318] netlink_unicast+0x7f6/0x990 [ 77.274700][ T6318] ? __pfx_netlink_unicast+0x10/0x10 [ 77.274721][ T6318] ? __virt_addr_valid+0x45f/0x530 [ 77.274746][ T6318] ? __phys_addr_symbol+0x2f/0x70 [ 77.274768][ T6318] ? __check_object_size+0x47a/0x730 [ 77.274791][ T6318] netlink_sendmsg+0x8e4/0xcb0 [ 77.274822][ T6318] ? __pfx_netlink_sendmsg+0x10/0x10 [ 77.274844][ T6318] ? aa_sock_msg_perm+0x91/0x160 [ 77.274873][ T6318] ? __pfx_netlink_sendmsg+0x10/0x10 [ 77.274888][ T6318] __sock_sendmsg+0x221/0x270 [ 77.274913][ T6318] ____sys_sendmsg+0x52a/0x7e0 [ 77.274940][ T6318] ? __pfx_____sys_sendmsg+0x10/0x10 [ 77.274954][ T6318] ? __fget_files+0x2a/0x410 [ 77.274976][ T6318] ? __fget_files+0x2a/0x410 [ 77.275004][ T6318] __sys_sendmsg+0x269/0x350 [ 77.275027][ T6318] ? __pfx___sys_sendmsg+0x10/0x10 [ 77.275076][ T6318] ? trace_sys_enter+0x74/0x120 [ 77.275100][ T6318] ? __pfx_lock_release+0x10/0x10 [ 77.275133][ T6318] ? trace_sys_enter+0x74/0x120 [ 77.275155][ T6318] ? rcu_is_watching+0x15/0xb0 [ 77.275173][ T6318] ? trace_sys_enter+0x25/0x120 [ 77.275202][ T6318] do_syscall_64+0xf3/0x230 [ 77.275225][ T6318] ? clear_bhb_loop+0x35/0x90 [ 77.275251][ T6318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 77.275271][ T6318] RIP: 0033:0x7f5e6cd8cde9 [ 77.275288][ T6318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 77.275301][ T6318] RSP: 002b:00007f5e6dc24038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 77.275320][ T6318] RAX: ffffffffffffffda RBX: 00007f5e6cfa5fa0 RCX: 00007f5e6cd8cde9 [ 77.275333][ T6318] RDX: 0000000001000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 77.275344][ T6318] RBP: 00007f5e6ce0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 77.275354][ T6318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 77.275364][ T6318] R13: 0000000000000000 R14: 00007f5e6cfa5fa0 R15: 00007fffffe5f868 [ 77.275393][ T6318] [ 78.153184][ T6270] netlink: 312 bytes leftover after parsing attributes in process `syz.3.104'. [ 78.656402][ T6345] netlink: 28 bytes leftover after parsing attributes in process `syz.4.123'. [ 78.876679][ T6360] Bluetooth: MGMT ver 1.23 [ 79.202296][ T6365] syzkaller0: entered promiscuous mode [ 79.253891][ T6365] syzkaller0: entered allmulticast mode [ 79.284886][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 79.467215][ T6382] 8021q: adding VLAN 0 to HW filter on device bond1 [ 79.510219][ T6382] bond0: (slave bond1): Enslaving as an active interface with an up link [ 79.548429][ T6384] netlink: 8 bytes leftover after parsing attributes in process `syz.1.136'. [ 80.915556][ T6414] tipc: Started in network mode [ 80.920836][ T6414] tipc: Node identity , cluster identity 4711 [ 81.248525][ T6424] netlink: 'syz.2.144': attribute type 3 has an invalid length. [ 82.391737][ T6484] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 82.911985][ T6502] netlink: 468 bytes leftover after parsing attributes in process `syz.2.169'. [ 83.009774][ T6505] bond0: entered promiscuous mode [ 83.027871][ T6505] bond_slave_0: entered promiscuous mode [ 83.034124][ T6505] bond_slave_1: entered promiscuous mode [ 83.040789][ T6505] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 83.114916][ T6505] bond0: left promiscuous mode [ 83.152542][ T6505] bond_slave_0: left promiscuous mode [ 83.187511][ T6505] bond_slave_1: left promiscuous mode [ 83.254145][ T6524] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 83.395126][ T6534] netlink: 16 bytes leftover after parsing attributes in process `syz.2.175'. [ 83.626684][ T6540] netlink: 12 bytes leftover after parsing attributes in process `syz.1.177'. [ 83.639247][ T6544] netlink: 12 bytes leftover after parsing attributes in process `syz.2.179'. [ 83.689904][ T6540] xt_CT: No such helper "netbios-ns" [ 83.795490][ T6552] netlink: 'syz.0.180': attribute type 2 has an invalid length. [ 83.858529][ T6552] fþ²¹¥‰: entered promiscuous mode [ 83.986817][ T6561] FAULT_INJECTION: forcing a failure. [ 83.986817][ T6561] name failslab, interval 1, probability 0, space 0, times 0 [ 84.006514][ T6561] CPU: 0 UID: 0 PID: 6561 Comm: syz.3.183 Not tainted 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 [ 84.006538][ T6561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 84.006548][ T6561] Call Trace: [ 84.006554][ T6561] [ 84.006561][ T6561] dump_stack_lvl+0x241/0x360 [ 84.006585][ T6561] ? __pfx_dump_stack_lvl+0x10/0x10 [ 84.006602][ T6561] ? __pfx__printk+0x10/0x10 [ 84.006628][ T6561] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 84.006647][ T6561] ? __pfx___might_resched+0x10/0x10 [ 84.006671][ T6561] should_fail_ex+0x40a/0x550 [ 84.006694][ T6561] should_failslab+0xac/0x100 [ 84.006712][ T6561] kmem_cache_alloc_node_noprof+0x77/0x380 [ 84.006729][ T6561] ? __alloc_skb+0x1c3/0x440 [ 84.006754][ T6561] __alloc_skb+0x1c3/0x440 [ 84.006780][ T6561] ? __pfx___alloc_skb+0x10/0x10 [ 84.006803][ T6561] ? netlink_autobind+0xd6/0x2f0 [ 84.006818][ T6561] ? netlink_autobind+0x2b0/0x2f0 [ 84.006838][ T6561] netlink_sendmsg+0x638/0xcb0 [ 84.006865][ T6561] ? __pfx_netlink_sendmsg+0x10/0x10 [ 84.006884][ T6561] ? aa_sock_msg_perm+0x91/0x160 [ 84.006910][ T6561] ? __pfx_netlink_sendmsg+0x10/0x10 [ 84.006924][ T6561] __sock_sendmsg+0x221/0x270 [ 84.006947][ T6561] ____sys_sendmsg+0x52a/0x7e0 [ 84.006970][ T6561] ? __pfx_____sys_sendmsg+0x10/0x10 [ 84.006984][ T6561] ? __fget_files+0x2a/0x410 [ 84.007003][ T6561] ? __fget_files+0x2a/0x410 [ 84.007028][ T6561] __sys_sendmsg+0x269/0x350 [ 84.007048][ T6561] ? __pfx___sys_sendmsg+0x10/0x10 [ 84.007075][ T6561] ? do_sys_openat2+0x17a/0x1d0 [ 84.007116][ T6561] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 84.007139][ T6561] ? do_syscall_64+0x100/0x230 [ 84.007163][ T6561] ? do_syscall_64+0xb6/0x230 [ 84.007185][ T6561] do_syscall_64+0xf3/0x230 [ 84.007206][ T6561] ? clear_bhb_loop+0x35/0x90 [ 84.007229][ T6561] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.007249][ T6561] RIP: 0033:0x7f4a5478cde9 [ 84.007263][ T6561] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 84.007277][ T6561] RSP: 002b:00007f4a55632038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 84.007295][ T6561] RAX: ffffffffffffffda RBX: 00007f4a549a5fa0 RCX: 00007f4a5478cde9 [ 84.007306][ T6561] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000004 [ 84.007316][ T6561] RBP: 00007f4a55632090 R08: 0000000000000000 R09: 0000000000000000 [ 84.007326][ T6561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 84.007336][ T6561] R13: 0000000000000000 R14: 00007f4a549a5fa0 R15: 00007ffc39204788 [ 84.007361][ T6561] [ 84.337013][ T6566] netlink: 4 bytes leftover after parsing attributes in process `syz.3.185'. [ 84.731694][ T6582] netlink: 'syz.0.191': attribute type 1 has an invalid length. [ 84.779865][ T6582] 8021q: adding VLAN 0 to HW filter on device bond1 [ 84.822931][ T6590] netlink: 8 bytes leftover after parsing attributes in process `syz.4.193'. [ 84.841876][ T6582] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 84.853736][ T6582] bond1: (slave batadv1): making interface the new active one [ 84.862550][ T6582] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 84.895378][ T6582] netlink: 12 bytes leftover after parsing attributes in process `syz.0.191'. [ 84.990438][ T6582] vlan2: entered promiscuous mode [ 85.033110][ T6582] bond1: entered promiscuous mode [ 85.038207][ T6582] batadv1: entered promiscuous mode [ 85.144236][ T6582] bond1: left promiscuous mode [ 85.149061][ T6582] batadv1: left promiscuous mode [ 85.250883][ T6614] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 85.266942][ T6614] openvswitch: netlink: IPv4 tunnel dst address is zero [ 85.616316][ T6648] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 85.634216][ T6647] netlink: 276 bytes leftover after parsing attributes in process `syz.3.205'. [ 85.666351][ T73] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.816653][ T73] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.929246][ T6653] netlink: 88 bytes leftover after parsing attributes in process `syz.1.208'. [ 85.965528][ T73] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.984656][ T6657] netlink: 4 bytes leftover after parsing attributes in process `syz.3.209'. [ 86.294650][ T73] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.499031][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.512595][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.521555][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.529727][ T5834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.541958][ T5834] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 86.549850][ T5834] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.718746][ T73] bridge_slave_1: left allmulticast mode [ 86.733561][ T73] bridge_slave_1: left promiscuous mode [ 86.740482][ T73] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.838879][ T73] bridge_slave_0: left allmulticast mode [ 86.859424][ T73] bridge_slave_0: left promiscuous mode [ 86.876122][ T73] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.506674][ T73] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 87.532142][ T73] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 87.542639][ T73] bond0 (unregistering): Released all slaves [ 87.572707][ T6698] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 87.580145][ T6698] IPv6: NLM_F_CREATE should be set when creating new route [ 87.587452][ T6698] IPv6: NLM_F_CREATE should be set when creating new route [ 88.349541][ T6676] chnl_net:caif_netlink_parms(): no params data found [ 88.653655][ T5844] Bluetooth: hci1: command tx timeout [ 88.700839][ T73] hsr_slave_0: left promiscuous mode [ 88.732593][ T73] hsr_slave_1: left promiscuous mode [ 88.766279][ T73] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 88.785042][ T73] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 88.813700][ T73] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 88.821256][ T73] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 88.859695][ T73] veth1_macvtap: left promiscuous mode [ 88.866333][ T73] veth0_macvtap: left promiscuous mode [ 88.872013][ T73] veth1_vlan: left promiscuous mode [ 88.878661][ T73] veth0_vlan: left promiscuous mode [ 89.006405][ T6761] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 89.368889][ T73] team0 (unregistering): Port device team_slave_1 removed [ 89.402017][ T73] team0 (unregistering): Port device team_slave_0 removed [ 89.711053][ T6754] ip6tnl1: entered promiscuous mode [ 89.720033][ T6754] ip6tnl1: entered allmulticast mode [ 89.881494][ T6676] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.925307][ T6676] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.932546][ T6676] bridge_slave_0: entered allmulticast mode [ 89.948982][ T6676] bridge_slave_0: entered promiscuous mode [ 89.968906][ T6676] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.003657][ T6676] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.010870][ T6676] bridge_slave_1: entered allmulticast mode [ 90.039274][ T6676] bridge_slave_1: entered promiscuous mode [ 90.099647][ T6778] __nla_validate_parse: 3 callbacks suppressed [ 90.099662][ T6778] netlink: 12 bytes leftover after parsing attributes in process `syz.2.235'. [ 90.279983][ T6778] vlan2: entered promiscuous mode [ 90.289953][ T6778] vlan0: entered promiscuous mode [ 90.303381][ T6778] vlan0: left promiscuous mode [ 90.369850][ T6676] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.434575][ T6676] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.532143][ T6676] team0: Port device team_slave_0 added [ 90.609082][ T6676] team0: Port device team_slave_1 added [ 90.723888][ T5844] Bluetooth: hci1: command tx timeout [ 90.946797][ T6826] netlink: 8 bytes leftover after parsing attributes in process `syz.0.247'. [ 91.086271][ T6813] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 91.101203][ T6813] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 91.121205][ T6813] bond0 (unregistering): Released all slaves [ 91.138672][ T6676] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.147911][ T6676] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.179936][ T6676] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.204624][ T6676] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.211901][ T6676] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.239334][ T6676] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.772755][ T6676] hsr_slave_0: entered promiscuous mode [ 91.802959][ T6853] netlink: 8 bytes leftover after parsing attributes in process `syz.0.255'. [ 91.803498][ T6676] hsr_slave_1: entered promiscuous mode [ 92.276694][ T6867] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.285775][ T6867] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.295136][ T6867] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.304276][ T6867] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 92.340027][ T6867] vxlan0: entered promiscuous mode [ 92.346054][ T6867] vxlan0: entered allmulticast mode [ 92.374941][ T6883] netlink: 36 bytes leftover after parsing attributes in process `syz.2.261'. [ 92.427559][ T6889] netlink: 20 bytes leftover after parsing attributes in process `syz.2.261'. [ 92.482934][ T6867] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 92.492180][ T6867] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 92.501831][ T6867] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 92.511343][ T6867] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 92.619528][ T6875] netlink: 'syz.1.258': attribute type 39 has an invalid length. [ 92.803830][ T5844] Bluetooth: hci1: command tx timeout [ 92.961882][ T6916] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check. [ 92.983895][ T6631] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 93.163623][ T6631] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 93.314473][ T6925] xt_CT: No such helper "netbios-ns" [ 93.363649][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 93.403607][ T6938] netlink: 20 bytes leftover after parsing attributes in process `syz.2.269'. [ 93.482408][ T6940] SET target dimension over the limit! [ 93.542340][ T6938] vlan2: entered promiscuous mode [ 93.575262][ T6938] team0: entered promiscuous mode [ 93.604455][ T6938] team_slave_0: entered promiscuous mode [ 93.636869][ T6938] team_slave_1: entered promiscuous mode [ 93.655273][ T6945] netlink: 24 bytes leftover after parsing attributes in process `syz.1.273'. [ 93.783815][ T6952] netlink: 'syz.3.274': attribute type 10 has an invalid length. [ 93.804008][ T6952] netlink: 40 bytes leftover after parsing attributes in process `syz.3.274'. [ 93.844743][ T6945] bridge0: port 3(vlan0) entered blocking state [ 93.851063][ T6945] bridge0: port 3(vlan0) entered disabled state [ 93.868308][ T6945] vlan0: entered allmulticast mode [ 93.884468][ T6945] vlan0: left allmulticast mode [ 93.931735][ T6957] raw_sendmsg: syz.0.275 forgot to set AF_INET. Fix it! [ 94.107910][ T6967] netlink: 'syz.3.277': attribute type 11 has an invalid length. [ 94.119991][ T6969] netlink: 2 bytes leftover after parsing attributes in process `syz.2.278'. [ 94.159776][ T6676] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 94.200433][ T6676] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 94.267627][ T6676] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 94.365488][ T6975] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 94.418765][ T6983] tipc: Failed to remove unknown binding: 66,1,1/0:123413339/123413341 [ 94.441484][ T6676] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 94.461087][ T6980] netlink: 8 bytes leftover after parsing attributes in process `syz.3.281'. [ 94.756336][ T6676] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.796733][ T6676] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.852475][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.859958][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.883318][ T5844] Bluetooth: hci1: command tx timeout [ 94.926269][ T7001] netlink: 'syz.2.285': attribute type 11 has an invalid length. [ 94.943005][ T7003] xt_hashlimit: max too large, truncated to 1048576 [ 94.968433][ T3451] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.975587][ T3451] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.111785][ T6676] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 95.292692][ T7015] syzkaller0: entered promiscuous mode [ 95.310788][ T7015] syzkaller0: entered allmulticast mode [ 95.442612][ T7020] __nla_validate_parse: 3 callbacks suppressed [ 95.442629][ T7020] netlink: 36 bytes leftover after parsing attributes in process `syz.0.291'. [ 95.462883][ T7021] netlink: 28 bytes leftover after parsing attributes in process `syz.2.292'. [ 95.519800][ T7021] netlink: 'syz.2.292': attribute type 13 has an invalid length. [ 95.635967][ T7031] openvswitch: netlink: Missing valid actions attribute. [ 95.643479][ T7031] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 96.888886][ T6676] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.943824][ T7021] gretap0: refused to change device tx_queue_len [ 96.974656][ T7021] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 97.005845][ T7036] sit0: entered promiscuous mode [ 97.018667][ T7036] netlink: 'syz.1.296': attribute type 1 has an invalid length. [ 97.038215][ T7036] netlink: 1 bytes leftover after parsing attributes in process `syz.1.296'. [ 97.079394][ T7048] netlink: 8 bytes leftover after parsing attributes in process `syz.3.298'. [ 97.204093][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 97.329108][ T7058] netlink: 8 bytes leftover after parsing attributes in process `syz.2.299'. [ 97.413693][ T7058] xt_l2tp: invalid flags combination: 4 [ 97.619544][ T6676] veth0_vlan: entered promiscuous mode [ 97.674180][ T6676] veth1_vlan: entered promiscuous mode [ 97.761324][ T6676] veth0_macvtap: entered promiscuous mode [ 97.814305][ T6676] veth1_macvtap: entered promiscuous mode [ 97.883433][ T7089] netlink: 8 bytes leftover after parsing attributes in process `syz.1.307'. [ 97.892033][ T6676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.933435][ T6676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.949439][ T6676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.960875][ T6676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.981742][ T6676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.998008][ T6676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.012072][ T6676] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.048421][ T6676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.079346][ T6676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.110078][ T6676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.150082][ T6676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.163439][ T6676] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.217195][ T6676] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.280928][ T6676] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.302252][ T6676] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.361383][ T6676] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.393410][ T6676] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.402146][ T6676] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.615490][ T7121] netlink: 88 bytes leftover after parsing attributes in process `syz.2.317'. [ 98.760046][ T7131] netlink: 'syz.3.319': attribute type 21 has an invalid length. [ 98.779253][ T7131] netlink: 152 bytes leftover after parsing attributes in process `syz.3.319'. [ 98.812008][ T6533] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.863090][ T6533] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.933238][ T6533] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.941095][ T6533] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.959938][ T7139] netlink: 'syz.2.320': attribute type 16 has an invalid length. [ 99.006729][ T7139] netlink: 64138 bytes leftover after parsing attributes in process `syz.2.320'. [ 99.530629][ T7172] netlink: 12 bytes leftover after parsing attributes in process `syz.3.326'. [ 99.598928][ T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.652081][ T7172] vlan2: entered promiscuous mode [ 99.657426][ T7172] vlan0: entered promiscuous mode [ 99.680594][ T7172] vlan0: left promiscuous mode [ 99.751240][ T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.902128][ T7180] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 100.100920][ T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.665210][ T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.769028][ T7214] __nla_validate_parse: 1 callbacks suppressed [ 100.769044][ T7214] netlink: 288 bytes leftover after parsing attributes in process `syz.1.334'. [ 100.825877][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 100.837125][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 100.851272][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 100.859738][ T5834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 100.867817][ T5834] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 100.875838][ T5834] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 101.002913][ T7236] netlink: 68 bytes leftover after parsing attributes in process `syz.0.338'. [ 101.018903][ T11] bridge_slave_1: left allmulticast mode [ 101.049887][ T11] bridge_slave_1: left promiscuous mode [ 101.078453][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 101.155271][ T11] bridge_slave_0: left allmulticast mode [ 101.160979][ T11] bridge_slave_0: left promiscuous mode [ 101.183885][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 101.656010][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 101.666548][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 101.678067][ T11] bond0 (unregistering): Released all slaves [ 101.717244][ T7265] IPVS: sync thread started: state = BACKUP, mcast_ifn = dummy0, syncid = 1, id = 0 [ 102.230170][ T7294] netlink: 8 bytes leftover after parsing attributes in process `syz.0.349'. [ 102.256522][ T7292] netlink: 4 bytes leftover after parsing attributes in process `syz.1.348'. [ 102.386699][ T11] hsr_slave_0: left promiscuous mode [ 102.459718][ T11] hsr_slave_1: left promiscuous mode [ 102.467549][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 102.480927][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 102.498999][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 102.519592][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 102.831775][ T11] veth1_macvtap: left promiscuous mode [ 102.842714][ T11] veth0_macvtap: left promiscuous mode [ 102.850314][ T11] veth1_vlan: left promiscuous mode [ 102.856096][ T11] veth0_vlan: left promiscuous mode [ 102.963707][ T5844] Bluetooth: hci1: command tx timeout [ 103.274083][ T11] team0 (unregistering): Port device team_slave_1 removed [ 103.313262][ T11] team0 (unregistering): Port device team_slave_0 removed [ 103.837927][ T7227] chnl_net:caif_netlink_parms(): no params data found [ 103.878255][ T7328] netlink: 4 bytes leftover after parsing attributes in process `syz.0.357'. [ 103.954680][ T7328] team_slave_0: entered promiscuous mode [ 103.960672][ T7328] team_slave_1: entered promiscuous mode [ 104.033765][ T7328] macvtap1: entered promiscuous mode [ 104.045046][ T7328] team0: entered promiscuous mode [ 104.055433][ T7328] macvtap1: entered allmulticast mode [ 104.060843][ T7328] team0: entered allmulticast mode [ 104.106177][ T7328] team_slave_0: entered allmulticast mode [ 104.125095][ T7328] team_slave_1: entered allmulticast mode [ 104.134674][ T7328] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 104.178891][ T7334] team0: left allmulticast mode [ 104.183981][ T7334] team_slave_0: left allmulticast mode [ 104.190510][ T7334] team_slave_1: left allmulticast mode [ 104.197405][ T7334] team0: left promiscuous mode [ 104.202854][ T7334] team_slave_0: left promiscuous mode [ 104.208603][ T7334] team_slave_1: left promiscuous mode [ 104.257868][ T7342] netlink: 4 bytes leftover after parsing attributes in process `syz.1.363'. [ 104.666504][ T7364] netlink: 8 bytes leftover after parsing attributes in process `syz.1.364'. [ 104.698617][ T7227] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.707994][ T7227] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.743661][ T7227] bridge_slave_0: entered allmulticast mode [ 104.787204][ T7227] bridge_slave_0: entered promiscuous mode [ 104.836797][ T7227] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.838971][ T7375] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 104.859962][ T7227] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.888094][ T7227] bridge_slave_1: entered allmulticast mode [ 104.916799][ T7227] bridge_slave_1: entered promiscuous mode [ 104.945120][ T7378] netlink: 'syz.1.369': attribute type 10 has an invalid length. [ 104.983247][ T7378] netlink: 40 bytes leftover after parsing attributes in process `syz.1.369'. [ 105.053300][ T5844] Bluetooth: hci1: command tx timeout [ 105.172844][ T7387] sysfs: cannot create duplicate filename '/class/ieee80211/!å' [ 105.233404][ T7387] CPU: 1 UID: 0 PID: 7387 Comm: syz.3.372 Not tainted 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 [ 105.233429][ T7387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 105.233439][ T7387] Call Trace: [ 105.233446][ T7387] [ 105.233453][ T7387] dump_stack_lvl+0x241/0x360 [ 105.233481][ T7387] ? __pfx_dump_stack_lvl+0x10/0x10 [ 105.233499][ T7387] ? __pfx__printk+0x10/0x10 [ 105.233532][ T7387] ? __kmalloc_cache_noprof+0x243/0x390 [ 105.233550][ T7387] ? sysfs_warn_dup+0x51/0xa0 [ 105.233578][ T7387] sysfs_warn_dup+0x8e/0xa0 [ 105.233602][ T7387] sysfs_do_create_link_sd+0xbe/0x110 [ 105.233628][ T7387] device_add_class_symlinks+0x1c5/0x250 [ 105.233650][ T7387] device_add+0x553/0xbf0 [ 105.233673][ T7387] wiphy_register+0x1a58/0x27b0 [ 105.233719][ T7387] ? __pfx_wiphy_register+0x10/0x10 [ 105.233736][ T7387] ? minstrel_ht_alloc+0x72b/0x860 [ 105.233764][ T7387] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 105.233791][ T7387] ieee80211_register_hw+0x354e/0x4240 [ 105.233827][ T7387] ? ieee80211_register_hw+0x1641/0x4240 [ 105.233859][ T7387] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 105.233893][ T7387] ? __asan_memset+0x23/0x50 [ 105.233914][ T7387] ? __hrtimer_init+0x170/0x250 [ 105.233940][ T7387] mac80211_hwsim_new_radio+0x2a9f/0x4aa0 [ 105.233994][ T7387] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 105.234018][ T7387] ? kstrndup+0x5c/0xb0 [ 105.234038][ T7387] ? __asan_memcpy+0x40/0x70 [ 105.234063][ T7387] hwsim_new_radio_nl+0xece/0x2290 [ 105.234099][ T7387] ? __pfx___nla_validate_parse+0x10/0x10 [ 105.234126][ T7387] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 105.234184][ T7387] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 105.234215][ T7387] genl_rcv_msg+0xb14/0xec0 [ 105.234245][ T7387] ? __pfx_genl_rcv_msg+0x10/0x10 [ 105.234296][ T7387] ? __pfx_lock_acquire+0x10/0x10 [ 105.234317][ T7387] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 105.234341][ T7387] ? __pfx___might_resched+0x10/0x10 [ 105.234372][ T7387] netlink_rcv_skb+0x1e3/0x430 [ 105.234390][ T7387] ? __pfx_genl_rcv_msg+0x10/0x10 [ 105.234411][ T7387] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 105.234469][ T7387] genl_rcv+0x28/0x40 [ 105.234487][ T7387] netlink_unicast+0x7f6/0x990 [ 105.234520][ T7387] ? __pfx_netlink_unicast+0x10/0x10 [ 105.234540][ T7387] ? __virt_addr_valid+0x45f/0x530 [ 105.234564][ T7387] ? __phys_addr_symbol+0x2f/0x70 [ 105.234587][ T7387] ? __check_object_size+0x47a/0x730 [ 105.234610][ T7387] netlink_sendmsg+0x8e4/0xcb0 [ 105.234641][ T7387] ? __pfx_netlink_sendmsg+0x10/0x10 [ 105.234688][ T7387] ? aa_sock_msg_perm+0x91/0x160 [ 105.234718][ T7387] ? __pfx_netlink_sendmsg+0x10/0x10 [ 105.234733][ T7387] __sock_sendmsg+0x221/0x270 [ 105.234758][ T7387] ____sys_sendmsg+0x52a/0x7e0 [ 105.234786][ T7387] ? __pfx_____sys_sendmsg+0x10/0x10 [ 105.234800][ T7387] ? __fget_files+0x2a/0x410 [ 105.234822][ T7387] ? __fget_files+0x2a/0x410 [ 105.234848][ T7387] __sys_sendmsg+0x269/0x350 [ 105.234871][ T7387] ? __pfx___sys_sendmsg+0x10/0x10 [ 105.234935][ T7387] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 105.234959][ T7387] ? do_syscall_64+0x100/0x230 [ 105.234985][ T7387] ? do_syscall_64+0xb6/0x230 [ 105.235011][ T7387] do_syscall_64+0xf3/0x230 [ 105.235031][ T7387] ? clear_bhb_loop+0x35/0x90 [ 105.235056][ T7387] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.235076][ T7387] RIP: 0033:0x7f4a5478cde9 [ 105.235092][ T7387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.235105][ T7387] RSP: 002b:00007f4a55632038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 105.235124][ T7387] RAX: ffffffffffffffda RBX: 00007f4a549a5fa0 RCX: 00007f4a5478cde9 [ 105.235136][ T7387] RDX: 0000000007000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 105.235147][ T7387] RBP: 00007f4a5480e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 105.235157][ T7387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 105.235167][ T7387] R13: 0000000000000000 R14: 00007f4a549a5fa0 R15: 00007ffc39204788 [ 105.235197][ T7387] [ 105.238861][ T7227] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.647553][ T7403] netlink: 4 bytes leftover after parsing attributes in process `syz.2.374'. [ 105.695470][ T7227] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.851220][ T7412] openvswitch: netlink: Missing valid actions attribute. [ 105.866282][ T7412] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 105.889000][ T7227] team0: Port device team_slave_0 added [ 105.901063][ T7418] netlink: 4 bytes leftover after parsing attributes in process `syz.3.377'. [ 106.034743][ T7418] dummy0: entered promiscuous mode [ 106.040341][ T7418] macvtap1: entered promiscuous mode [ 106.056315][ T7418] macvtap1: entered allmulticast mode [ 106.079138][ T7418] dummy0: entered allmulticast mode [ 106.131040][ T7227] team0: Port device team_slave_1 added [ 106.196061][ T7419] dummy0: left allmulticast mode [ 106.209451][ T7419] dummy0: left promiscuous mode [ 106.340769][ T7227] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 106.364162][ T7227] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.399875][ T7227] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 106.486320][ T7444] x_tables: ip_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 106.501539][ T7445] netlink: 8 bytes leftover after parsing attributes in process `syz.3.382'. [ 106.517895][ T7227] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 106.536980][ T7227] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 106.603150][ T7227] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 106.658595][ T7450] netlink: 12 bytes leftover after parsing attributes in process `syz.1.384'. [ 106.747363][ T7452] netlink: 28 bytes leftover after parsing attributes in process `syz.1.384'. [ 106.795371][ T7452] netlink: 'syz.1.384': attribute type 7 has an invalid length. [ 106.834297][ T7452] netlink: 'syz.1.384': attribute type 8 has an invalid length. [ 106.853859][ T7452] netlink: 4 bytes leftover after parsing attributes in process `syz.1.384'. [ 106.891893][ T7458] trusted_key: syz.0.388 sent an empty control message without MSG_MORE. [ 107.121292][ T7227] hsr_slave_0: entered promiscuous mode [ 107.127122][ T5844] Bluetooth: hci1: command tx timeout [ 107.149552][ T7227] hsr_slave_1: entered promiscuous mode [ 107.174865][ T7465] netlink: 4 bytes leftover after parsing attributes in process `syz.3.389'. [ 107.223723][ T7465] netlink: 5 bytes leftover after parsing attributes in process `syz.3.389'. [ 107.478908][ T7478] sysfs: cannot create duplicate filename '/class/ieee80211/!å' [ 107.499095][ T7478] CPU: 0 UID: 0 PID: 7478 Comm: syz.0.394 Not tainted 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 [ 107.499121][ T7478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 107.499132][ T7478] Call Trace: [ 107.499139][ T7478] [ 107.499147][ T7478] dump_stack_lvl+0x241/0x360 [ 107.499175][ T7478] ? __pfx_dump_stack_lvl+0x10/0x10 [ 107.499192][ T7478] ? __pfx__printk+0x10/0x10 [ 107.499222][ T7478] ? __kmalloc_cache_noprof+0x243/0x390 [ 107.499239][ T7478] ? sysfs_warn_dup+0x51/0xa0 [ 107.499265][ T7478] sysfs_warn_dup+0x8e/0xa0 [ 107.499286][ T7478] sysfs_do_create_link_sd+0xbe/0x110 [ 107.499310][ T7478] device_add_class_symlinks+0x1c5/0x250 [ 107.499331][ T7478] device_add+0x553/0xbf0 [ 107.499354][ T7478] wiphy_register+0x1a58/0x27b0 [ 107.499389][ T7478] ? __pfx_wiphy_register+0x10/0x10 [ 107.499406][ T7478] ? minstrel_ht_alloc+0x72b/0x860 [ 107.499434][ T7478] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 107.499461][ T7478] ieee80211_register_hw+0x354e/0x4240 [ 107.499498][ T7478] ? ieee80211_register_hw+0x1641/0x4240 [ 107.499529][ T7478] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 107.499563][ T7478] ? __asan_memset+0x23/0x50 [ 107.499592][ T7478] ? __hrtimer_init+0x170/0x250 [ 107.499622][ T7478] mac80211_hwsim_new_radio+0x2a9f/0x4aa0 [ 107.499680][ T7478] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 107.499703][ T7478] ? kstrndup+0x5c/0xb0 [ 107.499723][ T7478] ? __asan_memcpy+0x40/0x70 [ 107.499749][ T7478] hwsim_new_radio_nl+0xece/0x2290 [ 107.499782][ T7478] ? __pfx___nla_validate_parse+0x10/0x10 [ 107.499807][ T7478] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 107.499863][ T7478] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 107.499892][ T7478] genl_rcv_msg+0xb14/0xec0 [ 107.499920][ T7478] ? __pfx_genl_rcv_msg+0x10/0x10 [ 107.499969][ T7478] ? __pfx_lock_acquire+0x10/0x10 [ 107.499989][ T7478] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 107.500010][ T7478] ? __pfx___might_resched+0x10/0x10 [ 107.500039][ T7478] netlink_rcv_skb+0x1e3/0x430 [ 107.500056][ T7478] ? __pfx_genl_rcv_msg+0x10/0x10 [ 107.500077][ T7478] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 107.500130][ T7478] genl_rcv+0x28/0x40 [ 107.500147][ T7478] netlink_unicast+0x7f6/0x990 [ 107.500177][ T7478] ? __pfx_netlink_unicast+0x10/0x10 [ 107.500196][ T7478] ? __virt_addr_valid+0x45f/0x530 [ 107.500218][ T7478] ? __phys_addr_symbol+0x2f/0x70 [ 107.500240][ T7478] ? __check_object_size+0x47a/0x730 [ 107.500261][ T7478] netlink_sendmsg+0x8e4/0xcb0 [ 107.500291][ T7478] ? __pfx_netlink_sendmsg+0x10/0x10 [ 107.500311][ T7478] ? aa_sock_msg_perm+0x91/0x160 [ 107.500339][ T7478] ? __pfx_netlink_sendmsg+0x10/0x10 [ 107.500355][ T7478] __sock_sendmsg+0x221/0x270 [ 107.500378][ T7478] ____sys_sendmsg+0x52a/0x7e0 [ 107.500404][ T7478] ? __pfx_____sys_sendmsg+0x10/0x10 [ 107.500417][ T7478] ? __fget_files+0x2a/0x410 [ 107.500437][ T7478] ? __fget_files+0x2a/0x410 [ 107.500463][ T7478] __sys_sendmsg+0x269/0x350 [ 107.500477][ T7478] ? __pfx_futex_wake+0x10/0x10 [ 107.500502][ T7478] ? __pfx___sys_sendmsg+0x10/0x10 [ 107.500564][ T7478] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 107.500594][ T7478] ? do_syscall_64+0x100/0x230 [ 107.500620][ T7478] ? do_syscall_64+0xb6/0x230 [ 107.500643][ T7478] do_syscall_64+0xf3/0x230 [ 107.500664][ T7478] ? clear_bhb_loop+0x35/0x90 [ 107.500689][ T7478] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.500708][ T7478] RIP: 0033:0x7f43c218cde9 [ 107.500723][ T7478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.500736][ T7478] RSP: 002b:00007f43c2f7c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 107.500754][ T7478] RAX: ffffffffffffffda RBX: 00007f43c23a5fa0 RCX: 00007f43c218cde9 [ 107.500766][ T7478] RDX: 0000000002000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 107.500778][ T7478] RBP: 00007f43c220e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 107.500788][ T7478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 107.500798][ T7478] R13: 0000000000000000 R14: 00007f43c23a5fa0 R15: 00007ffe982885d8 [ 107.500826][ T7478] [ 107.917113][ T7484] netlink: 'syz.1.397': attribute type 1 has an invalid length. [ 107.931311][ T7484] netlink: 'syz.1.397': attribute type 2 has an invalid length. [ 108.002887][ T7491] sctp: [Deprecated]: syz.2.398 (pid 7491) Use of struct sctp_assoc_value in delayed_ack socket option. [ 108.002887][ T7491] Use struct sctp_sack_info instead [ 108.829579][ T7513] xt_CT: No such helper "netbios-ns" [ 108.856730][ T7522] netlink: 8388 bytes leftover after parsing attributes in process `syz.1.407'. [ 108.882141][ T7522] openvswitch: netlink: Flow key attr not present in new flow. [ 109.100215][ T7227] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 109.155074][ T7227] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 109.186312][ T7227] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 109.214582][ T5844] Bluetooth: hci1: command tx timeout [ 109.312699][ T7227] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 109.597903][ T7227] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.618479][ T7558] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 109.671519][ T7227] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.697962][ T1173] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.705143][ T1173] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.728858][ T7561] netlink: 28 bytes leftover after parsing attributes in process `syz.1.417'. [ 109.749547][ T1173] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.756706][ T1173] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.949295][ T7570] netlink: 8388 bytes leftover after parsing attributes in process `syz.1.420'. [ 109.983833][ T7570] openvswitch: netlink: Flow key attr not present in new flow. [ 110.261543][ T7227] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.671329][ T7601] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.844459][ T7601] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 110.962704][ T7601] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.091302][ T7601] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.144028][ T7227] veth0_vlan: entered promiscuous mode [ 111.144980][ T7628] netlink: 8376 bytes leftover after parsing attributes in process `syz.1.434'. [ 111.159475][ T7628] openvswitch: netlink: Flow actions attr not present in new flow. [ 111.196790][ T7227] veth1_vlan: entered promiscuous mode [ 111.242545][ T7601] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.279191][ T7601] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.302570][ T7601] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.322332][ T7601] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.347703][ T7227] veth0_macvtap: entered promiscuous mode [ 111.385198][ T7227] veth1_macvtap: entered promiscuous mode [ 111.408486][ T7227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 111.422329][ T7227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.439425][ T7227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 111.469421][ T7227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.490341][ T7227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 111.508080][ T7227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.519946][ T7227] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 111.564202][ T7227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 111.593866][ T7227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.634779][ T7227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 111.661013][ T7227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.692394][ T7227] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 111.705865][ T7227] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 111.721713][ T7227] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 111.751857][ T7227] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.771571][ T7227] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.790848][ T7227] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 111.821473][ T7227] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 112.006572][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.042375][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.177605][ T1106] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 112.216630][ T1106] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 112.386046][ T7667] sysfs: cannot create duplicate filename '/class/ieee80211/!å' [ 112.414290][ T7667] CPU: 1 UID: 0 PID: 7667 Comm: syz.3.443 Not tainted 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 [ 112.414317][ T7667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 112.414327][ T7667] Call Trace: [ 112.414333][ T7667] [ 112.414341][ T7667] dump_stack_lvl+0x241/0x360 [ 112.414368][ T7667] ? __pfx_dump_stack_lvl+0x10/0x10 [ 112.414386][ T7667] ? __pfx__printk+0x10/0x10 [ 112.414417][ T7667] ? __kmalloc_cache_noprof+0x243/0x390 [ 112.414436][ T7667] ? sysfs_warn_dup+0x51/0xa0 [ 112.414463][ T7667] sysfs_warn_dup+0x8e/0xa0 [ 112.414485][ T7667] sysfs_do_create_link_sd+0xbe/0x110 [ 112.414510][ T7667] device_add_class_symlinks+0x1c5/0x250 [ 112.414532][ T7667] device_add+0x553/0xbf0 [ 112.414555][ T7667] wiphy_register+0x1a58/0x27b0 [ 112.414589][ T7667] ? __pfx_wiphy_register+0x10/0x10 [ 112.414607][ T7667] ? minstrel_ht_alloc+0x72b/0x860 [ 112.414635][ T7667] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 112.414660][ T7667] ieee80211_register_hw+0x354e/0x4240 [ 112.414694][ T7667] ? ieee80211_register_hw+0x1641/0x4240 [ 112.414725][ T7667] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 112.414767][ T7667] ? __asan_memset+0x23/0x50 [ 112.414789][ T7667] ? __hrtimer_init+0x170/0x250 [ 112.414819][ T7667] mac80211_hwsim_new_radio+0x2a9f/0x4aa0 [ 112.414873][ T7667] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 112.414896][ T7667] ? kstrndup+0x5c/0xb0 [ 112.414917][ T7667] ? __asan_memcpy+0x40/0x70 [ 112.414942][ T7667] hwsim_new_radio_nl+0xece/0x2290 [ 112.414977][ T7667] ? __pfx___nla_validate_parse+0x10/0x10 [ 112.415004][ T7667] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 112.415062][ T7667] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 112.415093][ T7667] genl_rcv_msg+0xb14/0xec0 [ 112.415123][ T7667] ? __pfx_genl_rcv_msg+0x10/0x10 [ 112.415172][ T7667] ? __pfx_lock_acquire+0x10/0x10 [ 112.415195][ T7667] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 112.415218][ T7667] ? __pfx___might_resched+0x10/0x10 [ 112.415249][ T7667] netlink_rcv_skb+0x1e3/0x430 [ 112.415267][ T7667] ? __pfx_genl_rcv_msg+0x10/0x10 [ 112.415288][ T7667] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 112.415342][ T7667] genl_rcv+0x28/0x40 [ 112.415358][ T7667] netlink_unicast+0x7f6/0x990 [ 112.415389][ T7667] ? __pfx_netlink_unicast+0x10/0x10 [ 112.415408][ T7667] ? __virt_addr_valid+0x45f/0x530 [ 112.415432][ T7667] ? __phys_addr_symbol+0x2f/0x70 [ 112.415452][ T7667] ? __check_object_size+0x47a/0x730 [ 112.415473][ T7667] netlink_sendmsg+0x8e4/0xcb0 [ 112.415500][ T7667] ? __pfx_netlink_sendmsg+0x10/0x10 [ 112.415524][ T7667] ? aa_sock_msg_perm+0x91/0x160 [ 112.415554][ T7667] ? __pfx_netlink_sendmsg+0x10/0x10 [ 112.415569][ T7667] __sock_sendmsg+0x221/0x270 [ 112.415595][ T7667] ____sys_sendmsg+0x52a/0x7e0 [ 112.415621][ T7667] ? __pfx_____sys_sendmsg+0x10/0x10 [ 112.415636][ T7667] ? __fget_files+0x2a/0x410 [ 112.415667][ T7667] ? __fget_files+0x2a/0x410 [ 112.415696][ T7667] __sys_sendmsg+0x269/0x350 [ 112.415720][ T7667] ? __pfx___sys_sendmsg+0x10/0x10 [ 112.415791][ T7667] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 112.415816][ T7667] ? do_syscall_64+0x100/0x230 [ 112.415843][ T7667] ? do_syscall_64+0xb6/0x230 [ 112.415868][ T7667] do_syscall_64+0xf3/0x230 [ 112.415890][ T7667] ? clear_bhb_loop+0x35/0x90 [ 112.415916][ T7667] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.415936][ T7667] RIP: 0033:0x7f4a5478cde9 [ 112.415952][ T7667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.415966][ T7667] RSP: 002b:00007f4a55632038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 112.415985][ T7667] RAX: ffffffffffffffda RBX: 00007f4a549a5fa0 RCX: 00007f4a5478cde9 [ 112.415997][ T7667] RDX: 0000000005000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 112.416009][ T7667] RBP: 00007f4a5480e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 112.416019][ T7667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 112.416029][ T7667] R13: 0000000000000000 R14: 00007f4a549a5fa0 R15: 00007ffc39204788 [ 112.416059][ T7667] [ 112.935885][ T7673] netlink: 8376 bytes leftover after parsing attributes in process `syz.1.445'. [ 112.955326][ T7673] openvswitch: netlink: Flow actions attr not present in new flow. [ 113.201107][ T7686] lo speed is unknown, defaulting to 1000 [ 113.234474][ T7686] lo speed is unknown, defaulting to 1000 [ 113.245193][ T7686] lo speed is unknown, defaulting to 1000 [ 113.298288][ T7686] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 113.335821][ T7686] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 113.393106][ T7686] lo speed is unknown, defaulting to 1000 [ 113.481089][ T7686] lo speed is unknown, defaulting to 1000 [ 113.546955][ T3451] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.599140][ T7686] lo speed is unknown, defaulting to 1000 [ 113.619093][ T7686] lo speed is unknown, defaulting to 1000 [ 113.628552][ T7686] lo speed is unknown, defaulting to 1000 [ 113.650899][ T7686] lo speed is unknown, defaulting to 1000 [ 113.699217][ T3451] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.801958][ T3451] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.973333][ T3451] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.245025][ T7712] netlink: 12 bytes leftover after parsing attributes in process `syz.1.454'. [ 114.389442][ T7719] netlink: 'syz.3.456': attribute type 10 has an invalid length. [ 114.476145][ T7725] netlink: 28 bytes leftover after parsing attributes in process `syz.2.455'. [ 114.492301][ T3451] bridge_slave_1: left allmulticast mode [ 114.513742][ T3451] bridge_slave_1: left promiscuous mode [ 114.520894][ T3451] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.549115][ T7728] netlink: 28 bytes leftover after parsing attributes in process `syz.1.457'. [ 114.581350][ T7728] netlink: 28 bytes leftover after parsing attributes in process `syz.1.457'. [ 114.611424][ T3451] bridge_slave_0: left allmulticast mode [ 114.639946][ T3451] bridge_slave_0: left promiscuous mode [ 114.653359][ T3451] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.778897][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 114.789590][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 114.801297][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 114.810695][ T5834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 114.819724][ T5834] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 114.827658][ T5834] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 114.914124][ T7738] netlink: 8376 bytes leftover after parsing attributes in process `syz.0.458'. [ 114.927107][ T7738] openvswitch: netlink: Flow actions attr not present in new flow. [ 115.017721][ T7741] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 115.171829][ T7745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 115.282490][ T3451] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 115.296576][ T3451] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 115.310046][ T3451] bond0 (unregistering): Released all slaves [ 115.322224][ T7719] macvlan0: entered allmulticast mode [ 115.349881][ T7728] bridge0: entered promiscuous mode [ 115.405739][ T7728] bridge0: left promiscuous mode [ 115.514482][ T7749] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.730019][ T7749] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.847390][ T7749] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.020402][ T7734] lo speed is unknown, defaulting to 1000 [ 116.101972][ T7749] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.252496][ T3451] hsr_slave_0: left promiscuous mode [ 116.276922][ T3451] hsr_slave_1: left promiscuous mode [ 116.287235][ T3451] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 116.313320][ T3451] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 116.369225][ T3451] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 116.390818][ T3451] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 116.523218][ T8] IPVS: starting estimator thread 0... [ 116.543842][ T3451] veth1_macvtap: left promiscuous mode [ 116.592093][ T3451] veth0_macvtap: left promiscuous mode [ 116.620443][ T3451] veth1_vlan: left promiscuous mode [ 116.635247][ T3451] veth0_vlan: left promiscuous mode [ 116.653592][ T7784] IPVS: using max 21 ests per chain, 50400 per kthread [ 116.884144][ T5844] Bluetooth: hci1: command tx timeout [ 117.129456][ T7799] netlink: 12 bytes leftover after parsing attributes in process `syz.1.474'. [ 117.250316][ T3451] team0 (unregistering): Port device team_slave_1 removed [ 117.290236][ T3451] team0 (unregistering): Port device team_slave_0 removed [ 117.831766][ T7749] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 117.862285][ T7809] netlink: 40 bytes leftover after parsing attributes in process `syz.3.478'. [ 117.894188][ T7749] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.005052][ T7749] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.065273][ T7749] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.182384][ T7824] lo speed is unknown, defaulting to 1000 [ 118.372051][ T7836] ieee802154 phy0 wpan0: encryption failed: -22 [ 118.420624][ T7836] delete_channel: no stack [ 118.451375][ T7836] delete_channel: no stack [ 118.537645][ T7734] chnl_net:caif_netlink_parms(): no params data found [ 118.855266][ T7734] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.893272][ T7734] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.934914][ T7734] bridge_slave_0: entered allmulticast mode [ 118.942121][ T7734] bridge_slave_0: entered promiscuous mode [ 118.973228][ T5844] Bluetooth: hci1: command tx timeout [ 119.017521][ T7869] tipc: Started in network mode [ 119.033488][ T7869] tipc: Node identity , cluster identity 4711 [ 119.048039][ T7734] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.084805][ T7734] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.092060][ T7734] bridge_slave_1: entered allmulticast mode [ 119.126753][ T7734] bridge_slave_1: entered promiscuous mode [ 119.128945][ T7824] netlink: 4 bytes leftover after parsing attributes in process `syz.1.480'. [ 119.229649][ T7824] nlmon0: Master is either lo or non-ether device [ 119.308700][ T7734] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 119.372113][ T7734] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 119.581480][ T7734] team0: Port device team_slave_0 added [ 119.609369][ T7734] team0: Port device team_slave_1 added [ 119.675756][ T7734] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 119.699356][ T7734] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 119.778325][ T7734] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 119.822177][ T7734] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 119.844504][ T7734] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 119.882006][ T7734] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 120.030470][ T7909] sctp: [Deprecated]: syz.3.500 (pid 7909) Use of struct sctp_assoc_value in delayed_ack socket option. [ 120.030470][ T7909] Use struct sctp_sack_info instead [ 120.133479][ T7734] hsr_slave_0: entered promiscuous mode [ 120.163363][ T7734] hsr_slave_1: entered promiscuous mode [ 120.475774][ T7921] lo speed is unknown, defaulting to 1000 [ 120.965509][ T7944] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 121.043529][ T5844] Bluetooth: hci1: command tx timeout [ 121.727720][ T7734] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 121.799779][ T7734] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 121.831874][ T7734] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 121.879650][ T7984] FAULT_INJECTION: forcing a failure. [ 121.879650][ T7984] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 121.881462][ T7734] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 121.963611][ T7984] CPU: 0 UID: 0 PID: 7984 Comm: syz.3.517 Not tainted 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 [ 121.963633][ T7984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 121.963642][ T7984] Call Trace: [ 121.963648][ T7984] [ 121.963656][ T7984] dump_stack_lvl+0x241/0x360 [ 121.963681][ T7984] ? __pfx_dump_stack_lvl+0x10/0x10 [ 121.963698][ T7984] ? __pfx__printk+0x10/0x10 [ 121.963726][ T7984] ? snprintf+0xda/0x120 [ 121.963744][ T7984] should_fail_ex+0x40a/0x550 [ 121.963768][ T7984] _copy_to_user+0x31/0xb0 [ 121.963787][ T7984] simple_read_from_buffer+0xca/0x150 [ 121.963815][ T7984] proc_fail_nth_read+0x1e9/0x250 [ 121.963841][ T7984] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 121.963866][ T7984] ? rw_verify_area+0x243/0x630 [ 121.963885][ T7984] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 121.963909][ T7984] vfs_read+0x1f8/0xb40 [ 121.963930][ T7984] ? fdget_pos+0x254/0x320 [ 121.963948][ T7984] ? __pfx___mutex_lock+0x10/0x10 [ 121.963969][ T7984] ? __pfx_vfs_read+0x10/0x10 [ 121.963987][ T7984] ? do_sys_openat2+0x17a/0x1d0 [ 121.964007][ T7984] ? __fget_files+0x2a/0x410 [ 121.964026][ T7984] ? __fget_files+0x395/0x410 [ 121.964041][ T7984] ? __fget_files+0x2a/0x410 [ 121.964067][ T7984] ksys_read+0x18f/0x2b0 [ 121.964089][ T7984] ? __pfx_ksys_read+0x10/0x10 [ 121.964110][ T7984] ? do_syscall_64+0x100/0x230 [ 121.964133][ T7984] ? do_syscall_64+0xb6/0x230 [ 121.964156][ T7984] do_syscall_64+0xf3/0x230 [ 121.964183][ T7984] ? clear_bhb_loop+0x35/0x90 [ 121.964207][ T7984] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.964226][ T7984] RIP: 0033:0x7f4a5478b7fc [ 121.964242][ T7984] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 121.964254][ T7984] RSP: 002b:00007f4a55632030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 121.964280][ T7984] RAX: ffffffffffffffda RBX: 00007f4a549a5fa0 RCX: 00007f4a5478b7fc [ 121.964292][ T7984] RDX: 000000000000000f RSI: 00007f4a556320a0 RDI: 0000000000000003 [ 121.964302][ T7984] RBP: 00007f4a55632090 R08: 0000000000000000 R09: 0000000000000000 [ 121.964312][ T7984] R10: 0000000000000076 R11: 0000000000000246 R12: 0000000000000001 [ 121.964321][ T7984] R13: 0000000000000001 R14: 00007f4a549a5fa0 R15: 00007ffc39204788 [ 121.964348][ T7984] [ 122.435849][ T7734] 8021q: adding VLAN 0 to HW filter on device bond0 [ 122.460259][ T7734] 8021q: adding VLAN 0 to HW filter on device team0 [ 122.488564][ T73] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.495740][ T73] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.555998][ T3451] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.563162][ T3451] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.632230][ T7989] netlink: 16 bytes leftover after parsing attributes in process `syz.0.520'. [ 122.660769][ T8008] netlink: 20 bytes leftover after parsing attributes in process `syz.3.522'. [ 122.944007][ T8020] netlink: 1284 bytes leftover after parsing attributes in process `syz.1.525'. [ 123.133280][ T5844] Bluetooth: hci1: command tx timeout [ 123.186574][ T7734] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 123.256407][ T8035] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 123.544287][ T8047] netlink: 8 bytes leftover after parsing attributes in process `syz.2.531'. [ 123.583484][ T8047] netlink: 12 bytes leftover after parsing attributes in process `syz.2.531'. [ 123.598202][ T8051] netlink: 'syz.1.532': attribute type 10 has an invalid length. [ 123.606097][ T8047] netlink: 'syz.2.531': attribute type 20 has an invalid length. [ 123.617651][ T8047] netlink: 8 bytes leftover after parsing attributes in process `syz.2.531'. [ 123.815631][ T8051] 8021q: adding VLAN 0 to HW filter on device team0 [ 123.858386][ T8051] bond0: (slave team0): Enslaving as an active interface with an up link [ 124.060832][ T7734] veth0_vlan: entered promiscuous mode [ 124.079712][ T8072] FAULT_INJECTION: forcing a failure. [ 124.079712][ T8072] name failslab, interval 1, probability 0, space 0, times 0 [ 124.148703][ T7734] veth1_vlan: entered promiscuous mode [ 124.163295][ T8072] CPU: 1 UID: 0 PID: 8072 Comm: syz.2.534 Not tainted 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 [ 124.163320][ T8072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 124.163329][ T8072] Call Trace: [ 124.163335][ T8072] [ 124.163342][ T8072] dump_stack_lvl+0x241/0x360 [ 124.163366][ T8072] ? __pfx_dump_stack_lvl+0x10/0x10 [ 124.163381][ T8072] ? __pfx__printk+0x10/0x10 [ 124.163405][ T8072] ? __kmalloc_cache_noprof+0x48/0x390 [ 124.163423][ T8072] ? __pfx___might_resched+0x10/0x10 [ 124.163446][ T8072] should_fail_ex+0x40a/0x550 [ 124.163467][ T8072] should_failslab+0xac/0x100 [ 124.163483][ T8072] __kmalloc_cache_noprof+0x70/0x390 [ 124.163498][ T8072] ? nf_tables_newchain+0x1223/0x3310 [ 124.163519][ T8072] nf_tables_newchain+0x1223/0x3310 [ 124.163556][ T8072] ? __pfx_nf_tables_newchain+0x10/0x10 [ 124.163603][ T8072] ? __pfx_lock_acquire+0x10/0x10 [ 124.163623][ T8072] ? nfnl_pernet+0x23/0x240 [ 124.163641][ T8072] ? __pfx_lock_release+0x10/0x10 [ 124.163670][ T8072] ? __nla_parse+0x40/0x60 [ 124.163692][ T8072] nfnetlink_rcv+0x14e3/0x2ab0 [ 124.163739][ T8072] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 124.163798][ T8072] ? netlink_deliver_tap+0x2e/0x1b0 [ 124.163812][ T8072] ? skb_clone+0x240/0x390 [ 124.163826][ T8072] ? __pfx_lock_release+0x10/0x10 [ 124.163857][ T8072] ? netlink_deliver_tap+0x2e/0x1b0 [ 124.163875][ T8072] netlink_unicast+0x7f6/0x990 [ 124.163903][ T8072] ? __pfx_netlink_unicast+0x10/0x10 [ 124.163923][ T8072] ? __virt_addr_valid+0x45f/0x530 [ 124.163946][ T8072] ? __phys_addr_symbol+0x2f/0x70 [ 124.163968][ T8072] ? __check_object_size+0x47a/0x730 [ 124.163990][ T8072] netlink_sendmsg+0x8e4/0xcb0 [ 124.164019][ T8072] ? __pfx_netlink_sendmsg+0x10/0x10 [ 124.164038][ T8072] ? aa_sock_msg_perm+0x91/0x160 [ 124.164060][ T8072] ? __pfx_netlink_sendmsg+0x10/0x10 [ 124.164072][ T8072] __sock_sendmsg+0x221/0x270 [ 124.164093][ T8072] ____sys_sendmsg+0x52a/0x7e0 [ 124.164115][ T8072] ? __pfx_____sys_sendmsg+0x10/0x10 [ 124.164128][ T8072] ? __fget_files+0x2a/0x410 [ 124.164147][ T8072] ? __fget_files+0x2a/0x410 [ 124.164171][ T8072] __sys_sendmsg+0x269/0x350 [ 124.164192][ T8072] ? __pfx___sys_sendmsg+0x10/0x10 [ 124.164220][ T8072] ? do_sys_openat2+0x17a/0x1d0 [ 124.164262][ T8072] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 124.164285][ T8072] ? do_syscall_64+0x100/0x230 [ 124.164309][ T8072] ? do_syscall_64+0xb6/0x230 [ 124.164332][ T8072] do_syscall_64+0xf3/0x230 [ 124.164351][ T8072] ? clear_bhb_loop+0x35/0x90 [ 124.164375][ T8072] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.164394][ T8072] RIP: 0033:0x7efd7e78cde9 [ 124.164410][ T8072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.164422][ T8072] RSP: 002b:00007efd7f6cd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 124.164440][ T8072] RAX: ffffffffffffffda RBX: 00007efd7e9a5fa0 RCX: 00007efd7e78cde9 [ 124.164451][ T8072] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000004 [ 124.164461][ T8072] RBP: 00007efd7f6cd090 R08: 0000000000000000 R09: 0000000000000000 [ 124.164469][ T8072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 124.164478][ T8072] R13: 0000000000000000 R14: 00007efd7e9a5fa0 R15: 00007ffe028f16c8 [ 124.164502][ T8072] [ 124.273317][ T8057] infiniband syz1: set active [ 124.294449][ T7734] veth0_macvtap: entered promiscuous mode [ 124.363765][ T8057] infiniband syz1: added team_slave_0 [ 124.370844][ T7734] veth1_macvtap: entered promiscuous mode [ 124.469682][ T8057] RDS/IB: syz1: added [ 124.552963][ T8057] smc: adding ib device syz1 with port count 1 [ 124.571639][ T8057] smc: ib device syz1 port 1 has pnetid [ 124.650524][ T8081] netlink: 'syz.2.536': attribute type 3 has an invalid length. [ 124.656485][ T7734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 124.671174][ T8084] netlink: 'syz.2.536': attribute type 3 has an invalid length. [ 124.694612][ T7734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.705316][ T7734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 124.724084][ T7734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.752113][ T7734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 124.758692][ T8088] netlink: 12 bytes leftover after parsing attributes in process `syz.2.536'. [ 124.773884][ T7734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 124.795523][ T7734] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 124.813587][ T8089] netlink: 12 bytes leftover after parsing attributes in process `syz.3.538'. [ 125.016066][ T8091] openvswitch: netlink: Message has 8 unknown bytes. [ 125.016377][ T7734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 125.081849][ T7734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.130302][ T7734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 125.145817][ T7734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.196409][ T7734] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 125.219267][ T7734] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 125.259653][ T7734] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 125.327936][ T7734] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.340032][ T8102] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 125.343887][ T7734] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.365335][ T7734] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.381526][ T7734] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.396714][ T8098] netlink: 'syz.2.541': attribute type 1 has an invalid length. [ 125.426383][ T8098] netlink: 'syz.2.541': attribute type 2 has an invalid length. [ 125.664457][ T8112] tipc: Started in network mode [ 125.684228][ T8112] tipc: Node identity ac1414aa, cluster identity 4711 [ 125.692245][ T8112] tipc: Enabled bearer , priority 10 [ 125.741606][ T8117] tipc: Disabling bearer [ 125.794450][ T73] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.802301][ T73] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 125.916022][ T8120] lo speed is unknown, defaulting to 1000 [ 125.963943][ T8121] netlink: 8 bytes leftover after parsing attributes in process `syz.0.545'. [ 125.972874][ T1173] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 125.999356][ T1173] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 126.437659][ T8137] netlink: 8 bytes leftover after parsing attributes in process `syz.3.549'. [ 127.037824][ T1173] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.283968][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 127.299748][ T8141] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 127.451126][ T1173] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.765585][ T1173] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 127.939772][ T5849] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 127.952301][ T5849] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 127.961130][ T5849] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 127.974321][ T8191] netlink: 'syz.3.557': attribute type 1 has an invalid length. [ 127.981994][ T8191] __nla_validate_parse: 1 callbacks suppressed [ 127.982001][ T8191] netlink: 16 bytes leftover after parsing attributes in process `syz.3.557'. [ 128.011339][ T8191] netlink: 'syz.3.557': attribute type 1 has an invalid length. [ 128.021484][ T1173] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 128.033274][ T5849] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 128.056106][ T8191] netlink: 16 bytes leftover after parsing attributes in process `syz.3.557'. [ 128.065352][ T5849] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 128.072532][ T8191] netlink: 'syz.3.557': attribute type 1 has an invalid length. [ 128.081639][ T8191] netlink: 16 bytes leftover after parsing attributes in process `syz.3.557'. [ 128.090815][ T5849] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 128.098272][ T8191] netlink: 'syz.3.557': attribute type 1 has an invalid length. [ 128.106394][ T8191] netlink: 16 bytes leftover after parsing attributes in process `syz.3.557'. [ 128.115887][ T8191] netlink: 16 bytes leftover after parsing attributes in process `syz.3.557'. [ 128.125076][ T8191] netlink: 16 bytes leftover after parsing attributes in process `syz.3.557'. [ 128.135008][ T8191] netlink: 16 bytes leftover after parsing attributes in process `syz.3.557'. [ 128.144070][ T8191] netlink: 16 bytes leftover after parsing attributes in process `syz.3.557'. [ 128.153192][ T8191] netlink: 16 bytes leftover after parsing attributes in process `syz.3.557'. [ 128.163605][ T8191] netlink: 16 bytes leftover after parsing attributes in process `syz.3.557'. [ 128.320244][ T8186] lo speed is unknown, defaulting to 1000 [ 128.492508][ T1173] bridge_slave_1: left allmulticast mode [ 128.513171][ T1173] bridge_slave_1: left promiscuous mode [ 128.518940][ T1173] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.556690][ T1173] bridge_slave_0: left allmulticast mode [ 128.578233][ T1173] bridge_slave_0: left promiscuous mode [ 128.610537][ T1173] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.146474][ T8240] FAULT_INJECTION: forcing a failure. [ 129.146474][ T8240] name failslab, interval 1, probability 0, space 0, times 0 [ 129.160344][ T8240] CPU: 1 UID: 0 PID: 8240 Comm: syz.3.570 Not tainted 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 [ 129.160366][ T8240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 129.160376][ T8240] Call Trace: [ 129.160381][ T8240] [ 129.160389][ T8240] dump_stack_lvl+0x241/0x360 [ 129.160413][ T8240] ? __pfx_dump_stack_lvl+0x10/0x10 [ 129.160430][ T8240] ? __pfx__printk+0x10/0x10 [ 129.160458][ T8240] ? ref_tracker_alloc+0x332/0x490 [ 129.160481][ T8240] should_fail_ex+0x40a/0x550 [ 129.160503][ T8240] should_failslab+0xac/0x100 [ 129.160521][ T8240] ? skb_clone+0x20c/0x390 [ 129.160537][ T8240] kmem_cache_alloc_noprof+0x70/0x380 [ 129.160557][ T8240] skb_clone+0x20c/0x390 [ 129.160569][ T8240] __netlink_deliver_tap+0x3cc/0x7f0 [ 129.160585][ T8240] ? netlink_deliver_tap+0x2e/0x1b0 [ 129.160593][ T8240] netlink_deliver_tap+0x19d/0x1b0 [ 129.160603][ T8240] netlink_sendskb+0x68/0x140 [ 129.160616][ T8240] netlink_unicast+0x39d/0x990 [ 129.160632][ T8240] ? __pfx_netlink_unicast+0x10/0x10 [ 129.160650][ T8240] nfnetlink_rcv+0x26bd/0x2ab0 [ 129.160678][ T8240] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 129.160713][ T8240] ? netlink_deliver_tap+0x2e/0x1b0 [ 129.160721][ T8240] ? skb_clone+0x240/0x390 [ 129.160737][ T8240] ? __pfx_lock_release+0x10/0x10 [ 129.160757][ T8240] ? netlink_deliver_tap+0x2e/0x1b0 [ 129.160767][ T8240] netlink_unicast+0x7f6/0x990 [ 129.160784][ T8240] ? __pfx_netlink_unicast+0x10/0x10 [ 129.160795][ T8240] ? __virt_addr_valid+0x45f/0x530 [ 129.160809][ T8240] ? __phys_addr_symbol+0x2f/0x70 [ 129.160821][ T8240] ? __check_object_size+0x47a/0x730 [ 129.160832][ T8240] netlink_sendmsg+0x8e4/0xcb0 [ 129.160847][ T8240] ? __pfx_netlink_sendmsg+0x10/0x10 [ 129.160859][ T8240] ? aa_sock_msg_perm+0x91/0x160 [ 129.160874][ T8240] ? __pfx_netlink_sendmsg+0x10/0x10 [ 129.160882][ T8240] __sock_sendmsg+0x221/0x270 [ 129.160895][ T8240] ____sys_sendmsg+0x52a/0x7e0 [ 129.160908][ T8240] ? __pfx_____sys_sendmsg+0x10/0x10 [ 129.160916][ T8240] ? __fget_files+0x2a/0x410 [ 129.160928][ T8240] ? __fget_files+0x2a/0x410 [ 129.160942][ T8240] __sys_sendmsg+0x269/0x350 [ 129.160954][ T8240] ? __pfx___sys_sendmsg+0x10/0x10 [ 129.160969][ T8240] ? do_sys_openat2+0x17a/0x1d0 [ 129.160995][ T8240] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 129.161008][ T8240] ? do_syscall_64+0x100/0x230 [ 129.161022][ T8240] ? do_syscall_64+0xb6/0x230 [ 129.161035][ T8240] do_syscall_64+0xf3/0x230 [ 129.161047][ T8240] ? clear_bhb_loop+0x35/0x90 [ 129.161061][ T8240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.161072][ T8240] RIP: 0033:0x7f4a5478cde9 [ 129.161082][ T8240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.161089][ T8240] RSP: 002b:00007f4a55632038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 129.161100][ T8240] RAX: ffffffffffffffda RBX: 00007f4a549a5fa0 RCX: 00007f4a5478cde9 [ 129.161107][ T8240] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 129.161112][ T8240] RBP: 00007f4a55632090 R08: 0000000000000000 R09: 0000000000000000 [ 129.161117][ T8240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 129.161123][ T8240] R13: 0000000000000000 R14: 00007f4a549a5fa0 R15: 00007ffc39204788 [ 129.161137][ T8240] [ 129.493414][ T5844] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 129.742313][ T1173] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 129.753279][ T1173] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 129.762936][ T1173] bond0 (unregistering): Released all slaves [ 130.163597][ T5844] Bluetooth: hci1: command tx timeout [ 130.664159][ T8251] validate_nla: 61 callbacks suppressed [ 130.664176][ T8251] netlink: 'syz.2.573': attribute type 4 has an invalid length. [ 130.691246][ T8259] IPv6: sit1: Disabled Multicast RS [ 130.716458][ T8275] tipc: Started in network mode [ 130.733191][ T8275] tipc: Node identity , cluster identity 4711 [ 130.740380][ T8275] tipc: Failed to set node id, please configure manually [ 130.767539][ T8275] tipc: Enabling of bearer rejected, failed to enable media [ 130.928699][ T29] audit: type=1800 audit(1738936978.659:6): pid=8291 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.581" name="memory.events" dev="tmpfs" ino=665 res=0 errno=0 [ 130.971707][ T8186] chnl_net:caif_netlink_parms(): no params data found [ 130.993148][ T29] audit: type=1804 audit(1738936978.699:7): pid=8291 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.581" name="/newroot/127/memory.events" dev="tmpfs" ino=665 res=1 errno=0 [ 131.452761][ T1173] hsr_slave_0: left promiscuous mode [ 131.459252][ T1173] hsr_slave_1: left promiscuous mode [ 131.466566][ T1173] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 131.474068][ T1173] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 131.482032][ T1173] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 131.489833][ T1173] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 131.513716][ T1173] veth1_macvtap: left promiscuous mode [ 131.519415][ T1173] veth0_macvtap: left promiscuous mode [ 131.525449][ T1173] veth1_vlan: left promiscuous mode [ 131.530974][ T1173] veth0_vlan: left promiscuous mode [ 132.021611][ T1173] team0 (unregistering): Port device team_slave_1 removed [ 132.059728][ T1173] team0 (unregistering): Port device team_slave_0 removed [ 132.245143][ T5844] Bluetooth: hci1: command tx timeout [ 132.434753][ T8186] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.441941][ T8186] bridge0: port 1(bridge_slave_0) entered disabled state [ 132.450575][ T8186] bridge_slave_0: entered allmulticast mode [ 132.470076][ T8186] bridge_slave_0: entered promiscuous mode [ 132.482669][ T8186] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.498443][ T8186] bridge0: port 2(bridge_slave_1) entered disabled state [ 132.512336][ T8186] bridge_slave_1: entered allmulticast mode [ 132.528598][ T8186] bridge_slave_1: entered promiscuous mode [ 132.817622][ T8186] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 132.867626][ T8186] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 133.042435][ T8186] team0: Port device team_slave_0 added [ 133.053353][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 133.062394][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.069350][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.119540][ T8186] team0: Port device team_slave_1 added [ 133.138709][ T8343] __nla_validate_parse: 62 callbacks suppressed [ 133.138723][ T8343] netlink: 56 bytes leftover after parsing attributes in process `syz.3.594'. [ 133.292121][ T8186] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 133.303439][ T8186] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 133.362309][ T8186] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 133.402527][ T8186] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 133.469783][ T8186] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 133.498558][ T8186] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 133.504390][ T8362] netlink: 32 bytes leftover after parsing attributes in process `syz.0.599'. [ 133.650031][ T8186] hsr_slave_0: entered promiscuous mode [ 133.668945][ T8186] hsr_slave_1: entered promiscuous mode [ 133.808703][ T8374] netlink: 88 bytes leftover after parsing attributes in process `syz.0.604'. [ 134.331173][ T5844] Bluetooth: hci1: command tx timeout [ 134.760103][ T8411] x_tables: duplicate underflow at hook 1 [ 134.829894][ T8186] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 134.854388][ T8416] netlink: 72 bytes leftover after parsing attributes in process `syz.1.614'. [ 134.875001][ T8186] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 134.926153][ T8421] netlink: 4 bytes leftover after parsing attributes in process `syz.1.614'. [ 134.951414][ T8419] bond_slave_0: entered promiscuous mode [ 134.957360][ T8419] bond_slave_1: entered promiscuous mode [ 134.972209][ T8419] macvlan3: entered promiscuous mode [ 134.977713][ T8419] bond0: entered promiscuous mode [ 134.983222][ T8419] bond1: entered promiscuous mode [ 134.988645][ T8419] macvlan3: entered allmulticast mode [ 135.002290][ T8419] bond0: entered allmulticast mode [ 135.007681][ T8419] bond_slave_0: entered allmulticast mode [ 135.019160][ T8419] bond_slave_1: entered allmulticast mode [ 135.025362][ T8419] bond1: entered allmulticast mode [ 135.032052][ T8419] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 135.048127][ T8419] bond0: left allmulticast mode [ 135.055094][ T8427] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 135.057114][ T8419] bond_slave_0: left allmulticast mode [ 135.066323][ T8427] netlink: 'syz.0.618': attribute type 8 has an invalid length. [ 135.071757][ T8419] bond_slave_1: left allmulticast mode [ 135.083233][ T8419] bond1: left allmulticast mode [ 135.088199][ T8419] bond0: left promiscuous mode [ 135.094946][ T8419] bond1: left promiscuous mode [ 135.100348][ T8419] bond_slave_0: left promiscuous mode [ 135.105812][ T8419] bond_slave_1: left promiscuous mode [ 135.132719][ T8186] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 135.184612][ T8186] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 135.359900][ T8186] 8021q: adding VLAN 0 to HW filter on device bond0 [ 135.406765][ T8186] 8021q: adding VLAN 0 to HW filter on device team0 [ 135.439381][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.446550][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 135.461359][ T73] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.468531][ T73] bridge0: port 2(bridge_slave_1) entered forwarding state [ 135.494449][ T8436] netlink: 'syz.2.621': attribute type 10 has an invalid length. [ 135.507813][ T8436] netlink: 40 bytes leftover after parsing attributes in process `syz.2.621'. [ 135.587604][ T8436] geneve0: entered promiscuous mode [ 135.614295][ T8436] team0: Failed to send port change of device geneve0 via netlink (err -105) [ 135.631938][ T8436] team0: Failed to send options change via netlink (err -105) [ 135.640805][ T8436] team0: Port device geneve0 added [ 135.720240][ T8186] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 135.778680][ T8186] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 135.814851][ T8443] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 135.821863][ T6622] IPVS: starting estimator thread 0... [ 135.832626][ T8445] netlink: 'syz.0.625': attribute type 2 has an invalid length. [ 135.886694][ T8452] FAULT_INJECTION: forcing a failure. [ 135.886694][ T8452] name failslab, interval 1, probability 0, space 0, times 0 [ 135.939061][ T8452] CPU: 0 UID: 0 PID: 8452 Comm: syz.2.627 Not tainted 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 [ 135.939088][ T8452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 135.939098][ T8452] Call Trace: [ 135.939105][ T8452] [ 135.939112][ T8452] dump_stack_lvl+0x241/0x360 [ 135.939137][ T8452] ? __pfx_dump_stack_lvl+0x10/0x10 [ 135.939155][ T8452] ? __pfx__printk+0x10/0x10 [ 135.939181][ T8452] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 135.939201][ T8452] ? __pfx___might_resched+0x10/0x10 [ 135.939225][ T8452] should_fail_ex+0x40a/0x550 [ 135.939248][ T8452] should_failslab+0xac/0x100 [ 135.939266][ T8452] kmem_cache_alloc_node_noprof+0x77/0x380 [ 135.939284][ T8452] ? __alloc_skb+0x1c3/0x440 [ 135.939309][ T8452] __alloc_skb+0x1c3/0x440 [ 135.939336][ T8452] ? __pfx___alloc_skb+0x10/0x10 [ 135.939359][ T8452] ? netlink_autobind+0xd6/0x2f0 [ 135.939374][ T8452] ? netlink_autobind+0x2b0/0x2f0 [ 135.939395][ T8452] netlink_sendmsg+0x638/0xcb0 [ 135.939423][ T8452] ? __pfx_netlink_sendmsg+0x10/0x10 [ 135.939444][ T8452] ? aa_sock_msg_perm+0x91/0x160 [ 135.939471][ T8452] ? __pfx_netlink_sendmsg+0x10/0x10 [ 135.939485][ T8452] __sock_sendmsg+0x221/0x270 [ 135.939508][ T8452] ____sys_sendmsg+0x52a/0x7e0 [ 135.939532][ T8452] ? __pfx_____sys_sendmsg+0x10/0x10 [ 135.939547][ T8452] ? __fget_files+0x2a/0x410 [ 135.939567][ T8452] ? __fget_files+0x2a/0x410 [ 135.939592][ T8452] __sys_sendmsg+0x269/0x350 [ 135.939620][ T8452] ? __pfx___sys_sendmsg+0x10/0x10 [ 135.939648][ T8452] ? do_sys_openat2+0x17a/0x1d0 [ 135.939691][ T8452] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 135.939714][ T8452] ? do_syscall_64+0x100/0x230 [ 135.939738][ T8452] ? do_syscall_64+0xb6/0x230 [ 135.939761][ T8452] do_syscall_64+0xf3/0x230 [ 135.939781][ T8452] ? clear_bhb_loop+0x35/0x90 [ 135.939805][ T8452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 135.939825][ T8452] RIP: 0033:0x7efd7e78cde9 [ 135.939840][ T8452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 135.939854][ T8452] RSP: 002b:00007efd7f6cd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 135.939872][ T8452] RAX: ffffffffffffffda RBX: 00007efd7e9a5fa0 RCX: 00007efd7e78cde9 [ 135.939884][ T8452] RDX: 0000000000000000 RSI: 00002000000018c0 RDI: 0000000000000003 [ 135.939895][ T8452] RBP: 00007efd7f6cd090 R08: 0000000000000000 R09: 0000000000000000 [ 135.939905][ T8452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 135.939916][ T8452] R13: 0000000000000000 R14: 00007efd7e9a5fa0 R15: 00007ffe028f16c8 [ 135.939942][ T8452] [ 135.949654][ T8454] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 135.998411][ T8447] IPVS: using max 30 ests per chain, 72000 per kthread [ 136.164938][ T6622] lo speed is unknown, defaulting to 1000 [ 136.267895][ T8186] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 136.403692][ T5844] Bluetooth: hci1: command tx timeout [ 136.796281][ T8487] netlink: 24 bytes leftover after parsing attributes in process `syz.3.636'. [ 136.824266][ T8487] netlink: 24 bytes leftover after parsing attributes in process `syz.3.636'. [ 136.882673][ T8489] netlink: 8 bytes leftover after parsing attributes in process `syz.1.638'. [ 136.911159][ T8186] veth0_vlan: entered promiscuous mode [ 136.947420][ T8186] veth1_vlan: entered promiscuous mode [ 137.004107][ T8489] lo speed is unknown, defaulting to 1000 [ 137.025598][ T8186] veth0_macvtap: entered promiscuous mode [ 137.054251][ T8186] veth1_macvtap: entered promiscuous mode [ 137.062430][ T8496] netlink: 8 bytes leftover after parsing attributes in process `syz.3.639'. [ 137.109042][ T8186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 137.162420][ T8186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.189906][ T8186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 137.220393][ T8186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.230860][ T8186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 137.241602][ T8186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.268808][ T8186] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 137.386064][ T8186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 137.435404][ T8186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.446430][ T8186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 137.462417][ T8186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.472932][ T8186] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 137.483980][ T8186] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 137.495541][ T8186] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 137.511571][ T8186] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.522046][ T8186] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.531480][ T8186] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.540921][ T8186] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 137.966497][ T8529] openvswitch: netlink: Key 22 has unexpected len 2 expected 4 [ 138.057028][ T2902] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 138.068684][ T2902] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 138.199350][ T8539] __nla_validate_parse: 2 callbacks suppressed [ 138.199367][ T8539] netlink: 8 bytes leftover after parsing attributes in process `syz.0.654'. [ 138.215718][ T8539] netlink: 'syz.0.654': attribute type 1 has an invalid length. [ 138.224356][ T8539] netlink: 176 bytes leftover after parsing attributes in process `syz.0.654'. [ 138.488689][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 138.502149][ T8543] netlink: 44 bytes leftover after parsing attributes in process `syz.3.651'. [ 138.572310][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 138.665670][ T8543] nbd: must specify at least one socket [ 138.899968][ T8554] lo speed is unknown, defaulting to 1000 [ 139.620066][ T8595] FAULT_INJECTION: forcing a failure. [ 139.620066][ T8595] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 139.693591][ T8595] CPU: 0 UID: 0 PID: 8595 Comm: syz.3.665 Not tainted 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 [ 139.693618][ T8595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 139.693628][ T8595] Call Trace: [ 139.693635][ T8595] [ 139.693642][ T8595] dump_stack_lvl+0x241/0x360 [ 139.693667][ T8595] ? __pfx_dump_stack_lvl+0x10/0x10 [ 139.693685][ T8595] ? __pfx__printk+0x10/0x10 [ 139.693711][ T8595] ? __pfx_lock_release+0x10/0x10 [ 139.693740][ T8595] should_fail_ex+0x40a/0x550 [ 139.693763][ T8595] _copy_from_iter+0x1e9/0x1c20 [ 139.693786][ T8595] ? __virt_addr_valid+0x183/0x530 [ 139.693818][ T8595] ? __alloc_skb+0x28f/0x440 [ 139.693840][ T8595] ? __pfx__copy_from_iter+0x10/0x10 [ 139.693864][ T8595] ? __virt_addr_valid+0x183/0x530 [ 139.693886][ T8595] ? __virt_addr_valid+0x183/0x530 [ 139.693906][ T8595] ? __virt_addr_valid+0x45f/0x530 [ 139.693928][ T8595] ? __phys_addr_symbol+0x2f/0x70 [ 139.693949][ T8595] ? __check_object_size+0x47a/0x730 [ 139.693971][ T8595] netlink_sendmsg+0x73d/0xcb0 [ 139.694001][ T8595] ? __pfx_netlink_sendmsg+0x10/0x10 [ 139.694021][ T8595] ? aa_sock_msg_perm+0x91/0x160 [ 139.694048][ T8595] ? __pfx_netlink_sendmsg+0x10/0x10 [ 139.694063][ T8595] __sock_sendmsg+0x221/0x270 [ 139.694085][ T8595] ____sys_sendmsg+0x52a/0x7e0 [ 139.694108][ T8595] ? __pfx_____sys_sendmsg+0x10/0x10 [ 139.694122][ T8595] ? __fget_files+0x2a/0x410 [ 139.694142][ T8595] ? __fget_files+0x2a/0x410 [ 139.694167][ T8595] __sys_sendmsg+0x269/0x350 [ 139.694187][ T8595] ? __pfx___sys_sendmsg+0x10/0x10 [ 139.694215][ T8595] ? do_sys_openat2+0x17a/0x1d0 [ 139.694266][ T8595] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 139.694289][ T8595] ? do_syscall_64+0x100/0x230 [ 139.694312][ T8595] ? do_syscall_64+0xb6/0x230 [ 139.694335][ T8595] do_syscall_64+0xf3/0x230 [ 139.694356][ T8595] ? clear_bhb_loop+0x35/0x90 [ 139.694379][ T8595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.694399][ T8595] RIP: 0033:0x7f4a5478cde9 [ 139.694414][ T8595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 139.694426][ T8595] RSP: 002b:00007f4a55632038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 139.694445][ T8595] RAX: ffffffffffffffda RBX: 00007f4a549a5fa0 RCX: 00007f4a5478cde9 [ 139.694457][ T8595] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 139.694467][ T8595] RBP: 00007f4a55632090 R08: 0000000000000000 R09: 0000000000000000 [ 139.694476][ T8595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 139.694486][ T8595] R13: 0000000000000000 R14: 00007f4a549a5fa0 R15: 00007ffc39204788 [ 139.694510][ T8595] [ 139.715745][ T3451] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 139.989141][ T8572] DRBG: could not allocate digest TFM handle: hmac(sha512) [ 140.246671][ T3451] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.308247][ T8557] netlink: 60 bytes leftover after parsing attributes in process `syz.1.657'. [ 140.348186][ T3451] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.431589][ T3451] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.641212][ T3451] bridge_slave_1: left allmulticast mode [ 140.661370][ T8622] FAULT_INJECTION: forcing a failure. [ 140.661370][ T8622] name failslab, interval 1, probability 0, space 0, times 0 [ 140.673353][ T3451] bridge_slave_1: left promiscuous mode [ 140.679724][ T3451] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.719531][ T8622] CPU: 0 UID: 0 PID: 8622 Comm: syz.3.669 Not tainted 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 [ 140.719556][ T8622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 140.719566][ T8622] Call Trace: [ 140.719573][ T8622] [ 140.719580][ T8622] dump_stack_lvl+0x241/0x360 [ 140.719606][ T8622] ? __pfx_dump_stack_lvl+0x10/0x10 [ 140.719623][ T8622] ? __pfx__printk+0x10/0x10 [ 140.719649][ T8622] ? __kmalloc_cache_noprof+0x48/0x390 [ 140.719668][ T8622] ? __pfx___might_resched+0x10/0x10 [ 140.719692][ T8622] should_fail_ex+0x40a/0x550 [ 140.719715][ T8622] should_failslab+0xac/0x100 [ 140.719735][ T8622] __kmalloc_cache_noprof+0x70/0x390 [ 140.719751][ T8622] ? nfnetlink_rcv+0x1265/0x2ab0 [ 140.719775][ T8622] nfnetlink_rcv+0x1265/0x2ab0 [ 140.719833][ T8622] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 140.719899][ T8622] ? netlink_deliver_tap+0x2e/0x1b0 [ 140.719914][ T8622] ? skb_clone+0x240/0x390 [ 140.719931][ T8622] ? __pfx_lock_release+0x10/0x10 [ 140.719966][ T8622] ? netlink_deliver_tap+0x2e/0x1b0 [ 140.719985][ T8622] netlink_unicast+0x7f6/0x990 [ 140.720015][ T8622] ? __pfx_netlink_unicast+0x10/0x10 [ 140.720034][ T8622] ? __virt_addr_valid+0x45f/0x530 [ 140.720057][ T8622] ? __phys_addr_symbol+0x2f/0x70 [ 140.720078][ T8622] ? __check_object_size+0x47a/0x730 [ 140.720099][ T8622] netlink_sendmsg+0x8e4/0xcb0 [ 140.720127][ T8622] ? __pfx_netlink_sendmsg+0x10/0x10 [ 140.720148][ T8622] ? aa_sock_msg_perm+0x91/0x160 [ 140.720174][ T8622] ? __pfx_netlink_sendmsg+0x10/0x10 [ 140.720189][ T8622] __sock_sendmsg+0x221/0x270 [ 140.720212][ T8622] ____sys_sendmsg+0x52a/0x7e0 [ 140.720236][ T8622] ? __pfx_____sys_sendmsg+0x10/0x10 [ 140.720249][ T8622] ? __fget_files+0x2a/0x410 [ 140.720270][ T8622] ? __fget_files+0x2a/0x410 [ 140.720295][ T8622] __sys_sendmsg+0x269/0x350 [ 140.720316][ T8622] ? __pfx___sys_sendmsg+0x10/0x10 [ 140.720345][ T8622] ? do_sys_openat2+0x17a/0x1d0 [ 140.720387][ T8622] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 140.720409][ T8622] ? do_syscall_64+0x100/0x230 [ 140.720434][ T8622] ? do_syscall_64+0xb6/0x230 [ 140.720457][ T8622] do_syscall_64+0xf3/0x230 [ 140.720477][ T8622] ? clear_bhb_loop+0x35/0x90 [ 140.720501][ T8622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.720521][ T8622] RIP: 0033:0x7f4a5478cde9 [ 140.720536][ T8622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.720550][ T8622] RSP: 002b:00007f4a55632038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 140.720568][ T8622] RAX: ffffffffffffffda RBX: 00007f4a549a5fa0 RCX: 00007f4a5478cde9 [ 140.720580][ T8622] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000004 [ 140.720589][ T8622] RBP: 00007f4a55632090 R08: 0000000000000000 R09: 0000000000000000 [ 140.720599][ T8622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 140.720609][ T8622] R13: 0000000000000000 R14: 00007f4a549a5fa0 R15: 00007ffc39204788 [ 140.720633][ T8622] [ 141.094263][ T3451] bridge_slave_0: left allmulticast mode [ 141.099959][ T3451] bridge_slave_0: left promiscuous mode [ 141.111723][ T3451] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.273840][ T5849] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 141.317338][ T5849] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 141.328912][ T5849] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 141.347566][ T5849] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 141.356200][ T5849] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 141.368920][ T5849] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 141.542648][ T8643] Bluetooth: MGMT ver 1.23 [ 141.686797][ T3451] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 141.698680][ T3451] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 141.710203][ T3451] bond0 (unregistering): Released all slaves [ 142.151673][ T8660] netlink: 'syz.2.674': attribute type 10 has an invalid length. [ 142.168828][ T8633] lo speed is unknown, defaulting to 1000 [ 142.183727][ T8660] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.192185][ T8660] bridge0: port 1(bridge_slave_0) entered disabled state [ 142.270330][ T8662] netlink: 40 bytes leftover after parsing attributes in process `syz.3.676'. [ 142.292061][ T8660] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.299300][ T8660] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.300332][ T8664] netlink: 28 bytes leftover after parsing attributes in process `syz.0.678'. [ 142.306760][ T8660] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.306876][ T8660] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.358185][ T8660] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 142.368585][ T11] [ 142.371136][ T11] ============================= [ 142.376167][ T11] WARNING: suspicious RCU usage [ 142.381055][ T11] 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 Not tainted [ 142.388857][ T11] ----------------------------- [ 142.393900][ T11] net/sched/sch_generic.c:1251 suspicious rcu_dereference_protected() usage! [ 142.402669][ T11] [ 142.402669][ T11] other info that might help us debug this: [ 142.402669][ T11] [ 142.413443][ T11] [ 142.413443][ T11] rcu_scheduler_active = 2, debug_locks = 1 [ 142.417767][ T8666] netlink: 2 bytes leftover after parsing attributes in process `syz.1.677'. [ 142.421506][ T11] 3 locks held by kworker/u8:0/11: [ 142.421561][ T11] #0: ffff88807611b948 ((wq_completion)bond0#4){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 142.447236][ T11] #1: ffffc90000107c60 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 142.460218][ T11] #2: ffffffff8e9387e0 (rcu_read_lock){....}-{1:3}, at: bond_mii_monitor+0x174/0x3170 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 142.470218][ T11] [ 142.470218][ T11] stack backtrace: [ 142.476403][ T11] CPU: 1 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 [ 142.476423][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 142.476433][ T11] Workqueue: bond0 bond_mii_monitor [ 142.476459][ T11] Call Trace: [ 142.476464][ T11] [ 142.476472][ T11] dump_stack_lvl+0x241/0x360 [ 142.476493][ T11] ? __pfx_dump_stack_lvl+0x10/0x10 [ 142.476510][ T11] ? __pfx__printk+0x10/0x10 [ 142.476552][ T11] lockdep_rcu_suspicious+0x226/0x340 [ 142.476579][ T11] dev_activate+0xf8/0x1240 [ 142.476595][ T11] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 142.476613][ T11] ? lockdep_hardirqs_on+0x99/0x150 [ 142.476648][ T11] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 142.476667][ T11] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 142.476687][ T11] ? __pfx_dev_activate+0x10/0x10 [ 142.476702][ T11] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 142.476720][ T11] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 142.476742][ T11] ? rfc2863_policy+0x10e/0x3f0 [ 142.476766][ T11] linkwatch_do_dev+0xfb/0x170 [ 142.476788][ T11] ethtool_op_get_link+0x15/0x60 [ 142.476804][ T11] ? __pfx_ethtool_op_get_link+0x10/0x10 [ 142.476820][ T11] bond_check_dev_link+0x1f1/0x3f0 [ 142.476845][ T11] ? __pfx_bond_check_dev_link+0x10/0x10 [ 142.476884][ T11] bond_mii_monitor+0x49a/0x3170 [ 142.476915][ T11] ? __lock_acquire+0x1397/0x2100 [ 142.476935][ T11] ? bond_mii_monitor+0x174/0x3170 [ 142.476960][ T11] ? do_raw_spin_unlock+0x13c/0x8b0 [ 142.476984][ T11] ? __pfx_bond_mii_monitor+0x10/0x10 [ 142.477020][ T11] ? __pfx_lock_acquire+0x10/0x10 [ 142.477042][ T11] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 142.477064][ T11] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 142.477096][ T11] ? process_scheduled_works+0x976/0x1840 [ 142.477115][ T11] process_scheduled_works+0xa66/0x1840 [ 142.477162][ T11] ? __pfx_process_scheduled_works+0x10/0x10 [ 142.477189][ T11] ? assign_work+0x364/0x3d0 [ 142.477213][ T11] worker_thread+0x870/0xd30 [ 142.477245][ T11] ? __kthread_parkme+0x169/0x1d0 [ 142.477269][ T11] ? __pfx_worker_thread+0x10/0x10 [ 142.477287][ T11] kthread+0x7a9/0x920 [ 142.477305][ T11] ? __pfx_kthread+0x10/0x10 [ 142.477327][ T11] ? __pfx_worker_thread+0x10/0x10 [ 142.477346][ T11] ? __pfx_kthread+0x10/0x10 [ 142.477364][ T11] ? __pfx_kthread+0x10/0x10 [ 142.477387][ T11] ? __pfx_kthread+0x10/0x10 [ 142.477406][ T11] ? _raw_spin_unlock_irq+0x23/0x50 [ 142.477423][ T11] ? lockdep_hardirqs_on+0x99/0x150 [ 142.477441][ T11] ? __pfx_kthread+0x10/0x10 [ 142.477463][ T11] ret_from_fork+0x4b/0x80 [ 142.477482][ T11] ? __pfx_kthread+0x10/0x10 [ 142.477502][ T11] ret_from_fork_asm+0x1a/0x30 [ 142.477543][ T11] [ 142.902829][ T11] [ 142.905268][ T11] ============================= [ 142.910124][ T11] WARNING: suspicious RCU usage [ 142.915028][ T11] 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 Not tainted [ 142.922146][ T11] ----------------------------- [ 142.927343][ T11] net/sched/sch_generic.c:1229 suspicious rcu_dereference_protected() usage! [ 142.936143][ T11] [ 142.936143][ T11] other info that might help us debug this: [ 142.936143][ T11] [ 142.946479][ T11] [ 142.946479][ T11] rcu_scheduler_active = 2, debug_locks = 1 [ 142.954874][ T11] 3 locks held by kworker/u8:0/11: [ 142.959991][ T11] #0: ffff88807611b948 ((wq_completion)bond0#4){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 142.971189][ T11] #1: ffffc90000107c60 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 142.984538][ T11] #2: ffffffff8e9387e0 (rcu_read_lock){....}-{1:3}, at: bond_mii_monitor+0x174/0x3170 [ 142.994307][ T11] [ 142.994307][ T11] stack backtrace: [ 143.000247][ T11] CPU: 1 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 [ 143.000267][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 143.000278][ T11] Workqueue: bond0 bond_mii_monitor [ 143.000304][ T11] Call Trace: [ 143.000310][ T11] [ 143.000317][ T11] dump_stack_lvl+0x241/0x360 [ 143.000340][ T11] ? __pfx_dump_stack_lvl+0x10/0x10 [ 143.000357][ T11] ? __pfx__printk+0x10/0x10 [ 143.000395][ T11] lockdep_rcu_suspicious+0x226/0x340 [ 143.000423][ T11] transition_one_qdisc+0x8e/0x1c0 [ 143.000444][ T11] dev_activate+0x838/0x1240 [ 143.000475][ T11] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 143.000497][ T11] ? __pfx_dev_activate+0x10/0x10 [ 143.000511][ T11] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 143.000529][ T11] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 143.000552][ T11] ? rfc2863_policy+0x10e/0x3f0 [ 143.000576][ T11] linkwatch_do_dev+0xfb/0x170 [ 143.000599][ T11] ethtool_op_get_link+0x15/0x60 [ 143.000615][ T11] ? __pfx_ethtool_op_get_link+0x10/0x10 [ 143.000631][ T11] bond_check_dev_link+0x1f1/0x3f0 [ 143.000656][ T11] ? __pfx_bond_check_dev_link+0x10/0x10 [ 143.000695][ T11] bond_mii_monitor+0x49a/0x3170 [ 143.000726][ T11] ? __lock_acquire+0x1397/0x2100 [ 143.000746][ T11] ? bond_mii_monitor+0x174/0x3170 [ 143.000772][ T11] ? do_raw_spin_unlock+0x13c/0x8b0 [ 143.000796][ T11] ? __pfx_bond_mii_monitor+0x10/0x10 [ 143.000832][ T11] ? __pfx_lock_acquire+0x10/0x10 [ 143.000853][ T11] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 143.000878][ T11] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 143.000909][ T11] ? process_scheduled_works+0x976/0x1840 [ 143.000929][ T11] process_scheduled_works+0xa66/0x1840 [ 143.000976][ T11] ? __pfx_process_scheduled_works+0x10/0x10 [ 143.001004][ T11] ? assign_work+0x364/0x3d0 [ 143.001028][ T11] worker_thread+0x870/0xd30 [ 143.001062][ T11] ? __kthread_parkme+0x169/0x1d0 [ 143.001085][ T11] ? __pfx_worker_thread+0x10/0x10 [ 143.001105][ T11] kthread+0x7a9/0x920 [ 143.001124][ T11] ? __pfx_kthread+0x10/0x10 [ 143.001146][ T11] ? __pfx_worker_thread+0x10/0x10 [ 143.001165][ T11] ? __pfx_kthread+0x10/0x10 [ 143.001183][ T11] ? __pfx_kthread+0x10/0x10 [ 143.001207][ T11] ? __pfx_kthread+0x10/0x10 [ 143.001225][ T11] ? _raw_spin_unlock_irq+0x23/0x50 [ 143.001243][ T11] ? lockdep_hardirqs_on+0x99/0x150 [ 143.001262][ T11] ? __pfx_kthread+0x10/0x10 [ 143.001284][ T11] ret_from_fork+0x4b/0x80 [ 143.001303][ T11] ? __pfx_kthread+0x10/0x10 [ 143.001324][ T11] ret_from_fork_asm+0x1a/0x30 [ 143.001357][ T11] [ 143.001411][ T11] [ 143.263520][ T11] ============================= [ 143.268395][ T11] WARNING: suspicious RCU usage [ 143.273332][ T11] 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 Not tainted [ 143.280447][ T11] ----------------------------- [ 143.285797][ T11] ./include/linux/rtnetlink.h:163 suspicious rcu_dereference_protected() usage! [ 143.294872][ T11] [ 143.294872][ T11] other info that might help us debug this: [ 143.294872][ T11] [ 143.305214][ T11] [ 143.305214][ T11] rcu_scheduler_active = 2, debug_locks = 1 [ 143.313562][ T11] 3 locks held by kworker/u8:0/11: [ 143.318684][ T11] #0: ffff88807611b948 ((wq_completion)bond0#4){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 143.329873][ T11] #1: ffffc90000107c60 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 143.342810][ T11] #2: ffffffff8e9387e0 (rcu_read_lock){....}-{1:3}, at: bond_mii_monitor+0x174/0x3170 [ 143.352768][ T11] [ 143.352768][ T11] stack backtrace: [ 143.358726][ T11] CPU: 1 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 [ 143.358744][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 143.358754][ T11] Workqueue: bond0 bond_mii_monitor [ 143.358780][ T11] Call Trace: [ 143.358786][ T11] [ 143.358793][ T11] dump_stack_lvl+0x241/0x360 [ 143.358814][ T11] ? __pfx_dump_stack_lvl+0x10/0x10 [ 143.358830][ T11] ? __pfx__printk+0x10/0x10 [ 143.358863][ T11] lockdep_rcu_suspicious+0x226/0x340 [ 143.358890][ T11] dev_activate+0x925/0x1240 [ 143.358916][ T11] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 143.358937][ T11] ? __pfx_dev_activate+0x10/0x10 [ 143.358951][ T11] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 143.358970][ T11] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 143.358991][ T11] ? rfc2863_policy+0x10e/0x3f0 [ 143.359016][ T11] linkwatch_do_dev+0xfb/0x170 [ 143.359038][ T11] ethtool_op_get_link+0x15/0x60 [ 143.359055][ T11] ? __pfx_ethtool_op_get_link+0x10/0x10 [ 143.359072][ T11] bond_check_dev_link+0x1f1/0x3f0 [ 143.359098][ T11] ? __pfx_bond_check_dev_link+0x10/0x10 [ 143.359138][ T11] bond_mii_monitor+0x49a/0x3170 [ 143.359170][ T11] ? __lock_acquire+0x1397/0x2100 [ 143.359191][ T11] ? bond_mii_monitor+0x174/0x3170 [ 143.359216][ T11] ? do_raw_spin_unlock+0x13c/0x8b0 [ 143.359241][ T11] ? __pfx_bond_mii_monitor+0x10/0x10 [ 143.359276][ T11] ? __pfx_lock_acquire+0x10/0x10 [ 143.359297][ T11] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 143.359321][ T11] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 143.359353][ T11] ? process_scheduled_works+0x976/0x1840 [ 143.359373][ T11] process_scheduled_works+0xa66/0x1840 [ 143.359427][ T11] ? __pfx_process_scheduled_works+0x10/0x10 [ 143.359456][ T11] ? assign_work+0x364/0x3d0 [ 143.359479][ T11] worker_thread+0x870/0xd30 [ 143.359512][ T11] ? __kthread_parkme+0x169/0x1d0 [ 143.359536][ T11] ? __pfx_worker_thread+0x10/0x10 [ 143.359555][ T11] kthread+0x7a9/0x920 [ 143.359574][ T11] ? __pfx_kthread+0x10/0x10 [ 143.359596][ T11] ? __pfx_worker_thread+0x10/0x10 [ 143.359615][ T11] ? __pfx_kthread+0x10/0x10 [ 143.359634][ T11] ? __pfx_kthread+0x10/0x10 [ 143.359656][ T11] ? __pfx_kthread+0x10/0x10 [ 143.359675][ T11] ? _raw_spin_unlock_irq+0x23/0x50 [ 143.359692][ T11] ? lockdep_hardirqs_on+0x99/0x150 [ 143.359711][ T11] ? __pfx_kthread+0x10/0x10 [ 143.359733][ T11] ret_from_fork+0x4b/0x80 [ 143.359751][ T11] ? __pfx_kthread+0x10/0x10 [ 143.359772][ T11] ret_from_fork_asm+0x1a/0x30 [ 143.359805][ T11] [ 143.370413][ T11] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1523 [ 143.450540][ T5849] Bluetooth: hci1: command tx timeout [ 143.454721][ T11] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 11, name: kworker/u8:0 [ 143.454743][ T11] preempt_count: 0, expected: 0 [ 143.454754][ T11] RCU nest depth: 1, expected: 0 [ 143.454766][ T11] 3 locks held by kworker/u8:0/11: [ 143.454778][ T11] #0: ffff88807611b948 ((wq_completion)bond0#4){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 143.454852][ T11] #1: ffffc90000107c60 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 143.454909][ T11] #2: ffffffff8e9387e0 (rcu_read_lock){....}-{1:3}, at: bond_mii_monitor+0x174/0x3170 [ 143.454968][ T11] CPU: 0 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 [ 143.454986][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 143.454996][ T11] Workqueue: bond0 bond_mii_monitor [ 143.455016][ T11] Call Trace: [ 143.455022][ T11] [ 143.455030][ T11] dump_stack_lvl+0x241/0x360 [ 143.455050][ T11] ? __pfx_dump_stack_lvl+0x10/0x10 [ 143.455063][ T11] ? __pfx__printk+0x10/0x10 [ 143.455094][ T11] __might_resched+0x5d4/0x780 [ 143.455113][ T11] ? preempt_schedule_notrace+0xf6/0x140 [ 143.455132][ T11] ? __pfx___might_resched+0x10/0x10 [ 143.455147][ T11] ? __pfx___schedule+0x10/0x10 [ 143.455169][ T11] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 143.455197][ T11] down_read+0x8e/0xa40 [ 143.455221][ T11] ? dump_stack_lvl+0x273/0x360 [ 143.455239][ T11] ? preempt_schedule_notrace+0x100/0x140 [ 143.455257][ T11] ? __pfx_down_read+0x10/0x10 [ 143.455278][ T11] ? __pfx_dump_stack_lvl+0x10/0x10 [ 143.455295][ T11] ? __pfx__printk+0x10/0x10 [ 143.455322][ T11] ? dev_get_flags+0x147/0x1d0 [ 143.455348][ T11] wext_netdev_notifier_call+0x1f/0x120 [ 143.455380][ T11] notifier_call_chain+0x1a5/0x3f0 [ 143.455407][ T11] netdev_state_change+0x11f/0x1a0 [ 143.455426][ T11] ? __pfx_netdev_state_change+0x10/0x10 [ 143.455446][ T11] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 143.455464][ T11] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 143.455486][ T11] ? rfc2863_policy+0x10e/0x3f0 [ 143.455509][ T11] linkwatch_do_dev+0x112/0x170 [ 143.455532][ T11] ethtool_op_get_link+0x15/0x60 [ 143.455547][ T11] ? __pfx_ethtool_op_get_link+0x10/0x10 [ 143.455562][ T11] bond_check_dev_link+0x1f1/0x3f0 [ 143.455587][ T11] ? __pfx_bond_check_dev_link+0x10/0x10 [ 143.455625][ T11] bond_mii_monitor+0x49a/0x3170 [ 143.455654][ T11] ? __lock_acquire+0x1397/0x2100 [ 143.455674][ T11] ? bond_mii_monitor+0x174/0x3170 [ 143.455700][ T11] ? do_raw_spin_unlock+0x13c/0x8b0 [ 143.455724][ T11] ? __pfx_bond_mii_monitor+0x10/0x10 [ 143.455759][ T11] ? __pfx_lock_acquire+0x10/0x10 [ 143.455779][ T11] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 143.455802][ T11] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 143.455833][ T11] ? process_scheduled_works+0x976/0x1840 [ 143.455855][ T11] process_scheduled_works+0xa66/0x1840 [ 143.455900][ T11] ? __pfx_process_scheduled_works+0x10/0x10 [ 143.455927][ T11] ? assign_work+0x364/0x3d0 [ 143.455950][ T11] worker_thread+0x870/0xd30 [ 143.455982][ T11] ? __kthread_parkme+0x169/0x1d0 [ 143.456005][ T11] ? __pfx_worker_thread+0x10/0x10 [ 143.456023][ T11] kthread+0x7a9/0x920 [ 143.456041][ T11] ? __pfx_kthread+0x10/0x10 [ 143.456063][ T11] ? __pfx_worker_thread+0x10/0x10 [ 143.456082][ T11] ? __pfx_kthread+0x10/0x10 [ 143.456100][ T11] ? __pfx_kthread+0x10/0x10 [ 143.456123][ T11] ? __pfx_kthread+0x10/0x10 [ 143.456140][ T11] ? _raw_spin_unlock_irq+0x23/0x50 [ 143.456157][ T11] ? lockdep_hardirqs_on+0x99/0x150 [ 143.456176][ T11] ? __pfx_kthread+0x10/0x10 [ 143.456197][ T11] ret_from_fork+0x4b/0x80 [ 143.456215][ T11] ? __pfx_kthread+0x10/0x10 [ 143.456235][ T11] ret_from_fork_asm+0x1a/0x30 [ 143.456267][ T11] [ 143.456283][ T11] [ 143.997420][ T11] ============================= [ 144.002250][ T11] [ BUG: Invalid wait context ] [ 144.007089][ T11] 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 Tainted: G W [ 144.015655][ T11] ----------------------------- [ 144.020491][ T11] kworker/u8:0/11 is trying to lock: [ 144.025768][ T11] ffffffff8fcb3b10 (net_rwsem){++++}-{4:4}, at: wext_netdev_notifier_call+0x1f/0x120 [ 144.035244][ T11] other info that might help us debug this: [ 144.041115][ T11] context-{5:5} [ 144.044578][ T11] 3 locks held by kworker/u8:0/11: [ 144.049688][ T11] #0: ffff88807611b948 ((wq_completion)bond0#4){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 144.060732][ T11] #1: ffffc90000107c60 ((work_completion)(&(&bond->mii_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 144.073589][ T11] #2: ffffffff8e9387e0 (rcu_read_lock){....}-{1:3}, at: bond_mii_monitor+0x174/0x3170 [ 144.083242][ T11] stack backtrace: [ 144.086945][ T11] CPU: 0 UID: 0 PID: 11 Comm: kworker/u8:0 Tainted: G W 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 [ 144.086963][ T11] Tainted: [W]=WARN [ 144.086967][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 144.086977][ T11] Workqueue: bond0 bond_mii_monitor [ 144.086996][ T11] Call Trace: [ 144.087002][ T11] [ 144.087008][ T11] dump_stack_lvl+0x241/0x360 [ 144.087024][ T11] ? __pfx_dump_stack_lvl+0x10/0x10 [ 144.087036][ T11] ? __pfx__printk+0x10/0x10 [ 144.087054][ T11] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 144.087073][ T11] __lock_acquire+0x15a8/0x2100 [ 144.087094][ T11] lock_acquire+0x1ed/0x550 [ 144.087109][ T11] ? wext_netdev_notifier_call+0x1f/0x120 [ 144.087128][ T11] ? __pfx_lock_acquire+0x10/0x10 [ 144.087143][ T11] ? preempt_schedule_notrace+0xf6/0x140 [ 144.087159][ T11] ? __pfx___might_resched+0x10/0x10 [ 144.087173][ T11] ? __pfx___schedule+0x10/0x10 [ 144.087188][ T11] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 144.087206][ T11] down_read+0xb1/0xa40 [ 144.087221][ T11] ? wext_netdev_notifier_call+0x1f/0x120 [ 144.087236][ T11] ? dump_stack_lvl+0x273/0x360 [ 144.087249][ T11] ? preempt_schedule_notrace+0x100/0x140 [ 144.087264][ T11] ? __pfx_down_read+0x10/0x10 [ 144.087281][ T11] ? __pfx_dump_stack_lvl+0x10/0x10 [ 144.087293][ T11] ? __pfx__printk+0x10/0x10 [ 144.087312][ T11] ? dev_get_flags+0x147/0x1d0 [ 144.087330][ T11] wext_netdev_notifier_call+0x1f/0x120 [ 144.087346][ T11] notifier_call_chain+0x1a5/0x3f0 [ 144.087363][ T11] netdev_state_change+0x11f/0x1a0 [ 144.087378][ T11] ? __pfx_netdev_state_change+0x10/0x10 [ 144.087393][ T11] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 144.087407][ T11] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 144.087422][ T11] ? rfc2863_policy+0x10e/0x3f0 [ 144.087439][ T11] linkwatch_do_dev+0x112/0x170 [ 144.087456][ T11] ethtool_op_get_link+0x15/0x60 [ 144.087469][ T11] ? __pfx_ethtool_op_get_link+0x10/0x10 [ 144.087481][ T11] bond_check_dev_link+0x1f1/0x3f0 [ 144.087500][ T11] ? __pfx_bond_check_dev_link+0x10/0x10 [ 144.087526][ T11] bond_mii_monitor+0x49a/0x3170 [ 144.087546][ T11] ? __lock_acquire+0x1397/0x2100 [ 144.087561][ T11] ? bond_mii_monitor+0x174/0x3170 [ 144.087579][ T11] ? do_raw_spin_unlock+0x13c/0x8b0 [ 144.087595][ T11] ? __pfx_bond_mii_monitor+0x10/0x10 [ 144.087616][ T11] ? __pfx_lock_acquire+0x10/0x10 [ 144.087632][ T11] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 144.087648][ T11] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 144.087667][ T11] ? process_scheduled_works+0x976/0x1840 [ 144.087681][ T11] process_scheduled_works+0xa66/0x1840 [ 144.087703][ T11] ? __pfx_process_scheduled_works+0x10/0x10 [ 144.087720][ T11] ? assign_work+0x364/0x3d0 [ 144.087734][ T11] worker_thread+0x870/0xd30 [ 144.087753][ T11] ? __kthread_parkme+0x169/0x1d0 [ 144.087769][ T11] ? __pfx_worker_thread+0x10/0x10 [ 144.087783][ T11] kthread+0x7a9/0x920 [ 144.087798][ T11] ? __pfx_kthread+0x10/0x10 [ 144.087814][ T11] ? __pfx_worker_thread+0x10/0x10 [ 144.087828][ T11] ? __pfx_kthread+0x10/0x10 [ 144.087843][ T11] ? __pfx_kthread+0x10/0x10 [ 144.087860][ T11] ? __pfx_kthread+0x10/0x10 [ 144.087874][ T11] ? _raw_spin_unlock_irq+0x23/0x50 [ 144.087888][ T11] ? lockdep_hardirqs_on+0x99/0x150 [ 144.087902][ T11] ? __pfx_kthread+0x10/0x10 [ 144.087918][ T11] ret_from_fork+0x4b/0x80 [ 144.087933][ T11] ? __pfx_kthread+0x10/0x10 [ 144.087948][ T11] ret_from_fork_asm+0x1a/0x30 [ 144.087966][ T11] [ 144.432571][ T11] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:562 [ 144.441939][ T11] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 11, name: kworker/u8:0 [ 144.451139][ T11] preempt_count: 0, expected: 0 [ 144.456049][ T11] RCU nest depth: 1, expected: 0 [ 144.461070][ T11] INFO: lockdep is turned off. [ 144.466001][ T11] CPU: 0 UID: 0 PID: 11 Comm: kworker/u8:0 Tainted: G W 6.14.0-rc1-syzkaller-00160-g26db4dbb7478 #0 [ 144.466023][ T11] Tainted: [W]=WARN [ 144.466029][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 144.466038][ T11] Workqueue: bond0 bond_mii_monitor [ 144.466065][ T11] Call Trace: [ 144.466071][ T11] [ 144.466078][ T11] dump_stack_lvl+0x241/0x360 [ 144.466098][ T11] ? __pfx_dump_stack_lvl+0x10/0x10 [ 144.466114][ T11] ? __pfx__printk+0x10/0x10 [ 144.466141][ T11] __might_resched+0x5d4/0x780 [ 144.466159][ T11] ? __asan_memset+0x23/0x50 [ 144.466180][ T11] ? __pfx___might_resched+0x10/0x10 [ 144.466196][ T11] ? br_get_link_ksettings+0x36d/0x420 [ 144.466225][ T11] ? rcu_is_watching+0x15/0xb0 [ 144.466243][ T11] __mutex_lock+0x126/0x1010 [ 144.466264][ T11] ? lock_release+0xbf/0xa30 [ 144.466284][ T11] ? __pfx_lock_acquire+0x10/0x10 [ 144.466306][ T11] ? rcu_is_watching+0x15/0xb0 [ 144.466321][ T11] ? tee_netdev_event+0x86/0x460 [ 144.466340][ T11] ? __pfx_lock_release+0x10/0x10 [ 144.466358][ T11] ? __pfx___mutex_lock+0x10/0x10 [ 144.466379][ T11] ? do_raw_spin_lock+0x14f/0x370 [ 144.466401][ T11] ? net_generic+0x1f/0x240 [ 144.466420][ T11] tee_netdev_event+0x86/0x460 [ 144.466438][ T11] ? nft_offload_netdev_event+0x27d/0x360 [ 144.466459][ T11] notifier_call_chain+0x1a5/0x3f0 [ 144.466481][ T11] netdev_state_change+0x11f/0x1a0 [ 144.466500][ T11] ? __pfx_netdev_state_change+0x10/0x10 [ 144.466519][ T11] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 144.466537][ T11] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 144.466556][ T11] ? rfc2863_policy+0x10e/0x3f0 [ 144.466578][ T11] linkwatch_do_dev+0x112/0x170 [ 144.466598][ T11] ethtool_op_get_link+0x15/0x60 [ 144.466615][ T11] ? __pfx_ethtool_op_get_link+0x10/0x10 [ 144.466631][ T11] bond_check_dev_link+0x1f1/0x3f0 [ 144.466653][ T11] ? __pfx_bond_check_dev_link+0x10/0x10 [ 144.466680][ T11] bond_mii_monitor+0x49a/0x3170 [ 144.466706][ T11] ? __lock_acquire+0x1397/0x2100 [ 144.466725][ T11] ? bond_mii_monitor+0x174/0x3170 [ 144.466748][ T11] ? do_raw_spin_unlock+0x13c/0x8b0 [ 144.466767][ T11] ? __pfx_bond_mii_monitor+0x10/0x10 [ 144.466795][ T11] ? __pfx_lock_acquire+0x10/0x10 [ 144.466814][ T11] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 144.466835][ T11] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 144.466859][ T11] ? process_scheduled_works+0x976/0x1840 [ 144.466878][ T11] process_scheduled_works+0xa66/0x1840 [ 144.466906][ T11] ? __pfx_process_scheduled_works+0x10/0x10 [ 144.466928][ T11] ? assign_work+0x364/0x3d0 [ 144.466947][ T11] worker_thread+0x870/0xd30 [ 144.466970][ T11] ? __kthread_parkme+0x169/0x1d0 [ 144.466990][ T11] ? __pfx_worker_thread+0x10/0x10 [ 144.467008][ T11] kthread+0x7a9/0x920 [ 144.467026][ T11] ? __pfx_kthread+0x10/0x10 [ 144.467047][ T11] ? __pfx_worker_thread+0x10/0x10 [ 144.467064][ T11] ? __pfx_kthread+0x10/0x10 [ 144.467083][ T11] ? __pfx_kthread+0x10/0x10 [ 144.467104][ T11] ? __pfx_kthread+0x10/0x10 [ 144.467123][ T11] ? _raw_spin_unlock_irq+0x23/0x50 [ 144.467139][ T11] ? lockdep_hardirqs_on+0x99/0x150 [ 144.467158][ T11] ? __pfx_kthread+0x10/0x10 [ 144.467177][ T11] ret_from_fork+0x4b/0x80 [ 144.467195][ T11] ? __pfx_kthread+0x10/0x10 [ 144.467221][ T11] ret_from_fork_asm+0x1a/0x30 [ 144.467244][ T11] [ 144.833108][ T8668] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 145.024196][ T11] bond0: (slave bond1): link status definitely down, disabling slave [ 145.228222][ T3451] hsr_slave_0: left promiscuous mode [ 145.236305][ T3451] hsr_slave_1: left promiscuous mode [ 145.241974][ T3451] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 145.252368][ T3451] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 145.262205][ T3451] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 145.271359][ T3451] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 145.282753][ T3451] veth1_macvtap: left promiscuous mode [ 145.288483][ T3451] veth0_macvtap: left promiscuous mode [ 145.295993][ T3451] veth1_vlan: left promiscuous mode [ 145.301288][ T3451] veth0_vlan: left promiscuous mode [ 145.427507][ T3451] team0 (unregistering): Port device team_slave_1 removed [ 145.452598][ T3451] team0 (unregistering): Port device team_slave_0 removed [ 145.523252][ T5849] Bluetooth: hci1: command tx timeout [ 145.886316][ T3451] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.960167][ T3451] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.008593][ T3451] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.066451][ T3451] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.164100][ T3451] bridge_slave_1: left allmulticast mode [ 146.169780][ T3451] bridge_slave_1: left promiscuous mode [ 146.187006][ T3451] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.198815][ T3451] bridge_slave_0: left allmulticast mode [ 146.206236][ T3451] bridge_slave_0: left promiscuous mode [ 146.211948][ T3451] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.409719][ T3451] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 146.419510][ T3451] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 146.429156][ T3451] bond0 (unregistering): Released all slaves [ 146.440997][ T3451] bond1 (unregistering): (slave batadv1): Releasing active interface [ 146.450115][ T3451] bond1 (unregistering): Released all slaves [ 146.458318][ T3451] bond2 (unregistering): Released all slaves [ 146.509739][ T3451] fþ²¹¥‰: left promiscuous mode [ 146.587001][ T3451] IPVS: stopping backup sync thread 7265 ... [ 146.814659][ T3451] hsr_slave_0: left promiscuous mode [ 146.820267][ T3451] hsr_slave_1: left promiscuous mode [ 146.827834][ T3451] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 146.836890][ T3451] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 146.849560][ T3451] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 146.857453][ T3451] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 146.866864][ T3451] veth1_macvtap: left promiscuous mode [ 146.872433][ T3451] veth0_macvtap: left promiscuous mode [ 146.878449][ T3451] veth1_vlan: left promiscuous mode [ 146.884948][ T3451] veth0_vlan: left promiscuous mode [ 147.087775][ T3451] team0 (unregistering): Port device team_slave_1 removed [ 147.113682][ T3451] team0 (unregistering): Port device team_slave_0 removed