last executing test programs: 18.389964311s ago: executing program 0 (id=218): write$tun(0xffffffffffffffff, 0x0, 0xfdef) r0 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000000)=0x2, 0x4) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x5, 0x4, 0x4, 0x4}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="240000f4010000002900000032"], 0x28}}], 0x1, 0x0) 18.240230913s ago: executing program 0 (id=221): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000c3aff8ff1001000095"], &(0x7f0000000040)='GPL\x00', 0x8, 0x9e, &(0x7f0000000180)=""/158, 0x40f00, 0x42, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0xc0, 0x13, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_OBJ_USERDATA={0x7e, 0x8, "a4893660695177b89dfaefb4ae615f9a5be7120e9cc429f4781102b64885cf92bfa3c0c0c1e9ea966450c2a4a618548ad38c68e03acf838d9d8502c612d4c2af245f3c7a76d05ecdd93148f9d8557d61d222e32694c0ed53d3690dd9344e901c055c57508fa0636c0b2ad73585662d8f057ca6e8cf8a4266fc3b"}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x6}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}]}, 0xc0}, 0x1, 0x0, 0x0, 0x4004000}, 0x20000895) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$unix(0x1, 0x5, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000001340)={0x2, 0x15, 0xfa, 0x0, 0x4, 0x0, 0x70bd24, 0x25dfdbfa, [@sadb_x_nat_t_port={0x0, 0x16, 0x4620}, @sadb_x_filter={0x61, 0x1a, @in=@local, @in=@local, 0x28, 0x14, 0x10}]}, 0x20}}, 0x24000800) bind$unix(r2, &(0x7f0000003000)=@abs={0x1, 0x0, 0xffffffff}, 0x6e) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@private1, 0x6, 0x0, 0x1, 0x7}, 0x20) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl(r4, 0x8b32, &(0x7f0000000040)) r5 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r5, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43, 0x0, 0xfffffffc}}, 0x2f) r6 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000000)={0x41, 0x2, 0x1}, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r6) r7 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r7, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r7, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4) recvmmsg(r7, &(0x7f00000049c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=""/4096, 0x1000}, 0x7}], 0x1, 0x2, 0x0) setsockopt$inet6_int(r7, 0x29, 0x8, &(0x7f0000000000)=0x7f, 0x4) sendto$inet6(r7, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c) bind$unix(r2, &(0x7f0000003000)=@abs={0x1}, 0x6e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r9, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}}, 0x4000054) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_QUEUE_NUM={0x6, 0x1, 0x1, 0x0, 0x800}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x74}}, 0x40) 18.173453999s ago: executing program 3 (id=223): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x20) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) mmap(&(0x7f0000868000/0x5000)=nil, 0x5000, 0x100000c, 0x13, r1, 0x4a9b6000) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000180)={'sit0\x00', &(0x7f00000000c0)={'erspan0\x00', 0x0, 0x7, 0x20, 0x1845, 0x0, {{0x1d, 0x4, 0x0, 0x8, 0x74, 0x68, 0x0, 0x1, 0x2f, 0x0, @local, @loopback, {[@end, @noop, @lsrr={0x83, 0x7, 0xad, [@loopback]}, @cipso={0x86, 0x52, 0x1, [{0x5, 0x11, "74dc3a1f24ac052c05c802e523dd4a"}, {0x6, 0x4, "f6ae"}, {0x7, 0xf, "a09dc02b9692c2de856ff94634"}, {0x6, 0xb, "bf775e68d1b18ec028"}, {0x2, 0xa, "454197da6e90e0c8"}, {0x0, 0x10, "7522ec642796f8c24158ba1e2763"}, {0x0, 0x3, 'C'}]}, @ra={0x94, 0x4, 0x1}]}}}}}) (async) getsockopt$PNPIPE_IFINDEX(r1, 0x113, 0x2, &(0x7f0000000200)=0x0, &(0x7f0000000240)=0x4) sendmsg$nl_route(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=@RTM_DELMDB={0x38, 0x55, 0x200, 0x70bd2a, 0x25dfdbfd, {0x7, r2}, [@MDBA_SET_ENTRY={0x20, 0x1, {r3, 0x0, 0x2, 0x1, {@in6_addr=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8edd}}}]}, 0x38}}, 0x20040890) 17.994711045s ago: executing program 3 (id=225): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYRES16], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r2}, 0x18) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) r3 = socket$nl_generic(0x10, 0x3, 0x10) unshare(0x22020600) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x52, &(0x7f00000001c0)=ANY=[@ANYRES64=r1, @ANYRES32=0x41424344, @ANYRESDEC=r0, @ANYBLOB="5c00000090780000"], 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) sendmsg$NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, 0x0, 0x20000880) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') socket$xdp(0x2c, 0x3, 0x0) r4 = socket$inet6_icmp(0xa, 0x2, 0x3a) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000001000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7472d00000000000004000000000000850000000300006b4600000000000000"], &(0x7f00000000c0)='GPL\x00', 0xb, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x68}, 0x94) setsockopt$inet6_int(r4, 0x29, 0x3, &(0x7f0000000100), 0x4) socket$inet6_udplite(0xa, 0x2, 0x88) r6 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) socket$inet6_udplite(0xa, 0x2, 0x88) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha224\x00'}, 0x58) r8 = accept4(r3, 0x0, 0x0, 0x0) sendto$inet(r8, &(0x7f0000000000), 0x0, 0x24008800, 0x0, 0x0) accept4$tipc(r8, 0x0, 0x0, 0x800) bind$xdp(r6, 0x0, 0x0) 17.746116058s ago: executing program 0 (id=228): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtaction={0x80, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x6c, 0x1, [@m_tunnel_key={0x68, 0x1, 0x0, 0x0, {{0xf}, {0x38, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xd, @empty=0x1000000}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @loopback}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @broadcast}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x80}}, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000100), 0xffffffffffffffff) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000f00), r3) sendmsg$IEEE802154_LLSEC_DEL_DEV(r3, &(0x7f0000000fc0)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000240)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010027bd7000ffdbdf252b0000000c0005000203aaaaaaaaaaaa0a0001007770616e310000009cdd59a2eceb6d4b454cc9de4f8769dd3e66f1a1de9d1cb2302df2b188c617d102dd8b62dd4895d9befe60107a90f6762f701e050586f12e8b3c2561f7abfc90405e999c11807147f66aad9ffcef84de02d6ae49ef10"], 0x2c}}, 0x4) sendmsg$NET_DM_CMD_STOP(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r2, 0x100, 0x70bd25, 0x25dfdbfd, {}, ["", "", "", "", ""]}, 0x14}}, 0x0) 17.661257128s ago: executing program 2 (id=230): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x11, 0x1a, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x9924}, [@func={0x85, 0x0, 0x1, 0x0, 0x1}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f00000003c0)='GPL\x00', 0x4, 0x9, &(0x7f0000000400)=""/9, 0x41000, 0x4}, 0x94) 17.55690913s ago: executing program 3 (id=231): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x1, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2180}, [@IFLA_IFNAME={0x14, 0x3, 'syz_tun\x00'}, @IFLA_CARRIER={0x5, 0x21, 0x4}]}, 0x3c}}, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) shutdown(r1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='page_pool_state_release\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000004840)={0x6, 0x4, &(0x7f0000000b00)=ANY=[@ANYBLOB="18020000000000000000000000000000850000004100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0xe, 0x0, &(0x7f00000003c0)="131c8701feaa16bca4ac74ab821d", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) bind$unix(r1, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x12) accept$unix(r1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="b40500000000fd8f71103b00000000005c050000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x48) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)={0x58, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x58}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x54, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x84}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e22}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 17.460753321s ago: executing program 2 (id=233): r0 = accept$netrom(0xffffffffffffffff, 0x0, &(0x7f0000000040)) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x26c, 0x0, 0x100, 0x70bd2b, 0x25dfdbfd, {}, [@ETHTOOL_A_FEATURES_WANTED={0x258, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x80, 0x3, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, '/-#.\x00'}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '(].\',\x00'}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '(\'{\\&-]^\x00'}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '*:\x11b*\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x38}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '\x0f+%\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xffffffff}]}]}, @ETHTOOL_A_BITSET_MASK={0xb, 0x5, "624e2bc1b3177b"}, @ETHTOOL_A_BITSET_VALUE={0xae, 0x4, "35e10d54aa9cddd534c65674abdef3ffee32b5bbbadae8fba8aef5ea81bea940f6cc1c8e927b3eff04cea714faa25d4ef1236a2135104ed682b9d1e425c66c4ed91818b7e99ff24c5f557f7f25f97c9f04693a7f85b2af8c98379041c767e96f067bfc9ffbbae71d11df4f90c95764a646505464b65b308413fd777d8128bcde513ff8a3ae732f28092380dfff56c90ce49901f177db20487690a75850ae139e0287953832934819a94b"}, @ETHTOOL_A_BITSET_MASK={0x2d, 0x5, "6d908d63cc9aaa423358a5fa515185b3df503141730883ea73bbf20b54ed00d901c957c8f5887c2479"}, @ETHTOOL_A_BITSET_VALUE={0xd8, 0x4, "9b3932f56bb0504b3c6c8f5eb3fae7ff25d0c4412112a68686da7cca08dc27fd7b2f39163b783cbb50faf50474977fe82fe1081795dca599c1bbf8ea751d0ea10e89127684b8cbd374a622894bfb16fb0c054aeff3561c06b82738e5f064dcc5e213f8858cadadd523fdafc8f3db1b96a31d4584ba3c2a6702dd1176d25635df396893508a651892a914aebe4efc6c026535d7d51cca8bf2c4a92b325920268f0af081ebe88914fa8d6c953bca23e3a814da72833a43907b1c7963c018da1425877835e7d959730a1fe0aae60d2a0dd078aecb50"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0xf}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x26c}, 0x1, 0x0, 0x0, 0x40010}, 0x0) mmap(&(0x7f0000b7a000/0x1000)=nil, 0x1000, 0x300000c, 0x3032, r0, 0x69b00000) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'syztnl0\x00', &(0x7f0000000300)={'ip6gre0\x00', 0x0, 0x4, 0x6, 0x4, 0x5, 0x20, @loopback, @remote, 0x7800, 0x7800, 0xfffffff8, 0x2}}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) close(r4) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="24000000031401002cbd7000fcdbdf250900020073797a3200000000080041"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) splice(r3, 0x0, r4, 0x0, 0x6, 0x0) r6 = socket(0x2, 0x80805, 0x0) getsockopt$bt_hci(r6, 0x84, 0x6d, &(0x7f0000001100)=""/4112, &(0x7f0000001040)=0x1010) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)={0x1b, 0x0, 0x0, 0x2, 0x0, r1, 0x0, '\x00', r2, r4, 0x1, 0x5, 0x4}, 0x50) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000cc0)=@newsa={0x144, 0x10, 0x1, 0x70bd28, 0x25dfdbff, {{@in=@remote, @in=@loopback, 0x4e23, 0x0, 0x2000, 0x8000, 0x0, 0x20, 0x0, 0xc}, {@in=@rand_addr=0x64010101, 0x20, 0x6c}, @in6=@dev={0xfe, 0x80, '\x00', 0x23}, {0xfffffffffffffffe, 0x0, 0x0, 0x800000000000001, 0x10000000002c8, 0x6, 0x4000000000000}, {0x1fffffffffff, 0x8, 0x0, 0x4}, {0x0, 0x5}, 0x0, 0x0, 0xa, 0x1, 0x0, 0x3}, [@offload={0xc, 0x1c, {0x0, 0x1}}, @algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x144}, 0x1, 0x0, 0x0, 0x4075}, 0x4800) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) 17.23133057s ago: executing program 2 (id=235): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000800000000000000000000850000007d000000850000000700000095"], &(0x7f00000000c0)='GPL\x00', 0x5, 0x0, 0x0, 0x41000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='i2c_write\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0xd0f, 0x70bd2b, 0x80, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0xc415, 0x0, 0x1}, 0x80, 0x0, 0x0, 0x0, 0x0, 0xd, 0x2, 0x0, 0x0, 0x0, {0x0, 0x0, 0x6}}}}]}, 0x78}}, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x5, &(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000280)='i2c_write\x00', r4}, 0x10) 17.098937843s ago: executing program 4 (id=237): socket$pppl2tp(0x18, 0x1, 0x1) openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000180001002abd7000fcdbdf270a800000ff02fe08"], 0x44}, 0x1, 0x0, 0x0, 0xcdb281c6bf69a511}, 0xc000) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GENEVE_REMOTE6={0x14, 0x7, @empty}]}}}]}, 0x48}}, 0x2000000) 17.086029846s ago: executing program 3 (id=238): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000640)={0x0}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 17.045970457s ago: executing program 0 (id=239): setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x3e, &(0x7f0000000340)=0x3, 0x4) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)}, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@mcast1, @in=@loopback, 0x4e24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, @in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x29}}, {0x800000000000000}, {0x0, 0xd70}, {0x9}, 0x0, 0x0, 0xa}, 0x0, 0xffffffff}}, 0xf8}}, 0x0) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890c, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$netlink(0x10, 0x3, 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x275a, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000001500)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10) socket$kcm(0x28, 0x2, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) pwritev(r6, &(0x7f0000000100)=[{&(0x7f00000001c0)="8ed092", 0x3}], 0x1, 0x8001, 0x80) close(r6) socket$netlink(0x10, 0x3, 0x4) sendfile(r6, r4, 0x0, 0x101) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1900000004ecffff0300e9ff0200000000000000", @ANYRES32=0x1, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f0000000200)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r7, &(0x7f0000001380), &(0x7f0000000000)=""/10, 0x2}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x18000000000002a0, 0x7, 0x0, &(0x7f0000000580)="b9ff0307680426", 0x0, 0x500, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYRES32=0x0], 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0xc8080) close(0x3) 16.976687973s ago: executing program 2 (id=241): socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x1) socket$alg(0x26, 0x5, 0x0) socket$alg(0x26, 0x5, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0xc8d0) recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)}, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(r1, 0x0, 0x0, 0x20004041, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x2, @dev={0xfe, 0x80, '\x00', 0x13}, 0x7}, 0x1c) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000001640), r2) ioctl$int_in(r1, 0x5452, &(0x7f0000000000)=0xf34) recvfrom(r1, &(0x7f0000000200)=""/82, 0x52, 0x0, 0x0, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000480)={0x0, 0x50, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0900000000000000000002000000140001800500020001"], 0x28}}, 0x0) 16.874771828s ago: executing program 0 (id=242): socket$kcm(0x21, 0x2, 0xa) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) socket$rds(0x15, 0x5, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x10000000000000, 0x9, 0x1000000000000000, 0x0, 0x7fffffff}, 0x0, 0x0) close(r0) 16.869946843s ago: executing program 3 (id=243): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0xfffffffffffffcee, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_CT_DIRECTION={0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc0}}, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10, r0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x5, 0x20000000ec071, 0xffffffffffffffff, 0x0) 16.792885404s ago: executing program 4 (id=244): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000680)={0x0, 0x61, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e1406ca000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x10, 0x2, &(0x7f0000000140)=ANY=[@ANYBLOB="91100e1000400009956088feffff37ffd0b21e5ec6e383b40d5b739379c9d77de223677e0bfa232374ccb7a30f23a7e597541ca2c443fb2ef6259dced3bf62f8011ed35e9c4c714dfe0c9a2df31c190500bb4f620fb9cb5f48735194aa786b78defa0affcf8197388410110cb261"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r1 = socket(0x10, 0x3, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x11, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000008000000000000000fdffffff8500000011000000b7080000000000007b8af8ff00000000b7080000161300007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018030000", @ANYRES32=0x0, @ANYBLOB="0000000000000100b705000008000000850000006900000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000003f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x15) sendmsg$nl_route(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYRES16=r0, @ANYRES8=r2, @ANYRESDEC], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x8041) syz_emit_ethernet(0x3e, &(0x7f0000000440)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x88, 0x0, @initdev={0xac, 0x1e, 0xff, 0x0}, @local}, @parameter_prob={0xc, 0x0, 0x0, 0x0, 0x4, 0x3, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @multicast2}}}}}}, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000080)=0x3, 0x4) 16.633948832s ago: executing program 2 (id=245): r0 = accept$netrom(0xffffffffffffffff, 0x0, &(0x7f0000000040)) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f00000006c0)={0x26c, 0x0, 0x100, 0x70bd2b, 0x25dfdbfd, {}, [@ETHTOOL_A_FEATURES_WANTED={0x258, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x80, 0x3, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, '/-#.\x00'}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '(].\',\x00'}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, '(\'{\\&-]^\x00'}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '*:\x11b*\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x38}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '\x0f+%\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xffffffff}]}]}, @ETHTOOL_A_BITSET_MASK={0xb, 0x5, "624e2bc1b3177b"}, @ETHTOOL_A_BITSET_VALUE={0xae, 0x4, "35e10d54aa9cddd534c65674abdef3ffee32b5bbbadae8fba8aef5ea81bea940f6cc1c8e927b3eff04cea714faa25d4ef1236a2135104ed682b9d1e425c66c4ed91818b7e99ff24c5f557f7f25f97c9f04693a7f85b2af8c98379041c767e96f067bfc9ffbbae71d11df4f90c95764a646505464b65b308413fd777d8128bcde513ff8a3ae732f28092380dfff56c90ce49901f177db20487690a75850ae139e0287953832934819a94b"}, @ETHTOOL_A_BITSET_MASK={0x2d, 0x5, "6d908d63cc9aaa423358a5fa515185b3df503141730883ea73bbf20b54ed00d901c957c8f5887c2479"}, @ETHTOOL_A_BITSET_VALUE={0xd8, 0x4, "9b3932f56bb0504b3c6c8f5eb3fae7ff25d0c4412112a68686da7cca08dc27fd7b2f39163b783cbb50faf50474977fe82fe1081795dca599c1bbf8ea751d0ea10e89127684b8cbd374a622894bfb16fb0c054aeff3561c06b82738e5f064dcc5e213f8858cadadd523fdafc8f3db1b96a31d4584ba3c2a6702dd1176d25635df396893508a651892a914aebe4efc6c026535d7d51cca8bf2c4a92b325920268f0af081ebe88914fa8d6c953bca23e3a814da72833a43907b1c7963c018da1425877835e7d959730a1fe0aae60d2a0dd078aecb50"}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0xf}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x26c}, 0x1, 0x0, 0x0, 0x40010}, 0x0) mmap(&(0x7f0000b7a000/0x1000)=nil, 0x1000, 0x300000c, 0x3032, r0, 0x69b00000) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000380)={'syztnl0\x00', &(0x7f0000000300)={'ip6gre0\x00', 0x0, 0x4, 0x6, 0x4, 0x5, 0x20, @loopback, @remote, 0x7800, 0x7800, 0xfffffff8, 0x2}}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) close(r4) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="24000000031401002cbd7000fcdbdf250900020073797a3200000000080041"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) splice(r3, 0x0, r4, 0x0, 0x6, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000010c0)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000001100)=""/4112, &(0x7f0000001040)=0x1010) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)={0x1b, 0x0, 0x0, 0x2, 0x0, r1, 0x0, '\x00', r2, r4, 0x1, 0x5, 0x4}, 0x50) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000cc0)=@newsa={0x144, 0x10, 0x1, 0x70bd28, 0x25dfdbff, {{@in=@remote, @in=@loopback, 0x4e23, 0x0, 0x2000, 0x8000, 0x0, 0x20, 0x0, 0xc}, {@in=@rand_addr=0x64010101, 0x20, 0x6c}, @in6=@dev={0xfe, 0x80, '\x00', 0x23}, {0xfffffffffffffffe, 0x0, 0x0, 0x800000000000001, 0x10000000002c8, 0x6, 0x4000000000000}, {0x1fffffffffff, 0x8, 0x0, 0x4}, {0x0, 0x5}, 0x0, 0x0, 0xa, 0x1, 0x0, 0x3}, [@offload={0xc, 0x1c, {0x0, 0x1}}, @algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x144}, 0x1, 0x0, 0x0, 0x4075}, 0x4800) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) 16.545062687s ago: executing program 0 (id=247): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_SHORT_ADDR(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, r1, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0xfffe}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x28}, 0x1, 0x0, 0x0, 0x24004085}, 0x20000091) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = socket$packet(0x11, 0x0, 0x300) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_DEL_DEV(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, r4, 0x2, 0x70bd26, 0x25dfdbfc, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20004801}, 0x30000081) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r6, 0x400448e4, &(0x7f00000002c0)="5b6dcaa2c0f2d875b3a4e5159214ea327ac4b6b9ae9293df289f02fcb16e975fd0c3d3af26ad98ceb1027531f47098398911b682df4aa90ee84bfb29f1777c5a292c020f184d135e019469b2b3399fa21123f58c177a5909e9a9818880302b28b776c23e4384c6e5fe3998e68c760655b7547b5cac520d5ba2b4ae70337e22a4046c91814fb7262e59b65e6f2b1d2998783f06fc58") r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r3, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x14, r7, 0x400, 0x70bd25, 0x25dfdbfb, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x101}, 0x98c1) r8 = socket$netlink(0x10, 0x3, 0xb) r9 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000500), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_INFO(r8, &(0x7f0000000600)={&(0x7f00000004c0), 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x54, r9, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xa}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5e}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x401}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x840}, 0x20004040) getsockopt(r2, 0x4, 0xad46, &(0x7f0000000640)=""/178, &(0x7f0000000700)=0xb2) clock_gettime(0x0, &(0x7f0000003240)={0x0, 0x0}) recvmmsg(r8, &(0x7f0000003180)=[{{&(0x7f0000000740)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000001ac0)=[{&(0x7f00000007c0)=""/194, 0xc2}, {&(0x7f00000008c0)=""/214, 0xd6}, {&(0x7f00000009c0)=""/52, 0x34}, {&(0x7f0000000a00)=""/65, 0x41}, {&(0x7f0000000a80)=""/45, 0x2d}, {&(0x7f0000000ac0)=""/4096, 0x1000}], 0x6}, 0x3fcf}, {{&(0x7f0000001b40)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000002cc0)=[{&(0x7f0000001bc0)=""/4096, 0x1000}, {&(0x7f0000002bc0)=""/106, 0x6a}, {&(0x7f0000002c40)=""/73, 0x49}], 0x3, &(0x7f0000002d00)=""/4, 0x4}, 0x3ff}, {{&(0x7f0000002d40)=@alg, 0x80, &(0x7f0000003100)=[{&(0x7f0000002dc0)=""/111, 0x6f}, {&(0x7f0000002e40)=""/75, 0x4b}, {&(0x7f0000002ec0)=""/254, 0xfe}, {&(0x7f0000002fc0)=""/112, 0x70}, {&(0x7f0000003040)=""/115, 0x73}, {&(0x7f00000030c0)=""/54, 0x36}], 0x6}}], 0x3, 0x100, &(0x7f0000003280)={r10, r11+60000000}) socket$nl_route(0x10, 0x3, 0x0) r12 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000003300), r0) sendmsg$NLBL_MGMT_C_LISTDEF(r0, &(0x7f0000003400)={&(0x7f00000032c0)={0x10, 0x0, 0x0, 0x1040}, 0xc, &(0x7f00000033c0)={&(0x7f0000003340)={0x60, r12, 0x800, 0x70bd2d, 0x25dfdbfb, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x2}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @rand_addr=0x64010100}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x2}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x2}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}]}, 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x4085c) r13 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$FAT_IOCTL_SET_ATTRIBUTES(r13, 0x40047211, &(0x7f0000003440)=0x20) sendmsg$NL80211_CMD_GET_POWER_SAVE(r8, &(0x7f0000003540)={&(0x7f0000003480)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000003500)={&(0x7f00000034c0)={0x20, r7, 0x1, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x3, 0xc}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x20044010}, 0x48004) r14 = syz_genetlink_get_family_id$nbd(&(0x7f00000035c0), r0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000003600)={0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000003640)={0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000003680)={0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000036c0)={0xffffffffffffffff}) sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000003800)={&(0x7f0000003580)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000037c0)={&(0x7f0000003700)={0xb0, r14, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@NBD_ATTR_BACKEND_IDENTIFIER={0x9, 0xa, '%-!#*'}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x9}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SOCKETS={0x40, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r15}}, {0xc, 0x1, 0x0, 0x1, {0x8}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r16}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r17}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r18}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x8000000000000000}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5689}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x27b1}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x3}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4049800}, 0x20004000) 16.465098278s ago: executing program 4 (id=248): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="70000000100001002cbd70002000000000000000", @ANYRES32=0x0, @ANYBLOB="13019757c0200000140003006e657464657673696d300000000000000500110004dd000034001680300001802c000c80280001000000008015ffffff060000008100000014000131a154380028"], 0x70}, 0x1, 0x0, 0x0, 0x200080c5}, 0x20000010) 16.337973247s ago: executing program 4 (id=250): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f00000004c0), 0xf02, 0xf0, 0x0) (fail_nth: 50) 16.313945209s ago: executing program 2 (id=251): r0 = socket$netlink(0x10, 0x3, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000600)=ANY=[@ANYBLOB="1111020031880000280012800b0001006d61637365630000180002800c0004000200000100", @ANYRES32=r2, @ANYBLOB="e40ebcc7e916254d75993ac0e2c6bf707ab4758405b596325ce73b91140a9c0bd03ea2afb49464b3c1f481fa2477fc67044af26a584f1b42a6c43b3a60c25d059e1f5299e64d3c97157910c9746eef630d9759982fdfa91decf3583603f286f191d92a62a7f20158ac1eaced09a9d83354d74dd61e289465e9f46bcada2e49d5489f94f9c08a9328b0061e9b1a1fbde2d06ce599951cde61fa24f61555ad388331bb416f2a93193f7f87125319dfd810da71d02da1d2ce977a92a0237236d845a33b8c3651f7c138494e7d9a621b014f686797d2789b2e49c60b06bfc918d158420af120"], 0x50}, 0x1, 0x0, 0x0, 0x48890}, 0x0) r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r3, &(0x7f0000000080)={0x1f, @none, 0xd}, 0xa) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="924016c29c99b475a6652c43fa2a2a819e4617b0c7ec8e24e3225e7a042396d9f1e1cdee0d487cd5706e1b702318cc7266672638d02fbd7d94be8996cad76152237ac716ebba90a30017026590e46c2f33af63ac95c2d373670e414288b9b3a9b3486fbfb2cb595b27091cd4e802d7b626608cdac25956ca10d9583c46496174af497a919b0b2343f578c18616b6fec46dd758f0690ddd5f", @ANYBLOB], 0x3c}}, 0x8800) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000440), r5) r6 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r6, &(0x7f0000007fc0), 0x0, 0x20000804) setsockopt$SO_TIMESTAMP(r6, 0x1, 0x23, &(0x7f0000000000)=0xe36e, 0x4) setsockopt$inet_int(r6, 0x0, 0xc, &(0x7f0000000040)=0xfffffffc, 0x4) setsockopt$inet_int(r6, 0x0, 0x7, &(0x7f0000000180)=0xb, 0x4) socket$packet(0x11, 0x3, 0x300) r7 = socket$kcm(0xa, 0x2, 0x0) r8 = socket(0x2, 0x80805, 0x0) r9 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADD(r9, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010102, 0x4e21, 0x3, 'wlc\x00', 0xd, 0x400000a, 0x8239}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(r8, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x7ebc7abf7d80e4f2, 0x200, 0x77}, {@dev={0xac, 0x14, 0x14, 0x42}, 0x4f21, 0x2, 0xcd}}, 0x44) sendmsg$sock(r7, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x29, 0x24, 0x3}}], 0x18}, 0x0) socket(0x10, 0x803, 0x0) socket$inet6(0xa, 0x2, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) 16.169948331s ago: executing program 1 (id=252): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="6800000010000104fafffffffcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="0315000000000000140012800b0001006970766c616e21000400028008000500", @ANYRES32=r1, @ANYRES32=r1, @ANYRES32, @ANYBLOB="0800030008000000080003"], 0x68}, 0x1, 0x0, 0x0, 0x24000891}, 0x0) 16.148808393s ago: executing program 3 (id=253): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000640)={0x0}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 16.070737866s ago: executing program 4 (id=254): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f00000057c0)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, 0x5}, 0x1c, &(0x7f00000004c0)=[{&(0x7f00000003c0)="90", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0xa00, &(0x7f0000000980)=[@rthdr_2292={{0x18, 0x29, 0x39, {0x6, 0x0, 0x1, 0x1}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x8}}], 0x30}}], 0x2, 0x20008050) 15.916960793s ago: executing program 4 (id=255): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000740)=@newtaction={0x74, 0x30, 0x1, 0x70bd2c, 0x0, {}, [{0x60, 0x1, [@m_mpls={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0xffffffff, 0x10000, 0x10000000, 0xcb6, 0x2}, 0x1}}, @TCA_MPLS_PROTO={0x6, 0x4, 0x884c}, @TCA_MPLS_TC={0x5, 0x6, 0x6}]}, {0x4, 0x4}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x10}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="5200000002"], 0x8) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r3}, 0x8) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x12, 0x7, 0x4, 0x9, 0x280, r2, 0x10, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2000003}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r5 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000240), r6) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r7}, 0x10) pipe(&(0x7f0000000200)={0xffffffffffffffff}) read$alg(r8, &(0x7f0000000500)=""/4096, 0x1000) sendto$inet(r5, &(0x7f0000000100)="f4", 0x1, 0x2000c8d4, &(0x7f00000000c0)={0x2, 0x4e22, @local}, 0x10) getsockopt$inet_sctp_SCTP_STATUS(r5, 0x84, 0xe, &(0x7f0000000200)={0x0, 0x8, 0x1, 0x4, 0x1, 0xe9c, 0x4, 0x2, {0x0, @in6={{0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x2}}, 0x9, 0xfffffff7, 0xfffffffd, 0xc1, 0xfb}}, &(0x7f0000000140)=0xb0) setsockopt$RXRPC_SECURITY_KEY(r8, 0x110, 0x1, &(0x7f0000000080)='\x00', 0x1) syz_genetlink_get_family_id$devlink(&(0x7f00000005c0), 0xffffffffffffffff) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) 15.88066327s ago: executing program 1 (id=256): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000005c0)=ANY=[@ANYBLOB="fc00000019000100000000000000000020010000000000000000000000000000ac1414aa00000000000000000000000000000005000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0xfc}}, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB="ec000000210097266e197df3de43fffffc020000000000000000000300000000fe8000000000000000000000000000aafffc0000000000080a00e08000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="02000080000000009c001100ac1414aa00000000000000000000000000000000000000000000000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aa3201000002000000020002006401010000000000000000000000000000000000000000000000ffff0a01010200000000000000000000000000000000fc0200"/148], 0xec}, 0x1, 0x0, 0x0, 0x800}, 0x42000) 15.841058145s ago: executing program 1 (id=257): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x4, &(0x7f0000000200)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xe}]}, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r0, 0x2000012, 0xe, 0x0, &(0x7f0000000280)="63ec33c9e9b98600000000000000", 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 15.75370763s ago: executing program 1 (id=258): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000001380)={r0, &(0x7f00000004c0)}, 0x20) 15.753454496s ago: executing program 1 (id=259): socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x1) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(khazad)\x00'}, 0x58) socket$alg(0x26, 0x5, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20004041, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x2, @dev={0xfe, 0x80, '\x00', 0x13}, 0x7}, 0x1c) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x800) sendto$inet6(r1, &(0x7f00000004c0)="112efc61dfb09b674aa4688dd59e6b7c419836e5129a9c6721decbc8", 0xfffffcab, 0x11, 0x0, 0x1800) 15.162042819s ago: executing program 1 (id=260): unshare(0x680) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) vmsplice(0xffffffffffffffff, &(0x7f0000000380), 0x0, 0x6) ioctl$sock_inet_udp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_udp_int(r0, 0x11, 0x1, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="0000000000004a641c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff0000000001000000000000d7", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800a000100767863616e0000000400028008000a00", @ANYRES32=r3], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000001c0)={0x40, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {0x8}, @broadcast, @device_a, @from_mac=@broadcast, {0x0, 0x400}}, @ext_ch_sw={0x4, 0x4, {{0x0, 0x3, 0xe, 0xf9}, @void}}}}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) 1.513838971s ago: executing program 32 (id=247): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_SHORT_ADDR(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, r1, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_SHORT_ADDR={0x6, 0xa, 0xfffe}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}]}, 0x28}, 0x1, 0x0, 0x0, 0x24004085}, 0x20000091) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = socket$packet(0x11, 0x0, 0x300) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_DEL_DEV(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, r4, 0x2, 0x70bd26, 0x25dfdbfc, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20004801}, 0x30000081) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r6, 0x400448e4, &(0x7f00000002c0)="5b6dcaa2c0f2d875b3a4e5159214ea327ac4b6b9ae9293df289f02fcb16e975fd0c3d3af26ad98ceb1027531f47098398911b682df4aa90ee84bfb29f1777c5a292c020f184d135e019469b2b3399fa21123f58c177a5909e9a9818880302b28b776c23e4384c6e5fe3998e68c760655b7547b5cac520d5ba2b4ae70337e22a4046c91814fb7262e59b65e6f2b1d2998783f06fc58") r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r3, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x14, r7, 0x400, 0x70bd25, 0x25dfdbfb, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x101}, 0x98c1) r8 = socket$netlink(0x10, 0x3, 0xb) r9 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000500), 0xffffffffffffffff) sendmsg$IPVS_CMD_SET_INFO(r8, &(0x7f0000000600)={&(0x7f00000004c0), 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x54, r9, 0x1, 0x70bd27, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xa}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5e}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x401}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x840}, 0x20004040) getsockopt(r2, 0x4, 0xad46, &(0x7f0000000640)=""/178, &(0x7f0000000700)=0xb2) clock_gettime(0x0, &(0x7f0000003240)={0x0, 0x0}) recvmmsg(r8, &(0x7f0000003180)=[{{&(0x7f0000000740)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000001ac0)=[{&(0x7f00000007c0)=""/194, 0xc2}, {&(0x7f00000008c0)=""/214, 0xd6}, {&(0x7f00000009c0)=""/52, 0x34}, {&(0x7f0000000a00)=""/65, 0x41}, {&(0x7f0000000a80)=""/45, 0x2d}, {&(0x7f0000000ac0)=""/4096, 0x1000}], 0x6}, 0x3fcf}, {{&(0x7f0000001b40)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000002cc0)=[{&(0x7f0000001bc0)=""/4096, 0x1000}, {&(0x7f0000002bc0)=""/106, 0x6a}, {&(0x7f0000002c40)=""/73, 0x49}], 0x3, &(0x7f0000002d00)=""/4, 0x4}, 0x3ff}, {{&(0x7f0000002d40)=@alg, 0x80, &(0x7f0000003100)=[{&(0x7f0000002dc0)=""/111, 0x6f}, {&(0x7f0000002e40)=""/75, 0x4b}, {&(0x7f0000002ec0)=""/254, 0xfe}, {&(0x7f0000002fc0)=""/112, 0x70}, {&(0x7f0000003040)=""/115, 0x73}, {&(0x7f00000030c0)=""/54, 0x36}], 0x6}}], 0x3, 0x100, &(0x7f0000003280)={r10, r11+60000000}) socket$nl_route(0x10, 0x3, 0x0) r12 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000003300), r0) sendmsg$NLBL_MGMT_C_LISTDEF(r0, &(0x7f0000003400)={&(0x7f00000032c0)={0x10, 0x0, 0x0, 0x1040}, 0xc, &(0x7f00000033c0)={&(0x7f0000003340)={0x60, r12, 0x800, 0x70bd2d, 0x25dfdbfb, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x2}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @rand_addr=0x64010100}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x2}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @private2={0xfc, 0x2, '\x00', 0x1}}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x2}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}]}, 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x4085c) r13 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$FAT_IOCTL_SET_ATTRIBUTES(r13, 0x40047211, &(0x7f0000003440)=0x20) sendmsg$NL80211_CMD_GET_POWER_SAVE(r8, &(0x7f0000003540)={&(0x7f0000003480)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000003500)={&(0x7f00000034c0)={0x20, r7, 0x1, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x3, 0xc}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x20044010}, 0x48004) r14 = syz_genetlink_get_family_id$nbd(&(0x7f00000035c0), r0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000003600)={0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000003640)={0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000003680)={0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000036c0)={0xffffffffffffffff}) sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000003800)={&(0x7f0000003580)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000037c0)={&(0x7f0000003700)={0xb0, r14, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@NBD_ATTR_BACKEND_IDENTIFIER={0x9, 0xa, '%-!#*'}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x9}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SOCKETS={0x40, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r15}}, {0xc, 0x1, 0x0, 0x1, {0x8}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r16}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r17}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r18}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x100}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x8000000000000000}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x5689}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x27b1}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x3}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4049800}, 0x20004000) 1.001228726s ago: executing program 33 (id=251): r0 = socket$netlink(0x10, 0x3, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000600)=ANY=[@ANYBLOB="1111020031880000280012800b0001006d61637365630000180002800c0004000200000100", @ANYRES32=r2, @ANYBLOB="e40ebcc7e916254d75993ac0e2c6bf707ab4758405b596325ce73b91140a9c0bd03ea2afb49464b3c1f481fa2477fc67044af26a584f1b42a6c43b3a60c25d059e1f5299e64d3c97157910c9746eef630d9759982fdfa91decf3583603f286f191d92a62a7f20158ac1eaced09a9d83354d74dd61e289465e9f46bcada2e49d5489f94f9c08a9328b0061e9b1a1fbde2d06ce599951cde61fa24f61555ad388331bb416f2a93193f7f87125319dfd810da71d02da1d2ce977a92a0237236d845a33b8c3651f7c138494e7d9a621b014f686797d2789b2e49c60b06bfc918d158420af120"], 0x50}, 0x1, 0x0, 0x0, 0x48890}, 0x0) r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r3, &(0x7f0000000080)={0x1f, @none, 0xd}, 0xa) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)=ANY=[@ANYRES64=0x0, @ANYBLOB="924016c29c99b475a6652c43fa2a2a819e4617b0c7ec8e24e3225e7a042396d9f1e1cdee0d487cd5706e1b702318cc7266672638d02fbd7d94be8996cad76152237ac716ebba90a30017026590e46c2f33af63ac95c2d373670e414288b9b3a9b3486fbfb2cb595b27091cd4e802d7b626608cdac25956ca10d9583c46496174af497a919b0b2343f578c18616b6fec46dd758f0690ddd5f", @ANYBLOB], 0x3c}}, 0x8800) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000440), r5) r6 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r6, &(0x7f0000007fc0), 0x0, 0x20000804) setsockopt$SO_TIMESTAMP(r6, 0x1, 0x23, &(0x7f0000000000)=0xe36e, 0x4) setsockopt$inet_int(r6, 0x0, 0xc, &(0x7f0000000040)=0xfffffffc, 0x4) setsockopt$inet_int(r6, 0x0, 0x7, &(0x7f0000000180)=0xb, 0x4) socket$packet(0x11, 0x3, 0x300) r7 = socket$kcm(0xa, 0x2, 0x0) r8 = socket(0x2, 0x80805, 0x0) r9 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADD(r9, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010102, 0x4e21, 0x3, 'wlc\x00', 0xd, 0x400000a, 0x8239}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(r8, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x7ebc7abf7d80e4f2, 0x200, 0x77}, {@dev={0xac, 0x14, 0x14, 0x42}, 0x4f21, 0x2, 0xcd}}, 0x44) sendmsg$sock(r7, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x29, 0x24, 0x3}}], 0x18}, 0x0) socket(0x10, 0x803, 0x0) socket$inet6(0xa, 0x2, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) 954.739623ms ago: executing program 34 (id=253): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000640)={0x0}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 440.913799ms ago: executing program 35 (id=255): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000740)=@newtaction={0x74, 0x30, 0x1, 0x70bd2c, 0x0, {}, [{0x60, 0x1, [@m_mpls={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0xffffffff, 0x10000, 0x10000000, 0xcb6, 0x2}, 0x1}}, @TCA_MPLS_PROTO={0x6, 0x4, 0x884c}, @TCA_MPLS_TC={0x5, 0x6, 0x6}]}, {0x4, 0x4}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x10}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r4, &(0x7f0000000580)=ANY=[@ANYBLOB="5200000002"], 0x8) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r3}, 0x8) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x12, 0x7, 0x4, 0x9, 0x280, r2, 0x10, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2000003}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r5 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000240), r6) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r7}, 0x10) pipe(&(0x7f0000000200)={0xffffffffffffffff}) read$alg(r8, &(0x7f0000000500)=""/4096, 0x1000) sendto$inet(r5, &(0x7f0000000100)="f4", 0x1, 0x2000c8d4, &(0x7f00000000c0)={0x2, 0x4e22, @local}, 0x10) getsockopt$inet_sctp_SCTP_STATUS(r5, 0x84, 0xe, &(0x7f0000000200)={0x0, 0x8, 0x1, 0x4, 0x1, 0xe9c, 0x4, 0x2, {0x0, @in6={{0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x2}}, 0x9, 0xfffffff7, 0xfffffffd, 0xc1, 0xfb}}, &(0x7f0000000140)=0xb0) setsockopt$RXRPC_SECURITY_KEY(r8, 0x110, 0x1, &(0x7f0000000080)='\x00', 0x1) syz_genetlink_get_family_id$devlink(&(0x7f00000005c0), 0xffffffffffffffff) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) 0s ago: executing program 36 (id=260): unshare(0x680) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) vmsplice(0xffffffffffffffff, &(0x7f0000000380), 0x0, 0x6) ioctl$sock_inet_udp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_udp_int(r0, 0x11, 0x1, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="0000000000004a641c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff0000000001000000000000d7", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800a000100767863616e0000000400028008000a00", @ANYRES32=r3], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000001c0)={0x40, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x22, 0x33, @action={{{}, {0x8}, @broadcast, @device_a, @from_mac=@broadcast, {0x0, 0x400}}, @ext_ch_sw={0x4, 0x4, {{0x0, 0x3, 0xe, 0xf9}, @void}}}}]}, 0x40}, 0x1, 0x0, 0x0, 0xc0}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.106' (ED25519) to the list of known hosts. [ 72.488164][ T5814] cgroup: Unknown subsys name 'net' [ 72.613650][ T5814] cgroup: Unknown subsys name 'cpuset' [ 72.622573][ T5814] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 74.204593][ T5814] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 76.767857][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.776373][ T5832] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.785126][ T5832] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.786843][ T5841] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.793165][ T5832] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.801748][ T5841] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.807997][ T5832] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.822322][ T5832] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 76.830168][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.831759][ T5841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.839000][ T5832] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.855686][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.864230][ T5844] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 76.871689][ T5832] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.873590][ T5843] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.879650][ T5844] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.895405][ T5843] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.896117][ T5844] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 76.910603][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.917315][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.918407][ T5844] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.925420][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.934176][ T5832] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 76.953944][ T5832] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 76.962160][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.568382][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 77.637268][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 77.689688][ T5824] chnl_net:caif_netlink_parms(): no params data found [ 77.945981][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 77.957099][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.965352][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.973317][ T5826] bridge_slave_0: entered allmulticast mode [ 77.980672][ T5826] bridge_slave_0: entered promiscuous mode [ 77.993706][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.000978][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.008171][ T5825] bridge_slave_0: entered allmulticast mode [ 78.015384][ T5825] bridge_slave_0: entered promiscuous mode [ 78.038737][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.046208][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.053646][ T5826] bridge_slave_1: entered allmulticast mode [ 78.061002][ T5826] bridge_slave_1: entered promiscuous mode [ 78.079329][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.087310][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.097055][ T5825] bridge_slave_1: entered allmulticast mode [ 78.104489][ T5825] bridge_slave_1: entered promiscuous mode [ 78.112368][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 78.207530][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.214839][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.222185][ T5824] bridge_slave_0: entered allmulticast mode [ 78.229230][ T5824] bridge_slave_0: entered promiscuous mode [ 78.264840][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.274467][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.282351][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.289608][ T5824] bridge_slave_1: entered allmulticast mode [ 78.296822][ T5824] bridge_slave_1: entered promiscuous mode [ 78.307216][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.328936][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.367547][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.453026][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.460890][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.468137][ T5830] bridge_slave_0: entered allmulticast mode [ 78.475632][ T5830] bridge_slave_0: entered promiscuous mode [ 78.485084][ T5826] team0: Port device team_slave_0 added [ 78.493605][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.529338][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.536868][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.544203][ T5830] bridge_slave_1: entered allmulticast mode [ 78.551774][ T5830] bridge_slave_1: entered promiscuous mode [ 78.560808][ T5826] team0: Port device team_slave_1 added [ 78.568411][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.580284][ T5825] team0: Port device team_slave_0 added [ 78.637338][ T5825] team0: Port device team_slave_1 added [ 78.643388][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.650764][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.657919][ T5836] bridge_slave_0: entered allmulticast mode [ 78.665377][ T5836] bridge_slave_0: entered promiscuous mode [ 78.702262][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.709230][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.736485][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.778592][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.786147][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.793444][ T5836] bridge_slave_1: entered allmulticast mode [ 78.801433][ T5836] bridge_slave_1: entered promiscuous mode [ 78.811707][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.821801][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.829005][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.855993][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.868931][ T5824] team0: Port device team_slave_0 added [ 78.901278][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.920937][ T5824] team0: Port device team_slave_1 added [ 78.927336][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.935370][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 78.961827][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.000892][ T5844] Bluetooth: hci1: command tx timeout [ 79.001031][ T5839] Bluetooth: hci3: command tx timeout [ 79.006619][ T5844] Bluetooth: hci2: command tx timeout [ 79.012873][ T5147] Bluetooth: hci4: command tx timeout [ 79.037768][ T5830] team0: Port device team_slave_0 added [ 79.056729][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.064287][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.091330][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.100392][ T5147] Bluetooth: hci0: command tx timeout [ 79.112142][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.124882][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.135773][ T5830] team0: Port device team_slave_1 added [ 79.154626][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.161977][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.188314][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.247351][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.255338][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.282154][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.328340][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.335858][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.362012][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.387137][ T5826] hsr_slave_0: entered promiscuous mode [ 79.393721][ T5826] hsr_slave_1: entered promiscuous mode [ 79.403809][ T5836] team0: Port device team_slave_0 added [ 79.424841][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.431986][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.458586][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.503621][ T5836] team0: Port device team_slave_1 added [ 79.513780][ T5825] hsr_slave_0: entered promiscuous mode [ 79.520334][ T5825] hsr_slave_1: entered promiscuous mode [ 79.526459][ T5825] debugfs: 'hsr0' already exists in 'hsr' [ 79.532681][ T5825] Cannot create hsr debugfs directory [ 79.587613][ T5824] hsr_slave_0: entered promiscuous mode [ 79.595021][ T5824] hsr_slave_1: entered promiscuous mode [ 79.601797][ T5824] debugfs: 'hsr0' already exists in 'hsr' [ 79.608124][ T5824] Cannot create hsr debugfs directory [ 79.683285][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.690336][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.716362][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.733601][ T5830] hsr_slave_0: entered promiscuous mode [ 79.740323][ T5830] hsr_slave_1: entered promiscuous mode [ 79.746621][ T5830] debugfs: 'hsr0' already exists in 'hsr' [ 79.753404][ T5830] Cannot create hsr debugfs directory [ 79.792525][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.799560][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 79.827078][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.003852][ T5836] hsr_slave_0: entered promiscuous mode [ 80.010645][ T5836] hsr_slave_1: entered promiscuous mode [ 80.016815][ T5836] debugfs: 'hsr0' already exists in 'hsr' [ 80.022605][ T5836] Cannot create hsr debugfs directory [ 80.417105][ T5825] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 80.431561][ T5825] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 80.456443][ T5825] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 80.469025][ T5825] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 80.548108][ T5826] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 80.563498][ T5826] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 80.574206][ T5826] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 80.590871][ T5826] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 80.692324][ T5824] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 80.720650][ T5824] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 80.744244][ T5824] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 80.756255][ T5824] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 80.871102][ T5836] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 80.883030][ T5836] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 80.896438][ T5836] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 80.906940][ T5836] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 81.033631][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.044278][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.053056][ T5830] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 81.078298][ T5830] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 81.085973][ T5147] Bluetooth: hci4: command tx timeout [ 81.086404][ T5839] Bluetooth: hci3: command tx timeout [ 81.092123][ T5844] Bluetooth: hci1: command tx timeout [ 81.098210][ T5832] Bluetooth: hci2: command tx timeout [ 81.127819][ T5830] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 81.144977][ T5830] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 81.161336][ T5832] Bluetooth: hci0: command tx timeout [ 81.182996][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.210165][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.217403][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.238267][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.257590][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.267248][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.274683][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.286471][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.293676][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.336242][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.343585][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.415998][ T5824] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.450616][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.457819][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.497380][ T4539] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.504764][ T4539] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.583003][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.648414][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.738232][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.779119][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.786384][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 81.844072][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 81.858056][ T151] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.865447][ T151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 81.944472][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.951905][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.018345][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.025582][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.073758][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.142964][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.299269][ T5826] veth0_vlan: entered promiscuous mode [ 82.396749][ T5826] veth1_vlan: entered promiscuous mode [ 82.423566][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.522908][ T5825] veth0_vlan: entered promiscuous mode [ 82.573937][ T5826] veth0_macvtap: entered promiscuous mode [ 82.632239][ T5825] veth1_vlan: entered promiscuous mode [ 82.677188][ T5826] veth1_macvtap: entered promiscuous mode [ 82.729109][ T5824] veth0_vlan: entered promiscuous mode [ 82.748009][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.766595][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 82.782687][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.801143][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.832565][ T5824] veth1_vlan: entered promiscuous mode [ 82.860928][ T42] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.872424][ T42] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.905175][ T42] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.916029][ T42] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.952248][ T5825] veth0_macvtap: entered promiscuous mode [ 82.984568][ T5825] veth1_macvtap: entered promiscuous mode [ 83.087191][ T5830] veth0_vlan: entered promiscuous mode [ 83.116247][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.143041][ T151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.150241][ T5830] veth1_vlan: entered promiscuous mode [ 83.156596][ T151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.161464][ T5839] Bluetooth: hci3: command tx timeout [ 83.164568][ T5844] Bluetooth: hci1: command tx timeout [ 83.169453][ T5832] Bluetooth: hci2: command tx timeout [ 83.175343][ T5147] Bluetooth: hci4: command tx timeout [ 83.198422][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.237206][ T5824] veth0_macvtap: entered promiscuous mode [ 83.240749][ T5832] Bluetooth: hci0: command tx timeout [ 83.272035][ T5824] veth1_macvtap: entered promiscuous mode [ 83.283868][ T151] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.293374][ T151] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.309445][ T151] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.309458][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.320077][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.335072][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.386855][ T5836] veth0_vlan: entered promiscuous mode [ 83.410959][ T5830] veth0_macvtap: entered promiscuous mode [ 83.435823][ T5830] veth1_macvtap: entered promiscuous mode [ 83.457888][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.473008][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.495114][ T5826] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 83.509093][ T5836] veth1_vlan: entered promiscuous mode [ 83.562307][ T60] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.625983][ T60] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.648513][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.661228][ T60] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.674598][ T60] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.691473][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.694813][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.709852][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.768637][ T42] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.779356][ T42] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.820457][ T42] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.829259][ T42] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.868146][ T151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.889481][ T151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.898182][ T5836] veth0_macvtap: entered promiscuous mode [ 83.973676][ T5836] veth1_macvtap: entered promiscuous mode [ 83.995970][ T151] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.007753][ T151] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.097028][ T5955] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6'. [ 84.137385][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.198915][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.208443][ T151] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.229697][ T151] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.271603][ T42] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.302465][ T42] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.367490][ T42] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.383898][ T42] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.425788][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.445732][ T5964] syz.0.7 uses obsolete (PF_INET,SOCK_PACKET) [ 84.466963][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.599103][ T5968] netlink: 'syz.1.2': attribute type 13 has an invalid length. [ 84.613402][ T3507] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.631684][ T3507] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.688774][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.732885][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.886155][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.954819][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.976945][ T5979] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 85.242472][ T5832] Bluetooth: hci1: command tx timeout [ 85.248042][ T5832] Bluetooth: hci4: command tx timeout [ 85.250259][ T5844] Bluetooth: hci2: command tx timeout [ 85.254276][ T5832] Bluetooth: hci3: command tx timeout [ 85.320812][ T5832] Bluetooth: hci0: command tx timeout [ 85.447730][ T5995] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12'. [ 85.513329][ T5998] netlink: 'syz.1.13': attribute type 1 has an invalid length. [ 85.537614][ T5997] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 85.647955][ T5980] netlink: 'syz.2.10': attribute type 2 has an invalid length. [ 85.673269][ T5995] Zero length message leads to an empty skb [ 85.767358][ T6005] netlink: 20 bytes leftover after parsing attributes in process `syz.4.14'. [ 85.917713][ T1218] cfg80211: failed to load regulatory.db [ 86.264607][ T6017] netlink: 20 bytes leftover after parsing attributes in process `syz.4.17'. [ 86.447634][ T6011] wg1: entered promiscuous mode [ 86.458614][ T6011] wg1: entered allmulticast mode [ 86.496719][ T6020] syzkaller1: entered promiscuous mode [ 86.531762][ T6020] syzkaller1: entered allmulticast mode [ 86.677162][ T6034] netlink: 'syz.4.22': attribute type 10 has an invalid length. [ 86.949971][ T6042] Bluetooth: MGMT ver 1.23 [ 86.959891][ T6043] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6 [ 86.971517][ T6032] wg1: entered promiscuous mode [ 86.977806][ T6032] wg1: entered allmulticast mode [ 87.018694][ T6034] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.027133][ T6034] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.056086][ T6034] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.063450][ T6034] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.071681][ T6034] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.078893][ T6034] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.102071][ T6034] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 87.204293][ T6048] netlink: 8 bytes leftover after parsing attributes in process `syz.1.26'. [ 87.213482][ T6048] netlink: 8 bytes leftover after parsing attributes in process `syz.1.26'. [ 87.405869][ T6051] netlink: 8 bytes leftover after parsing attributes in process `syz.3.28'. [ 87.486010][ T6058] netlink: 20 bytes leftover after parsing attributes in process `syz.0.27'. [ 87.525203][ T6061] FAULT_INJECTION: forcing a failure. [ 87.525203][ T6061] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 87.572330][ T6061] CPU: 0 UID: 0 PID: 6061 Comm: syz.2.31 Not tainted syzkaller #0 PREEMPT(full) [ 87.572357][ T6061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 87.572376][ T6061] Call Trace: [ 87.572383][ T6061] [ 87.572392][ T6061] dump_stack_lvl+0x189/0x250 [ 87.572477][ T6061] ? __pfx____ratelimit+0x10/0x10 [ 87.572498][ T6061] ? __pfx_dump_stack_lvl+0x10/0x10 [ 87.572524][ T6061] ? __pfx__printk+0x10/0x10 [ 87.572544][ T6061] ? __might_fault+0xb0/0x130 [ 87.572581][ T6061] should_fail_ex+0x414/0x560 [ 87.572616][ T6061] _copy_from_user+0x2d/0xb0 [ 87.572641][ T6061] ___sys_recvmsg+0x12e/0x510 [ 87.572672][ T6061] ? __pfx____sys_recvmsg+0x10/0x10 [ 87.572727][ T6061] ? __might_fault+0xb0/0x130 [ 87.572757][ T6061] do_recvmmsg+0x307/0x770 [ 87.572790][ T6061] ? __pfx_do_recvmmsg+0x10/0x10 [ 87.572826][ T6061] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 87.572868][ T6061] __x64_sys_recvmmsg+0x190/0x240 [ 87.572895][ T6061] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 87.572924][ T6061] ? do_syscall_64+0xbe/0xfa0 [ 87.572949][ T6061] do_syscall_64+0xfa/0xfa0 [ 87.572970][ T6061] ? lockdep_hardirqs_on+0x9c/0x150 [ 87.572991][ T6061] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.573010][ T6061] ? clear_bhb_loop+0x60/0xb0 [ 87.573033][ T6061] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.573052][ T6061] RIP: 0033:0x7f0d39f8f749 [ 87.573074][ T6061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.573090][ T6061] RSP: 002b:00007f0d3ada0038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 87.573111][ T6061] RAX: ffffffffffffffda RBX: 00007f0d3a1e5fa0 RCX: 00007f0d39f8f749 [ 87.573125][ T6061] RDX: 0000000000000f02 RSI: 00002000000004c0 RDI: 0000000000000004 [ 87.573137][ T6061] RBP: 00007f0d3ada0090 R08: 0000000000000000 R09: 0000000000000000 [ 87.573147][ T6061] R10: 00000000000000f0 R11: 0000000000000246 R12: 0000000000000002 [ 87.573157][ T6061] R13: 00007f0d3a1e6038 R14: 00007f0d3a1e5fa0 R15: 00007fff4416e428 [ 87.573187][ T6061] [ 88.199769][ T6080] netlink: 6 bytes leftover after parsing attributes in process `syz.0.36'. [ 88.232780][ T6080] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 88.348967][ T6093] netlink: 'syz.2.39': attribute type 9 has an invalid length. [ 88.378065][ T6093] netlink: 'syz.2.39': attribute type 11 has an invalid length. [ 88.414376][ T6093] netlink: 'syz.2.39': attribute type 12 has an invalid length. [ 88.449228][ T6093] netlink: 210020 bytes leftover after parsing attributes in process `syz.2.39'. [ 88.465008][ T6093] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 88.565588][ T6082] syz.3.38 (6082) used greatest stack depth: 17640 bytes left [ 88.958929][ T6104] tipc: Started in network mode [ 88.967777][ T6104] tipc: Node identity ac14140f, cluster identity 4711 [ 88.980260][ T6104] tipc: New replicast peer: 255.255.255.255 [ 88.987013][ T6104] tipc: Enabled bearer , priority 10 [ 88.995121][ T6108] netlink: 'syz.3.41': attribute type 1 has an invalid length. [ 89.359969][ T6115] __nla_validate_parse: 5 callbacks suppressed [ 89.398619][ T6115] netlink: 4 bytes leftover after parsing attributes in process `syz.0.44'. [ 89.428649][ T6113] syzkaller1: entered promiscuous mode [ 89.431346][ T6120] trusted_key: syz.4.47 sent an empty control message without MSG_MORE. [ 89.441828][ T6113] syzkaller1: entered allmulticast mode [ 89.478597][ T6115] netlink: 4 bytes leftover after parsing attributes in process `syz.0.44'. [ 89.504445][ T4539] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 89.535261][ T4539] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 89.546466][ T4539] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 89.690370][ T4539] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 89.940871][ T6127] Bluetooth: MGMT ver 1.23 [ 89.981452][ T5899] tipc: Node number set to 2886997007 [ 90.215168][ T5899] IPVS: starting estimator thread 0... [ 90.246231][ T6112] IPVS: set_ctl: invalid protocol: 8 10.1.1.1:20129 [ 90.276482][ T6112] IPVS: nq: FWM 3 0x00000003 - no destination available [ 90.340187][ T6142] IPVS: using max 32 ests per chain, 76800 per kthread [ 90.455236][ T6144] netlink: 88 bytes leftover after parsing attributes in process `syz.1.55'. [ 90.544896][ T6151] netlink: 228 bytes leftover after parsing attributes in process `syz.1.55'. [ 90.566916][ T6158] Illegal XDP return value 98 on prog (id 19) dev N/A, expect packet loss! [ 90.815307][ T6160] tap0: tun_chr_ioctl cmd 1074025692 [ 90.834624][ T6167] netlink: 8 bytes leftover after parsing attributes in process `syz.3.60'. [ 90.935289][ T6164] syzkaller1: entered promiscuous mode [ 90.941622][ T6164] syzkaller1: entered allmulticast mode [ 91.400429][ T6180] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input7 [ 91.661684][ T6190] FAULT_INJECTION: forcing a failure. [ 91.661684][ T6190] name failslab, interval 1, probability 0, space 0, times 1 [ 91.695705][ T6190] CPU: 1 UID: 0 PID: 6190 Comm: syz.2.67 Not tainted syzkaller #0 PREEMPT(full) [ 91.695734][ T6190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 91.695745][ T6190] Call Trace: [ 91.695753][ T6190] [ 91.695761][ T6190] dump_stack_lvl+0x189/0x250 [ 91.695792][ T6190] ? __pfx____ratelimit+0x10/0x10 [ 91.695813][ T6190] ? __pfx_dump_stack_lvl+0x10/0x10 [ 91.695837][ T6190] ? __pfx__printk+0x10/0x10 [ 91.695863][ T6190] ? __pfx___might_resched+0x10/0x10 [ 91.695885][ T6190] ? fs_reclaim_acquire+0x7d/0x100 [ 91.695908][ T6190] should_fail_ex+0x414/0x560 [ 91.695944][ T6190] should_failslab+0xa8/0x100 [ 91.695966][ T6190] __kmalloc_noprof+0xcb/0x7f0 [ 91.695993][ T6190] ? nla_strdup+0x9d/0x140 [ 91.696013][ T6190] ? __kmalloc_cache_noprof+0x3d5/0x6f0 [ 91.696043][ T6190] nla_strdup+0x9d/0x140 [ 91.696065][ T6190] nf_tables_newtable+0x491/0x1890 [ 91.696100][ T6190] ? __pfx_nfnl_pernet+0x2/0x10 [ 91.696137][ T6190] nfnetlink_rcv+0x11d9/0x2590 [ 91.696192][ T6190] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 91.696226][ T6190] ? ref_tracker_free+0x63a/0x7d0 [ 91.696271][ T6190] ? __netlink_deliver_tap+0x807/0x850 [ 91.696293][ T6190] ? netlink_deliver_tap+0x2e/0x1b0 [ 91.696336][ T6190] netlink_unicast+0x82f/0x9e0 [ 91.696369][ T6190] ? __pfx_netlink_unicast+0x10/0x10 [ 91.696391][ T6190] ? netlink_sendmsg+0x642/0xb30 [ 91.696412][ T6190] ? skb_put+0x11b/0x210 [ 91.696438][ T6190] netlink_sendmsg+0x805/0xb30 [ 91.696472][ T6190] ? __pfx_netlink_sendmsg+0x10/0x10 [ 91.696499][ T6190] ? aa_sock_msg_perm+0xf1/0x1d0 [ 91.696528][ T6190] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 91.696546][ T6190] ? __pfx_netlink_sendmsg+0x10/0x10 [ 91.696571][ T6190] __sock_sendmsg+0x21c/0x270 [ 91.696601][ T6190] ____sys_sendmsg+0x505/0x830 [ 91.696630][ T6190] ? __pfx_____sys_sendmsg+0x10/0x10 [ 91.696662][ T6190] ? import_iovec+0x74/0xa0 [ 91.696689][ T6190] ___sys_sendmsg+0x21f/0x2a0 [ 91.696715][ T6190] ? __pfx____sys_sendmsg+0x10/0x10 [ 91.696744][ T6190] ? rcu_read_lock_any_held+0xb3/0x120 [ 91.696779][ T6190] ? sb_end_write+0xe9/0x1c0 [ 91.696814][ T6190] ? __pfx_vfs_write+0x10/0x10 [ 91.696839][ T6190] ? do_sys_openat2+0x154/0x1c0 [ 91.696863][ T6190] __x64_sys_sendmsg+0x19b/0x260 [ 91.696888][ T6190] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 91.696922][ T6190] ? __pfx_ksys_write+0x10/0x10 [ 91.696953][ T6190] ? do_syscall_64+0xbe/0xfa0 [ 91.696979][ T6190] do_syscall_64+0xfa/0xfa0 [ 91.696999][ T6190] ? lockdep_hardirqs_on+0x9c/0x150 [ 91.697021][ T6190] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.697040][ T6190] ? clear_bhb_loop+0x60/0xb0 [ 91.697064][ T6190] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.697090][ T6190] RIP: 0033:0x7f0d39f8f749 [ 91.697108][ T6190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.697141][ T6190] RSP: 002b:00007f0d3ada0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 91.697162][ T6190] RAX: ffffffffffffffda RBX: 00007f0d3a1e5fa0 RCX: 00007f0d39f8f749 [ 91.697174][ T6190] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000006 [ 91.697185][ T6190] RBP: 00007f0d3ada0090 R08: 0000000000000000 R09: 0000000000000000 [ 91.697196][ T6190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.697207][ T6190] R13: 00007f0d3a1e6038 R14: 00007f0d3a1e5fa0 R15: 00007fff4416e428 [ 91.697237][ T6190] [ 92.042225][ T5839] Bluetooth: hci0: command 0x0c1a tx timeout [ 92.106194][ T5832] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 92.310869][ T6205] bridge0: port 3(syz_tun) entered blocking state [ 92.317645][ T6205] bridge0: port 3(syz_tun) entered disabled state [ 92.335025][ T6205] syz_tun: entered allmulticast mode [ 92.349947][ T6205] syz_tun: entered promiscuous mode [ 92.367380][ T6205] bridge0: port 3(syz_tun) entered blocking state [ 92.374399][ T6205] bridge0: port 3(syz_tun) entered forwarding state [ 92.408585][ T6205] netlink: 'syz.4.71': attribute type 10 has an invalid length. [ 92.417994][ T6205] bridge0: port 3(syz_tun) entered disabled state [ 92.424715][ T6205] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.432531][ T6205] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.506237][ T6205] IPVS: set_ctl: invalid protocol: 60 224.0.0.2:20000 [ 92.698116][ T6219] netlink: 12 bytes leftover after parsing attributes in process `syz.4.76'. [ 92.718683][ T6221] netlink: 8 bytes leftover after parsing attributes in process `syz.1.74'. [ 92.725323][ T6222] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input8 [ 92.737162][ T6221] netlink: 8 bytes leftover after parsing attributes in process `syz.1.74'. [ 92.864867][ T6229] warning: `syz.3.78' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 92.983083][ T6233] netlink: 'syz.4.80': attribute type 1 has an invalid length. [ 93.534489][ T5929] IPVS: starting estimator thread 0... [ 93.631309][ T6261] IPVS: using max 37 ests per chain, 88800 per kthread [ 93.802863][ T6266] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 94.432669][ T6281] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input9 [ 95.281244][ T6278] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 95.282356][ T6272] netlink: 8 bytes leftover after parsing attributes in process `syz.0.87'. [ 95.340179][ T6274] netlink: 'syz.0.87': attribute type 1 has an invalid length. [ 95.367421][ T6274] netlink: 224 bytes leftover after parsing attributes in process `syz.0.87'. [ 95.480465][ T5839] Bluetooth: hci4: command 0x0405 tx timeout [ 95.647489][ T6291] netlink: 8 bytes leftover after parsing attributes in process `syz.2.95'. [ 95.652072][ T6299] netlink: 40 bytes leftover after parsing attributes in process `syz.0.98'. [ 95.693504][ T6299] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 95.701068][ T6299] IPv6: NLM_F_CREATE should be set when creating new route [ 95.708474][ T6299] IPv6: NLM_F_CREATE should be set when creating new route [ 95.834327][ T6304] netlink: 8 bytes leftover after parsing attributes in process `syz.1.100'. [ 95.864220][ T6304] netlink: 4 bytes leftover after parsing attributes in process `syz.1.100'. [ 95.891349][ T6304] netlink: 'syz.1.100': attribute type 15 has an invalid length. [ 95.974808][ T6310] netlink: 'syz.1.100': attribute type 1 has an invalid length. [ 96.007469][ T6310] netlink: 'syz.1.100': attribute type 1 has an invalid length. [ 96.062937][ T6312] FAULT_INJECTION: forcing a failure. [ 96.062937][ T6312] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 96.096625][ T6312] CPU: 1 UID: 0 PID: 6312 Comm: syz.2.102 Not tainted syzkaller #0 PREEMPT(full) [ 96.096649][ T6312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 96.096659][ T6312] Call Trace: [ 96.096665][ T6312] [ 96.096672][ T6312] dump_stack_lvl+0x189/0x250 [ 96.096700][ T6312] ? __pfx____ratelimit+0x10/0x10 [ 96.096716][ T6312] ? __pfx_dump_stack_lvl+0x10/0x10 [ 96.096735][ T6312] ? __pfx__printk+0x10/0x10 [ 96.096754][ T6312] ? __might_fault+0xb0/0x130 [ 96.096788][ T6312] should_fail_ex+0x414/0x560 [ 96.096818][ T6312] _copy_from_user+0x2d/0xb0 [ 96.096838][ T6312] csum_and_copy_from_iter_full+0x694/0x1ed0 [ 96.096860][ T6312] ? alloc_skb_with_frags+0x7df/0x890 [ 96.096889][ T6312] ? sock_alloc_send_pskb+0x86b/0x980 [ 96.096910][ T6312] ? __pfx_csum_and_copy_from_iter_full+0x10/0x10 [ 96.096949][ T6312] ip_generic_getfrag+0x12f/0x2b0 [ 96.096966][ T6312] ? sock_omalloc+0x126/0x1e0 [ 96.096991][ T6312] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 96.097014][ T6312] ? is_bpf_text_address+0x292/0x2b0 [ 96.097034][ T6312] ? skb_put+0x11b/0x210 [ 96.097052][ T6312] __ip6_append_data+0x30e7/0x3f30 [ 96.097094][ T6312] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 96.097131][ T6312] ? __pfx___ip6_append_data+0x10/0x10 [ 96.097153][ T6312] ? ip6_setup_cork+0xa1c/0x10e0 [ 96.097179][ T6312] ip6_make_skb+0x2ce/0x410 [ 96.097202][ T6312] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 96.097223][ T6312] ? __pfx_ip6_make_skb+0x10/0x10 [ 96.097241][ T6312] ? ip6_dst_check+0x5e3/0x7e0 [ 96.097268][ T6312] ? ip6_sk_dst_lookup_flow+0x696/0x9b0 [ 96.097289][ T6312] ? css_rstat_updated+0x1a1/0x4f0 [ 96.097316][ T6312] udpv6_sendmsg+0x1d1a/0x2510 [ 96.097347][ T6312] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 96.097373][ T6312] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 96.097398][ T6312] ? __pfx___might_resched+0x10/0x10 [ 96.097436][ T6312] ? aa_sk_perm+0x81e/0x950 [ 96.097476][ T6312] ? inet_send_prepare+0x5c/0x270 [ 96.097502][ T6312] ? inet6_sendmsg+0xe4/0x120 [ 96.097530][ T6312] __sock_sendmsg+0xe5/0x270 [ 96.097562][ T6312] ____sys_sendmsg+0x52d/0x830 [ 96.097592][ T6312] ? __pfx_____sys_sendmsg+0x10/0x10 [ 96.097635][ T6312] ? import_iovec+0x74/0xa0 [ 96.097664][ T6312] ___sys_sendmsg+0x21f/0x2a0 [ 96.097689][ T6312] ? __pfx____sys_sendmsg+0x10/0x10 [ 96.097748][ T6312] ? __fget_files+0x2a/0x420 [ 96.097766][ T6312] ? __fget_files+0x3a0/0x420 [ 96.097795][ T6312] __sys_sendmmsg+0x227/0x430 [ 96.097824][ T6312] ? __pfx___sys_sendmmsg+0x10/0x10 [ 96.097856][ T6312] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 96.097899][ T6312] ? ksys_write+0x22a/0x250 [ 96.097928][ T6312] ? __pfx_ksys_write+0x10/0x10 [ 96.097958][ T6312] __x64_sys_sendmmsg+0xa0/0xc0 [ 96.097983][ T6312] do_syscall_64+0xfa/0xfa0 [ 96.098004][ T6312] ? lockdep_hardirqs_on+0x9c/0x150 [ 96.098026][ T6312] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.098045][ T6312] ? clear_bhb_loop+0x60/0xb0 [ 96.098069][ T6312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.098087][ T6312] RIP: 0033:0x7f0d39f8f749 [ 96.098104][ T6312] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.098120][ T6312] RSP: 002b:00007f0d3ada0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 96.098141][ T6312] RAX: ffffffffffffffda RBX: 00007f0d3a1e5fa0 RCX: 00007f0d39f8f749 [ 96.098156][ T6312] RDX: 0400000000000172 RSI: 0000200000003cc0 RDI: 0000000000000004 [ 96.098169][ T6312] RBP: 00007f0d3ada0090 R08: 0000000000000000 R09: 0000000000000000 [ 96.098180][ T6312] R10: 0000000004001c00 R11: 0000000000000246 R12: 0000000000000001 [ 96.098190][ T6312] R13: 00007f0d3a1e6038 R14: 00007f0d3a1e5fa0 R15: 00007fff4416e428 [ 96.098221][ T6312] [ 96.631946][ T6316] netlink: 'syz.2.104': attribute type 1 has an invalid length. [ 97.043634][ T6328] netlink: 4 bytes leftover after parsing attributes in process `syz.1.107'. [ 97.072998][ T6325] nbd0: detected capacity change from 0 to 127 [ 97.082338][ T6306] netlink: 'syz.4.99': attribute type 2 has an invalid length. [ 97.106912][ T6325] netlink: 'syz.0.106': attribute type 39 has an invalid length. [ 97.120997][ T6328] FAULT_INJECTION: forcing a failure. [ 97.120997][ T6328] name failslab, interval 1, probability 0, space 0, times 0 [ 97.146385][ T6328] CPU: 0 UID: 0 PID: 6328 Comm: syz.1.107 Not tainted syzkaller #0 PREEMPT(full) [ 97.146412][ T6328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 97.146424][ T6328] Call Trace: [ 97.146432][ T6328] [ 97.146441][ T6328] dump_stack_lvl+0x189/0x250 [ 97.146473][ T6328] ? __pfx____ratelimit+0x10/0x10 [ 97.146495][ T6328] ? __pfx_dump_stack_lvl+0x10/0x10 [ 97.146522][ T6328] ? __pfx__printk+0x10/0x10 [ 97.146548][ T6328] ? __pfx___might_resched+0x10/0x10 [ 97.146576][ T6328] should_fail_ex+0x414/0x560 [ 97.146611][ T6328] should_failslab+0xa8/0x100 [ 97.146633][ T6328] kmem_cache_alloc_lru_noprof+0x79/0x6d0 [ 97.146661][ T6328] ? __d_alloc+0x36/0x7a0 [ 97.146689][ T6328] __d_alloc+0x36/0x7a0 [ 97.146718][ T6328] d_alloc_parallel+0xe1/0x1610 [ 97.146742][ T6328] ? __lock_acquire+0xab9/0xd20 [ 97.146774][ T6328] ? __lock_acquire+0xab9/0xd20 [ 97.146807][ T6328] ? __pfx_d_alloc_parallel+0x10/0x10 [ 97.146837][ T6328] ? __raw_spin_lock_init+0x45/0x100 [ 97.146865][ T6328] ? __init_waitqueue_head+0xa9/0x150 [ 97.146898][ T6328] __lookup_slow+0x116/0x3d0 [ 97.146925][ T6328] ? __pfx___lookup_slow+0x10/0x10 [ 97.146960][ T6328] ? d_lookup+0x8a/0xa0 [ 97.146983][ T6328] ? lookup_noperm+0x112/0x220 [ 97.147011][ T6328] simple_start_creating+0xfd/0x1e0 [ 97.147033][ T6328] ? __pfx_simple_start_creating+0x10/0x10 [ 97.147067][ T6328] debugfs_start_creating+0x10f/0x180 [ 97.147098][ T6328] __debugfs_create_file+0x79/0x4f0 [ 97.147132][ T6328] debugfs_create_file_full+0x3f/0x60 [ 97.147166][ T6328] ref_tracker_dir_debugfs+0x14e/0x270 [ 97.147187][ T6328] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 97.147238][ T6328] ? trace_kmalloc+0x1f/0xd0 [ 97.147262][ T6328] ? __kvmalloc_node_noprof+0x5ed/0x910 [ 97.147297][ T6328] ? __raw_spin_lock_init+0x45/0x100 [ 97.147327][ T6328] alloc_netdev_mqs+0x272/0x11b0 [ 97.147356][ T6328] ? __pfx_macsec_setup+0x10/0x10 [ 97.147386][ T6328] rtnl_create_link+0x31f/0xd10 [ 97.147422][ T6328] rtnl_newlink_create+0x25c/0xb00 [ 97.147451][ T6328] ? __mutex_lock+0x5bb/0x1350 [ 97.147481][ T6328] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 97.147510][ T6328] ? __pfx___mutex_lock+0x10/0x10 [ 97.147543][ T6328] ? ns_capable+0x8a/0xf0 [ 97.147563][ T6328] rtnl_newlink+0x16e4/0x1c80 [ 97.147595][ T6328] ? __pfx_rtnl_newlink+0x10/0x10 [ 97.147613][ T6328] ? do_syscall_64+0xfa/0xfa0 [ 97.147634][ T6328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.147693][ T6328] ? kasan_quarantine_put+0xdd/0x220 [ 97.147720][ T6328] ? lockdep_hardirqs_on+0x9c/0x150 [ 97.147750][ T6328] ? nlmon_xmit+0xb0/0x100 [ 97.147773][ T6328] ? kmem_cache_free+0x19b/0x690 [ 97.147818][ T6328] ? __local_bh_enable_ip+0x12d/0x1c0 [ 97.147840][ T6328] ? lockdep_hardirqs_on+0x9c/0x150 [ 97.147864][ T6328] ? __local_bh_enable_ip+0x12d/0x1c0 [ 97.147885][ T6328] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 97.147916][ T6328] ? __lock_acquire+0xab9/0xd20 [ 97.147964][ T6328] ? __pfx_rtnl_newlink+0x10/0x10 [ 97.147984][ T6328] rtnetlink_rcv_msg+0x7cf/0xb70 [ 97.148009][ T6328] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 97.148028][ T6328] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 97.148046][ T6328] ? ref_tracker_free+0x63a/0x7d0 [ 97.148062][ T6328] ? __asan_memcpy+0x40/0x70 [ 97.148085][ T6328] ? __pfx_ref_tracker_free+0x10/0x10 [ 97.148100][ T6328] ? __skb_clone+0x63/0x7a0 [ 97.148132][ T6328] netlink_rcv_skb+0x208/0x470 [ 97.148157][ T6328] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 97.148179][ T6328] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 97.148215][ T6328] ? netlink_deliver_tap+0x2e/0x1b0 [ 97.148248][ T6328] netlink_unicast+0x82f/0x9e0 [ 97.148279][ T6328] ? __pfx_netlink_unicast+0x10/0x10 [ 97.148302][ T6328] ? netlink_sendmsg+0x642/0xb30 [ 97.148324][ T6328] ? skb_put+0x11b/0x210 [ 97.148349][ T6328] netlink_sendmsg+0x805/0xb30 [ 97.148383][ T6328] ? __pfx_netlink_sendmsg+0x10/0x10 [ 97.148411][ T6328] ? aa_sock_msg_perm+0xf1/0x1d0 [ 97.148443][ T6328] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 97.148461][ T6328] ? __pfx_netlink_sendmsg+0x10/0x10 [ 97.148486][ T6328] __sock_sendmsg+0x21c/0x270 [ 97.148519][ T6328] ____sys_sendmsg+0x505/0x830 [ 97.148548][ T6328] ? __pfx_____sys_sendmsg+0x10/0x10 [ 97.148582][ T6328] ? import_iovec+0x74/0xa0 [ 97.148612][ T6328] ___sys_sendmsg+0x21f/0x2a0 [ 97.148638][ T6328] ? __pfx____sys_sendmsg+0x10/0x10 [ 97.148704][ T6328] ? __fget_files+0x2a/0x420 [ 97.148722][ T6328] ? __fget_files+0x3a0/0x420 [ 97.148753][ T6328] __x64_sys_sendmsg+0x19b/0x260 [ 97.148780][ T6328] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 97.148829][ T6328] ? __pfx_ksys_write+0x10/0x10 [ 97.148867][ T6328] ? do_syscall_64+0xbe/0xfa0 [ 97.148894][ T6328] do_syscall_64+0xfa/0xfa0 [ 97.148918][ T6328] ? lockdep_hardirqs_on+0x9c/0x150 [ 97.148941][ T6328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.148961][ T6328] ? clear_bhb_loop+0x60/0xb0 [ 97.148985][ T6328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.149005][ T6328] RIP: 0033:0x7f3d8c78f749 [ 97.149023][ T6328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 97.149040][ T6328] RSP: 002b:00007f3d8d6e3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 97.149061][ T6328] RAX: ffffffffffffffda RBX: 00007f3d8c9e5fa0 RCX: 00007f3d8c78f749 [ 97.149089][ T6328] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 97.149102][ T6328] RBP: 00007f3d8d6e3090 R08: 0000000000000000 R09: 0000000000000000 [ 97.149121][ T6328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 97.149139][ T6328] R13: 00007f3d8c9e6038 R14: 00007f3d8c9e5fa0 R15: 00007ffc06dc5138 [ 97.149175][ T6328] [ 97.171130][ T6328] gretap0: entered promiscuous mode [ 97.721716][ T6328] macsec1: entered promiscuous mode [ 97.727232][ T6328] macsec1: entered allmulticast mode [ 97.732707][ T6328] gretap0: entered allmulticast mode [ 97.798696][ T5832] block nbd0: Receive control failed (result -104) [ 97.982394][ T6336] syz_tun: entered promiscuous mode [ 98.588225][ T6359] netlink: 4 bytes leftover after parsing attributes in process `syz.2.115'. [ 98.651755][ T6361] netlink: 'syz.0.116': attribute type 10 has an invalid length. [ 98.700931][ T6362] netlink: 24 bytes leftover after parsing attributes in process `syz.2.115'. [ 99.153776][ T6346] netlink: 'syz.1.111': attribute type 2 has an invalid length. [ 99.530216][ T6369] netlink: 'syz.4.118': attribute type 1 has an invalid length. [ 99.901189][ T6380] syz_tun: entered promiscuous mode [ 100.632492][ T6401] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input10 [ 100.978164][ T6411] syzkaller0: entered promiscuous mode [ 101.002408][ T6411] syzkaller0: entered allmulticast mode [ 101.322103][ T6420] netlink: 'syz.0.137': attribute type 1 has an invalid length. [ 102.125447][ T6440] netlink: 28 bytes leftover after parsing attributes in process `syz.0.141'. [ 102.168268][ T6406] IPVS: set_ctl: invalid protocol: 8 10.1.1.1:20129 [ 102.176304][ T6406] IPVS: nq: FWM 3 0x00000003 - no destination available [ 102.753301][ T6453] netlink: 8 bytes leftover after parsing attributes in process `syz.2.144'. [ 102.766993][ T6453] tipc: Started in network mode [ 102.772081][ T6453] tipc: Node identity ac14140f, cluster identity 4711 [ 102.779276][ T6453] tipc: New replicast peer: 255.255.255.255 [ 102.786366][ T6453] tipc: Enabled bearer , priority 10 [ 102.885959][ T6453] netlink: 'syz.2.144': attribute type 1 has an invalid length. [ 102.893782][ T6453] netlink: 224 bytes leftover after parsing attributes in process `syz.2.144'. [ 102.936791][ T6457] tipc: Started in network mode [ 102.948300][ T6457] tipc: Node identity ac14140f, cluster identity 4711 [ 102.965924][ T6457] tipc: New replicast peer: 255.255.255.255 [ 102.979723][ T6457] tipc: Enabled bearer , priority 10 [ 103.049018][ T6458] netlink: 'syz.0.145': attribute type 1 has an invalid length. [ 103.058401][ T6458] netlink: 224 bytes leftover after parsing attributes in process `syz.0.145'. [ 103.506839][ T6461] pim6reg1: entered promiscuous mode [ 103.546357][ T6461] pim6reg1: entered allmulticast mode [ 103.673555][ T6464] tap0: tun_chr_ioctl cmd 1074025692 [ 103.827768][ T5899] tipc: Node number set to 2886997007 [ 103.908733][ T6459] delete_channel: no stack [ 103.980451][ T5912] tipc: Node number set to 2886997007 [ 104.061431][ T6475] netlink: 28 bytes leftover after parsing attributes in process `syz.0.150'. [ 104.092860][ T6474] ipvlan0: entered promiscuous mode [ 104.098319][ T6474] ipvlan0: entered allmulticast mode [ 104.140429][ T6474] dummy0: entered allmulticast mode [ 104.412415][ T6337] Set syz1 is full, maxelem 65536 reached [ 104.567523][ T6485] netlink: 28 bytes leftover after parsing attributes in process `syz.1.153'. [ 104.648397][ T6489] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 104.648459][ T6488] netlink: 24 bytes leftover after parsing attributes in process `syz.3.155'. [ 104.727940][ T6493] netlink: 8 bytes leftover after parsing attributes in process `syz.1.156'. [ 104.968554][ T6501] tipc: Started in network mode [ 105.000106][ T6501] tipc: Node identity ac14140f, cluster identity 4711 [ 105.009248][ T6501] tipc: New replicast peer: 255.255.255.255 [ 105.035192][ T6501] tipc: Enabled bearer , priority 10 [ 105.071522][ T6502] netlink: 'syz.1.158': attribute type 1 has an invalid length. [ 105.094845][ T6502] netlink: 224 bytes leftover after parsing attributes in process `syz.1.158'. [ 105.366286][ T5899] IPVS: starting estimator thread 0... [ 105.382697][ T6483] IPVS: set_ctl: invalid protocol: 8 10.1.1.1:20129 [ 105.451270][ T6510] netlink: 8 bytes leftover after parsing attributes in process `syz.3.161'. [ 105.490968][ T6508] IPVS: using max 28 ests per chain, 67200 per kthread [ 105.863861][ T6522] netlink: 'syz.1.166': attribute type 15 has an invalid length. [ 106.168199][ T5899] tipc: Node number set to 2886997007 [ 106.335180][ T6537] FAULT_INJECTION: forcing a failure. [ 106.335180][ T6537] name failslab, interval 1, probability 0, space 0, times 0 [ 106.374596][ T6537] CPU: 1 UID: 0 PID: 6537 Comm: syz.0.173 Not tainted syzkaller #0 PREEMPT(full) [ 106.374624][ T6537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 106.374636][ T6537] Call Trace: [ 106.374643][ T6537] [ 106.374652][ T6537] dump_stack_lvl+0x189/0x250 [ 106.374684][ T6537] ? __pfx____ratelimit+0x10/0x10 [ 106.374704][ T6537] ? __pfx_dump_stack_lvl+0x10/0x10 [ 106.374730][ T6537] ? __pfx__printk+0x10/0x10 [ 106.374746][ T6537] ? __lock_acquire+0xab9/0xd20 [ 106.374773][ T6537] should_fail_ex+0x414/0x560 [ 106.374800][ T6537] should_failslab+0xa8/0x100 [ 106.374817][ T6537] __kmalloc_cache_noprof+0x6f/0x6f0 [ 106.374839][ T6537] ? nsim_fib_event_nb+0x187/0x1080 [ 106.374860][ T6537] ? __lock_acquire+0xab9/0xd20 [ 106.374879][ T6537] nsim_fib_event_nb+0x187/0x1080 [ 106.374913][ T6537] notifier_call_chain+0x1b6/0x3e0 [ 106.374951][ T6537] ? atomic_notifier_call_chain+0x26/0x180 [ 106.374976][ T6537] atomic_notifier_call_chain+0xda/0x180 [ 106.375000][ T6537] call_fib_notifiers+0x31/0x60 [ 106.375023][ T6537] fib_table_delete+0xc65/0xf80 [ 106.375081][ T6537] ? __pfx_fib_table_delete+0x10/0x10 [ 106.375117][ T6537] ? l3mdev_fib_table+0x18/0x160 [ 106.375139][ T6537] ? fib_new_table+0x10a/0x2d0 [ 106.375162][ T6537] fib_magic+0x2e4/0x390 [ 106.375180][ T6537] ? lockdep_hardirqs_on+0x9c/0x150 [ 106.375204][ T6537] ? __pfx_fib_magic+0x10/0x10 [ 106.375253][ T6537] fib_del_ifaddr+0x1082/0x1480 [ 106.375278][ T6537] ? inetaddr_event+0xe3/0x140 [ 106.375306][ T6537] ? blocking_notifier_call_chain+0x54/0x90 [ 106.375330][ T6537] fib_inetaddr_event+0xbb/0x190 [ 106.375354][ T6537] notifier_call_chain+0x1b6/0x3e0 [ 106.375383][ T6537] blocking_notifier_call_chain+0x6a/0x90 [ 106.375409][ T6537] __inet_del_ifa+0x87d/0x1040 [ 106.375446][ T6537] inetdev_event+0x632/0x15b0 [ 106.375471][ T6537] ? __pfx_inetdev_event+0x10/0x10 [ 106.375499][ T6537] notifier_call_chain+0x1b6/0x3e0 [ 106.375537][ T6537] unregister_netdevice_many_notify+0x1860/0x2390 [ 106.375591][ T6537] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 106.375625][ T6537] ? unregister_netdevice_queue+0x1b3/0x380 [ 106.375659][ T6537] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 106.375689][ T6537] ? __nla_parse+0x40/0x60 [ 106.375714][ T6537] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 106.375739][ T6537] rtnl_dellink+0x489/0x700 [ 106.375764][ T6537] ? __pfx_rtnl_dellink+0x10/0x10 [ 106.375889][ T6537] ? __pfx_rtnl_dellink+0x10/0x10 [ 106.375907][ T6537] rtnetlink_rcv_msg+0x7cf/0xb70 [ 106.375955][ T6537] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 106.375973][ T6537] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 106.375990][ T6537] ? ref_tracker_free+0x63a/0x7d0 [ 106.376010][ T6537] ? __asan_memcpy+0x40/0x70 [ 106.376034][ T6537] ? __pfx_ref_tracker_free+0x10/0x10 [ 106.376050][ T6537] ? __skb_clone+0x63/0x7a0 [ 106.376084][ T6537] netlink_rcv_skb+0x208/0x470 [ 106.376110][ T6537] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 106.376132][ T6537] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 106.376168][ T6537] ? netlink_deliver_tap+0x2e/0x1b0 [ 106.376200][ T6537] netlink_unicast+0x82f/0x9e0 [ 106.376230][ T6537] ? __pfx_netlink_unicast+0x10/0x10 [ 106.376254][ T6537] ? netlink_sendmsg+0x642/0xb30 [ 106.376274][ T6537] ? skb_put+0x11b/0x210 [ 106.376299][ T6537] netlink_sendmsg+0x805/0xb30 [ 106.376334][ T6537] ? __pfx_netlink_sendmsg+0x10/0x10 [ 106.376361][ T6537] ? aa_sock_msg_perm+0xf1/0x1d0 [ 106.376393][ T6537] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 106.376411][ T6537] ? __pfx_netlink_sendmsg+0x10/0x10 [ 106.376436][ T6537] __sock_sendmsg+0x21c/0x270 [ 106.376468][ T6537] ____sys_sendmsg+0x505/0x830 [ 106.376499][ T6537] ? __pfx_____sys_sendmsg+0x10/0x10 [ 106.376528][ T6537] ? import_iovec+0x74/0xa0 [ 106.376555][ T6537] ___sys_sendmsg+0x21f/0x2a0 [ 106.376580][ T6537] ? __pfx____sys_sendmsg+0x10/0x10 [ 106.376640][ T6537] ? __fget_files+0x2a/0x420 [ 106.376655][ T6537] ? __fget_files+0x3a0/0x420 [ 106.376682][ T6537] __x64_sys_sendmsg+0x19b/0x260 [ 106.376708][ T6537] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 106.376743][ T6537] ? __pfx_ksys_write+0x10/0x10 [ 106.376774][ T6537] ? do_syscall_64+0xbe/0xfa0 [ 106.376800][ T6537] do_syscall_64+0xfa/0xfa0 [ 106.376820][ T6537] ? lockdep_hardirqs_on+0x9c/0x150 [ 106.376841][ T6537] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.376861][ T6537] ? clear_bhb_loop+0x60/0xb0 [ 106.376885][ T6537] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.376903][ T6537] RIP: 0033:0x7f65e4f8f749 [ 106.376920][ T6537] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.376936][ T6537] RSP: 002b:00007f65e5d5d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 106.376965][ T6537] RAX: ffffffffffffffda RBX: 00007f65e51e5fa0 RCX: 00007f65e4f8f749 [ 106.376979][ T6537] RDX: 0000000020000050 RSI: 00002000000002c0 RDI: 0000000000000003 [ 106.376992][ T6537] RBP: 00007f65e5d5d090 R08: 0000000000000000 R09: 0000000000000000 [ 106.377003][ T6537] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 106.377015][ T6537] R13: 00007f65e51e6038 R14: 00007f65e51e5fa0 R15: 00007ffcc55ac748 [ 106.377047][ T6537] [ 107.070967][ T6551] netlink: 'syz.2.178': attribute type 3 has an invalid length. [ 107.091122][ T6551] netlink: 'syz.2.178': attribute type 3 has an invalid length. [ 107.144283][ T6557] netlink: 'syz.0.179': attribute type 1 has an invalid length. [ 107.255607][ T6557] bond1: entered promiscuous mode [ 107.261528][ T6557] 8021q: adding VLAN 0 to HW filter on device bond1 [ 107.269451][ T6552] tipc: Enabling of bearer rejected, already enabled [ 107.308792][ T6557] pim6reg1: entered promiscuous mode [ 107.314730][ T6555] netlink: 'syz.3.176': attribute type 1 has an invalid length. [ 107.342271][ T6557] pim6reg1: entered allmulticast mode [ 107.349912][ T6555] __nla_validate_parse: 2 callbacks suppressed [ 107.349930][ T6555] netlink: 224 bytes leftover after parsing attributes in process `syz.3.176'. [ 107.351844][ T6562] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 107.408561][ T6557] 8021q: adding VLAN 0 to HW filter on device bond1 [ 107.443742][ T6557] bond1: (slave gre1): The slave device specified does not support setting the MAC address [ 107.457065][ T6557] bond1: (slave gre1): Setting fail_over_mac to active for active-backup mode [ 107.471642][ T6557] bond1: (slave gre1): making interface the new active one [ 107.478932][ T6557] gre1: entered promiscuous mode [ 107.487857][ T6557] bond1: (slave gre1): Enslaving as an active interface with an up link [ 107.595432][ T6577] FAULT_INJECTION: forcing a failure. [ 107.595432][ T6577] name failslab, interval 1, probability 0, space 0, times 0 [ 107.612620][ T6577] CPU: 1 UID: 0 PID: 6577 Comm: syz.1.184 Not tainted syzkaller #0 PREEMPT(full) [ 107.612645][ T6577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 107.612657][ T6577] Call Trace: [ 107.612665][ T6577] [ 107.612672][ T6577] dump_stack_lvl+0x189/0x250 [ 107.612703][ T6577] ? __pfx____ratelimit+0x10/0x10 [ 107.612724][ T6577] ? __pfx_dump_stack_lvl+0x10/0x10 [ 107.612748][ T6577] ? __pfx__printk+0x10/0x10 [ 107.612782][ T6575] netlink: 4 bytes leftover after parsing attributes in process `syz.2.183'. [ 107.612783][ T6577] should_fail_ex+0x414/0x560 [ 107.612817][ T6577] should_failslab+0xa8/0x100 [ 107.612834][ T6577] kmem_cache_alloc_node_noprof+0x77/0x710 [ 107.612856][ T6577] ? __alloc_skb+0x255/0x430 [ 107.612919][ T6577] ? napi_skb_cache_get+0x4a5/0x790 [ 107.612937][ T6577] ? napi_skb_cache_get+0x151/0x790 [ 107.612959][ T6577] __alloc_skb+0x255/0x430 [ 107.612980][ T6577] ? __pfx___alloc_skb+0x10/0x10 [ 107.613004][ T6577] ? __pfx___mutex_lock+0x10/0x10 [ 107.613030][ T6577] ? __local_bh_enable_ip+0x12d/0x1c0 [ 107.613060][ T6577] hci_mgmt_cmd+0x1ca/0xef0 [ 107.613084][ T6577] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 107.613116][ T6577] hci_sock_sendmsg+0x6ca/0xef0 [ 107.613143][ T6577] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 107.613165][ T6577] ? aa_sock_msg_perm+0xf1/0x1d0 [ 107.613196][ T6577] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 107.613214][ T6577] ? __pfx_hci_sock_sendmsg+0x10/0x10 [ 107.613238][ T6577] __sock_sendmsg+0x21c/0x270 [ 107.613269][ T6577] sock_write_iter+0x279/0x360 [ 107.613298][ T6577] ? __pfx_sock_write_iter+0x10/0x10 [ 107.613335][ T6577] ? bpf_lsm_file_permission+0x9/0x20 [ 107.613355][ T6577] ? security_file_permission+0x75/0x290 [ 107.613394][ T6577] vfs_write+0x5c9/0xb30 [ 107.613426][ T6577] ? __pfx_sock_write_iter+0x10/0x10 [ 107.613453][ T6577] ? __pfx_vfs_write+0x10/0x10 [ 107.613490][ T6577] ? __fget_files+0x2a/0x420 [ 107.613519][ T6577] ksys_write+0x145/0x250 [ 107.613548][ T6577] ? __pfx_ksys_write+0x10/0x10 [ 107.613578][ T6577] ? do_syscall_64+0xbe/0xfa0 [ 107.613604][ T6577] do_syscall_64+0xfa/0xfa0 [ 107.613624][ T6577] ? lockdep_hardirqs_on+0x9c/0x150 [ 107.613644][ T6577] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.613663][ T6577] ? clear_bhb_loop+0x60/0xb0 [ 107.613685][ T6577] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.613703][ T6577] RIP: 0033:0x7f3d8c78f749 [ 107.613720][ T6577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.613735][ T6577] RSP: 002b:00007f3d8d6e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 107.613755][ T6577] RAX: ffffffffffffffda RBX: 00007f3d8c9e5fa0 RCX: 00007f3d8c78f749 [ 107.613769][ T6577] RDX: 0000000000000007 RSI: 0000200000000040 RDI: 0000000000000004 [ 107.613780][ T6577] RBP: 00007f3d8d6e3090 R08: 0000000000000000 R09: 0000000000000000 [ 107.613791][ T6577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 107.613802][ T6577] R13: 00007f3d8c9e6038 R14: 00007f3d8c9e5fa0 R15: 00007ffc06dc5138 [ 107.613835][ T6577] [ 108.115084][ T6575] hsr_slave_1 (unregistering): left promiscuous mode [ 108.137400][ T6593] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 108.325468][ T6602] bridge0: port 3(syz_tun) entered blocking state [ 108.332957][ T6602] bridge0: port 3(syz_tun) entered disabled state [ 108.339623][ T6602] syz_tun: entered allmulticast mode [ 108.348398][ T6602] syz_tun: entered promiscuous mode [ 108.354783][ T6602] bridge0: port 3(syz_tun) entered blocking state [ 108.361387][ T6602] bridge0: port 3(syz_tun) entered forwarding state [ 108.391220][ T6603] netlink: 'syz.2.190': attribute type 10 has an invalid length. [ 108.399899][ T6603] bridge0: port 3(syz_tun) entered disabled state [ 108.406616][ T6603] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.414492][ T6603] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.479516][ T6603] bridge0: port 3(syz_tun) entered blocking state [ 108.486482][ T6603] bridge0: port 3(syz_tun) entered forwarding state [ 108.493499][ T6603] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.500806][ T6603] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.508333][ T6603] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.515761][ T6603] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.538669][ T6602] IPVS: set_ctl: invalid protocol: 60 224.0.0.2:20000 [ 108.541425][ T6603] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 108.595250][ T6612] Cannot find del_set index 2 as target [ 108.852549][ T6609] wg1: entered promiscuous mode [ 108.872943][ T6609] wg1: entered allmulticast mode [ 108.910109][ T6608] netlink: 20 bytes leftover after parsing attributes in process `syz.4.192'. [ 109.171943][ T6631] netlink: 'syz.4.198': attribute type 1 has an invalid length. [ 109.200191][ T6631] netlink: 'syz.4.198': attribute type 7 has an invalid length. [ 109.208334][ T6631] netlink: 'syz.4.198': attribute type 8 has an invalid length. [ 109.260410][ T6631] netlink: 208 bytes leftover after parsing attributes in process `syz.4.198'. [ 109.342377][ T6636] netlink: 4 bytes leftover after parsing attributes in process `syz.3.201'. [ 109.640142][ T5832] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 109.720270][ T5832] Bluetooth: hci0: command 0x0c1a tx timeout [ 109.835273][ T6647] netlink: 8 bytes leftover after parsing attributes in process `syz.1.204'. [ 110.088827][ T6630] IPVS: set_ctl: invalid protocol: 8 10.1.1.1:20129 [ 110.113141][ T6630] IPVS: nq: FWM 3 0x00000003 - no destination available [ 110.184100][ T6659] netlink: 'syz.0.206': attribute type 3 has an invalid length. [ 110.194600][ T6659] netlink: 'syz.0.206': attribute type 3 has an invalid length. [ 110.489922][ T6672] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input11 [ 110.864754][ T30] audit: type=1804 audit(1764163531.950:2): pid=6696 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.223" name="/newroot/37/cgroup.controllers" dev="tmpfs" ino=203 res=1 errno=0 [ 110.955260][ T30] audit: type=1800 audit(1764163531.950:3): pid=6696 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.223" name="cgroup.controllers" dev="tmpfs" ino=203 res=0 errno=0 [ 111.374321][ T6722] FAULT_INJECTION: forcing a failure. [ 111.374321][ T6722] name failslab, interval 1, probability 0, space 0, times 0 [ 111.432076][ T6722] CPU: 0 UID: 0 PID: 6722 Comm: syz.1.229 Not tainted syzkaller #0 PREEMPT(full) [ 111.432103][ T6722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 111.432115][ T6722] Call Trace: [ 111.432122][ T6722] [ 111.432130][ T6722] dump_stack_lvl+0x189/0x250 [ 111.432162][ T6722] ? __pfx____ratelimit+0x10/0x10 [ 111.432184][ T6722] ? __pfx_dump_stack_lvl+0x10/0x10 [ 111.432210][ T6722] ? __pfx__printk+0x10/0x10 [ 111.432237][ T6722] ? __pfx___might_resched+0x10/0x10 [ 111.432263][ T6722] should_fail_ex+0x414/0x560 [ 111.432298][ T6722] should_failslab+0xa8/0x100 [ 111.432320][ T6722] __kmalloc_cache_noprof+0x6f/0x6f0 [ 111.432349][ T6722] ? nft_trans_table_add+0x56/0x430 [ 111.432375][ T6722] nft_trans_table_add+0x56/0x430 [ 111.432401][ T6722] nf_tables_newtable+0xce3/0x1890 [ 111.432447][ T6722] nfnetlink_rcv+0x11d9/0x2590 [ 111.432503][ T6722] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 111.432539][ T6722] ? ref_tracker_free+0x63a/0x7d0 [ 111.432587][ T6722] ? __netlink_deliver_tap+0x807/0x850 [ 111.432611][ T6722] ? netlink_deliver_tap+0x2e/0x1b0 [ 111.432666][ T6722] netlink_unicast+0x82f/0x9e0 [ 111.432696][ T6722] ? __pfx_netlink_unicast+0x10/0x10 [ 111.432720][ T6722] ? netlink_sendmsg+0x642/0xb30 [ 111.432741][ T6722] ? skb_put+0x11b/0x210 [ 111.432768][ T6722] netlink_sendmsg+0x805/0xb30 [ 111.432802][ T6722] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.432828][ T6722] ? aa_sock_msg_perm+0xf1/0x1d0 [ 111.432857][ T6722] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 111.432874][ T6722] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.432898][ T6722] __sock_sendmsg+0x21c/0x270 [ 111.432931][ T6722] ____sys_sendmsg+0x505/0x830 [ 111.432960][ T6722] ? __pfx_____sys_sendmsg+0x10/0x10 [ 111.432994][ T6722] ? import_iovec+0x74/0xa0 [ 111.433023][ T6722] ___sys_sendmsg+0x21f/0x2a0 [ 111.433049][ T6722] ? __pfx____sys_sendmsg+0x10/0x10 [ 111.433081][ T6722] ? rcu_read_lock_any_held+0xb3/0x120 [ 111.433119][ T6722] ? sb_end_write+0xe9/0x1c0 [ 111.433155][ T6722] ? __pfx_vfs_write+0x10/0x10 [ 111.433181][ T6722] ? do_sys_openat2+0x154/0x1c0 [ 111.433213][ T6722] __x64_sys_sendmsg+0x19b/0x260 [ 111.433240][ T6722] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 111.433274][ T6722] ? __pfx_ksys_write+0x10/0x10 [ 111.433305][ T6722] ? do_syscall_64+0xbe/0xfa0 [ 111.433332][ T6722] do_syscall_64+0xfa/0xfa0 [ 111.433353][ T6722] ? lockdep_hardirqs_on+0x9c/0x150 [ 111.433375][ T6722] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.433394][ T6722] ? clear_bhb_loop+0x60/0xb0 [ 111.433417][ T6722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.433436][ T6722] RIP: 0033:0x7f3d8c78f749 [ 111.433452][ T6722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.433468][ T6722] RSP: 002b:00007f3d8d6e3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 111.433488][ T6722] RAX: ffffffffffffffda RBX: 00007f3d8c9e5fa0 RCX: 00007f3d8c78f749 [ 111.433506][ T6722] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000006 [ 111.433518][ T6722] RBP: 00007f3d8d6e3090 R08: 0000000000000000 R09: 0000000000000000 [ 111.433530][ T6722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 111.433541][ T6722] R13: 00007f3d8c9e6038 R14: 00007f3d8c9e5fa0 R15: 00007ffc06dc5138 [ 111.433574][ T6722] [ 111.434070][ T6725] netlink: 'syz.0.228': attribute type 13 has an invalid length. [ 111.958028][ T6743] netlink: 40 bytes leftover after parsing attributes in process `syz.4.237'. [ 112.032716][ T6743] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 112.039964][ T6743] IPv6: NLM_F_CREATE should be set when creating new route [ 112.047364][ T6743] IPv6: NLM_F_CREATE should be set when creating new route [ 112.225039][ T6760] netlink: 8 bytes leftover after parsing attributes in process `syz.2.241'. [ 112.240116][ T6760] netlink: 8 bytes leftover after parsing attributes in process `syz.2.241'. [ 112.269518][ T6763] netlink: 12 bytes leftover after parsing attributes in process `syz.3.243'. [ 112.288141][ T6765] netlink: 'syz.4.244': attribute type 10 has an invalid length. [ 112.355854][ T6765] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 112.743783][ T6786] FAULT_INJECTION: forcing a failure. [ 112.743783][ T6786] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 112.769205][ T6786] CPU: 1 UID: 0 PID: 6786 Comm: syz.4.250 Not tainted syzkaller #0 PREEMPT(full) [ 112.769231][ T6786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 112.769243][ T6786] Call Trace: [ 112.769251][ T6786] [ 112.769259][ T6786] dump_stack_lvl+0x189/0x250 [ 112.769290][ T6786] ? __pfx____ratelimit+0x10/0x10 [ 112.769312][ T6786] ? __pfx_dump_stack_lvl+0x10/0x10 [ 112.769336][ T6786] ? __pfx__printk+0x10/0x10 [ 112.769355][ T6786] ? __might_fault+0xb0/0x130 [ 112.769394][ T6786] should_fail_ex+0x414/0x560 [ 112.769428][ T6786] _copy_from_user+0x2d/0xb0 [ 112.769454][ T6786] ___sys_recvmsg+0x12e/0x510 [ 112.769486][ T6786] ? __pfx____sys_recvmsg+0x10/0x10 [ 112.769541][ T6786] ? __might_fault+0xb0/0x130 [ 112.769572][ T6786] do_recvmmsg+0x307/0x770 [ 112.769606][ T6786] ? __pfx_do_recvmmsg+0x10/0x10 [ 112.769644][ T6786] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 112.769687][ T6786] __x64_sys_recvmmsg+0x190/0x240 [ 112.769715][ T6786] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 112.769745][ T6786] ? do_syscall_64+0xbe/0xfa0 [ 112.769771][ T6786] do_syscall_64+0xfa/0xfa0 [ 112.769800][ T6786] ? lockdep_hardirqs_on+0x9c/0x150 [ 112.769822][ T6786] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.769842][ T6786] ? clear_bhb_loop+0x60/0xb0 [ 112.769865][ T6786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.769884][ T6786] RIP: 0033:0x7f610218f749 [ 112.769901][ T6786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 112.769918][ T6786] RSP: 002b:00007f61003f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 112.769939][ T6786] RAX: ffffffffffffffda RBX: 00007f61023e5fa0 RCX: 00007f610218f749 [ 112.769953][ T6786] RDX: 0000000000000f02 RSI: 00002000000004c0 RDI: 0000000000000004 [ 112.769964][ T6786] RBP: 00007f61003f6090 R08: 0000000000000000 R09: 0000000000000000 [ 112.769979][ T6786] R10: 00000000000000f0 R11: 0000000000000246 R12: 0000000000000002 [ 112.769988][ T6786] R13: 00007f61023e6038 R14: 00007f61023e5fa0 R15: 00007ffec316c7b8 [ 112.770016][ T6786] [ 112.799981][ T6790] netlink: 20 bytes leftover after parsing attributes in process `syz.1.252'. [ 113.833545][ T6815] netlink: 'syz.1.260': attribute type 1 has an invalid length. [ 113.869257][ T6815] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 113.883926][ T6815] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 127.322189][ T25] block nbd0: Possible stuck request ffff888024af7000: control (read@0,1024B). Runtime 30 seconds [ 127.334188][ T25] block nbd0: Possible stuck request ffff888024af71c0: control (read@1024,1024B). Runtime 30 seconds [ 127.345390][ T25] block nbd0: Possible stuck request ffff888024af7380: control (read@2048,1024B). Runtime 30 seconds [ 127.356369][ T25] block nbd0: Possible stuck request ffff888024af7540: control (read@3072,1024B). Runtime 30 seconds [ 127.628991][ T5839] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 127.637426][ T5839] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 127.645519][ T5839] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 127.653591][ T5839] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 127.663590][ T5839] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 127.821706][ T6825] chnl_net:caif_netlink_parms(): no params data found [ 127.895170][ T6825] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.902495][ T6825] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.909780][ T6825] bridge_slave_0: entered allmulticast mode [ 127.917472][ T6825] bridge_slave_0: entered promiscuous mode [ 127.926165][ T6825] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.933636][ T6825] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.940946][ T6825] bridge_slave_1: entered allmulticast mode [ 127.948854][ T6825] bridge_slave_1: entered promiscuous mode [ 128.031887][ T6825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 128.062703][ T6825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 128.137425][ T6825] team0: Port device team_slave_0 added [ 128.153598][ T6825] team0: Port device team_slave_1 added [ 128.225955][ T6825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 128.249652][ T6825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 128.300093][ T6825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 128.312843][ T6825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 128.319896][ T6825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 128.346272][ T6825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 128.439697][ T6825] hsr_slave_0: entered promiscuous mode [ 128.443361][ T5832] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 128.459372][ T5832] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 128.469328][ T6825] hsr_slave_1: entered promiscuous mode [ 128.469746][ T5832] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 128.483540][ T5832] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 128.491411][ T5832] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 128.500860][ T6825] debugfs: 'hsr0' already exists in 'hsr' [ 128.508102][ T5839] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 128.518674][ T5839] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 128.534130][ T5839] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 128.544185][ T6825] Cannot create hsr debugfs directory [ 128.553932][ T5839] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 128.564796][ T5839] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 128.854701][ T5839] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 128.863768][ T5839] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 128.873951][ T5839] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 128.883526][ T5839] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 128.892696][ T5839] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 129.351059][ T5844] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 129.361956][ T5844] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 129.372760][ T5844] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 129.382502][ T5844] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 129.392201][ T5844] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 129.431257][ T6835] chnl_net:caif_netlink_parms(): no params data found [ 129.503742][ T6837] chnl_net:caif_netlink_parms(): no params data found [ 129.619298][ T6840] chnl_net:caif_netlink_parms(): no params data found [ 129.706078][ T6835] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.713517][ T6835] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.720777][ T5844] Bluetooth: hci5: command tx timeout [ 129.721682][ T6835] bridge_slave_0: entered allmulticast mode [ 129.735114][ T6835] bridge_slave_0: entered promiscuous mode [ 129.771939][ T6835] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.779112][ T6835] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.786660][ T6835] bridge_slave_1: entered allmulticast mode [ 129.793916][ T6835] bridge_slave_1: entered promiscuous mode [ 129.808584][ T6837] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.815759][ T6837] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.823316][ T6837] bridge_slave_0: entered allmulticast mode [ 129.831750][ T6837] bridge_slave_0: entered promiscuous mode [ 129.870238][ T6837] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.877549][ T6837] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.885607][ T6837] bridge_slave_1: entered allmulticast mode [ 129.893324][ T6837] bridge_slave_1: entered promiscuous mode [ 129.972218][ T6837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 129.988858][ T6835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 130.011634][ T6837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 130.042652][ T6835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 130.052356][ T6840] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.059501][ T6840] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.067430][ T6840] bridge_slave_0: entered allmulticast mode [ 130.074876][ T6840] bridge_slave_0: entered promiscuous mode [ 130.082958][ T6840] bridge0: port 2(bridge_slave_1) entered blocking state [ 130.090362][ T6840] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.097605][ T6840] bridge_slave_1: entered allmulticast mode [ 130.105396][ T6840] bridge_slave_1: entered promiscuous mode [ 130.171893][ T6840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 130.183447][ T6837] team0: Port device team_slave_0 added [ 130.206609][ T6840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 130.217969][ T6837] team0: Port device team_slave_1 added [ 130.226066][ T6835] team0: Port device team_slave_0 added [ 130.271348][ T6835] team0: Port device team_slave_1 added [ 130.342698][ T6840] team0: Port device team_slave_0 added [ 130.356014][ T6837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 130.363415][ T6837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 130.393685][ T6837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 130.422538][ T6840] team0: Port device team_slave_1 added [ 130.429098][ T6835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 130.436690][ T6835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 130.465199][ T6835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 130.477151][ T6837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 130.484442][ T6837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 130.510683][ T6837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 130.530207][ T5844] Bluetooth: hci6: command tx timeout [ 130.536080][ T6849] chnl_net:caif_netlink_parms(): no params data found [ 130.558307][ T6835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 130.565428][ T6835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 130.591640][ T6835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 130.602277][ T5844] Bluetooth: hci7: command tx timeout [ 130.639049][ T6840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 130.647035][ T6840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 130.673298][ T6840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 130.686750][ T6840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 130.694383][ T6840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 130.720511][ T6840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 130.813669][ T6835] hsr_slave_0: entered promiscuous mode [ 130.820406][ T6835] hsr_slave_1: entered promiscuous mode [ 130.826588][ T6835] debugfs: 'hsr0' already exists in 'hsr' [ 130.832881][ T6835] Cannot create hsr debugfs directory [ 130.861620][ T6837] hsr_slave_0: entered promiscuous mode [ 130.868086][ T6837] hsr_slave_1: entered promiscuous mode [ 130.874577][ T6837] debugfs: 'hsr0' already exists in 'hsr' [ 130.880851][ T6837] Cannot create hsr debugfs directory [ 130.920178][ T5844] Bluetooth: hci8: command tx timeout [ 130.973115][ T6840] hsr_slave_0: entered promiscuous mode [ 130.979602][ T6840] hsr_slave_1: entered promiscuous mode [ 130.986183][ T6840] debugfs: 'hsr0' already exists in 'hsr' [ 130.991943][ T6840] Cannot create hsr debugfs directory [ 131.067084][ T6849] bridge0: port 1(bridge_slave_0) entered blocking state [ 131.074507][ T6849] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.082974][ T6849] bridge_slave_0: entered allmulticast mode [ 131.090673][ T6849] bridge_slave_0: entered promiscuous mode [ 131.121134][ T6849] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.128370][ T6849] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.135998][ T6849] bridge_slave_1: entered allmulticast mode [ 131.143234][ T6849] bridge_slave_1: entered promiscuous mode [ 131.225102][ T6849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 131.257311][ T6849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 131.347919][ T6849] team0: Port device team_slave_0 added [ 131.387638][ T6849] team0: Port device team_slave_1 added [ 131.480162][ T5844] Bluetooth: hci9: command tx timeout [ 131.503697][ T6849] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 131.511236][ T6849] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 131.537480][ T6849] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 131.575729][ T6849] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 131.582952][ T6849] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 131.609183][ T6849] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 131.673941][ T6849] hsr_slave_0: entered promiscuous mode [ 131.680631][ T6849] hsr_slave_1: entered promiscuous mode [ 131.686714][ T6849] debugfs: 'hsr0' already exists in 'hsr' [ 131.692595][ T6849] Cannot create hsr debugfs directory [ 131.800672][ T5839] Bluetooth: hci5: command tx timeout [ 132.602151][ T5844] Bluetooth: hci6: command tx timeout [ 132.680287][ T5844] Bluetooth: hci7: command tx timeout [ 133.001608][ T5844] Bluetooth: hci8: command tx timeout [ 133.093089][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.560266][ T5844] Bluetooth: hci9: command tx timeout [ 133.880633][ T5844] Bluetooth: hci5: command tx timeout [ 134.680519][ T5844] Bluetooth: hci6: command tx timeout [ 134.760390][ T5844] Bluetooth: hci7: command tx timeout [ 135.081002][ T5844] Bluetooth: hci8: command tx timeout [ 135.650472][ T5844] Bluetooth: hci9: command tx timeout [ 135.960495][ T5844] Bluetooth: hci5: command tx timeout [ 136.760298][ T5844] Bluetooth: hci6: command tx timeout [ 136.840255][ T5844] Bluetooth: hci7: command tx timeout [ 137.160582][ T5844] Bluetooth: hci8: command tx timeout [ 137.720254][ T5844] Bluetooth: hci9: command tx timeout [ 157.400781][ T25] block nbd0: Possible stuck request ffff888024af7000: control (read@0,1024B). Runtime 60 seconds [ 157.412008][ T25] block nbd0: Possible stuck request ffff888024af71c0: control (read@1024,1024B). Runtime 60 seconds [ 157.423154][ T25] block nbd0: Possible stuck request ffff888024af7380: control (read@2048,1024B). Runtime 60 seconds [ 157.434112][ T25] block nbd0: Possible stuck request ffff888024af7540: control (read@3072,1024B). Runtime 60 seconds [ 159.030741][ T5197] udevd[5197]: worker [5876] /devices/virtual/block/nbd0 is taking a long time [ 187.480804][ T25] block nbd0: Possible stuck request ffff888024af7000: control (read@0,1024B). Runtime 90 seconds [ 187.491590][ T25] block nbd0: Possible stuck request ffff888024af71c0: control (read@1024,1024B). Runtime 90 seconds [ 187.502574][ T25] block nbd0: Possible stuck request ffff888024af7380: control (read@2048,1024B). Runtime 90 seconds [ 187.514040][ T25] block nbd0: Possible stuck request ffff888024af7540: control (read@3072,1024B). Runtime 90 seconds [ 187.703128][ T5839] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 187.712304][ T5839] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 187.722043][ T5839] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 187.731355][ T5839] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 187.739624][ T5839] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 187.887499][ T6876] chnl_net:caif_netlink_parms(): no params data found [ 187.957116][ T6876] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.964554][ T6876] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.972110][ T6876] bridge_slave_0: entered allmulticast mode [ 187.980243][ T6876] bridge_slave_0: entered promiscuous mode [ 187.988358][ T6876] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.996562][ T6876] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.003924][ T6876] bridge_slave_1: entered allmulticast mode [ 188.011665][ T6876] bridge_slave_1: entered promiscuous mode [ 188.056776][ T6876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 188.069939][ T6876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 188.119664][ T6876] team0: Port device team_slave_0 added [ 188.136718][ T6876] team0: Port device team_slave_1 added [ 188.177657][ T6876] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 188.184800][ T6876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 188.212452][ T6876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 188.226708][ T6876] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 188.234333][ T6876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 188.261839][ T6876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 188.334327][ T6876] hsr_slave_0: entered promiscuous mode [ 188.341974][ T6876] hsr_slave_1: entered promiscuous mode [ 188.348570][ T6876] debugfs: 'hsr0' already exists in 'hsr' [ 188.354530][ T6876] Cannot create hsr debugfs directory [ 188.405068][ T5839] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 188.415161][ T5839] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 188.424379][ T5839] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 188.433003][ T5839] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 188.440887][ T5839] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 188.825375][ T6885] chnl_net:caif_netlink_parms(): no params data found [ 188.902668][ T5844] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 188.912728][ T5844] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 188.923681][ T5844] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 188.933661][ T5844] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 188.943385][ T5844] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 188.998435][ T6885] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.007342][ T6885] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.016124][ T6885] bridge_slave_0: entered allmulticast mode [ 189.024309][ T6885] bridge_slave_0: entered promiscuous mode [ 189.065720][ T6885] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.075852][ T6885] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.087031][ T6885] bridge_slave_1: entered allmulticast mode [ 189.102447][ T6885] bridge_slave_1: entered promiscuous mode [ 189.241713][ T6885] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 189.264761][ T6885] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 189.404103][ T6885] team0: Port device team_slave_0 added [ 189.424938][ T6885] team0: Port device team_slave_1 added [ 189.480934][ T5839] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 189.490240][ T5839] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 189.498455][ T5839] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 189.506817][ T5839] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 189.514976][ T5839] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 189.577331][ T6885] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 189.585022][ T6885] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 189.613905][ T6885] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 189.620784][ T5844] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 189.635486][ T5844] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 189.636782][ T6885] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 189.643792][ T5844] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 189.652643][ T6885] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 189.659193][ T5844] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 189.684151][ T6885] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 189.693182][ T5844] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 189.800649][ T5839] Bluetooth: hci10: command tx timeout [ 189.863757][ T6885] hsr_slave_0: entered promiscuous mode [ 189.870632][ T6885] hsr_slave_1: entered promiscuous mode [ 189.876879][ T6885] debugfs: 'hsr0' already exists in 'hsr' [ 189.882901][ T6885] Cannot create hsr debugfs directory [ 189.989699][ T6891] chnl_net:caif_netlink_parms(): no params data found [ 190.195003][ T6891] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.202715][ T6891] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.210535][ T6891] bridge_slave_0: entered allmulticast mode [ 190.218385][ T6891] bridge_slave_0: entered promiscuous mode [ 190.228547][ T6891] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.236018][ T6891] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.244202][ T6891] bridge_slave_1: entered allmulticast mode [ 190.251551][ T6891] bridge_slave_1: entered promiscuous mode [ 190.320919][ T6891] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 190.353538][ T6891] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 190.471218][ T6891] team0: Port device team_slave_0 added [ 190.487843][ T6891] team0: Port device team_slave_1 added [ 190.522449][ T5839] Bluetooth: hci11: command tx timeout [ 190.559780][ T6891] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 190.568092][ T6891] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 190.594345][ T6891] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 190.607098][ T6898] chnl_net:caif_netlink_parms(): no params data found [ 190.618588][ T6901] chnl_net:caif_netlink_parms(): no params data found [ 190.629773][ T6891] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 190.637088][ T6891] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 190.664518][ T6891] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 190.824756][ T6891] hsr_slave_0: entered promiscuous mode [ 190.832041][ T6891] hsr_slave_1: entered promiscuous mode [ 190.838199][ T6891] debugfs: 'hsr0' already exists in 'hsr' [ 190.844862][ T6891] Cannot create hsr debugfs directory [ 190.886811][ T6898] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.894559][ T6898] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.902542][ T6898] bridge_slave_0: entered allmulticast mode [ 190.909718][ T6898] bridge_slave_0: entered promiscuous mode [ 190.952123][ T6898] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.963932][ T6898] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.971392][ T6898] bridge_slave_1: entered allmulticast mode [ 190.978504][ T6898] bridge_slave_1: entered promiscuous mode [ 191.000162][ T5839] Bluetooth: hci12: command tx timeout [ 191.047523][ T6901] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.055072][ T6901] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.064512][ T6901] bridge_slave_0: entered allmulticast mode [ 191.072688][ T6901] bridge_slave_0: entered promiscuous mode [ 191.102438][ T6898] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 191.111925][ T6901] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.119178][ T6901] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.126970][ T6901] bridge_slave_1: entered allmulticast mode [ 191.134187][ T6901] bridge_slave_1: entered promiscuous mode [ 191.170811][ T6898] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.245401][ T6901] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 191.272414][ T6898] team0: Port device team_slave_0 added [ 191.281428][ T6901] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.299150][ T6898] team0: Port device team_slave_1 added [ 191.386558][ T6898] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 191.394038][ T6898] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 191.421960][ T6898] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 191.437066][ T6901] team0: Port device team_slave_0 added [ 191.451479][ T6898] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 191.458454][ T6898] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 191.485614][ T6898] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 191.498753][ T6901] team0: Port device team_slave_1 added [ 191.570426][ T5839] Bluetooth: hci13: command tx timeout [ 191.582022][ T6901] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 191.589008][ T6901] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 191.615185][ T6901] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 191.640251][ T6898] hsr_slave_0: entered promiscuous mode [ 191.646864][ T6898] hsr_slave_1: entered promiscuous mode [ 191.654923][ T6898] debugfs: 'hsr0' already exists in 'hsr' [ 191.661127][ T6898] Cannot create hsr debugfs directory [ 191.667620][ T6901] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 191.674689][ T6901] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 191.701975][ T6901] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 191.801113][ T5839] Bluetooth: hci14: command tx timeout [ 191.813346][ T6901] hsr_slave_0: entered promiscuous mode [ 191.819792][ T6901] hsr_slave_1: entered promiscuous mode [ 191.826837][ T6901] debugfs: 'hsr0' already exists in 'hsr' [ 191.832761][ T6901] Cannot create hsr debugfs directory [ 191.881430][ T5839] Bluetooth: hci10: command tx timeout [ 192.610250][ T5839] Bluetooth: hci11: command tx timeout [ 193.080785][ T5839] Bluetooth: hci12: command tx timeout [ 193.640203][ T5839] Bluetooth: hci13: command tx timeout [ 193.880456][ T5839] Bluetooth: hci14: command tx timeout [ 193.960292][ T5839] Bluetooth: hci10: command tx timeout [ 194.525753][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.680182][ T5839] Bluetooth: hci11: command tx timeout [ 195.160542][ T5839] Bluetooth: hci12: command tx timeout [ 195.720319][ T5839] Bluetooth: hci13: command tx timeout [ 195.960231][ T5839] Bluetooth: hci14: command tx timeout [ 196.040306][ T5839] Bluetooth: hci10: command tx timeout [ 196.760335][ T5839] Bluetooth: hci11: command tx timeout [ 197.240406][ T5839] Bluetooth: hci12: command tx timeout [ 197.800211][ T5839] Bluetooth: hci13: command tx timeout [ 198.040484][ T5839] Bluetooth: hci14: command tx timeout [ 201.723899][ T5835] Bluetooth: hci3: command 0x0406 tx timeout [ 201.730593][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 201.737649][ T5831] Bluetooth: hci2: command 0x0406 tx timeout [ 201.746138][ T5832] Bluetooth: hci1: command 0x0406 tx timeout [ 217.572190][ T25] block nbd0: Possible stuck request ffff888024af7000: control (read@0,1024B). Runtime 120 seconds [ 217.583938][ T25] block nbd0: Possible stuck request ffff888024af71c0: control (read@1024,1024B). Runtime 120 seconds [ 217.596286][ T25] block nbd0: Possible stuck request ffff888024af7380: control (read@2048,1024B). Runtime 120 seconds [ 217.607648][ T25] block nbd0: Possible stuck request ffff888024af7540: control (read@3072,1024B). Runtime 120 seconds [ 237.560192][ T5844] Bluetooth: hci4: command 0x0405 tx timeout [ 247.640597][ T25] block nbd0: Possible stuck request ffff888024af7000: control (read@0,1024B). Runtime 150 seconds [ 247.653631][ T25] block nbd0: Possible stuck request ffff888024af71c0: control (read@1024,1024B). Runtime 150 seconds [ 247.665062][ T25] block nbd0: Possible stuck request ffff888024af7380: control (read@2048,1024B). Runtime 150 seconds [ 247.676505][ T25] block nbd0: Possible stuck request ffff888024af7540: control (read@3072,1024B). Runtime 150 seconds [ 247.817502][ T5844] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 247.825976][ T5844] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 247.834205][ T5844] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 247.843940][ T5844] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 247.854278][ T5844] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 248.003139][ T6928] chnl_net:caif_netlink_parms(): no params data found [ 248.073022][ T6928] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.081884][ T6928] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.089287][ T6928] bridge_slave_0: entered allmulticast mode [ 248.097013][ T6928] bridge_slave_0: entered promiscuous mode [ 248.108189][ T6928] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.115596][ T6928] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.123630][ T6928] bridge_slave_1: entered allmulticast mode [ 248.131795][ T6928] bridge_slave_1: entered promiscuous mode [ 248.179092][ T6928] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 248.192925][ T6928] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 248.240273][ T6928] team0: Port device team_slave_0 added [ 248.249637][ T6928] team0: Port device team_slave_1 added [ 248.291857][ T6928] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 248.298845][ T6928] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 248.326442][ T6928] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 248.339418][ T6928] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 248.347347][ T6928] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 248.374185][ T6928] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 248.441152][ T6928] hsr_slave_0: entered promiscuous mode [ 248.448019][ T6928] hsr_slave_1: entered promiscuous mode [ 248.455850][ T6928] debugfs: 'hsr0' already exists in 'hsr' [ 248.462575][ T6928] Cannot create hsr debugfs directory [ 248.472465][ T5844] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 248.482384][ T5844] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 248.491522][ T5844] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 248.501386][ T5844] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 248.510410][ T5844] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 248.897283][ T6937] chnl_net:caif_netlink_parms(): no params data found [ 248.968791][ T5844] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 248.987892][ T5844] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 248.996161][ T5844] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 249.005542][ T5844] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 249.014533][ T5844] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 249.085960][ T6937] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.093502][ T6937] bridge0: port 1(bridge_slave_0) entered disabled state [ 249.101548][ T6937] bridge_slave_0: entered allmulticast mode [ 249.111334][ T6937] bridge_slave_0: entered promiscuous mode [ 249.120801][ T6937] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.129902][ T6937] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.138203][ T6937] bridge_slave_1: entered allmulticast mode [ 249.146671][ T6937] bridge_slave_1: entered promiscuous mode [ 249.320792][ T6937] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 249.359004][ T6937] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 249.490063][ T6937] team0: Port device team_slave_0 added [ 249.513805][ T6937] team0: Port device team_slave_1 added [ 249.609138][ T5839] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1 [ 249.619780][ T5839] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9 [ 249.628395][ T5839] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9 [ 249.650568][ T5839] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4 [ 249.650898][ T6937] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 249.665649][ T6937] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 249.692019][ T5839] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2 [ 249.692374][ T6937] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 249.714583][ T5832] Bluetooth: hci19: unexpected cc 0x0c03 length: 249 > 1 [ 249.731672][ T5832] Bluetooth: hci19: unexpected cc 0x1003 length: 249 > 9 [ 249.734094][ T6937] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 249.745254][ T5832] Bluetooth: hci19: unexpected cc 0x1001 length: 249 > 9 [ 249.753629][ T6937] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 249.758167][ T5832] Bluetooth: hci19: unexpected cc 0x0c23 length: 249 > 4 [ 249.781936][ T6937] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 249.790885][ T5832] Bluetooth: hci19: unexpected cc 0x0c38 length: 249 > 2 [ 249.877972][ T6937] hsr_slave_0: entered promiscuous mode [ 249.883714][ T5832] Bluetooth: hci15: command tx timeout [ 249.885132][ T6937] hsr_slave_1: entered promiscuous mode [ 249.897009][ T6937] debugfs: 'hsr0' already exists in 'hsr' [ 249.903158][ T6937] Cannot create hsr debugfs directory [ 250.111806][ T6943] chnl_net:caif_netlink_parms(): no params data found [ 250.365721][ T6943] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.373836][ T6943] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.383840][ T6943] bridge_slave_0: entered allmulticast mode [ 250.392316][ T6943] bridge_slave_0: entered promiscuous mode [ 250.401000][ T6943] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.408134][ T6943] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.417159][ T6943] bridge_slave_1: entered allmulticast mode [ 250.424725][ T6943] bridge_slave_1: entered promiscuous mode [ 250.481782][ T6950] chnl_net:caif_netlink_parms(): no params data found [ 250.513715][ T6943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 250.531916][ T6943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 250.601508][ T5832] Bluetooth: hci16: command tx timeout [ 250.605845][ T6943] team0: Port device team_slave_0 added [ 250.646673][ T6943] team0: Port device team_slave_1 added [ 250.725296][ T6943] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 250.732451][ T6943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 250.759057][ T6943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 250.799231][ T6943] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 250.806602][ T6943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 250.833373][ T6943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 250.873344][ T6950] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.880637][ T6950] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.887882][ T6950] bridge_slave_0: entered allmulticast mode [ 250.896057][ T6950] bridge_slave_0: entered promiscuous mode [ 250.914922][ T6950] bridge0: port 2(bridge_slave_1) entered blocking state [ 250.923246][ T6950] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.931147][ T6950] bridge_slave_1: entered allmulticast mode [ 250.938288][ T6950] bridge_slave_1: entered promiscuous mode [ 250.946188][ T6953] chnl_net:caif_netlink_parms(): no params data found [ 251.007861][ T6950] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 251.046311][ T6950] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 251.080452][ T5831] Bluetooth: hci17: command tx timeout [ 251.129129][ T6943] hsr_slave_0: entered promiscuous mode [ 251.136142][ T6943] hsr_slave_1: entered promiscuous mode [ 251.143003][ T6943] debugfs: 'hsr0' already exists in 'hsr' [ 251.148745][ T6943] Cannot create hsr debugfs directory [ 251.200460][ T6950] team0: Port device team_slave_0 added [ 251.242732][ T6950] team0: Port device team_slave_1 added [ 251.263406][ T6953] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.271011][ T6953] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.279214][ T6953] bridge_slave_0: entered allmulticast mode [ 251.288595][ T6953] bridge_slave_0: entered promiscuous mode [ 251.334305][ T6953] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.341667][ T6953] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.348949][ T6953] bridge_slave_1: entered allmulticast mode [ 251.356503][ T6953] bridge_slave_1: entered promiscuous mode [ 251.373783][ T6950] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 251.382066][ T6950] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 251.408414][ T6950] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 251.457617][ T6950] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 251.465035][ T6950] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 251.493694][ T6950] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 251.537839][ T6953] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 251.573822][ T6953] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 251.597166][ T6950] hsr_slave_0: entered promiscuous mode [ 251.604533][ T6950] hsr_slave_1: entered promiscuous mode [ 251.610979][ T6950] debugfs: 'hsr0' already exists in 'hsr' [ 251.616718][ T6950] Cannot create hsr debugfs directory [ 251.678151][ T6953] team0: Port device team_slave_0 added [ 251.687889][ T6953] team0: Port device team_slave_1 added [ 251.778770][ T6953] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 251.786742][ T6953] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 251.813938][ T5831] Bluetooth: hci18: command tx timeout [ 251.819793][ T6953] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 251.845285][ T6953] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 251.852568][ T6953] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 251.879196][ T6953] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 251.890484][ T5831] Bluetooth: hci19: command tx timeout [ 251.960662][ T5831] Bluetooth: hci15: command tx timeout [ 252.003971][ T6953] hsr_slave_0: entered promiscuous mode [ 252.011211][ T6953] hsr_slave_1: entered promiscuous mode [ 252.017830][ T6953] debugfs: 'hsr0' already exists in 'hsr' [ 252.023681][ T6953] Cannot create hsr debugfs directory [ 252.691881][ T5831] Bluetooth: hci16: command tx timeout [ 252.920263][ T5843] Bluetooth: hci8: command 0x0406 tx timeout [ 252.924839][ T5831] Bluetooth: hci6: command 0x0406 tx timeout [ 252.930813][ T5843] Bluetooth: hci9: command 0x0406 tx timeout [ 252.933025][ T52] Bluetooth: hci5: command 0x0406 tx timeout [ 252.938615][ T5843] Bluetooth: hci7: command 0x0406 tx timeout [ 253.160377][ T5832] Bluetooth: hci17: command tx timeout [ 253.880424][ T5832] Bluetooth: hci18: command tx timeout [ 253.960256][ T5832] Bluetooth: hci19: command tx timeout [ 254.040527][ T5832] Bluetooth: hci15: command tx timeout [ 254.760621][ T5832] Bluetooth: hci16: command tx timeout [ 255.240304][ T5832] Bluetooth: hci17: command tx timeout [ 255.964536][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.971013][ T5832] Bluetooth: hci18: command tx timeout [ 256.040285][ T5832] Bluetooth: hci19: command tx timeout [ 256.120595][ T5832] Bluetooth: hci15: command tx timeout [ 256.600702][ T31] INFO: task syz.0.247:6784 blocked for more than 143 seconds. [ 256.608309][ T31] Not tainted syzkaller #0 [ 256.613430][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 256.622236][ T31] task:syz.0.247 state:D stack:26024 pid:6784 tgid:6773 ppid:5826 task_flags:0x480140 flags:0x00080002 [ 256.634421][ T31] Call Trace: [ 256.637720][ T31] [ 256.640733][ T31] __schedule+0x1798/0x4cc0 [ 256.645296][ T31] ? __lock_acquire+0xab9/0xd20 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 256.650262][ T31] ? __lock_acquire+0xab9/0xd20 [ 256.655128][ T31] ? __pfx___schedule+0x10/0x10 [ 256.660342][ T31] ? schedule+0x91/0x360 [ 256.665482][ T31] schedule+0x165/0x360 [ 256.669684][ T31] blk_mq_freeze_queue_wait+0xf4/0x170 [ 256.675328][ T31] ? __pfx_blk_mq_freeze_queue_wait+0x10/0x10 [ 256.682363][ T31] ? __pfx_autoremove_wake_function+0x10/0x10 [ 256.720139][ T31] ? percpu_ref_kill_and_confirm+0xa3/0x130 [ 256.726141][ T31] queue_limits_commit_update_frozen+0x5d/0x3e0 [ 256.756505][ T31] nbd_set_size+0x47e/0x6a0 [ 256.762232][ T31] ? __pfx_nbd_set_size+0x10/0x10 [ 256.767332][ T31] ? nla_memcpy+0x5b/0xc0 [ 256.775159][ T31] nbd_genl_size_set+0x2eb/0x3c0 [ 256.780274][ T31] ? __pfx_nbd_genl_size_set+0x10/0x10 [ 256.785756][ T31] ? __pfx_nbd_get_config_unlocked+0x10/0x10 [ 256.791849][ T31] ? bpf_lsm_capable+0x9/0x20 [ 256.796553][ T31] ? security_capable+0x7e/0x2e0 [ 256.802384][ T31] ? radix_tree_lookup+0x240/0x290 [ 256.807583][ T31] nbd_genl_reconfigure+0x414/0x1a50 [ 256.813076][ T31] ? __pfx_nbd_genl_reconfigure+0x10/0x10 [ 256.818905][ T31] ? rcu_is_watching+0x15/0xb0 [ 256.823936][ T31] ? __nla_parse+0x40/0x60 [ 256.828375][ T31] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 256.835184][ T31] genl_family_rcv_msg_doit+0x215/0x300 [ 256.841197][ T5832] Bluetooth: hci16: command tx timeout [ 256.846838][ T31] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 256.853051][ T31] ? __pfx_stack_trace_save+0x10/0x10 [ 256.858461][ T31] genl_rcv_msg+0x60e/0x790 [ 256.863155][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 256.868219][ T31] ? __pfx_nbd_genl_reconfigure+0x10/0x10 [ 256.874082][ T31] netlink_rcv_skb+0x208/0x470 [ 256.878879][ T31] ? __lock_acquire+0xab9/0xd20 [ 256.884424][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 256.889489][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 256.894906][ T31] ? down_read+0x1ad/0x2e0 [ 256.899434][ T31] genl_rcv+0x28/0x40 [ 256.903539][ T31] netlink_unicast+0x82f/0x9e0 [ 256.908825][ T31] ? __pfx_netlink_unicast+0x10/0x10 [ 256.914240][ T31] ? ns_capable+0x8a/0xf0 [ 256.918581][ T31] ? netlink_sendmsg+0x642/0xb30 [ 256.924178][ T31] netlink_sendmsg+0x805/0xb30 [ 256.929159][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 256.934678][ T31] ? __lock_acquire+0xab9/0xd20 [ 256.939899][ T31] ? aa_sock_msg_perm+0xf1/0x1d0 [ 256.945132][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 256.950611][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 256.955940][ T31] __sock_sendmsg+0x21c/0x270 [ 256.960788][ T31] ____sys_sendmsg+0x505/0x830 [ 256.965586][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 256.971066][ T31] ? import_iovec+0x74/0xa0 [ 256.975677][ T31] ___sys_sendmsg+0x21f/0x2a0 [ 256.980856][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 256.986096][ T31] ? __fget_files+0x2a/0x420 [ 256.991044][ T31] ? __fget_files+0x3a0/0x420 [ 256.995762][ T31] __x64_sys_sendmsg+0x19b/0x260 [ 257.001259][ T31] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 257.007510][ T31] ? do_syscall_64+0xbe/0xfa0 [ 257.013345][ T31] do_syscall_64+0xfa/0xfa0 [ 257.018071][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 257.023471][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.029933][ T31] ? clear_bhb_loop+0x60/0xb0 [ 257.034865][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.040868][ T31] RIP: 0033:0x7f65e4f8f749 [ 257.045364][ T31] RSP: 002b:00007f65e31d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 257.054019][ T31] RAX: ffffffffffffffda RBX: 00007f65e51e6180 RCX: 00007f65e4f8f749 [ 257.062110][ T31] RDX: 0000000020004000 RSI: 0000200000003800 RDI: 0000000000000004 [ 257.070261][ T31] RBP: 00007f65e5013f91 R08: 0000000000000000 R09: 0000000000000000 [ 257.078469][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 257.086524][ T31] R13: 00007f65e51e6218 R14: 00007f65e51e6180 R15: 00007ffcc55ac748 [ 257.094624][ T31] [ 257.097684][ T31] INFO: task syz.2.251:6788 blocked for more than 143 seconds. [ 257.105551][ T31] Not tainted syzkaller #0 [ 257.112216][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 257.121232][ T31] task:syz.2.251 state:D stack:27208 pid:6788 tgid:6787 ppid:5825 task_flags:0x400140 flags:0x00080002 [ 257.133269][ T31] Call Trace: [ 257.136568][ T31] [ 257.139643][ T31] __schedule+0x1798/0x4cc0 [ 257.144519][ T31] ? __lock_acquire+0xab9/0xd20 [ 257.149435][ T31] ? __lock_acquire+0xab9/0xd20 [ 257.154545][ T31] ? __pfx___schedule+0x10/0x10 [ 257.159439][ T31] ? schedule+0x91/0x360 [ 257.164095][ T31] schedule+0x165/0x360 [ 257.168277][ T31] schedule_preempt_disabled+0x13/0x30 [ 257.173821][ T31] __mutex_lock+0x7e6/0x1350 [ 257.178438][ T31] ? __mutex_lock+0x5bb/0x1350 [ 257.183246][ T31] ? genl_rcv_msg+0x10d/0x790 [ 257.187945][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 257.193023][ T31] ? radix_tree_lookup+0x240/0x290 [ 257.198160][ T31] genl_rcv_msg+0x10d/0x790 [ 257.202744][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 257.207788][ T31] ? ref_tracker_free+0x63a/0x7d0 [ 257.213714][ T31] ? __asan_memcpy+0x40/0x70 [ 257.218346][ T31] ? __pfx_ref_tracker_free+0x10/0x10 [ 257.223857][ T31] netlink_rcv_skb+0x208/0x470 [ 257.228660][ T31] ? __lock_acquire+0xab9/0xd20 [ 257.233838][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 257.238898][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 257.244713][ T31] ? down_read+0x1ad/0x2e0 [ 257.249133][ T31] genl_rcv+0x28/0x40 [ 257.253273][ T31] netlink_unicast+0x82f/0x9e0 [ 257.258050][ T31] ? __pfx_netlink_unicast+0x10/0x10 [ 257.263398][ T31] ? netlink_sendmsg+0x642/0xb30 [ 257.268372][ T31] ? skb_put+0x11b/0x210 [ 257.272719][ T31] netlink_sendmsg+0x805/0xb30 [ 257.277625][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 257.283084][ T31] ? aa_sock_msg_perm+0xf1/0x1d0 [ 257.288061][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 257.293530][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 257.298838][ T31] __sock_sendmsg+0x21c/0x270 [ 257.303586][ T31] __sys_sendto+0x3bd/0x520 [ 257.308120][ T31] ? __pfx___sys_sendto+0x10/0x10 [ 257.313199][ T31] ? count_memcg_event_mm+0x21/0x260 [ 257.319304][ T31] ? exc_page_fault+0x82/0x100 [ 257.321626][ T5832] Bluetooth: hci17: command tx timeout [ 257.324278][ T31] ? do_user_addr_fault+0xc85/0x1380 [ 257.334900][ T31] __x64_sys_sendto+0xde/0x100 [ 257.339708][ T31] do_syscall_64+0xfa/0xfa0 [ 257.344428][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 257.349648][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.355774][ T31] ? clear_bhb_loop+0x60/0xb0 [ 257.360575][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.366475][ T31] RIP: 0033:0x7f0d39f915dc [ 257.371080][ T31] RSP: 002b:00007f0d3ad9eec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 257.379534][ T31] RAX: ffffffffffffffda RBX: 00007f0d3ad9efc0 RCX: 00007f0d39f915dc [ 257.387569][ T31] RDX: 0000000000000020 RSI: 00007f0d3ad9f010 RDI: 0000000000000008 [ 257.395615][ T31] RBP: 0000000000000000 R08: 00007f0d3ad9ef14 R09: 000000000000000c [ 257.404071][ T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000008 [ 257.412214][ T31] R13: 00007f0d3ad9ef68 R14: 00007f0d3ad9f010 R15: 0000000000000000 [ 257.421007][ T31] [ 257.424060][ T31] INFO: task syz.2.251:6793 blocked for more than 144 seconds. [ 257.435641][ T31] Not tainted syzkaller #0 [ 257.440769][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 257.449711][ T31] task:syz.2.251 state:D stack:28296 pid:6793 tgid:6787 ppid:5825 task_flags:0x400140 flags:0x00080002 [ 257.461821][ T31] Call Trace: [ 257.465161][ T31] [ 257.468094][ T31] __schedule+0x1798/0x4cc0 [ 257.472699][ T31] ? __lock_acquire+0xab9/0xd20 [ 257.478121][ T31] ? __lock_acquire+0xab9/0xd20 [ 257.483417][ T31] ? __pfx___schedule+0x10/0x10 [ 257.488337][ T31] ? schedule+0x91/0x360 [ 257.492764][ T31] schedule+0x165/0x360 [ 257.496986][ T31] schedule_preempt_disabled+0x13/0x30 [ 257.502876][ T31] __mutex_lock+0x7e6/0x1350 [ 257.507508][ T31] ? __mutex_lock+0x5bb/0x1350 [ 257.512423][ T31] ? genl_rcv_msg+0x10d/0x790 [ 257.517130][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 257.523201][ T31] ? stack_trace_save+0x9c/0xe0 [ 257.528121][ T31] ? stack_trace_save+0x9c/0xe0 [ 257.533125][ T31] ? radix_tree_lookup+0x240/0x290 [ 257.538270][ T31] genl_rcv_msg+0x10d/0x790 [ 257.543141][ T31] ? __lock_acquire+0xab9/0xd20 [ 257.548019][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 257.553752][ T31] netlink_rcv_skb+0x208/0x470 [ 257.558549][ T31] ? __lock_acquire+0xab9/0xd20 [ 257.563718][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 257.568765][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 257.574302][ T31] ? down_read+0x1ad/0x2e0 [ 257.578829][ T31] genl_rcv+0x28/0x40 [ 257.583061][ T31] netlink_unicast+0x82f/0x9e0 [ 257.587847][ T31] ? __pfx_netlink_unicast+0x10/0x10 [ 257.593343][ T31] ? netlink_sendmsg+0x642/0xb30 [ 257.598304][ T31] ? skb_put+0x11b/0x210 [ 257.602712][ T31] netlink_sendmsg+0x805/0xb30 [ 257.607500][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 257.613420][ T31] ? aa_sock_msg_perm+0xf1/0x1d0 [ 257.618434][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 257.624698][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 257.630262][ T31] __sock_sendmsg+0x21c/0x270 [ 257.635036][ T31] __sys_sendto+0x3bd/0x520 [ 257.639578][ T31] ? __pfx___sys_sendto+0x10/0x10 [ 257.644912][ T31] ? count_memcg_event_mm+0x21/0x260 [ 257.650710][ T31] ? exc_page_fault+0x82/0x100 [ 257.655543][ T31] ? do_user_addr_fault+0xc85/0x1380 [ 257.661293][ T31] __x64_sys_sendto+0xde/0x100 [ 257.666088][ T31] do_syscall_64+0xfa/0xfa0 [ 257.671307][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 257.676617][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.682918][ T31] ? clear_bhb_loop+0x60/0xb0 [ 257.687620][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.693629][ T31] RIP: 0033:0x7f0d39f915dc [ 257.698053][ T31] RSP: 002b:00007f0d3ad5cec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 257.706702][ T31] RAX: ffffffffffffffda RBX: 00007f0d3ad5cfc0 RCX: 00007f0d39f915dc [ 257.714810][ T31] RDX: 0000000000000024 RSI: 00007f0d3ad5d010 RDI: 000000000000000a [ 257.724528][ T31] RBP: 0000000000000000 R08: 00007f0d3ad5cf14 R09: 000000000000000c [ 257.732600][ T31] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000000a [ 257.740734][ T31] R13: 00007f0d3ad5cf68 R14: 00007f0d3ad5d010 R15: 0000000000000000 [ 257.748745][ T31] [ 257.751909][ T31] INFO: task syz.3.253:6797 blocked for more than 144 seconds. [ 257.759561][ T31] Not tainted syzkaller #0 [ 257.765033][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 257.773882][ T31] task:syz.3.253 state:D stack:28456 pid:6797 tgid:6791 ppid:5830 task_flags:0x400040 flags:0x00080002 [ 257.786003][ T31] Call Trace: [ 257.789315][ T31] [ 257.792337][ T31] __schedule+0x1798/0x4cc0 [ 257.796860][ T31] ? __lock_acquire+0xab9/0xd20 [ 257.802019][ T31] ? __lock_acquire+0xab9/0xd20 [ 257.806886][ T31] ? __pfx___schedule+0x10/0x10 [ 257.811971][ T31] ? schedule+0x91/0x360 [ 257.816231][ T31] schedule+0x165/0x360 [ 257.820482][ T31] schedule_preempt_disabled+0x13/0x30 [ 257.826672][ T31] __mutex_lock+0x7e6/0x1350 [ 257.831466][ T31] ? __mutex_lock+0x5bb/0x1350 [ 257.836252][ T31] ? genl_rcv_msg+0x10d/0x790 [ 257.841044][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 257.846091][ T31] ? radix_tree_lookup+0x240/0x290 [ 257.851347][ T31] genl_rcv_msg+0x10d/0x790 [ 257.855882][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 257.860976][ T31] ? ref_tracker_free+0x63a/0x7d0 [ 257.866013][ T31] ? __asan_memcpy+0x40/0x70 [ 257.870933][ T31] ? __pfx_ref_tracker_free+0x10/0x10 [ 257.876428][ T31] netlink_rcv_skb+0x208/0x470 [ 257.881344][ T31] ? __lock_acquire+0xab9/0xd20 [ 257.886248][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 257.891608][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 257.896945][ T31] ? down_read+0x1ad/0x2e0 [ 257.901674][ T31] genl_rcv+0x28/0x40 [ 257.905692][ T31] netlink_unicast+0x82f/0x9e0 [ 257.910520][ T31] ? __pfx_netlink_unicast+0x10/0x10 [ 257.915826][ T31] ? netlink_sendmsg+0x642/0xb30 [ 257.920824][ T31] ? skb_put+0x11b/0x210 [ 257.925164][ T31] netlink_sendmsg+0x805/0xb30 [ 257.930981][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 257.936316][ T31] ? aa_sock_msg_perm+0xf1/0x1d0 [ 257.941697][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 257.947004][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 257.952436][ T31] __sock_sendmsg+0x21c/0x270 [ 257.957143][ T31] __sys_sendto+0x3bd/0x520 [ 257.961974][ T31] ? __pfx___sys_sendto+0x10/0x10 [ 257.967069][ T31] ? count_memcg_event_mm+0x21/0x260 [ 257.972478][ T31] ? exc_page_fault+0x82/0x100 [ 257.977360][ T31] ? do_user_addr_fault+0xc85/0x1380 [ 257.982796][ T31] __x64_sys_sendto+0xde/0x100 [ 257.987576][ T31] do_syscall_64+0xfa/0xfa0 [ 257.992142][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 257.997345][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.003494][ T31] ? clear_bhb_loop+0x60/0xb0 [ 258.008182][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.014253][ T31] RIP: 0033:0x7f0c28b915dc [ 258.018677][ T31] RSP: 002b:00007f0c299a6ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 258.027262][ T31] RAX: ffffffffffffffda RBX: 00007f0c299a6fc0 RCX: 00007f0c28b915dc [ 258.036293][ T31] RDX: 0000000000000020 RSI: 00007f0c299a7010 RDI: 0000000000000004 [ 258.040251][ T5832] Bluetooth: hci18: command tx timeout [ 258.044564][ T31] RBP: 0000000000000000 R08: 00007f0c299a6f14 R09: 000000000000000c [ 258.057775][ T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004 [ 258.066013][ T31] R13: 00007f0c299a6f68 R14: 00007f0c299a7010 R15: 0000000000000000 [ 258.074148][ T31] [ 258.077564][ T31] INFO: task syz.4.255:6808 blocked for more than 144 seconds. [ 258.085760][ T31] Not tainted syzkaller #0 [ 258.090878][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 258.099648][ T31] task:syz.4.255 state:D stack:24760 pid:6808 tgid:6800 ppid:5836 task_flags:0x400040 flags:0x00080002 [ 258.111688][ T31] Call Trace: [ 258.115342][ T31] [ 258.118285][ T31] __schedule+0x1798/0x4cc0 [ 258.120440][ T5832] Bluetooth: hci19: command tx timeout [ 258.123112][ T31] ? __lock_acquire+0xab9/0xd20 [ 258.134609][ T31] ? __lock_acquire+0xab9/0xd20 [ 258.139514][ T31] ? __pfx___schedule+0x10/0x10 [ 258.144493][ T31] ? schedule+0x91/0x360 [ 258.148756][ T31] schedule+0x165/0x360 [ 258.152991][ T31] schedule_preempt_disabled+0x13/0x30 [ 258.158485][ T31] __mutex_lock+0x7e6/0x1350 [ 258.163189][ T31] ? __mutex_lock+0x5bb/0x1350 [ 258.167975][ T31] ? genl_rcv_msg+0x10d/0x790 [ 258.172713][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 258.177778][ T31] ? radix_tree_lookup+0x240/0x290 [ 258.183104][ T31] genl_rcv_msg+0x10d/0x790 [ 258.187722][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 258.192841][ T31] ? ref_tracker_free+0x63a/0x7d0 [ 258.197899][ T31] ? __asan_memcpy+0x40/0x70 [ 258.202612][ T31] ? __pfx_ref_tracker_free+0x10/0x10 [ 258.208008][ T31] netlink_rcv_skb+0x208/0x470 [ 258.212823][ T31] ? __lock_acquire+0xab9/0xd20 [ 258.217683][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 258.222964][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 258.228295][ T31] ? down_read+0x1ad/0x2e0 [ 258.232875][ T31] genl_rcv+0x28/0x40 [ 258.237834][ T31] netlink_unicast+0x82f/0x9e0 [ 258.243259][ T31] ? __pfx_netlink_unicast+0x10/0x10 [ 258.248765][ T31] ? netlink_sendmsg+0x642/0xb30 [ 258.254020][ T31] ? skb_put+0x11b/0x210 [ 258.258296][ T31] netlink_sendmsg+0x805/0xb30 [ 258.263204][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 258.268536][ T31] ? aa_sock_msg_perm+0xf1/0x1d0 [ 258.273547][ T31] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 258.278928][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 258.284434][ T31] __sock_sendmsg+0x21c/0x270 [ 258.289154][ T31] __sys_sendto+0x3bd/0x520 [ 258.293695][ T31] ? __pfx___sys_sendto+0x10/0x10 [ 258.298748][ T31] ? rcu_is_watching+0x15/0xb0 [ 258.303610][ T31] __x64_sys_sendto+0xde/0x100 [ 258.308388][ T31] do_syscall_64+0xfa/0xfa0 [ 258.313048][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 258.318285][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.324452][ T31] ? clear_bhb_loop+0x60/0xb0 [ 258.329149][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.335181][ T31] RIP: 0033:0x7f61021915dc [ 258.340476][ T31] RSP: 002b:00007f61003b2ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 258.348923][ T31] RAX: ffffffffffffffda RBX: 00007f61003b2fc0 RCX: 00007f61021915dc [ 258.357152][ T31] RDX: 0000000000000020 RSI: 00007f61003b3010 RDI: 000000000000000c [ 258.365245][ T31] RBP: 0000000000000000 R08: 00007f61003b2f14 R09: 000000000000000c [ 258.373367][ T31] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000000c [ 258.381496][ T31] R13: 00007f61003b2f68 R14: 00007f61003b3010 R15: 0000000000000000 [ 258.389507][ T31] [ 258.392684][ T31] [ 258.392684][ T31] Showing all locks held in the system: [ 258.400444][ T31] 2 locks held by kworker/u8:1/13: [ 258.405581][ T31] #0: ffff8880b893a218 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 258.415570][ T31] #1: ffff8880b8924048 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 [ 258.424591][ T31] 1 lock held by khungtaskd/31: [ 258.429438][ T31] #0: ffffffff8df3d6e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 258.439330][ T31] 1 lock held by klogd/5186: [ 258.445102][ T31] #0: ffff8880b893a218 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 258.455436][ T31] 2 locks held by getty/5584: [ 258.460272][ T31] #0: ffff88803320c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 258.470154][ T31] #1: ffffc900036be2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 258.480413][ T31] 1 lock held by udevd/5876: [ 258.484989][ T31] #0: ffff8881437e2358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 [ 258.494265][ T31] 6 locks held by syz.0.247/6784: [ 258.499307][ T31] #0: ffffffff8f332670 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 258.507627][ T31] #1: ffffffff8f332488 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 258.516683][ T31] #2: ffff8880249f9270 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_genl_reconfigure+0x375/0x1a50 [ 258.527734][ T31] #3: ffff8881437cb818 (&q->limits_lock){+.+.}-{4:4}, at: nbd_set_size+0x292/0x6a0 [ 258.538387][ T31] #4: ffff8881437cb1b8 (&q->q_usage_counter(io)#49){++++}-{0:0}, at: queue_limits_commit_update_frozen+0x5d/0x3e0 [ 258.551719][ T31] #5: ffff8881437cb1f0 (&q->q_usage_counter(queue)#33){+.+.}-{0:0}, at: queue_limits_commit_update_frozen+0x5d/0x3e0 [ 258.564196][ T31] 2 locks held by syz.2.251/6788: [ 258.569233][ T31] #0: ffffffff8f332670 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 258.577639][ T31] #1: ffffffff8f332488 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 258.586750][ T31] 2 locks held by syz.2.251/6793: [ 258.591915][ T31] #0: ffffffff8f332670 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 258.600326][ T31] #1: ffffffff8f332488 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 258.609446][ T31] 2 locks held by syz.3.253/6797: [ 258.614556][ T31] #0: ffffffff8f332670 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 258.622821][ T31] #1: ffffffff8f332488 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 258.631817][ T31] 2 locks held by syz.4.255/6808: [ 258.636842][ T31] #0: ffffffff8f332670 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 258.646321][ T31] #1: ffffffff8f332488 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 258.655393][ T31] 2 locks held by syz.1.260/6817: [ 258.661432][ T31] #0: ffffffff8f332670 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 258.669843][ T31] #1: ffffffff8f332488 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 258.678908][ T31] 2 locks held by syz-executor/6825: [ 258.684489][ T31] #0: ffffffff8f332670 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 258.692992][ T31] #1: ffffffff8f332488 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 258.702063][ T31] 2 locks held by syz-executor/6835: [ 258.707346][ T31] #0: ffffffff8f332670 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 258.715609][ T31] #1: ffffffff8f332488 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 258.724653][ T31] 2 locks held by syz-executor/6837: [ 258.729925][ T31] #0: ffffffff8f332670 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 258.738192][ T31] #1: ffffffff8f332488 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 258.748221][ T31] 2 locks held by syz-executor/6840: [ 258.753627][ T31] #0: ffffffff8f332670 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 258.762583][ T31] #1: ffffffff8f332488 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 258.771664][ T31] 2 locks held by syz-executor/6849: [ 258.776966][ T31] #0: ffffffff8f332670 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 258.785480][ T31] #1: ffffffff8f332488 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 258.794597][ T31] 2 locks held by syz-executor/6876: [ 258.799867][ T31] #0: ffffffff8f332670 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 258.808137][ T31] #1: ffffffff8f332488 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 258.817201][ T31] 2 locks held by syz-executor/6885: [ 258.822714][ T31] #0: ffffffff8f332670 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 258.831004][ T31] #1: ffffffff8f332488 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 258.843333][ T31] 2 locks held by syz-executor/6891: [ 258.848648][ T31] #0: ffffffff8f332670 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 258.857410][ T31] #1: ffffffff8f332488 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 258.866520][ T31] 2 locks held by syz-executor/6898: [ 258.871931][ T31] #0: ffffffff8f332670 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 258.880403][ T31] #1: ffffffff8f332488 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 258.889428][ T31] 2 locks held by syz-executor/6901: [ 258.894853][ T31] #0: ffffffff8f332670 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 258.903191][ T31] #1: ffffffff8f332488 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 258.912252][ T31] 2 locks held by syz-executor/6928: [ 258.917976][ T31] #0: ffffffff8f332670 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 258.926273][ T31] #1: ffffffff8f332488 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 258.935351][ T31] 2 locks held by syz-executor/6937: [ 258.940706][ T31] #0: ffffffff8f332670 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 258.948957][ T31] #1: ffffffff8f332488 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 258.958949][ T31] 2 locks held by syz-executor/6943: [ 258.964329][ T31] #0: ffffffff8f332670 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 258.972576][ T31] #1: ffffffff8f332488 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 258.981700][ T31] 2 locks held by syz-executor/6950: [ 258.987052][ T31] #0: ffffffff8f332670 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 258.995553][ T31] #1: ffffffff8f332488 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 259.005113][ T31] 2 locks held by syz-executor/6953: [ 259.010691][ T31] #0: ffffffff8f332670 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 259.019023][ T31] #1: ffffffff8f332488 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10d/0x790 [ 259.028291][ T31] [ 259.030928][ T31] ============================================= [ 259.030928][ T31] [ 259.039441][ T31] NMI backtrace for cpu 0 [ 259.039459][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 259.039472][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 259.039479][ T31] Call Trace: [ 259.039486][ T31] [ 259.039491][ T31] dump_stack_lvl+0x189/0x250 [ 259.039511][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 259.039525][ T31] ? __pfx__printk+0x10/0x10 [ 259.039541][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 259.039559][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 259.039574][ T31] ? __pfx__printk+0x10/0x10 [ 259.039586][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 259.039604][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 259.039620][ T31] watchdog+0xf60/0xfa0 [ 259.039633][ T31] ? watchdog+0x1e2/0xfa0 [ 259.039646][ T31] kthread+0x711/0x8a0 [ 259.039661][ T31] ? __pfx_watchdog+0x10/0x10 [ 259.039670][ T31] ? __pfx_kthread+0x10/0x10 [ 259.039684][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 259.039695][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 259.039706][ T31] ? __pfx_kthread+0x10/0x10 [ 259.039719][ T31] ret_from_fork+0x4bc/0x870 [ 259.039731][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 259.039745][ T31] ? __switch_to_asm+0x39/0x70 [ 259.039753][ T31] ? __switch_to_asm+0x33/0x70 [ 259.039760][ T31] ? __pfx_kthread+0x10/0x10 [ 259.039774][ T31] ret_from_fork_asm+0x1a/0x30 [ 259.039791][ T31] [ 259.039795][ T31] Sending NMI from CPU 0 to CPUs 1: [ 259.188386][ C1] NMI backtrace for cpu 1 [ 259.188419][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) [ 259.188437][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 259.188448][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 259.188473][ C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 93 91 20 00 f3 0f 1e fa fb f4 c8 e6 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 259.188488][ C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6 [ 259.188503][ C1] RAX: 49473f7b86f40300 RBX: ffffffff81967b47 RCX: 49473f7b86f40300 [ 259.188517][ C1] RDX: 0000000000000001 RSI: ffffffff8d711843 RDI: ffffffff8bbf08e0 [ 259.188528][ C1] RBP: ffffc90000197f10 R08: ffff8880b8932fdb R09: 1ffff110171265fb [ 259.188541][ C1] R10: dffffc0000000000 R11: ffffed10171265fc R12: ffffffff8f7d0470 [ 259.188554][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110039d3b58 [ 259.188564][ C1] FS: 0000000000000000(0000) GS:ffff888126235000(0000) knlGS:0000000000000000 [ 259.188578][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 259.188590][ C1] CR2: 000056081f3305e0 CR3: 000000007ad5c000 CR4: 00000000003526f0 [ 259.188605][ C1] Call Trace: [ 259.188614][ C1] [ 259.188621][ C1] default_idle+0x13/0x20 [ 259.188643][ C1] default_idle_call+0x73/0xb0 [ 259.188665][ C1] do_idle+0x1e7/0x510 [ 259.188686][ C1] ? __pfx_do_idle+0x10/0x10 [ 259.188711][ C1] cpu_startup_entry+0x44/0x60 [ 259.188728][ C1] start_secondary+0x101/0x110 [ 259.188753][ C1] common_startup_64+0x13e/0x147 [ 259.188782][ C1]