last executing test programs: 1.954453224s ago: executing program 0 (id=1385): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x84}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0xa7f10723c5e5444d}}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.910354318s ago: executing program 3 (id=1387): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000300)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x1, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r1}, 0x38) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r1, 0x0, 0x11000000}, 0x38) 1.544569496s ago: executing program 1 (id=1388): r0 = socket$inet6(0xa, 0x80002, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000100)={'syztnl1\x00', 0x0}) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005b40)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000140)=[@ip_retopts={{0x10}}, @ip_retopts={{0x14, 0x0, 0x7, {[@end]}}}], 0x28}}], 0x1, 0xc080) connect$inet6(r0, &(0x7f0000002140)={0xa, 0x4e25, 0x1, @mcast2, 0x7}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 1.541425223s ago: executing program 0 (id=1398): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000120000002400000008000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r0}, 0x18) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) write$cgroup_int(r2, &(0x7f00000001c0)=0x8200000000000000, 0xfffffdef) mmap(&(0x7f0000400000/0x3000)=nil, 0x3000, 0x0, 0x4d032, 0xffffffffffffffff, 0x0) 1.385272706s ago: executing program 3 (id=1390): sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)={0x34, 0x1, 0x2, 0x101, 0x0, 0x0, {0x3, 0x0, 0x1}, [@CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x10000}, @CTA_EXPECT_MASTER={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x28}}, @CTA_TUPLE_ZONE={0x6}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x24004080}, 0x2000010) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000580)="d8000000140081054e81f782db44b904021d080225000000040000a118000200fcffffff00000e1208000f0100810401a80016ea1f", 0x35}], 0x1, 0x0, 0x0, 0x7400}, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="d8000000140081054e81f782db44b9040a", 0x11}], 0x1, 0x0, 0x0, 0x7400}, 0x0) write$cgroup_subtree(r0, &(0x7f0000000580)=ANY=[], 0xfe33) 1.282195189s ago: executing program 2 (id=1392): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r3, 0x0, 0x8000f28, 0x0) splice(r2, 0x0, r1, 0x0, 0x7f, 0xe) write(r0, 0x0, 0x0) 1.134148664s ago: executing program 3 (id=1393): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x11) shutdown(r0, 0x1) 1.022979463s ago: executing program 4 (id=1395): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) socket$key(0xf, 0x3, 0x2) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x18, 0x1, 0xfffffffe, 0x100, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0xfffffffc}, 0x80, 0x3500, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) 1.005383592s ago: executing program 1 (id=1396): sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x14, 0x0, 0x200, 0x70bd2d, 0x25dfdfff}, 0x14}, 0x1, 0x0, 0x0, 0x20004005}, 0x2000c800) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="090d2000000000f0ff000700000008000300", @ANYRES32=r2, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc000800050006000000140004"], 0x58}}, 0x0) 966.223779ms ago: executing program 2 (id=1397): bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0xffffffffffffff8e, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r0}, 0x18) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10) 826.181813ms ago: executing program 2 (id=1399): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f0000000140)="c2", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000e80)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @private2}, 0x1c, &(0x7f0000000880)=[{&(0x7f00000003c0)="e3", 0x1}], 0x1}}], 0x1, 0x0) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000380)={0x4, 0x0, 0x8, 0x9d}, 0x10) 778.927946ms ago: executing program 0 (id=1400): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000005c0)=""/151, 0x97}], 0x1, &(0x7f0000002f40)=""/229, 0xe5}, 0x0) sendmsg$tipc(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="b8d3d8e48974aae56e0000000000000061b9459b68100dbf05177b2490a5408bdf271fd6b9aa6701365ffc723899ad120c5a54b1c64080f64f103ee1de769e5e9dd847dc85fea662eaad499c52a16f40cb3a1f6f3d5f8df14c53b2e6b5397f7806b6ff846de37a34c8342b9ac5a51eacf8a09cede8676044eafd3d7935f90698aa2d9c57276322b82e8976f5a4d980eaeb3b636630b810f2e2", 0x99}, {&(0x7f0000000b00)=';', 0x1}], 0x2, 0x0, 0x0, 0x84}, 0x20000000) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0xf983e000) close(r1) 778.110581ms ago: executing program 1 (id=1410): r0 = socket$key(0xf, 0x3, 0x2) recvmmsg(r0, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400}) setsockopt$sock_int(r0, 0x1, 0x4b, &(0x7f0000000040)=0xfd87, 0x4) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x6b}, 0x38) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0) 701.445129ms ago: executing program 4 (id=1401): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f00000003c0)=0x6, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x0, 0x0, @loopback}, @in6={0xa, 0x0, 0xffffffff, @private0}], 0x38) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0xfffffffe, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, 0x3}], 0x1c) 693.289756ms ago: executing program 2 (id=1402): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000040)={0x0, 0xfffffff9, 0x10}, 0xc) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x4, @empty}, 0x1c) sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x40, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) writev(r0, &(0x7f0000000d40)=[{&(0x7f0000000980)="a4", 0xfffd}], 0x1) 571.350623ms ago: executing program 4 (id=1403): pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) unshare(0x20000400) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000009, 0x200000006c832, 0xffffffffffffffff, 0x0) splice(r1, &(0x7f0000000040), r0, 0x0, 0x800000000ff, 0x0) 566.650922ms ago: executing program 0 (id=1404): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) 531.94871ms ago: executing program 3 (id=1405): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000040)={0xfffffffd, 0xfffffff9}, 0x8) bind$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8) listen(r0, 0x0) shutdown(r0, 0x0) 467.998707ms ago: executing program 1 (id=1406): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000005, 0x12, r0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$netlink(r1, 0x10e, 0xc, 0x0, &(0x7f0000000c80)) 395.414298ms ago: executing program 4 (id=1407): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x3a) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="050000000091c700", 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet(r1, &(0x7f0000002cc0)=[{{0x0, 0x0, &(0x7f0000002bc0)=[{&(0x7f0000001800)="688bfaa51ce24604c5ef243446976a0bf133f30b59b7423c9636d60fba002341d37f2868c86dfbbead1428eee8e139208e68d0e57cfe1337b598105a098761477eac8178701befae624f091a396eac7c8ec24036bde9b83f03709536939796c0019517cca190697d03f8e5", 0x6b}, {&(0x7f00000018c0)="53c299104fd5933bf20e483146674a11f905f6f98afd086070a8", 0x1a}, {&(0x7f0000001900)="6c860fa729a6631ae154fde8136976acdd2ec67e0bef4aa91d79f377daa3bb072c00b804a4caccde7bf441d287c277432a5b47e2596346f9fcada0e6d2e1d9310c532fd11211cb65266049bcd3312d8a3595d4107431", 0x56}, {&(0x7f0000001980)="e190f1426b7b01ac604bb602c887bb0c3e1d496133c2dee2cd3b664b29ed9100a9770f378bbc3e0aa411a7e6b55beb1aa8722f9f7735c95bc966f3e0f1cd5d681ea5ce4e50154b92e2fe34dbc246311154899806d1acf78aa6d014c294f347bf135b6cd7244c2a89898e6fca8e64c6213fd4ae597b3efa71ba248778db52ca0f862b5f9fe1e52c25bd9a23568c37bf3f974328b70083f76e1a40af0ae51da98ec9892d408e217dc4f15e10845260d565cb7c7815a2bc", 0xb6}, {&(0x7f0000002b00)="6c60c20898c345f76ddb597d4b30", 0xe}, {&(0x7f0000002b40)="0d591e55a9", 0x5}, {&(0x7f0000002b80)="f2cbc171673952624056bb0f2c874613cf2d25ced9309a07cafeb16c11f0b3", 0x1f}], 0x7}}], 0x1, 0x11) 332.572929ms ago: executing program 1 (id=1408): sendmmsg$inet(0xffffffffffffffff, &(0x7f0000007c00)=[{{&(0x7f0000000040)={0x2, 0x4e22, @loopback}, 0x10, 0x0}}], 0x1, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @remote}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='veth0_to_bridge\x00', 0x10) sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) 235.097269ms ago: executing program 3 (id=1409): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000040)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0900000004000000dd0000000a"], 0x50) 234.078615ms ago: executing program 2 (id=1411): socket$packet(0x11, 0x2, 0x300) r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f0000000280)={0xa, 0x2, 0x0, @loopback={0xff00000000000000}, 0x2000400}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e24, 0x4, @dev={0xfe, 0x80, '\x00', 0x21}, 0x9}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000000) 192.024032ms ago: executing program 4 (id=1412): mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x200000b, 0x41071, 0xffffffffffffffff, 0x894f000) mmap(&(0x7f0000000000/0xb36000)=nil, 0x7000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r0, 0x0) 154.081947ms ago: executing program 0 (id=1413): r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'dummy0\x00', 0x0}) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f00000000c0)=0x8000, 0x4) bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10) 124.033562ms ago: executing program 4 (id=1414): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0xb8, r2, 0xb97534d5fe9704cf, 0x70bd2d, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x1}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x71, 0xbe, "122f9735952e465410483dad31e1419fad60bc2a80f5c7f2b231c2a4ca963ed732188573a261ec80c2fb6c947408f662f9de55d5f2352644ba6992e18d6bb9b28ef2b00be5a8f60092f9e6dbf5b259bd078a334772d68a643dbd2644515e4599d2231bb51fe815e648b5f39266"}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x8}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0xb8}, 0x1, 0x0, 0x0, 0xc8c1}, 0x0) 117.533341ms ago: executing program 3 (id=1415): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0xfffffffd, {{@in6=@remote, @in=@private=0xa010102, 0x0, 0x0, 0x0, 0x0, 0xa, 0x10, 0x26b9ffe36856e205}, {0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {}, 0x1, 0x0, 0x0, 0x1}}, 0xb8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0xfffffffd, 0x25dfdbfb, {{@in=@multicast2, @in=@multicast2, 0x0, 0x4, 0x4e26, 0x2, 0xa, 0x20}, {0xfffffffffffffffe, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x2, 0xfffffffffffffffc}, {0x0, 0x0, 0x20000000000000}, 0xfffffffc, 0x0, 0x0, 0x1, 0x0, 0x1}}, 0xb8}}, 0x4000000) syz_emit_ethernet(0x5e, &(0x7f0000000000)={@local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x28, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @loopback={0xfeffffff00000000, 0x1ff0000aa}, @private2}}}}}}, 0x0) 52.486033ms ago: executing program 1 (id=1416): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r2}, 0x10) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e0000000000000000001800028014000380"], 0x44}, 0x1, 0x0, 0x0, 0x20004080}, 0x0) 51.812313ms ago: executing program 0 (id=1417): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8) listen(r0, 0x3) accept4(r0, 0x0, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x20, &(0x7f0000000280)=0xfffff908, 0x4) 0s ago: executing program 2 (id=1418): r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) recvmmsg(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/234, 0xea}, 0x275a}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b00)=""/234, 0xea}, 0x4}], 0x2, 0x60010000, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.29' (ED25519) to the list of known hosts. [ 85.702744][ T5813] cgroup: Unknown subsys name 'net' [ 85.829277][ T5813] cgroup: Unknown subsys name 'cpuset' [ 85.838445][ T5813] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 87.740379][ T5813] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 90.419625][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.419898][ T5838] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.429912][ T5836] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.436942][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.442536][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.458442][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.467295][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.485448][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.492914][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.525324][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.553812][ T5847] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.558139][ T5849] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.569363][ T5849] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.569894][ T5842] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 90.579853][ T5849] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.586430][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.601543][ T5849] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.609185][ T5849] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.612690][ T5842] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 90.625408][ T5842] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 90.625501][ T5849] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.633514][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.648643][ T5842] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 90.659428][ T5849] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.668840][ T5842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 91.246639][ T5826] chnl_net:caif_netlink_parms(): no params data found [ 91.379868][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 91.468740][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 91.620984][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 91.643395][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.650693][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.658999][ T5826] bridge_slave_0: entered allmulticast mode [ 91.666595][ T5826] bridge_slave_0: entered promiscuous mode [ 91.687008][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 91.723174][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.730521][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.737838][ T5826] bridge_slave_1: entered allmulticast mode [ 91.745670][ T5826] bridge_slave_1: entered promiscuous mode [ 91.800245][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.807833][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.815941][ T5829] bridge_slave_0: entered allmulticast mode [ 91.823240][ T5829] bridge_slave_0: entered promiscuous mode [ 91.883708][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.891266][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.898618][ T5829] bridge_slave_1: entered allmulticast mode [ 91.906455][ T5829] bridge_slave_1: entered promiscuous mode [ 91.916749][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.941681][ T1209] cfg80211: failed to load regulatory.db [ 91.944173][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.956504][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.963714][ T5827] bridge_slave_0: entered allmulticast mode [ 91.971289][ T5827] bridge_slave_0: entered promiscuous mode [ 92.017255][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.042177][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.049496][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.056889][ T5827] bridge_slave_1: entered allmulticast mode [ 92.064130][ T5827] bridge_slave_1: entered promiscuous mode [ 92.143667][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.156338][ T5826] team0: Port device team_slave_0 added [ 92.204009][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.227931][ T5826] team0: Port device team_slave_1 added [ 92.253737][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.266084][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.275553][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.282709][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.290074][ T5840] bridge_slave_0: entered allmulticast mode [ 92.297658][ T5840] bridge_slave_0: entered promiscuous mode [ 92.332388][ T5829] team0: Port device team_slave_0 added [ 92.351770][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.359085][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.366460][ T5840] bridge_slave_1: entered allmulticast mode [ 92.373735][ T5840] bridge_slave_1: entered promiscuous mode [ 92.380828][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.388439][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.395740][ T5839] bridge_slave_0: entered allmulticast mode [ 92.402974][ T5839] bridge_slave_0: entered promiscuous mode [ 92.424793][ T5829] team0: Port device team_slave_1 added [ 92.456277][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.463520][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.471926][ T5839] bridge_slave_1: entered allmulticast mode [ 92.479309][ T5839] bridge_slave_1: entered promiscuous mode [ 92.488422][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.495498][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.521709][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.548414][ T5827] team0: Port device team_slave_0 added [ 92.575782][ T5841] Bluetooth: hci0: command tx timeout [ 92.596603][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.603588][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.629728][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.642701][ T5827] team0: Port device team_slave_1 added [ 92.646148][ T5841] Bluetooth: hci2: command tx timeout [ 92.672641][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.679781][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.705746][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.719610][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.725252][ T5846] Bluetooth: hci1: command tx timeout [ 92.734762][ T5842] Bluetooth: hci3: command tx timeout [ 92.734823][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.740698][ T5841] Bluetooth: hci4: command tx timeout [ 92.800301][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.807445][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.834579][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.848529][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.862037][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.872015][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.879511][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.906047][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.937692][ T5840] team0: Port device team_slave_0 added [ 92.946228][ T5840] team0: Port device team_slave_1 added [ 92.980500][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.987580][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.013547][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.074737][ T5839] team0: Port device team_slave_0 added [ 93.097008][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.103991][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.130290][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.168597][ T5839] team0: Port device team_slave_1 added [ 93.179346][ T5829] hsr_slave_0: entered promiscuous mode [ 93.186610][ T5829] hsr_slave_1: entered promiscuous mode [ 93.198135][ T5826] hsr_slave_0: entered promiscuous mode [ 93.204576][ T5826] hsr_slave_1: entered promiscuous mode [ 93.210960][ T5826] debugfs: 'hsr0' already exists in 'hsr' [ 93.216808][ T5826] Cannot create hsr debugfs directory [ 93.223202][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.230488][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.257266][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.307563][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.314541][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.340887][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.406358][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.413336][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.439541][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.463633][ T5827] hsr_slave_0: entered promiscuous mode [ 93.470185][ T5827] hsr_slave_1: entered promiscuous mode [ 93.476868][ T5827] debugfs: 'hsr0' already exists in 'hsr' [ 93.482617][ T5827] Cannot create hsr debugfs directory [ 93.643013][ T5840] hsr_slave_0: entered promiscuous mode [ 93.649736][ T5840] hsr_slave_1: entered promiscuous mode [ 93.656350][ T5840] debugfs: 'hsr0' already exists in 'hsr' [ 93.662103][ T5840] Cannot create hsr debugfs directory [ 93.673214][ T5839] hsr_slave_0: entered promiscuous mode [ 93.679791][ T5839] hsr_slave_1: entered promiscuous mode [ 93.686550][ T5839] debugfs: 'hsr0' already exists in 'hsr' [ 93.692445][ T5839] Cannot create hsr debugfs directory [ 94.165775][ T5826] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.180429][ T5826] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.191524][ T5826] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.210980][ T5826] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.269992][ T5829] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 94.285897][ T5829] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 94.298749][ T5829] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 94.311299][ T5829] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 94.400752][ T5827] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.418492][ T5827] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.431395][ T5827] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.464186][ T5827] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.538233][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.549241][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.560027][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.596477][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.657062][ T5841] Bluetooth: hci0: command tx timeout [ 94.709279][ T5839] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.722093][ T5839] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.729083][ T5841] Bluetooth: hci2: command tx timeout [ 94.741318][ T5839] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.752480][ T5839] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.768188][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.791970][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.805664][ T5842] Bluetooth: hci1: command tx timeout [ 94.805689][ T5846] Bluetooth: hci3: command tx timeout [ 94.811188][ T5841] Bluetooth: hci4: command tx timeout [ 94.830808][ T5826] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.879944][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.887269][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.930497][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.937753][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.974645][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.018928][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.026082][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.036120][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.043298][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.169112][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.232060][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.251310][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.289695][ T3470] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.296972][ T3470] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.314026][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.339057][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.346401][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.401379][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.419799][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.464029][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.471342][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.489212][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.496438][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.512470][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.519673][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.564091][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.571355][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.618268][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.729325][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.880864][ T5826] veth0_vlan: entered promiscuous mode [ 95.983085][ T5826] veth1_vlan: entered promiscuous mode [ 96.132576][ T5826] veth0_macvtap: entered promiscuous mode [ 96.170888][ T5826] veth1_macvtap: entered promiscuous mode [ 96.279292][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.303239][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.326726][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.353924][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.377730][ T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.389446][ T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.409339][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.417776][ T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.427287][ T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.580450][ T5840] veth0_vlan: entered promiscuous mode [ 96.594828][ T5829] veth0_vlan: entered promiscuous mode [ 96.615478][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.624691][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.652312][ T5829] veth1_vlan: entered promiscuous mode [ 96.663217][ T5840] veth1_vlan: entered promiscuous mode [ 96.693299][ T5827] veth0_vlan: entered promiscuous mode [ 96.712771][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.720924][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.730088][ T5841] Bluetooth: hci0: command tx timeout [ 96.741703][ T5827] veth1_vlan: entered promiscuous mode [ 96.750137][ T5839] veth0_vlan: entered promiscuous mode [ 96.764615][ T5839] veth1_vlan: entered promiscuous mode [ 96.805784][ T5841] Bluetooth: hci2: command tx timeout [ 96.847055][ T5829] veth0_macvtap: entered promiscuous mode [ 96.858876][ T5826] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 96.885587][ T5841] Bluetooth: hci4: command tx timeout [ 96.886444][ T5846] Bluetooth: hci1: command tx timeout [ 96.891119][ T5841] Bluetooth: hci3: command tx timeout [ 96.906693][ T5827] veth0_macvtap: entered promiscuous mode [ 96.927367][ T5829] veth1_macvtap: entered promiscuous mode [ 96.938087][ T5840] veth0_macvtap: entered promiscuous mode [ 96.959156][ T5827] veth1_macvtap: entered promiscuous mode [ 96.988902][ T5840] veth1_macvtap: entered promiscuous mode [ 97.003617][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.041996][ T5839] veth0_macvtap: entered promiscuous mode [ 97.058984][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.087098][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.104936][ T5839] veth1_macvtap: entered promiscuous mode [ 97.116545][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.144738][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.169555][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.180260][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.200790][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.224821][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.240411][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.292113][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.304866][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.314143][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.340202][ T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.390512][ T3470] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.400133][ T3470] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.412678][ T3470] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.450074][ T3470] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.464609][ T3470] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.494049][ T3470] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.522193][ T3470] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.549375][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.590574][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.615545][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.686754][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.703892][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.716377][ T3470] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.734075][ T3470] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.737652][ T5955] netlink: 20 bytes leftover after parsing attributes in process `syz.0.10'. [ 97.775610][ T3470] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.783480][ T3470] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.834550][ T5957] netlink: 28 bytes leftover after parsing attributes in process `syz.0.11'. [ 97.844830][ T5957] netlink: 28 bytes leftover after parsing attributes in process `syz.0.11'. [ 97.878544][ T5957] gretap0: entered promiscuous mode [ 97.886053][ T5957] gretap0: left promiscuous mode [ 97.911953][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.922467][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.932780][ T5957] Zero length message leads to an empty skb [ 98.035126][ T3470] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.043001][ T3470] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.075874][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.102377][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.190152][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.225100][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.293421][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.335535][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.806801][ T5841] Bluetooth: hci0: command tx timeout [ 98.885768][ T5841] Bluetooth: hci2: command tx timeout [ 98.965747][ T5842] Bluetooth: hci1: command tx timeout [ 98.968102][ T5846] Bluetooth: hci4: command tx timeout [ 98.971796][ T5841] Bluetooth: hci3: command tx timeout [ 99.761270][ T6003] syz.4.20 uses obsolete (PF_INET,SOCK_PACKET) [ 99.852847][ T6007] netlink: 104 bytes leftover after parsing attributes in process `syz.1.23'. [ 100.570907][ T44] IPVS: starting estimator thread 0... [ 100.726132][ T6035] IPVS: using max 31 ests per chain, 74400 per kthread [ 100.796254][ T6045] netlink: 40 bytes leftover after parsing attributes in process `syz.1.38'. [ 100.836880][ T6045] netlink: 40 bytes leftover after parsing attributes in process `syz.1.38'. [ 102.061707][ T6097] netlink: 60 bytes leftover after parsing attributes in process `syz.4.55'. [ 102.438145][ T6110] Illegal XDP return value 4294967274 on prog (id 19) dev syz_tun, expect packet loss! [ 102.530775][ T5921] hid-generic 0005:0002:5508.0001: hidraw0: BLUETOOTH HID vc3.38 Device [syz0] on aa:aa:aa:aa:aa:aa [ 102.608304][ T6116] trusted_key: syz.2.61 sent an empty control message without MSG_MORE. [ 102.818721][ T6118] fido_id[6118]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci3/hci3:200/report_descriptor': No such file or directory [ 103.363826][ T6142] netlink: 12 bytes leftover after parsing attributes in process `syz.4.71'. [ 104.092895][ T6172] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 104.125580][ T6172] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 104.690229][ T6192] netlink: 'syz.0.96': attribute type 3 has an invalid length. [ 105.340987][ T6219] Bluetooth: MGMT ver 1.23 [ 105.677808][ T6232] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.115'. [ 105.929127][ T6244] Bluetooth: MGMT ver 1.23 [ 106.162718][ T6253] netlink: 'syz.0.122': attribute type 29 has an invalid length. [ 106.173882][ T6253] netlink: 'syz.0.122': attribute type 29 has an invalid length. [ 109.241092][ T6350] netlink: 44 bytes leftover after parsing attributes in process `syz.3.165'. [ 109.368975][ T6354] pim6reg1: entered promiscuous mode [ 109.374560][ T6354] pim6reg1: entered allmulticast mode [ 109.453234][ T6356] netlink: 4 bytes leftover after parsing attributes in process `syz.0.168'. [ 109.462464][ T6356] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 109.495327][ T6356] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 109.677145][ T10] hid-generic 0005:0007:0008.0002: item fetching failed at offset 1/2 [ 109.686908][ T10] hid-generic 0005:0007:0008.0002: probe with driver hid-generic failed with error -22 [ 109.769710][ T6365] tipc: Started in network mode [ 109.774819][ T6365] tipc: Node identity ff75, cluster identity 4711 [ 109.783787][ T6365] tipc: Enabling of bearer rejected, failed to enable media [ 109.837380][ T6367] macvlan1: entered promiscuous mode [ 109.871597][ T6367] macvlan1: left promiscuous mode [ 110.565160][ T5841] Bluetooth: hci3: command 0x0405 tx timeout [ 110.955337][ T6413] tipc: Started in network mode [ 110.965933][ T6413] tipc: Node identity ac14142f, cluster identity 4711 [ 110.974545][ T6413] tipc: New replicast peer: 0.0.0.0 [ 110.983161][ T6413] tipc: Enabled bearer , priority 10 [ 111.023091][ T6413] tipc: New replicast peer: 172.30.1.5 [ 111.711081][ T6445] veth0_to_bridge: entered promiscuous mode [ 111.720262][ T6444] veth0_to_bridge: left promiscuous mode [ 112.162036][ T5943] tipc: Node number set to 2886997039 [ 112.169547][ T6468] veth1_to_bond: entered allmulticast mode [ 112.187021][ T6468] veth1_to_bond: entered promiscuous mode [ 112.193749][ T6464] veth1_to_bond: left promiscuous mode [ 112.208796][ T6464] veth1_to_bond: left allmulticast mode [ 112.297245][ T6472] batadv_slave_1: entered promiscuous mode [ 112.304453][ T6471] batadv_slave_1: left promiscuous mode [ 112.378480][ T6478] netlink: 'syz.4.225': attribute type 4 has an invalid length. [ 112.667085][ T6494] tipc: Started in network mode [ 112.672006][ T6494] tipc: Node identity 4, cluster identity 4711 [ 112.686462][ T6494] tipc: Node number set to 4 [ 112.807581][ T6504] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 4, id = 0 [ 112.808115][ T6502] IPVS: stopping master sync thread 6504 ... [ 112.958482][ T6509] netlink: 20 bytes leftover after parsing attributes in process `syz.0.239'. [ 113.035965][ T6511] syz.4.241 (6511) used obsolete PPPIOCDETACH ioctl [ 113.327431][ T6532] netlink: 64 bytes leftover after parsing attributes in process `syz.0.252'. [ 113.708456][ T6555] netlink: 4 bytes leftover after parsing attributes in process `syz.1.258'. [ 113.907732][ T6564] netlink: 'syz.1.263': attribute type 1 has an invalid length. [ 113.998116][ T6564] bond1: entered promiscuous mode [ 114.011891][ T6564] 8021q: adding VLAN 0 to HW filter on device bond1 [ 114.175376][ T6569] 8021q: adding VLAN 0 to HW filter on device bond2 [ 114.233984][ T6569] bond1: (slave bond2): making interface the new active one [ 114.267642][ T6569] bond2: entered promiscuous mode [ 114.284810][ T6569] bond1: (slave bond2): Enslaving as an active interface with an up link [ 116.034789][ T6625] netlink: 'syz.3.283': attribute type 1 has an invalid length. [ 116.054038][ T6625] netlink: 'syz.3.283': attribute type 3 has an invalid length. [ 116.062082][ T6625] netlink: 'syz.3.283': attribute type 1 has an invalid length. [ 116.071908][ T6625] netlink: 140 bytes leftover after parsing attributes in process `syz.3.283'. [ 117.012078][ T6661] netlink: 'syz.4.301': attribute type 29 has an invalid length. [ 117.050255][ T6661] netlink: 'syz.4.301': attribute type 29 has an invalid length. [ 117.105734][ T6661] netlink: 500 bytes leftover after parsing attributes in process `syz.4.301'. [ 117.145558][ T6661] unsupported nla_type 58 [ 117.569266][ T6688] netlink: 12 bytes leftover after parsing attributes in process `syz.4.312'. [ 117.672087][ T6694] erspan0: entered promiscuous mode [ 117.693546][ T6694] netlink: 8 bytes leftover after parsing attributes in process `syz.0.316'. [ 118.237268][ T6719] netlink: 12 bytes leftover after parsing attributes in process `syz.1.325'. [ 118.255049][ T30] audit: type=1800 audit(1763435941.802:2): pid=6722 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.327" name=CB dev="tmpfs" ino=331 res=0 errno=0 [ 118.317650][ T6725] veth0: entered promiscuous mode [ 118.337002][ T6725] veth0: left promiscuous mode [ 118.716559][ T6745] syzkaller1: entered promiscuous mode [ 118.724192][ T6745] syzkaller1: entered allmulticast mode [ 119.802877][ T6780] netlink: 4 bytes leftover after parsing attributes in process `syz.0.351'. [ 119.923186][ T6780] hsr0: entered promiscuous mode [ 120.616511][ T6780] macsec1: entered promiscuous mode [ 120.645659][ T6780] macsec1: entered allmulticast mode [ 120.651027][ T6780] hsr0: entered allmulticast mode [ 120.675140][ T6780] hsr_slave_0: entered allmulticast mode [ 120.693242][ T6780] hsr_slave_1: entered allmulticast mode [ 120.715749][ T6780] hsr0: left allmulticast mode [ 120.720586][ T6780] hsr_slave_0: left allmulticast mode [ 120.745082][ T6780] hsr_slave_1: left allmulticast mode [ 120.978152][ T6790] warning: `syz.3.358' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 122.735321][ T6877] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.391'. [ 123.057872][ T6889] netlink: 76 bytes leftover after parsing attributes in process `syz.2.396'. [ 123.753255][ T6909] netlink: 'syz.2.405': attribute type 29 has an invalid length. [ 123.777230][ T6909] netlink: 'syz.2.405': attribute type 29 has an invalid length. [ 123.805847][ T6909] netlink: 500 bytes leftover after parsing attributes in process `syz.2.405'. [ 124.744848][ T6953] syzkaller1: entered promiscuous mode [ 124.750440][ T6953] syzkaller1: entered allmulticast mode [ 125.132664][ T6969] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.429'. [ 125.178003][ T6970] nbd: device at index 3 is going down [ 125.243423][ T6972] af_packet: tpacket_rcv: packet too big, clamped from 2 to 4294967272. macoff=96 [ 125.384775][ T6983] netlink: 36 bytes leftover after parsing attributes in process `syz.3.434'. [ 125.875598][ T7005] geneve2: entered promiscuous mode [ 125.880879][ T7005] geneve2: entered allmulticast mode [ 126.233325][ T44] hid-generic 0005:0007:5507.0003: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 126.263447][ T7031] netlink: 24 bytes leftover after parsing attributes in process `syz.0.454'. [ 126.369124][ T7031] netlink: 24 bytes leftover after parsing attributes in process `syz.0.454'. [ 126.425365][ T44] hid-generic 0005:0007:0008.0004: item fetching failed at offset 1/2 [ 126.444666][ T44] hid-generic 0005:0007:0008.0004: probe with driver hid-generic failed with error -22 [ 127.546616][ T7086] ip6gretap0: entered promiscuous mode [ 127.553733][ T7086] macsec1: entered promiscuous mode [ 127.559449][ T7089] netlink: 'syz.4.482': attribute type 3 has an invalid length. [ 127.560356][ T7086] macsec1: entered allmulticast mode [ 127.583445][ T7089] netlink: 'syz.4.482': attribute type 7 has an invalid length. [ 127.592019][ T7089] netlink: 'syz.4.482': attribute type 8 has an invalid length. [ 127.600931][ T7089] netlink: 132 bytes leftover after parsing attributes in process `syz.4.482'. [ 127.620019][ T7086] ip6gretap0: entered allmulticast mode [ 128.683643][ T7144] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.504'. [ 128.707682][ T7139] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.504'. [ 128.818021][ T7148] netlink: 248 bytes leftover after parsing attributes in process `syz.2.508'. [ 129.396252][ T7188] netlink: 12 bytes leftover after parsing attributes in process `syz.1.526'. [ 129.653299][ T7202] netlink: 'syz.3.533': attribute type 4 has an invalid length. [ 131.303188][ T7280] netlink: 'syz.2.569': attribute type 39 has an invalid length. [ 132.336002][ T7337] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 4, id = 0 [ 132.336373][ T7335] IPVS: stopping master sync thread 7337 ... [ 132.418448][ T7344] netlink: 23 bytes leftover after parsing attributes in process `syz.4.596'. [ 132.590999][ T7348] xt_hashlimit: size too large, truncated to 1048576 [ 132.612462][ T7352] netlink: 24 bytes leftover after parsing attributes in process `syz.0.599'. [ 133.150259][ T7372] netlink: 'syz.3.608': attribute type 11 has an invalid length. [ 133.150969][ T7370] netlink: 428 bytes leftover after parsing attributes in process `syz.2.607'. [ 133.249399][ T7370] netlink: 24 bytes leftover after parsing attributes in process `syz.2.607'. [ 133.831058][ T7404] netlink: 64 bytes leftover after parsing attributes in process `syz.0.623'. [ 133.933769][ T7411] netlink: 'syz.2.626': attribute type 9 has an invalid length. [ 133.965652][ T7411] netlink: 8 bytes leftover after parsing attributes in process `syz.2.626'. [ 134.001047][ T7411] hsr0: entered promiscuous mode [ 134.009331][ T7411] macvlan2: entered promiscuous mode [ 134.015444][ T7411] macvlan2: entered allmulticast mode [ 134.021131][ T7411] hsr0: entered allmulticast mode [ 134.043175][ T7411] hsr_slave_0: entered allmulticast mode [ 134.053860][ T7411] hsr_slave_1: entered allmulticast mode [ 134.178804][ T7425] netlink: 8 bytes leftover after parsing attributes in process `syz.2.632'. [ 134.191982][ T7425] netlink: 'syz.2.632': attribute type 21 has an invalid length. [ 135.112137][ T7481] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 135.125993][ T44] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 135.157201][ T7484] netlink: 27 bytes leftover after parsing attributes in process `syz.2.659'. [ 135.571155][ T7507] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 135.606663][ T5958] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 135.925221][ T5841] Bluetooth: hci3: command 0x0405 tx timeout [ 135.993354][ T7526] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 136.026183][ T7526] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 136.050676][ T7526] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 136.059261][ T7530] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 136.069346][ T7532] netlink: 100 bytes leftover after parsing attributes in process `syz.0.681'. [ 136.078857][ T7530] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 136.119823][ T7522] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 136.172393][ T5921] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 136.268898][ T7541] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.683'. [ 137.563044][ T7607] netlink: 'syz.4.715': attribute type 1 has an invalid length. [ 138.012471][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.032401][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.047931][ T7638] netlink: 'syz.1.728': attribute type 12 has an invalid length. [ 138.550895][ T30] audit: type=1800 audit(1763435962.102:3): pid=7666 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.741" name=CB dev="tmpfs" ino=832 res=0 errno=0 [ 138.778358][ T7678] veth0: entered promiscuous mode [ 138.791238][ T7678] veth0: left promiscuous mode [ 139.235545][ T7695] netlink: 8 bytes leftover after parsing attributes in process `syz.3.755'. [ 139.256389][ T7695] block nbd0: shutting down sockets [ 139.675034][ T7720] sctp: [Deprecated]: syz.4.765 (pid 7720) Use of struct sctp_assoc_value in delayed_ack socket option. [ 139.675034][ T7720] Use struct sctp_sack_info instead [ 139.720525][ T7720] sctp: [Deprecated]: syz.4.765 (pid 7720) Use of struct sctp_assoc_value in delayed_ack socket option. [ 139.720525][ T7720] Use struct sctp_sack_info instead [ 140.196485][ T7746] vcan0: tx drop: invalid da for name 0x00000000000000c7 [ 140.421079][ T44] net_ratelimit: 9 callbacks suppressed [ 140.421099][ T44] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 140.558114][ T7765] netlink: 48 bytes leftover after parsing attributes in process `syz.3.787'. [ 141.079521][ T7790] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 141.467592][ T7810] netlink: 'syz.2.806': attribute type 1 has an invalid length. [ 141.679161][ T7825] syzkaller1: entered promiscuous mode [ 141.684785][ T7825] syzkaller1: entered allmulticast mode [ 143.095284][ T7872] netlink: 12 bytes leftover after parsing attributes in process `syz.4.832'. [ 143.358952][ T7885] syzkaller1: entered promiscuous mode [ 143.364570][ T7885] syzkaller1: entered allmulticast mode [ 145.319834][ T7936] batadv_slave_0: entered promiscuous mode [ 145.365962][ T7935] batadv_slave_0: left promiscuous mode [ 145.509828][ T7943] tipc: Enabling of bearer rejected, failed to enable media [ 145.726097][ T7956] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.871'. [ 148.956520][ T8037] netlink: 36 bytes leftover after parsing attributes in process `syz.4.904'. [ 153.063652][ T8119] netlink: 'syz.1.936': attribute type 4 has an invalid length. [ 153.073698][ T8119] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.936'. [ 154.185791][ T8134] nbd: device at index 0 is going down [ 154.991787][ T8157] netlink: 244 bytes leftover after parsing attributes in process `syz.0.953'. [ 155.012889][ T8158] netlink: 'syz.3.952': attribute type 29 has an invalid length. [ 155.047763][ T8158] netlink: 'syz.3.952': attribute type 29 has an invalid length. [ 155.063202][ T8159] netlink: 24 bytes leftover after parsing attributes in process `syz.2.951'. [ 155.073854][ T8158] netlink: 500 bytes leftover after parsing attributes in process `syz.3.952'. [ 156.817888][ T8190] syzkaller1: entered promiscuous mode [ 156.846306][ T8190] syzkaller1: entered allmulticast mode [ 157.162019][ T8206] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.974'. [ 157.200473][ T8209] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.976'. [ 157.962784][ T37] tipc: Subscription rejected, illegal request [ 158.674480][ T8281] netlink: 'syz.3.1008': attribute type 29 has an invalid length. [ 158.707019][ T8281] netlink: 'syz.3.1008': attribute type 29 has an invalid length. [ 158.729657][ T8281] netlink: 500 bytes leftover after parsing attributes in process `syz.3.1008'. [ 158.911203][ T5841] Bluetooth: hci3: link tx timeout [ 158.917755][ T5841] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 158.927803][ T5841] Bluetooth: hci3: link tx timeout [ 158.933041][ T5841] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 159.406149][ T8328] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1029'. [ 159.902786][ T5841] Bluetooth: hci3: link tx timeout [ 159.910765][ T5841] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 159.920313][ T5841] Bluetooth: hci3: link tx timeout [ 159.927132][ T5841] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 159.935585][ T5841] Bluetooth: hci3: link tx timeout [ 159.940810][ T5841] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 159.949224][ T5841] Bluetooth: hci3: link tx timeout [ 159.954445][ T5841] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 159.966590][ T5841] Bluetooth: hci3: link tx timeout [ 159.971814][ T5841] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 160.965672][ T5841] Bluetooth: hci3: command 0x0405 tx timeout [ 161.026577][ T8380] syzkaller1: entered promiscuous mode [ 161.046665][ T8380] syzkaller1: entered allmulticast mode [ 161.598837][ T8404] nbd: device at index 4 is going down [ 162.194273][ T8434] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1073'. [ 162.473003][ T8440] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1075'. [ 163.745520][ T8478] geneve2: entered promiscuous mode [ 163.750822][ T8478] geneve2: entered allmulticast mode [ 164.150535][ T10] hid-generic 0005:0007:5507.0005: hidraw0: BLUETOOTH HID v0.08 Device [syz0] on aa:aa:aa:aa:aa:aa [ 164.405072][ T8509] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1107'. [ 164.483194][ T8513] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1108'. [ 164.502784][ T8517] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1107'. [ 164.513212][ T8513] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 164.608204][ T8513] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 164.825505][ T8535] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1114'. [ 165.383931][ T8568] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1134'. [ 165.406573][ T8568] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1134'. [ 165.433208][ T8568] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1134'. [ 165.459160][ T8568] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1134'. [ 165.680505][ T8578] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.1139'. [ 166.496094][ T8604] nbd: device at index 2 is going down [ 166.539086][ T8606] netlink: 'syz.1.1150': attribute type 9 has an invalid length. [ 166.555191][ T8606] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1150'. [ 166.599640][ T8606] hsr0: entered promiscuous mode [ 166.611665][ T8606] macvlan2: entered promiscuous mode [ 166.617707][ T8606] macvlan2: entered allmulticast mode [ 166.623841][ T8606] hsr0: entered allmulticast mode [ 166.629633][ T8606] hsr_slave_0: entered allmulticast mode [ 166.635680][ T8606] hsr_slave_1: entered allmulticast mode [ 166.673638][ T8613] veth0: entered promiscuous mode [ 166.695106][ T8613] veth0: left promiscuous mode [ 167.175581][ T8631] ip6gretap0: entered promiscuous mode [ 167.195350][ T8631] macsec1: entered promiscuous mode [ 167.200780][ T8631] macsec1: entered allmulticast mode [ 167.209759][ T8631] ip6gretap0: entered allmulticast mode [ 167.301838][ T8641] netlink: 'syz.0.1165': attribute type 3 has an invalid length. [ 167.320558][ T8641] netlink: 'syz.0.1165': attribute type 7 has an invalid length. [ 167.332253][ T8641] netlink: 'syz.0.1165': attribute type 8 has an invalid length. [ 168.452990][ T8701] netlink: 'syz.0.1194': attribute type 4 has an invalid length. [ 169.720121][ T8770] __nla_validate_parse: 6 callbacks suppressed [ 169.720142][ T8770] netlink: 27 bytes leftover after parsing attributes in process `syz.3.1225'. [ 170.107582][ T8787] netlink: 'syz.4.1232': attribute type 9 has an invalid length. [ 170.118597][ T8787] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1232'. [ 170.152404][ T8787] hsr0: entered promiscuous mode [ 170.163005][ T8787] macvlan2: entered promiscuous mode [ 170.175415][ T8787] macvlan2: entered allmulticast mode [ 170.183614][ T8787] hsr0: entered allmulticast mode [ 170.190026][ T8787] hsr_slave_0: entered allmulticast mode [ 170.196219][ T8787] hsr_slave_1: entered allmulticast mode [ 170.829168][ T8826] netlink: 'syz.0.1251': attribute type 9 has an invalid length. [ 170.837166][ T8826] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1251'. [ 170.854153][ T8826] macvlan2: entered promiscuous mode [ 170.860388][ T8826] macvlan2: entered allmulticast mode [ 170.866142][ T8826] hsr0: entered allmulticast mode [ 170.871298][ T8826] hsr_slave_0: entered allmulticast mode [ 170.877440][ T8826] hsr_slave_1: entered allmulticast mode [ 171.533183][ T8858] netlink: 'syz.1.1265': attribute type 39 has an invalid length. [ 171.925900][ T8869] tipc: Started in network mode [ 171.930920][ T8869] tipc: Node identity 4, cluster identity 4711 [ 171.951815][ T8869] tipc: Node number set to 4 [ 172.420610][ T8895] netlink: 23 bytes leftover after parsing attributes in process `syz.2.1284'. [ 172.442926][ T8900] IPVS: sync thread started: state = MASTER, mcast_ifn = hsr0, syncid = 4, id = 0 [ 172.454110][ T8898] IPVS: stopping master sync thread 8900 ... [ 172.564410][ T8905] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1287'. [ 173.236907][ T8936] xt_hashlimit: size too large, truncated to 1048576 [ 173.601628][ T8951] netlink: 'syz.4.1305': attribute type 11 has an invalid length. [ 173.738103][ T8956] netlink: 428 bytes leftover after parsing attributes in process `syz.0.1307'. [ 173.757756][ T8956] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1307'. [ 174.402978][ T8986] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1323'. [ 174.860350][ T9016] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1338'. [ 174.893964][ T9016] netlink: 'syz.0.1338': attribute type 21 has an invalid length. [ 176.183821][ T9080] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 176.552219][ T9102] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 177.045813][ T1002] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 177.054541][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 177.285084][ T5841] Bluetooth: hci3: command 0x0405 tx timeout [ 177.673280][ T9146] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1390'. [ 177.998234][ T9160] netlink: 'syz.1.1396': attribute type 11 has an invalid length. [ 178.097369][ T9163] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1395'. [ 178.287403][ T9173] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.326604][ T3470] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.335842][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.414211][ T9173] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.479904][ T9173] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.502370][ T9173] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.518367][ T9176] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 178.860412][ T9199] ------------[ cut here ]------------ [ 178.866223][ T9199] WARNING: CPU: 0 PID: 9199 at net/mac80211/rate.c:53 rate_control_rate_init+0x64a/0x6e0 [ 178.876144][ T9199] Modules linked in: [ 178.880366][ T9199] CPU: 0 UID: 0 PID: 9199 Comm: syz.4.1414 Not tainted syzkaller #0 PREEMPT(full) [ 178.889957][ T9199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 178.900601][ T9199] RIP: 0010:rate_control_rate_init+0x64a/0x6e0 [ 178.906914][ T9199] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 d2 56 02 f7 90 0f 0b 90 eb e1 e8 c7 56 02 f7 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00 [ 178.926668][ T9199] RSP: 0018:ffffc90002f86f60 EFLAGS: 00010287 [ 178.932785][ T9199] RAX: ffffffff8abdad09 RBX: ffff88807847c000 RCX: 0000000000080000 [ 178.940893][ T9199] RDX: ffffc9000c20c000 RSI: 00000000000003d3 RDI: 00000000000003d4 [ 178.949035][ T9199] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8abda823 [ 178.957131][ T9199] R10: dffffc0000000000 R11: ffffed100f08f831 R12: 1ffff1100f08f80a [ 178.966197][ T9199] R13: ffff888023fe8e80 R14: 0000000000000001 R15: ffffffff8abda823 [ 178.974234][ T9199] FS: 00007f07619fd6c0(0000) GS:ffff888126138000(0000) knlGS:0000000000000000 [ 178.983823][ T9199] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 178.992543][ T9199] CR2: 0000200000001080 CR3: 0000000078d7a000 CR4: 00000000003526f0 [ 179.001218][ T9199] Call Trace: [ 179.004543][ T9199] [ 179.008142][ T9199] rate_control_rate_init_all_links+0x109/0x1a0 [ 179.014455][ T9199] sta_apply_auth_flags+0x1c2/0x400 [ 179.020332][ T9199] sta_apply_parameters+0xe27/0x1570 [ 179.027840][ T9199] ieee80211_add_station+0x424/0x6a0 [ 179.033201][ T9199] rdev_add_station+0x108/0x290 [ 179.038804][ T9199] nl80211_new_station+0x1755/0x1b70 [ 179.044625][ T9199] ? __pfx_nl80211_new_station+0x10/0x10 [ 179.050452][ T9199] ? netdev_run_todo+0xe1d/0xea0 [ 179.055501][ T9199] ? nl80211_pre_doit+0x4f1/0x930 [ 179.060598][ T9199] genl_family_rcv_msg_doit+0x215/0x300 [ 179.066247][ T9199] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 179.072391][ T9199] ? bpf_lsm_capable+0x9/0x20 [ 179.077168][ T9199] ? security_capable+0x7e/0x2e0 [ 179.082176][ T9199] genl_rcv_msg+0x60e/0x790 [ 179.086783][ T9199] ? __pfx_genl_rcv_msg+0x10/0x10 [ 179.091857][ T9199] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 179.097328][ T9199] ? __pfx_nl80211_new_station+0x10/0x10 [ 179.103005][ T9199] ? __pfx_nl80211_post_doit+0x10/0x10 [ 179.108586][ T9199] ? __asan_memcpy+0x40/0x70 [ 179.113222][ T9199] ? __pfx_ref_tracker_free+0x10/0x10 [ 179.118680][ T9199] netlink_rcv_skb+0x208/0x470 [ 179.123484][ T9199] ? __lock_acquire+0xab9/0xd20 [ 179.128507][ T9199] ? __pfx_genl_rcv_msg+0x10/0x10 [ 179.133585][ T9199] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 179.139002][ T9199] ? down_read+0x1ad/0x2e0 [ 179.143472][ T9199] genl_rcv+0x28/0x40 [ 179.147563][ T9199] netlink_unicast+0x82f/0x9e0 [ 179.152390][ T9199] ? __pfx_netlink_unicast+0x10/0x10 [ 179.157781][ T9199] ? netlink_sendmsg+0x642/0xb30 [ 179.162763][ T9199] ? skb_put+0x11b/0x210 [ 179.167128][ T9199] netlink_sendmsg+0x805/0xb30 [ 179.171954][ T9199] ? __pfx_netlink_sendmsg+0x10/0x10 [ 179.177332][ T9199] ? aa_sock_msg_perm+0xf1/0x1d0 [ 179.182408][ T9199] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 179.187767][ T9199] ? __pfx_netlink_sendmsg+0x10/0x10 [ 179.193083][ T9199] __sock_sendmsg+0x21c/0x270 [ 179.197855][ T9199] ____sys_sendmsg+0x505/0x830 [ 179.202663][ T9199] ? __pfx_____sys_sendmsg+0x10/0x10 [ 179.208204][ T9199] ? import_iovec+0x74/0xa0 [ 179.212761][ T9199] ___sys_sendmsg+0x21f/0x2a0 [ 179.217526][ T9199] ? __pfx____sys_sendmsg+0x10/0x10 [ 179.222806][ T9199] ? __fget_files+0x2a/0x420 [ 179.227498][ T9199] ? __fget_files+0x3a0/0x420 [ 179.232232][ T9199] __x64_sys_sendmsg+0x19b/0x260 [ 179.237286][ T9199] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 179.242832][ T9199] ? do_syscall_64+0xbe/0xfa0 [ 179.247603][ T9199] do_syscall_64+0xfa/0xfa0 [ 179.252134][ T9199] ? lockdep_hardirqs_on+0x9c/0x150 [ 179.257420][ T9199] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.263528][ T9199] ? clear_bhb_loop+0x60/0xb0 [ 179.268290][ T9199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.274223][ T9199] RIP: 0033:0x7f0760b8f6c9 [ 179.278733][ T9199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.298481][ T9199] RSP: 002b:00007f07619fd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 179.306997][ T9199] RAX: ffffffffffffffda RBX: 00007f0760de5fa0 RCX: 00007f0760b8f6c9 [ 179.315100][ T9199] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000005 [ 179.323100][ T9199] RBP: 00007f0760c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 179.331167][ T9199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 179.339240][ T9199] R13: 00007f0760de6038 R14: 00007f0760de5fa0 R15: 00007ffcfa6d2078 [ 179.347340][ T9199] [ 179.350404][ T9199] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 179.357712][ T9199] CPU: 0 UID: 0 PID: 9199 Comm: syz.4.1414 Not tainted syzkaller #0 PREEMPT(full) [ 179.367006][ T9199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 179.377113][ T9199] Call Trace: [ 179.380412][ T9199] [ 179.383357][ T9199] dump_stack_lvl+0x99/0x250 [ 179.387975][ T9199] ? __asan_memcpy+0x40/0x70 [ 179.392586][ T9199] ? __pfx_dump_stack_lvl+0x10/0x10 [ 179.397803][ T9199] ? __pfx__printk+0x10/0x10 [ 179.402419][ T9199] vpanic+0x237/0x6d0 [ 179.406425][ T9199] ? __pfx_vpanic+0x10/0x10 [ 179.410975][ T9199] panic+0xb9/0xc0 [ 179.414709][ T9199] ? __pfx_panic+0x10/0x10 [ 179.419150][ T9199] __warn+0x31b/0x4b0 [ 179.423160][ T9199] ? rate_control_rate_init+0x64a/0x6e0 [ 179.428730][ T9199] ? rate_control_rate_init+0x64a/0x6e0 [ 179.434298][ T9199] report_bug+0x2be/0x4f0 [ 179.438657][ T9199] ? rate_control_rate_init+0x64a/0x6e0 [ 179.444242][ T9199] ? rate_control_rate_init+0x64a/0x6e0 [ 179.449801][ T9199] ? rate_control_rate_init+0x64c/0x6e0 [ 179.455359][ T9199] handle_bug+0x84/0x160 [ 179.459624][ T9199] exc_invalid_op+0x1a/0x50 [ 179.464143][ T9199] asm_exc_invalid_op+0x1a/0x20 [ 179.469010][ T9199] RIP: 0010:rate_control_rate_init+0x64a/0x6e0 [ 179.475184][ T9199] Code: 82 01 00 00 20 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 d2 56 02 f7 90 0f 0b 90 eb e1 e8 c7 56 02 f7 90 <0f> 0b 90 48 83 c4 20 5b 41 5c 41 5d 41 5e 41 5f 5d e9 90 00 00 00 [ 179.494797][ T9199] RSP: 0018:ffffc90002f86f60 EFLAGS: 00010287 [ 179.500874][ T9199] RAX: ffffffff8abdad09 RBX: ffff88807847c000 RCX: 0000000000080000 [ 179.509120][ T9199] RDX: ffffc9000c20c000 RSI: 00000000000003d3 RDI: 00000000000003d4 [ 179.517100][ T9199] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8abda823 [ 179.525076][ T9199] R10: dffffc0000000000 R11: ffffed100f08f831 R12: 1ffff1100f08f80a [ 179.533059][ T9199] R13: ffff888023fe8e80 R14: 0000000000000001 R15: ffffffff8abda823 [ 179.541040][ T9199] ? rate_control_rate_init+0x163/0x6e0 [ 179.546605][ T9199] ? rate_control_rate_init+0x163/0x6e0 [ 179.552158][ T9199] ? rate_control_rate_init+0x649/0x6e0 [ 179.557750][ T9199] rate_control_rate_init_all_links+0x109/0x1a0 [ 179.564040][ T9199] sta_apply_auth_flags+0x1c2/0x400 [ 179.569377][ T9199] sta_apply_parameters+0xe27/0x1570 [ 179.574711][ T9199] ieee80211_add_station+0x424/0x6a0 [ 179.580026][ T9199] rdev_add_station+0x108/0x290 [ 179.584908][ T9199] nl80211_new_station+0x1755/0x1b70 [ 179.590233][ T9199] ? __pfx_nl80211_new_station+0x10/0x10 [ 179.595881][ T9199] ? netdev_run_todo+0xe1d/0xea0 [ 179.600858][ T9199] ? nl80211_pre_doit+0x4f1/0x930 [ 179.605902][ T9199] genl_family_rcv_msg_doit+0x215/0x300 [ 179.611497][ T9199] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 179.617603][ T9199] ? bpf_lsm_capable+0x9/0x20 [ 179.622312][ T9199] ? security_capable+0x7e/0x2e0 [ 179.627299][ T9199] genl_rcv_msg+0x60e/0x790 [ 179.631844][ T9199] ? __pfx_genl_rcv_msg+0x10/0x10 [ 179.636887][ T9199] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 179.642276][ T9199] ? __pfx_nl80211_new_station+0x10/0x10 [ 179.647924][ T9199] ? __pfx_nl80211_post_doit+0x10/0x10 [ 179.653407][ T9199] ? __asan_memcpy+0x40/0x70 [ 179.658015][ T9199] ? __pfx_ref_tracker_free+0x10/0x10 [ 179.663407][ T9199] netlink_rcv_skb+0x208/0x470 [ 179.668186][ T9199] ? __lock_acquire+0xab9/0xd20 [ 179.673054][ T9199] ? __pfx_genl_rcv_msg+0x10/0x10 [ 179.678117][ T9199] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 179.683432][ T9199] ? down_read+0x1ad/0x2e0 [ 179.687863][ T9199] genl_rcv+0x28/0x40 [ 179.691868][ T9199] netlink_unicast+0x82f/0x9e0 [ 179.696663][ T9199] ? __pfx_netlink_unicast+0x10/0x10 [ 179.701966][ T9199] ? netlink_sendmsg+0x642/0xb30 [ 179.706915][ T9199] ? skb_put+0x11b/0x210 [ 179.711186][ T9199] netlink_sendmsg+0x805/0xb30 [ 179.715973][ T9199] ? __pfx_netlink_sendmsg+0x10/0x10 [ 179.721274][ T9199] ? aa_sock_msg_perm+0xf1/0x1d0 [ 179.726231][ T9199] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 179.731523][ T9199] ? __pfx_netlink_sendmsg+0x10/0x10 [ 179.736822][ T9199] __sock_sendmsg+0x21c/0x270 [ 179.741524][ T9199] ____sys_sendmsg+0x505/0x830 [ 179.746310][ T9199] ? __pfx_____sys_sendmsg+0x10/0x10 [ 179.751638][ T9199] ? import_iovec+0x74/0xa0 [ 179.756180][ T9199] ___sys_sendmsg+0x21f/0x2a0 [ 179.761061][ T9199] ? __pfx____sys_sendmsg+0x10/0x10 [ 179.766403][ T9199] ? __fget_files+0x2a/0x420 [ 179.771009][ T9199] ? __fget_files+0x3a0/0x420 [ 179.775706][ T9199] __x64_sys_sendmsg+0x19b/0x260 [ 179.780678][ T9199] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 179.786164][ T9199] ? do_syscall_64+0xbe/0xfa0 [ 179.790852][ T9199] do_syscall_64+0xfa/0xfa0 [ 179.795377][ T9199] ? lockdep_hardirqs_on+0x9c/0x150 [ 179.800592][ T9199] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.806669][ T9199] ? clear_bhb_loop+0x60/0xb0 [ 179.811360][ T9199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.817261][ T9199] RIP: 0033:0x7f0760b8f6c9 [ 179.821685][ T9199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.841471][ T9199] RSP: 002b:00007f07619fd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 179.849902][ T9199] RAX: ffffffffffffffda RBX: 00007f0760de5fa0 RCX: 00007f0760b8f6c9 [ 179.857903][ T9199] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000005 [ 179.865888][ T9199] RBP: 00007f0760c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 179.873869][ T9199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 179.881853][ T9199] R13: 00007f0760de6038 R14: 00007f0760de5fa0 R15: 00007ffcfa6d2078 [ 179.889855][ T9199] [ 179.893281][ T9199] Kernel Offset: disabled [ 179.897622][ T9199] Rebooting in 86400 seconds..