last executing test programs: 1m4.247578376s ago: executing program 2 (id=326): bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x21, 0x10, 0x0, 0x0, 0x336c, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async) unshare(0x4000400) (async, rerun: 64) unshare(0x64040880) (async, rerun: 64) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x4, &(0x7f00000002c0)={@local={0xac, 0x2, 0x44, 0xa}, @private=0x5000000}, 0xc) getsockopt$inet_mreqn(r0, 0x0, 0x4, 0x0, &(0x7f0000000280)=0x11) (async, rerun: 32) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (rerun: 32) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r1}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) close(r3) (async) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYRESHEX=r0], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r4, 0x0, 0x6}, 0x18) (async, rerun: 64) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) (rerun: 64) bind$netlink(r5, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000000041}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003900000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) 53.398706005s ago: executing program 2 (id=326): bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x21, 0x10, 0x0, 0x0, 0x336c, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async) unshare(0x4000400) (async, rerun: 64) unshare(0x64040880) (async, rerun: 64) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x4, &(0x7f00000002c0)={@local={0xac, 0x2, 0x44, 0xa}, @private=0x5000000}, 0xc) getsockopt$inet_mreqn(r0, 0x0, 0x4, 0x0, &(0x7f0000000280)=0x11) (async, rerun: 32) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (rerun: 32) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r1}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) close(r3) (async) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYRESHEX=r0], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r4, 0x0, 0x6}, 0x18) (async, rerun: 64) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) (rerun: 64) bind$netlink(r5, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000000041}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003900000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) 37.621151983s ago: executing program 2 (id=326): bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x21, 0x10, 0x0, 0x0, 0x336c, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async) unshare(0x4000400) (async, rerun: 64) unshare(0x64040880) (async, rerun: 64) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x4, &(0x7f00000002c0)={@local={0xac, 0x2, 0x44, 0xa}, @private=0x5000000}, 0xc) getsockopt$inet_mreqn(r0, 0x0, 0x4, 0x0, &(0x7f0000000280)=0x11) (async, rerun: 32) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (rerun: 32) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r1}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) close(r3) (async) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYRESHEX=r0], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r4, 0x0, 0x6}, 0x18) (async, rerun: 64) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) (rerun: 64) bind$netlink(r5, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000000041}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003900000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) 25.79368151s ago: executing program 2 (id=326): bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x21, 0x10, 0x0, 0x0, 0x336c, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async) unshare(0x4000400) (async, rerun: 64) unshare(0x64040880) (async, rerun: 64) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x4, &(0x7f00000002c0)={@local={0xac, 0x2, 0x44, 0xa}, @private=0x5000000}, 0xc) getsockopt$inet_mreqn(r0, 0x0, 0x4, 0x0, &(0x7f0000000280)=0x11) (async, rerun: 32) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (rerun: 32) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r1}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) close(r3) (async) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYRESHEX=r0], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r4, 0x0, 0x6}, 0x18) (async, rerun: 64) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) (rerun: 64) bind$netlink(r5, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000000041}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003900000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) 16.14301806s ago: executing program 2 (id=326): bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x21, 0x10, 0x0, 0x0, 0x336c, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async) unshare(0x4000400) (async, rerun: 64) unshare(0x64040880) (async, rerun: 64) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x4, &(0x7f00000002c0)={@local={0xac, 0x2, 0x44, 0xa}, @private=0x5000000}, 0xc) getsockopt$inet_mreqn(r0, 0x0, 0x4, 0x0, &(0x7f0000000280)=0x11) (async, rerun: 32) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (rerun: 32) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r1}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) close(r3) (async) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYRESHEX=r0], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r4, 0x0, 0x6}, 0x18) (async, rerun: 64) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) (rerun: 64) bind$netlink(r5, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000000041}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003900000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) 5.959750858s ago: executing program 3 (id=1145): r0 = socket$inet_tcp(0x2, 0x1, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4000002, 0x3032, 0xffffffffffffffff, 0x2a1cf000) unshare(0x6a040000) r1 = socket$phonet_pipe(0x23, 0x5, 0x2) bind$phonet(r1, &(0x7f0000000040)={0x23, 0x4, 0x2}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000001, 0x40010, 0xffffffffffffffff, 0x535a7000) r2 = socket$phonet_pipe(0x23, 0x5, 0x2) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x4000002, 0x3032, 0xffffffffffffffff, 0x2a1cf000) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) bind$phonet(r4, &(0x7f0000000040)={0x23, 0x4, 0x2}, 0x10) socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000280)=@req3={0x8, 0x3ff, 0x7, 0x5, 0x9, 0x2, 0x10003}, 0x1c) bind$phonet(r2, &(0x7f0000000040)={0x23, 0x4, 0x2}, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000580)=ANY=[], 0x21c}, 0x1, 0x0, 0x0, 0x24040010}, 0x40805) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000001c0)={0x4, 0xd4, 0x2, 0x6, 0xd9a2}, 0x14) socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x23, &(0x7f0000000040), &(0x7f0000000200)=0x38) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x20000091}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000002000000000000000000000095", @ANYRES64=0x0, @ANYRES8=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x53, @void, @value}, 0x94) socket$inet_icmp_raw(0x2, 0x3, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x2, &(0x7f0000000140)=ANY=[@ANYBLOB="61108e000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r7, 0x0, 0xb, &(0x7f00000000c0)=0x3, 0x4) 5.356105682s ago: executing program 0 (id=1150): socket$nl_netfilter(0x10, 0x3, 0xc) (async) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1a0000003dbb0000018000000500000002000400", @ANYRES32, @ANYBLOB="0100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000100000003"], 0x50) (async) sendmsg$NFT_MSG_GETRULE(r0, 0x0, 0x0) unshare(0x62040200) (async) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) (async, rerun: 32) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0xfffffffc, 0xff, 0x80000000}, 0x1c) (rerun: 32) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) r3 = bpf$ITER_CREATE(0x21, &(0x7f0000000180), 0x8) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_SERVICE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000940)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000000400000024000180060001000a00000008000800010000000800050003"], 0x38}}, 0x0) sendmsg$IPVS_CMD_GET_CONFIG(r3, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x84, r5, 0x2, 0x70bd2a, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x15d4}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DEST={0x48, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x4}, @IPVS_DEST_ATTR_TUN_TYPE={0x5}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x1}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@private=0xa010100}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xd}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x4}, 0x40) (async) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c) (async) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0) (async) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x5c, 0x2, 0x6, 0x3, 0x0, 0x0, {0x0, 0x0, 0xb}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x0}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) socket$nl_generic(0x10, 0x3, 0x10) (async) pipe(&(0x7f0000000000)={0xffffffffffffffff}) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async) r8 = socket$kcm(0x10, 0x2, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000001200)=ANY=[@ANYRES32=r8, @ANYRES32=r7, @ANYRES64=r8, @ANYRES64=0x0, @ANYBLOB="13"], 0x20) (async) bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @mcast1}, 0x1c) (async) r9 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r9, 0x84, 0x16, &(0x7f0000000140)={0x6, [0x4c3d, 0xbe, 0xd5, 0x9, 0x32c, 0x1]}, 0x10) (async) sendto$inet6(r2, &(0x7f00000000c0)="58f7da7d8388a02d6cc18b12831cdfc7b5d352ecb209db93330b30a063db08fcb14c80ebc14257daf27ea4c14defea3adefb8812bce4be3ea5c4e28e3043ce4aab00731150418a9c535d1f6002d597366d8f9ccc3e67f7ce18", 0x59, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async) shutdown(r2, 0x2) 4.46383227s ago: executing program 3 (id=1153): r0 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000000)) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$netlink(0x10, 0x3, 0x8) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0000acbd00"}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) ioctl$sock_SIOCBRDELBR(r3, 0x89a2, &(0x7f0000000000)='bridge0\x00') sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000440)={0x20, r2, 0x1, 0x3, 0x25dfdbff, {}, [@NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) (async) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000000)) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) (async) socket$netlink(0x10, 0x3, 0x8) (async) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0000acbd00"}) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) (async) ioctl$sock_SIOCBRDELBR(r3, 0x89a2, &(0x7f0000000000)='bridge0\x00') (async) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000440)={0x20, r2, 0x1, 0x3, 0x25dfdbff, {}, [@NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) (async) 4.371874494s ago: executing program 4 (id=1154): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe20, 0x0, @empty}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast2, 0x2}, 0x1c) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4) bind$inet6(r2, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r4 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r3, 0x0) openat$cgroup_ro(r3, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x0, 0x0) 4.226444959s ago: executing program 4 (id=1155): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x8) ioctl$SIOCAX25OPTRT(r0, 0x89e7, &(0x7f0000001c00)={@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2, 0x20}) unshare(0x4000400) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000005c0)=""/151, 0x97}], 0x1, &(0x7f0000002f40)=""/229, 0xe5}, 0x0) sendmsg$tipc(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)="b8d3d8e48974aae503984742e847457d61b9459b68100dbf05177b2436f9d642df271fd6b9aa6701365ffc723899ad120c5a54b1c64080f64f103ee1de769e5e9dd8cbb6f069a662eaad499c52a16f40cb3a1f6f3d5f8df14c53b2e6b5397f7806b6ff846de37a34c8342b9ac5a51eacf8a09cede8676044eafd3d7935f90698aa2d9c57276322b82e8976f5a4d980eaeb3b636630b810f2e2", 0x99}], 0x1, 0x0, 0x0, 0x84}, 0x0) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0xf983e000) close(r2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x2, &(0x7f0000000200)=@raw=[@call={0x85, 0x0, 0x0, 0x8c}, @exit], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x53, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r5, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x27) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r4, 0x84, 0x7c, &(0x7f0000000080)={r6, 0x3, 0x8001}, &(0x7f0000000140)=0x8) bind$can_j1939(r3, 0x0, 0x0) r7 = socket(0x10, 0x400000000080803, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000240)={'virt_wifi0\x00', &(0x7f00000002c0)=@ethtool_coalesce={0xf, 0x0, 0x9, 0x5, 0x1ff, 0x0, 0x5, 0xffff05ec, 0x2, 0x2, 0x661, 0x1, 0xffffffff, 0x4, 0x101, 0x54, 0x81, 0xfd0a, 0xf2, 0x5, 0xdc0, 0xe, 0x1}}) ioctl$sock_SIOCETHTOOL(r7, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f00000001c0)=@ethtool_ringparam={0x4, 0x0, 0x45, 0xfffffffe, 0x8fc3, 0x1, 0x20000, 0x0, 0xf}}) 4.181710367s ago: executing program 3 (id=1156): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) (async) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x806000) (async) socket$kcm(0xa, 0x5, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0x2, 0x0, 0x0) (async) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) (async) connect$inet(r2, &(0x7f0000000340)={0x2, 0x4e24, @loopback}, 0x10) (async) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000200)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2f, 0xffffffd4, 0x0, 0x0, 0x20}}, &(0x7f0000000240)='GPL\x00', 0x1, 0x473, &(0x7f0000000280)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r4 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000440)=r3, 0x4) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c000000100009060300"/20, @ANYRES32=0x0, @ANYBLOB="adffa888f00306001c0012800e0001006970366772657461700000000800028004001200940daf333b2c58e7888aca09269ee4d2792e6025bbebc885ba29609da61a1dcc27fbe9c620d73f6a66"], 0x3c}}, 0x40050) getsockopt$inet_int(r2, 0x0, 0xb, 0x0, &(0x7f0000000140)) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4844) (async) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) (async) close(0xffffffffffffffff) ioctl$FS_IOC_RESVSP(r1, 0x40305829, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x9ffffc}) 3.936694256s ago: executing program 0 (id=1158): r0 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c020000", @ANYRES16=r0, @ANYBLOB="01000000000000000000010000001400020077673100000000000000000000000000f40108807000008048000980282100f8060001000a00000014000200fe8000000000000000000000000000aa05000300000000001c000080060001000200000908000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005000500000008000a000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff200004000a034e200000040100000000000000000000ffffac14142a06000000240001000000000000000000000000000000000000000000000000000000000000000000d4000980"], 0x21c}, 0x1, 0x0, 0x0, 0x24040010}, 0x4100) 3.883780633s ago: executing program 1 (id=1159): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x32600) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r3) sendmsg$NLBL_CIPSOV4_C_ADD(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000100000008000100030000002c000480050003000100000005000300000000000500030000000000050003000100000005000300800000000800020003"], 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) socket$packet(0x11, 0x2, 0x300) r5 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_int(r5, 0x107, 0x9, 0x0, &(0x7f0000000040)) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c00000010000104000000000000000000002000", @ANYRES32=0x0, @ANYBLOB="03000000000000002c0012800c0001006d6163766c616e001c000280080001000800000006ef0200010000001ffe02000000000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\f\x00', @ANYRES32], 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0xc001) epoll_create(0xffffffff) 3.825616757s ago: executing program 3 (id=1160): r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000005c0)={@dev={0xfe, 0x80, '\x00', 0x40}, @remote, @remote, 0x3, 0x2, 0x5, 0x400, 0xb7, 0xc20022, r2}) syz_emit_ethernet(0x82, &(0x7f0000000040)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @private2, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0x80}}]}]}}}}}}}, 0x0) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="5800000010000104000000ffffffffffffffc300", @ANYRES32=0x0, @ANYBLOB="2b03000000000000300012800b00010067656e6576650000200002800800010001000000140007000000000000000005000000000000000108000a0071"], 0x58}}, 0x0) 3.824831865s ago: executing program 0 (id=1161): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x13, 0x4, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="440000001000010828bd70000000000000004c00", @ANYRES32=0x0, @ANYBLOB="210800000000000008001b"], 0x44}, 0x1, 0xffffa888, 0x0, 0x48000}, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20000002, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r4 = socket$inet6(0xa, 0x3, 0x2c) r5 = socket$inet6_dccp(0xa, 0x6, 0x0) ioctl$int_in(r5, 0x5452, &(0x7f0000000240)=0x6) setsockopt$sock_int(r5, 0x1, 0x20, &(0x7f00000003c0), 0x4) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x3c1, 0x3, 0x538, 0x3a0, 0x150, 0x150, 0x0, 0xf8010000, 0x468, 0x238, 0x238, 0x468, 0x238, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, [], [], 'team_slave_0\x00', 'hsr0\x00', {}, {}, 0x84}, 0x0, 0x338, 0x3a0, 0x0, {}, [@common=@inet=@sctp={{0x148}, {[], [], [], 0x2, [], 0x0, 0x4}}, @common=@inet=@sctp={{0x148}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}, {{@ipv6={@empty, @mcast1, [], [], 'batadv_slave_0\x00', 'veth1\x00'}, 0x0, 0xa8, 0xc8}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x598) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r6 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r6, &(0x7f00000001c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) sendmsg(r6, &(0x7f00000000c0)={0x0, 0x9588, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000000000000000000000000000850000000800000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 3.799979579s ago: executing program 2 (id=326): bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x21, 0x10, 0x0, 0x0, 0x336c, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async) unshare(0x4000400) (async, rerun: 64) unshare(0x64040880) (async, rerun: 64) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x4, &(0x7f00000002c0)={@local={0xac, 0x2, 0x44, 0xa}, @private=0x5000000}, 0xc) getsockopt$inet_mreqn(r0, 0x0, 0x4, 0x0, &(0x7f0000000280)=0x11) (async, rerun: 32) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (rerun: 32) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r1}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) close(r3) (async) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYRESHEX=r0], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r4, 0x0, 0x6}, 0x18) (async, rerun: 64) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) (rerun: 64) bind$netlink(r5, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000000041}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000003900000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) 2.260250356s ago: executing program 0 (id=1162): unshare(0x62040200) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000020000000000000000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = accept(0xffffffffffffffff, 0x0, &(0x7f0000000280)) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f00000002c0)=@assoc_value, &(0x7f0000000300)=0x8) ioctl$SIOCRSSL2CALL(r0, 0x89e2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x4802, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000003c0)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x1, 0x1, 0x3, 0xd, 0x1, 0x1}, 0x20) socket$kcm(0x2, 0xa, 0x2) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000008, 0x13, 0xffffffffffffffff, 0xc894a000) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000340)={'vlan0\x00', 0x400}) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x44, 0x800000, 0xc, 0x7, 0x2, 0x81}) write$bt_hci(r4, &(0x7f0000000080)=ANY=[], 0x6) write$tun(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="0300080001000000000014000000ffab43c5f600596000e7db0477f3cfc4da9fd71c2cd3393ed924241575f4edda1d175d55e84fa2c3d8be0b828a2e9c6ae42de3849960c7d5ef60cc1308d1e3ec7bbe7fd4f639200859f44a7ed9c6afa5991421a6ad8a57bfb03c00f5a89458ce6e6514cbb15978de90e955333d4da4741f59dbbd46f69d43f7b699cc4e44ebd2ece0ccb2214db88630f8aac32d4b72962f30d88003b3f359e42b7d233acda404c95c9c8d80c17d90001814a81392d2a850fbb1027e09902bd12cff33e752ff3eec2fdfe5749e2b3c089de3f9395d421dad3c1a83c6b38b65b30718"], 0x62) 2.260036969s ago: executing program 1 (id=1163): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x2, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x8}}}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000700)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000500)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtfilter={0x50, 0x2c, 0xd2f, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x0, 0xfff1}, {}, {0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_ENC_KEY_ID={0x8, 0x1a, 0x9}, @TCA_FLOWER_KEY_ENC_IPV6_SRC={0x14, 0x1f, @mcast2}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000085}, 0x40) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.25927318s ago: executing program 3 (id=1164): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000001600), 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1e0000008dbc0000050000000600000000010000", @ANYRES32, @ANYBLOB="0600"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0200000001000000000000000f00000000000000000000000000000038e8ab34e9a45623609863588b500a6099f5b1e77b2ad8d1a1b26ca8538b9b0a78a62a8f7e5b0f999a0500b16070e95c5de40254ad"], 0x50) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'dummy0\x00', 0x0}) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x124, 0x124, 0x6, [@enum64={0xb, 0xa, 0x0, 0x13, 0x0, 0xe, [{0x10, 0x55, 0x9}, {0x20000003, 0xfff, 0x10000}, {0x2, 0x42c, 0xffff72c3}, {0x7, 0x3, 0x80000000}, {0x4, 0x100, 0xfffff75a}, {0x8, 0xa56, 0x8}, {0x1, 0x92, 0x99fa}, {0xf, 0x9}, {0xf, 0x8, 0x40}, {0x3, 0x6ac, 0x8}]}, @func={0xd, 0x0, 0x0, 0xc, 0x5}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x5, 0x7}}, @enum={0x7, 0x8, 0x0, 0x6, 0x4, [{0x6, 0x7}, {0x6, 0x3}, {0x5, 0x9}, {0x3, 0x8}, {0x1, 0x6}, {0x7, 0x3}, {0x9, 0x9}, {0xe, 0x8}]}, @float={0xb, 0x0, 0x0, 0x10, 0x4}, @decl_tag={0xc, 0x0, 0x0, 0x11, 0x5, 0x7}, @enum={0x4, 0x1, 0x0, 0x6, 0x4, [{0xd, 0x2018}]}]}, {0x0, [0x2e, 0x5f, 0x2e, 0x5f]}}, &(0x7f0000000240)=""/214, 0x142, 0xd6, 0x1, 0x9, 0x0, @void, @value}, 0x28) r4 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000400)={0x0, r0}, 0x8) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r5) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r5) recvmmsg(r5, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001580)=""/153, 0x99}, {&(0x7f0000001a00)=""/4094, 0xffe}, {&(0x7f0000000840)=""/200, 0xc8}], 0x3}, 0x7}, {{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000005c80)=""/4089, 0xff9}, {&(0x7f0000000340)=""/207, 0xcf}, {&(0x7f0000000740)=""/227, 0xe3}, {&(0x7f0000000100)=""/119, 0x77}, {&(0x7f00000000c0)=""/23, 0x17}, {&(0x7f0000003c40)=""/4092, 0xffc}, {&(0x7f0000001840)=""/98, 0x62}], 0x7}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x9}], 0x5, 0x40008062, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@bloom_filter={0x1e, 0x7, 0x3, 0x72, 0x10000, r1, 0x5, '\x00', r2, r3, 0x1, 0x0, 0x1, 0xf, @void, @value, @value=r4}, 0x50) 2.243641023s ago: executing program 4 (id=1165): socket$inet6(0xa, 0x2, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x1c}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPSET_CMD_RENAME(r0, 0x0, 0x4004010) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x20004040) socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r3], 0x90}, 0x1, 0x5d6}, 0x0) 808.450742ms ago: executing program 1 (id=1166): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="a000000000010104000000000000000002000000240001801400018008000100ac1414aa08000200000000000c000280050001000000000024000280140001800800010000000000080002000a0101010c000280050001000000000008000740000000023c0018"], 0xa0}}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000017c0000040000000c00018006000600800a000004050280ff0414"], 0x528}}, 0xc000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000016c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r1, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f0000000140)={0x14, r2, 0xf1aad47e89fb43b5}, 0x14}}, 0x0) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000080)={&(0x7f00000004c0)={0x168, r2, 0x200, 0x70bd28, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}}, {@pci={{0x8}, {0x11}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x2}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}}, {@pci={{0x8}, {0x11}}, {0x8}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}}]}, 0x168}, 0x1, 0x0, 0x0, 0x10}, 0x80) 703.603411ms ago: executing program 3 (id=1167): unshare(0x62040200) r0 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$int_in(r0, 0x2a29, &(0x7f0000000100)=0xb) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newqdisc={0x6c, 0x24, 0x10, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xffff}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x3c, 0x2, [@TCA_CODEL_TARGET={0x8, 0x1, 0x7}, @TCA_CODEL_INTERVAL={0x8, 0x3, 0x8}, @TCA_CODEL_INTERVAL={0x8}, @TCA_CODEL_TARGET={0x8}, @TCA_CODEL_CE_THRESHOLD={0x8, 0x5, 0x4}, @TCA_CODEL_LIMIT={0x8, 0x2, 0x80000000}, @TCA_CODEL_ECN={0x8}]}}]}, 0x6c}}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x7ffffffffffffffe, 0x3ff}) r1 = socket$netlink(0x10, 0x3, 0xb) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="480000001c00110c0000001400000f0007000000", @ANYRES32=r2, @ANYBLOB="800202000a000200577f0000aabb000020000e80"], 0x48}}, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000380)=0x1, 0x4) close(r0) getpeername$llc(0xffffffffffffffff, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast}, &(0x7f0000000140)=0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000900)=ANY=[@ANYRESHEX=r2, @ANYRES32, @ANYRESHEX, @ANYRES16=r1, @ANYRES32, @ANYBLOB="00000000030000000600"/28, @ANYBLOB="404dd679d01c180ba9e8e803538c0dfa61ae29ed220559a0f331270dc1c48eea003854d7a7f38551897a161389957fc4e2560a8929a7e509ac689c33021ec5eb1a184d6dd6454898edcc77"], 0x50) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='sched_switch\x00'}, 0x10) socketpair(0x18, 0x0, 0x2, &(0x7f0000000000)) r4 = socket$inet_smc(0x2b, 0x1, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[@ANYRESDEC], 0x78}}, 0x0) connect$inet(r4, &(0x7f0000000000)={0x2, 0x3ffe, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=ANY=[@ANYBLOB="880100001b00010027bd7000fcdbdf257f000001000000000000000000000000ff0200000000000000000000000000014e2400094e220006020080202b000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0900000000000000040000000000000001000000000000000000000000000000ffffff7f0000000006000000000000000900000000000000050000000000000008000000000000000180000000000000ffff000000000000ffffffffffffffff81000000b26b6e000001000200000000f22bd4c1075bc0a914000e000000000000000000000000000000000108001d00ffff0000ac0007007f00000100000000000000000000000000000000000000000000ffffac1414bb4e2100004e228001020080001d000000", @ANYRES32=0x0, @ANYRES32=r3, @ANYBLOB="07000000000000000000000000000000090000000000000007000000000000000400000000000000f7ffffffffffffff0008000000000000270400000000000007000000000000002f070000000000000000000000ffff000900000000000000c4e65d32cb6b6e000200020000000000"], 0x188}}, 0x0) sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYRESDEC], 0xb8}}, 0x0) sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000340)=ANY=[@ANYRESDEC], 0x188}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000000000000000000b0200000002000000000000120000000000005f007dc9cad5ba46820675186af7363500aebee87dd8f5d2564b9aeba1212ea6db04dab823cae35e5dcb159c3f6586e164d0dac0"], 0x0, 0x34, 0x0, 0xa, 0x0, 0x0, @void, @value}, 0x28) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, 0x0, 0x0) r8 = socket(0xa, 0x5, 0x1) setsockopt$MRT6_ADD_MFC(r8, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0xfffc, 0x0, @empty, 0xfffffffc}, {0xa, 0x0, 0x80800080, @mcast2}, 0x800, {[0x0, 0x0, 0x0, 0xfff, 0x6, 0x1, 0xfffffffd]}}, 0x5c) 703.407614ms ago: executing program 4 (id=1168): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a00000008000000e27f000021"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a4c000000060a01040000000000800b0001006f626a72656600000c00028008000340000000060900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a00"/116], 0x74}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r0}, &(0x7f0000000400), &(0x7f0000000500)=r1}, 0x20) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r3, 0x1, 0x3e, &(0x7f0000000080)="d040cd4a5e4afffc10ccadb17f86687da0491237072aba498c", 0x19) bind$inet6(r3, &(0x7f0000000800)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) 599.07968ms ago: executing program 1 (id=1169): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket(0x1e, 0x5, 0x0) recvmmsg(r1, &(0x7f0000003c40)=[{{0x0, 0x0, 0x0}, 0xa0a}], 0x1, 0x40002000, 0x0) sendto$packet(r0, &(0x7f0000000800)="00199a4b4d4bababc39232d5d01316712cf73f496006127a2dd2ba05b776f2a9bd00a6fba38d6367961a1dcf0bf9e6071a614988e56cbcf094332a2106366f9a", 0x7, 0x60c1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="2ab50e65cd6b"}, 0xfffffffffffffefd) socket$kcm(0x10, 0x5, 0x0) sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680), 0x1, 0x0, 0xfffffffffffffef7, 0x1f00c00e}, 0x4000000) 338.884295ms ago: executing program 4 (id=1170): r0 = socket$rxrpc(0x21, 0x2, 0x2) bind$rxrpc(r0, &(0x7f0000000400)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x6e24, @empty}}, 0x24) r1 = socket$rxrpc(0x21, 0x2, 0x2) bind$rxrpc(r1, &(0x7f0000000400)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x6e24, @empty}}, 0x24) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x0) recvmmsg(r2, &(0x7f0000002f40)=[{{0x0, 0x0, &(0x7f0000002740)=[{&(0x7f00000002c0)=""/248, 0xf8}], 0x1}}], 0x1, 0x0, 0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SET(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="200000000214"], 0x20}}, 0x0) recvmmsg(r2, &(0x7f0000002340)=[{{&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000000c0), 0x0, &(0x7f0000000100)=""/27, 0x1b}, 0xffffffe1}, {{&(0x7f0000000180)=@ieee802154, 0x80, &(0x7f0000001700)=[{&(0x7f0000000440)=""/4096, 0x1000}, {&(0x7f0000001440)=""/159, 0x9f}, {&(0x7f0000001500)=""/155, 0x9b}, {&(0x7f00000015c0)=""/161, 0xa1}, {&(0x7f0000001680)=""/97, 0x61}], 0x5, &(0x7f0000001780)=""/166, 0xa6}, 0x9}, {{&(0x7f0000001840)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, &(0x7f0000000280)=[{&(0x7f00000018c0)=""/192, 0xc0}, {&(0x7f0000001980)=""/157, 0x9d}, {&(0x7f0000000200)}], 0x3, &(0x7f00000003c0)=""/64, 0x40}, 0x9}, {{0x0, 0x0, &(0x7f0000001c00)=[{&(0x7f0000001a40)=""/7, 0x7}, {&(0x7f0000001a80)=""/252, 0xfc}, {&(0x7f0000001b80)=""/124, 0x7c}], 0x3, &(0x7f0000001c40)=""/177, 0xb1}, 0x2}, {{0x0, 0x0, &(0x7f0000002040)=[{&(0x7f0000001d00)=""/115, 0x73}, {&(0x7f0000001d80)=""/208, 0xd0}, {&(0x7f0000001e80)=""/172, 0xac}, {&(0x7f0000001f40)=""/248, 0xf8}], 0x4, &(0x7f0000002080)=""/122, 0x7a}, 0x6}, {{&(0x7f0000002100)=@isdn, 0x80, &(0x7f00000022c0)=[{&(0x7f0000002180)=""/47, 0x2f}, {&(0x7f00000021c0)=""/74, 0x4a}, {&(0x7f0000002240)=""/121, 0x79}], 0x3, &(0x7f0000002300)=""/39, 0x27}, 0xab}], 0x6, 0x2000, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000005, 0x4000010, 0xffffffffffffffff, 0xc15ac000) setsockopt$inet_int(r4, 0x0, 0x12, &(0x7f00000000c0)=0x5, 0x4) 291.759701ms ago: executing program 1 (id=1171): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x4c, 0x2, 0x6, 0x5, 0x0, 0x0, {0x5}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0, 0x0, 0x40}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x4c}}, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0700000004000000000300000100000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00008fc760a2000600000000000000000200000000000000000000006a3f030062c9634cc032d2282897d2bd080c519f33bc7cccb2d65375f66bdc0d22481e0c66f96038b15a0a089778e0848a530ac17542532a41c548900fdd8b00584548da388c7eabe90fa03d7134dc450f"], 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r1, 0x0, 0x0}, 0x20) write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BTRFS_IOC_START_SYNC(r3, 0x80089418, &(0x7f0000000180)=0x0) ioctl$BTRFS_IOC_WAIT_SYNC(r0, 0x40089416, &(0x7f00000002c0)=r4) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x8, [@fwd={0x4}]}, {0x0, [0x0, 0x0, 0x0, 0x2e, 0x2e, 0x2e]}}, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000004000000000000000201801000020786c3500000000002020207b1af8ff00000000bfa10000000000000701000094ffffffb702000008000000b703000000000020850000002d000000850000002a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a00)={r7, 0x0, 0x0, 0x1a, 0x0, &(0x7f0000000700)=""/26, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x5}, 0x4c) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0xf, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7020000140000008003000000000e00850000008300ab00bf09000000000000550901000000000095000000000091000000000000b702002b000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000480)={r5, &(0x7f0000000240)="218c0ac7bcce4908d8c52355a17501d907c65ba6cb94269ddb299b79", 0x0}, 0x20) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000000)=r8, 0x4) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x9, 0x100010, r6, 0xd313f000) write$cgroup_subtree(r3, &(0x7f00000003c0)=ANY=[], 0x36) r9 = socket$inet6(0xa, 0x40000080806, 0x0) connect$inet6(r9, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) 216.806043ms ago: executing program 0 (id=1172): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000580)="d8000000140081044e81f782db44b9040a1d08020a000000040000a118000200ff11000000000e1208000f0100810401a80016ea1f0008400304000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c01003f0000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0) 145.772723ms ago: executing program 4 (id=1173): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="58000000020601020000000000000000000000000900020073797a31000000000500010007000000050005000a0000000c000780080012400000000011000300686173683a6e65742c6e657400000000050004"], 0x58}}, 0x0) (async, rerun: 64) r1 = socket$packet(0x11, 0x3, 0x300) (rerun: 64) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_inet_sctp_SIOCINQ(r3, 0x5761, 0x0) (async, rerun: 64) socket$caif_stream(0x25, 0x1, 0x4) (rerun: 64) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58) (async, rerun: 32) r6 = accept4$alg(r5, 0x0, 0x0, 0x0) (rerun: 32) sendmsg$nl_route_sched(r4, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000600)=@getchain={0x4c, 0x66, 0x10, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0xc, 0x1}, {0xfff3, 0xa}, {0x6, 0x6}}, [{0x8, 0xb, 0xffffff48}, {0x8, 0xb, 0x400}, {0x8, 0xb, 0x9}, {0x8, 0xb, 0x4}, {0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x80}, 0x0) (async) sendmmsg$sock(r6, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000340)="8224aca5f41b9e0ec5e7a706c919e7c0e343f0cd0a779c17e7f992396b09252009d2d12e9475a57ec39f71417044cf4151af34ac1dfd5d87cdd80bc4c24478821f64d4d971bbc1fc7bdd181a839344917165bb9cd0fa568aac55d8e38ee30fd3a9bc63e2656b6941c812e6ea0692ec276deb2b7b817906cf8c5429a42164e8bb521e216e554d509a0fd0d86729b5f4b9a01fb336bef1be8a68a628452b83a7404087d4bcb64f6ecad05459d12595d5b8b2657f2f29656a15e5a18e3168946dcb5faa59f7b404bad393ba06734d170b0513aeb0d051", 0xd5}, {&(0x7f00000004c0)="62c99e05d98775ed1beb5d67431ead896f7060f03e5b8671b283168d0df1573bef271f3a22b9cac06e27c7e87b34a19188d3e10e670bc070f0d3eb88d2f891d242747e0deec4a10609b12d4058b0fbff28bb01e6e49b533b03b11288ff4da1ab3226a2e3ba5fc47969142f1a1a0ca9ba4cece2ac9a5fcd89343de7e57dfcbb6216499555bd04f2fcb91c3c6c72868a3797ec63f8138ab74b5034878812df8b0445704cb33f81bffed93c3e645a206db134f626a59f4fac53fbf23489cf2f45d05d735e64033376671da045df97bcb989bda1d17ba14afbfd19e32a8222ebf934c17fed237b86aef2e830", 0xea}, {&(0x7f00000005c0)="f2b314c96d500b66f7fd46493862d9eb11d188464208592330ac482436286448", 0x20000}], 0x3}}], 0x1, 0x0) (async) r7 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) (rerun: 32) sendmsg$ETHTOOL_MSG_DEBUG_SET(r7, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000000)=ANY=[@ANYRES8=r0, @ANYRES16=r8, @ANYRES64=r1, @ANYRES64], 0x44}}, 0x4028001) (async) r9 = socket$alg(0x26, 0x5, 0x0) bind$alg(r9, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) (async, rerun: 32) r10 = accept4(r9, 0x0, 0x0, 0x0) (rerun: 32) sendmsg$alg(r10, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x18, 0x117, 0x4, 0x202}], 0x18}, 0x0) (async, rerun: 32) sendmsg$nl_route_sched_retired(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0) (rerun: 32) recvmmsg(r10, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000500)=""/229, 0xe5}, {&(0x7f0000000840)=""/127, 0x7f}, {&(0x7f0000000400)=""/115, 0x73}, {&(0x7f00000000c0)=""/33, 0x21}, {&(0x7f00000004c0)=""/21, 0x15}], 0x11}}], 0x2, 0x60, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000580)=ANY=[@ANYRES32=0x0, @ANYRES32], 0x20) (async, rerun: 32) r11 = socket$inet6(0xa, 0x3, 0x8000000003c) (rerun: 32) connect$inet6(r11, &(0x7f0000000140)={0xa, 0x2, 0xe, @dev={0xfe, 0x80, '\x00', 0xfd}, 0x9}, 0x1c) (async) r12 = socket$igmp6(0xa, 0x3, 0x2) (async, rerun: 64) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000350000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000054000000060a0104000000000000000001"], 0xdc}}, 0x0) (rerun: 64) socket$inet(0x2, 0x5, 0x7) (async, rerun: 32) setsockopt$IP6T_SO_SET_REPLACE(r12, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) (rerun: 32) 31.827588ms ago: executing program 1 (id=1174): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r1}, 0x10) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) r2 = socket(0x15, 0x5, 0x0) getsockopt(r2, 0x200000000114, 0x271e, &(0x7f0000000580)=""/102393, &(0x7f0000000040)=0x18ff9) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="78000000100001042cbd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="9101000000000000580012800b000100697036677265000048000280060010004e23000006000300008000000400120014000700ff01000000000000000000000000000108000d00ff7f00001400060000000000000000000000ffffe000000168309a8ef71e78367da03a7ce2"], 0x78}, 0x1, 0x0, 0x0, 0x40080}, 0x0) 0s ago: executing program 0 (id=1175): r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000005c0)={@dev={0xfe, 0x80, '\x00', 0x40}, @remote, @remote, 0x3, 0x2, 0x5, 0x400, 0xb7, 0xc20022, r2}) syz_emit_ethernet(0x82, &(0x7f0000000040)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @private2, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0x80}}]}]}}}}}}}, 0x0) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="5800000010000104000000ffffffffffffffe400", @ANYRES32=0x0, @ANYBLOB="2b03000000000000300012800b00010067656e6576650000200002800800010001000000140007000000000000000005000000000000000108000a0071"], 0x58}}, 0x0) kernel console output (not intermixed with test programs): forcing a failure. [ 154.925794][ T7872] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 154.969468][ T7872] CPU: 1 UID: 0 PID: 7872 Comm: syz.4.507 Not tainted 6.14.0-rc2-syzkaller-00487-gdbcbec81c9b8 #0 [ 154.969509][ T7872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 154.969529][ T7872] Call Trace: [ 154.969542][ T7872] [ 154.969556][ T7872] dump_stack_lvl+0x241/0x360 [ 154.969590][ T7872] ? __pfx_dump_stack_lvl+0x10/0x10 [ 154.969613][ T7872] ? __pfx__printk+0x10/0x10 [ 154.969638][ T7872] ? __pfx_lock_release+0x10/0x10 [ 154.969668][ T7872] ? __lock_acquire+0x1397/0x2100 [ 154.969707][ T7872] should_fail_ex+0x40a/0x550 [ 154.969741][ T7872] _copy_from_user+0x2d/0xb0 [ 154.969768][ T7872] kstrtouint_from_user+0xc6/0x190 [ 154.969805][ T7872] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 154.969843][ T7872] ? __pfx_lock_acquire+0x10/0x10 [ 154.969884][ T7872] proc_fail_nth_write+0xaa/0x2d0 [ 154.969912][ T7872] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 154.969939][ T7872] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 154.969974][ T7872] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 154.970017][ T7872] vfs_write+0x29f/0xd10 [ 154.970041][ T7872] ? fdget_pos+0x254/0x320 [ 154.970068][ T7872] ? __mutex_unlock_slowpath+0x227/0x800 [ 154.970099][ T7872] ? __pfx_vfs_write+0x10/0x10 [ 154.970117][ T7872] ? do_sys_openat2+0x17a/0x1d0 [ 154.970149][ T7872] ? __fget_files+0x2a/0x410 [ 154.970180][ T7872] ? __fget_files+0x395/0x410 [ 154.970207][ T7872] ? __fget_files+0x2a/0x410 [ 154.970246][ T7872] ksys_write+0x18f/0x2b0 [ 154.970270][ T7872] ? __pfx_ksys_write+0x10/0x10 [ 154.970293][ T7872] ? do_syscall_64+0x100/0x230 [ 154.970323][ T7872] ? do_syscall_64+0xb6/0x230 [ 154.970352][ T7872] do_syscall_64+0xf3/0x230 [ 154.970377][ T7872] ? clear_bhb_loop+0x35/0x90 [ 154.970411][ T7872] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.970439][ T7872] RIP: 0033:0x7f3ef6d8b89f [ 154.970457][ T7872] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 154.970474][ T7872] RSP: 002b:00007f3ef7b1a030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 154.970496][ T7872] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3ef6d8b89f [ 154.970510][ T7872] RDX: 0000000000000001 RSI: 00007f3ef7b1a0a0 RDI: 0000000000000006 [ 154.970522][ T7872] RBP: 00007f3ef7b1a090 R08: 0000000000000000 R09: 0000000000000000 [ 154.970535][ T7872] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 154.970546][ T7872] R13: 0000000000000000 R14: 00007f3ef6fa5fa0 R15: 00007ffe096bc828 [ 154.970576][ T7872] [ 155.494084][ T7874] netlink: 'syz.1.508': attribute type 2 has an invalid length. [ 155.599894][ T7776] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.613935][ T7776] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.621696][ T7776] bridge_slave_0: entered allmulticast mode [ 155.629334][ T7776] bridge_slave_0: entered promiscuous mode [ 155.639251][ T7776] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.647326][ T7776] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.685884][ T7776] bridge_slave_1: entered allmulticast mode [ 155.713733][ T7776] bridge_slave_1: entered promiscuous mode [ 155.867459][ T7895] netlink: 24 bytes leftover after parsing attributes in process `syz.3.515'. [ 155.949550][ T7776] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 155.987848][ T7895] netlink: 'syz.3.515': attribute type 21 has an invalid length. [ 156.032798][ T7895] netlink: 128 bytes leftover after parsing attributes in process `syz.3.515'. [ 156.052846][ T7895] netlink: 'syz.3.515': attribute type 5 has an invalid length. [ 156.090396][ T7895] netlink: 3 bytes leftover after parsing attributes in process `syz.3.515'. [ 156.137793][ T5838] Bluetooth: hci3: command tx timeout [ 156.145480][ T7776] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 156.226528][ T7914] netlink: 'syz.1.517': attribute type 4 has an invalid length. [ 156.331594][ T7776] team0: Port device team_slave_0 added [ 156.363734][ T7776] team0: Port device team_slave_1 added [ 156.521461][ T7776] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 156.531695][ T7776] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.597093][ T7776] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 156.738182][ T7776] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 156.776253][ T7776] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.847510][ T7776] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 157.025065][ T7776] hsr_slave_0: entered promiscuous mode [ 157.031931][ T7776] hsr_slave_1: entered promiscuous mode [ 157.043727][ T7776] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 157.052132][ T7776] Cannot create hsr debugfs directory [ 157.139642][ T7944] netlink: 256 bytes leftover after parsing attributes in process `syz.3.524'. [ 157.176369][ T7944] unsupported nlmsg_type 40 [ 157.462034][ T7957] netlink: 8 bytes leftover after parsing attributes in process `syz.1.528'. [ 157.502403][ T7960] netlink: 132 bytes leftover after parsing attributes in process `syz.0.530'. [ 157.512771][ T7957] netlink: 4 bytes leftover after parsing attributes in process `syz.1.528'. [ 157.525923][ T7957] netlink: 32 bytes leftover after parsing attributes in process `syz.1.528'. [ 157.642146][ T7967] netlink: 'syz.4.531': attribute type 4 has an invalid length. [ 157.667978][ T7957] nbd7: detected capacity change from 0 to 256 [ 157.699047][ T55] block nbd7: Receive control failed (result -32) [ 157.820115][ T7976] openvswitch: netlink: IP tunnel dst address not specified [ 157.836110][ T7973] netlink: 48 bytes leftover after parsing attributes in process `syz.0.532'. [ 158.223019][ T55] Bluetooth: hci3: command tx timeout [ 158.265303][ T7996] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 158.281307][ T7776] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 158.351731][ T7776] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 158.444774][ T7776] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 158.513020][ T7776] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 158.940092][ T8030] netlink: 132 bytes leftover after parsing attributes in process `syz.3.542'. [ 159.258555][ T55] Bluetooth: hci0: command 0x0c1a tx timeout [ 159.264834][ T5838] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 159.389121][ T8036] syzkaller1: entered promiscuous mode [ 159.415098][ T8036] syzkaller1: entered allmulticast mode [ 159.482825][ T7776] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.533590][ T7776] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.568435][ T8042] netlink: 'syz.3.544': attribute type 4 has an invalid length. [ 159.590865][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.598080][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 159.648424][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.655635][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 159.796950][ T7776] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 160.019768][ T8050] bond_slave_0: entered allmulticast mode [ 160.058480][ T42] block nbd1: Possible stuck request ffff888026640000: control (read@0,4096B). Runtime 60 seconds [ 160.077011][ T8050] bond0: (slave bond_slave_0): Releasing backup interface [ 160.282266][ T8060] netlink: 12 bytes leftover after parsing attributes in process `syz.1.549'. [ 160.297165][ T7776] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.299514][ T5838] Bluetooth: hci3: command tx timeout [ 160.365860][ T7776] veth0_vlan: entered promiscuous mode [ 160.379616][ T7776] veth1_vlan: entered promiscuous mode [ 160.434292][ T7776] veth0_macvtap: entered promiscuous mode [ 160.453372][ T7776] veth1_macvtap: entered promiscuous mode [ 160.506136][ T7776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 160.538909][ T7776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.557922][ T7776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 160.572179][ T8069] netlink: 4 bytes leftover after parsing attributes in process `syz.1.551'. [ 160.577670][ T7776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.598961][ T7776] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 160.619433][ T7776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.638049][ T7776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.663450][ T7776] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 160.687639][ T7776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 160.709049][ T7776] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 160.727760][ T7776] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.736543][ T7776] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.757873][ T7776] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.769076][ T7776] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.855785][ T8075] netlink: 16 bytes leftover after parsing attributes in process `syz.1.554'. [ 160.915405][ T7776] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0 [ 160.948006][ T7776] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.013656][ T1149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 161.013679][ T1149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 161.104172][ T1149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 161.140741][ T1149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 161.547875][ T8086] nbd8: detected capacity change from 0 to 256 [ 161.565718][ T5838] block nbd8: Receive control failed (result -32) [ 162.040521][ T53] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.426120][ T53] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.807084][ T53] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.009443][ T53] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.612289][ T8121] __nla_validate_parse: 6 callbacks suppressed [ 163.612309][ T8121] netlink: 8 bytes leftover after parsing attributes in process `syz.4.567'. [ 163.631450][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 163.640676][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 163.658215][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 163.668936][ T53] bridge_slave_1: left allmulticast mode [ 163.675243][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 163.675885][ T53] bridge_slave_1: left promiscuous mode [ 163.697772][ T5839] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 163.705264][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 163.730276][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.750573][ T53] bridge_slave_0: left allmulticast mode [ 163.756382][ T53] bridge_slave_0: left promiscuous mode [ 163.767890][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.923104][ T8130] x_tables: duplicate underflow at hook 1 [ 164.270806][ T8133] netlink: 132 bytes leftover after parsing attributes in process `syz.0.570'. [ 164.595955][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 164.613647][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 164.640014][ T53] bond0 (unregistering): Released all slaves [ 164.828685][ T8077] Set syz1 is full, maxelem 65536 reached [ 164.903579][ T8140] netlink: 'syz.4.572': attribute type 10 has an invalid length. [ 165.180808][ T8156] netlink: 8 bytes leftover after parsing attributes in process `syz.3.578'. [ 165.216141][ T8156] netlink: 4 bytes leftover after parsing attributes in process `syz.3.578'. [ 165.258123][ T8156] netlink: 32 bytes leftover after parsing attributes in process `syz.3.578'. [ 165.298176][ T53] hsr_slave_0: left promiscuous mode [ 165.306205][ T53] hsr_slave_1: left promiscuous mode [ 165.316007][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 165.318100][ T8156] nbd9: detected capacity change from 0 to 256 [ 165.324244][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 165.343674][ T5839] block nbd9: Receive control failed (result -32) [ 165.351443][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 165.373660][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 165.415736][ T53] veth1_macvtap: left promiscuous mode [ 165.422375][ T53] veth0_macvtap: left promiscuous mode [ 165.428174][ T53] veth1_vlan: left promiscuous mode [ 165.434170][ T53] veth0_vlan: left promiscuous mode [ 165.738160][ T5839] Bluetooth: hci3: command tx timeout [ 165.832819][ T42] block nbd5: Possible stuck request ffff8880267b7000: control (read@0,4096B). Runtime 30 seconds [ 165.922920][ T8170] netlink: 'syz.1.582': attribute type 10 has an invalid length. [ 165.978931][ T8171] netlink: 4 bytes leftover after parsing attributes in process `syz.1.582'. [ 166.076756][ T53] team0 (unregistering): Port device team_slave_1 removed [ 166.123449][ T53] team0 (unregistering): Port device team_slave_0 removed [ 166.559790][ T8170] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.568444][ T8170] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.583268][ T8170] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.590522][ T8170] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.598228][ T8170] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.605399][ T8170] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.629477][ T8170] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 166.643041][ T8171] bridge_slave_1: left allmulticast mode [ 166.653827][ T8171] bridge_slave_1: left promiscuous mode [ 166.662238][ T8171] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.676922][ T8171] bridge_slave_0: left allmulticast mode [ 166.683070][ T8171] bridge_slave_0: left promiscuous mode [ 166.689121][ T8171] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.720742][ T8171] bond0: (slave bridge0): Releasing backup interface [ 166.785135][ T8120] chnl_net:caif_netlink_parms(): no params data found [ 166.944218][ T8186] netlink: 'syz.4.585': attribute type 1 has an invalid length. [ 167.014353][ T8192] netlink: 3 bytes leftover after parsing attributes in process `syz.4.585'. [ 167.052074][ T8186] bond2: entered promiscuous mode [ 167.057441][ T8186] 8021q: adding VLAN 0 to HW filter on device bond2 [ 167.071759][ T8194] netlink: 3 bytes leftover after parsing attributes in process `syz.4.585'. [ 167.072744][ T8188] tipc: Enabling of bearer rejected, failed to enable media [ 167.094195][ T8190] netlink: 'syz.1.586': attribute type 5 has an invalid length. [ 167.125633][ T8192] batadv0: entered promiscuous mode [ 167.147716][ T8192] batadv0: entered allmulticast mode [ 167.154567][ T8192] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 167.164884][ T8192] bond2: (slave batadv0): making interface the new active one [ 167.174099][ T8192] bond2: (slave batadv0): Enslaving as an active interface with an up link [ 167.189608][ T8194] batadv1: entered promiscuous mode [ 167.209037][ T8194] batadv1: entered allmulticast mode [ 167.215907][ T8194] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 167.234195][ T8194] bond2: (slave batadv1): Enslaving as an active interface with an up link [ 167.376803][ T8120] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.396827][ T8120] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.414809][ T8120] bridge_slave_0: entered allmulticast mode [ 167.422554][ T8120] bridge_slave_0: entered promiscuous mode [ 167.436174][ T8120] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.454732][ T8120] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.472328][ T8120] bridge_slave_1: entered allmulticast mode [ 167.485184][ T8120] bridge_slave_1: entered promiscuous mode [ 167.557254][ T8120] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.601288][ T8211] netlink: 8 bytes leftover after parsing attributes in process `syz.4.592'. [ 167.614637][ T8120] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.624617][ T8211] netlink: 4 bytes leftover after parsing attributes in process `syz.4.592'. [ 167.698605][ T8211] nbd10: detected capacity change from 0 to 256 [ 167.700793][ T8120] team0: Port device team_slave_0 added [ 167.711192][ T5839] block nbd10: Receive control failed (result -32) [ 167.762274][ T8120] team0: Port device team_slave_1 added [ 167.819511][ T5839] Bluetooth: hci3: command tx timeout [ 167.944464][ T8223] netlink: 'syz.3.596': attribute type 10 has an invalid length. [ 168.121815][ T8120] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 168.132647][ T8120] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.167117][ T8120] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 168.192609][ T8120] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 168.205062][ T8120] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.241600][ T8120] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 168.265814][ T8231] geneve2: entered promiscuous mode [ 168.288204][ T8231] geneve2: entered allmulticast mode [ 168.505101][ T8120] hsr_slave_0: entered promiscuous mode [ 168.516676][ T8120] hsr_slave_1: entered promiscuous mode [ 168.554397][ T8120] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 168.564519][ T8120] Cannot create hsr debugfs directory [ 168.656009][ T8235] __nla_validate_parse: 3 callbacks suppressed [ 168.656030][ T8235] netlink: 268 bytes leftover after parsing attributes in process `syz.3.600'. [ 168.834393][ T8241] netlink: 132 bytes leftover after parsing attributes in process `syz.1.602'. [ 169.183568][ T8257] tipc: Enabling of bearer rejected, failed to enable media [ 169.240749][ T8229] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 169.530345][ T8269] geneve2: entered promiscuous mode [ 169.535739][ T8269] geneve2: entered allmulticast mode [ 169.618039][ T8271] netlink: 132 bytes leftover after parsing attributes in process `syz.1.611'. [ 169.899533][ T5839] Bluetooth: hci3: command tx timeout [ 169.946513][ T8277] netlink: 268 bytes leftover after parsing attributes in process `syz.0.613'. [ 169.974613][ T8120] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 170.035724][ T8120] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 170.091692][ T8120] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 170.140624][ T8120] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 170.543079][ T8120] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.629120][ T8120] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.658355][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.665540][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.700434][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.707679][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.815951][ T8305] geneve2: entered promiscuous mode [ 170.829218][ T8305] geneve2: entered allmulticast mode [ 171.172401][ T8120] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 171.279818][ T8319] tipc: Enabling of bearer rejected, failed to enable media [ 171.365471][ T8322] netlink: 268 bytes leftover after parsing attributes in process `syz.3.627'. [ 171.390072][ T8120] veth0_vlan: entered promiscuous mode [ 171.424805][ T8120] veth1_vlan: entered promiscuous mode [ 171.477502][ T8120] veth0_macvtap: entered promiscuous mode [ 171.497326][ T8120] veth1_macvtap: entered promiscuous mode [ 171.522123][ T8324] ax25_connect(): syz.4.628 uses autobind, please contact jreuter@yaina.de [ 171.556977][ T8120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.575934][ T8120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.587006][ T42] block nbd6: Possible stuck request ffff8880267e7000: control (read@0,4096B). Runtime 30 seconds [ 171.599905][ T8120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.610617][ T8120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.622203][ T8120] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 171.633222][ T8120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.643966][ T8120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.654130][ T8120] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.665326][ T8120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.676632][ T8120] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 171.684383][ T8324] netlink: 12 bytes leftover after parsing attributes in process `syz.4.628'. [ 171.728545][ T8120] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.748039][ T8120] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.756818][ T8120] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.770268][ T8120] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.882290][ T8120] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0 [ 171.892324][ T8120] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.988173][ T5839] Bluetooth: hci3: command tx timeout [ 172.133285][ T6163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 172.163752][ T6163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 172.243969][ T5894] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 172.257970][ T5894] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 172.335719][ T8348] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.378208][ T8348] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.386489][ T8348] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.408856][ T8348] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.440648][ T8348] geneve2: entered promiscuous mode [ 172.445937][ T8348] geneve2: entered allmulticast mode [ 172.484145][ T8348] netdevsim netdevsim4 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.502241][ T8348] netdevsim netdevsim4 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.511274][ T8348] netdevsim netdevsim4 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.520115][ T8348] netdevsim netdevsim4 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.185431][ T8370] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.235924][ T8374] tipc: Enabling of bearer rejected, failed to enable media [ 173.299053][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.411888][ T8370] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.524933][ T8370] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.623745][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.687171][ T8370] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.777480][ T8370] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.795656][ T8370] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.812358][ T8370] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.827073][ T8370] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.868316][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.954664][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.128702][ T8386] wg1: entered promiscuous mode [ 174.133770][ T8386] wg1: entered allmulticast mode [ 174.150410][ T8388] netlink: 36 bytes leftover after parsing attributes in process `syz.3.646'. [ 174.250679][ T8385] syzkaller1: entered promiscuous mode [ 174.266198][ T8385] syzkaller1: entered allmulticast mode [ 174.280051][ T12] bridge_slave_1: left allmulticast mode [ 174.293350][ T12] bridge_slave_1: left promiscuous mode [ 174.313404][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.349964][ T12] bridge_slave_0: left allmulticast mode [ 174.367723][ T12] bridge_slave_0: left promiscuous mode [ 174.371534][ T8393] netlink: 'syz.4.649': attribute type 4 has an invalid length. [ 174.379145][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.655626][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 174.668476][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 174.685476][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 174.699171][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 174.713375][ T5838] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 174.722181][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 174.972235][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 174.984402][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 175.007191][ T12] bond0 (unregistering): Released all slaves [ 175.122956][ T8411] netlink: 8 bytes leftover after parsing attributes in process `syz.1.651'. [ 175.295664][ T8413] netlink: 'syz.0.652': attribute type 1 has an invalid length. [ 175.316645][ T8414] netlink: 'syz.0.652': attribute type 1 has an invalid length. [ 175.577370][ T12] hsr_slave_0: left promiscuous mode [ 175.593174][ T12] hsr_slave_1: left promiscuous mode [ 175.608336][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 175.619100][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 175.638533][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 175.676101][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 175.764278][ T12] veth1_macvtap: left promiscuous mode [ 175.793064][ T12] veth0_macvtap: left promiscuous mode [ 175.805854][ T12] veth1_vlan: left promiscuous mode [ 175.815389][ T12] veth0_vlan: left promiscuous mode [ 176.526515][ T12] team0 (unregistering): Port device team_slave_1 removed [ 176.572994][ T12] team0 (unregistering): Port device team_slave_0 removed [ 176.777855][ T5838] Bluetooth: hci3: command tx timeout [ 177.015876][ T8433] tipc: Enabling of bearer rejected, failed to enable media [ 177.126242][ T8401] chnl_net:caif_netlink_parms(): no params data found [ 177.198463][ T8442] tipc: Enabling of bearer rejected, failed to enable media [ 177.361132][ T8401] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.368563][ T8401] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.376738][ T8401] bridge_slave_0: entered allmulticast mode [ 177.384313][ T8401] bridge_slave_0: entered promiscuous mode [ 177.393575][ T8401] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.401936][ T8401] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.409739][ T8401] bridge_slave_1: entered allmulticast mode [ 177.418399][ T8401] bridge_slave_1: entered promiscuous mode [ 177.472359][ T8401] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 177.501147][ T8401] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 177.553573][ T8401] team0: Port device team_slave_0 added [ 177.571498][ T8401] team0: Port device team_slave_1 added [ 177.730846][ T8401] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 177.767922][ T8401] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 177.804065][ T8401] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 177.820349][ T8401] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 177.839013][ T8401] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 177.866430][ T8401] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 177.946766][ T8401] hsr_slave_0: entered promiscuous mode [ 177.963896][ T8401] hsr_slave_1: entered promiscuous mode [ 177.996830][ T8401] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 178.015407][ T8401] Cannot create hsr debugfs directory [ 178.346285][ T8470] netlink: 132 bytes leftover after parsing attributes in process `syz.3.666'. [ 178.782906][ T8484] tipc: Enabling of bearer rejected, failed to enable media [ 178.854905][ T8491] pimreg: entered allmulticast mode [ 178.869717][ T5838] Bluetooth: hci3: command tx timeout [ 178.906192][ T8491] pimreg: left allmulticast mode [ 178.950711][ T8495] netlink: 4 bytes leftover after parsing attributes in process `syz.3.671'. [ 179.040549][ T8401] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 179.101955][ T8401] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 179.130750][ T8401] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 179.154000][ T8401] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 179.352995][ T8401] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.389467][ T8504] netlink: 72 bytes leftover after parsing attributes in process `syz.3.675'. [ 179.407655][ T8504] netlink: 72 bytes leftover after parsing attributes in process `syz.3.675'. [ 179.422620][ T8401] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.443025][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.450200][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.495493][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.502705][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.739119][ T8512] xt_l2tp: unknown flags: 10 [ 179.927162][ T8401] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 180.064338][ T8401] veth0_vlan: entered promiscuous mode [ 180.125252][ T8401] veth1_vlan: entered promiscuous mode [ 180.204114][ T8401] veth0_macvtap: entered promiscuous mode [ 180.334187][ T8523] virt_wifi0 speed is unknown, defaulting to 1000 [ 180.394257][ T8401] veth1_macvtap: entered promiscuous mode [ 180.417640][ T8523] virt_wifi0 speed is unknown, defaulting to 1000 [ 180.436464][ T8523] virt_wifi0 speed is unknown, defaulting to 1000 [ 180.456617][ T8523] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 180.464047][ T8401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 180.482359][ T8401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 180.495887][ T8401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 180.518531][ T8401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 180.537345][ T8401] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 180.558805][ T8523] virt_wifi0 speed is unknown, defaulting to 1000 [ 180.587492][ T8401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 180.620949][ T8401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 180.653075][ T8401] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 180.692024][ T8401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 180.709061][ T8401] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 180.733858][ T8523] virt_wifi0 speed is unknown, defaulting to 1000 [ 180.745063][ T8401] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.764245][ T8401] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.774553][ T8401] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.793363][ T8401] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.817766][ T8523] virt_wifi0 speed is unknown, defaulting to 1000 [ 180.839209][ T8523] virt_wifi0 speed is unknown, defaulting to 1000 [ 180.900951][ T8523] virt_wifi0 speed is unknown, defaulting to 1000 [ 180.923161][ T8523] virt_wifi0 speed is unknown, defaulting to 1000 [ 180.936464][ T8401] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0 [ 180.947933][ T5838] Bluetooth: hci3: command tx timeout [ 180.977847][ T8401] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.039734][ T1149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 181.051562][ T1149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 181.146665][ T6163] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 181.180341][ T6163] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 181.190525][ T26] block nbd0: Possible stuck request ffff8880265de000: control (read@0,4096B). Runtime 90 seconds [ 181.399844][ T8543] netlink: 8 bytes leftover after parsing attributes in process `syz.4.685'. [ 181.506542][ T8545] tipc: Enabling of bearer rejected, failed to enable media [ 181.668561][ T8557] virt_wifi0 speed is unknown, defaulting to 1000 [ 182.442248][ T8571] netlink: 8 bytes leftover after parsing attributes in process `syz.0.695'. [ 182.451539][ T8571] netlink: 4 bytes leftover after parsing attributes in process `syz.0.695'. [ 182.464031][ T8571] netlink: 32 bytes leftover after parsing attributes in process `syz.0.695'. [ 182.558792][ T8571] nbd11: detected capacity change from 0 to 256 [ 182.574499][ T5838] block nbd11: Receive control failed (result -32) [ 182.686588][ T8587] virt_wifi0 speed is unknown, defaulting to 1000 [ 182.967328][ T35] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.063229][ T8581] virt_wifi0 speed is unknown, defaulting to 1000 [ 184.189782][ T35] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.320597][ T8622] netlink: 16 bytes leftover after parsing attributes in process `syz.1.710'. [ 184.333735][ T8622] netlink: 'syz.1.710': attribute type 2 has an invalid length. [ 184.469482][ T35] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.640768][ T8640] virt_wifi0 speed is unknown, defaulting to 1000 [ 184.704161][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 184.713554][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 184.722265][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 184.737132][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 184.745135][ T5839] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 184.753805][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 184.781958][ T8649] netlink: 20 bytes leftover after parsing attributes in process `syz.3.715'. [ 184.824969][ T35] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.899803][ T8650] tipc: Enabling of bearer rejected, failed to enable media [ 184.995273][ T8643] virt_wifi0 speed is unknown, defaulting to 1000 [ 185.174942][ T35] bridge_slave_1: left allmulticast mode [ 185.183426][ T35] bridge_slave_1: left promiscuous mode [ 185.189827][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.202390][ T35] bridge_slave_0: left allmulticast mode [ 185.217692][ T35] bridge_slave_0: left promiscuous mode [ 185.224308][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.301673][ T8663] netlink: 1256 bytes leftover after parsing attributes in process `syz.3.718'. [ 185.308531][ T8667] netlink: 88 bytes leftover after parsing attributes in process `syz.0.721'. [ 185.322586][ T8667] netlink: 8 bytes leftover after parsing attributes in process `syz.0.721'. [ 185.326514][ T8663] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 185.340274][ T8667] netlink: 4 bytes leftover after parsing attributes in process `syz.0.721'. [ 185.834134][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 185.844976][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 185.855983][ T35] bond0 (unregistering): Released all slaves [ 186.122618][ T8666] virt_wifi0 speed is unknown, defaulting to 1000 [ 186.278814][ T8643] chnl_net:caif_netlink_parms(): no params data found [ 186.497243][ T35] hsr_slave_0: left promiscuous mode [ 186.503795][ T35] hsr_slave_1: left promiscuous mode [ 186.512061][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 186.519925][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 186.533680][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 186.541613][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 186.581160][ T35] veth1_macvtap: left promiscuous mode [ 186.587095][ T35] veth0_macvtap: left promiscuous mode [ 186.594394][ T35] veth1_vlan: left promiscuous mode [ 186.600224][ T35] veth0_vlan: left promiscuous mode [ 186.784218][ T5839] Bluetooth: hci3: command tx timeout [ 187.592427][ T35] team0 (unregistering): Port device team_slave_1 removed [ 187.719160][ T35] team0 (unregistering): Port device team_slave_0 removed [ 187.786267][ T8716] netlink: 28 bytes leftover after parsing attributes in process `syz.3.732'. [ 188.375096][ T8643] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.401342][ T8643] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.417194][ T8643] bridge_slave_0: entered allmulticast mode [ 188.438965][ T8643] bridge_slave_0: entered promiscuous mode [ 188.498027][ T8643] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.513206][ T8643] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.538207][ T8643] bridge_slave_1: entered allmulticast mode [ 188.575724][ T8643] bridge_slave_1: entered promiscuous mode [ 188.642629][ T8643] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 188.668977][ T8728] virt_wifi0 speed is unknown, defaulting to 1000 [ 188.693028][ T8643] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 188.857954][ T5839] Bluetooth: hci3: command tx timeout [ 188.888098][ T8727] virt_wifi0 speed is unknown, defaulting to 1000 [ 188.915129][ T8732] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 188.924395][ T8732] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 188.933464][ T8732] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 188.942506][ T8732] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 188.988275][ T8643] team0: Port device team_slave_0 added [ 189.010138][ T8643] team0: Port device team_slave_1 added [ 189.092185][ T8733] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$ûÌÌULÙvy¸ÚØ¢…D£øUDŒw˜}z [ 189.256335][ T8643] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 189.274954][ T8643] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 189.335330][ T8643] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 189.428681][ T8643] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 189.436133][ T8643] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 189.463755][ T8745] netlink: 44 bytes leftover after parsing attributes in process `syz.4.739'. [ 189.468924][ T8643] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 189.493753][ T8743] erspan0: entered promiscuous mode [ 189.500367][ T8743] vlan2: entered promiscuous mode [ 189.574238][ T8746] netlink: 8 bytes leftover after parsing attributes in process `syz.4.739'. [ 189.747297][ T8752] netlink: 48 bytes leftover after parsing attributes in process `syz.1.741'. [ 189.861126][ T8643] hsr_slave_0: entered promiscuous mode [ 189.875163][ T8643] hsr_slave_1: entered promiscuous mode [ 189.896591][ T8643] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 189.905254][ T8643] Cannot create hsr debugfs directory [ 190.060172][ T8745] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.072095][ T8745] 8021q: adding VLAN 0 to HW filter on device team0 [ 190.101146][ T8745] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 190.143115][ T42] block nbd1: Possible stuck request ffff888026640000: control (read@0,4096B). Runtime 90 seconds [ 190.821323][ T8770] virt_wifi0 speed is unknown, defaulting to 1000 [ 190.939791][ T5839] Bluetooth: hci3: command tx timeout [ 190.941783][ T8775] netlink: 100 bytes leftover after parsing attributes in process `syz.3.748'. [ 190.954658][ T8775] netlink: 12 bytes leftover after parsing attributes in process `syz.3.748'. [ 190.976138][ T8775] netlink: 20 bytes leftover after parsing attributes in process `syz.3.748'. [ 191.257333][ T8643] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 191.325679][ T8643] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 191.388494][ T8643] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 191.424438][ T8789] virt_wifi0 speed is unknown, defaulting to 1000 [ 191.431874][ T8643] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 191.568640][ T8794] netlink: 16 bytes leftover after parsing attributes in process `syz.4.752'. [ 191.593481][ T8797] netlink: 8 bytes leftover after parsing attributes in process `syz.0.753'. [ 191.689614][ T8794] virt_wifi0 speed is unknown, defaulting to 1000 [ 191.936630][ T8643] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.259826][ T8643] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.331062][ T6996] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.338258][ T6996] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.389538][ T6996] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.396706][ T6996] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.397104][ T8808] netlink: 8 bytes leftover after parsing attributes in process `syz.3.756'. [ 192.785261][ T8817] netlink: 232 bytes leftover after parsing attributes in process `syz.1.758'. [ 192.816290][ T8817] netlink: 16 bytes leftover after parsing attributes in process `syz.1.758'. [ 193.018353][ T5839] Bluetooth: hci3: command tx timeout [ 193.082430][ T8824] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 193.117256][ T8824] CPU: 0 UID: 0 PID: 8824 Comm: syz.4.761 Not tainted 6.14.0-rc2-syzkaller-00487-gdbcbec81c9b8 #0 [ 193.117290][ T8824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 193.117304][ T8824] Call Trace: [ 193.117312][ T8824] [ 193.117321][ T8824] dump_stack_lvl+0x241/0x360 [ 193.117366][ T8824] ? __pfx_dump_stack_lvl+0x10/0x10 [ 193.117391][ T8824] ? __pfx__printk+0x10/0x10 [ 193.117417][ T8824] ? __kmalloc_cache_noprof+0x243/0x390 [ 193.117446][ T8824] ? sysfs_warn_dup+0x51/0xa0 [ 193.117477][ T8824] sysfs_warn_dup+0x8e/0xa0 [ 193.117502][ T8824] sysfs_do_create_link_sd+0xbe/0x110 [ 193.117536][ T8824] device_add_class_symlinks+0x1c5/0x250 [ 193.117570][ T8824] device_add+0x553/0xbf0 [ 193.117607][ T8824] wiphy_register+0x1922/0x2650 [ 193.117681][ T8824] ? __pfx_wiphy_register+0x10/0x10 [ 193.117715][ T8824] ? minstrel_ht_alloc+0x84b/0x940 [ 193.117755][ T8824] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 193.117795][ T8824] ieee80211_register_hw+0x35d9/0x42e0 [ 193.117833][ T8824] ? ieee80211_register_hw+0x1671/0x42e0 [ 193.117871][ T8824] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 193.117904][ T8824] ? __asan_memset+0x23/0x50 [ 193.117935][ T8824] ? __hrtimer_init+0x170/0x250 [ 193.117963][ T8824] mac80211_hwsim_new_radio+0x2ae8/0x4a40 [ 193.118030][ T8824] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 193.118069][ T8824] ? trace_kmalloc+0x1f/0xd0 [ 193.118093][ T8824] ? __kmalloc_node_track_caller_noprof+0x2a8/0x4c0 [ 193.118123][ T8824] ? kstrndup+0xbb/0x150 [ 193.118165][ T8824] hwsim_new_radio_nl+0xece/0x2290 [ 193.118202][ T8824] ? __pfx___nla_validate_parse+0x10/0x10 [ 193.118242][ T8824] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 193.118302][ T8824] ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290 [ 193.118340][ T8824] genl_rcv_msg+0xb1f/0xec0 [ 193.118378][ T8824] ? __pfx_genl_rcv_msg+0x10/0x10 [ 193.118438][ T8824] ? __pfx_lock_acquire+0x10/0x10 [ 193.118471][ T8824] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 193.118493][ T8824] ? __pfx___might_resched+0x10/0x10 [ 193.118534][ T8824] netlink_rcv_skb+0x206/0x480 [ 193.118569][ T8824] ? __pfx_genl_rcv_msg+0x10/0x10 [ 193.118597][ T8824] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 193.118663][ T8824] genl_rcv+0x28/0x40 [ 193.118688][ T8824] netlink_unicast+0x7f6/0x990 [ 193.118736][ T8824] ? __pfx_netlink_unicast+0x10/0x10 [ 193.118762][ T8824] ? __virt_addr_valid+0x45f/0x530 [ 193.118811][ T8824] ? __phys_addr_symbol+0x2f/0x70 [ 193.118842][ T8824] ? __check_object_size+0x47a/0x730 [ 193.118874][ T8824] netlink_sendmsg+0x8de/0xcb0 [ 193.118909][ T8824] ? __pfx_netlink_sendmsg+0x10/0x10 [ 193.118935][ T8824] ? aa_sock_msg_perm+0x91/0x160 [ 193.118972][ T8824] ? __pfx_netlink_sendmsg+0x10/0x10 [ 193.118991][ T8824] __sock_sendmsg+0x221/0x270 [ 193.119016][ T8824] ____sys_sendmsg+0x53a/0x860 [ 193.119058][ T8824] ? __pfx_____sys_sendmsg+0x10/0x10 [ 193.119084][ T8824] ? __fget_files+0x2a/0x410 [ 193.119118][ T8824] ? __fget_files+0x2a/0x410 [ 193.119156][ T8824] __sys_sendmsg+0x269/0x350 [ 193.119185][ T8824] ? __pfx_futex_wake+0x10/0x10 [ 193.119220][ T8824] ? __pfx___sys_sendmsg+0x10/0x10 [ 193.119309][ T8824] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 193.119343][ T8824] ? do_syscall_64+0x100/0x230 [ 193.119373][ T8824] ? do_syscall_64+0xb6/0x230 [ 193.119403][ T8824] do_syscall_64+0xf3/0x230 [ 193.119429][ T8824] ? clear_bhb_loop+0x35/0x90 [ 193.119464][ T8824] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.119492][ T8824] RIP: 0033:0x7f3ef6d8cde9 [ 193.119521][ T8824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 193.119539][ T8824] RSP: 002b:00007f3ef7b1a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 193.119566][ T8824] RAX: ffffffffffffffda RBX: 00007f3ef6fa5fa0 RCX: 00007f3ef6d8cde9 [ 193.119582][ T8824] RDX: 0000000000000800 RSI: 0000400000000100 RDI: 0000000000000027 [ 193.119596][ T8824] RBP: 00007f3ef6e0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 193.119608][ T8824] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 193.119621][ T8824] R13: 0000000000000000 R14: 00007f3ef6fa5fa0 R15: 00007ffe096bc828 [ 193.119655][ T8824] [ 193.126114][ T8832] netlink: 16 bytes leftover after parsing attributes in process `syz.3.763'. [ 193.575774][ T8643] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.825778][ T8643] veth0_vlan: entered promiscuous mode [ 193.838217][ T8844] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 193.923000][ T8841] virt_wifi0 speed is unknown, defaulting to 1000 [ 193.962947][ T8643] veth1_vlan: entered promiscuous mode [ 194.047309][ T8643] veth0_macvtap: entered promiscuous mode [ 194.159937][ T8643] veth1_macvtap: entered promiscuous mode [ 194.213580][ T8643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 194.234345][ T8643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.245822][ T8643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 194.256605][ T8643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.290414][ T8643] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 194.339773][ T8643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 194.368367][ T8643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.405170][ T8643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 194.433111][ T8643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.464711][ T8643] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 194.488271][ T8643] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.507304][ T8643] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.573324][ T8643] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.599740][ T8643] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.620359][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.660401][ T8856] virt_wifi0 speed is unknown, defaulting to 1000 [ 194.739540][ T8859] virt_wifi0 speed is unknown, defaulting to 1000 [ 194.841110][ T8865] netlink: 'syz.3.771': attribute type 2 has an invalid length. [ 195.032172][ T8643] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0 [ 195.042342][ T8643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.093812][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 195.147740][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 195.338982][ T8875] netlink: 232 bytes leftover after parsing attributes in process `syz.3.773'. [ 195.380135][ T8859] netlink: 'syz.1.769': attribute type 4 has an invalid length. [ 195.394013][ T6996] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 195.408246][ T6996] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 195.525580][ T8881] openvswitch: netlink: Flow actions attr not present in new flow. [ 195.743509][ T8879] virt_wifi0 speed is unknown, defaulting to 1000 [ 195.898721][ T42] block nbd5: Possible stuck request ffff8880267b7000: control (read@0,4096B). Runtime 60 seconds [ 196.145404][ T8902] netlink: 'syz.1.782': attribute type 2 has an invalid length. [ 196.502938][ T6163] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.583834][ T8912] virt_wifi0 speed is unknown, defaulting to 1000 [ 196.651866][ T6163] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.750746][ T6163] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.842794][ T6163] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.951822][ T6163] bridge_slave_1: left allmulticast mode [ 196.957840][ T6163] bridge_slave_1: left promiscuous mode [ 196.965106][ T6163] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.981358][ T6163] bridge_slave_0: left allmulticast mode [ 196.987066][ T6163] bridge_slave_0: left promiscuous mode [ 196.993046][ T6163] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.449721][ T8923] __nla_validate_parse: 3 callbacks suppressed [ 197.449742][ T8923] netlink: 232 bytes leftover after parsing attributes in process `syz.0.786'. [ 197.451801][ T8922] netlink: 84 bytes leftover after parsing attributes in process `syz.4.789'. [ 197.529789][ T6163] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 197.613533][ T6163] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 197.677363][ T6163] bond0 (unregistering): Released all slaves [ 197.840445][ T8934] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 197.913384][ T8934] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 197.918791][ T8938] netlink: 'syz.0.794': attribute type 2 has an invalid length. [ 198.025129][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 198.038096][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 198.046482][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 198.086803][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 198.097721][ T5838] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 198.105486][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 198.322335][ T8947] virt_wifi0 speed is unknown, defaulting to 1000 [ 198.635203][ T8942] virt_wifi0 speed is unknown, defaulting to 1000 [ 198.668941][ T8962] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 198.680605][ T8963] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 198.714268][ T6163] hsr_slave_0: left promiscuous mode [ 198.732536][ T6163] hsr_slave_1: left promiscuous mode [ 198.751882][ T6163] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 198.769695][ T6163] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 198.799331][ T6163] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 198.827202][ T6163] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 198.882957][ T6163] veth1_macvtap: left promiscuous mode [ 198.892774][ T6163] veth0_macvtap: left promiscuous mode [ 198.901542][ T6163] veth1_vlan: left promiscuous mode [ 198.908885][ T6163] veth0_vlan: left promiscuous mode [ 199.478283][ T6163] team0 (unregistering): Port device team_slave_1 removed [ 199.523381][ T6163] team0 (unregistering): Port device team_slave_0 removed [ 200.141462][ T5838] Bluetooth: hci3: command tx timeout [ 200.168818][ T8983] netlink: 232 bytes leftover after parsing attributes in process `syz.0.804'. [ 200.210845][ T8983] netlink: 16 bytes leftover after parsing attributes in process `syz.0.804'. [ 200.289471][ T8992] netlink: 8 bytes leftover after parsing attributes in process `syz.1.806'. [ 200.349893][ T8992] netlink: 8 bytes leftover after parsing attributes in process `syz.1.806'. [ 200.434931][ T8942] chnl_net:caif_netlink_parms(): no params data found [ 200.600822][ T9004] tipc: Enabling of bearer rejected, failed to enable media [ 200.611352][ T9002] netlink: 36 bytes leftover after parsing attributes in process `syz.0.809'. [ 200.778036][ T8942] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.785520][ T8942] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.799148][ T8942] bridge_slave_0: entered allmulticast mode [ 200.825245][ T8942] bridge_slave_0: entered promiscuous mode [ 200.843616][ T8942] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.866608][ T9011] netlink: 'syz.4.813': attribute type 1 has an invalid length. [ 200.878912][ T8942] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.886205][ T8942] bridge_slave_1: entered allmulticast mode [ 200.893408][ T9011] netlink: 224 bytes leftover after parsing attributes in process `syz.4.813'. [ 200.904524][ T8942] bridge_slave_1: entered promiscuous mode [ 200.913554][ T9006] netlink: 12 bytes leftover after parsing attributes in process `syz.0.811'. [ 201.011936][ T8942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 201.031423][ T8942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 201.135637][ T9015] bridge2: entered promiscuous mode [ 201.142061][ T9018] netlink: 'syz.0.816': attribute type 10 has an invalid length. [ 201.150338][ T9015] bridge2: entered allmulticast mode [ 201.158561][ T9013] netlink: 'syz.3.814': attribute type 10 has an invalid length. [ 201.213668][ T8942] team0: Port device team_slave_0 added [ 201.235529][ T9018] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 201.237880][ T9025] netlink: 'syz.0.816': attribute type 10 has an invalid length. [ 201.262015][ T9018] team0: Port device netdevsim0 added [ 201.289909][ T9017] virt_wifi0 speed is unknown, defaulting to 1000 [ 201.298677][ T9029] netlink: 232 bytes leftover after parsing attributes in process `syz.1.818'. [ 201.312469][ T8942] team0: Port device team_slave_1 added [ 201.322445][ T9025] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 201.349385][ T9025] team0: Port device netdevsim0 removed [ 201.357429][ T9025] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 201.366829][ T9025] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 201.515947][ T8942] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 201.535767][ T8942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.580333][ T8942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 201.648613][ T8942] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 201.661309][ T8942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.695073][ T42] block nbd6: Possible stuck request ffff8880267e7000: control (read@0,4096B). Runtime 60 seconds [ 201.731963][ T8942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.746606][ T9034] virt_wifi0 speed is unknown, defaulting to 1000 [ 201.787693][ T9035] virt_wifi0 speed is unknown, defaulting to 1000 [ 201.904454][ T8942] hsr_slave_0: entered promiscuous mode [ 201.939326][ T8942] hsr_slave_1: entered promiscuous mode [ 201.945601][ T8942] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 201.991628][ T8942] Cannot create hsr debugfs directory [ 202.218886][ T5838] Bluetooth: hci3: command tx timeout [ 202.403825][ T9042] virt_wifi0 speed is unknown, defaulting to 1000 [ 202.739105][ T9054] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.746961][ T9054] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.889796][ T9065] __nla_validate_parse: 2 callbacks suppressed [ 202.889821][ T9065] netlink: 132 bytes leftover after parsing attributes in process `syz.4.826'. [ 202.978989][ T9054] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 203.024700][ T9054] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 203.111964][ T9075] netlink: 8 bytes leftover after parsing attributes in process `syz.1.827'. [ 203.129578][ T9075] netlink: 8 bytes leftover after parsing attributes in process `syz.1.827'. [ 203.182522][ T9054] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.191719][ T9054] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.201207][ T9054] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.227881][ T9054] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 203.284787][ T9054] batman_adv: batadv0: Interface deactivated: wlan0 [ 203.346067][ T9054] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 203.355507][ T9054] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 203.364948][ T9054] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 203.373933][ T9054] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 203.681989][ T9085] netlink: 232 bytes leftover after parsing attributes in process `syz.4.829'. [ 203.797171][ T9087] netlink: 8 bytes leftover after parsing attributes in process `syz.4.830'. [ 204.220481][ T8942] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 204.256173][ T8942] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 204.297861][ T5838] Bluetooth: hci3: command tx timeout [ 204.320364][ T8942] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 204.385472][ T8942] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 204.537479][ T8942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 204.581988][ T9122] netlink: 132 bytes leftover after parsing attributes in process `syz.0.839'. [ 204.601618][ T9123] bond3: entered promiscuous mode [ 204.607057][ T9123] 8021q: adding VLAN 0 to HW filter on device bond3 [ 204.645264][ T8942] 8021q: adding VLAN 0 to HW filter on device team0 [ 204.649714][ T9126] netlink: 8 bytes leftover after parsing attributes in process `syz.4.840'. [ 204.661003][ T9126] netlink: 4 bytes leftover after parsing attributes in process `syz.4.840'. [ 204.670367][ T9126] netlink: 32 bytes leftover after parsing attributes in process `syz.4.840'. [ 204.684047][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.691346][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 204.712250][ T6163] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.719530][ T6163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 204.749069][ T9126] nbd12: detected capacity change from 0 to 256 [ 204.759987][ T5838] block nbd12: Receive control failed (result -32) [ 204.780865][ T9128] ip6gre1: entered promiscuous mode [ 205.031016][ T9139] netlink: 20 bytes leftover after parsing attributes in process `syz.0.844'. [ 205.151752][ T8942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 205.219470][ T8942] veth0_vlan: entered promiscuous mode [ 205.246141][ T8942] veth1_vlan: entered promiscuous mode [ 205.314764][ T9146] virt_wifi0 speed is unknown, defaulting to 1000 [ 205.325207][ T8942] veth0_macvtap: entered promiscuous mode [ 205.359044][ T9149] tipc: Cannot configure node identity twice [ 205.377433][ T8942] veth1_macvtap: entered promiscuous mode [ 205.466211][ T8942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 205.498044][ T8942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.529758][ T8942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 205.580152][ T8942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 205.603708][ T8942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.633470][ T8942] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 205.684537][ T8942] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.703620][ T8942] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.727940][ T8942] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.736710][ T8942] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.868456][ T6163] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.876385][ T6163] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.885693][ T5894] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.918788][ T5894] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.985189][ T9162] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 206.115948][ T9165] virt_wifi0 speed is unknown, defaulting to 1000 [ 206.202989][ T9170] netlink: 'syz.3.853': attribute type 29 has an invalid length. [ 206.227121][ T9168] af_packet: tpacket_rcv: packet too big, clamped from 3954 to 3710. macoff=82 [ 206.405769][ T9177] netlink: 'syz.3.853': attribute type 29 has an invalid length. [ 206.686669][ T9177] IPv6: sit2: Disabled Multicast RS [ 206.713351][ T9177] sit2: entered allmulticast mode [ 206.942665][ T5852] Bluetooth: hci2: command 0x0406 tx timeout [ 206.943663][ T5839] Bluetooth: hci1: command 0x0406 tx timeout [ 206.950463][ T5852] Bluetooth: hci4: command 0x0406 tx timeout [ 207.089520][ T9188] netlink: 'syz.0.859': attribute type 1 has an invalid length. [ 207.122498][ T9188] netlink: 'syz.0.859': attribute type 2 has an invalid length. [ 207.130603][ T9188] netlink: 'syz.0.859': attribute type 2 has an invalid length. [ 207.150399][ T9188] netlink: 'syz.0.859': attribute type 1 has an invalid length. [ 207.169669][ T9188] netlink: 'syz.0.859': attribute type 1 has an invalid length. [ 207.181708][ T35] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.203822][ T9188] netlink: 'syz.0.859': attribute type 2 has an invalid length. [ 208.018770][ T35] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.329736][ T35] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.356991][ T9207] __nla_validate_parse: 4 callbacks suppressed [ 208.357013][ T9207] netlink: 8 bytes leftover after parsing attributes in process `syz.1.861'. [ 208.407052][ T9207] netlink: 8 bytes leftover after parsing attributes in process `syz.1.861'. [ 208.463918][ T9200] virt_wifi0 speed is unknown, defaulting to 1000 [ 208.588103][ T5852] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 208.618992][ T5852] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 208.638583][ T5852] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 208.649598][ T5852] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 208.660631][ T5852] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 208.663963][ T35] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.685389][ T5852] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 208.821548][ T9210] virt_wifi0 speed is unknown, defaulting to 1000 [ 209.012999][ T35] bridge_slave_1: left allmulticast mode [ 209.021829][ T35] bridge_slave_1: left promiscuous mode [ 209.042030][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.058372][ T35] bridge_slave_0: left allmulticast mode [ 209.068821][ T35] bridge_slave_0: left promiscuous mode [ 209.074739][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.705616][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 209.718023][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 209.729214][ T35] bond0 (unregistering): Released all slaves [ 209.886870][ T9226] netlink: 8 bytes leftover after parsing attributes in process `syz.0.867'. [ 209.896854][ T9226] netlink: 4 bytes leftover after parsing attributes in process `syz.0.867'. [ 209.906374][ T9226] netlink: 32 bytes leftover after parsing attributes in process `syz.0.867'. [ 210.020738][ T9226] nbd13: detected capacity change from 0 to 256 [ 210.070029][ T5838] block nbd13: Receive control failed (result -32) [ 210.430836][ T9235] netlink: 8 bytes leftover after parsing attributes in process `syz.3.870'. [ 210.472579][ T9235] netlink: 16 bytes leftover after parsing attributes in process `syz.3.870'. [ 210.617200][ T9236] tipc: Enabling of bearer rejected, failed to enable media [ 210.746316][ T35] hsr_slave_0: left promiscuous mode [ 210.764992][ T35] hsr_slave_1: left promiscuous mode [ 210.775383][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 210.786800][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 210.788262][ T5838] Bluetooth: hci3: command tx timeout [ 210.811284][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 210.826189][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 210.942979][ T35] veth1_macvtap: left promiscuous mode [ 210.955912][ T35] veth0_macvtap: left promiscuous mode [ 210.964134][ T35] veth1_vlan: left promiscuous mode [ 210.976115][ T35] veth0_vlan: left promiscuous mode [ 211.179288][ T9254] netlink: 8 bytes leftover after parsing attributes in process `syz.0.876'. [ 211.189119][ T9254] netlink: 8 bytes leftover after parsing attributes in process `syz.0.876'. [ 211.263869][ T26] block nbd0: Possible stuck request ffff8880265de000: control (read@0,4096B). Runtime 120 seconds [ 211.593677][ T35] team0 (unregistering): Port device team_slave_1 removed [ 211.643555][ T35] team0 (unregistering): Port device team_slave_0 removed [ 212.132909][ T9256] tipc: Enabling of bearer rejected, failed to enable media [ 212.163438][ T9210] chnl_net:caif_netlink_parms(): no params data found [ 212.324952][ T9269] netlink: 8 bytes leftover after parsing attributes in process `syz.3.880'. [ 212.397925][ T9265] 8021q: adding VLAN 0 to HW filter on device bond1 [ 212.458231][ T9271] netlink: 'syz.1.883': attribute type 11 has an invalid length. [ 212.568547][ T9210] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.575727][ T9210] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.602435][ T9210] bridge_slave_0: entered allmulticast mode [ 212.618955][ T9210] bridge_slave_0: entered promiscuous mode [ 212.668668][ T9210] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.717731][ T9210] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.766242][ T9210] bridge_slave_1: entered allmulticast mode [ 212.776278][ T9210] bridge_slave_1: entered promiscuous mode [ 212.874423][ T5838] Bluetooth: hci3: command tx timeout [ 212.989407][ T9210] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 213.013497][ T9289] tipc: Enabling of bearer rejected, failed to enable media [ 213.049511][ T9210] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 213.131843][ T9210] team0: Port device team_slave_0 added [ 213.151203][ T9210] team0: Port device team_slave_1 added [ 213.245726][ T9210] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 213.255977][ T9210] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.283189][ T9210] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 213.303919][ T9210] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 213.313517][ T9296] openvswitch: netlink: Message has 8 unknown bytes. [ 213.325187][ T9210] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.354827][ T9210] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 213.486197][ T9296] syzkaller0: entered promiscuous mode [ 213.493589][ T9296] syzkaller0: entered allmulticast mode [ 213.565771][ T9210] hsr_slave_0: entered promiscuous mode [ 213.580823][ T9210] hsr_slave_1: entered promiscuous mode [ 213.596123][ T9210] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 213.616927][ T9299] xt_CT: You must specify a L4 protocol and not use inversions on it [ 213.633690][ T9210] Cannot create hsr debugfs directory [ 214.228153][ T9321] __nla_validate_parse: 3 callbacks suppressed [ 214.228176][ T9321] netlink: 16 bytes leftover after parsing attributes in process `syz.1.897'. [ 214.304511][ T9327] netlink: 132 bytes leftover after parsing attributes in process `syz.0.898'. [ 214.344181][ T9328] netlink: 28 bytes leftover after parsing attributes in process `syz.1.897'. [ 214.362010][ T9328] netlink: 28 bytes leftover after parsing attributes in process `syz.1.897'. [ 214.939684][ T5838] Bluetooth: hci3: command tx timeout [ 216.265047][ T9335] veth0_to_team: entered promiscuous mode [ 216.274650][ T9335] veth0_to_team: entered allmulticast mode [ 216.312476][ T9335] xt_hashlimit: size too large, truncated to 1048576 [ 216.320695][ T9332] virt_wifi0 speed is unknown, defaulting to 1000 [ 216.374905][ T9337] virt_wifi0 speed is unknown, defaulting to 1000 [ 217.008449][ T9359] trusted_key: syz.4.905 sent an empty control message without MSG_MORE. [ 217.017996][ T5838] Bluetooth: hci3: command tx timeout [ 217.057179][ T9359] netlink: 4 bytes leftover after parsing attributes in process `syz.4.905'. [ 217.294963][ T9210] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 217.315264][ T9210] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 217.341914][ T9210] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 217.354546][ T9210] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 217.570801][ T9375] rdma_rxe: rxe_newlink: failed to add vxcan1 [ 217.595278][ T9376] rdma_rxe: rxe_newlink: failed to add vxcan1 [ 217.645370][ T9210] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.684996][ T9210] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.707406][ T5894] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.714689][ T5894] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.746365][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.753591][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.998597][ T9387] netlink: 'syz.4.913': attribute type 4 has an invalid length. [ 218.072185][ T9390] virt_wifi0 speed is unknown, defaulting to 1000 [ 218.228975][ T9210] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 218.326399][ T9395] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20004 [ 218.363561][ T9395] netlink: 20 bytes leftover after parsing attributes in process `syz.4.915'. [ 218.475875][ T9397] virt_wifi0 speed is unknown, defaulting to 1000 [ 218.521445][ T9210] veth0_vlan: entered promiscuous mode [ 218.595200][ T9210] veth1_vlan: entered promiscuous mode [ 218.789928][ T9404] virt_wifi0 speed is unknown, defaulting to 1000 [ 218.843014][ T9210] veth0_macvtap: entered promiscuous mode [ 219.015536][ T9210] veth1_macvtap: entered promiscuous mode [ 219.044855][ T9210] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 219.062741][ T9210] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.075731][ T9210] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 219.129832][ T9210] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 219.153305][ T9210] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.192376][ T9210] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 219.313072][ T9403] syzkaller0: entered promiscuous mode [ 219.327809][ T9403] syzkaller0: entered allmulticast mode [ 219.450856][ T9404] netlink: 32 bytes leftover after parsing attributes in process `syz.3.919'. [ 219.461576][ T9210] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.474584][ T9404] netlink: 8 bytes leftover after parsing attributes in process `syz.3.919'. [ 219.495921][ T9210] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.515474][ T9210] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.535873][ T9210] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.223774][ T42] block nbd1: Possible stuck request ffff888026640000: control (read@0,4096B). Runtime 120 seconds [ 221.522288][ T9426] hsr0: entered promiscuous mode [ 221.533427][ T9426] macvtap1: entered allmulticast mode [ 221.539804][ T9426] hsr0: entered allmulticast mode [ 221.544876][ T9426] hsr_slave_0: entered allmulticast mode [ 221.551221][ T9426] hsr_slave_1: entered allmulticast mode [ 221.569219][ T9417] virt_wifi0 speed is unknown, defaulting to 1000 [ 221.769595][ T9431] virt_wifi0 speed is unknown, defaulting to 1000 [ 221.866871][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 221.891558][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.004217][ T9445] netlink: 12 bytes leftover after parsing attributes in process `syz.4.930'. [ 222.160552][ T9446] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 222.177061][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 222.192951][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.318778][ T9450] virt_wifi0 speed is unknown, defaulting to 1000 [ 222.488079][ T9461] netlink: 232 bytes leftover after parsing attributes in process `syz.0.934'. [ 222.980283][ T9472] Unsupported ieee802154 address type: 0 [ 223.114731][ T9473] virt_wifi0 speed is unknown, defaulting to 1000 [ 223.186791][ T9472] virt_wifi0 speed is unknown, defaulting to 1000 [ 223.490175][ T6163] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.636557][ T6163] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.699922][ T6163] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.780026][ T6163] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.876975][ T6163] bridge_slave_1: left allmulticast mode [ 223.882904][ T6163] bridge_slave_1: left promiscuous mode [ 223.888827][ T6163] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.897605][ T6163] bridge_slave_0: left allmulticast mode [ 223.903536][ T6163] bridge_slave_0: left promiscuous mode [ 223.910416][ T6163] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.278706][ T9481] netlink: 'syz.1.939': attribute type 5 has an invalid length. [ 224.543849][ T6163] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 224.603835][ T6163] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 224.630050][ T6163] bond0 (unregistering): Released all slaves [ 224.793105][ T5852] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 224.802944][ T5852] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 224.811427][ T5852] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 224.822094][ T5852] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 224.831610][ T5852] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 224.839336][ T5852] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 224.949713][ T9512] netlink: 232 bytes leftover after parsing attributes in process `syz.4.946'. [ 225.030008][ T9516] netlink: 4 bytes leftover after parsing attributes in process `syz.3.948'. [ 225.150417][ T9504] virt_wifi0 speed is unknown, defaulting to 1000 [ 225.274612][ T9519] netlink: 8 bytes leftover after parsing attributes in process `syz.3.949'. [ 225.308452][ T9519] netlink: 4 bytes leftover after parsing attributes in process `syz.3.949'. [ 225.317494][ T9519] netlink: 32 bytes leftover after parsing attributes in process `syz.3.949'. [ 225.380035][ T6163] hsr_slave_0: left promiscuous mode [ 225.398356][ T6163] hsr_slave_1: left promiscuous mode [ 225.404839][ T6163] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 225.417674][ T6163] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 225.443798][ T6163] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 225.451444][ T6163] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 225.458302][ T9519] nbd14: detected capacity change from 0 to 256 [ 225.476444][ T5838] block nbd14: Receive control failed (result -32) [ 225.537005][ T6163] veth1_macvtap: left promiscuous mode [ 225.567207][ T6163] veth0_macvtap: left promiscuous mode [ 225.608796][ T6163] veth1_vlan: left promiscuous mode [ 225.614253][ T6163] veth0_vlan: left promiscuous mode [ 226.004590][ T42] block nbd5: Possible stuck request ffff8880267b7000: control (read@0,4096B). Runtime 90 seconds [ 226.023413][ T9503] netlink: 'syz.0.944': attribute type 13 has an invalid length. [ 226.389500][ T9540] netlink: 112 bytes leftover after parsing attributes in process `syz.1.954'. [ 226.605694][ T6163] team0 (unregistering): Port device team_slave_1 removed [ 226.652168][ T6163] team0 (unregistering): Port device team_slave_0 removed [ 226.942990][ T5838] Bluetooth: hci3: command tx timeout [ 227.061720][ T9503] macvtap0: entered promiscuous mode [ 227.073138][ T9503] macvtap0: refused to change device tx_queue_len [ 227.394825][ T9504] chnl_net:caif_netlink_parms(): no params data found [ 227.464162][ T9552] IPVS: Scheduler module ip_vs_sip not found [ 227.510753][ T9558] IPVS: length: 24 != 3221225496 [ 227.699105][ T9568] netlink: 232 bytes leftover after parsing attributes in process `syz.0.960'. [ 227.718740][ T9504] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.725874][ T9504] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.778352][ T9504] bridge_slave_0: entered allmulticast mode [ 227.800513][ T9504] bridge_slave_0: entered promiscuous mode [ 227.816794][ T9504] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.824520][ T9504] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.832466][ T9504] bridge_slave_1: entered allmulticast mode [ 227.839850][ T9504] bridge_slave_1: entered promiscuous mode [ 227.970541][ T9504] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 228.016169][ T9504] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 228.146289][ T9504] team0: Port device team_slave_0 added [ 228.285154][ T9504] team0: Port device team_slave_1 added [ 228.705559][ T9504] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 228.731384][ T9504] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.780036][ T9504] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 228.829713][ T9504] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 228.836725][ T9504] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 228.885219][ T9504] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 229.024784][ T5838] Bluetooth: hci3: command tx timeout [ 229.056467][ T9602] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 229.441758][ T9504] hsr_slave_0: entered promiscuous mode [ 229.465745][ T9619] netlink: 232 bytes leftover after parsing attributes in process `syz.4.974'. [ 229.476315][ T9504] hsr_slave_1: entered promiscuous mode [ 229.496279][ T9504] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 229.519963][ T9504] Cannot create hsr debugfs directory [ 229.996839][ T9633] netlink: 20 bytes leftover after parsing attributes in process `syz.4.979'. [ 230.394848][ T9649] x_tables: duplicate underflow at hook 3 [ 230.407179][ T9648] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 230.612127][ T9660] netlink: 20 bytes leftover after parsing attributes in process `syz.0.985'. [ 230.866632][ T9663] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 230.875178][ T9663] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 231.036292][ T9667] netlink: 232 bytes leftover after parsing attributes in process `syz.0.987'. [ 231.107664][ T5838] Bluetooth: hci3: command tx timeout [ 231.173193][ T9677] xt_l2tp: wrong L2TP version: 0 [ 231.228206][ T9504] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 231.262238][ T9504] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 231.353884][ T9504] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 231.355455][ T9683] netlink: 4 bytes leftover after parsing attributes in process `syz.0.990'. [ 231.486166][ T9504] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 231.658644][ T9691] sctp: [Deprecated]: syz.1.993 (pid 9691) Use of int in max_burst socket option deprecated. [ 231.658644][ T9691] Use struct sctp_assoc_value instead [ 231.738704][ T42] block nbd6: Possible stuck request ffff8880267e7000: control (read@0,4096B). Runtime 90 seconds [ 231.938621][ T9704] netlink: 8 bytes leftover after parsing attributes in process `syz.4.996'. [ 231.941030][ T9691] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.957998][ T9704] netlink: 4 bytes leftover after parsing attributes in process `syz.4.996'. [ 231.958025][ T9704] netlink: 52 bytes leftover after parsing attributes in process `syz.4.996'. [ 232.189412][ T9691] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.392944][ T9714] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1000'. [ 232.397914][ T9691] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.514269][ T9715] mac80211_hwsim hwsim2 syzkaller0: entered promiscuous mode [ 232.522080][ T9715] mac80211_hwsim hwsim2 syzkaller0: entered allmulticast mode [ 232.569398][ T9691] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.621926][ T9504] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.695007][ T9504] 8021q: adding VLAN 0 to HW filter on device team0 [ 232.735908][ T6163] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.743131][ T6163] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.767282][ T6163] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.774534][ T6163] bridge0: port 2(bridge_slave_1) entered forwarding state [ 232.800797][ T9723] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1003'. [ 232.862970][ T9504] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 232.881186][ T9504] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 232.931378][ T9725] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1004'. [ 232.972295][ T9691] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.032358][ T9691] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.076192][ T9691] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.141322][ T9691] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.160523][ T5885] IPVS: starting estimator thread 0... [ 233.166377][ T9727] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 233.177900][ T5838] Bluetooth: hci3: command tx timeout [ 233.231706][ T9732] netlink: 'syz.0.1006': attribute type 5 has an invalid length. [ 233.272337][ T9734] IPVS: using max 20 ests per chain, 48000 per kthread [ 233.438827][ T9504] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 233.546171][ T9504] veth0_vlan: entered promiscuous mode [ 233.571885][ T9504] veth1_vlan: entered promiscuous mode [ 233.644490][ T9504] veth0_macvtap: entered promiscuous mode [ 233.660015][ T9504] veth1_macvtap: entered promiscuous mode [ 233.711447][ T9504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.744629][ T9504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.758964][ T9504] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 233.783631][ T9504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.802170][ T9504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.814769][ T9504] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 233.868145][ T9504] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.894443][ T9504] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.914961][ T9504] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.926081][ T9504] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.113459][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.134200][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.186554][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.195928][ T9765] x_tables: duplicate underflow at hook 1 [ 234.226884][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.723717][ T6163] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 234.846814][ T9788] IPVS: length: 118 != 24 [ 234.966870][ T6163] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.202373][ T6163] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.363791][ T6163] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.591852][ T6163] bridge_slave_1: left allmulticast mode [ 235.598160][ T6163] bridge_slave_1: left promiscuous mode [ 235.603899][ T6163] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.612845][ T6163] bridge_slave_0: left allmulticast mode [ 235.618928][ T6163] bridge_slave_0: left promiscuous mode [ 235.624608][ T6163] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.114864][ T9802] __nla_validate_parse: 8 callbacks suppressed [ 236.114885][ T9802] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1024'. [ 236.132449][ T9802] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1024'. [ 236.175280][ T6163] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 236.205691][ T6163] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 236.223108][ T6163] bond0 (unregistering): Released all slaves [ 236.262593][ T9796] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1026'. [ 236.278683][ T9798] netlink: 'syz.3.1025': attribute type 5 has an invalid length. [ 236.387343][ T9796] IPv6: Can't replace route, no match found [ 236.575738][ T9810] netlink: 1256 bytes leftover after parsing attributes in process `syz.0.1027'. [ 236.578468][ T5852] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 236.592806][ T9810] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 236.601811][ T5852] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 236.603122][ T5852] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 236.620886][ T5852] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 236.629916][ T5852] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 236.637635][ T5852] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 236.711652][ T6163] hsr_slave_0: left promiscuous mode [ 236.723008][ T6163] hsr_slave_1: left promiscuous mode [ 236.730463][ T6163] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 236.738315][ T6163] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 236.747478][ T6163] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 236.755875][ T6163] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 236.793931][ T6163] veth1_macvtap: left promiscuous mode [ 236.800324][ T6163] veth0_macvtap: left promiscuous mode [ 236.805999][ T6163] veth1_vlan: left promiscuous mode [ 236.811505][ T6163] veth0_vlan: left promiscuous mode [ 236.991991][ T9822] netlink: 'syz.1.1030': attribute type 1 has an invalid length. [ 237.103167][ T9826] Bluetooth: MGMT ver 1.23 [ 237.403227][ T6163] team0 (unregistering): Port device team_slave_1 removed [ 237.446954][ T6163] team0 (unregistering): Port device team_slave_0 removed [ 237.923511][ T9814] syzkaller0: entered allmulticast mode [ 237.929557][ T9814] syzkaller0: left allmulticast mode [ 237.937245][ T9818] team0: No ports can be present during mode change [ 237.956161][ T9822] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 238.225662][ T9838] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1033'. [ 238.268029][ T9838] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1033'. [ 238.307468][ T9839] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1034'. [ 238.492967][ T9811] chnl_net:caif_netlink_parms(): no params data found [ 238.698281][ T5852] Bluetooth: hci3: command tx timeout [ 238.709056][ T9857] netlink: 1256 bytes leftover after parsing attributes in process `syz.1.1039'. [ 238.743463][ T9859] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1037'. [ 238.744428][ T9857] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 238.894699][ T9811] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.912608][ T9811] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.925141][ T9811] bridge_slave_0: entered allmulticast mode [ 238.935168][ T9811] bridge_slave_0: entered promiscuous mode [ 238.955456][ T9811] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.985023][ T9811] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.005566][ T9811] bridge_slave_1: entered allmulticast mode [ 239.022512][ T9811] bridge_slave_1: entered promiscuous mode [ 239.077345][ T9869] netlink: 'syz.3.1041': attribute type 5 has an invalid length. [ 239.102776][ T9811] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 239.122062][ T9871] geneve2: entered promiscuous mode [ 239.128180][ T9871] geneve2: entered allmulticast mode [ 239.179636][ T9811] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 239.254520][ T9811] team0: Port device team_slave_0 added [ 239.265053][ T9811] team0: Port device team_slave_1 added [ 239.336021][ T9811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 239.345213][ T9811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.379057][ T9811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 239.402214][ T9811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 239.416324][ T9811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.502594][ T9811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 239.524532][ T9881] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1046'. [ 239.542118][ T9879] bond0: (slave bond_slave_1): Releasing backup interface [ 239.613853][ T9879] team0: Port device team_slave_0 removed [ 239.634559][ T9879] team0: Port device team_slave_1 removed [ 239.650970][ T9879] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 239.659384][ T9879] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 239.668566][ T9879] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 239.676204][ T9879] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 239.710087][ T9885] nbd15: detected capacity change from 0 to 256 [ 239.737465][ T5852] block nbd15: Receive control failed (result -32) [ 239.756305][ T9886] vlan2: entered allmulticast mode [ 239.802361][ T9886] bond0: entered allmulticast mode [ 239.822732][ T9886] bridge0: port 1(vlan2) entered blocking state [ 239.845067][ T9888] netlink: 'syz.4.1048': attribute type 39 has an invalid length. [ 239.852068][ T9886] bridge0: port 1(vlan2) entered disabled state [ 240.025797][ T9811] hsr_slave_0: entered promiscuous mode [ 240.039614][ T9894] openvswitch: netlink: Flow actions attr not present in new flow. [ 240.056236][ T9811] hsr_slave_1: entered promiscuous mode [ 240.064189][ T9811] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 240.080554][ T9811] Cannot create hsr debugfs directory [ 240.377972][ T9906] tipc: Enabling of bearer rejected, failed to enable media [ 240.405224][ T9905] xt_CT: No such helper "netbios-ns" [ 240.619523][ T9905] netlink: 'syz.1.1053': attribute type 6 has an invalid length. [ 240.642426][ T9917] lo: entered allmulticast mode [ 240.777970][ T5838] Bluetooth: hci3: command tx timeout [ 240.976681][ T9811] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 240.989853][ T9811] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 241.016869][ T9811] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 241.092923][ T9811] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 241.312164][ T9927] __nla_validate_parse: 7 callbacks suppressed [ 241.312187][ T9927] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1059'. [ 241.343748][ T26] block nbd0: Possible stuck request ffff8880265de000: control (read@0,4096B). Runtime 150 seconds [ 241.360839][ T9927] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1059'. [ 241.479111][ T9927] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1059'. [ 241.511189][ T9811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.549425][ T9811] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.625216][ T9934] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1061'. [ 241.676115][ T6996] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.683334][ T6996] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.702178][ T6996] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.709378][ T6996] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.737645][ T9927] nbd16: detected capacity change from 0 to 256 [ 241.748396][ T9935] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1060'. [ 241.768174][ T5838] block nbd16: Receive control failed (result -32) [ 242.100997][ T9946] netlink: 1280 bytes leftover after parsing attributes in process `syz.1.1064'. [ 242.140395][ T9946] openvswitch: netlink: Flow actions attr not present in new flow. [ 242.463727][ T9811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 242.570799][ T9960] 8021q: adding VLAN 0 to HW filter on device bond4 [ 242.580225][ T9960] bridge0: port 1(bond4) entered blocking state [ 242.586703][ T9960] bridge0: port 1(bond4) entered disabled state [ 242.595079][ T9960] bond4: entered allmulticast mode [ 242.602305][ T9960] bond4: entered promiscuous mode [ 242.609925][ T9960] bridge0: port 1(bond4) entered blocking state [ 242.617363][ T9960] bridge0: port 1(bond4) entered forwarding state [ 242.686618][ T9811] veth0_vlan: entered promiscuous mode [ 242.703892][ T9811] veth1_vlan: entered promiscuous mode [ 242.761266][ T62] bridge0: port 1(bond4) entered disabled state [ 242.845529][ T9811] veth0_macvtap: entered promiscuous mode [ 242.859588][ T5838] Bluetooth: hci3: command 0x040f tx timeout [ 242.878912][ T9811] veth1_macvtap: entered promiscuous mode [ 242.900020][ T9811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 242.911805][ T9811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 242.924388][ T9811] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.933575][ T9811] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.942678][ T9811] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.965114][ T9811] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.035743][ T9971] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1068'. [ 243.045934][ T9971] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1068'. [ 243.221251][ T1149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.239826][ T1149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.353732][ T6996] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.367553][ T6996] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.659574][ T9979] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1072'. [ 243.869694][ T9983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1074'. [ 243.999627][ T9983] nbd17: detected capacity change from 0 to 256 [ 244.026350][ T5852] block nbd17: Receive control failed (result -32) [ 244.159426][ T9986] IPVS: set_ctl: invalid protocol: 29 0.0.0.0:20004 [ 244.413706][ T5894] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.595730][ T5894] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.873637][ T5894] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.091474][ T5894] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.180196][ T5894] bridge_slave_1: left allmulticast mode [ 245.185903][ T5894] bridge_slave_1: left promiscuous mode [ 245.191938][ T5894] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.200900][ T5894] bridge_slave_0: left allmulticast mode [ 245.206560][ T5894] bridge_slave_0: left promiscuous mode [ 245.212765][ T5894] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.554215][ T5894] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 245.565480][ T5894] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 245.580551][ T5894] bond0 (unregistering): Released all slaves [ 245.946984][ T5894] hsr_slave_0: left promiscuous mode [ 246.016851][ T5894] hsr_slave_1: left promiscuous mode [ 246.048425][ T5894] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 246.055917][ T5894] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 246.238397][ T5894] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 246.267494][ T5894] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 246.420891][ T5894] veth1_macvtap: left promiscuous mode [ 246.443767][ T5894] veth0_macvtap: left promiscuous mode [ 246.480567][ T5894] veth1_vlan: left promiscuous mode [ 246.493564][ T5894] veth0_vlan: left promiscuous mode [ 246.728462][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 246.741665][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 246.751208][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 246.763558][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 246.771441][ T5838] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 246.778945][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 246.799947][T10031] __nla_validate_parse: 4 callbacks suppressed [ 246.799968][T10031] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1087'. [ 246.929712][T10031] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1087'. [ 246.938953][T10031] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1087'. [ 247.038707][T10031] nbd18: detected capacity change from 0 to 256 [ 247.070877][ T5852] block nbd18: Receive control failed (result -32) [ 247.540523][ T5894] team0 (unregistering): Port device team_slave_1 removed [ 247.597265][ T5894] team0 (unregistering): Port device team_slave_0 removed [ 248.553835][T10063] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1096'. [ 248.563647][T10063] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1096'. [ 248.858014][ T5852] Bluetooth: hci3: command tx timeout [ 248.923018][T10076] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1099'. [ 248.973084][T10076] batadv_slave_1: entered allmulticast mode [ 248.997702][T10029] chnl_net:caif_netlink_parms(): no params data found [ 249.021529][T10075] batadv_slave_1: left allmulticast mode [ 249.367291][T10083] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1101'. [ 249.382946][T10029] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.398193][T10029] bridge0: port 1(bridge_slave_0) entered disabled state [ 249.427356][T10029] bridge_slave_0: entered allmulticast mode [ 249.434736][T10029] bridge_slave_0: entered promiscuous mode [ 249.465494][T10087] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.534705][T10029] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.554409][T10029] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.576801][T10029] bridge_slave_1: entered allmulticast mode [ 249.599954][T10029] bridge_slave_1: entered promiscuous mode [ 249.709792][T10087] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.779228][T10094] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1103'. [ 249.806005][T10094] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1103'. [ 249.844222][T10029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 249.891580][T10029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 249.999497][T10087] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.086151][T10099] netlink: 'syz.0.1105': attribute type 10 has an invalid length. [ 250.091076][T10029] team0: Port device team_slave_0 added [ 250.127422][T10101] syzkaller1: entered promiscuous mode [ 250.143717][T10101] syzkaller1: entered allmulticast mode [ 250.157325][T10099] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 250.172841][T10099] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 250.186770][T10029] team0: Port device team_slave_1 added [ 250.202689][T10087] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.300248][ T42] block nbd1: Possible stuck request ffff888026640000: control (read@0,4096B). Runtime 150 seconds [ 250.374259][T10029] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 250.407857][T10029] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 250.475015][T10029] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 250.568919][T10029] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 250.576033][T10029] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 250.623223][T10029] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 250.732052][T10087] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.746742][T10115] IPv6: NLM_F_CREATE should be specified when creating new route [ 250.761911][T10029] hsr_slave_0: entered promiscuous mode [ 250.784462][T10029] hsr_slave_1: entered promiscuous mode [ 250.808565][T10029] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 250.837855][T10029] Cannot create hsr debugfs directory [ 250.856274][T10087] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.894391][T10087] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.939290][ T5852] Bluetooth: hci3: command tx timeout [ 251.023999][T10087] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.091538][T10130] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1113'. [ 251.494379][T10149] FAULT_INJECTION: forcing a failure. [ 251.494379][T10149] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 251.508718][T10149] CPU: 0 UID: 0 PID: 10149 Comm: syz.4.1120 Not tainted 6.14.0-rc2-syzkaller-00487-gdbcbec81c9b8 #0 [ 251.508747][T10149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 251.508760][T10149] Call Trace: [ 251.508767][T10149] [ 251.508776][T10149] dump_stack_lvl+0x241/0x360 [ 251.508807][T10149] ? __pfx_dump_stack_lvl+0x10/0x10 [ 251.508830][T10149] ? __pfx__printk+0x10/0x10 [ 251.508857][T10149] ? is_bpf_text_address+0x26/0x2a0 [ 251.508895][T10149] should_fail_ex+0x40a/0x550 [ 251.508929][T10149] prepare_alloc_pages+0x1da/0x5b0 [ 251.508959][T10149] __alloc_frozen_pages_noprof+0x16f/0x710 [ 251.508986][T10149] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 251.509030][T10149] alloc_pages_mpol+0x311/0x660 [ 251.509062][T10149] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 251.509105][T10149] alloc_pages_noprof+0x121/0x190 [ 251.509135][T10149] get_free_pages_noprof+0xc/0x30 [ 251.509157][T10149] kasan_populate_vmalloc_pte+0x38/0xe0 [ 251.509180][T10149] __apply_to_page_range+0x806/0xde0 [ 251.509217][T10149] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 251.509245][T10149] ? __pfx___apply_to_page_range+0x10/0x10 [ 251.509277][T10149] ? do_raw_spin_unlock+0x13c/0x8b0 [ 251.509303][T10149] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 251.509338][T10149] alloc_vmap_area+0x1d4e/0x2400 [ 251.509391][T10149] ? __pfx_alloc_vmap_area+0x10/0x10 [ 251.509427][T10149] ? __kasan_kmalloc+0x98/0xb0 [ 251.509452][T10149] ? __kmalloc_cache_node_noprof+0x25d/0x3a0 [ 251.509481][T10149] ? __get_vm_area_node+0x132/0x2d0 [ 251.509514][T10149] ? array_map_alloc+0x285/0x720 [ 251.509542][T10149] __get_vm_area_node+0x1c8/0x2d0 [ 251.509579][T10149] __vmalloc_node_range_noprof+0x344/0x1380 [ 251.509612][T10149] ? array_map_alloc+0x285/0x720 [ 251.509642][T10149] ? __lock_acquire+0x1397/0x2100 [ 251.509683][T10149] ? __pfx_aa_get_newest_label+0x10/0x10 [ 251.509723][T10149] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 251.509755][T10149] ? apparmor_capable+0x13b/0x1b0 [ 251.509779][T10149] ? bpf_lsm_capable+0x9/0x10 [ 251.509808][T10149] ? security_capable+0x7e/0x2d0 [ 251.509841][T10149] bpf_map_area_alloc+0xfc/0x120 [ 251.509872][T10149] ? array_map_alloc+0x285/0x720 [ 251.509902][T10149] array_map_alloc+0x285/0x720 [ 251.509938][T10149] map_create+0x946/0x11c0 [ 251.509975][T10149] __sys_bpf+0x6d3/0x820 [ 251.510006][T10149] ? __pfx___sys_bpf+0x10/0x10 [ 251.510047][T10149] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 251.510088][T10149] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 251.510121][T10149] ? do_syscall_64+0x100/0x230 [ 251.510153][T10149] __x64_sys_bpf+0x7c/0x90 [ 251.510179][T10149] do_syscall_64+0xf3/0x230 [ 251.510205][T10149] ? clear_bhb_loop+0x35/0x90 [ 251.510238][T10149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.510266][T10149] RIP: 0033:0x7f3ef6d8cde9 [ 251.510285][T10149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 251.510303][T10149] RSP: 002b:00007f3ef7b1a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 251.510326][T10149] RAX: ffffffffffffffda RBX: 00007f3ef6fa5fa0 RCX: 00007f3ef6d8cde9 [ 251.510342][T10149] RDX: 0000000000000050 RSI: 0000400000004080 RDI: 0b00000000000000 [ 251.510356][T10149] RBP: 00007f3ef7b1a090 R08: 0000000000000000 R09: 0000000000000000 [ 251.510370][T10149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 251.510382][T10149] R13: 0000000000000000 R14: 00007f3ef6fa5fa0 R15: 00007ffe096bc828 [ 251.510412][T10149] [ 252.044323][T10161] __nla_validate_parse: 3 callbacks suppressed [ 252.044343][T10161] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1124'. [ 252.124769][T10161] netlink: 'syz.3.1124': attribute type 2 has an invalid length. [ 252.174802][T10029] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 252.210654][T10029] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 252.259372][T10029] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 252.320126][T10029] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 252.346406][T10167] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1125'. [ 252.422857][T10167] vlan3: entered allmulticast mode [ 252.429853][T10172] netlink: 'syz.1.1126': attribute type 2 has an invalid length. [ 252.456971][T10167] bridge0: port 3(vlan3) entered blocking state [ 252.471037][T10167] bridge0: port 3(vlan3) entered disabled state [ 252.560134][T10029] 8021q: adding VLAN 0 to HW filter on device bond0 [ 252.581765][T10029] 8021q: adding VLAN 0 to HW filter on device team0 [ 252.627073][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 252.634309][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 252.654295][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 252.661510][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 252.687328][T10181] netlink: 'syz.1.1129': attribute type 3 has an invalid length. [ 252.903092][T10192] FAULT_INJECTION: forcing a failure. [ 252.903092][T10192] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 252.916965][T10192] CPU: 0 UID: 0 PID: 10192 Comm: syz.4.1133 Not tainted 6.14.0-rc2-syzkaller-00487-gdbcbec81c9b8 #0 [ 252.916992][T10192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 252.917004][T10192] Call Trace: [ 252.917011][T10192] [ 252.917018][T10192] dump_stack_lvl+0x241/0x360 [ 252.917046][T10192] ? __pfx_dump_stack_lvl+0x10/0x10 [ 252.917065][T10192] ? __pfx__printk+0x10/0x10 [ 252.917086][T10192] ? is_bpf_text_address+0x26/0x2a0 [ 252.917116][T10192] should_fail_ex+0x40a/0x550 [ 252.917147][T10192] prepare_alloc_pages+0x1da/0x5b0 [ 252.917178][T10192] __alloc_frozen_pages_noprof+0x16f/0x710 [ 252.917205][T10192] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 252.917250][T10192] alloc_pages_mpol+0x311/0x660 [ 252.917284][T10192] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 252.917320][T10192] alloc_pages_noprof+0x121/0x190 [ 252.917351][T10192] get_free_pages_noprof+0xc/0x30 [ 252.917372][T10192] kasan_populate_vmalloc_pte+0x38/0xe0 [ 252.917395][T10192] __apply_to_page_range+0x806/0xde0 [ 252.917434][T10192] ? __pfx_kasan_populate_vmalloc_pte+0x10/0x10 [ 252.917461][T10192] ? __pfx___apply_to_page_range+0x10/0x10 [ 252.917494][T10192] ? do_raw_spin_unlock+0x13c/0x8b0 [ 252.917526][T10192] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 252.917560][T10192] alloc_vmap_area+0x1d4e/0x2400 [ 252.917615][T10192] ? __pfx_alloc_vmap_area+0x10/0x10 [ 252.917646][T10192] ? __kasan_kmalloc+0x98/0xb0 [ 252.917671][T10192] ? __kmalloc_cache_node_noprof+0x25d/0x3a0 [ 252.917701][T10192] ? __get_vm_area_node+0x132/0x2d0 [ 252.917733][T10192] ? array_map_alloc+0x285/0x720 [ 252.917762][T10192] __get_vm_area_node+0x1c8/0x2d0 [ 252.917807][T10192] __vmalloc_node_range_noprof+0x344/0x1380 [ 252.917835][T10192] ? array_map_alloc+0x285/0x720 [ 252.917861][T10192] ? __lock_acquire+0x1397/0x2100 [ 252.917897][T10192] ? __pfx_aa_get_newest_label+0x10/0x10 [ 252.917933][T10192] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 252.917960][T10192] ? apparmor_capable+0x13b/0x1b0 [ 252.917980][T10192] ? bpf_lsm_capable+0x9/0x10 [ 252.918006][T10192] ? security_capable+0x7e/0x2d0 [ 252.918035][T10192] bpf_map_area_alloc+0xfc/0x120 [ 252.918064][T10192] ? array_map_alloc+0x285/0x720 [ 252.918088][T10192] array_map_alloc+0x285/0x720 [ 252.918119][T10192] map_create+0x946/0x11c0 [ 252.918152][T10192] __sys_bpf+0x6d3/0x820 [ 252.918178][T10192] ? __pfx___sys_bpf+0x10/0x10 [ 252.918214][T10192] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 252.918243][T10192] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 252.918270][T10192] ? do_syscall_64+0x100/0x230 [ 252.918298][T10192] __x64_sys_bpf+0x7c/0x90 [ 252.918321][T10192] do_syscall_64+0xf3/0x230 [ 252.918343][T10192] ? clear_bhb_loop+0x35/0x90 [ 252.918371][T10192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.918395][T10192] RIP: 0033:0x7f3ef6d8cde9 [ 252.918412][T10192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 252.918427][T10192] RSP: 002b:00007f3ef7b1a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 252.918447][T10192] RAX: ffffffffffffffda RBX: 00007f3ef6fa5fa0 RCX: 00007f3ef6d8cde9 [ 252.918460][T10192] RDX: 0000000000000050 RSI: 0000400000004080 RDI: 0b00000000000000 [ 252.918472][T10192] RBP: 00007f3ef7b1a090 R08: 0000000000000000 R09: 0000000000000000 [ 252.918484][T10192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 252.918494][T10192] R13: 0000000000000000 R14: 00007f3ef6fa5fa0 R15: 00007ffe096bc828 [ 252.918520][T10192] [ 253.260357][ T5852] Bluetooth: hci3: command tx timeout [ 253.612402][T10200] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1135'. [ 253.621877][T10200] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1135'. [ 253.635283][T10200] team0: entered promiscuous mode [ 253.640845][T10200] team_slave_0: entered promiscuous mode [ 253.647174][T10200] team_slave_1: entered promiscuous mode [ 253.654923][T10200] bond0: entered promiscuous mode [ 253.660924][T10200] bond_slave_0: entered promiscuous mode [ 253.666778][T10200] bond_slave_1: entered promiscuous mode [ 253.674538][T10200] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 253.682647][T10200] Cannot create hsr debugfs directory [ 253.690180][T10200] hsr1: Slave A (team0) is not up; please bring it up to get a fully working HSR network [ 253.734613][T10200] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 253.899229][T10029] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 253.978189][T10215] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1140'. [ 254.007743][T10215] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1140'. [ 254.154365][T10029] veth0_vlan: entered promiscuous mode [ 254.197953][T10222] tipc: Started in network mode [ 254.202883][T10222] tipc: Node identity _, cluster identity 4711 [ 254.241411][T10222] tipc: Enabling of bearer rejected, failed to enable media [ 254.251775][T10225] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1143'. [ 254.264359][T10029] veth1_vlan: entered promiscuous mode [ 254.284440][T10225] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1143'. [ 254.539189][T10029] veth0_macvtap: entered promiscuous mode [ 254.570231][T10029] veth1_macvtap: entered promiscuous mode [ 254.652289][T10029] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 254.695310][T10241] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.729594][T10241] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.748395][T10241] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.764632][T10241] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.773989][T10241] geneve2: entered promiscuous mode [ 254.792527][T10241] geneve2: entered allmulticast mode [ 254.803863][T10241] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.818863][T10241] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.833260][T10241] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.845284][T10241] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.980602][T10029] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 255.085260][T10029] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.101705][T10029] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.113375][T10248] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1149'. [ 255.129249][T10029] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.147770][T10029] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.236580][T10251] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1150'. [ 255.243346][T10248] vlan0: entered promiscuous mode [ 255.267795][T10248] ip6gretap0: entered promiscuous mode [ 255.277004][T10248] ip6gretap0: left promiscuous mode [ 255.338042][ T5852] Bluetooth: hci3: command tx timeout [ 255.768877][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 255.777002][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 255.808412][T10262] netlink: 'syz.4.1152': attribute type 21 has an invalid length. [ 255.816573][T10262] netlink: 'syz.4.1152': attribute type 20 has an invalid length. [ 255.885286][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 255.896730][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 256.058669][ T42] block nbd5: Possible stuck request ffff8880267b7000: control (read@0,4096B). Runtime 120 seconds [ 256.070381][T10268] nbd: must specify a size in bytes for the device [ 256.126950][T10272] nbd: must specify a size in bytes for the device [ 256.713979][T10291] geneve2: entered promiscuous mode [ 256.728174][T10291] geneve2: entered allmulticast mode [ 257.063659][ T6163] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.159085][ T6163] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.170998][T10292] __nla_validate_parse: 2 callbacks suppressed [ 257.171019][T10292] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1161'. [ 257.194787][T10292] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 257.255165][T10292] xt_CT: No such helper "pptp" [ 257.263076][ T6163] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.328194][ T6163] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.443895][ T6163] bridge_slave_1: left allmulticast mode [ 257.450476][ T6163] bridge_slave_1: left promiscuous mode [ 257.456326][ T6163] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.465129][ T6163] bridge_slave_0: left allmulticast mode [ 257.471493][ T6163] bridge_slave_0: left promiscuous mode [ 257.477207][ T6163] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.816249][ T6163] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 257.830168][ T6163] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 257.840434][ T6163] bond0 (unregistering): Released all slaves [ 258.065905][ T6163] hsr_slave_0: left promiscuous mode [ 258.076144][ T6163] hsr_slave_1: left promiscuous mode [ 258.082915][ T6163] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 258.090628][ T6163] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 258.099348][ T6163] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 258.106783][ T6163] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 258.134569][ T6163] veth1_macvtap: left promiscuous mode [ 258.140235][ T6163] veth0_macvtap: left promiscuous mode [ 258.145794][ T6163] veth1_vlan: left promiscuous mode [ 258.151214][ T6163] veth0_vlan: left promiscuous mode [ 258.285535][T10302] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1165'. [ 258.311021][T10302] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1165'. [ 258.725569][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 258.737876][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 258.754707][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 258.772443][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 258.782204][ T5838] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 258.789827][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 259.064284][ T6163] team0 (unregistering): Port device team_slave_1 removed [ 259.113990][ T6163] team0 (unregistering): Port device team_slave_0 removed [ 259.729497][T10318] netlink: 'syz.1.1166': attribute type 1 has an invalid length. [ 259.737325][T10318] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 259.900074][T10320] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1168'. [ 260.095481][T10311] chnl_net:caif_netlink_parms(): no params data found [ 260.307667][T10335] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1172'. [ 260.491541][T10311] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.527908][T10311] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.539144][ T30] INFO: task udevd:5832 blocked for more than 143 seconds. [ 260.550117][T10311] bridge_slave_0: entered allmulticast mode [ 260.559481][T10311] bridge_slave_0: entered promiscuous mode [ 260.566889][ T30] Not tainted 6.14.0-rc2-syzkaller-00487-gdbcbec81c9b8 #0 [ 260.581306][T10351] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 260.587186][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 260.597601][T10351] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.621816][ T30] task:udevd state:D stack:21672 pid:5832 tgid:5832 ppid:1 task_flags:0x400140 flags:0x00004002 [ 260.656467][T10351] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.668851][ T30] Call Trace: [ 260.672198][ T30] [ 260.675163][ T30] __schedule+0x190e/0x4c90 [ 260.687985][T10351] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.696834][T10351] geneve2: entered promiscuous mode [ 260.727771][T10351] geneve2: entered allmulticast mode [ 260.727771][ T30] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 260.727826][ T30] ? __pfx___schedule+0x10/0x10 [ 260.762787][ T30] ? __blk_flush_plug+0x449/0x500 [ 260.777035][ T30] ? __pfx_lock_release+0x10/0x10 [ 260.777329][T10342] caif:caif_disconnect_client(): nothing to disconnect [ 260.792273][ T30] ? __pfx___mod_timer+0x10/0x10 [ 260.823979][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 260.857767][ T5838] Bluetooth: hci3: command tx timeout [ 260.857840][ T30] ? schedule+0x90/0x320 [ 260.947827][ T30] schedule+0x14b/0x320 [ 260.952078][ T30] schedule_timeout+0x15a/0x290 [ 260.956982][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 261.007792][ T30] ? __pfx_process_timeout+0x10/0x10 [ 261.013177][ T30] ? prepare_to_wait_event+0x3bd/0x400 [ 261.020297][ T30] nbd_queue_rq+0x6dd/0xef0 [ 261.024876][ T30] ? __pfx_nbd_queue_rq+0x10/0x10 [ 261.030112][ T30] ? __pfx_autoremove_wake_function+0x10/0x10 [ 261.036445][ T30] blk_mq_dispatch_rq_list+0xad3/0x19d0 [ 261.042643][ T30] ? sbitmap_get+0x289/0x3f0 [ 261.047283][ T30] ? __pfx_blk_mq_dispatch_rq_list+0x10/0x10 [ 261.053632][ T30] ? __blk_mq_alloc_driver_tag+0x32d/0x730 [ 261.062996][ T30] __blk_mq_sched_dispatch_requests+0xb8a/0x1840 [ 261.073041][ T30] ? __pfx___blk_mq_sched_dispatch_requests+0x10/0x10 [ 261.083446][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 261.091755][ T30] ? __pfx___might_resched+0x10/0x10 [ 261.097220][ T30] ? sbitmap_any_bit_set+0x155/0x190 [ 261.102721][ T30] ? blk_mq_hw_queue_need_run+0x14d/0x6d0 [ 261.108716][ T30] blk_mq_sched_dispatch_requests+0xd6/0x190 [ 261.114740][ T30] ? blk_mq_run_hw_queue+0x32b/0x500 [ 261.120074][ T30] blk_mq_run_hw_queue+0x354/0x500 [ 261.125198][ T30] blk_mq_flush_plug_list+0x118e/0x1870 [ 261.130852][ T30] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 261.136780][ T30] ? blk_mq_submit_bio+0xfb9/0x25a0 [ 261.142195][ T30] ? blk_mq_submit_bio+0x494/0x25a0 [ 261.147433][ T30] __blk_flush_plug+0x420/0x500 [ 261.152385][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 261.158508][ T30] ? __pfx___blk_flush_plug+0x10/0x10 [ 261.163928][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 261.170377][ T30] __submit_bio+0x54a/0x6a0 [ 261.174926][ T30] ? __pfx___submit_bio+0x10/0x10 [ 261.180154][ T30] submit_bio_noacct_nocheck+0x4d3/0xe30 [ 261.185805][ T30] ? bio_associate_blkg_from_css+0x182/0xc70 [ 261.191987][ T30] ? __pfx___might_resched+0x10/0x10 [ 261.197295][ T30] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 261.203587][ T30] block_read_full_folio+0x9b3/0xae0 [ 261.208969][ T30] ? __pfx_blkdev_get_block+0x10/0x10 [ 261.214348][ T30] ? __pfx_block_read_full_folio+0x10/0x10 [ 261.220255][ T30] filemap_read_folio+0x148/0x3b0 [ 261.225322][ T30] ? __pfx_blkdev_read_folio+0x10/0x10 [ 261.230900][ T30] ? __pfx_filemap_read_folio+0x10/0x10 [ 261.236488][ T30] ? __filemap_get_folio+0x9a8/0xae0 [ 261.241969][ T30] ? __asan_memcpy+0x40/0x70 [ 261.246604][ T30] do_read_cache_folio+0x373/0x5b0 [ 261.251825][ T30] ? __pfx_blkdev_read_folio+0x10/0x10 [ 261.257324][ T30] read_part_sector+0xb3/0x260 [ 261.262237][ T30] adfspart_check_ICS+0xcb/0xa20 [ 261.267212][ T30] ? snprintf+0xda/0x120 [ 261.271572][ T30] ? vsnprintf+0x1148/0x1220 [ 261.276199][ T30] ? vsnprintf+0x18e/0x1220 [ 261.280778][ T30] ? __pfx_adfspart_check_ICS+0x10/0x10 [ 261.286360][ T30] ? set_page_refcounted+0xa1/0x1e0 [ 261.291631][ T30] bdev_disk_changed+0x77f/0x14d0 [ 261.296679][ T30] ? __pfx_bdev_disk_changed+0x10/0x10 [ 261.302272][ T30] ? wait_on_inode+0xc1/0x230 [ 261.306969][ T30] ? __pfx_wait_on_inode+0x10/0x10 [ 261.312195][ T30] ? do_raw_spin_unlock+0x13c/0x8b0 [ 261.317439][ T30] blkdev_get_whole+0x2d2/0x450 [ 261.322356][ T30] bdev_open+0x2d4/0xc50 [ 261.326623][ T30] blkdev_open+0x38e/0x4e0 [ 261.331115][ T30] ? __pfx_blkdev_open+0x10/0x10 [ 261.336056][ T30] do_dentry_open+0xdec/0x1960 [ 261.340897][ T30] ? vfs_open+0x31/0x370 [ 261.345383][ T30] vfs_open+0x3b/0x370 [ 261.349575][ T30] path_openat+0x2c81/0x3590 [ 261.354234][ T30] ? __pfx_path_openat+0x10/0x10 [ 261.359259][ T30] do_filp_open+0x27f/0x4e0 [ 261.363794][ T30] ? __pfx_do_filp_open+0x10/0x10 [ 261.368933][ T30] ? do_raw_spin_lock+0x14f/0x370 [ 261.374553][ T30] do_sys_openat2+0x13e/0x1d0 [ 261.379334][ T30] ? __pfx_do_sys_openat2+0x10/0x10 [ 261.384578][ T30] __x64_sys_openat+0x247/0x2a0 [ 261.389513][ T30] ? __pfx___x64_sys_openat+0x10/0x10 [ 261.394901][ T30] ? do_syscall_64+0x100/0x230 [ 261.399742][ T30] ? do_syscall_64+0xb6/0x230 [ 261.404451][ T30] do_syscall_64+0xf3/0x230 [ 261.409123][ T30] ? clear_bhb_loop+0x35/0x90 [ 261.413840][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.419801][ T30] RIP: 0033:0x7f73e37169a4 [ 261.424269][ T30] RSP: 002b:00007ffc2ebcb410 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 261.432754][ T30] RAX: ffffffffffffffda RBX: 000055bfc0dc2ff0 RCX: 00007f73e37169a4 [ 261.440777][ T30] RDX: 00000000000a0800 RSI: 000055bfc0dd4b20 RDI: 00000000ffffff9c [ 261.449019][ T30] RBP: 000055bfc0dd4b20 R08: 0000000000000001 R09: 7fffffffffffffff [ 261.457018][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000a0800 [ 261.465073][ T30] R13: 000055bfc0dcdce0 R14: 0000000000000001 R15: 000055bfc0dc2910 [ 261.473145][ T30] [ 261.476219][ T30] INFO: task udevd:6494 blocked for more than 144 seconds. [ 261.476354][T10351] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.483599][ T30] Not tainted 6.14.0-rc2-syzkaller-00487-gdbcbec81c9b8 #0 [ 261.483619][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 261.483632][ T30] task:udevd state:D stack:21672 pid:6494 tgid:6494 ppid:1 task_flags:0x400140 flags:0x00004002 [ 261.483694][ T30] Call Trace: [ 261.483705][ T30] [ 261.483719][ T30] __schedule+0x190e/0x4c90 [ 261.509282][T10351] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.521262][ T30] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 261.521320][ T30] ? __pfx___schedule+0x10/0x10 [ 261.521347][ T30] ? __blk_flush_plug+0x449/0x500 [ 261.521379][ T30] ? __pfx_lock_release+0x10/0x10 [ 261.528335][T10351] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.532221][ T30] ? __pfx___mod_timer+0x10/0x10 [ 261.548684][T10351] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.552260][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 261.591769][ T30] ? schedule+0x90/0x320 [ 261.596052][ T30] schedule+0x14b/0x320 [ 261.600307][ T30] schedule_timeout+0x15a/0x290 [ 261.605206][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 261.610689][ T30] ? __pfx_process_timeout+0x10/0x10 [ 261.615991][ T30] ? prepare_to_wait_event+0x3bd/0x400 [ 261.621620][ T30] nbd_queue_rq+0x6dd/0xef0 [ 261.626156][ T30] ? __pfx_nbd_queue_rq+0x10/0x10 [ 261.631343][ T30] ? __pfx_autoremove_wake_function+0x10/0x10 [ 261.637469][ T30] blk_mq_dispatch_rq_list+0xad3/0x19d0 [ 261.643125][ T30] ? sbitmap_get+0x289/0x3f0 [ 261.647886][ T30] ? __pfx_blk_mq_dispatch_rq_list+0x10/0x10 [ 261.654059][ T30] ? __blk_mq_alloc_driver_tag+0x32d/0x730 [ 261.660097][ T30] __blk_mq_sched_dispatch_requests+0xb8a/0x1840 [ 261.666567][ T30] ? __pfx___blk_mq_sched_dispatch_requests+0x10/0x10 [ 261.673433][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 261.678545][ T30] ? __pfx___might_resched+0x10/0x10 [ 261.683862][ T30] ? sbitmap_any_bit_set+0x155/0x190 [ 261.689326][ T30] ? blk_mq_hw_queue_need_run+0x14d/0x6d0 [ 261.695083][ T30] blk_mq_sched_dispatch_requests+0xd6/0x190 [ 261.701127][ T30] ? blk_mq_run_hw_queue+0x32b/0x500 [ 261.706421][ T30] blk_mq_run_hw_queue+0x354/0x500 [ 261.711598][ T30] blk_mq_flush_plug_list+0x118e/0x1870 [ 261.717170][ T30] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 261.723111][ T30] ? blk_mq_submit_bio+0xfb9/0x25a0 [ 261.728454][ T30] ? blk_mq_submit_bio+0x494/0x25a0 [ 261.733687][ T30] __blk_flush_plug+0x420/0x500 [ 261.738740][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 261.744788][ T30] ? __pfx___blk_flush_plug+0x10/0x10 [ 261.750254][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 261.756760][ T30] __submit_bio+0x54a/0x6a0 [ 261.761340][ T30] ? __pfx___submit_bio+0x10/0x10 [ 261.766396][ T30] submit_bio_noacct_nocheck+0x4d3/0xe30 [ 261.772196][ T30] ? bio_associate_blkg_from_css+0x182/0xc70 [ 261.778315][ T30] ? __pfx___might_resched+0x10/0x10 [ 261.783665][ T30] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 261.790008][ T30] block_read_full_folio+0x9b3/0xae0 [ 261.795330][ T30] ? __pfx_blkdev_get_block+0x10/0x10 [ 261.800848][ T30] ? __pfx_block_read_full_folio+0x10/0x10 [ 261.806712][ T30] filemap_read_folio+0x148/0x3b0 [ 261.811907][ T30] ? __pfx_blkdev_read_folio+0x10/0x10 [ 261.817425][ T30] ? __pfx_filemap_read_folio+0x10/0x10 [ 261.823175][ T30] ? __filemap_get_folio+0x9a8/0xae0 [ 261.828258][ T42] block nbd6: Possible stuck request ffff8880267e7000: control (read@0,4096B). Runtime 120 seconds [ 261.828685][ T30] ? __asan_memcpy+0x40/0x70 [ 261.844086][ T30] do_read_cache_folio+0x373/0x5b0 [ 261.849463][ T30] ? __pfx_blkdev_read_folio+0x10/0x10 [ 261.855186][ T30] read_part_sector+0xb3/0x260 [ 261.860051][ T30] adfspart_check_ICS+0xcb/0xa20 [ 261.865011][ T30] ? snprintf+0xda/0x120 [ 261.869370][ T30] ? vsnprintf+0x1148/0x1220 [ 261.874009][ T30] ? vsnprintf+0x18e/0x1220 [ 261.878584][ T30] ? __pfx_adfspart_check_ICS+0x10/0x10 [ 261.884175][ T30] ? set_page_refcounted+0xa1/0x1e0 [ 261.889832][ T30] bdev_disk_changed+0x77f/0x14d0 [ 261.894928][ T30] ? __pfx_bdev_disk_changed+0x10/0x10 [ 261.900616][ T30] ? wait_on_inode+0xc1/0x230 [ 261.905374][ T30] ? __pfx_wait_on_inode+0x10/0x10 [ 261.910575][ T30] ? do_raw_spin_unlock+0x13c/0x8b0 [ 261.915791][ T30] blkdev_get_whole+0x2d2/0x450 [ 261.920712][ T30] bdev_open+0x2d4/0xc50 [ 261.924988][ T30] blkdev_open+0x38e/0x4e0 [ 261.929793][ T30] ? __pfx_blkdev_open+0x10/0x10 [ 261.934759][ T30] do_dentry_open+0xdec/0x1960 [ 261.939600][ T30] ? vfs_open+0x31/0x370 [ 261.943875][ T30] vfs_open+0x3b/0x370 [ 261.948006][ T30] path_openat+0x2c81/0x3590 [ 261.952624][ T30] ? __pfx_path_openat+0x10/0x10 [ 261.957890][ T30] do_filp_open+0x27f/0x4e0 [ 261.962457][ T30] ? __pfx_do_filp_open+0x10/0x10 [ 261.967613][ T30] ? do_raw_spin_lock+0x14f/0x370 [ 261.972695][ T30] do_sys_openat2+0x13e/0x1d0 [ 261.977387][ T30] ? __pfx_do_sys_openat2+0x10/0x10 [ 261.982759][ T30] __x64_sys_openat+0x247/0x2a0 [ 261.987701][ T30] ? __pfx___x64_sys_openat+0x10/0x10 [ 261.993126][ T30] ? do_syscall_64+0x100/0x230 [ 261.997979][ T30] ? do_syscall_64+0xb6/0x230 [ 262.002670][ T30] do_syscall_64+0xf3/0x230 [ 262.007180][ T30] ? clear_bhb_loop+0x35/0x90 [ 262.011936][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.017915][ T30] RIP: 0033:0x7f73e37169a4 [ 262.022363][ T30] RSP: 002b:00007ffc2ebcb410 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 262.030865][ T30] RAX: ffffffffffffffda RBX: 000055bfc0de0960 RCX: 00007f73e37169a4 [ 262.038935][ T30] RDX: 00000000000a0800 RSI: 000055bfc0dc3300 RDI: 00000000ffffff9c [ 262.046914][ T30] RBP: 000055bfc0dc3300 R08: 0000000000000001 R09: 7fffffffffffffff [ 262.054998][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000a0800 [ 262.063156][ T30] R13: 000055bfc0dcb8a0 R14: 0000000000000001 R15: 000055bfc0dc2910 [ 262.071325][ T30] [ 262.074429][ T30] [ 262.074429][ T30] Showing all locks held in the system: [ 262.082468][T10342] caif:caif_disconnect_client(): nothing to disconnect [ 262.089492][ T30] 1 lock held by khungtaskd/30: [ 262.094384][ T30] #0: ffffffff8eb38f60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0 [ 262.105830][ T30] 3 locks held by kworker/u8:3/53: [ 262.116547][ T30] #0: ffff888031c7c948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 [ 262.135408][ T30] #1: ffffc90000bd7c60 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 [ 262.148678][ T30] #2: ffffffff8fed43c8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x10e/0x16a0 [ 262.158389][ T30] 3 locks held by kworker/u8:4/62: [ 262.163793][ T30] #0: ffff88801b089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 [ 262.175747][ T30] #1: ffffc9000213fc60 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 [ 262.187030][ T30] #2: ffffffff8fed43c8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 262.196436][ T30] 2 locks held by getty/5590: [ 262.201236][ T30] #0: ffff8880327660a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 262.247657][ T30] #1: ffffc90002fde2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x616/0x1770 [ 262.277566][ T30] 2 locks held by syz-executor/5831: [ 262.282915][ T30] 3 locks held by udevd/5832: [ 262.297684][ T30] #0: ffff8880265534c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xf0/0xc50 [ 262.307054][ T30] #1: ffff888025950510 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x32b/0x500 [ 262.322413][ T30] #2: ffff8880266b7178 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xcf/0xef0 [ 262.331483][ T30] 1 lock held by udevd/5837: [ 262.336121][ T30] #0: ffff88802655a4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xf0/0xc50 [ 262.345650][ T30] 4 locks held by syz-executor/5840: [ 262.351178][ T30] #0: ffff888034adcd80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x203/0x510 [ 262.361370][ T30] #1: ffff888034adc078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x60d/0x1260 [ 262.371491][ T30] #2: ffff88802a5edb38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x71/0x690 [ 262.397625][ T30] #3: ffffffff8eb3e438 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x451/0x820 [ 262.414020][ T30] 1 lock held by syz-executor/5847: [ 262.420617][ T30] 1 lock held by udevd/5853: [ 262.425241][ T30] #0: ffff88802642f4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xf0/0xc50 [ 262.437624][ T30] 1 lock held by udevd/5854: [ 262.442256][ T30] #0: ffff8880267734c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xf0/0xc50 [ 262.457085][ T30] 2 locks held by kworker/0:4/5885: [ 262.462719][ T30] #0: ffff88801b080d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 [ 262.474087][ T30] #1: ffffc9000432fc60 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 [ 262.484617][ T30] 4 locks held by kworker/u8:8/6163: [ 262.490195][ T30] #0: ffff88801bef5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 [ 262.501233][ T30] #1: ffffc9000bb7fc60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 [ 262.511925][ T30] #2: ffffffff8fec7c50 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17a/0xd60 [ 262.521609][ T30] #3: ffffffff8fed43c8 (rtnl_mutex){+.+.}-{4:4}, at: ipmr_net_exit_batch+0x20/0x90 [ 262.531268][ T30] 1 lock held by udevd/6385: [ 262.535891][ T30] #0: ffff88802669a4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xf0/0xc50 [ 262.545244][ T30] 3 locks held by udevd/6494: [ 262.550049][ T30] #0: ffff88802655e4c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xf0/0xc50 [ 262.559436][ T30] #1: ffff888020be8810 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x32b/0x500 [ 262.569253][ T30] #2: ffff8880266e0178 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xcf/0xef0 [ 262.578458][ T30] 2 locks held by kworker/1:12/9067: [ 262.583792][ T30] #0: ffff88801b080d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0 [ 262.594888][ T30] #1: ffffc90003497c60 (xfrm_state_gc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0 [ 262.605673][ T30] 1 lock held by syz-executor/10311: [ 262.611122][ T30] #0: ffffffff8fed43c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xc55/0x1d30 [ 262.620435][ T30] 2 locks held by syz.4.1173/10342: [ 262.625642][ T30] #0: ffff88806e99ca08 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x90/0x240 [ 262.635949][ T30] #1: ffff888062012258 (sk_lock-AF_CAIF){+.+.}-{0:0}, at: caif_release+0x104/0x370 [ 262.645501][ T30] 3 locks held by syz.0.1175/10351: [ 262.650890][ T30] #0: ffffffff903d2578 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x22/0x250 [ 262.660607][ T30] #1: ffffffff8fed43c8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xc55/0x1d30 [ 262.669817][ T30] #2: ffffffff8eb3e438 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x451/0x820 [ 262.681104][ T30] [ 262.683515][ T30] ============================================= [ 262.683515][ T30] [ 262.692366][T10342] caif:caif_disconnect_client(): nothing to disconnect [ 262.699680][ T30] NMI backtrace for cpu 1 [ 262.699697][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.14.0-rc2-syzkaller-00487-gdbcbec81c9b8 #0 [ 262.699720][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 262.699733][ T30] Call Trace: [ 262.699740][ T30] [ 262.699748][ T30] dump_stack_lvl+0x241/0x360 [ 262.699780][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 262.699812][ T30] ? __pfx__printk+0x10/0x10 [ 262.699845][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 262.699885][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 262.699915][ T30] ? _printk+0xd5/0x120 [ 262.699933][ T30] ? __pfx__printk+0x10/0x10 [ 262.699952][ T30] ? __wake_up_klogd+0xcc/0x110 [ 262.699981][ T30] ? __pfx__printk+0x10/0x10 [ 262.700001][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 262.700032][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 262.700061][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 262.700099][ T30] watchdog+0x1058/0x10a0 [ 262.700132][ T30] ? watchdog+0x1ea/0x10a0 [ 262.700167][ T30] ? __pfx_watchdog+0x10/0x10 [ 262.700197][ T30] kthread+0x7a9/0x920 [ 262.700227][ T30] ? __pfx_kthread+0x10/0x10 [ 262.700260][ T30] ? __pfx_watchdog+0x10/0x10 [ 262.700290][ T30] ? __pfx_kthread+0x10/0x10 [ 262.700319][ T30] ? __pfx_kthread+0x10/0x10 [ 262.700352][ T30] ? __pfx_kthread+0x10/0x10 [ 262.700381][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 262.700402][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 262.700425][ T30] ? __pfx_kthread+0x10/0x10 [ 262.700469][ T30] ret_from_fork+0x4b/0x80 [ 262.700495][ T30] ? __pfx_kthread+0x10/0x10 [ 262.700525][ T30] ret_from_fork_asm+0x1a/0x30 [ 262.700564][ T30] [ 262.700571][ T30] Sending NMI from CPU 1 to CPUs 0: [ 262.871050][ C0] NMI backtrace for cpu 0 [ 262.871067][ C0] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:1 Not tainted 6.14.0-rc2-syzkaller-00487-gdbcbec81c9b8 #0 [ 262.871087][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 262.871100][ C0] Workqueue: events_unbound toggle_allocation_gate [ 262.871128][ C0] RIP: 0010:kasan_check_range+0x94/0x290 [ 262.871152][ C0] Code: 48 83 fd 10 7f 29 48 85 ed 0f 84 3e 01 00 00 4c 89 cd 48 f7 d5 48 01 dd 41 80 3b 00 0f 85 c9 01 00 00 49 ff c3 48 ff c5 75 ee 1e 01 00 00 45 89 dc 41 83 e4 07 0f 84 b5 00 00 00 41 80 3b 00 [ 262.871167][ C0] RSP: 0018:ffffc90000117590 EFLAGS: 00000056 [ 262.871181][ C0] RAX: 0000000000000001 RBX: 1ffffffff1d87a6c RCX: ffffffff816ebc73 [ 262.871193][ C0] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8ec3d360 [ 262.871204][ C0] RBP: 0000000000000000 R08: ffffffff8ec3d363 R09: 1ffffffff1d87a6c [ 262.871217][ C0] R10: dffffc0000000000 R11: fffffbfff1d87a6d R12: 0000000000000000 [ 262.871228][ C0] R13: ffffffff8ec3cb80 R14: dffffc0000000001 R15: fffffbfff1d87a6d [ 262.871241][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 262.871255][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 262.871266][ C0] CR2: 00005653d9dd5250 CR3: 000000000e938000 CR4: 00000000003526f0 [ 262.871281][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 262.871291][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 262.871302][ C0] Call Trace: [ 262.871309][ C0] [ 262.871317][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 262.871345][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 262.871372][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 262.871399][ C0] ? nmi_handle+0x2a/0x5a0 [ 262.871432][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 262.871453][ C0] ? nmi_handle+0x14f/0x5a0 [ 262.871478][ C0] ? nmi_handle+0x2a/0x5a0 [ 262.871504][ C0] ? kasan_check_range+0x94/0x290 [ 262.871524][ C0] ? default_do_nmi+0x63/0x160 [ 262.871550][ C0] ? exc_nmi+0x123/0x1f0 [ 262.871574][ C0] ? end_repeat_nmi+0xf/0x53 [ 262.871603][ C0] ? switch_mm_irqs_off+0x7b3/0xa70 [ 262.871619][ C0] ? kasan_check_range+0x94/0x290 [ 262.871641][ C0] ? kasan_check_range+0x94/0x290 [ 262.871662][ C0] ? kasan_check_range+0x94/0x290 [ 262.871683][ C0] [ 262.871689][ C0] [ 262.871696][ C0] switch_mm_irqs_off+0x7b3/0xa70 [ 262.871713][ C0] ? text_poke_memcpy+0x25/0x30 [ 262.871731][ C0] ? __pfx_switch_mm_irqs_off+0x10/0x10 [ 262.871759][ C0] ? text_poke_memcpy+0x25/0x30 [ 262.871776][ C0] ? __asan_memcpy+0x40/0x70 [ 262.871805][ C0] __text_poke+0x8f0/0xd80 [ 262.871824][ C0] ? kmem_cache_alloc_noprof+0x84/0x380 [ 262.871847][ C0] ? __pfx_text_poke_memcpy+0x10/0x10 [ 262.871866][ C0] ? __pfx___text_poke+0x10/0x10 [ 262.871886][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 262.871907][ C0] ? __pfx___might_resched+0x10/0x10 [ 262.871929][ C0] ? __pfx___mutex_trylock_common+0x10/0x10 [ 262.871955][ C0] text_poke_bp_batch+0x59c/0xb30 [ 262.871979][ C0] ? kmem_cache_alloc_noprof+0x84/0x380 [ 262.872002][ C0] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 262.872024][ C0] ? arch_jump_label_transform_queue+0x9b/0x100 [ 262.872058][ C0] text_poke_finish+0x30/0x50 [ 262.872076][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 262.872097][ C0] static_key_disable_cpuslocked+0xd2/0x1c0 [ 262.872121][ C0] static_key_disable+0x1a/0x20 [ 262.872142][ C0] toggle_allocation_gate+0x1bf/0x260 [ 262.872163][ C0] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 262.872184][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 262.872215][ C0] ? process_scheduled_works+0x9c6/0x18e0 [ 262.872236][ C0] process_scheduled_works+0xabe/0x18e0 [ 262.872271][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 262.872298][ C0] ? assign_work+0x364/0x3d0 [ 262.872320][ C0] worker_thread+0x870/0xd30 [ 262.872350][ C0] ? __kthread_parkme+0x169/0x1d0 [ 262.872374][ C0] ? __pfx_worker_thread+0x10/0x10 [ 262.872396][ C0] kthread+0x7a9/0x920 [ 262.872420][ C0] ? __pfx_kthread+0x10/0x10 [ 262.872446][ C0] ? __pfx_worker_thread+0x10/0x10 [ 262.872468][ C0] ? __pfx_kthread+0x10/0x10 [ 262.872492][ C0] ? __pfx_kthread+0x10/0x10 [ 262.872518][ C0] ? __pfx_kthread+0x10/0x10 [ 262.872542][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 262.872558][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 262.872576][ C0] ? __pfx_kthread+0x10/0x10 [ 262.872601][ C0] ret_from_fork+0x4b/0x80 [ 262.872623][ C0] ? __pfx_kthread+0x10/0x10 [ 262.872648][ C0] ret_from_fork_asm+0x1a/0x30 [ 262.872677][ C0] [ 262.873353][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 263.327577][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.14.0-rc2-syzkaller-00487-gdbcbec81c9b8 #0 [ 263.338115][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 263.348180][ T30] Call Trace: [ 263.351467][ T30] [ 263.354408][ T30] dump_stack_lvl+0x241/0x360 [ 263.359110][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 263.364335][ T30] ? __pfx__printk+0x10/0x10 [ 263.368938][ T30] ? vscnprintf+0x5d/0x90 [ 263.373293][ T30] panic+0x349/0x880 [ 263.377211][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 263.383389][ T30] ? __pfx_panic+0x10/0x10 [ 263.387822][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 263.393210][ T30] ? __irq_work_queue_local+0x137/0x410 [ 263.398777][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 263.404171][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 263.410344][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 263.416525][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 263.422709][ T30] watchdog+0x1097/0x10a0 [ 263.427067][ T30] ? watchdog+0x1ea/0x10a0 [ 263.431507][ T30] ? __pfx_watchdog+0x10/0x10 [ 263.436202][ T30] kthread+0x7a9/0x920 [ 263.440382][ T30] ? __pfx_kthread+0x10/0x10 [ 263.444994][ T30] ? __pfx_watchdog+0x10/0x10 [ 263.449692][ T30] ? __pfx_kthread+0x10/0x10 [ 263.454307][ T30] ? __pfx_kthread+0x10/0x10 [ 263.458922][ T30] ? __pfx_kthread+0x10/0x10 [ 263.463533][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 263.468747][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 263.473954][ T30] ? __pfx_kthread+0x10/0x10 [ 263.478567][ T30] ret_from_fork+0x4b/0x80 [ 263.482999][ T30] ? __pfx_kthread+0x10/0x10 [ 263.487605][ T30] ret_from_fork_asm+0x1a/0x30 [ 263.492395][ T30] [ 263.495748][ T30] Kernel Offset: disabled [ 263.500108][ T30] Rebooting in 86400 seconds..