last executing test programs: 1m10.632205867s ago: executing program 3 (id=1667): r0 = socket$inet(0x10, 0x3, 0x0) pipe(&(0x7f00000045c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000440)=[{&(0x7f00000000c0)="1b25", 0x2}], 0x1, 0x8) r3 = socket(0x40000000029, 0x5, 0x0) sendmsg$key(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x2, 0x4, 0x4, 0x7, 0x2, 0x0, 0x70bd26, 0x25dfdbff}, 0x10}}, 0x4000) splice(r1, 0x0, r3, 0x0, 0x8000, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r4, 0x89f0, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f00000000c0)={'syztnl0\x00', r5, 0x2f, 0x9, 0x2, 0xa, 0x14, @loopback, @private1, 0x7, 0x20, 0x8}}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xfffff01c}, {0x6}]}, 0x10) 1m0.840604688s ago: executing program 3 (id=1667): r0 = socket$inet(0x10, 0x3, 0x0) pipe(&(0x7f00000045c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000440)=[{&(0x7f00000000c0)="1b25", 0x2}], 0x1, 0x8) r3 = socket(0x40000000029, 0x5, 0x0) sendmsg$key(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x2, 0x4, 0x4, 0x7, 0x2, 0x0, 0x70bd26, 0x25dfdbff}, 0x10}}, 0x4000) splice(r1, 0x0, r3, 0x0, 0x8000, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r4, 0x89f0, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f00000000c0)={'syztnl0\x00', r5, 0x2f, 0x9, 0x2, 0xa, 0x14, @loopback, @private1, 0x7, 0x20, 0x8}}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xfffff01c}, {0x6}]}, 0x10) 48.305550039s ago: executing program 3 (id=1667): r0 = socket$inet(0x10, 0x3, 0x0) pipe(&(0x7f00000045c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000440)=[{&(0x7f00000000c0)="1b25", 0x2}], 0x1, 0x8) r3 = socket(0x40000000029, 0x5, 0x0) sendmsg$key(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x2, 0x4, 0x4, 0x7, 0x2, 0x0, 0x70bd26, 0x25dfdbff}, 0x10}}, 0x4000) splice(r1, 0x0, r3, 0x0, 0x8000, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r4, 0x89f0, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f00000000c0)={'syztnl0\x00', r5, 0x2f, 0x9, 0x2, 0xa, 0x14, @loopback, @private1, 0x7, 0x20, 0x8}}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xfffff01c}, {0x6}]}, 0x10) 35.888352997s ago: executing program 3 (id=1667): r0 = socket$inet(0x10, 0x3, 0x0) pipe(&(0x7f00000045c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000440)=[{&(0x7f00000000c0)="1b25", 0x2}], 0x1, 0x8) r3 = socket(0x40000000029, 0x5, 0x0) sendmsg$key(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x2, 0x4, 0x4, 0x7, 0x2, 0x0, 0x70bd26, 0x25dfdbff}, 0x10}}, 0x4000) splice(r1, 0x0, r3, 0x0, 0x8000, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r4, 0x89f0, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f00000000c0)={'syztnl0\x00', r5, 0x2f, 0x9, 0x2, 0xa, 0x14, @loopback, @private1, 0x7, 0x20, 0x8}}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xfffff01c}, {0x6}]}, 0x10) 24.7643863s ago: executing program 3 (id=1667): r0 = socket$inet(0x10, 0x3, 0x0) pipe(&(0x7f00000045c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000440)=[{&(0x7f00000000c0)="1b25", 0x2}], 0x1, 0x8) r3 = socket(0x40000000029, 0x5, 0x0) sendmsg$key(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x2, 0x4, 0x4, 0x7, 0x2, 0x0, 0x70bd26, 0x25dfdbff}, 0x10}}, 0x4000) splice(r1, 0x0, r3, 0x0, 0x8000, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r4, 0x89f0, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f00000000c0)={'syztnl0\x00', r5, 0x2f, 0x9, 0x2, 0xa, 0x14, @loopback, @private1, 0x7, 0x20, 0x8}}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xfffff01c}, {0x6}]}, 0x10) 15.564148068s ago: executing program 0 (id=2194): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0xffff, 0x3}, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000370000000800", @ANYRES32=r4, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x808) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) bind$netlink(0xffffffffffffffff, 0x0, 0x0) r9 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0) sendmsg$IPSET_CMD_DEL(r9, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000002}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, 0xa, 0x6, 0x301, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x81}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x8) sendmsg$IPSET_CMD_DEL(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYRES32, @ANYRES16=r7, @ANYBLOB="0100000000247eaa8d4f7f566f00f888bd0e00000000003b00000008000300", @ANYRES32=r8, @ANYRES8], 0x68}}, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) close(0xffffffffffffffff) r10 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) shutdown(r10, 0x0) recvmmsg(r10, &(0x7f00000055c0), 0x400023c, 0x0, 0x0) getsockopt$bt_BT_RCVMTU(r10, 0x112, 0xd, &(0x7f0000000100)=0x3, &(0x7f0000000200)=0x2) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, 0x0, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 13.881128235s ago: executing program 1 (id=2206): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0xffff, 0x3}, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000480)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, 0x0, 0x808) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) bind$netlink(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4040000) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0) sendmsg$IPSET_CMD_DEL(r7, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000002}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, 0xa, 0x6, 0x301, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x81}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x8) sendmsg$IPSET_CMD_DEL(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYRES32, @ANYRES16=r5, @ANYBLOB="0100000000247eaa8d4f7f566f00f888bd0e00000000003b00000008000300", @ANYRES32=r6, @ANYRES8], 0x68}}, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) close(0xffffffffffffffff) r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) shutdown(r9, 0x0) recvmmsg(r9, &(0x7f00000055c0), 0x400023c, 0x0, 0x0) getsockopt$bt_BT_RCVMTU(r9, 0x112, 0xd, &(0x7f0000000100)=0x3, &(0x7f0000000200)=0x2) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r8, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r10 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r10, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0x10, &(0x7f0000000740)=@framed={{}, [@snprintf={{0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x8, 0xfe00}, {0x4, 0x0, 0x8}, {}, {0x5}, {0x7, 0x0, 0x2, 0x0}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r11}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x49}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 12.503559127s ago: executing program 3 (id=1667): r0 = socket$inet(0x10, 0x3, 0x0) pipe(&(0x7f00000045c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000440)=[{&(0x7f00000000c0)="1b25", 0x2}], 0x1, 0x8) r3 = socket(0x40000000029, 0x5, 0x0) sendmsg$key(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x2, 0x4, 0x4, 0x7, 0x2, 0x0, 0x70bd26, 0x25dfdbff}, 0x10}}, 0x4000) splice(r1, 0x0, r3, 0x0, 0x8000, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r4, 0x89f0, &(0x7f0000000140)={'ip6gre0\x00', &(0x7f00000000c0)={'syztnl0\x00', r5, 0x2f, 0x9, 0x2, 0xa, 0x14, @loopback, @private1, 0x7, 0x20, 0x8}}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xfffff01c}, {0x6}]}, 0x10) 10.215555986s ago: executing program 0 (id=2214): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="18010000200000000000000000000000850000006d0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000006d00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0x7000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet6(r2, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000180)="aabbcc", 0x3}], 0x1}}, {{&(0x7f00000001c0)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, &(0x7f0000000200)=[{&(0x7f0000000240)="aabbcc", 0x3}], 0x1}}], 0x2, 0x0) 10.084281828s ago: executing program 0 (id=2215): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00'}) socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000140)={0x5, 0x0, 0x1, 0x80000000, 0x0}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000300)={r2, 0x2, 0x2, [0x2, 0x0]}, &(0x7f0000000400)=0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000011c0)=@newtaction={0xe6c, 0x30, 0x25, 0x0, 0x0, {}, [{0xe58, 0x1, [@m_pedit={0xe54, 0x1, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x4}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x5}, {}, {}, {}, {}, {0x10}, {}, {}, {}, {}, {}, {}, {0x1, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffd}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe6c}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@bloom_filter={0x1e, 0x7f, 0xffffffc1, 0x0, 0x222e, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x4, 0x80000000, 0x5, @void, @value, @void, @value}, 0x48) r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010003000000000000001400000018000180140002006e657464657673696d3000000000000005000c00010000000800050000000000"], 0x3c}, 0x1, 0x0, 0x0, 0x2400c000}, 0x0) connect$ax25(r3, &(0x7f0000000100)={{0x3, @bcast, 0x4}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000500)=ANY=[@ANYBLOB="61154c000000000061138c0000000000bfa00000000000001503000008004e002d3501000000000095004100000000006916000000000000bf67000000000000350604000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ff3d4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf664e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932c9a6aa57f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2739670b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc401000000cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386ba3b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be19637302f3b41eae50509fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff010404faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202ee1192b81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9b5a8ded5de8206c812439ab129ae818837ee1562078fc524a3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8b0100010000000000abc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5dfd188ff555285b9743d3aac000583f44fc00b69151d681a2f71373f20d92c9048407c91fabecfe8b3f2d545ffffffff00000000a1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a80756447322207b4007dff12eb95066cc6bc256f0a12282224d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf857689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873df904c2bdbef81f246d26f4b40df949e12bdac18533d4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684ee54c0a263c806aabac2f66cb052f847c62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961ef4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fc0407de31d6e5532f360d379f20f054692b47207922fe6c14eba96c9a7ae906abc1ae1ae8c4fae92883cfa1978a04bb000000000000000000000000000000884efcecca45ea4ab2ec097668456a6ff12854997f5aed737d5205ace5c0b64f87ef10784d0479cb44ca077e0c4ce6ff880e2ce3de63853a9740e9233683bfc8636bee293aeeb680b399a296e6f44c07b5fc5d9d359af007f23004a7acb6df23664ea209620b4fe0f4df81c33bd8ca2335cb4b50881937379b45a301175c3e8eb32970564ec8e25c46ee3bae079faedaad94276cfa251be8256c4c37fc84a299fa176018054e9149a1c9d20a809ce3000000000000000000000000f6fad8476470bf4bb79d2ba2c0f7147577466f4229b364d6900ad22583c0ec630ea0c6177ad88014b074d88fea473d5ef91ed786bbd3371f0dfcc5ccf4aa82927192aa94fe70a261f1899e1f2f62d50b027f7e7cac8fe3691aa323e71d5e479d466512d1df57633a9006016322978a795431c745f0502e37b8884c368a3f9d5c05a7fb5bd25d95442d09f79c5bd656dccb450cb19c6df406ffcfc414334021df3e4654f84f10070846d3b06795445f79b1f0"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001f0001000000000000000000300000800c000100000000000000000014000000fe8000000000000000009e00000000bb0c00040000ffffffffffffffbc07379ae9931bb8db98471f2527c6"], 0x40}], 0x1}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4082d43e12186195cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea209b53b230ef0f2ab85cbdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bd3339403004b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab900000000000000000000d71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdbf24a0c5441ce046078492b53467cfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89cb349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb15f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c00c57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137df47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b558982016b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8b49e3d0168bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85a3009a5d30f479e293a3302e11350ea857b37e76ca3f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c8ffe0d508dcee3070e8b42ac38545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b217eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4444e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24000000000000000000000000000000000000cd3211b3842b68a4eddca2eae28529e97a98d7ec3fd902df1ba8fc2ad2377e72d4e7aeacbbccef5614cd965511558f40720025c022bc9c213e407f6bc4b673c55aa8e729299a37fd6339acd906ac861ba56c9fa9b8b12b5e68a3cdadb906355e1f1d336a243172affe50d0fb36c3718a7498eed3d398f405a34d494414e87ef1ce1845510d43d00171d6b4b762f89564c22d542a119878709cd6822c3a3eb47a849b0737929fe9e1eecd1bff5a2b9880e2a6d8a3b3b7e88a673c96cda4455eff1c530db0e6598a2686aa09aeaf0f1aed95aeb8b0a2cc5ca31c0f56285cc05f7090a0e0583cf540d18cd8817e685c7b4ff176178ac1234f23e54445ec20b2689832d78409897a0307e89ebcd5f4ba042a3d10237a5a8a9a6eda36d2f337dc54537b80e8433341b135b4c5bb0173ffde46ccd260e1d4f2c51e8b07bb256f1317912cb1fc9e491e0bb9109e475cc795c23ad9f4f0042c5e9c655a4d865bc4a266e6a1d3d2b7ee53be9efb33a98933b5ba74ee3ac8d34b6af8c1fdbffade3abc80842b74354162f5b994ab5254cb068bc5e2ae242a1d37d0d49947c9317fa1a46c9e259ce0e1f9db992c53f7830a5e8f4fac6b187eb9f15ba61f730f86d7d7b63bbc7a1d9ff37e87a90a14e0655304da069f9009b62717649b6c6af94fcba713f8ee6fcce25aef44d009966614b61be9369ffc589a79051b0a0000000000000003ebd34c41afe268c33c9322c3a783772aec998f51a6e70fb932a8019e72ef5ab127bb30c79ebfd867441083546305fb39449c40a166ea389a6b77b7c87f66e8bf5806726b8fc50b943627314803a12c33312dce0a10f852da3e000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), r7) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="01000000000000000000260000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008005100000000ff7f00000000000000000000000c0090000000000004000000"], 0x54}}, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f00000007c0)={'batadv_slave_1\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r7, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000800)={0x28, r8, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x8094}, 0x90) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x24048000}, 0x0) 8.305193321s ago: executing program 1 (id=2217): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) (async) socket(0x10, 0x2, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x8, 0x3, &(0x7f0000000a00)=ANY=[@ANYBLOB="7a0a00ff00000000711093000000000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) write(r1, &(0x7f0000000140)="240000001e005f80024000000000000004000000010000080000ecff08cc65ad5c0d0000003d38ff", 0x28) (async) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, 0x0, &(0x7f00000000c0)) (async) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000100)={0x0, 0xffff, 0x30}, &(0x7f00000001c0)=0xc) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x12, &(0x7f0000002280)=ANY=[@ANYBLOB="df58e791", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000186500000200000000000000ff070000184f0000fcffffff000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800006a5200007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="09000000020000006d05000002"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x1c, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="00000000114400000000000014000000b7030000000000008500060016000000bf0900000000000055090100000000009500000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa500010000000041b2bd0d3bf507010000f8ffffffbfa400000000000007040000f019ffffb702000008000000182300000000000000000000359e06ff9290357afdde003b6a7aea06100f80ca976e873d9331fa032ca2c2b0faa7890becdfadbb32d604aed1d7917c7053bcb3b4f804ca5354bb8fc6bebe7b165913212ef41e052192b4936e71dae5e7543b828ac4f93dbddc896bb45e8ef49e40cd94e9c9a11c31900e4314cc4d70a0b25bfe66d553a72170ab1c516b82c9586c737f89f013a6311f538dfc81278f579cfc7f789a22181d0100d967e10b1450eefc4197dad211a024df976cb492bf526e2be4d328cb944ac350216267ad170ebbdc1f238fb0249811535dabd5d996681b1db44431231a9c7c05bb1adf4859a44c67c72fa08f4eee9550b5fb4af53d599e186057d78562666fa53ae838a09ab182894e2cc7909bd07154be54951b2548ef8afe8641af1aa221c0faa9287ed5bb9c15a140d5b5c18dcd491419542ba02c23e8e0217dcd16df8500a35efd70cccec583c9a7b3989358e3f30b2f698245aadd9ae00bc16c49aba64f047a07749437666e54354feb614fc78401764a29f895d1b2346c2a51788772fb12dab4b82e5572bd019f80378377e8b25fea5c6aa61fb20169d53c5c77cf6e1f628eb6701decbfd7a20f7ef518b43ece4ee705bb4f0b28e06fbb13c6d37bb68809f5646729679aea3d9d32e398d55371330285fc3df7fc", @ANYRES32=r4, @ANYBLOB="0000000000000000b70500000800000085000000a5000000bf91000000000000b7020000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0) close(r5) (async) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) ioctl$SIOCSIFHWADDR(r5, 0x8b06, 0x0) (async) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) (async, rerun: 64) r7 = socket$inet(0xa, 0x801, 0x84) (rerun: 64) connect$inet(r7, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) (async, rerun: 64) listen(r7, 0x8) (async, rerun: 64) r8 = accept4(r7, 0x0, 0x0, 0x0) (async) syz_emit_ethernet(0x3e6, &(0x7f0000002340)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd68e504ea03b02ffffe800000000000000000000000000041fe8000000000000000000000000000bb0c0a010700000000fe880000000000000000000000000101fe8000000000000000000000000000bbff020000000000000000000000000001fe8000000000000000000000000000bbff0100000000000000000000000000010420880b00d400000007dd5f271f50e657485d1b1e903420459eea5f63759861bede855465c9ebc7096a8e8c853ed39d10bdfbc9002543c59db52ae6128d8b4452119490d76dc498d2aa2f7df595f8cd2916446cd4c9d4b0737df9f1bc5622545e36de812e03ee233165a7a9323b4b0ba8453020b29aac9c252fc90fa490b7870072463ddbc307086ff96f82230f2b6de5fd450445cb1cd164345abc1901aca6a46c83073f829f08dc5a644faa89e539ac77324526e795ced689beb464ae390a4cf8f4dd8cca49aa0f3b48e6a72708443ef67b0e6b1a1949292c182a3874090008000002000400c340f24e053b37a2d2352f5031bd27a221605c4df70ad7da316d75677f2ed226a9420920c54706c81d00bfb964fb5be7f9c81ff1160d6e40b16ab3fbef770280c1b7986c4646b352a65c0834b373efdc7ce1ac2447c9f38eebb7b4795148b9f82dddbbbfce28570eb887bcf8dc3d48e85c13044255d38f59233e5ebeb15464f58b1e4c3984342ad4d8d3119109943d5c7627a8c20a11e4bca781203a1277c17569e29b585643e50cc9d47ac9b568dd000608081c0a357bf87804685b1e18b5dbf38185648405ce15918bed1dfbfad75a2f9c018455f6ac2ec99c4a683412969d6a77f311d939b90a94c14b8bc4d6e6999bdfbe87d72071d267d09dac4f98954f7fbd2b3a714a3b30ffdebb5cdc22c8fab475894a606cd445656bd28b2acaf6afda049dfe1d6c88b61031a359b86293dbade726d0302425efa993d261b744c6c4a91bc365c09414a17198a04f763ad6de5f5d785356721b5c51d6aaa63a9858a71fbf56628dcdea43ef270206481a153aa977ef728efef7a4961f82ae87bb389a77d57d8f51b09d2fa86f8f9f8026072c1f18967f47cd6b850b8a6bc000a14681080088be000000001907640601000000000022eb000000022107090502000000000000040003901f0800655800000001e977419df549a054e9e44c3d68ce1350ba5cff8055e3164bb532bd053bd19b834c31da281442739742e25997001ee4277a78120fd616b739cf73c62caf66165f71c11689bc624670e9b99eb5605bedfb1d4c7ac2b26a93739b635aac02018d06c13443cb02e6e9a09d6c5a40f430842dd01d3c40aaa9cef3e77fc442f719117e7d4765aa0c1995d489f78bea351f7c4100"/994], 0x0) sendto$inet(r8, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0) (async, rerun: 32) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r8, 0x84, 0x22, &(0x7f0000000000)={0x2, 0x0, 0x6, 0xffffffff}, 0x10) (async, rerun: 32) sendto$inet6(r8, &(0x7f0000000200)='x', 0x1, 0x0, 0x0, 0x0) 8.095429461s ago: executing program 1 (id=2218): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b3f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) ioctl$TUNSETQUEUE(r1, 0x400454d9, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000002280)={'syzkaller0\x00'}) 6.927063842s ago: executing program 2 (id=2223): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) 6.91077994s ago: executing program 1 (id=2224): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0xffff, 0x3}, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000370000000800", @ANYRES32=r4, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x808) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) bind$netlink(0xffffffffffffffff, 0x0, 0x0) r9 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0) sendmsg$IPSET_CMD_DEL(r9, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000002}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, 0xa, 0x6, 0x301, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x81}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x8) sendmsg$IPSET_CMD_DEL(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYRES32, @ANYRES16=r7, @ANYBLOB="0100000000247eaa8d4f7f566f00f888bd0e00000000003b00000008000300", @ANYRES32=r8, @ANYRES8], 0x68}}, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) close(0xffffffffffffffff) r10 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) shutdown(r10, 0x0) recvmmsg(r10, &(0x7f00000055c0), 0x400023c, 0x0, 0x0) getsockopt$bt_BT_RCVMTU(r10, 0x112, 0xd, &(0x7f0000000100)=0x3, &(0x7f0000000200)=0x2) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, 0x0, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 6.765154832s ago: executing program 2 (id=2225): r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 6.653138183s ago: executing program 2 (id=2227): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0xffff, 0x3}, 0x6) socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000480)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, 0x0, 0x808) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) bind$netlink(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4040000) r7 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0) sendmsg$IPSET_CMD_DEL(r7, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000002}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x24, 0xa, 0x6, 0x301, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x81}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x7}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x8) sendmsg$IPSET_CMD_DEL(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYRES32, @ANYRES16=r5, @ANYBLOB="0100000000247eaa8d4f7f566f00f888bd0e00000000003b00000008000300", @ANYRES32=r6, @ANYRES8], 0x68}}, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3) close(0xffffffffffffffff) r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) shutdown(r9, 0x0) recvmmsg(r9, &(0x7f00000055c0), 0x400023c, 0x0, 0x0) getsockopt$bt_BT_RCVMTU(r9, 0x112, 0xd, &(0x7f0000000100)=0x3, &(0x7f0000000200)=0x2) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r8, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r10 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r10, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0x10, &(0x7f0000000740)=@framed={{}, [@snprintf={{0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x8, 0xfe00}, {0x4, 0x0, 0x8}, {}, {0x5}, {0x7, 0x0, 0x2, 0x0}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r11}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x49}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 4.074652369s ago: executing program 4 (id=2229): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc) socket$nl_xfrm(0x10, 0x3, 0x6) sendto$inet6(0xffffffffffffffff, &(0x7f0000000100)="b8", 0x1, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000000140)) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000980)=ANY=[@ANYBLOB="7c0000000308010100"/19], 0x7c}, 0x1, 0x0, 0x0, 0x8800}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r4, 0x0, 0x0, 0x40000, 0x0, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000003, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000040)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x14, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2}}}}}}}, 0x0) 3.992092334s ago: executing program 0 (id=2230): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="05000000040000000400000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x2, 0x17, &(0x7f0000000880)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x76}}, {{0x6, 0x0, 0x2, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@llu, {0x5, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x4, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r4}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$SEG6_CMD_SETHMAC(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x34, r6, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x0]}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x34}}, 0x0) sendmsg$SEG6_CMD_SETHMAC(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x2c, r6, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x7}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000440)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES32, @ANYBLOB="44000280777dda9931d040000100240001006d6f64650000000000000b0000a10000000000000000000000000000000000000500030005000000100004006c6f61646261"], 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x44084) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000080)={@initdev, @multicast1}, &(0x7f00000000c0)=0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00'}) sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) r11 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r11, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) pread64(r11, 0x0, 0x0, 0x2) sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x5c, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11, 0x1, 0x0, 0x50}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x2}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x5}]}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}]}, 0x5c}}, 0x4000000) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000008c0), r9) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x20, r2, 0x1, 0x2, 0xffffffff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x4008440) socket$isdn_base(0x22, 0x3, 0x0) 3.135063092s ago: executing program 4 (id=2231): sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000300)="d80000001e0081054e81f782db4cb904021d0800fe007c05e8fe55a10a00150002", 0x21}], 0x1}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xb, 0x1f, 0x2, 0xbf22, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000400), 0x401, r0, 0x0, 0xa002a0}, 0x38) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0x100, 0x9, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000002c0), 0x8, r1}, 0x38) bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x3, r1}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000001540), 0x2, r0}, 0x38) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[], 0x1c}}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x7, 0x4, 0x21, 0xc1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280), &(0x7f0000001280), 0xb47, r2}, 0x38) bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000100)={r2, &(0x7f00000000c0), 0x20000000}, 0x20) 2.854577013s ago: executing program 4 (id=2232): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f00000002c0)=""/5, 0xe000, 0x800, 0x1}, 0x20) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000001c0)=0x200000, 0x4) r1 = socket$tipc(0x1e, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'team_slave_1\x00', 0x0}) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x8, r2}, 0x10) getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, &(0x7f0000000040), &(0x7f00000000c0)=0x30) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r5, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp6_SCTP_STATUS(r4, 0x84, 0xe, &(0x7f0000000540)={r6, 0x3, 0x2d00, 0x8, 0x7ff, 0x5, 0x0, 0x0, {0x0, @in6={{0xa, 0x4e23, 0x7, @dev={0xfe, 0x80, '\x00', 0x3e}, 0x80000000}}, 0x800, 0x0, 0x8, 0xf59, 0x1}}, &(0x7f0000000600)=0xb0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000280)={'wlan0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000070086ce0900010073797a30000000003c000000090a0104000000f3ff0000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000215c0000000c0a0101000000003391cca47687c6c28555785015829700000000070000000900020073797a31000000000900010073797a3000000000300003802c000080080003400000000220000b801c000180090001006d657461000000000c0002800800024000731b00140000001000010000000000000000000084000ad51c17640a"], 0xe0}}, 0x0) sendmsg$IPVS_CMD_SET_CONFIG(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="01002bbd7000000000000cff00001a000600feffffff"], 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x0) r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000085008dbaab2d50156491aafb6ebd239100000f000000850000002300000095baded21e53b6172533e76042d881f0ff77ccbba3b876f82b6bd4ca0420e7e33607cb3e182c1881a1b54b0d1bd1a8d64f916bb974939ff64db600b6f8fdac97b589a22cde193baf8d88f0f8db305bbf02efcb04e44eb3f8e6de098734096e4d757db039e824f4be29af28ec7940d39a9c3810a205eed25716ac03ebc4c929a05133d0b4cf31a5d4e5be0ca234b5b601755c059acd46e97fa114cab3aa75cff7c341e9089d5d2ba83ea124c24f92ba5ad37d00df21a98d4a0d377640562400000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfe4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000d00)='kfree\x00', r10}, 0x10) r11 = socket$kcm(0x2, 0x2, 0x73) setsockopt$sock_attach_bpf(r11, 0x0, 0x17, 0x0, 0x0) 2.657759093s ago: executing program 0 (id=2233): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f00000000c0)={0x3, &(0x7f0000000000)=[{0x15, 0x1, 0x3, 0xfffffffe}, {0x60, 0x4, 0xfd}, {}]}) (fail_nth: 4) 781.844159ms ago: executing program 2 (id=2234): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_to_bridge\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newqdisc={0x54, 0x24, 0x3fe3aa0262d8c583, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x4}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x9, 0x8, 0x6, 0x10001, 0x2, 0x6dc, 0x80}}, {0x4}}]}]}, 0x54}}, 0x4004048) (fail_nth: 2) 330.645802ms ago: executing program 4 (id=2235): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) 315.555109ms ago: executing program 0 (id=2236): r0 = socket(0x27, 0x3, 0xf) r1 = socket$xdp(0x2c, 0x3, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f0000000080)=0x4000, 0x4) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r3, 0x84, 0x2, &(0x7f00000000c0)={0xfffc, 0x0, 0x0, 0x3ff}, 0x8) sendto$inet6(r3, &(0x7f00000004c0)='W', 0x1, 0x800, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback, 0x8}, 0x1c) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000100)={0x0, 0x9}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000200)={r4, @in={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2d}}}, [0x80000001, 0x58ae, 0x6, 0xa, 0xcdd, 0xe5d2, 0x2, 0x0, 0x7, 0x6, 0x8000, 0x5, 0x90000000000, 0x3, 0x7]}, &(0x7f0000000180)=0x100) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000300)={r5, @in6={{0xa, 0x4e23, 0x6, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, 0x5}}, 0x4, 0xb6a, 0x32d, 0x2, 0x7fff}, &(0x7f00000003c0)=0x98) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f00000001c0)=@sack_info={r6, 0x1, 0x3}, 0xffffffffffffff14) getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x30) 296.692663ms ago: executing program 1 (id=2237): r0 = socket$kcm(0x10, 0x400000002, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x12, 0x1, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) unshare(0x24020400) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000280)=r2, 0x4) 170.721238ms ago: executing program 2 (id=2238): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[@ANYBLOB="0e00000004000000080000000600000000000000", @ANYRES32=0x1, @ANYBLOB="000000000000007f0900000000000000100000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r1 = socket$inet6(0xa, 0x80002, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r0, &(0x7f0000000280), &(0x7f0000001840)=@udp6=r1}, 0x20) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000200)={r0, &(0x7f0000000140), &(0x7f0000000000)=""/82}, 0x20) socket$packet(0x11, 0x2, 0x300) r2 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r2, &(0x7f0000000180)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="38000000540001000000000000c4000007008209", @ANYRES32, @ANYBLOB="20000100", @ANYRES32, @ANYBLOB="00000000e000030000000000000000000000000008"], 0x38}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0) 169.889871ms ago: executing program 4 (id=2239): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x20) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$can_j1939(0x1d, 0x2, 0x7) getsockopt$SO_J1939_PROMISC(r2, 0x6b, 0x2, 0x0, &(0x7f00000000c0)) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r3, 0x29, 0x2, &(0x7f0000000100)=0x2, 0x4) r4 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r4, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) r5 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r5, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r4, {0x2, 0x0, @loopback}, 0x4}}, 0x2e) setsockopt$inet6_int(r4, 0x29, 0x8, &(0x7f0000001a00)=0xf2b, 0x4) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$cgroup_subtree(r6, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0) getsockopt$inet6_buf(r3, 0x29, 0x6, 0xfffffffffffffffd, &(0x7f00000000c0)=0xa4) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000140), r1) 121.115304ms ago: executing program 1 (id=2240): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0) close(r1) ioctl$SIOCSIFHWADDR(r1, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="060000000010"}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000300850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10}, 0x50) 78.984869ms ago: executing program 2 (id=2241): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x3, &(0x7f0000000000)={&(0x7f0000000400)={{0x14, 0x10, 0x1, 0xb}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x3}]}], {0x14}}, 0x64}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x3, 0x7, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000918110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 0s ago: executing program 4 (id=2242): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x410}, [@IFLA_AF_SPEC={0x14, 0x1a, 0x0, 0x1, [@AF_INET={0x10, 0x2, 0x0, 0x1, {0xc, 0x1, 0x0, 0x1, [{0x8, 0x1a, 0x0, 0x0, 0x6}]}}]}, @IFLA_GROUP={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000000300)={'sit0\x00', &(0x7f0000000380)={'gretap0\x00', 0x0, 0x20, 0x8000, 0x0, 0x0, {{0x34, 0x4, 0x3, 0x8, 0xd0, 0x66, 0x0, 0xfd, 0x2f, 0x0, @loopback, @rand_addr=0x64010101, {[@lsrr={0x83, 0xb, 0x3d, [@rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x37}]}, @cipso={0x86, 0x56, 0x0, [{0x0, 0x12, "3ed2d5787b38a84ee4a1871402092339"}, {0x2, 0x12, "3b722d270dbbaaec62f3e8ba39719dcb"}, {0x7, 0xd, "f2bd08676b8d5f0200a786"}, {0x1, 0x3, "a9"}, {0x2, 0x10, "1befd7ed5489d93ee6fc8e87ed60"}, {0x0, 0xc, "5a23a941b85e1f86d46a"}]}, @timestamp_prespec={0x44, 0x14, 0x7f, 0x3, 0x4, [{@loopback, 0x2}, {@dev={0xac, 0x14, 0x14, 0x44}, 0x81}]}, @ra={0x94, 0x4}, @timestamp_addr={0x44, 0x1c, 0x9f, 0x1, 0x0, [{@empty, 0x3d7}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x401}, {@remote, 0x3}]}, @ssrr={0x89, 0x23, 0xaf, [@local, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0xf}, @broadcast, @rand_addr=0x64010102, @empty, @local, @private=0xa010101]}, @noop]}}}}}) syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), r1) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r4 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r4, &(0x7f0000000140)={0x10, 0x0, 0x25dfdbfb}, 0xc) bind$netlink(r4, &(0x7f0000000140)={0x10, 0x0, 0x25dfdbfb}, 0xc) connect$inet6(r3, &(0x7f0000000240)={0xa, 0x2, 0x0, @mcast1}, 0x18) r5 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000200)={'vxcan1\x00', 0x0}) r8 = socket$inet6(0xa, 0x2, 0x3a) sendmmsg$inet6(r8, &(0x7f0000000800)=[{{&(0x7f00000000c0)={0xa, 0x4e22, 0x0, @loopback, 0x7f}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000000)="8000102e7577d401", 0x8}], 0x1, &(0x7f00000003c0)=ANY=[@ANYBLOB="1100000000000000290000000800"], 0x18}}], 0x1, 0x0) bind$inet6(r8, &(0x7f0000000480)={0xa, 0x4e22, 0x2, @dev={0xfe, 0x80, '\x00', 0x18}, 0x200}, 0x1c) sendmsg$nl_route(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@getnexthop={0x28, 0x6a, 0x200, 0x70bd25, 0x25dfdbfd, {}, [@NHA_OIF={0x8, 0x5, r6}, @NHA_OIF={0x8, 0x5, r7}]}, 0x28}, 0x1, 0x0, 0x0, 0x200000a4}, 0x0) r9 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r9, 0x0, 0x0) r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), 0xffffffffffffffff) r11 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_PORT_GET(r11, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)={0x38, r10, 0x1, 0x0, 0x0, {0x39}, [{{@pci={{0x8}, {0x11}}, {0x8}}}]}, 0x38}}, 0x0) r12 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r12, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) kernel console output (not intermixed with test programs): Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 397.881854][T12314] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 397.894697][T12396] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1695'. [ 397.920205][T12396] netlink: 'syz.4.1695': attribute type 1 has an invalid length. [ 398.098806][T12401] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1698'. [ 398.149133][T12314] hsr_slave_0: entered promiscuous mode [ 398.156942][T12314] hsr_slave_1: entered promiscuous mode [ 398.198039][T12314] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 398.212720][T12314] Cannot create hsr debugfs directory [ 398.514311][T12314] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 398.668047][T12314] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 398.764510][T12314] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 398.852431][T12426] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1704'. [ 407.501265][ T5837] Bluetooth: hci1: command tx timeout [ 408.353873][T12314] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.399665][T12432] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 408.418733][T12430] netlink: 120 bytes leftover after parsing attributes in process `syz.1.1707'. [ 408.582725][T12314] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 408.609445][T12314] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 408.619535][T12443] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1711'. [ 408.690150][T12314] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 408.705123][T12314] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 408.819640][T12314] 8021q: adding VLAN 0 to HW filter on device bond0 [ 408.865773][T12314] 8021q: adding VLAN 0 to HW filter on device team0 [ 408.883322][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 408.890605][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 408.909929][T12455] xt_CT: You must specify a L4 protocol and not use inversions on it [ 408.911488][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 408.925355][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 408.973835][T12314] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 408.985922][T12314] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 409.274556][T12314] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 409.338415][T12314] veth0_vlan: entered promiscuous mode [ 409.364672][T12314] veth1_vlan: entered promiscuous mode [ 409.427199][T12468] netlink: 'syz.2.1718': attribute type 11 has an invalid length. [ 409.448719][T12314] veth0_macvtap: entered promiscuous mode [ 409.479048][T12314] veth1_macvtap: entered promiscuous mode [ 409.543845][T12314] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 409.572518][ T54] Bluetooth: hci1: command tx timeout [ 409.596794][T12314] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 409.618332][T12314] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.641822][T12314] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.655754][T12314] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.665016][T12314] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.844177][ T2969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 409.868736][ T2969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 409.931242][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 409.939115][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 409.964207][T12482] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1723'. [ 410.001751][T12482] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1723'. [ 410.469758][T12507] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1731'. [ 410.529953][T12494] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1728'. [ 410.659668][T12515] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1733'. [ 411.288905][T12530] nbd: nbd1 already in use [ 411.297693][T12530] block nbd1: NBD_DISCONNECT [ 411.312758][T12530] block nbd1: Send disconnect failed -32 [ 411.356554][T12530] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1738'. [ 411.865051][T12544] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1743'. [ 411.927136][ T35] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 412.533242][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 412.677963][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 412.689384][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 412.699693][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 412.801300][ T5837] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 412.832706][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 412.904901][T12566] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1747'. [ 413.268964][ T35] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.364851][T12554] chnl_net:caif_netlink_parms(): no params data found [ 413.613391][ T35] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 413.667259][T12602] FAULT_INJECTION: forcing a failure. [ 413.667259][T12602] name failslab, interval 1, probability 0, space 0, times 0 [ 413.694675][T12602] CPU: 0 UID: 0 PID: 12602 Comm: syz.4.1756 Not tainted 6.13.0-rc3-syzkaller-00765-gbb70b0d48d8e #0 [ 413.705583][T12602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 413.715642][T12602] Call Trace: [ 413.718919][T12602] [ 413.721850][T12602] dump_stack_lvl+0x241/0x360 [ 413.726534][T12602] ? __pfx_dump_stack_lvl+0x10/0x10 [ 413.731730][T12602] ? __pfx__printk+0x10/0x10 [ 413.736323][T12602] ? fs_reclaim_acquire+0x93/0x130 [ 413.741437][T12602] ? __pfx___might_resched+0x10/0x10 [ 413.746716][T12602] ? dynamic_dname+0x141/0x1b0 [ 413.751484][T12602] should_fail_ex+0x3b0/0x4e0 [ 413.756160][T12602] should_failslab+0xac/0x100 [ 413.760835][T12602] __kmalloc_noprof+0xdd/0x4c0 [ 413.765598][T12602] ? tomoyo_encode+0x26f/0x540 [ 413.770360][T12602] tomoyo_encode+0x26f/0x540 [ 413.774948][T12602] ? __pfx_sockfs_dname+0x10/0x10 [ 413.779971][T12602] tomoyo_realpath_from_path+0x59e/0x5e0 [ 413.785606][T12602] tomoyo_path_number_perm+0x236/0x860 [ 413.791063][T12602] ? __lock_acquire+0x1397/0x2100 [ 413.796082][T12602] ? tomoyo_path_number_perm+0x206/0x860 [ 413.801719][T12602] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 413.807734][T12602] ? __fget_files+0x2a/0x410 [ 413.812340][T12602] ? __fget_files+0x2a/0x410 [ 413.817196][T12602] security_file_ioctl+0xc6/0x2a0 [ 413.822226][T12602] __se_sys_ioctl+0x46/0x170 [ 413.826810][T12602] do_syscall_64+0xf3/0x230 [ 413.831309][T12602] ? clear_bhb_loop+0x35/0x90 [ 413.836016][T12602] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.841922][T12602] RIP: 0033:0x7f8d47785d29 [ 413.846347][T12602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 413.865971][T12602] RSP: 002b:00007f8d48572038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 413.874397][T12602] RAX: ffffffffffffffda RBX: 00007f8d47976080 RCX: 00007f8d47785d29 [ 413.882378][T12602] RDX: 0000000020000040 RSI: 0000000000008914 RDI: 0000000000000003 [ 413.890342][T12602] RBP: 00007f8d48572090 R08: 0000000000000000 R09: 0000000000000000 [ 413.898421][T12602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 413.906413][T12602] R13: 0000000000000001 R14: 00007f8d47976080 R15: 00007fff633ffef8 [ 413.914417][T12602] [ 413.923212][T12602] ERROR: Out of memory at tomoyo_realpath_from_path. [ 414.034315][ T35] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 414.112844][T12600] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 414.167846][T12602] veth0_to_team: entered promiscuous mode [ 414.175673][T12602] veth0_to_team: entered allmulticast mode [ 414.327103][T12554] bridge0: port 1(bridge_slave_0) entered blocking state [ 414.338690][T12554] bridge0: port 1(bridge_slave_0) entered disabled state [ 414.346040][T12554] bridge_slave_0: entered allmulticast mode [ 414.353109][T12554] bridge_slave_0: entered promiscuous mode [ 414.361374][T12554] bridge0: port 2(bridge_slave_1) entered blocking state [ 414.368500][T12554] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.375898][T12554] bridge_slave_1: entered allmulticast mode [ 414.383178][T12554] bridge_slave_1: entered promiscuous mode [ 414.456102][T12624] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1764'. [ 414.496258][T12554] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 414.512486][T12554] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 414.518010][T12624] sctp: [Deprecated]: syz.4.1764 (pid 12624) Use of struct sctp_assoc_value in delayed_ack socket option. [ 414.518010][T12624] Use struct sctp_sack_info instead [ 414.862626][T12641] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1768'. [ 414.875806][T12641] netlink: 'syz.0.1768': attribute type 7 has an invalid length. [ 414.884649][ T35] bridge_slave_1: left allmulticast mode [ 414.890957][ T35] bridge_slave_1: left promiscuous mode [ 414.898303][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.926151][T12641] netlink: 'syz.0.1768': attribute type 8 has an invalid length. [ 414.951245][T12641] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1768'. [ 414.953189][ T5837] Bluetooth: hci1: command tx timeout [ 414.969950][ T35] bridge_slave_0: left allmulticast mode [ 414.984280][ T35] bridge_slave_0: left promiscuous mode [ 415.012483][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 415.698179][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 415.710188][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 415.723612][ T35] bond0 (unregistering): Released all slaves [ 415.734443][T12639] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1764'. [ 415.747140][T12554] team0: Port device team_slave_0 added [ 415.812515][T12641] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1768'. [ 415.832436][T12641] netlink: 'syz.0.1768': attribute type 7 has an invalid length. [ 415.863301][T12554] team0: Port device team_slave_1 added [ 415.879233][T12641] netlink: 'syz.0.1768': attribute type 8 has an invalid length. [ 415.910962][T12641] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1768'. [ 416.019577][T12554] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 416.030031][T12554] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 416.064917][T12554] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 416.137658][T12554] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 416.145892][T12554] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 416.178510][T12554] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 416.425277][ T35] hsr_slave_0: left promiscuous mode [ 416.461102][ T35] hsr_slave_1: left promiscuous mode [ 416.503044][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 416.549189][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 416.586603][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 416.609033][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 416.702181][ T35] veth1_macvtap: left promiscuous mode [ 416.721138][ T35] veth0_macvtap: left promiscuous mode [ 416.727216][ T35] veth1_vlan: left promiscuous mode [ 416.735527][ T35] veth0_vlan: left promiscuous mode [ 417.011358][ T5837] Bluetooth: hci1: command tx timeout [ 417.433596][ T35] team0 (unregistering): Port device team_slave_1 removed [ 417.479338][ T35] team0 (unregistering): Port device team_slave_0 removed [ 417.882719][T12554] hsr_slave_0: entered promiscuous mode [ 417.907837][T12554] hsr_slave_1: entered promiscuous mode [ 417.924452][T12554] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 417.952270][T12554] Cannot create hsr debugfs directory [ 418.711569][T12730] netlink: 'syz.1.1787': attribute type 2 has an invalid length. [ 418.783248][T12730] Tq€!7: entered promiscuous mode [ 418.977674][T12554] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 419.010105][T12554] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 419.039923][T12554] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 419.087951][T12554] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 419.095104][ T5837] Bluetooth: hci1: command tx timeout [ 419.109759][T12749] FAULT_INJECTION: forcing a failure. [ 419.109759][T12749] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 419.142850][T12749] CPU: 0 UID: 0 PID: 12749 Comm: syz.0.1792 Not tainted 6.13.0-rc3-syzkaller-00765-gbb70b0d48d8e #0 [ 419.153690][T12749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 419.164301][T12749] Call Trace: [ 419.167611][T12749] [ 419.170591][T12749] dump_stack_lvl+0x241/0x360 [ 419.175274][T12749] ? __pfx_dump_stack_lvl+0x10/0x10 [ 419.180473][T12749] ? __pfx__printk+0x10/0x10 [ 419.185088][T12749] ? __pfx_lock_release+0x10/0x10 [ 419.190126][T12749] should_fail_ex+0x3b0/0x4e0 [ 419.194821][T12749] _copy_from_user+0x2f/0xc0 [ 419.199450][T12749] copy_msghdr_from_user+0xae/0x680 [ 419.204667][T12749] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 419.210559][T12749] ? __fget_files+0x2a/0x410 [ 419.215160][T12749] ? __fget_files+0x2a/0x410 [ 419.219756][T12749] __sys_sendmsg+0x209/0x350 [ 419.224344][T12749] ? __pfx_lock_release+0x10/0x10 [ 419.229379][T12749] ? __pfx___sys_sendmsg+0x10/0x10 [ 419.234497][T12749] ? __pfx_vfs_write+0x10/0x10 [ 419.239278][T12749] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 419.245618][T12749] ? do_syscall_64+0x100/0x230 [ 419.250383][T12749] ? do_syscall_64+0xb6/0x230 [ 419.255059][T12749] do_syscall_64+0xf3/0x230 [ 419.259561][T12749] ? clear_bhb_loop+0x35/0x90 [ 419.264240][T12749] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.270159][T12749] RIP: 0033:0x7fb4ecf85d29 [ 419.274572][T12749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.294264][T12749] RSP: 002b:00007fb4ede78038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 419.302698][T12749] RAX: ffffffffffffffda RBX: 00007fb4ed175fa0 RCX: 00007fb4ecf85d29 [ 419.310699][T12749] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 419.318747][T12749] RBP: 00007fb4ede78090 R08: 0000000000000000 R09: 0000000000000000 [ 419.326727][T12749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 419.334704][T12749] R13: 0000000000000000 R14: 00007fb4ed175fa0 R15: 00007fff74ba1bb8 [ 419.342689][T12749] [ 419.455848][T12554] 8021q: adding VLAN 0 to HW filter on device bond0 [ 419.489727][T12554] 8021q: adding VLAN 0 to HW filter on device team0 [ 419.511926][ T2888] bridge0: port 1(bridge_slave_0) entered blocking state [ 419.519234][ T2888] bridge0: port 1(bridge_slave_0) entered forwarding state [ 419.558410][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 419.565625][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 419.609743][T12759] xt_CT: You must specify a L4 protocol and not use inversions on it [ 420.003962][T12554] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 420.070532][T12781] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1803'. [ 420.089094][T12554] veth0_vlan: entered promiscuous mode [ 420.095509][T12781] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1803'. [ 420.112338][T12554] veth1_vlan: entered promiscuous mode [ 420.191797][T12554] veth0_macvtap: entered promiscuous mode [ 420.214714][T12554] veth1_macvtap: entered promiscuous mode [ 420.255669][T12554] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 420.283162][T12792] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1807'. [ 420.285678][T12554] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 420.329465][T12792] tipc: Enabling not permitted [ 420.340040][T12792] tipc: Enabling of bearer rejected, failed to enable media [ 420.379476][T12554] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.405083][T12554] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.422842][T12554] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.461189][T12554] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 420.672476][ T2969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 420.707588][ T2969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 420.825965][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 420.842438][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 421.228733][T12823] xt_CT: You must specify a L4 protocol and not use inversions on it [ 421.793032][T12825] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1815'. [ 421.841448][T12825] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1815'. [ 421.937305][T12845] FAULT_INJECTION: forcing a failure. [ 421.937305][T12845] name failslab, interval 1, probability 0, space 0, times 0 [ 421.961011][T12844] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1820'. [ 421.973310][T12844] netlink: 'syz.0.1820': attribute type 1 has an invalid length. [ 421.981872][T12845] CPU: 1 UID: 0 PID: 12845 Comm: syz.2.1821 Not tainted 6.13.0-rc3-syzkaller-00765-gbb70b0d48d8e #0 [ 421.992684][T12845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 422.002756][T12845] Call Trace: [ 422.006036][T12845] [ 422.008969][T12845] dump_stack_lvl+0x241/0x360 [ 422.013692][T12845] ? __pfx_dump_stack_lvl+0x10/0x10 [ 422.018956][T12845] ? __pfx__printk+0x10/0x10 [ 422.023824][T12845] ? fs_reclaim_acquire+0x93/0x130 [ 422.029036][T12845] ? __pfx___might_resched+0x10/0x10 [ 422.034344][T12845] should_fail_ex+0x3b0/0x4e0 [ 422.039034][T12845] should_failslab+0xac/0x100 [ 422.043720][T12845] __kmalloc_noprof+0xdd/0x4c0 [ 422.048571][T12845] ? kstrtouint_from_user+0x128/0x190 [ 422.053946][T12845] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 422.059669][T12845] tomoyo_realpath_from_path+0xcf/0x5e0 [ 422.065223][T12845] tomoyo_path_number_perm+0x236/0x860 [ 422.070683][T12845] ? __lock_acquire+0x1397/0x2100 [ 422.075713][T12845] ? tomoyo_path_number_perm+0x206/0x860 [ 422.081373][T12845] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 422.087390][T12845] ? __fget_files+0x2a/0x410 [ 422.091984][T12845] ? __fget_files+0x2a/0x410 [ 422.096587][T12845] security_file_ioctl+0xc6/0x2a0 [ 422.101634][T12845] __se_sys_ioctl+0x46/0x170 [ 422.106239][T12845] do_syscall_64+0xf3/0x230 [ 422.110754][T12845] ? clear_bhb_loop+0x35/0x90 [ 422.115460][T12845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.121392][T12845] RIP: 0033:0x7feed9585d29 [ 422.125828][T12845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 422.145497][T12845] RSP: 002b:00007feeda311038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 422.154094][T12845] RAX: ffffffffffffffda RBX: 00007feed9775fa0 RCX: 00007feed9585d29 [ 422.162092][T12845] RDX: 0000000000000000 RSI: 00000000000089e9 RDI: 0000000000000004 [ 422.170093][T12845] RBP: 00007feeda311090 R08: 0000000000000000 R09: 0000000000000000 [ 422.178081][T12845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 422.186149][T12845] R13: 0000000000000000 R14: 00007feed9775fa0 R15: 00007ffe43d18928 [ 422.194147][T12845] [ 422.204289][T12845] ERROR: Out of memory at tomoyo_realpath_from_path. [ 422.212012][T12844] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1820'. [ 422.327673][T12847] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1822'. [ 423.017696][ T2888] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.135514][T12865] netlink: 'syz.1.1825': attribute type 5 has an invalid length. [ 423.381440][T12876] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1831'. [ 423.400160][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 423.412385][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 423.421612][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 423.443109][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 423.451317][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 423.458841][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 423.482223][T12883] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1831'. [ 423.547261][T12886] xt_l2tp: v2 sid > 0xffff: 262144 [ 423.727619][T12877] chnl_net:caif_netlink_parms(): no params data found [ 423.888322][T12877] bridge0: port 1(bridge_slave_0) entered blocking state [ 423.899139][T12877] bridge0: port 1(bridge_slave_0) entered disabled state [ 423.916614][T12877] bridge_slave_0: entered allmulticast mode [ 423.930480][T12877] bridge_slave_0: entered promiscuous mode [ 423.954731][T12877] bridge0: port 2(bridge_slave_1) entered blocking state [ 423.971956][T12877] bridge0: port 2(bridge_slave_1) entered disabled state [ 423.979242][T12877] bridge_slave_1: entered allmulticast mode [ 424.002666][T12877] bridge_slave_1: entered promiscuous mode [ 424.084261][T12877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 424.098403][T12877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 424.214999][T12877] team0: Port device team_slave_0 added [ 424.264156][T12877] team0: Port device team_slave_1 added [ 424.332543][T12877] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 424.350788][T12877] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 424.425644][T12877] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 424.460305][T12877] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 424.520907][T12877] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 424.595232][T12877] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 424.790228][ T2888] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 424.813350][T12946] FAULT_INJECTION: forcing a failure. [ 424.813350][T12946] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 424.835470][T12946] CPU: 1 UID: 0 PID: 12946 Comm: syz.2.1850 Not tainted 6.13.0-rc3-syzkaller-00765-gbb70b0d48d8e #0 [ 424.846313][T12946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 424.856496][T12946] Call Trace: [ 424.859803][T12946] [ 424.862757][T12946] dump_stack_lvl+0x241/0x360 [ 424.867480][T12946] ? __pfx_dump_stack_lvl+0x10/0x10 [ 424.872717][T12946] ? __pfx__printk+0x10/0x10 [ 424.877351][T12946] ? snprintf+0xda/0x120 [ 424.881620][T12946] should_fail_ex+0x3b0/0x4e0 [ 424.886405][T12946] _copy_to_user+0x31/0xb0 [ 424.890843][T12946] simple_read_from_buffer+0xca/0x150 [ 424.896227][T12946] proc_fail_nth_read+0x1e9/0x250 [ 424.901251][T12946] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 424.906797][T12946] ? rw_verify_area+0x55e/0x6f0 [ 424.911642][T12946] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 424.917184][T12946] vfs_read+0x1fc/0xb70 [ 424.921371][T12946] ? __pfx___mutex_lock+0x10/0x10 [ 424.926391][T12946] ? __pfx_vfs_read+0x10/0x10 [ 424.931071][T12946] ? __fget_files+0x2a/0x410 [ 424.935671][T12946] ? __fget_files+0x395/0x410 [ 424.940354][T12946] ? __fget_files+0x2a/0x410 [ 424.944947][T12946] ksys_read+0x18f/0x2b0 [ 424.949215][T12946] ? __pfx_ksys_read+0x10/0x10 [ 424.953972][T12946] ? do_syscall_64+0x100/0x230 [ 424.958761][T12946] ? do_syscall_64+0xb6/0x230 [ 424.963444][T12946] do_syscall_64+0xf3/0x230 [ 424.968035][T12946] ? clear_bhb_loop+0x35/0x90 [ 424.972747][T12946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.978657][T12946] RIP: 0033:0x7feed958473c [ 424.983067][T12946] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 425.002757][T12946] RSP: 002b:00007feeda311030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 425.011176][T12946] RAX: ffffffffffffffda RBX: 00007feed9775fa0 RCX: 00007feed958473c [ 425.019145][T12946] RDX: 000000000000000f RSI: 00007feeda3110a0 RDI: 0000000000000004 [ 425.027121][T12946] RBP: 00007feeda311090 R08: 0000000000000000 R09: 0000000000000000 [ 425.035086][T12946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 425.043066][T12946] R13: 0000000000000000 R14: 00007feed9775fa0 R15: 00007ffe43d18928 [ 425.051149][T12946] [ 425.150439][ T2888] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.177075][T12877] hsr_slave_0: entered promiscuous mode [ 425.194298][T12877] hsr_slave_1: entered promiscuous mode [ 425.206115][T12954] FAULT_INJECTION: forcing a failure. [ 425.206115][T12954] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 425.219620][T12877] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 425.221951][T12954] CPU: 1 UID: 0 PID: 12954 Comm: syz.1.1853 Not tainted 6.13.0-rc3-syzkaller-00765-gbb70b0d48d8e #0 [ 425.227641][T12877] Cannot create hsr debugfs directory [ 425.237918][T12954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 425.237939][T12954] Call Trace: [ 425.237949][T12954] [ 425.237959][T12954] dump_stack_lvl+0x241/0x360 [ 425.237990][T12954] ? __pfx_dump_stack_lvl+0x10/0x10 [ 425.238013][T12954] ? __pfx__printk+0x10/0x10 [ 425.238045][T12954] should_fail_ex+0x3b0/0x4e0 [ 425.238067][T12954] _copy_from_user+0x2f/0xc0 [ 425.238094][T12954] move_addr_to_kernel+0x82/0x150 [ 425.238121][T12954] copy_msghdr_from_user+0x43e/0x680 [ 425.238152][T12954] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 425.238175][T12954] ? __fget_files+0x2a/0x410 [ 425.238202][T12954] ? __fget_files+0x2a/0x410 [ 425.238235][T12954] __sys_sendmmsg+0x32b/0x720 [ 425.238276][T12954] ? __pfx___sys_sendmmsg+0x10/0x10 [ 425.238308][T12954] ? __pfx_lock_release+0x10/0x10 [ 425.238326][T12954] ? kstrtouint_from_user+0x128/0x190 [ 425.238365][T12954] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 425.238391][T12954] ? ksys_write+0x22a/0x2b0 [ 425.339634][T12954] ? __pfx_lock_release+0x10/0x10 [ 425.344673][T12954] ? vfs_write+0x730/0xd30 [ 425.349088][T12954] ? __mutex_unlock_slowpath+0x21e/0x790 [ 425.354748][T12954] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 425.360741][T12954] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 425.367092][T12954] ? do_syscall_64+0x100/0x230 [ 425.371959][T12954] __x64_sys_sendmmsg+0xa0/0xb0 [ 425.376820][T12954] do_syscall_64+0xf3/0x230 [ 425.381352][T12954] ? clear_bhb_loop+0x35/0x90 [ 425.386034][T12954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.392011][T12954] RIP: 0033:0x7f0c27d85d29 [ 425.396420][T12954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 425.416036][T12954] RSP: 002b:00007f0c28ba1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 425.424466][T12954] RAX: ffffffffffffffda RBX: 00007f0c27f75fa0 RCX: 00007f0c27d85d29 [ 425.432446][T12954] RDX: 0000000000000001 RSI: 0000000020000440 RDI: 0000000000000003 [ 425.440415][T12954] RBP: 00007f0c28ba1090 R08: 0000000000000000 R09: 0000000000000000 [ 425.448383][T12954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 425.456356][T12954] R13: 0000000000000000 R14: 00007f0c27f75fa0 R15: 00007fff6fde7258 [ 425.464339][T12954] [ 425.578140][T12958] FAULT_INJECTION: forcing a failure. [ 425.578140][T12958] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 425.596690][ T54] Bluetooth: hci1: command tx timeout [ 425.609401][ T2888] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.620814][T12958] CPU: 1 UID: 0 PID: 12958 Comm: syz.1.1854 Not tainted 6.13.0-rc3-syzkaller-00765-gbb70b0d48d8e #0 [ 425.631616][T12958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 425.641703][T12958] Call Trace: [ 425.645007][T12958] [ 425.647957][T12958] dump_stack_lvl+0x241/0x360 [ 425.652676][T12958] ? __pfx_dump_stack_lvl+0x10/0x10 [ 425.657904][T12958] ? __pfx__printk+0x10/0x10 [ 425.662627][T12958] ? snprintf+0xda/0x120 [ 425.666911][T12958] should_fail_ex+0x3b0/0x4e0 [ 425.671650][T12958] _copy_to_user+0x31/0xb0 [ 425.676109][T12958] simple_read_from_buffer+0xca/0x150 [ 425.681533][T12958] proc_fail_nth_read+0x1e9/0x250 [ 425.686592][T12958] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 425.692174][T12958] ? rw_verify_area+0x55e/0x6f0 [ 425.697064][T12958] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 425.702643][T12958] vfs_read+0x1fc/0xb70 [ 425.706842][T12958] ? __pfx___mutex_lock+0x10/0x10 [ 425.711956][T12958] ? __pfx_vfs_read+0x10/0x10 [ 425.716632][T12958] ? __fget_files+0x2a/0x410 [ 425.721236][T12958] ? __fget_files+0x395/0x410 [ 425.725918][T12958] ? __fget_files+0x2a/0x410 [ 425.730512][T12958] ksys_read+0x18f/0x2b0 [ 425.734752][T12958] ? __pfx_ksys_read+0x10/0x10 [ 425.739512][T12958] ? do_syscall_64+0x100/0x230 [ 425.744366][T12958] ? do_syscall_64+0xb6/0x230 [ 425.749042][T12958] do_syscall_64+0xf3/0x230 [ 425.753544][T12958] ? clear_bhb_loop+0x35/0x90 [ 425.758231][T12958] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.764150][T12958] RIP: 0033:0x7f0c27d8473c [ 425.768582][T12958] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 425.788208][T12958] RSP: 002b:00007f0c28ba1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 425.796634][T12958] RAX: ffffffffffffffda RBX: 00007f0c27f75fa0 RCX: 00007f0c27d8473c [ 425.804611][T12958] RDX: 000000000000000f RSI: 00007f0c28ba10a0 RDI: 0000000000000004 [ 425.812580][T12958] RBP: 00007f0c28ba1090 R08: 0000000000000000 R09: 0000000000000000 [ 425.820546][T12958] R10: 0000000000000046 R11: 0000000000000246 R12: 0000000000000001 [ 425.828508][T12958] R13: 0000000000000000 R14: 00007f0c27f75fa0 R15: 00007fff6fde7258 [ 425.836492][T12958] [ 425.848960][T12960] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1855'. [ 426.021251][T12963] FAULT_INJECTION: forcing a failure. [ 426.021251][T12963] name failslab, interval 1, probability 0, space 0, times 0 [ 426.069317][T12963] CPU: 1 UID: 0 PID: 12963 Comm: syz.0.1856 Not tainted 6.13.0-rc3-syzkaller-00765-gbb70b0d48d8e #0 [ 426.080263][T12963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 426.090350][T12963] Call Trace: [ 426.093657][T12963] [ 426.096591][T12963] dump_stack_lvl+0x241/0x360 [ 426.101275][T12963] ? __pfx_dump_stack_lvl+0x10/0x10 [ 426.106498][T12963] ? __pfx__printk+0x10/0x10 [ 426.111113][T12963] should_fail_ex+0x3b0/0x4e0 [ 426.115803][T12963] should_failslab+0xac/0x100 [ 426.120499][T12963] ? skb_clone+0x20c/0x390 [ 426.124946][T12963] kmem_cache_alloc_noprof+0x70/0x380 [ 426.130440][T12963] skb_clone+0x20c/0x390 [ 426.134726][T12963] __netlink_deliver_tap+0x3cc/0x7f0 [ 426.140044][T12963] ? netlink_deliver_tap+0x2e/0x1b0 [ 426.145250][T12963] netlink_deliver_tap+0x19d/0x1b0 [ 426.150367][T12963] netlink_unicast+0x7c4/0x990 [ 426.155156][T12963] ? __pfx_netlink_unicast+0x10/0x10 [ 426.160460][T12963] ? __virt_addr_valid+0x45f/0x530 [ 426.165602][T12963] ? __phys_addr_symbol+0x2f/0x70 [ 426.170629][T12963] ? __check_object_size+0x47a/0x730 [ 426.175931][T12963] netlink_sendmsg+0x8e4/0xcb0 [ 426.180708][T12963] ? __pfx_netlink_sendmsg+0x10/0x10 [ 426.186084][T12963] ? aa_sock_msg_perm+0x91/0x160 [ 426.191021][T12963] ? __pfx_netlink_sendmsg+0x10/0x10 [ 426.196304][T12963] __sock_sendmsg+0x221/0x270 [ 426.200993][T12963] ____sys_sendmsg+0x52a/0x7e0 [ 426.205770][T12963] ? __pfx_____sys_sendmsg+0x10/0x10 [ 426.211084][T12963] ? __fget_files+0x2a/0x410 [ 426.215693][T12963] ? __fget_files+0x2a/0x410 [ 426.220288][T12963] __sys_sendmsg+0x269/0x350 [ 426.224878][T12963] ? __pfx_lock_release+0x10/0x10 [ 426.229904][T12963] ? __pfx___sys_sendmsg+0x10/0x10 [ 426.235041][T12963] ? __pfx_vfs_write+0x10/0x10 [ 426.239814][T12963] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 426.246142][T12963] ? do_syscall_64+0x100/0x230 [ 426.250906][T12963] ? do_syscall_64+0xb6/0x230 [ 426.255582][T12963] do_syscall_64+0xf3/0x230 [ 426.260083][T12963] ? clear_bhb_loop+0x35/0x90 [ 426.264760][T12963] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.270650][T12963] RIP: 0033:0x7fb4ecf85d29 [ 426.275062][T12963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 426.294669][T12963] RSP: 002b:00007fb4ede78038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 426.303089][T12963] RAX: ffffffffffffffda RBX: 00007fb4ed175fa0 RCX: 00007fb4ecf85d29 [ 426.311061][T12963] RDX: 0000000000000040 RSI: 0000000020000400 RDI: 0000000000000003 [ 426.319025][T12963] RBP: 00007fb4ede78090 R08: 0000000000000000 R09: 0000000000000000 [ 426.326990][T12963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 426.334984][T12963] R13: 0000000000000000 R14: 00007fb4ed175fa0 R15: 00007fff74ba1bb8 [ 426.342968][T12963] [ 426.383424][T12968] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1858'. [ 426.660319][ T2888] bridge_slave_1: left allmulticast mode [ 426.700504][ T2888] bridge_slave_1: left promiscuous mode [ 426.718692][ T2888] bridge0: port 2(bridge_slave_1) entered disabled state [ 426.750964][ T2888] bridge_slave_0: left allmulticast mode [ 426.756663][ T2888] bridge_slave_0: left promiscuous mode [ 426.765745][ T2888] bridge0: port 1(bridge_slave_0) entered disabled state [ 426.985848][T12979] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1862'. [ 427.595520][T12991] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1864'. [ 427.651489][ T54] Bluetooth: hci1: command tx timeout [ 427.681155][T12991] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1864'. [ 427.715532][T12991] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1864'. [ 427.727769][ T2888] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 427.749170][ T2888] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 427.766295][ T2888] bond0 (unregistering): Released all slaves [ 427.773500][ T54] block nbd1: Receive control failed (result -107) [ 427.791218][T12991] nbd1: detected capacity change from 0 to 256 [ 427.800006][ T9453] block nbd1: Dead connection, failed to find a fallback [ 427.808137][ T9453] block nbd1: shutting down sockets [ 427.815027][ T9453] blk_print_req_error: 27 callbacks suppressed [ 427.815043][ T9453] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 427.841499][ T9453] buffer_io_error: 27 callbacks suppressed [ 427.841519][ T9453] Buffer I/O error on dev nbd1, logical block 0, async page read [ 427.857134][ T9453] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 427.866469][ T9453] Buffer I/O error on dev nbd1, logical block 0, async page read [ 427.875037][ T9453] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 427.885193][ T9453] Buffer I/O error on dev nbd1, logical block 0, async page read [ 427.931985][ T9453] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 427.962800][ T9453] Buffer I/O error on dev nbd1, logical block 0, async page read [ 428.011514][ T9453] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 428.039554][ T9453] Buffer I/O error on dev nbd1, logical block 0, async page read [ 428.069178][ T9453] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 428.134609][ T9453] Buffer I/O error on dev nbd1, logical block 0, async page read [ 428.166950][ T9453] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 428.205653][ T9453] Buffer I/O error on dev nbd1, logical block 0, async page read [ 428.224363][ T9453] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 428.256414][ T9453] Buffer I/O error on dev nbd1, logical block 0, async page read [ 428.284341][ T9453] ldm_validate_partition_table(): Disk read failed. [ 428.311474][ T9453] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 428.343508][ T9453] Buffer I/O error on dev nbd1, logical block 0, async page read [ 428.364542][ T9453] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 428.405747][ T9453] Buffer I/O error on dev nbd1, logical block 0, async page read [ 428.448527][ T9453] Dev nbd1: unable to read RDB block 0 [ 428.470215][ T9453] nbd1: unable to read partition table [ 428.512559][ T9453] ldm_validate_partition_table(): Disk read failed. [ 428.534906][ T9453] Dev nbd1: unable to read RDB block 0 [ 428.551301][ T9453] nbd1: unable to read partition table [ 428.577081][T13018] xt_CT: You must specify a L4 protocol and not use inversions on it [ 428.644837][ T2888] hsr_slave_0: left promiscuous mode [ 428.733183][T12953] Set syz1 is full, maxelem 65536 reached [ 428.857638][ T2888] hsr_slave_1: left promiscuous mode [ 428.874447][ T2888] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 428.893675][ T2888] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 428.917944][ T2888] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 428.926187][ T2888] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 428.963506][ T2888] veth1_macvtap: left promiscuous mode [ 428.969342][ T2888] veth0_macvtap: left promiscuous mode [ 428.979953][ T2888] veth1_vlan: left promiscuous mode [ 428.985587][ T2888] veth0_vlan: left promiscuous mode [ 429.510952][ T2888] team0 (unregistering): Port device team_slave_1 removed [ 429.557268][ T2888] team0 (unregistering): Port device team_slave_0 removed [ 429.730842][ T54] Bluetooth: hci1: command tx timeout [ 429.982689][T13037] sch_tbf: burst 0 is lower than device lo mtu (14) ! [ 430.136901][T12877] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 430.177550][T12877] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 430.219307][T12877] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 430.271535][T13050] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1878'. [ 430.285722][T12877] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 430.520358][T12877] 8021q: adding VLAN 0 to HW filter on device bond0 [ 430.614138][T12877] 8021q: adding VLAN 0 to HW filter on device team0 [ 430.641638][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 430.648791][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 430.672575][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 430.679769][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 430.998521][T12877] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 431.028739][T13089] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1891'. [ 431.096379][T12877] veth0_vlan: entered promiscuous mode [ 431.127677][T12877] veth1_vlan: entered promiscuous mode [ 431.143022][T13092] openvswitch: netlink: Port -1 exceeds max allowable 65535 [ 431.195433][T12877] veth0_macvtap: entered promiscuous mode [ 431.207388][T12877] veth1_macvtap: entered promiscuous mode [ 431.265262][T12877] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 431.293117][T12877] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 431.325705][T12877] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.352486][T12877] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.368700][T12877] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.377318][T13095] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1894'. [ 431.379575][T12877] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.409785][T13095] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1894'. [ 431.424687][T13095] netlink: 'syz.4.1894': attribute type 5 has an invalid length. [ 431.438998][T13095] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1894'. [ 431.503002][T13095] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1894'. [ 431.534087][ T2982] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 431.552719][ T2982] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 431.583268][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 431.610762][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 432.552622][T13133] openvswitch: netlink: Multiple metadata blocks provided [ 432.819393][ T2969] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.083712][T13135] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1905'. [ 433.116759][T13132] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1905'. [ 433.699105][T13160] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1910'. [ 433.986139][ T2969] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.115088][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 434.126072][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 434.136731][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 434.148958][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 434.159761][ T5837] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 434.167444][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 434.266370][ T2969] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.412121][ T2969] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.740781][ T2969] bridge_slave_1: left allmulticast mode [ 434.761125][ T2969] bridge_slave_1: left promiscuous mode [ 434.774748][ T2969] bridge0: port 2(bridge_slave_1) entered disabled state [ 434.796842][ T2969] bridge_slave_0: left allmulticast mode [ 434.810610][ T2969] bridge_slave_0: left promiscuous mode [ 434.824508][ T2969] bridge0: port 1(bridge_slave_0) entered disabled state [ 435.397821][T13149] warn_alloc: 5 callbacks suppressed [ 435.397845][T13149] syz.2.1908: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 435.442213][T13149] CPU: 0 UID: 0 PID: 13149 Comm: syz.2.1908 Not tainted 6.13.0-rc3-syzkaller-00765-gbb70b0d48d8e #0 [ 435.453055][T13149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 435.463145][T13149] Call Trace: [ 435.466441][T13149] [ 435.469365][T13149] dump_stack_lvl+0x241/0x360 [ 435.474061][T13149] ? __pfx_dump_stack_lvl+0x10/0x10 [ 435.479316][T13149] ? __pfx__printk+0x10/0x10 [ 435.484060][T13149] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 435.490523][T13149] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 435.497073][T13149] warn_alloc+0x278/0x410 [ 435.501437][T13149] ? __pfx_warn_alloc+0x10/0x10 [ 435.506315][T13149] ? translate_table+0x174/0x2330 [ 435.511373][T13149] ? __get_vm_area_node+0x1c8/0x2d0 [ 435.516619][T13149] ? __get_vm_area_node+0x25c/0x2d0 [ 435.521865][T13149] __vmalloc_node_range_noprof+0x62f/0x1380 [ 435.527798][T13149] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 435.533580][T13149] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 435.539939][T13149] ? rcu_is_watching+0x15/0xb0 [ 435.544740][T13149] ? trace_kmalloc+0x1f/0xd0 [ 435.549365][T13149] ? __kmalloc_node_noprof+0x2ad/0x4d0 [ 435.554866][T13149] ? __kvmalloc_node_noprof+0x72/0x190 [ 435.560357][T13149] __kvmalloc_node_noprof+0x142/0x190 [ 435.565751][T13149] ? translate_table+0x174/0x2330 [ 435.570808][T13149] translate_table+0x174/0x2330 [ 435.575714][T13149] ? __pfx_translate_table+0x10/0x10 [ 435.581024][T13149] ? __might_fault+0xaa/0x120 [ 435.586085][T13149] ? __pfx_lock_release+0x10/0x10 [ 435.591152][T13149] ? __virt_addr_valid+0x183/0x530 [ 435.596301][T13149] ? __might_fault+0xaa/0x120 [ 435.601007][T13149] ? __might_fault+0xc6/0x120 [ 435.605708][T13149] ? _copy_from_user+0x99/0xc0 [ 435.610501][T13149] ? copy_from_sockptr_offset+0x6b/0xb0 [ 435.616081][T13149] do_ip6t_set_ctl+0xe4c/0x1270 [ 435.620964][T13149] ? __pfx___mutex_trylock_common+0x10/0x10 [ 435.626887][T13149] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 435.632194][T13149] ? __pfx_lock_release+0x10/0x10 [ 435.637238][T13149] ? rcu_is_watching+0x15/0xb0 [ 435.642291][T13149] ? trace_contention_end+0x3c/0x120 [ 435.647620][T13149] ? __mutex_unlock_slowpath+0x21e/0x790 [ 435.653279][T13149] ? __pfx___mutex_lock+0x10/0x10 [ 435.658328][T13149] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 435.664418][T13149] ? aa_sk_perm+0x96d/0xab0 [ 435.668959][T13149] ? __pfx_aa_sk_perm+0x10/0x10 [ 435.673842][T13149] nf_setsockopt+0x295/0x2c0 [ 435.678475][T13149] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 435.684404][T13149] do_sock_setsockopt+0x3af/0x720 [ 435.689544][T13149] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 435.695126][T13149] ? __fget_files+0x395/0x410 [ 435.699829][T13149] ? __fget_files+0x2a/0x410 [ 435.704452][T13149] __x64_sys_setsockopt+0x1ee/0x280 [ 435.709682][T13149] do_syscall_64+0xf3/0x230 [ 435.714206][T13149] ? clear_bhb_loop+0x35/0x90 [ 435.718915][T13149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.724834][T13149] RIP: 0033:0x7feed9585d29 [ 435.729270][T13149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 435.748904][T13149] RSP: 002b:00007feeda311038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 435.757363][T13149] RAX: ffffffffffffffda RBX: 00007feed9775fa0 RCX: 00007feed9585d29 [ 435.765382][T13149] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003 [ 435.773385][T13149] RBP: 00007feed9601b08 R08: 0000000000000380 R09: 0000000000000000 [ 435.781413][T13149] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000000 [ 435.789411][T13149] R13: 0000000000000000 R14: 00007feed9775fa0 R15: 00007ffe43d18928 [ 435.797449][T13149] [ 435.804177][T13149] Mem-Info: [ 435.807346][T13149] active_anon:9635 inactive_anon:0 isolated_anon:0 [ 435.807346][T13149] active_file:1761 inactive_file:38405 isolated_file:0 [ 435.807346][T13149] unevictable:768 dirty:243 writeback:0 [ 435.807346][T13149] slab_reclaimable:10039 slab_unreclaimable:103641 [ 435.807346][T13149] mapped:31101 shmem:1446 pagetables:760 [ 435.807346][T13149] sec_pagetables:0 bounce:0 [ 435.807346][T13149] kernel_misc_reclaimable:0 [ 435.807346][T13149] free:1308937 free_pcp:8448 free_cma:0 [ 435.854724][T13149] Node 0 active_anon:38840kB inactive_anon:0kB active_file:7044kB inactive_file:153544kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:124404kB dirty:968kB writeback:0kB shmem:4248kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11272kB pagetables:3040kB sec_pagetables:0kB all_unreclaimable? no [ 435.887539][T13149] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 435.918918][T13149] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 435.947980][T13149] lowmem_reserve[]: 0 2465 2466 0 0 [ 435.975287][T13149] Node 0 DMA32 free:1315780kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:39096kB inactive_anon:0kB active_file:7044kB inactive_file:152720kB unevictable:1536kB writepending:964kB present:3129332kB managed:2552760kB mlocked:0kB bounce:0kB free_pcp:33860kB local_pcp:27964kB free_cma:0kB [ 436.020911][T13149] lowmem_reserve[]: 0 0 0 0 0 [ 436.026048][T13149] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:4kB present:1048580kB managed:876kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 436.054965][T13149] lowmem_reserve[]: 0 0 0 0 0 [ 436.059753][T13149] Node 1 Normal free:3904608kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 436.089003][T13149] lowmem_reserve[]: 0 0 0 0 0 [ 436.093975][T13149] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 436.106938][T13149] Node 0 DMA32: 2*4kB (UM) 9*8kB (E) 19*16kB (UME) 14*32kB (UE) 4*64kB (E) 9*128kB (UME) 67*256kB (UME) 148*512kB (UM) 101*1024kB (UME) 13*2048kB (UME) 266*4096kB (M) = 1314752kB [ 436.125105][T13149] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 436.136898][T13149] Node 1 Normal: 212*4kB (UME) 52*8kB (UME) 39*16kB (UME) 212*32kB (UME) 98*64kB (UME) 30*128kB (UME) 13*256kB (UM) 13*512kB (UME) 5*1024kB (UME) 4*2048kB (UE) 943*4096kB (M) = 3904608kB [ 436.155792][T13149] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 436.165545][T13149] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 436.175007][T13149] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 436.184707][T13149] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 436.194152][T13149] 41612 total pagecache pages [ 436.198872][T13149] 0 pages in swap cache [ 436.203145][T13149] Free swap = 124996kB [ 436.207453][T13149] Total swap = 124996kB [ 436.211729][T13149] 2097051 pages RAM [ 436.215560][T13149] 0 pages HighMem/MovableOnly [ 436.220320][T13149] 427011 pages reserved [ 436.220392][ T54] Bluetooth: hci1: command tx timeout [ 436.225178][T13149] 0 pages cma reserved [ 436.237688][ T2969] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 436.439511][ T2969] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 436.605899][ T2969] bond0 (unregistering): Released all slaves [ 437.035918][T13172] chnl_net:caif_netlink_parms(): no params data found [ 437.097188][ T2969] hsr_slave_0: left promiscuous mode [ 437.108611][ T2969] hsr_slave_1: left promiscuous mode [ 437.128535][ T2969] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 437.153019][ T2969] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 437.168617][ T2969] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 437.187319][ T2969] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 437.222118][ T2969] veth1_macvtap: left promiscuous mode [ 437.240570][ T2969] veth0_macvtap: left promiscuous mode [ 437.249165][T13215] netlink: 'syz.1.1921': attribute type 10 has an invalid length. [ 437.267908][ T2969] veth1_vlan: left promiscuous mode [ 437.279860][ T2969] veth0_vlan: left promiscuous mode [ 438.291311][ T54] Bluetooth: hci1: command tx timeout [ 438.377237][ T2969] team0 (unregistering): Port device team_slave_1 removed [ 438.493991][ T2969] team0 (unregistering): Port device team_slave_0 removed [ 439.193983][T13217] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1922'. [ 439.203819][T13217] block nbd0: NBD_DISCONNECT [ 439.208494][T13217] block nbd0: Send disconnect failed -32 [ 439.308317][T13215] macvlan0: entered allmulticast mode [ 439.324851][T13215] veth1_vlan: entered allmulticast mode [ 439.370203][T13215] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 439.610039][T13172] bridge0: port 1(bridge_slave_0) entered blocking state [ 439.641019][T13172] bridge0: port 1(bridge_slave_0) entered disabled state [ 439.658681][T13172] bridge_slave_0: entered allmulticast mode [ 439.705521][T13172] bridge_slave_0: entered promiscuous mode [ 439.730548][T13230] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1926'. [ 439.733913][T13172] bridge0: port 2(bridge_slave_1) entered blocking state [ 439.781329][T13172] bridge0: port 2(bridge_slave_1) entered disabled state [ 439.798192][T13172] bridge_slave_1: entered allmulticast mode [ 439.826755][T13172] bridge_slave_1: entered promiscuous mode [ 439.926180][T13172] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 439.953282][T13172] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 440.035258][T13172] team0: Port device team_slave_0 added [ 440.054139][T13172] team0: Port device team_slave_1 added [ 440.097706][T13257] netlink: 'syz.4.1930': attribute type 32 has an invalid length. [ 440.109342][T13257] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1930'. [ 440.136514][T13172] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 440.150750][T13172] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 440.200962][T13172] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 440.212831][T13257] (unnamed net_device) (uninitialized): Setting coupled_control to off (0) [ 440.245959][T13172] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 440.276892][T13172] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 440.373400][ T54] Bluetooth: hci1: command tx timeout [ 440.437814][T13172] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 440.449984][T13261] ip6t_srh: unknown srh invflags 92A7 [ 440.463793][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.470145][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.479859][T13264] IPVS: length: 123 != 8 [ 440.661157][T13172] hsr_slave_0: entered promiscuous mode [ 440.667789][T13172] hsr_slave_1: entered promiscuous mode [ 440.676495][T13172] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 440.689781][T13172] Cannot create hsr debugfs directory [ 441.711325][T13293] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1939'. [ 441.741981][T13293] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1939'. [ 441.763587][T13293] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1939'. [ 441.908387][T13172] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 441.928853][T13172] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 441.950148][T13172] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 441.975248][T13172] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 442.029682][T13308] xt_CT: You must specify a L4 protocol and not use inversions on it [ 442.203845][T13172] 8021q: adding VLAN 0 to HW filter on device bond0 [ 442.267796][T13172] 8021q: adding VLAN 0 to HW filter on device team0 [ 442.303447][ T2982] bridge0: port 1(bridge_slave_0) entered blocking state [ 442.310632][ T2982] bridge0: port 1(bridge_slave_0) entered forwarding state [ 442.354223][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 442.361572][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 442.384062][T13312] x_tables: duplicate underflow at hook 1 [ 442.451032][ T54] Bluetooth: hci1: command tx timeout [ 442.807511][T13172] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 442.862208][T13324] xt_CT: You must specify a L4 protocol and not use inversions on it [ 442.915307][T13172] veth0_vlan: entered promiscuous mode [ 442.956593][T13329] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1949'. [ 442.989482][T13172] veth1_vlan: entered promiscuous mode [ 443.169730][T13172] veth0_macvtap: entered promiscuous mode [ 443.193860][T13172] veth1_macvtap: entered promiscuous mode [ 443.246860][T13172] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 443.271467][T13172] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 443.356180][T13172] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.371520][T13172] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.380265][T13172] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.412300][T13172] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.546124][T13342] netlink: 'syz.2.1953': attribute type 1 has an invalid length. [ 443.590362][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 443.783151][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 443.812400][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 443.820259][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 443.948583][T13348] xt_CT: You must specify a L4 protocol and not use inversions on it [ 444.028572][T13350] Cannot find del_set index 4 as target [ 444.539721][T13372] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1962'. [ 445.050262][T13401] netlink: 'syz.0.1970': attribute type 1 has an invalid length. [ 445.058394][T13401] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1970'. [ 445.069514][T13401] netlink: 'syz.0.1970': attribute type 1 has an invalid length. [ 445.315098][T11031] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 445.363323][T13407] netlink: 'syz.0.1973': attribute type 27 has an invalid length. [ 445.374738][T13407] set match dimension is over the limit! [ 445.458466][T13410] pim6reg: entered allmulticast mode [ 445.925527][T11031] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.075677][T11031] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.287452][T13426] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1976'. [ 446.444164][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 446.463682][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 446.465138][T11031] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 446.484402][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 446.494429][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 446.506995][ T5837] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 446.515027][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 446.937328][T11031] bridge_slave_1: left allmulticast mode [ 446.952437][T11031] bridge_slave_1: left promiscuous mode [ 446.958437][T11031] bridge0: port 2(bridge_slave_1) entered disabled state [ 447.058675][T11031] bridge_slave_0: left allmulticast mode [ 447.073199][T11031] bridge_slave_0: left promiscuous mode [ 447.079197][T11031] bridge0: port 1(bridge_slave_0) entered disabled state [ 447.574472][T11031] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 447.587741][T11031] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 447.599361][T11031] bond0 (unregistering): Released all slaves [ 447.855897][T13434] chnl_net:caif_netlink_parms(): no params data found [ 447.918502][T11031] hsr_slave_0: left promiscuous mode [ 447.934333][T11031] hsr_slave_1: left promiscuous mode [ 447.963680][T11031] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 447.980943][T11031] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 447.993348][T11031] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 448.013901][T11031] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 448.054899][T11031] veth1_macvtap: left promiscuous mode [ 448.061285][T13467] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1990'. [ 448.072225][T11031] veth0_macvtap: left promiscuous mode [ 448.077877][T11031] veth1_vlan: left promiscuous mode [ 448.084307][T11031] veth0_vlan: left promiscuous mode [ 448.735349][ T5837] Bluetooth: hci1: command tx timeout [ 449.387069][T11031] team0 (unregistering): Port device team_slave_1 removed [ 449.544968][T11031] team0 (unregistering): Port device team_slave_0 removed [ 450.410096][T13499] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2001'. [ 450.432373][T13499] team1 (uninitialized): Failed to send options change via netlink (err -105) [ 450.456172][T13500] sch_tbf: burst 44 is lower than device veth0 mtu (1514) ! [ 450.648299][T13508] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2004'. [ 450.771244][ T5837] Bluetooth: hci1: command tx timeout [ 450.813710][T13434] bridge0: port 1(bridge_slave_0) entered blocking state [ 450.821013][T13434] bridge0: port 1(bridge_slave_0) entered disabled state [ 450.828262][T13434] bridge_slave_0: entered allmulticast mode [ 450.861898][T13434] bridge_slave_0: entered promiscuous mode [ 450.869969][T13517] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 450.892713][T13434] bridge0: port 2(bridge_slave_1) entered blocking state [ 450.899917][T13434] bridge0: port 2(bridge_slave_1) entered disabled state [ 450.917476][T13434] bridge_slave_1: entered allmulticast mode [ 450.971626][T13434] bridge_slave_1: entered promiscuous mode [ 451.097081][T13434] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 451.161570][T13434] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 451.274746][T13434] team0: Port device team_slave_0 added [ 451.324872][T13434] team0: Port device team_slave_1 added [ 451.452679][T13434] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 451.459671][T13434] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 451.540798][T13434] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 451.572795][T13434] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 451.590958][T13434] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 451.646286][T13434] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 451.918819][T13434] hsr_slave_0: entered promiscuous mode [ 451.952546][T13434] hsr_slave_1: entered promiscuous mode [ 451.961150][T13434] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 451.968786][T13434] Cannot create hsr debugfs directory [ 452.413092][T13559] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2014'. [ 452.861017][ T5837] Bluetooth: hci1: command tx timeout [ 453.528402][T13571] netlink: 'syz.0.2020': attribute type 1 has an invalid length. [ 454.098377][T13572] bond2: (slave gretap2): making interface the new active one [ 454.115705][T13572] bond2: (slave gretap2): Enslaving as an active interface with an up link [ 454.135288][T13573] tipc: Started in network mode [ 454.150140][T13573] tipc: Node identity ac14142f, cluster identity 4711 [ 454.165402][T13573] tipc: Enabling of bearer rejected, failed to enable media [ 454.390573][T13434] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 454.405187][T13434] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 454.426237][T13434] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 454.444052][T13434] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 454.592551][T13434] 8021q: adding VLAN 0 to HW filter on device bond0 [ 454.630483][T13434] 8021q: adding VLAN 0 to HW filter on device team0 [ 454.653782][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 454.660983][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 454.670918][T13590] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2027'. [ 454.687774][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 454.695000][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 454.720851][ C0] vxcan0: j1939_tp_rxtimer: 0xffff888020af1000: rx timeout, send abort [ 454.729521][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88807ef6e000: rx timeout, send abort [ 454.738471][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff888020af1000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 454.753031][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff88807ef6e000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 454.809086][T13434] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 454.829846][T13434] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 454.942869][ T5837] Bluetooth: hci1: command tx timeout [ 455.050281][T13605] netlink: 'syz.2.2030': attribute type 21 has an invalid length. [ 455.058413][T13605] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2030'. [ 455.070313][T13605] netlink: 'syz.2.2030': attribute type 5 has an invalid length. [ 455.086339][T13605] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2030'. [ 455.124833][T13434] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 455.224280][T13434] veth0_vlan: entered promiscuous mode [ 455.262036][T13434] veth1_vlan: entered promiscuous mode [ 455.345731][T13434] veth0_macvtap: entered promiscuous mode [ 455.366388][T13434] veth1_macvtap: entered promiscuous mode [ 455.423509][T13434] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 455.469705][T13434] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 455.503937][T13434] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.540831][T13434] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.549678][T13434] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.590837][T13434] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.639520][T13619] netlink: 'syz.2.2035': attribute type 29 has an invalid length. [ 455.662936][T13618] netlink: 'syz.2.2035': attribute type 29 has an invalid length. [ 455.825587][ T2969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 455.865454][ T2969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 455.943182][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 455.960874][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 456.088249][T13638] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2038'. [ 456.124978][T13633] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2039'. [ 456.217310][T13641] xt_CT: You must specify a L4 protocol and not use inversions on it [ 456.458281][T13652] netlink: 'syz.2.2042': attribute type 1 has an invalid length. [ 457.306257][T13666] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2049'. [ 457.849455][ T35] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.186681][T13705] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2060'. [ 459.375155][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 459.403046][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 459.437346][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 459.454866][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 459.472464][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 459.481784][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 459.682698][ T35] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.917602][ T35] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.944756][T13713] chnl_net:caif_netlink_parms(): no params data found [ 460.104279][ T35] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 460.287044][T13713] bridge0: port 1(bridge_slave_0) entered blocking state [ 460.295062][T13713] bridge0: port 1(bridge_slave_0) entered disabled state [ 460.305203][T13713] bridge_slave_0: entered allmulticast mode [ 460.312706][T13713] bridge_slave_0: entered promiscuous mode [ 460.321582][T13713] bridge0: port 2(bridge_slave_1) entered blocking state [ 460.328697][T13713] bridge0: port 2(bridge_slave_1) entered disabled state [ 460.336248][T13713] bridge_slave_1: entered allmulticast mode [ 460.343571][T13713] bridge_slave_1: entered promiscuous mode [ 460.426252][T13713] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 460.553270][T13713] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 460.586683][ T35] bridge_slave_1: left allmulticast mode [ 460.595829][ T35] bridge_slave_1: left promiscuous mode [ 460.605248][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 460.640548][ T35] bridge_slave_0: left allmulticast mode [ 460.653596][ T35] bridge_slave_0: left promiscuous mode [ 460.664964][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 460.766878][T13756] netlink: 'syz.2.2072': attribute type 1 has an invalid length. [ 460.859612][T13759] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2071'. [ 460.949638][T13762] netlink: 'syz.2.2072': attribute type 13 has an invalid length. [ 461.223175][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 461.240616][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 461.252311][ T35] bond0 (unregistering): Released all slaves [ 461.316816][T13713] team0: Port device team_slave_0 added [ 461.325752][T13713] team0: Port device team_slave_1 added [ 461.385281][T13713] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 461.401392][T13713] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 461.450864][T13713] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 461.653553][ T54] Bluetooth: hci1: command tx timeout [ 461.749081][T13773] Cannot find del_set index 2 as target [ 461.993882][T13713] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 462.009244][T13713] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 462.068189][T13713] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 462.092445][T13771] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2073'. [ 462.330429][T13713] hsr_slave_0: entered promiscuous mode [ 462.401406][T13713] hsr_slave_1: entered promiscuous mode [ 462.440911][T13713] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 462.454206][T13713] Cannot create hsr debugfs directory [ 462.651735][ T35] hsr_slave_0: left promiscuous mode [ 462.701089][ T35] hsr_slave_1: left promiscuous mode [ 462.751251][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 462.759012][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 462.771892][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 462.780486][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 462.810532][ T35] veth1_macvtap: left promiscuous mode [ 462.816645][ T35] veth0_macvtap: left promiscuous mode [ 462.822526][ T35] veth1_vlan: left promiscuous mode [ 462.828117][ T35] veth0_vlan: left promiscuous mode [ 463.646609][ T35] team0 (unregistering): Port device team_slave_1 removed [ 463.734295][ T54] Bluetooth: hci1: command tx timeout [ 463.744001][T13803] FAULT_INJECTION: forcing a failure. [ 463.744001][T13803] name failslab, interval 1, probability 0, space 0, times 0 [ 463.759368][T13803] CPU: 0 UID: 0 PID: 13803 Comm: syz.4.2083 Not tainted 6.13.0-rc3-syzkaller-00765-gbb70b0d48d8e #0 [ 463.770355][T13803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 463.780518][T13803] Call Trace: [ 463.783812][T13803] [ 463.786764][T13803] dump_stack_lvl+0x241/0x360 [ 463.791477][T13803] ? __pfx_dump_stack_lvl+0x10/0x10 [ 463.796704][T13803] ? __pfx__printk+0x10/0x10 [ 463.801332][T13803] should_fail_ex+0x3b0/0x4e0 [ 463.806029][T13803] should_failslab+0xac/0x100 [ 463.810752][T13803] ? skb_clone+0x20c/0x390 [ 463.815180][T13803] kmem_cache_alloc_noprof+0x70/0x380 [ 463.820579][T13803] skb_clone+0x20c/0x390 [ 463.824848][T13803] __netlink_deliver_tap+0x3cc/0x7f0 [ 463.830250][T13803] ? netlink_deliver_tap+0x2e/0x1b0 [ 463.835462][T13803] netlink_deliver_tap+0x19d/0x1b0 [ 463.840589][T13803] netlink_unicast+0x7c4/0x990 [ 463.845382][T13803] ? __pfx_netlink_unicast+0x10/0x10 [ 463.850677][T13803] ? __virt_addr_valid+0x45f/0x530 [ 463.855809][T13803] ? __phys_addr_symbol+0x2f/0x70 [ 463.860886][T13803] ? __check_object_size+0x47a/0x730 [ 463.866197][T13803] netlink_sendmsg+0x8e4/0xcb0 [ 463.870996][T13803] ? __pfx_netlink_sendmsg+0x10/0x10 [ 463.876312][T13803] ? aa_sock_msg_perm+0x91/0x160 [ 463.881274][T13803] ? __pfx_netlink_sendmsg+0x10/0x10 [ 463.886583][T13803] __sock_sendmsg+0x221/0x270 [ 463.891294][T13803] ____sys_sendmsg+0x52a/0x7e0 [ 463.896086][T13803] ? __pfx_____sys_sendmsg+0x10/0x10 [ 463.901389][T13803] ? __fget_files+0x2a/0x410 [ 463.906004][T13803] ? __fget_files+0x2a/0x410 [ 463.910659][T13803] __sys_sendmsg+0x269/0x350 [ 463.915277][T13803] ? __pfx_lock_release+0x10/0x10 [ 463.920329][T13803] ? __pfx___sys_sendmsg+0x10/0x10 [ 463.925512][T13803] ? __pfx_vfs_write+0x10/0x10 [ 463.930437][T13803] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 463.936792][T13803] ? do_syscall_64+0x100/0x230 [ 463.941586][T13803] ? do_syscall_64+0xb6/0x230 [ 463.946285][T13803] do_syscall_64+0xf3/0x230 [ 463.950810][T13803] ? clear_bhb_loop+0x35/0x90 [ 463.955511][T13803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.961437][T13803] RIP: 0033:0x7f8d47785d29 [ 463.965871][T13803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.985505][T13803] RSP: 002b:00007f8d48593038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 463.993969][T13803] RAX: ffffffffffffffda RBX: 00007f8d47975fa0 RCX: 00007f8d47785d29 [ 464.001983][T13803] RDX: 0000000000000080 RSI: 0000000020000680 RDI: 0000000000000004 [ 464.010167][T13803] RBP: 00007f8d48593090 R08: 0000000000000000 R09: 0000000000000000 [ 464.018256][T13803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 464.026428][T13803] R13: 0000000000000000 R14: 00007f8d47975fa0 R15: 00007fff633ffef8 [ 464.034624][T13803] [ 464.055555][ T35] team0 (unregistering): Port device team_slave_0 removed [ 464.818195][T13817] tap0: tun_chr_ioctl cmd 1074025677 [ 464.837800][T13817] tap0: linktype set to 65534 [ 464.981453][T13824] netlink: 'syz.1.2091': attribute type 4 has an invalid length. [ 465.008929][T13824] netlink: 'syz.1.2091': attribute type 4 has an invalid length. [ 465.109313][T13827] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2092'. [ 465.238519][T13835] (unnamed net_device) (uninitialized): option miimon: invalid value (18446744073357230079) [ 465.249089][T13835] (unnamed net_device) (uninitialized): option miimon: allowed values 0 - 2147483647 [ 465.318859][T13713] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 465.347305][T13713] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 465.368614][T13839] xt_CT: You must specify a L4 protocol and not use inversions on it [ 465.389888][T13841] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2094'. [ 465.402423][T13713] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 465.420407][T13841] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2094'. [ 465.435388][T13713] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 465.441059][T13841] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2094'. [ 465.675553][T13846] netlink: 'syz.1.2096': attribute type 21 has an invalid length. [ 465.691028][T13847] netlink: 'syz.1.2096': attribute type 21 has an invalid length. [ 465.707408][T13713] 8021q: adding VLAN 0 to HW filter on device bond0 [ 465.754033][T13713] 8021q: adding VLAN 0 to HW filter on device team0 [ 465.788572][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 465.795798][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 465.825771][ T54] Bluetooth: hci1: command tx timeout [ 465.852895][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 465.860037][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 466.367673][T13713] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 466.501166][T13713] veth0_vlan: entered promiscuous mode [ 466.524250][T13881] sch_tbf: burst 3631 is lower than device lo mtu (1075109906) ! [ 466.564371][T13713] veth1_vlan: entered promiscuous mode [ 466.638360][T13713] veth0_macvtap: entered promiscuous mode [ 466.662658][T13713] veth1_macvtap: entered promiscuous mode [ 466.704285][T13713] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 466.746889][T13713] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 466.773861][T13713] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.796476][T13713] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.825852][T13713] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 466.848625][T13713] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 467.215734][ T2982] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 467.236286][ T2982] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 467.268479][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 467.279177][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 467.375361][T13905] netlink: 'syz.4.2117': attribute type 1 has an invalid length. [ 467.457618][T13905] bond2: (slave gretap1): making interface the new active one [ 467.487083][T13905] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 468.936336][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 469.794498][T13963] FAULT_INJECTION: forcing a failure. [ 469.794498][T13963] name failslab, interval 1, probability 0, space 0, times 0 [ 469.829501][T13963] CPU: 0 UID: 0 PID: 13963 Comm: syz.0.2135 Not tainted 6.13.0-rc3-syzkaller-00765-gbb70b0d48d8e #0 [ 469.840352][T13963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 469.850443][T13963] Call Trace: [ 469.853751][T13963] [ 469.856711][T13963] dump_stack_lvl+0x241/0x360 [ 469.861425][T13963] ? __pfx_dump_stack_lvl+0x10/0x10 [ 469.866660][T13963] ? __pfx__printk+0x10/0x10 [ 469.871293][T13963] should_fail_ex+0x3b0/0x4e0 [ 469.876039][T13963] should_failslab+0xac/0x100 [ 469.880740][T13963] ? skb_clone+0x20c/0x390 [ 469.885173][T13963] kmem_cache_alloc_noprof+0x70/0x380 [ 469.890582][T13963] skb_clone+0x20c/0x390 [ 469.894892][T13963] __netlink_deliver_tap+0x3cc/0x7f0 [ 469.900222][T13963] ? netlink_deliver_tap+0x2e/0x1b0 [ 469.905458][T13963] netlink_deliver_tap+0x19d/0x1b0 [ 469.910596][T13963] netlink_unicast+0x7c4/0x990 [ 469.915406][T13963] ? __pfx_netlink_unicast+0x10/0x10 [ 469.920721][T13963] ? __virt_addr_valid+0x45f/0x530 [ 469.925864][T13963] ? __phys_addr_symbol+0x2f/0x70 [ 469.930918][T13963] ? __check_object_size+0x47a/0x730 [ 469.936246][T13963] netlink_sendmsg+0x8e4/0xcb0 [ 469.941226][T13963] ? __pfx_netlink_sendmsg+0x10/0x10 [ 469.946552][T13963] ? aa_sock_msg_perm+0x91/0x160 [ 469.951522][T13963] ? __pfx_netlink_sendmsg+0x10/0x10 [ 469.956832][T13963] __sock_sendmsg+0x221/0x270 [ 469.961555][T13963] ____sys_sendmsg+0x52a/0x7e0 [ 469.966397][T13963] ? __pfx_____sys_sendmsg+0x10/0x10 [ 469.971817][T13963] ? __fget_files+0x2a/0x410 [ 469.976451][T13963] ? __fget_files+0x2a/0x410 [ 469.981084][T13963] __sys_sendmsg+0x269/0x350 [ 469.985734][T13963] ? __pfx_lock_release+0x10/0x10 [ 469.987805][T13967] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2138'. [ 469.990782][T13963] ? __pfx___sys_sendmsg+0x10/0x10 [ 469.990822][T13963] ? __pfx_vfs_write+0x10/0x10 [ 469.990863][T13963] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 469.990887][T13963] ? do_syscall_64+0x100/0x230 [ 470.020878][T13963] ? do_syscall_64+0xb6/0x230 [ 470.025635][T13963] do_syscall_64+0xf3/0x230 [ 470.030180][T13963] ? clear_bhb_loop+0x35/0x90 [ 470.034950][T13963] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 470.040883][T13963] RIP: 0033:0x7fb4ecf85d29 [ 470.045327][T13963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 470.064971][T13963] RSP: 002b:00007fb4ede78038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 470.073443][T13963] RAX: ffffffffffffffda RBX: 00007fb4ed175fa0 RCX: 00007fb4ecf85d29 [ 470.081464][T13963] RDX: 0000000000000080 RSI: 0000000020000680 RDI: 0000000000000003 [ 470.089466][T13963] RBP: 00007fb4ede78090 R08: 0000000000000000 R09: 0000000000000000 [ 470.097474][T13963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 470.105474][T13963] R13: 0000000000000000 R14: 00007fb4ed175fa0 R15: 00007fff74ba1bb8 [ 470.113496][T13963] [ 470.130141][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 470.133344][T13965] netlink: 160 bytes leftover after parsing attributes in process `syz.2.2137'. [ 470.153974][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 470.158964][T13965] netlink: 'syz.2.2137': attribute type 1 has an invalid length. [ 470.169464][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 470.231384][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 470.245164][ T5837] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 470.253704][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 470.255180][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.438621][T13971] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2136'. [ 470.490379][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.636548][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.688582][T13990] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2144'. [ 470.929875][T14002] netlink: 'syz.0.2149': attribute type 5 has an invalid length. [ 470.989198][T14002] ip6erspan0: entered promiscuous mode [ 471.018678][ T11] bridge_slave_1: left allmulticast mode [ 471.025121][ T11] bridge_slave_1: left promiscuous mode [ 471.031319][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 471.049533][T14009] netlink: 'syz.0.2149': attribute type 1 has an invalid length. [ 471.071531][ T11] bridge_slave_0: left allmulticast mode [ 471.077367][ T11] bridge_slave_0: left promiscuous mode [ 471.084161][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 471.208549][T14016] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2152'. [ 471.744537][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 471.755430][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 471.766387][ T11] bond0 (unregistering): Released all slaves [ 471.819326][T13968] chnl_net:caif_netlink_parms(): no params data found [ 472.172503][T13968] bridge0: port 1(bridge_slave_0) entered blocking state [ 472.179879][T13968] bridge0: port 1(bridge_slave_0) entered disabled state [ 472.188445][T13968] bridge_slave_0: entered allmulticast mode [ 472.195956][T13968] bridge_slave_0: entered promiscuous mode [ 472.232902][T13968] bridge0: port 2(bridge_slave_1) entered blocking state [ 472.250492][T13968] bridge0: port 2(bridge_slave_1) entered disabled state [ 472.281033][T13968] bridge_slave_1: entered allmulticast mode [ 472.288149][T13968] bridge_slave_1: entered promiscuous mode [ 472.295416][ T54] Bluetooth: hci1: command tx timeout [ 472.447795][ T11] hsr_slave_0: left promiscuous mode [ 472.458164][ T11] hsr_slave_1: left promiscuous mode [ 472.467400][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 472.476546][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 472.492855][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 472.500415][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 472.523592][ T11] veth1_macvtap: left promiscuous mode [ 472.529165][ T11] veth0_macvtap: left promiscuous mode [ 472.535326][ T11] veth1_vlan: left promiscuous mode [ 472.540659][ T11] veth0_vlan: left promiscuous mode [ 472.814008][T14063] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2162'. [ 472.950465][T14071] netlink: 1275 bytes leftover after parsing attributes in process `syz.2.2164'. [ 472.963094][T14071] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 473.249451][ T11] team0 (unregistering): Port device team_slave_1 removed [ 473.305877][ T11] team0 (unregistering): Port device team_slave_0 removed [ 473.864842][T14065] syz.4.2162: vmalloc error: size 33554432, failed to allocated page array size 65536, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 473.901103][T14065] CPU: 1 UID: 0 PID: 14065 Comm: syz.4.2162 Not tainted 6.13.0-rc3-syzkaller-00765-gbb70b0d48d8e #0 [ 473.911946][T14065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 473.922051][T14065] Call Trace: [ 473.925328][T14065] [ 473.928259][T14065] dump_stack_lvl+0x241/0x360 [ 473.932968][T14065] ? __pfx_dump_stack_lvl+0x10/0x10 [ 473.938172][T14065] ? __pfx__printk+0x10/0x10 [ 473.942787][T14065] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 473.949417][T14065] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 473.955962][T14065] warn_alloc+0x278/0x410 [ 473.960330][T14065] ? __pfx_warn_alloc+0x10/0x10 [ 473.965214][T14065] ? xp_create_and_assign_umem+0x17b/0xc50 [ 473.971492][T14065] ? __get_vm_area_node+0x1c8/0x2d0 [ 473.976700][T14065] ? __get_vm_area_node+0x25c/0x2d0 [ 473.981906][T14065] __vmalloc_node_range_noprof+0x62f/0x1380 [ 473.987797][T14065] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 473.993534][T14065] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 473.999895][T14065] ? rcu_is_watching+0x15/0xb0 [ 474.004688][T14065] ? trace_kmalloc+0x1f/0xd0 [ 474.009306][T14065] ? __kmalloc_node_noprof+0x2ad/0x4d0 [ 474.014780][T14065] ? __kvmalloc_node_noprof+0x72/0x190 [ 474.020253][T14065] __kvmalloc_node_noprof+0x142/0x190 [ 474.025635][T14065] ? xp_create_and_assign_umem+0x17b/0xc50 [ 474.031475][T14065] xp_create_and_assign_umem+0x17b/0xc50 [ 474.037209][T14065] ? dev_get_by_index+0x23/0x2d0 [ 474.042149][T14065] xsk_bind+0x386/0xdc0 [ 474.046324][T14065] __sys_bind+0x1e4/0x290 [ 474.050658][T14065] ? __pfx___sys_bind+0x10/0x10 [ 474.055516][T14065] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 474.061863][T14065] ? exc_page_fault+0x590/0x8b0 [ 474.066732][T14065] __x64_sys_bind+0x7a/0x90 [ 474.071247][T14065] do_syscall_64+0xf3/0x230 [ 474.075759][T14065] ? clear_bhb_loop+0x35/0x90 [ 474.080442][T14065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.086336][T14065] RIP: 0033:0x7f8d47785d29 [ 474.090763][T14065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 474.110475][T14065] RSP: 002b:00007f8d48530038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 474.119024][T14065] RAX: ffffffffffffffda RBX: 00007f8d47976240 RCX: 00007f8d47785d29 [ 474.127651][T14065] RDX: 0000000000000010 RSI: 0000000020000100 RDI: 0000000000000003 [ 474.135717][T14065] RBP: 00007f8d47801b08 R08: 0000000000000000 R09: 0000000000000000 [ 474.143735][T14065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 474.152690][T14065] R13: 0000000000000001 R14: 00007f8d47976240 R15: 00007fff633ffef8 [ 474.160698][T14065] [ 474.180903][T14065] Mem-Info: [ 474.184122][T14065] active_anon:9566 inactive_anon:0 isolated_anon:0 [ 474.184122][T14065] active_file:1761 inactive_file:38425 isolated_file:0 [ 474.184122][T14065] unevictable:768 dirty:168 writeback:0 [ 474.184122][T14065] slab_reclaimable:10238 slab_unreclaimable:102657 [ 474.184122][T14065] mapped:30137 shmem:1413 pagetables:809 [ 474.184122][T14065] sec_pagetables:0 bounce:0 [ 474.184122][T14065] kernel_misc_reclaimable:0 [ 474.184122][T14065] free:1320865 free_pcp:3103 free_cma:0 [ 474.241329][T14065] Node 0 active_anon:38364kB inactive_anon:0kB active_file:7044kB inactive_file:153624kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120548kB dirty:668kB writeback:0kB shmem:4116kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11368kB pagetables:3236kB sec_pagetables:0kB all_unreclaimable? no [ 474.274541][T14065] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 474.307122][T14065] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 474.337439][T14065] lowmem_reserve[]: 0 2465 2466 0 0 [ 474.343165][T14065] Node 0 DMA32 free:1363808kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:38936kB inactive_anon:0kB active_file:7044kB inactive_file:152800kB unevictable:1536kB writepending:684kB present:3129332kB managed:2552760kB mlocked:0kB bounce:0kB free_pcp:11376kB local_pcp:64kB free_cma:0kB [ 474.376174][ T54] Bluetooth: hci1: command tx timeout [ 474.381818][T14065] lowmem_reserve[]: 0 0 0 0 0 [ 474.386794][T14065] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048580kB managed:876kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 474.414672][T14065] lowmem_reserve[]: 0 0 0 0 0 [ 474.419442][T14065] Node 1 Normal free:3904604kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 474.449212][T14065] lowmem_reserve[]: 0 0 0 0 0 [ 474.454542][T14065] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 474.467957][T14065] Node 0 DMA32: 83*4kB (UME) 11*8kB (UME) 12*16kB (UE) 12*32kB (UE) 199*64kB (UME) 164*128kB (UME) 157*256kB (UME) 151*512kB (UME) 103*1024kB (UM) 10*2048kB (UME) 265*4096kB (UM) = 1363620kB [ 474.487790][T14065] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 474.499965][T14065] Node 1 Normal: 211*4kB (UME) 52*8kB (UME) 39*16kB (UME) 212*32kB (UME) 98*64kB (UME) 30*128kB (UME) 13*256kB (UM) 13*512kB (UME) 5*1024kB (UME) 4*2048kB (UE) 943*4096kB (M) = 3904604kB [ 474.519901][T14065] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 474.530402][T14065] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 474.540586][T14065] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 474.550868][T14065] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 474.560195][T14065] 41601 total pagecache pages [ 474.565642][T14065] 0 pages in swap cache [ 474.569843][T14065] Free swap = 124996kB [ 474.574566][T14065] Total swap = 124996kB [ 474.578989][T14065] 2097051 pages RAM [ 474.583289][T14065] 0 pages HighMem/MovableOnly [ 474.587991][T14065] 427011 pages reserved [ 474.592756][T14065] 0 pages cma reserved [ 474.729821][T13968] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 474.778545][T13968] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 474.795222][T14086] FAULT_INJECTION: forcing a failure. [ 474.795222][T14086] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 474.832007][T14086] CPU: 1 UID: 0 PID: 14086 Comm: syz.1.2167 Not tainted 6.13.0-rc3-syzkaller-00765-gbb70b0d48d8e #0 [ 474.842926][T14086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 474.853012][T14086] Call Trace: [ 474.856318][T14086] [ 474.859269][T14086] dump_stack_lvl+0x241/0x360 [ 474.863981][T14086] ? __pfx_dump_stack_lvl+0x10/0x10 [ 474.869216][T14086] ? __pfx__printk+0x10/0x10 [ 474.873843][T14086] ? __pfx_lock_release+0x10/0x10 [ 474.878916][T14086] should_fail_ex+0x3b0/0x4e0 [ 474.883634][T14086] _copy_from_user+0x2f/0xc0 [ 474.888274][T14086] copy_msghdr_from_user+0xae/0x680 [ 474.893523][T14086] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 474.899378][T14086] ? __fget_files+0x2a/0x410 [ 474.904096][T14086] ? __fget_files+0x2a/0x410 [ 474.908727][T14086] __sys_sendmsg+0x209/0x350 [ 474.913335][T14086] ? __pfx_lock_release+0x10/0x10 [ 474.918462][T14086] ? __pfx___sys_sendmsg+0x10/0x10 [ 474.924017][T14086] ? __pfx_vfs_write+0x10/0x10 [ 474.928843][T14086] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 474.935167][T14086] ? do_syscall_64+0x100/0x230 [ 474.939929][T14086] ? do_syscall_64+0xb6/0x230 [ 474.944605][T14086] do_syscall_64+0xf3/0x230 [ 474.949108][T14086] ? clear_bhb_loop+0x35/0x90 [ 474.953963][T14086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.959855][T14086] RIP: 0033:0x7f0c27d85d29 [ 474.964265][T14086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 474.983955][T14086] RSP: 002b:00007f0c28ba1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 474.992367][T14086] RAX: ffffffffffffffda RBX: 00007f0c27f75fa0 RCX: 00007f0c27d85d29 [ 475.000332][T14086] RDX: 0000000004004048 RSI: 00000000200007c0 RDI: 0000000000000003 [ 475.008299][T14086] RBP: 00007f0c28ba1090 R08: 0000000000000000 R09: 0000000000000000 [ 475.016266][T14086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 475.024234][T14086] R13: 0000000000000000 R14: 00007f0c27f75fa0 R15: 00007fff6fde7258 [ 475.032213][T14086] [ 475.085149][T14088] xt_CT: You must specify a L4 protocol and not use inversions on it [ 475.159389][T13968] team0: Port device team_slave_0 added [ 475.186108][T13968] team0: Port device team_slave_1 added [ 475.265812][T14092] FAULT_INJECTION: forcing a failure. [ 475.265812][T14092] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 475.290905][T14092] CPU: 0 UID: 0 PID: 14092 Comm: syz.1.2170 Not tainted 6.13.0-rc3-syzkaller-00765-gbb70b0d48d8e #0 [ 475.301735][T14092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 475.311952][T14092] Call Trace: [ 475.315245][T14092] [ 475.318174][T14092] dump_stack_lvl+0x241/0x360 [ 475.322857][T14092] ? __pfx_dump_stack_lvl+0x10/0x10 [ 475.328071][T14092] ? __pfx__printk+0x10/0x10 [ 475.332684][T14092] ? __pfx_lock_release+0x10/0x10 [ 475.337753][T14092] should_fail_ex+0x3b0/0x4e0 [ 475.342513][T14092] _copy_from_iter+0x1e9/0x1c20 [ 475.347375][T14092] ? __virt_addr_valid+0x183/0x530 [ 475.352489][T14092] ? skb_set_owner_w+0x246/0x380 [ 475.357429][T14092] ? __pfx__copy_from_iter+0x10/0x10 [ 475.362714][T14092] ? __virt_addr_valid+0x183/0x530 [ 475.367828][T14092] ? __virt_addr_valid+0x183/0x530 [ 475.372939][T14092] ? __virt_addr_valid+0x45f/0x530 [ 475.378048][T14092] ? __phys_addr_symbol+0x2f/0x70 [ 475.383067][T14092] ? __check_object_size+0x47a/0x730 [ 475.388352][T14092] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 475.394076][T14092] skb_copy_datagram_from_iter+0xf2/0x6a0 [ 475.399799][T14092] ? skb_put+0x114/0x1f0 [ 475.404041][T14092] packet_sendmsg+0x4467/0x6c30 [ 475.408905][T14092] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 475.414320][T14092] ? __pfx___might_resched+0x10/0x10 [ 475.419696][T14092] ? __pfx_packet_sendmsg+0x10/0x10 [ 475.424894][T14092] ? aa_sk_perm+0x96d/0xab0 [ 475.429402][T14092] ? __pfx_aa_sk_perm+0x10/0x10 [ 475.434296][T14092] ? __import_iovec+0x590/0x870 [ 475.439146][T14092] ? aa_sock_msg_perm+0x91/0x160 [ 475.444085][T14092] ? __pfx_packet_sendmsg+0x10/0x10 [ 475.449278][T14092] __sock_sendmsg+0x221/0x270 [ 475.453960][T14092] ____sys_sendmsg+0x52a/0x7e0 [ 475.458814][T14092] ? __pfx_____sys_sendmsg+0x10/0x10 [ 475.464097][T14092] ? __fget_files+0x2a/0x410 [ 475.468697][T14092] ? __fget_files+0x2a/0x410 [ 475.473291][T14092] __sys_sendmmsg+0x36a/0x720 [ 475.477972][T14092] ? __pfx___sys_sendmmsg+0x10/0x10 [ 475.483178][T14092] ? __pfx_lock_release+0x10/0x10 [ 475.488197][T14092] ? kstrtouint_from_user+0x128/0x190 [ 475.493581][T14092] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 475.499477][T14092] ? ksys_write+0x22a/0x2b0 [ 475.503976][T14092] ? __pfx_lock_release+0x10/0x10 [ 475.509004][T14092] ? vfs_write+0x730/0xd30 [ 475.513417][T14092] ? __mutex_unlock_slowpath+0x21e/0x790 [ 475.519059][T14092] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 475.525040][T14092] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 475.531366][T14092] ? do_syscall_64+0x100/0x230 [ 475.536128][T14092] __x64_sys_sendmmsg+0xa0/0xb0 [ 475.540992][T14092] do_syscall_64+0xf3/0x230 [ 475.545492][T14092] ? clear_bhb_loop+0x35/0x90 [ 475.550166][T14092] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.556056][T14092] RIP: 0033:0x7f0c27d85d29 [ 475.560467][T14092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 475.580075][T14092] RSP: 002b:00007f0c28ba1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 475.588492][T14092] RAX: ffffffffffffffda RBX: 00007f0c27f75fa0 RCX: 00007f0c27d85d29 [ 475.596462][T14092] RDX: 0000000000000001 RSI: 0000000020000440 RDI: 0000000000000003 [ 475.604431][T14092] RBP: 00007f0c28ba1090 R08: 0000000000000000 R09: 0000000000000000 [ 475.612399][T14092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 475.620365][T14092] R13: 0000000000000000 R14: 00007f0c27f75fa0 R15: 00007fff6fde7258 [ 475.628433][T14092] [ 475.818239][T13968] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 475.840838][T13968] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 475.917971][T13968] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 475.987321][T13968] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 476.000783][T13968] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 476.070936][T13968] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 476.148224][T14105] block nbd4: must specify backend [ 476.307702][T13968] hsr_slave_0: entered promiscuous mode [ 476.320109][T13968] hsr_slave_1: entered promiscuous mode [ 476.339109][T13968] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 476.346972][T13968] Cannot create hsr debugfs directory [ 476.452554][ T5837] Bluetooth: hci1: command tx timeout [ 476.640814][T14121] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 476.675474][T14122] veth1_to_bridge: entered promiscuous mode [ 476.695076][T14122] veth1_to_bridge: left promiscuous mode [ 476.949015][T14131] xt_CT: You must specify a L4 protocol and not use inversions on it [ 477.379444][T13968] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 477.404444][T13968] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 477.460508][T13968] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 477.499185][T14145] xt_socket: unknown flags 0x8 [ 477.512808][T13968] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 477.550498][T14145] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2189'. [ 477.726759][T13968] 8021q: adding VLAN 0 to HW filter on device bond0 [ 477.810546][T14157] veth1_to_bond: entered allmulticast mode [ 477.837909][T13968] 8021q: adding VLAN 0 to HW filter on device team0 [ 477.936068][T11031] bridge0: port 1(bridge_slave_0) entered blocking state [ 477.943437][T11031] bridge0: port 1(bridge_slave_0) entered forwarding state [ 477.976437][T11031] bridge0: port 2(bridge_slave_1) entered blocking state [ 477.983979][T11031] bridge0: port 2(bridge_slave_1) entered forwarding state [ 478.291835][T14167] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2194'. [ 478.572899][ T5837] Bluetooth: hci1: command tx timeout [ 478.644255][T14173] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2195'. [ 478.729991][T13968] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 478.814512][T13968] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 479.112328][T13968] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 479.366512][T13968] veth0_vlan: entered promiscuous mode [ 479.433779][T13968] veth1_vlan: entered promiscuous mode [ 479.569524][T13968] veth0_macvtap: entered promiscuous mode [ 479.594089][T13968] veth1_macvtap: entered promiscuous mode [ 479.603534][T14203] xt_CT: You must specify a L4 protocol and not use inversions on it [ 479.612935][T13968] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 479.623574][T13968] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 479.633387][T13968] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 479.642229][T13968] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 479.651102][T13968] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 479.660642][T13968] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 479.951339][ T2888] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 479.999574][ T2888] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 480.049765][ T684] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 480.069179][ T684] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 481.166181][ T684] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 481.733581][ T684] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.244967][ T684] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.426846][T14240] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2211'. [ 482.464228][ T684] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.811694][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 482.826651][ T684] bridge_slave_1: left allmulticast mode [ 482.844851][ T684] bridge_slave_1: left promiscuous mode [ 482.981082][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 482.990125][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 482.999942][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 483.007931][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 483.017317][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 483.087774][ T684] bridge0: port 2(bridge_slave_1) entered disabled state [ 483.099636][ T684] bridge_slave_0: left allmulticast mode [ 483.106922][ T684] bridge_slave_0: left promiscuous mode [ 483.117564][ T684] bridge0: port 1(bridge_slave_0) entered disabled state [ 483.627465][T14259] ax25_connect(): syz.0.2215 uses autobind, please contact jreuter@yaina.de [ 485.182432][T14263] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2215'. [ 485.254898][ T5837] Bluetooth: hci1: command tx timeout [ 485.287284][T14266] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2217'. [ 485.786894][ T684] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 485.800004][ T684] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 485.839822][ T684] bond0 (unregistering): Released all slaves [ 486.150571][T14248] chnl_net:caif_netlink_parms(): no params data found [ 486.536307][T14248] bridge0: port 1(bridge_slave_0) entered blocking state [ 486.549800][T14248] bridge0: port 1(bridge_slave_0) entered disabled state [ 486.575756][T14248] bridge_slave_0: entered allmulticast mode [ 486.605947][T14248] bridge_slave_0: entered promiscuous mode [ 486.657728][T14248] bridge0: port 2(bridge_slave_1) entered blocking state [ 486.668584][T14248] bridge0: port 2(bridge_slave_1) entered disabled state [ 486.685902][T14248] bridge_slave_1: entered allmulticast mode [ 486.713738][T14248] bridge_slave_1: entered promiscuous mode [ 486.827200][T14297] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2224'. [ 486.938953][ T684] hsr_slave_0: left promiscuous mode [ 486.958127][ T684] hsr_slave_1: left promiscuous mode [ 486.972326][ T684] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 486.990038][ T684] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 487.009915][ T684] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 487.042891][ T684] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 487.089145][ T684] veth1_macvtap: left promiscuous mode [ 487.105251][ T684] veth0_macvtap: left promiscuous mode [ 487.118953][ T684] veth1_vlan: left promiscuous mode [ 487.132687][ T684] veth0_vlan: left promiscuous mode [ 487.331040][ T5837] Bluetooth: hci1: command tx timeout [ 488.314332][ T684] team0 (unregistering): Port device team_slave_1 removed [ 488.424198][ T684] team0 (unregistering): Port device team_slave_0 removed [ 489.206212][T14248] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 489.223064][T14311] batadv_slave_1: entered promiscuous mode [ 489.230665][T14248] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 489.274138][T14322] batadv_slave_1: left promiscuous mode [ 489.306116][T14326] hsr0: entered promiscuous mode [ 489.410993][ T5837] Bluetooth: hci1: command 0x040f tx timeout [ 489.471415][T14248] team0: Port device team_slave_0 added [ 489.479741][T14248] team0: Port device team_slave_1 added [ 489.604963][T14248] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 489.633098][T14248] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 489.712142][T14248] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 489.756104][T14248] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 489.772368][T14248] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 489.825563][T14248] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 489.919800][T14248] hsr_slave_0: entered promiscuous mode [ 489.935129][T14248] hsr_slave_1: entered promiscuous mode [ 489.945294][T14248] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 489.963173][T14248] Cannot create hsr debugfs directory [ 490.718774][T14248] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 490.795561][T14248] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 490.817442][T14248] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 490.864863][T14248] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 490.985218][T14342] FAULT_INJECTION: forcing a failure. [ 490.985218][T14342] name failslab, interval 1, probability 0, space 0, times 0 [ 491.013617][T14342] CPU: 1 UID: 0 PID: 14342 Comm: syz.0.2233 Not tainted 6.13.0-rc3-syzkaller-00765-gbb70b0d48d8e #0 [ 491.024463][T14342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 491.034543][T14342] Call Trace: [ 491.037838][T14342] [ 491.040779][T14342] dump_stack_lvl+0x241/0x360 [ 491.045485][T14342] ? __pfx_dump_stack_lvl+0x10/0x10 [ 491.050702][T14342] ? __pfx__printk+0x10/0x10 [ 491.055313][T14342] ? __kmalloc_cache_node_noprof+0x47/0x3a0 [ 491.061245][T14342] ? __pfx___might_resched+0x10/0x10 [ 491.066552][T14342] should_fail_ex+0x3b0/0x4e0 [ 491.071253][T14342] should_failslab+0xac/0x100 [ 491.075959][T14342] ? __get_vm_area_node+0x132/0x2d0 [ 491.081180][T14342] __kmalloc_cache_node_noprof+0x6f/0x3a0 [ 491.086927][T14342] ? register_lock_class+0x102/0x980 [ 491.092236][T14342] __get_vm_area_node+0x132/0x2d0 [ 491.097294][T14342] __vmalloc_node_range_noprof+0x344/0x1380 [ 491.103211][T14342] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 491.108771][T14342] ? mark_lock+0x9a/0x360 [ 491.113143][T14342] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 491.119494][T14342] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 491.125501][T14342] ? tun_attach_filter+0x14c/0x270 [ 491.130644][T14342] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 491.136203][T14342] __vmalloc_noprof+0x79/0x90 [ 491.140892][T14342] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 491.146468][T14342] bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 491.151868][T14342] ? bpf_prog_alloc+0x28/0x1b0 [ 491.156655][T14342] bpf_prog_alloc+0x3a/0x1b0 [ 491.161263][T14342] __get_filter+0xf8/0x400 [ 491.165709][T14342] sk_attach_filter+0x22/0x140 [ 491.170501][T14342] tun_attach_filter+0x168/0x270 [ 491.175483][T14342] __tun_chr_ioctl+0x1a60/0x2400 [ 491.180463][T14342] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 491.185800][T14342] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 491.190939][T14342] __se_sys_ioctl+0xf5/0x170 [ 491.195549][T14342] do_syscall_64+0xf3/0x230 [ 491.200070][T14342] ? clear_bhb_loop+0x35/0x90 [ 491.204768][T14342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.210677][T14342] RIP: 0033:0x7fb4ecf85d29 [ 491.215101][T14342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 491.234822][T14342] RSP: 002b:00007fb4ede78038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 491.243275][T14342] RAX: ffffffffffffffda RBX: 00007fb4ed175fa0 RCX: 00007fb4ecf85d29 [ 491.251277][T14342] RDX: 00000000200000c0 RSI: 00000000401054d5 RDI: 0000000000000003 [ 491.251601][T14338] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2232'. [ 491.259255][T14342] RBP: 00007fb4ede78090 R08: 0000000000000000 R09: 0000000000000000 [ 491.276316][T14342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 491.284393][T14342] R13: 0000000000000000 R14: 00007fb4ed175fa0 R15: 00007fff74ba1bb8 [ 491.292415][T14342] [ 491.306725][T14342] warn_alloc: 1 callbacks suppressed [ 491.306746][T14342] syz.0.2233: vmalloc error: size 4096, vm_struct allocation failed, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null) [ 491.313725][T14338] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2232'. [ 491.339251][T14342] ,cpuset=/,mems_allowed=0-1 [ 491.344656][T14342] CPU: 0 UID: 0 PID: 14342 Comm: syz.0.2233 Not tainted 6.13.0-rc3-syzkaller-00765-gbb70b0d48d8e #0 [ 491.355446][T14342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 491.365608][T14342] Call Trace: [ 491.368913][T14342] [ 491.371866][T14342] dump_stack_lvl+0x241/0x360 [ 491.376584][T14342] ? __pfx_dump_stack_lvl+0x10/0x10 [ 491.381820][T14342] ? __pfx__printk+0x10/0x10 [ 491.386449][T14342] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 491.392904][T14342] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 491.399442][T14342] warn_alloc+0x278/0x410 [ 491.403820][T14342] ? __pfx_warn_alloc+0x10/0x10 [ 491.408698][T14342] ? __kasan_kmalloc+0x23/0xb0 [ 491.413505][T14342] ? __kmalloc_cache_node_noprof+0x25d/0x3a0 [ 491.419528][T14342] ? __get_vm_area_node+0x280/0x2d0 [ 491.424759][T14342] __vmalloc_node_range_noprof+0x369/0x1380 [ 491.430677][T14342] ? mark_lock+0x9a/0x360 [ 491.435054][T14342] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 491.441420][T14342] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 491.447420][T14342] ? tun_attach_filter+0x14c/0x270 [ 491.452562][T14342] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 491.458393][T14342] __vmalloc_noprof+0x79/0x90 [ 491.463093][T14342] ? bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 491.468664][T14342] bpf_prog_alloc_no_stats+0x4d/0x4d0 [ 491.474140][T14342] ? bpf_prog_alloc+0x28/0x1b0 [ 491.478926][T14342] bpf_prog_alloc+0x3a/0x1b0 [ 491.483540][T14342] __get_filter+0xf8/0x400 [ 491.487984][T14342] sk_attach_filter+0x22/0x140 [ 491.492765][T14342] tun_attach_filter+0x168/0x270 [ 491.497710][T14342] __tun_chr_ioctl+0x1a60/0x2400 [ 491.502662][T14342] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 491.507976][T14342] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 491.513175][T14342] __se_sys_ioctl+0xf5/0x170 [ 491.517777][T14342] do_syscall_64+0xf3/0x230 [ 491.522282][T14342] ? clear_bhb_loop+0x35/0x90 [ 491.526960][T14342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.532860][T14342] RIP: 0033:0x7fb4ecf85d29 [ 491.537270][T14342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 491.556870][T14342] RSP: 002b:00007fb4ede78038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 491.565281][T14342] RAX: ffffffffffffffda RBX: 00007fb4ed175fa0 RCX: 00007fb4ecf85d29 [ 491.573253][T14342] RDX: 00000000200000c0 RSI: 00000000401054d5 RDI: 0000000000000003 [ 491.581308][T14342] RBP: 00007fb4ede78090 R08: 0000000000000000 R09: 0000000000000000 [ 491.589292][T14342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 491.597289][T14342] R13: 0000000000000000 R14: 00007fb4ed175fa0 R15: 00007fff74ba1bb8 [ 491.605294][T14342] [ 491.622192][T14342] Mem-Info: [ 491.625437][T14342] active_anon:14382 inactive_anon:0 isolated_anon:0 [ 491.625437][T14342] active_file:1778 inactive_file:38435 isolated_file:0 [ 491.625437][T14342] unevictable:768 dirty:223 writeback:0 [ 491.625437][T14342] slab_reclaimable:10205 slab_unreclaimable:103348 [ 491.625437][T14342] mapped:33154 shmem:1419 pagetables:816 [ 491.625437][T14342] sec_pagetables:0 bounce:0 [ 491.625437][T14342] kernel_misc_reclaimable:0 [ 491.625437][T14342] free:1317107 free_pcp:1918 free_cma:0 [ 491.630975][ T54] Bluetooth: hci1: command 0x040f tx timeout [ 491.683147][T14342] Node 0 active_anon:57528kB inactive_anon:0kB active_file:7112kB inactive_file:153664kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:132616kB dirty:888kB writeback:0kB shmem:4140kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11436kB pagetables:3264kB sec_pagetables:0kB all_unreclaimable? no [ 491.770809][T14342] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 491.950874][T14342] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 492.012079][T14342] lowmem_reserve[]: 0 2465 2466 0 0 [ 492.017400][T14342] Node 0 DMA32 free:1344224kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:59884kB inactive_anon:0kB active_file:7112kB inactive_file:152840kB unevictable:1536kB writepending:884kB present:3129332kB managed:2552760kB mlocked:0kB bounce:0kB free_pcp:9024kB local_pcp:7568kB free_cma:0kB [ 492.285623][T14342] lowmem_reserve[]: 0 0 0 0 0 [ 492.294969][T14342] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:4kB present:1048580kB managed:876kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 492.410978][T14342] lowmem_reserve[]: 0 0 0 0 0 [ 492.417110][T14342] Node 1 Normal free:3904604kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 492.466581][T14342] lowmem_reserve[]: 0 0 0 0 0 [ 492.476758][T14342] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 492.510193][T14342] Node 0 DMA32: 231*4kB (UM) 19*8kB (UME) 15*16kB (UME) 15*32kB (UE) 250*64kB (UE) 148*128kB (UME) 135*256kB (UE) 147*512kB (UME) 102*1024kB (UM) 7*2048kB (UME) 263*4096kB (UM) = 1342596kB [ 492.550990][T14342] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 492.580821][T14342] Node 1 Normal: 211*4kB (UME) 52*8kB (UME) 39*16kB (UME) 212*32kB (UME) 98*64kB (UME) 30*128kB (UME) 13*256kB (UM) 13*512kB (UME) 5*1024kB (UME) 4*2048kB (UE) 943*4096kB (M) = 3904604kB [ 492.622048][T14342] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 492.642124][T14342] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 492.662117][T14342] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 492.686096][T14342] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 492.712196][T14342] 41632 total pagecache pages [ 492.716935][T14342] 0 pages in swap cache [ 492.732035][T14342] Free swap = 124996kB [ 492.741112][T14342] Total swap = 124996kB [ 492.745305][T14342] 2097051 pages RAM [ 492.761952][T14342] 0 pages HighMem/MovableOnly [ 492.766690][T14342] 427011 pages reserved [ 492.790861][T14342] 0 pages cma reserved [ 492.795879][T14349] FAULT_INJECTION: forcing a failure. [ 492.795879][T14349] name failslab, interval 1, probability 0, space 0, times 0 [ 492.830966][T14349] CPU: 0 UID: 0 PID: 14349 Comm: syz.2.2234 Not tainted 6.13.0-rc3-syzkaller-00765-gbb70b0d48d8e #0 [ 492.841963][T14349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 492.852050][T14349] Call Trace: [ 492.855353][T14349] [ 492.858335][T14349] dump_stack_lvl+0x241/0x360 [ 492.863261][T14349] ? __pfx_dump_stack_lvl+0x10/0x10 [ 492.868497][T14349] ? __pfx__printk+0x10/0x10 [ 492.873170][T14349] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 492.879192][T14349] ? __pfx___might_resched+0x10/0x10 [ 492.884611][T14349] should_fail_ex+0x3b0/0x4e0 [ 492.889337][T14349] should_failslab+0xac/0x100 [ 492.893521][T14248] 8021q: adding VLAN 0 to HW filter on device bond0 [ 492.894029][T14349] kmem_cache_alloc_node_noprof+0x77/0x380 [ 492.906454][T14349] ? __alloc_skb+0x1c3/0x440 [ 492.911167][T14349] __alloc_skb+0x1c3/0x440 [ 492.915688][T14349] ? __pfx___alloc_skb+0x10/0x10 [ 492.920655][T14349] ? netlink_autobind+0xd6/0x2f0 [ 492.925644][T14349] ? netlink_autobind+0x2b0/0x2f0 [ 492.930707][T14349] netlink_sendmsg+0x638/0xcb0 [ 492.935526][T14349] ? __pfx_netlink_sendmsg+0x10/0x10 [ 492.937011][T14248] 8021q: adding VLAN 0 to HW filter on device team0 [ 492.940825][T14349] ? aa_sock_msg_perm+0x91/0x160 [ 492.940854][T14349] ? __pfx_netlink_sendmsg+0x10/0x10 [ 492.940874][T14349] __sock_sendmsg+0x221/0x270 [ 492.940902][T14349] ____sys_sendmsg+0x52a/0x7e0 [ 492.940931][T14349] ? __pfx_____sys_sendmsg+0x10/0x10 [ 492.940951][T14349] ? __fget_files+0x2a/0x410 [ 492.940975][T14349] ? __fget_files+0x2a/0x410 [ 492.941006][T14349] __sys_sendmsg+0x269/0x350 [ 492.941028][T14349] ? __pfx_lock_release+0x10/0x10 [ 492.941054][T14349] ? __pfx___sys_sendmsg+0x10/0x10 [ 492.941088][T14349] ? __pfx_vfs_write+0x10/0x10 [ 492.941132][T14349] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 492.941155][T14349] ? do_syscall_64+0x100/0x230 [ 492.941179][T14349] ? do_syscall_64+0xb6/0x230 [ 492.983693][T11033] bridge0: port 1(bridge_slave_0) entered blocking state [ 492.986520][T14349] do_syscall_64+0xf3/0x230 [ 492.986550][T14349] ? clear_bhb_loop+0x35/0x90 [ 492.991695][T11033] bridge0: port 1(bridge_slave_0) entered forwarding state [ 492.996669][T14349] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 493.043905][T11033] bridge0: port 2(bridge_slave_1) entered blocking state [ 493.046626][T14349] RIP: 0033:0x7feed9585d29 [ 493.046651][T14349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 493.053795][T11033] bridge0: port 2(bridge_slave_1) entered forwarding state [ 493.058046][T14349] RSP: 002b:00007feeda311038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 493.093927][T14349] RAX: ffffffffffffffda RBX: 00007feed9775fa0 RCX: 00007feed9585d29 [ 493.101932][T14349] RDX: 0000000004004048 RSI: 00000000200007c0 RDI: 0000000000000003 [ 493.109951][T14349] RBP: 00007feeda311090 R08: 0000000000000000 R09: 0000000000000000 [ 493.117955][T14349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 493.126039][T14349] R13: 0000000000000000 R14: 00007feed9775fa0 R15: 00007ffe43d18928 [ 493.128257][T14248] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 493.134028][T14349] [ 493.191120][T14248] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 493.535486][T14248] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 493.558297][T14369] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2241'. [ 493.574795][ T30] INFO: task udevd:8313 blocked for more than 143 seconds. [ 493.587143][T14248] veth0_vlan: entered promiscuous mode [ 493.598006][ T30] Not tainted 6.13.0-rc3-syzkaller-00765-gbb70b0d48d8e #0 [ 493.605944][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 493.615324][ T30] task:udevd state:D stack:20496 pid:8313 tgid:8313 ppid:5205 flags:0x00004002 [ 493.625665][ T30] Call Trace: [ 493.628963][ T30] [ 493.631944][ T30] __schedule+0x1850/0x4c30 [ 493.636581][ T30] ? __pfx___schedule+0x10/0x10 [ 493.641603][ T30] ? __blk_flush_plug+0x449/0x500 [ 493.646671][ T30] ? __pfx_lock_release+0x10/0x10 [ 493.651813][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 493.658187][ T30] ? schedule+0x90/0x320 [ 493.662522][ T30] schedule+0x14b/0x320 [ 493.666716][ T30] schedule_timeout+0x15a/0x290 [ 493.671792][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 493.677472][ T30] ? __pfx_process_timeout+0x10/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 493.682996][ T30] ? prepare_to_wait_event+0x3bd/0x400 [ 493.688508][ T30] nbd_queue_rq+0x7d9/0x2ef0 [ 493.693243][ T30] ? validate_chain+0x11e/0x5920 [ 493.698230][ T30] ? mark_lock+0x9a/0x360 [ 493.702713][ T30] ? __pfx_nbd_queue_rq+0x10/0x10 [ 493.707782][ T30] ? __lock_acquire+0x1397/0x2100 [ 493.712934][ T30] ? __pfx_autoremove_wake_function+0x10/0x10 [ 493.719049][ T30] blk_mq_dispatch_rq_list+0xad3/0x19d0 [ 493.724824][ T30] ? sbitmap_get+0x289/0x3f0 [ 493.729545][ T30] ? __pfx_blk_mq_dispatch_rq_list+0x10/0x10 [ 493.735892][ T30] ? __blk_mq_alloc_driver_tag+0x32d/0x730 [ 493.741872][ T30] __blk_mq_sched_dispatch_requests+0xb8a/0x1840 [ 493.748284][ T30] ? __pfx___blk_mq_sched_dispatch_requests+0x10/0x10 [ 493.755177][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 493.760290][ T30] ? __pfx___might_resched+0x10/0x10 [ 493.765779][ T30] ? sbitmap_any_bit_set+0x155/0x190 [ 493.771142][ T30] ? blk_mq_hw_queue_need_run+0x14d/0x6d0 [ 493.776916][ T30] blk_mq_sched_dispatch_requests+0xd6/0x190 [ 493.783326][ T30] ? blk_mq_run_hw_queue+0x32b/0x500 [ 493.788647][ T30] blk_mq_run_hw_queue+0x354/0x500 [ 493.793869][ T30] blk_mq_flush_plug_list+0x118e/0x1870 [ 493.799443][ T30] ? __pfx_update_io_ticks+0x10/0x10 [ 493.804846][ T30] ? blk_add_rq_to_plug+0x308/0x4b0 [ 493.804889][T14248] veth1_vlan: entered promiscuous mode [ 493.810059][ T30] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 493.816232][ T54] Bluetooth: hci1: command 0x040f tx timeout [ 493.821669][ T30] ? blk_mq_submit_bio+0xf74/0x2390 [ 493.832808][ T30] __blk_flush_plug+0x420/0x500 [ 493.837689][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 493.843771][ T30] ? __pfx___blk_flush_plug+0x10/0x10 [ 493.849188][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 493.855658][ T30] __submit_bio+0x46a/0x560 [ 493.860206][ T30] ? __pfx___submit_bio+0x10/0x10 [ 493.865397][ T30] submit_bio_noacct_nocheck+0x4d3/0xe30 [ 493.871118][ T30] ? bio_associate_blkg_from_css+0x182/0xc70 [ 493.877157][ T30] ? __pfx___might_resched+0x10/0x10 [ 493.882845][ T30] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 493.889061][ T30] block_read_full_folio+0x9b3/0xae0 [ 493.894480][ T30] ? __pfx_blkdev_get_block+0x10/0x10 [ 493.899886][ T30] ? __pfx_block_read_full_folio+0x10/0x10 [ 493.905822][ T30] filemap_read_folio+0x148/0x3b0 [ 493.911019][ T30] ? __pfx_blkdev_read_folio+0x10/0x10 [ 493.916522][ T30] ? __pfx_filemap_read_folio+0x10/0x10 [ 493.922160][ T30] ? __filemap_get_folio+0x848/0x940 [ 493.927486][ T30] do_read_cache_folio+0x373/0x5b0 [ 493.932672][ T30] ? __pfx_blkdev_read_folio+0x10/0x10 [ 493.938187][ T30] read_part_sector+0xb3/0x260 [ 493.943103][ T30] adfspart_check_ICS+0xd9/0x9a0 [ 493.948083][ T30] ? __pfx_vsnprintf+0x10/0x10 [ 493.952989][ T30] ? __pfx_adfspart_check_ICS+0x10/0x10 [ 493.958573][ T30] ? snprintf+0xda/0x120 [ 493.962917][ T30] ? alloc_pages_mpol_noprof+0x417/0x680 [ 493.968587][ T30] ? vsnprintf+0x1cc3/0x1da0 [ 493.973316][ T30] ? vsnprintf+0x184/0x1da0 [ 493.977859][ T30] ? __pfx_snprintf+0x10/0x10 [ 493.982649][ T30] ? __kasan_kmalloc+0x98/0xb0 [ 493.987738][ T30] bdev_disk_changed+0x72c/0x13f0 [ 493.992888][ T30] ? __pfx___might_resched+0x10/0x10 [ 493.998231][ T30] ? __pfx_bdev_disk_changed+0x10/0x10 [ 494.003857][ T30] ? wait_on_inode+0xc1/0x230 [ 494.008582][ T30] ? __pfx_wait_on_inode+0x10/0x10 [ 494.013831][ T30] ? do_raw_spin_unlock+0x13c/0x8b0 [ 494.019068][ T30] blkdev_get_whole+0x2d2/0x450 [ 494.024279][ T30] bdev_open+0x2d4/0xc50 [ 494.028576][ T30] blkdev_open+0x389/0x4f0 [ 494.033097][ T30] ? __pfx_blkdev_open+0x10/0x10 [ 494.038073][ T30] do_dentry_open+0xbe1/0x1b70 [ 494.042941][ T30] vfs_open+0x3e/0x330 [ 494.047048][ T30] path_openat+0x2c84/0x3590 [ 494.051956][ T30] ? __pfx_path_openat+0x10/0x10 [ 494.056956][ T30] do_filp_open+0x27f/0x4e0 [ 494.061624][ T30] ? __pfx_do_filp_open+0x10/0x10 [ 494.063722][T14374] netlink: 'syz.4.2242': attribute type 10 has an invalid length. [ 494.066659][ T30] ? do_raw_spin_lock+0x14f/0x370 [ 494.079654][ T30] do_sys_openat2+0x13e/0x1d0 [ 494.084463][ T30] ? __pfx_do_sys_openat2+0x10/0x10 [ 494.089968][ T30] __x64_sys_openat+0x247/0x2a0 [ 494.094968][ T30] ? __pfx___x64_sys_openat+0x10/0x10 [ 494.100390][ T30] ? do_syscall_64+0x100/0x230 [ 494.105264][ T30] ? do_syscall_64+0xb6/0x230 [ 494.109976][ T30] do_syscall_64+0xf3/0x230 [ 494.114594][ T30] ? clear_bhb_loop+0x35/0x90 [ 494.119315][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.125389][ T30] RIP: 0033:0x7f481ad169a4 [ 494.129843][ T30] RSP: 002b:00007ffd88dfb450 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 494.138336][ T30] RAX: ffffffffffffffda RBX: 00005649d868bec0 RCX: 00007f481ad169a4 [ 494.146366][ T30] RDX: 00000000000a0800 RSI: 00005649d869b780 RDI: 00000000ffffff9c [ 494.154487][ T30] RBP: 00005649d869b780 R08: 0000000000000001 R09: 7fffffffffffffff [ 494.162535][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000a0800 [ 494.170531][ T30] R13: 00005649d86b6d60 R14: 0000000000000001 R15: 00005649d8677910 [ 494.178579][ T30] [ 494.181721][ T30] [ 494.181721][ T30] Showing all locks held in the system: [ 494.189718][ T30] 1 lock held by rcu_exp_gp_kthr/19: [ 494.195206][ T30] #0: ffff8880b873e8d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 494.205294][ T30] 1 lock held by khungtaskd/30: [ 494.210170][ T30] #0: ffffffff8e937ae0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0 [ 494.220249][ T30] 2 locks held by kworker/u8:8/2982: [ 494.225617][ T30] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 494.237362][ T30] #1: ffffc9000c197d00 (connector_reaper_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 494.248581][ T30] 2 locks held by getty/5588: [ 494.253343][ T30] #0: ffff8880352f90a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 494.263655][ T30] #1: ffffc900032fb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x6a6/0x1e00 [ 494.274753][ T30] 1 lock held by syz-executor/5832: [ 494.280059][ T30] #0: ffffffff8e93cff8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x451/0x830 [ 494.292081][ T30] 3 locks held by udevd/8313: [ 494.296762][ T30] #0: ffff8880256694c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xf0/0xc50 [ 494.306269][ T30] #1: ffff888024bc5e10 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x32b/0x500 [ 494.315865][ T30] #2: ffff8880256fe178 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xfe/0x2ef0 [ 494.325290][ T30] 3 locks held by kworker/u8:9/11031: [ 494.330673][ T30] #0: ffff888030d52948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 494.342829][ T30] #1: ffffc9000431fd00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 494.356480][ T30] #2: ffffffff8fcb3988 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0xd0/0x16f0 [ 494.366423][ T30] 3 locks held by kworker/1:0/14141: [ 494.372102][ T30] #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1840 [ 494.383528][ T30] #1: ffffc9000bacfd00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1840 [ 494.394687][ T30] #2: ffffffff8fcb3988 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 494.405419][ T30] 1 lock held by syz.2.2241/14369: [ 494.410545][ T30] #0: ffffffff8e93cff8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x451/0x830 [ 494.422117][ T30] 1 lock held by syz.4.2242/14374: [ 494.427358][ T30] #0: ffffffff8fcb3988 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0xce2/0x2210 [ 494.437173][ T30] [ 494.439543][ T30] ============================================= [ 494.439543][ T30] [ 494.450485][ T30] NMI backtrace for cpu 0 [ 494.454862][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc3-syzkaller-00765-gbb70b0d48d8e #0 [ 494.465396][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 494.475482][ T30] Call Trace: [ 494.478798][ T30] [ 494.481864][ T30] dump_stack_lvl+0x241/0x360 [ 494.486652][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 494.491859][ T30] ? __pfx__printk+0x10/0x10 [ 494.496459][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 494.501422][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 494.506883][ T30] ? _printk+0xd5/0x120 [ 494.511049][ T30] ? __pfx__printk+0x10/0x10 [ 494.515635][ T30] ? __wake_up_klogd+0xcc/0x110 [ 494.520496][ T30] ? __pfx__printk+0x10/0x10 [ 494.525127][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 494.530152][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 494.536133][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 494.542127][ T30] watchdog+0xff6/0x1040 [ 494.546380][ T30] ? watchdog+0x1ea/0x1040 [ 494.550800][ T30] ? __pfx_watchdog+0x10/0x10 [ 494.555470][ T30] kthread+0x2f0/0x390 [ 494.559559][ T30] ? __pfx_watchdog+0x10/0x10 [ 494.564237][ T30] ? __pfx_kthread+0x10/0x10 [ 494.568824][ T30] ret_from_fork+0x4b/0x80 [ 494.573259][ T30] ? __pfx_kthread+0x10/0x10 [ 494.577903][ T30] ret_from_fork_asm+0x1a/0x30 [ 494.582671][ T30] [ 494.586758][ T30] Sending NMI from CPU 0 to CPUs 1: [ 494.592234][ C1] NMI backtrace for cpu 1 [ 494.592248][ C1] CPU: 1 UID: 0 PID: 5832 Comm: syz-executor Not tainted 6.13.0-rc3-syzkaller-00765-gbb70b0d48d8e #0 [ 494.592267][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 494.592277][ C1] RIP: 0010:__reset_page_owner+0x68/0x430 [ 494.592299][ C1] Code: 00 00 00 00 00 fc ff df 48 8b 05 03 8d 97 0c 49 8d 5c 07 08 48 89 d8 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 8d 03 00 00 8b 03 <89> 44 24 20 bf 00 28 00 00 e8 ca 03 00 00 41 89 c6 65 48 8b 04 25 [ 494.592312][ C1] RSP: 0018:ffffc90003eaf7e8 EFLAGS: 00000246 [ 494.592327][ C1] RAX: 00000000060c01f1 RBX: ffff88801e158700 RCX: ffff888033505a00 [ 494.592339][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 494.592356][ C1] RBP: ffffea00019138c0 R08: ffffffff82115b1a R09: 1ffffffff2857910 [ 494.592367][ C1] R10: dffffc0000000000 R11: fffffbfff2857911 R12: ffffea00019138c8 [ 494.592379][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88801e1586f0 [ 494.592391][ C1] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 494.592404][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 494.592415][ C1] CR2: 0000001b30410ff8 CR3: 00000000336de000 CR4: 00000000003526f0 [ 494.592429][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 494.592439][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 494.592449][ C1] Call Trace: [ 494.592454][ C1] [ 494.592461][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 494.592483][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 494.592502][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 494.592522][ C1] ? nmi_handle+0x2a/0x5a0 [ 494.592546][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 494.592561][ C1] ? nmi_handle+0x14f/0x5a0 [ 494.592577][ C1] ? nmi_handle+0x2a/0x5a0 [ 494.592595][ C1] ? __reset_page_owner+0x68/0x430 [ 494.592610][ C1] ? default_do_nmi+0x63/0x160 [ 494.592631][ C1] ? exc_nmi+0x123/0x1f0 [ 494.592650][ C1] ? end_repeat_nmi+0xf/0x53 [ 494.592671][ C1] ? page_ext_get+0x1ba/0x2a0 [ 494.592689][ C1] ? __reset_page_owner+0x68/0x430 [ 494.592705][ C1] ? __reset_page_owner+0x68/0x430 [ 494.592721][ C1] ? __reset_page_owner+0x68/0x430 [ 494.592736][ C1] [ 494.592741][ C1] [ 494.592748][ C1] ? mod_memcg_page_state+0x531/0x800 [ 494.592768][ C1] ? mod_memcg_page_state+0x97/0x800 [ 494.592790][ C1] free_unref_page+0xd3f/0x1010 [ 494.592816][ C1] vfree+0x186/0x2e0 [ 494.592837][ C1] kcov_close+0x28/0x50 [ 494.592852][ C1] ? __pfx_kcov_close+0x10/0x10 [ 494.592867][ C1] __fput+0x23c/0xa50 [ 494.592892][ C1] task_work_run+0x24f/0x310 [ 494.592913][ C1] ? __pfx_task_work_run+0x10/0x10 [ 494.592930][ C1] ? do_exit+0xa2a/0x28e0 [ 494.592948][ C1] ? do_exit+0xa2a/0x28e0 [ 494.592966][ C1] do_exit+0xa2f/0x28e0 [ 494.592986][ C1] ? __pfx_do_exit+0x10/0x10 [ 494.593002][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 494.593018][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 494.593037][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 494.593053][ C1] ? _raw_spin_lock_irq+0xdf/0x120 [ 494.593075][ C1] do_group_exit+0x207/0x2c0 [ 494.593091][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 494.593103][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 494.593117][ C1] get_signal+0x16b2/0x1750 [ 494.593140][ C1] ? __pfx_get_signal+0x10/0x10 [ 494.593162][ C1] arch_do_signal_or_restart+0x96/0x860 [ 494.593184][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 494.593203][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 494.593225][ C1] ? syscall_exit_to_user_mode+0xa3/0x340 [ 494.593243][ C1] syscall_exit_to_user_mode+0xce/0x340 [ 494.593260][ C1] do_syscall_64+0x100/0x230 [ 494.593276][ C1] ? clear_bhb_loop+0x35/0x90 [ 494.593295][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.593311][ C1] RIP: 0033:0x7f0c27d8473c [ 494.593324][ C1] Code: Unable to access opcode bytes at 0x7f0c27d84712. [ 494.593332][ C1] RSP: 002b:00007fff6fde75c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 494.593353][ C1] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00007f0c27d8473c [ 494.593364][ C1] RDX: 0000000000000030 RSI: 00007fff6fde7670 RDI: 00000000000000f9 [ 494.593374][ C1] RBP: 00007fff6fde761c R08: 0000000000000000 R09: 0079746972756365 [ 494.593385][ C1] R10: 00007f0c27f487e0 R11: 0000000000000246 R12: 0000000000000032 [ 494.593395][ C1] R13: 000000000007879b R14: 00007fff6fde7670 R15: 00000000000001d9 [ 494.593413][ C1] [ 494.661081][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 494.661101][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.13.0-rc3-syzkaller-00765-gbb70b0d48d8e #0 [ 494.661123][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 494.661135][ T30] Call Trace: [ 494.661142][ T30] [ 494.661151][ T30] dump_stack_lvl+0x241/0x360 [ 494.661184][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 494.661208][ T30] ? __pfx__printk+0x10/0x10 [ 494.661242][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 494.661271][ T30] ? vscnprintf+0x5d/0x90 [ 494.661298][ T30] panic+0x349/0x880 [ 494.661318][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 494.661343][ T30] ? __pfx_panic+0x10/0x10 [ 494.661361][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 494.661386][ T30] ? __irq_work_queue_local+0x137/0x410 [ 494.661406][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 494.661427][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 494.661450][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 494.661478][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 494.661505][ T30] watchdog+0x1035/0x1040 [ 494.661526][ T30] ? watchdog+0x1ea/0x1040 [ 494.661550][ T30] ? __pfx_watchdog+0x10/0x10 [ 494.661570][ T30] kthread+0x2f0/0x390 [ 494.661596][ T30] ? __pfx_watchdog+0x10/0x10 [ 494.661615][ T30] ? __pfx_kthread+0x10/0x10 [ 494.661637][ T30] ret_from_fork+0x4b/0x80 [ 494.661656][ T30] ? __pfx_kthread+0x10/0x10 [ 494.661676][ T30] ret_from_fork_asm+0x1a/0x30 [ 494.661705][ T30] [ 495.185522][ T30] Kernel Offset: disabled [ 495.190092][ T30] Rebooting in 86400 seconds..