last executing test programs: 25.224878333s ago: executing program 1 (id=191): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000eb998321dd34362393f41c1adf7c3f638a88258d884a119c779f3bb1e49748f297f9ea8e6bbec54b954811790e0dc2989a06e41d390e4a27f020653fad7b541860f5bc59b2704b866bd53223fa5fd3155759b29c8833e06ea293100215218a4cd0fa5d32d396c8ea219c671a617308440bb91928c0bf1a3f76e60e80b21c134d594dea3efffc05d6d5c7094aba348e34a83a294946a9d28dd2b37b049ad42639e1ae6a8d46f662312883c57a9f286d"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000002b0009ef"], 0x14}}, 0x84) (async) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000002b0009ef"], 0x14}}, 0x84) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r0) 25.129196418s ago: executing program 1 (id=192): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x15, 0x8, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x8, 0xf, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES64, @ANYRESDEC=r0], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r3}, 0x10) r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r4}, 0x8) close(r5) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r2, 0x0, 0x0}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r6) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x8, 0xf, &(0x7f0000000c80)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r7, 0x0, 0x0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000071116f0000000000060000000000000095"], 0x0, 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4000000, 0x1010, 0xffffffffffffffff, 0xfe49b000) r8 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r8, 0x10e, 0xc, &(0x7f0000000080)={0x4000, 0x3, 0x0, 0xffdfffff}, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000160001f47efde4be701161000a000000040000800400", @ANYRES32=r8], 0x1c}}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$inet6_tcp(0xa, 0x1, 0x0) r9 = getpid() r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) r11 = socket$inet(0x2, 0x2, 0x0) shutdown(r11, 0x0) recvmmsg(r11, 0x0, 0x0, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r9, r10, 0x0, 0x0, 0x0}, 0x30) 25.008461851s ago: executing program 1 (id=193): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000080000000b"], 0x50) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={&(0x7f0000000300)="825bf9", 0x0, 0x0, 0x0, 0x7, r0}, 0x38) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) setsockopt(0xffffffffffffffff, 0x84, 0x81, &(0x7f0000000280)="1a", 0x1) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1900000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000400"/28], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r2, &(0x7f0000000280), &(0x7f0000000000)=""/3, 0x2}, 0x20) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write$cgroup_subtree(r3, &(0x7f0000000100)={[{0x2d, 'devices'}]}, 0x9) ppoll(&(0x7f0000000140)=[{r3, 0x270}], 0x1, 0x0, 0x0, 0x0) writev(r3, &(0x7f0000004680)=[{&(0x7f00000044c0)="c0", 0x1}], 0x1) bpf$BPF_PROG_TEST_RUN(0x12, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r2, &(0x7f0000000a40)="a2", &(0x7f0000000000)=""/6, 0x2}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000800)={r2, &(0x7f0000000780)}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32=r1, @ANYRES32=r4, @ANYBLOB="020000000200000000000000", @ANYRES32, @ANYBLOB="6f4f695f5e055a8dcf75ec7dad49d4a2394d6246f9f8d1b99073f87873f59d6df291712afb8e1a20ea1f133e8725e54e1370d770c773fd4082ef7d2679dffc31446a7d2aac6b461f5bcb26295bde257ab97c351a8ff9f08103e9cd1fbe0770c6bc86f6a57726e5b54f541a4ab647b8d0c7cb", @ANYRES64=0x0], 0x10) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0xa, &(0x7f0000000040)=0x6, 0x4) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{&(0x7f0000000100)={0x2, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x300, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) (async) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000080000000b"], 0x50) (async) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000480)={&(0x7f0000000300)="825bf9", 0x0, 0x0, 0x0, 0x7, r0}, 0x38) (async) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async) setsockopt(0xffffffffffffffff, 0x84, 0x81, &(0x7f0000000280)="1a", 0x1) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1900000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000400"/28], 0x48) (async) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r2, &(0x7f0000000280), &(0x7f0000000000)=""/3, 0x2}, 0x20) (async) pipe(&(0x7f0000000040)) (async) write$cgroup_subtree(r3, &(0x7f0000000100)={[{0x2d, 'devices'}]}, 0x9) (async) ppoll(&(0x7f0000000140)=[{r3, 0x270}], 0x1, 0x0, 0x0, 0x0) (async) writev(r3, &(0x7f0000004680)=[{&(0x7f00000044c0)="c0", 0x1}], 0x1) (async) bpf$BPF_PROG_TEST_RUN(0x12, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (async) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r2, &(0x7f0000000a40)="a2", &(0x7f0000000000)=""/6, 0x2}, 0x20) (async) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000800)={r2, &(0x7f0000000780)}, 0x20) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) (async) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)=ANY=[@ANYRES32=r1, @ANYRES32=r4, @ANYBLOB="020000000200000000000000", @ANYRES32, @ANYBLOB="6f4f695f5e055a8dcf75ec7dad49d4a2394d6246f9f8d1b99073f87873f59d6df291712afb8e1a20ea1f133e8725e54e1370d770c773fd4082ef7d2679dffc31446a7d2aac6b461f5bcb26295bde257ab97c351a8ff9f08103e9cd1fbe0770c6bc86f6a57726e5b54f541a4ab647b8d0c7cb", @ANYRES64=0x0], 0x10) (async) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0xa, &(0x7f0000000040)=0x6, 0x4) (async) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{&(0x7f0000000100)={0x2, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x300, 0x0) (async) socket$inet_tcp(0x2, 0x1, 0x0) (async) 24.797176974s ago: executing program 1 (id=194): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000780)=@base={0xa, 0x16, 0x800, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600180018100000", @ANYRES32=r0, @ANYBLOB="00000000000000006100000a00000000180000000000000000000000000000009500000000000000360a00000000000018010000202078250000000000202020631af8ff00000000bfa100000000000007010000f8fbffffb702000008000000b50200000000000085000000cb0000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x21) 24.398706327s ago: executing program 1 (id=199): r0 = socket$inet(0x2, 0x3, 0x1) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)={@multicast1, @multicast1, 0x1}, 0x10) epoll_create1(0xcb1fcd249bdcbcb8) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000040)) r2 = socket$kcm(0x29, 0x2, 0x0) r3 = socket$kcm(0x2, 0xa, 0x2) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x2, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r4, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$SIOCSIFHWADDR(r3, 0x8919, &(0x7f0000000000)={'bridge0\x00', @local}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, 0x0) 12.161941764s ago: executing program 1 (id=199): r0 = socket$inet(0x2, 0x3, 0x1) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)={@multicast1, @multicast1, 0x1}, 0x10) epoll_create1(0xcb1fcd249bdcbcb8) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000040)) r2 = socket$kcm(0x29, 0x2, 0x0) r3 = socket$kcm(0x2, 0xa, 0x2) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x2, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r4, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$SIOCSIFHWADDR(r3, 0x8919, &(0x7f0000000000)={'bridge0\x00', @local}) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, 0x0) 1.65729864s ago: executing program 4 (id=378): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'macvlan1\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000080)=ANY=[@ANYBLOB="500000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="1546010000000000200012800b0001006d61637365630000100002806cffd6bcb57319e20000000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r1], 0x50}}, 0x4000) 1.596923122s ago: executing program 2 (id=379): unshare(0x60000000) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) socket$key(0xf, 0x3, 0x2) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r2, 0x301, 0x0, 0x0, {{0x11}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}}, 0x0) 1.409178683s ago: executing program 3 (id=381): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x7fff}, &(0x7f00000000c0)=0x8) 1.401029981s ago: executing program 4 (id=382): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x2, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, 0x0, 0x0) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000000c0)=0x7, 0x4) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x600, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 1.320772642s ago: executing program 3 (id=383): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@mpls_getroute={0x1c, 0x1a, 0x1, 0x0, 0x0, {0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}}, 0x1c}}, 0x0) 1.201169427s ago: executing program 3 (id=384): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=@delchain={0x64, 0x64, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x9}, {0x10, 0xffff}}, [@filter_kind_options=@f_flower={{0xb}, {0x34, 0x2, [@TCA_FLOWER_KEY_ENC_IPV6_DST_MASK={0x14, 0x22, [0xffff00, 0xffffffff, 0xffffff00, 0xff]}, @TCA_FLOWER_KEY_ENC_IPV6_DST={0x14, 0x21, @empty}, @TCA_FLOWER_KEY_ENC_KEY_ID={0x8, 0x1a, 0x3596}]}}]}, 0x64}}, 0x4040004) 1.133578492s ago: executing program 2 (id=385): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="380000002d000100000000000000000008000000", @ANYRES16=r0], 0x38}], 0x1}, 0x0) 1.013137729s ago: executing program 2 (id=387): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)={0x154, r3, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_FRAME={0x130, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x9}, @device_b, @device_a, @initial, {0xf, 0x5}}, 0xffffffffffffffff, @default, 0x1000, @val={0x0, 0x6, @default_ibss_ssid}, @void, @val={0x3, 0x1, 0x2c}, @void, @val={0x6, 0x2, 0x1ff}, @val={0x5, 0xc7, {0x5, 0x97, 0x5, "840713d363c6724d98bf35001c09bfc3ef576ef4cbdedd44f1719d86e7202598ad5ab2b4e5dff62ed61751909b8422ef7be7fa9aeee03cce1881434df3bc53402458604b55890de2298e22ae5eb55d3e14358d8172d3caffea4c3165a9936a26aa4560071601df38cfb687a86ed61c704879c02c575dcc5f792ca84bd70fc9a24035370ffe3e5d14541c8831eed97732a996891591391a05b51387596e4634cf9ec3255fc6c4d68b86c2b73f110f4dc0b014af75ddf00689ee90b8c538f8b8c339a90010"}}, @void, @val={0x2a, 0x1, {0x0, 0x0, 0x1}}, @void, @val={0x2d, 0x1a, {0x400, 0x2, 0x5, 0x0, {0x2, 0xb7b, 0x0, 0x347, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x100, 0x1}}, @void, @val={0x71, 0x7, {0x69, 0x0, 0x1, 0x0, 0x1, 0x7, 0x20}}, @val={0x76, 0x6, {0x3, 0x0, 0x2f, 0x6}}}}]}, 0x154}, 0x1, 0x0, 0x0, 0xc0}, 0x0) 965.511259ms ago: executing program 0 (id=388): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x5, 0x7, 0x43, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600), &(0x7f00000001c0), 0x71, r0}, 0x38) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001b40)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private0, 0xfffffffc}, 0x1c, 0x0}}], 0x1, 0x8c1) bpf$BPF_GET_PROG_INFO(0x4, &(0x7f0000000140)={r0, 0xe0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 897.049732ms ago: executing program 0 (id=389): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'hsr0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000080)="00000000ee00000a00000000000088fb", 0x10, 0x40, &(0x7f0000000000)={0x11, 0x11, r2, 0x1, 0x8, 0x6, @local}, 0x14) 801.198851ms ago: executing program 3 (id=390): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0) syz_emit_ethernet(0x36, &(0x7f00000005c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0xfffe, 0x0, 0xfd, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x80, 0x2}}}}}}, 0x0) 800.810735ms ago: executing program 2 (id=391): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@getchain={0x24, 0x11, 0x839, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r1, {}, {0x0, 0x2}}}, 0x24}}, 0x0) 684.390699ms ago: executing program 0 (id=392): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x80000000010000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x1, 0x0, 0xfffffffffffffffd}, {0x0, 0x8, 0x0, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x2, 0x6c}, 0x0, @in6=@mcast2, 0x0, 0x5, 0x0, 0xb7}}, 0xe8) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=@newlink={0x34, 0x10, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4700c}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x0) 630.562618ms ago: executing program 3 (id=393): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) pselect6(0x40, &(0x7f0000000140)={0x5, 0x6, 0x8, 0x8, 0x0, 0x2, 0x0, 0x8}, &(0x7f0000000180)={0x9, 0x2, 0x7fff, 0x22c, 0x5, 0x0, 0xa9e, 0x7}, &(0x7f00000001c0)={0x7fffffff, 0x9, 0x81, 0xa1, 0x3, 0xff, 0x1, 0xffff}, &(0x7f0000000200)={0x77359400}, &(0x7f00000004c0)={&(0x7f0000000240)={[0xc6]}, 0x8}) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(0xffffffffffffffff, 0x84, 0x23, 0x0, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="4c00000002060108000034e400000000000000020500010006000000050004000000fe000900020073797a3100000000050005000200000012000300686173683a6e65742c706f7274000000"], 0x4c}}, 0x2) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000000)="6a0e6435f82b96e120e95ef657c67f3804ab3fd20f854380e05a23b6758439b1bcc2af4612a9ffbedef954ca796197b2ad54eb4aa5e40f7e0679b02c55444cd757567b124e1c78808a05eac11e93d4de3287", 0x52) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="54000000090601080000000000000000050000000900020073797a310000000005000100070000002c000780060004404e21000005000700e30000000c00018008000140850101010c00028008000140"], 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) 505.190305ms ago: executing program 3 (id=394): r0 = socket$inet6(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0xfffffefffbfbbfbe, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty, 0x6}, 0x1c) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x4081}, 0x20000011) 472.275622ms ago: executing program 4 (id=395): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x4, @empty, 'batadv_slave_1\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0x4, @remote, 'veth1_to_team\x00'}}, 0x1e) ioctl$PPPOEIOCSFWD(r0, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x2, @remote, 'veth0_to_team\x00'}}) 406.175774ms ago: executing program 4 (id=396): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1, 0x4, &(0x7f00000000c0)=@framed={{}, [@jmp={0x7, 0x1, 0xc, 0x0, 0xa}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94) 349.217254ms ago: executing program 0 (id=397): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x5, 0x7, 0x43, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600), &(0x7f00000001c0), 0x71, r0}, 0x38) bpf$BPF_GET_PROG_INFO(0x4, &(0x7f0000000140)={r0, 0xe0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 307.402251ms ago: executing program 4 (id=398): r0 = socket$inet6(0xa, 0x3, 0x5) sendmmsg(r0, &(0x7f0000001500)=[{{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7080000, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x7, 0x1}, 0x80, 0x0, 0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="0c0000002900000005"], 0xc}}], 0x1, 0x0) 294.991751ms ago: executing program 2 (id=399): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x401, 0x70bd21, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0xd9ffffff}]}}}]}, 0x3c}}, 0x24000004) 150.645436ms ago: executing program 0 (id=400): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x42, &(0x7f00000002c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x2, 0xffff, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x10009, 0x52}]}}}}}}}, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000140)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x2, 0x0, 0x0, 0x1000, {[@timestamp={0x8, 0xa, 0x3, 0x20000009}]}}}}}}}, 0x0) 101.300984ms ago: executing program 4 (id=401): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) ioctl$int_in(r0, 0x5421, &(0x7f0000000080)=0x4) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r1, 0x0, 0x7, 0x4) 64.691782ms ago: executing program 2 (id=402): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000580)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x4, 0x34, 0x4000, 0x0, 0xff, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x6, 0xffffffff}, @generic={0x8, 0x2}]}}}}}}}, 0x0) 0s ago: executing program 0 (id=403): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="000086dd020303009c000a004000623d885d009c11fffc000000000000000000000000000000ff0200000000000000000000000000014e224e21009c90"], 0xd2) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.152' (ED25519) to the list of known hosts. [ 66.216163][ T5818] cgroup: Unknown subsys name 'net' [ 66.329157][ T5818] cgroup: Unknown subsys name 'cpuset' [ 66.337978][ T5818] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 67.717186][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 69.972124][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 69.980419][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 69.988213][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.015607][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.035123][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.089239][ T5832] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.102914][ T5832] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.111394][ T5832] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.119432][ T5832] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.127477][ T5832] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 70.189145][ T5832] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.197034][ T5832] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.204562][ T5832] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 70.213311][ T5832] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 70.221050][ T5832] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 70.249285][ T5140] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 70.259952][ T5140] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 70.267883][ T5140] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 70.275937][ T5140] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 70.283645][ T5140] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 70.332045][ T5140] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 70.354187][ T5140] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 70.366207][ T5140] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 70.374523][ T5140] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 70.386176][ T5140] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 70.844468][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 71.028584][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 71.047758][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 71.099656][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 71.196047][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 71.208976][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.217613][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.225704][ T5837] bridge_slave_0: entered allmulticast mode [ 71.232732][ T5837] bridge_slave_0: entered promiscuous mode [ 71.306328][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.313434][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.321023][ T5837] bridge_slave_1: entered allmulticast mode [ 71.331633][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.332509][ T5837] bridge_slave_1: entered promiscuous mode [ 71.339565][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.413197][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.420781][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.428171][ T5833] bridge_slave_0: entered allmulticast mode [ 71.435788][ T5833] bridge_slave_0: entered promiscuous mode [ 71.489574][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.497169][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.504351][ T5833] bridge_slave_1: entered allmulticast mode [ 71.512368][ T5833] bridge_slave_1: entered promiscuous mode [ 71.522491][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.536283][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.557717][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.565105][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.572279][ T5829] bridge_slave_0: entered allmulticast mode [ 71.579714][ T5829] bridge_slave_0: entered promiscuous mode [ 71.620331][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.627699][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.637052][ T5829] bridge_slave_1: entered allmulticast mode [ 71.643990][ T5829] bridge_slave_1: entered promiscuous mode [ 71.711895][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.726806][ T5837] team0: Port device team_slave_0 added [ 71.744060][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.751866][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.759291][ T5840] bridge_slave_0: entered allmulticast mode [ 71.766509][ T5840] bridge_slave_0: entered promiscuous mode [ 71.800663][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.812145][ T5837] team0: Port device team_slave_1 added [ 71.833580][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.841840][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.849110][ T5840] bridge_slave_1: entered allmulticast mode [ 71.856258][ T5840] bridge_slave_1: entered promiscuous mode [ 71.863211][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.870622][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.877940][ T5842] bridge_slave_0: entered allmulticast mode [ 71.886199][ T5842] bridge_slave_0: entered promiscuous mode [ 71.895917][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.908606][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.959567][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.967384][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.974535][ T5842] bridge_slave_1: entered allmulticast mode [ 71.981961][ T5842] bridge_slave_1: entered promiscuous mode [ 72.030201][ T5833] team0: Port device team_slave_0 added [ 72.037120][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.044068][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.070522][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.112460][ T5829] team0: Port device team_slave_0 added [ 72.120835][ T5833] team0: Port device team_slave_1 added [ 72.126809][ T5832] Bluetooth: hci0: command tx timeout [ 72.133207][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.140220][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.166522][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.187832][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.205190][ T5832] Bluetooth: hci1: command tx timeout [ 72.215447][ T5829] team0: Port device team_slave_1 added [ 72.251258][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.263205][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.276168][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.294776][ T5832] Bluetooth: hci2: command tx timeout [ 72.362946][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.365432][ T5832] Bluetooth: hci3: command tx timeout [ 72.370039][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.401998][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.419843][ T5837] hsr_slave_0: entered promiscuous mode [ 72.426168][ T5837] hsr_slave_1: entered promiscuous mode [ 72.444800][ T5832] Bluetooth: hci4: command tx timeout [ 72.458801][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.465819][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.492082][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.503934][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.510939][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.536944][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.559459][ T5840] team0: Port device team_slave_0 added [ 72.568475][ T5840] team0: Port device team_slave_1 added [ 72.577020][ T5842] team0: Port device team_slave_0 added [ 72.583528][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.590724][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.616868][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.667257][ T5842] team0: Port device team_slave_1 added [ 72.720454][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.728505][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.755246][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.779597][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.786599][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.812669][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.846078][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.853037][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.879373][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.910621][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.917736][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.943957][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.980841][ T5829] hsr_slave_0: entered promiscuous mode [ 72.987549][ T5829] hsr_slave_1: entered promiscuous mode [ 72.993556][ T5829] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.001410][ T5829] Cannot create hsr debugfs directory [ 73.013051][ T5833] hsr_slave_0: entered promiscuous mode [ 73.019821][ T5833] hsr_slave_1: entered promiscuous mode [ 73.026307][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.033873][ T5833] Cannot create hsr debugfs directory [ 73.127590][ T5842] hsr_slave_0: entered promiscuous mode [ 73.133798][ T5842] hsr_slave_1: entered promiscuous mode [ 73.140635][ T5842] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.148453][ T5842] Cannot create hsr debugfs directory [ 73.199738][ T5840] hsr_slave_0: entered promiscuous mode [ 73.206432][ T5840] hsr_slave_1: entered promiscuous mode [ 73.212627][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.220399][ T5840] Cannot create hsr debugfs directory [ 73.668859][ T5837] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 73.701385][ T5837] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 73.725954][ T5837] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 73.739149][ T5837] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 73.803474][ T5829] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 73.814595][ T5829] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 73.829551][ T5829] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 73.839623][ T5829] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 73.912496][ T5842] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 73.929793][ T5842] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 73.942614][ T5842] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 73.952672][ T5842] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 74.064303][ T5840] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 74.074336][ T5840] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 74.088458][ T5840] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 74.120692][ T5840] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 74.212459][ T5832] Bluetooth: hci0: command tx timeout [ 74.230126][ T5833] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 74.244435][ T5833] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 74.260237][ T5833] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 74.270883][ T5833] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 74.285758][ T5832] Bluetooth: hci1: command tx timeout [ 74.337227][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.365409][ T5832] Bluetooth: hci2: command tx timeout [ 74.382951][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.431634][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.445896][ T5832] Bluetooth: hci3: command tx timeout [ 74.482861][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.493343][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.516492][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.525007][ T5832] Bluetooth: hci4: command tx timeout [ 74.544239][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.551562][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.561670][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.568929][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.578753][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.585856][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.596766][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.603855][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.639566][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.646679][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.664554][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.679514][ T1106] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.686631][ T1106] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.754083][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.792813][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.811633][ T319] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.818748][ T319] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.849592][ T319] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.856829][ T319] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.897367][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.971626][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.978829][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.031410][ T5840] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 75.052201][ T5840] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 75.129380][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.136591][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.511639][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.576128][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.587171][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.708940][ T5842] veth0_vlan: entered promiscuous mode [ 75.749845][ T5842] veth1_vlan: entered promiscuous mode [ 75.788692][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.830555][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.869832][ T5829] veth0_vlan: entered promiscuous mode [ 75.931383][ T5829] veth1_vlan: entered promiscuous mode [ 75.969889][ T5842] veth0_macvtap: entered promiscuous mode [ 75.994183][ T5842] veth1_macvtap: entered promiscuous mode [ 76.024035][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.054655][ T5833] veth0_vlan: entered promiscuous mode [ 76.072327][ T5829] veth0_macvtap: entered promiscuous mode [ 76.083717][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.092405][ T5840] veth0_vlan: entered promiscuous mode [ 76.109567][ T5833] veth1_vlan: entered promiscuous mode [ 76.121292][ T5829] veth1_macvtap: entered promiscuous mode [ 76.133100][ T5842] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.143412][ T5842] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.153371][ T5842] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.162364][ T5842] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.199502][ T5840] veth1_vlan: entered promiscuous mode [ 76.222307][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.241571][ T5837] veth0_vlan: entered promiscuous mode [ 76.251939][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.285280][ T5832] Bluetooth: hci0: command tx timeout [ 76.300970][ T5829] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.310231][ T5829] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.321114][ T5829] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.329937][ T5829] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.348534][ T5837] veth1_vlan: entered promiscuous mode [ 76.365690][ T5832] Bluetooth: hci1: command tx timeout [ 76.426255][ T5840] veth0_macvtap: entered promiscuous mode [ 76.445255][ T5832] Bluetooth: hci2: command tx timeout [ 76.459532][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.463515][ T5833] veth0_macvtap: entered promiscuous mode [ 76.467518][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.498871][ T5833] veth1_macvtap: entered promiscuous mode [ 76.514432][ T5840] veth1_macvtap: entered promiscuous mode [ 76.525463][ T5832] Bluetooth: hci3: command tx timeout [ 76.562415][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.581337][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.594507][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.605368][ T5832] Bluetooth: hci4: command tx timeout [ 76.616350][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.641901][ T5840] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.651311][ T5840] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.661288][ T5840] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.670313][ T5840] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.683969][ T1106] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.698466][ T1106] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.718238][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.730928][ T5837] veth0_macvtap: entered promiscuous mode [ 76.744484][ T5842] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 76.777798][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.799588][ T5837] veth1_macvtap: entered promiscuous mode [ 76.809638][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.835727][ T5833] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.844442][ T5833] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.857199][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.886426][ T5833] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.895498][ T5833] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.941803][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.986367][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.072655][ T5910] netlink: 60 bytes leftover after parsing attributes in process `syz.2.6'. [ 77.077794][ T5837] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.109216][ T5910] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6'. [ 77.116807][ T5837] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.127627][ T5912] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 77.128051][ T5837] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.148560][ T5837] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.231404][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.240440][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.328782][ T1106] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.341992][ T1106] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.352593][ T5912] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1'. [ 77.353906][ T1106] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.375597][ T1106] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.424540][ T5912] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'. [ 77.556474][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.565070][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.846885][ T5929] netlink: 24 bytes leftover after parsing attributes in process `syz.2.9'. [ 77.923512][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.941457][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.013050][ T5927] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.119509][ T5927] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.156457][ T5933] mac80211_hwsim hwsim7 wlan0: entered promiscuous mode [ 78.164433][ T5933] macsec1: entered promiscuous mode [ 78.170488][ T5933] macsec1: entered allmulticast mode [ 78.176376][ T5933] mac80211_hwsim hwsim7 wlan0: entered allmulticast mode [ 78.186851][ T5933] Zero length message leads to an empty skb [ 78.207056][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.217841][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.234542][ T5927] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.371328][ T5832] Bluetooth: hci0: command tx timeout [ 78.392650][ T5927] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.448920][ T5832] Bluetooth: hci1: command tx timeout [ 78.525041][ T5832] Bluetooth: hci2: command tx timeout [ 78.635665][ T5832] Bluetooth: hci3: command tx timeout [ 78.637629][ T5939] Bluetooth: MGMT ver 1.23 [ 78.685424][ T5140] Bluetooth: hci4: command tx timeout [ 78.863992][ T5927] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.997965][ T5927] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.115701][ T5960] netlink: 16 bytes leftover after parsing attributes in process `syz.2.12'. [ 79.156587][ T5927] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.221243][ T5927] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.491627][ T5972] syz.4.18 uses obsolete (PF_INET,SOCK_PACKET) [ 79.839015][ T5991] netlink: 24 bytes leftover after parsing attributes in process `syz.1.23'. [ 80.054070][ T5995] netlink: 60 bytes leftover after parsing attributes in process `syz.3.26'. [ 80.087149][ T5995] netlink: 24 bytes leftover after parsing attributes in process `syz.3.26'. [ 80.103296][ T5997] netlink: 'syz.2.27': attribute type 8 has an invalid length. [ 80.695198][ T5832] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 80.695425][ T5983] Bluetooth: hci0: command 0x0401 tx timeout [ 80.937981][ T6020] netlink: 28 bytes leftover after parsing attributes in process `syz.1.29'. [ 81.227503][ T6035] openvswitch: netlink: VXLAN extension 2 out of range max 1 [ 81.271462][ T6030] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.363372][ T6030] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.519346][ T6030] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.645273][ T5983] Bluetooth: hci4: command 0x0405 tx timeout [ 81.799868][ T6030] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 81.932843][ T6046] bridge_slave_0: left allmulticast mode [ 81.958707][ T6046] bridge_slave_0: left promiscuous mode [ 81.975193][ T6046] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.031945][ T6046] bridge_slave_1: left allmulticast mode [ 82.043912][ T6046] bridge_slave_1: left promiscuous mode [ 82.060969][ T6046] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.079521][ T6046] bond0: (slave bond_slave_0): Releasing backup interface [ 82.099814][ T6046] bond0: (slave bond_slave_1): Releasing backup interface [ 82.149722][ T6046] team0: Port device team_slave_0 removed [ 82.173240][ T6046] team0: Port device team_slave_1 removed [ 82.180568][ T6046] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 82.190212][ T6046] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 82.200551][ T6046] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 82.211009][ T6046] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 82.342737][ T6030] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.402200][ T6030] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.461942][ T6030] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.518919][ T6030] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.862791][ T6065] __nla_validate_parse: 1 callbacks suppressed [ 82.862808][ T6065] netlink: 24 bytes leftover after parsing attributes in process `syz.4.39'. [ 83.001660][ T6073] netlink: 48 bytes leftover after parsing attributes in process `syz.1.43'. [ 83.111631][ T6073] netlink: 24 bytes leftover after parsing attributes in process `syz.1.43'. [ 83.113122][ T6074] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 83.175555][ T6074] macsec1: entered promiscuous mode [ 83.181497][ T6074] macsec1: entered allmulticast mode [ 83.191053][ T6074] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode [ 83.522450][ T6089] netlink: 16 bytes leftover after parsing attributes in process `syz.1.49'. [ 83.681224][ T6093] netlink: 8 bytes leftover after parsing attributes in process `syz.1.49'. [ 83.716595][ T6095] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0 [ 84.053077][ T6106] netlink: 8 bytes leftover after parsing attributes in process `syz.2.51'. [ 84.103317][ T6108] netlink: 16 bytes leftover after parsing attributes in process `syz.0.54'. [ 84.146551][ T6109] ip6gre1: entered allmulticast mode [ 84.159243][ T6106] IPVS: Unknown mcast interface: [ 84.181998][ T13] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 84.463353][ T6119] netlink: 8 bytes leftover after parsing attributes in process `syz.1.57'. [ 84.632429][ T6121] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 84.677373][ T6121] netlink: 4 bytes leftover after parsing attributes in process `syz.4.58'. [ 84.712320][ T6121] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.797754][ T6128] netlink: 12 bytes leftover after parsing attributes in process `syz.1.61'. [ 85.454915][ T6121] bridge_slave_1 (unregistering): left allmulticast mode [ 85.494708][ T6121] bridge_slave_1 (unregistering): left promiscuous mode [ 85.501784][ T6121] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.659591][ T6137] netlink: 'syz.3.65': attribute type 1 has an invalid length. [ 85.766542][ T6139] bond1: entered promiscuous mode [ 85.780793][ T6139] 8021q: adding VLAN 0 to HW filter on device bond1 [ 85.999612][ T6146] netlink: 'syz.3.66': attribute type 15 has an invalid length. [ 86.413895][ T6170] raw_sendmsg: syz.4.75 forgot to set AF_INET. Fix it! [ 86.698060][ T10] cfg80211: failed to load regulatory.db [ 86.738261][ T6176] sch_tbf: burst 0 is lower than device veth0_to_team mtu (1514) ! [ 87.115452][ T6184] mac80211_hwsim hwsim10 wlan0: entered promiscuous mode [ 87.122650][ T6184] macsec1: entered promiscuous mode [ 87.204866][ T6184] macsec1: entered allmulticast mode [ 87.228179][ T6184] mac80211_hwsim hwsim10 wlan0: entered allmulticast mode [ 88.124916][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 88.169470][ T6205] __nla_validate_parse: 2 callbacks suppressed [ 88.169486][ T6205] netlink: 48 bytes leftover after parsing attributes in process `syz.0.85'. [ 88.191277][ T6208] netlink: 8 bytes leftover after parsing attributes in process `syz.4.86'. [ 88.213115][ T6208] netlink: 32 bytes leftover after parsing attributes in process `syz.4.86'. [ 88.648779][ T6222] netlink: 8 bytes leftover after parsing attributes in process `syz.0.88'. [ 88.887273][ T6233] netlink: 8 bytes leftover after parsing attributes in process `syz.2.95'. [ 88.904098][ T6233] netlink: 8 bytes leftover after parsing attributes in process `syz.2.95'. [ 88.938577][ T6233] Bluetooth: MGMT ver 1.23 [ 90.007443][ T6268] netlink: 20 bytes leftover after parsing attributes in process `syz.1.105'. [ 90.073345][ T6269] hsr0: entered promiscuous mode [ 90.080025][ T6269] hsr0: entered allmulticast mode [ 90.093413][ T6269] hsr_slave_0: entered allmulticast mode [ 90.100973][ T6269] hsr_slave_1: entered allmulticast mode [ 90.124125][ T6268] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 90.828448][ T6303] netlink: 1041 bytes leftover after parsing attributes in process `syz.4.112'. [ 90.914444][ T6301] ipt_REJECT: TCP_RESET invalid for non-tcp [ 91.028055][ T6307] netlink: 136 bytes leftover after parsing attributes in process `syz.2.114'. [ 91.121181][ T6307] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 91.408732][ T6326] FAULT_INJECTION: forcing a failure. [ 91.408732][ T6326] name failslab, interval 1, probability 0, space 0, times 1 [ 91.435487][ T6326] CPU: 1 UID: 0 PID: 6326 Comm: syz.3.120 Not tainted 6.15.0-rc7-syzkaller-01658-gea15e046263b #0 PREEMPT(full) [ 91.435520][ T6326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 91.435537][ T6326] Call Trace: [ 91.435544][ T6326] [ 91.435552][ T6326] dump_stack_lvl+0x189/0x250 [ 91.435588][ T6326] ? __pfx_dump_stack_lvl+0x10/0x10 [ 91.435610][ T6326] ? __pfx__printk+0x10/0x10 [ 91.435634][ T6326] ? __pfx___might_resched+0x10/0x10 [ 91.435651][ T6326] ? fs_reclaim_acquire+0x7d/0x100 [ 91.435679][ T6326] should_fail_ex+0x414/0x560 [ 91.435704][ T6326] should_failslab+0xa8/0x100 [ 91.435727][ T6326] __kmalloc_noprof+0xcb/0x4f0 [ 91.435746][ T6326] ? kfree+0x4d/0x440 [ 91.435761][ T6326] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 91.435788][ T6326] tomoyo_realpath_from_path+0xe3/0x5d0 [ 91.435811][ T6326] ? tomoyo_domain+0xda/0x130 [ 91.435838][ T6326] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 91.435856][ T6326] tomoyo_path_number_perm+0x1e8/0x5a0 [ 91.435878][ T6326] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 91.435915][ T6326] ? __lock_acquire+0xaac/0xd20 [ 91.435957][ T6326] ? __fget_files+0x2a/0x420 [ 91.435982][ T6326] ? __fget_files+0x3a0/0x420 [ 91.436000][ T6326] ? __fget_files+0x2a/0x420 [ 91.436025][ T6326] security_file_ioctl+0xcb/0x2d0 [ 91.436044][ T6326] __se_sys_ioctl+0x47/0x170 [ 91.436066][ T6326] do_syscall_64+0xf6/0x210 [ 91.436086][ T6326] ? clear_bhb_loop+0x60/0xb0 [ 91.436107][ T6326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.436123][ T6326] RIP: 0033:0x7f2e1b18e969 [ 91.436142][ T6326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.436156][ T6326] RSP: 002b:00007f2e1c03a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 91.436174][ T6326] RAX: ffffffffffffffda RBX: 00007f2e1b3b5fa0 RCX: 00007f2e1b18e969 [ 91.436186][ T6326] RDX: 0000000000000000 RSI: 00000000000089e0 RDI: 0000000000000003 [ 91.436197][ T6326] RBP: 00007f2e1c03a090 R08: 0000000000000000 R09: 0000000000000000 [ 91.436207][ T6326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.436217][ T6326] R13: 0000000000000000 R14: 00007f2e1b3b5fa0 R15: 00007ffd43476168 [ 91.436247][ T6326] [ 91.437205][ T6326] ERROR: Out of memory at tomoyo_realpath_from_path. [ 91.997943][ T6319] netlink: 36 bytes leftover after parsing attributes in process `syz.4.117'. [ 92.109299][ T6339] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 92.152985][ T6341] netlink: 'syz.1.123': attribute type 10 has an invalid length. [ 92.272233][ T6341] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 92.720623][ T6359] vlan2: entered promiscuous mode [ 92.747036][ T6359] batadv0: entered promiscuous mode [ 92.931201][ T6372] FAULT_INJECTION: forcing a failure. [ 92.931201][ T6372] name failslab, interval 1, probability 0, space 0, times 0 [ 92.967632][ T6372] CPU: 0 UID: 0 PID: 6372 Comm: syz.2.132 Not tainted 6.15.0-rc7-syzkaller-01658-gea15e046263b #0 PREEMPT(full) [ 92.967653][ T6372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 92.967661][ T6372] Call Trace: [ 92.967666][ T6372] [ 92.967673][ T6372] dump_stack_lvl+0x189/0x250 [ 92.967701][ T6372] ? __pfx_dump_stack_lvl+0x10/0x10 [ 92.967720][ T6372] ? __pfx__printk+0x10/0x10 [ 92.967739][ T6372] ? __pfx___might_resched+0x10/0x10 [ 92.967755][ T6372] ? fs_reclaim_acquire+0x7d/0x100 [ 92.967780][ T6372] should_fail_ex+0x414/0x560 [ 92.967803][ T6372] should_failslab+0xa8/0x100 [ 92.967826][ T6372] __kmalloc_noprof+0xcb/0x4f0 [ 92.967845][ T6372] ? tomoyo_encode+0x28b/0x550 [ 92.967870][ T6372] tomoyo_encode+0x28b/0x550 [ 92.967897][ T6372] tomoyo_realpath_from_path+0x58d/0x5d0 [ 92.967919][ T6372] ? tomoyo_domain+0xda/0x130 [ 92.967946][ T6372] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 92.967964][ T6372] tomoyo_path_number_perm+0x1e8/0x5a0 [ 92.967986][ T6372] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 92.968029][ T6372] ? __lock_acquire+0xaac/0xd20 [ 92.968070][ T6372] ? __fget_files+0x2a/0x420 [ 92.968095][ T6372] ? __fget_files+0x3a0/0x420 [ 92.968114][ T6372] ? __fget_files+0x2a/0x420 [ 92.968138][ T6372] security_file_ioctl+0xcb/0x2d0 [ 92.968157][ T6372] __se_sys_ioctl+0x47/0x170 [ 92.968178][ T6372] do_syscall_64+0xf6/0x210 [ 92.968197][ T6372] ? clear_bhb_loop+0x60/0xb0 [ 92.968219][ T6372] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 92.968234][ T6372] RIP: 0033:0x7f9d77f8e969 [ 92.968250][ T6372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 92.968263][ T6372] RSP: 002b:00007f9d78de2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 92.968280][ T6372] RAX: ffffffffffffffda RBX: 00007f9d781b5fa0 RCX: 00007f9d77f8e969 [ 92.968292][ T6372] RDX: 0000000000000000 RSI: 00000000000089e0 RDI: 0000000000000003 [ 92.968302][ T6372] RBP: 00007f9d78de2090 R08: 0000000000000000 R09: 0000000000000000 [ 92.968312][ T6372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 92.968322][ T6372] R13: 0000000000000000 R14: 00007f9d781b5fa0 R15: 00007ffd990cb698 [ 92.968352][ T6372] [ 92.968372][ T6372] ERROR: Out of memory at tomoyo_realpath_from_path. [ 93.189920][ T6370] 8021q: adding VLAN 0 to HW filter on device bond2 [ 93.359029][ T6383] x_tables: duplicate underflow at hook 3 [ 93.502352][ T6385] __nla_validate_parse: 2 callbacks suppressed [ 93.502369][ T6385] netlink: 28 bytes leftover after parsing attributes in process `syz.3.138'. [ 93.536286][ T6385] netlink: 28 bytes leftover after parsing attributes in process `syz.3.138'. [ 93.612737][ T6385] gretap0: entered promiscuous mode [ 93.636759][ T6385] gretap0: left promiscuous mode [ 93.718656][ T6403] af_packet: tpacket_rcv: packet too big, clamped from 32820 to 3952. macoff=96 [ 94.254094][ T6408] netlink: 80 bytes leftover after parsing attributes in process `syz.3.146'. [ 94.589198][ T6418] FAULT_INJECTION: forcing a failure. [ 94.589198][ T6418] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 94.629540][ T6418] CPU: 0 UID: 0 PID: 6418 Comm: syz.1.149 Not tainted 6.15.0-rc7-syzkaller-01658-gea15e046263b #0 PREEMPT(full) [ 94.629563][ T6418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 94.629572][ T6418] Call Trace: [ 94.629578][ T6418] [ 94.629586][ T6418] dump_stack_lvl+0x189/0x250 [ 94.629612][ T6418] ? __lock_acquire+0xaac/0xd20 [ 94.629636][ T6418] ? __pfx_dump_stack_lvl+0x10/0x10 [ 94.629657][ T6418] ? __pfx__printk+0x10/0x10 [ 94.629673][ T6418] ? __might_fault+0xb0/0x130 [ 94.629704][ T6418] should_fail_ex+0x414/0x560 [ 94.629728][ T6418] _copy_from_user+0x2d/0xb0 [ 94.629751][ T6418] kcm_ioctl+0x341/0xff0 [ 94.629771][ T6418] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 94.629789][ T6418] ? __pfx_kcm_ioctl+0x10/0x10 [ 94.629802][ T6418] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 94.629820][ T6418] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 94.629834][ T6418] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 94.629852][ T6418] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 94.629877][ T6418] sock_do_ioctl+0xdc/0x300 [ 94.629899][ T6418] ? __pfx_sock_do_ioctl+0x10/0x10 [ 94.629917][ T6418] ? __lock_acquire+0xaac/0xd20 [ 94.629958][ T6418] sock_ioctl+0x576/0x790 [ 94.629978][ T6418] ? __pfx_sock_ioctl+0x10/0x10 [ 94.629999][ T6418] ? __fget_files+0x3a0/0x420 [ 94.630018][ T6418] ? __fget_files+0x2a/0x420 [ 94.630041][ T6418] ? bpf_lsm_file_ioctl+0x9/0x20 [ 94.630068][ T6418] ? __pfx_sock_ioctl+0x10/0x10 [ 94.630085][ T6418] __se_sys_ioctl+0xf9/0x170 [ 94.630104][ T6418] do_syscall_64+0xf6/0x210 [ 94.630122][ T6418] ? clear_bhb_loop+0x60/0xb0 [ 94.630148][ T6418] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.630164][ T6418] RIP: 0033:0x7fa454d8e969 [ 94.630179][ T6418] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.630191][ T6418] RSP: 002b:00007fa455cc8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 94.630209][ T6418] RAX: ffffffffffffffda RBX: 00007fa454fb5fa0 RCX: 00007fa454d8e969 [ 94.630221][ T6418] RDX: 0000000000000000 RSI: 00000000000089e0 RDI: 0000000000000003 [ 94.630231][ T6418] RBP: 00007fa455cc8090 R08: 0000000000000000 R09: 0000000000000000 [ 94.630241][ T6418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 94.630251][ T6418] R13: 0000000000000000 R14: 00007fa454fb5fa0 R15: 00007ffcaf637148 [ 94.630276][ T6418] [ 95.258373][ T6429] netlink: 'syz.4.153': attribute type 1 has an invalid length. [ 95.299197][ T6427] netlink: 60 bytes leftover after parsing attributes in process `syz.1.152'. [ 95.624469][ T6449] x_tables: duplicate underflow at hook 2 [ 95.659131][ T6451] netlink: 48 bytes leftover after parsing attributes in process `syz.0.160'. [ 95.671279][ T6453] netlink: 48 bytes leftover after parsing attributes in process `syz.0.160'. [ 95.837747][ T6462] FAULT_INJECTION: forcing a failure. [ 95.837747][ T6462] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 95.852871][ T6462] CPU: 0 UID: 0 PID: 6462 Comm: syz.1.162 Not tainted 6.15.0-rc7-syzkaller-01658-gea15e046263b #0 PREEMPT(full) [ 95.852895][ T6462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 95.852904][ T6462] Call Trace: [ 95.852911][ T6462] [ 95.852919][ T6462] dump_stack_lvl+0x189/0x250 [ 95.852949][ T6462] ? __pfx_dump_stack_lvl+0x10/0x10 [ 95.852970][ T6462] ? __pfx__printk+0x10/0x10 [ 95.853001][ T6462] should_fail_ex+0x414/0x560 [ 95.853025][ T6462] _copy_to_user+0x31/0xb0 [ 95.853049][ T6462] simple_read_from_buffer+0xe1/0x170 [ 95.853075][ T6462] proc_fail_nth_read+0x1df/0x250 [ 95.853100][ T6462] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 95.853124][ T6462] ? rw_verify_area+0x258/0x650 [ 95.853141][ T6462] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 95.853163][ T6462] vfs_read+0x1fd/0x980 [ 95.853185][ T6462] ? __pfx___mutex_lock+0x10/0x10 [ 95.853202][ T6462] ? __pfx_vfs_read+0x10/0x10 [ 95.853221][ T6462] ? __fget_files+0x2a/0x420 [ 95.853246][ T6462] ? __fget_files+0x3a0/0x420 [ 95.853264][ T6462] ? __fget_files+0x2a/0x420 [ 95.853294][ T6462] ksys_read+0x145/0x250 [ 95.853311][ T6462] ? __fget_files+0x2a/0x420 [ 95.853333][ T6462] ? __pfx_ksys_read+0x10/0x10 [ 95.853355][ T6462] ? do_syscall_64+0xba/0x210 [ 95.853378][ T6462] do_syscall_64+0xf6/0x210 [ 95.853396][ T6462] ? clear_bhb_loop+0x60/0xb0 [ 95.853417][ T6462] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.853433][ T6462] RIP: 0033:0x7fa454d8d37c [ 95.853449][ T6462] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 95.853462][ T6462] RSP: 002b:00007fa455cc8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 95.853479][ T6462] RAX: ffffffffffffffda RBX: 00007fa454fb5fa0 RCX: 00007fa454d8d37c [ 95.853491][ T6462] RDX: 000000000000000f RSI: 00007fa455cc80a0 RDI: 0000000000000004 [ 95.853502][ T6462] RBP: 00007fa455cc8090 R08: 0000000000000000 R09: 0000000000000000 [ 95.853512][ T6462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 95.853522][ T6462] R13: 0000000000000000 R14: 00007fa454fb5fa0 R15: 00007ffcaf637148 [ 95.853551][ T6462] [ 96.234937][ T6469] netlink: 20 bytes leftover after parsing attributes in process `syz.4.165'. [ 96.275780][ T6464] netlink: 4 bytes leftover after parsing attributes in process `syz.0.163'. [ 96.294789][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 96.570835][ T6489] netlink: 'syz.0.170': attribute type 12 has an invalid length. [ 96.608860][ T6489] netlink: 'syz.0.170': attribute type 29 has an invalid length. [ 96.621031][ T6489] netlink: 148 bytes leftover after parsing attributes in process `syz.0.170'. [ 96.635561][ T6489] netlink: 'syz.0.170': attribute type 1 has an invalid length. [ 96.643478][ T6489] netlink: 47 bytes leftover after parsing attributes in process `syz.0.170'. [ 96.799665][ T6497] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 96.902643][ T6497] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.011294][ T6497] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.153458][ T6497] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.393786][ T6497] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.430818][ T6497] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.478619][ T6497] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.591163][ T6497] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 97.744185][ T6497] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.099670][ T6497] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.896440][ T6563] __nla_validate_parse: 4 callbacks suppressed [ 98.896475][ T6563] netlink: 12 bytes leftover after parsing attributes in process `syz.4.189'. [ 99.113654][ T6563] 8021q: adding VLAN 0 to HW filter on device bond1 [ 99.361881][ T6586] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 99.894582][ T1106] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.093354][ T6611] netlink: 'syz.0.203': attribute type 6 has an invalid length. [ 100.156841][ T1106] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.183942][ T30] audit: type=1800 audit(1748173115.972:2): pid=6614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.206" name="memory.events" dev="tmpfs" ino=218 res=0 errno=0 [ 100.241941][ T6614] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.258485][ T30] audit: type=1804 audit(1748173116.002:3): pid=6614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.206" name="memory.events" dev="tmpfs" ino=218 res=1 errno=0 [ 100.311949][ T6618] netlink: 8 bytes leftover after parsing attributes in process `syz.2.206'. [ 100.327090][ T6618] netlink: 8 bytes leftover after parsing attributes in process `syz.2.206'. [ 100.403919][ T5983] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 100.419673][ T5983] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 100.431640][ T5983] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 100.450810][ T5983] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 100.459590][ T5983] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 100.468895][ T6613] team0 (unregistering): Port device team_slave_0 removed [ 100.492261][ T6613] team0 (unregistering): Port device team_slave_1 removed [ 100.542044][ T1106] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.583586][ T6614] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.663927][ T1106] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.719062][ T6614] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.829731][ T6623] tap0: tun_chr_ioctl cmd 1074025677 [ 100.839877][ T6623] tap0: linktype set to 825 [ 100.904112][ T6614] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.226207][ T6614] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.260811][ T6614] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.289123][ T6614] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.319747][ T6614] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.905756][ T1106] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 101.941202][ T1106] bond0 (unregistering): Released all slaves [ 102.510400][ T6620] chnl_net:caif_netlink_parms(): no params data found [ 102.524926][ T5983] Bluetooth: hci3: command tx timeout [ 102.563136][ T6699] netlink: zone id is out of range [ 102.799765][ T6712] xt_addrtype: both incoming and outgoing interface limitation cannot be selected [ 102.921163][ T6712] netlink: 'syz.3.229': attribute type 7 has an invalid length. [ 102.933619][ T1106] hsr_slave_0: left promiscuous mode [ 102.950612][ T1106] hsr_slave_1: left promiscuous mode [ 102.982109][ T6720] netlink: 24 bytes leftover after parsing attributes in process `syz.2.230'. [ 102.987401][ T1106] veth1_macvtap: left promiscuous mode [ 103.003444][ T1106] veth0_macvtap: left promiscuous mode [ 103.009309][ T1106] veth1_vlan: left promiscuous mode [ 103.014992][ T1106] veth0_vlan: left promiscuous mode [ 103.527306][ T6730] netlink: 'syz.4.231': attribute type 4 has an invalid length. [ 103.836105][ T6620] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.859523][ T6620] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.879888][ T6620] bridge_slave_0: entered allmulticast mode [ 103.903092][ T6620] bridge_slave_0: entered promiscuous mode [ 103.932562][ T6722] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 103.943152][ T6722] syzkaller0: linktype set to 774 [ 103.959882][ T6725] syzkaller0: tun_chr_ioctl cmd 35108 [ 104.054514][ T6620] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.093434][ T6620] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.125169][ T6620] bridge_slave_1: entered allmulticast mode [ 104.166527][ T6620] bridge_slave_1: entered promiscuous mode [ 104.388395][ T6620] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 104.421575][ T6620] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 104.450771][ T6739] netlink: 20 bytes leftover after parsing attributes in process `syz.3.235'. [ 104.543515][ T6739] : entered promiscuous mode [ 104.605819][ T5983] Bluetooth: hci3: command tx timeout [ 104.636011][ T6620] team0: Port device team_slave_0 added [ 104.657680][ T6620] team0: Port device team_slave_1 added [ 104.716164][ T6751] netlink: 8 bytes leftover after parsing attributes in process `syz.0.237'. [ 104.823224][ T6620] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 104.854685][ T6620] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.901143][ T6620] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 104.929723][ T6620] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 104.969512][ T6620] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 104.997461][ T6763] sctp: [Deprecated]: syz.2.240 (pid 6763) Use of struct sctp_assoc_value in delayed_ack socket option. [ 104.997461][ T6763] Use struct sctp_sack_info instead [ 105.022523][ T6620] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 105.315944][ T6620] hsr_slave_0: entered promiscuous mode [ 105.337067][ T6620] hsr_slave_1: entered promiscuous mode [ 105.358316][ T6620] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 105.380230][ T6620] Cannot create hsr debugfs directory [ 105.913964][ T6795] netlink: 16 bytes leftover after parsing attributes in process `syz.2.251'. [ 105.965560][ T5906] IPVS: starting estimator thread 0... [ 105.978936][ T6797] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 106.055879][ T6801] IPVS: using max 36 ests per chain, 86400 per kthread [ 106.373667][ T6817] netlink: 16 bytes leftover after parsing attributes in process `syz.4.254'. [ 106.686444][ T5983] Bluetooth: hci3: command tx timeout [ 106.766040][ T6830] netlink: 'syz.3.256': attribute type 3 has an invalid length. [ 106.773726][ T6830] netlink: 'syz.3.256': attribute type 1 has an invalid length. [ 106.980579][ T6836] sctp: [Deprecated]: syz.0.258 (pid 6836) Use of int in maxseg socket option. [ 106.980579][ T6836] Use struct sctp_assoc_value instead [ 107.251517][ T6620] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 107.296657][ T6620] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 107.461126][ T6620] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 107.610067][ T6620] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 107.956721][ T6889] xt_CT: No such helper "pptp" [ 108.366022][ T6620] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.427717][ T6912] netlink: 36 bytes leftover after parsing attributes in process `syz.2.267'. [ 108.561255][ T6620] 8021q: adding VLAN 0 to HW filter on device team0 [ 108.618928][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 108.626158][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 108.716033][ T6921] netlink: 36 bytes leftover after parsing attributes in process `syz.3.271'. [ 108.716211][ T6873] bridge0: port 2(bridge_slave_1) entered blocking state [ 108.732101][ T6873] bridge0: port 2(bridge_slave_1) entered forwarding state [ 108.775245][ T5983] Bluetooth: hci3: command tx timeout [ 109.108873][ T6937] netlink: 8 bytes leftover after parsing attributes in process `syz.4.275'. [ 109.271138][ T6944] netlink: 20 bytes leftover after parsing attributes in process `syz.0.274'. [ 109.324388][ T6942] netlink: 20 bytes leftover after parsing attributes in process `syz.2.277'. [ 109.537779][ T6620] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 109.661247][ T6952] netlink: 'syz.4.279': attribute type 1 has an invalid length. [ 109.682337][ T6952] netlink: 'syz.4.279': attribute type 2 has an invalid length. [ 109.996148][ T6620] veth0_vlan: entered promiscuous mode [ 110.021092][ T6620] veth1_vlan: entered promiscuous mode [ 110.101985][ T6620] veth0_macvtap: entered promiscuous mode [ 110.126652][ T6620] veth1_macvtap: entered promiscuous mode [ 110.220539][ T6620] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.261750][ T6620] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.299301][ T6968] warning: `syz.3.285' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 110.334129][ T6620] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.350936][ T6620] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.360271][ T6620] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.378978][ T6620] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.832373][ T6873] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.845218][ T5983] Bluetooth: hci3: command tx timeout [ 110.848153][ T6873] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.947116][ T6878] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.973712][ T6878] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.246237][ T7017] openvswitch: netlink: Tunnel attr 16 has unexpected len 4 expected 0 [ 111.448137][ T7020] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 111.479918][ T7020] vlan2: entered promiscuous mode [ 111.486104][ T7020] vlan2: entered allmulticast mode [ 111.654345][ T7024] netlink: 'syz.4.300': attribute type 1 has an invalid length. [ 111.680899][ T6869] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 111.703030][ T7024] netlink: 4 bytes leftover after parsing attributes in process `syz.4.300'. [ 111.847326][ T6869] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.148136][ T7031] atm:do_vcc_ioctl: ATM_SETSC is obsolete; used by syz.3.302:7031 [ 112.251830][ T6869] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.428016][ T6869] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.429164][ T7045] netlink: 'syz.2.306': attribute type 10 has an invalid length. [ 112.510023][ T7045] team0: Cannot enslave team device to itself [ 112.555617][ T7044] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 112.580053][ T7044] syzkaller0: linktype set to 774 [ 112.580937][ T7046] netlink: 'syz.4.307': attribute type 5 has an invalid length. [ 112.640230][ T5832] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 112.655144][ T5832] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 112.665160][ T5832] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 112.683781][ T5832] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 112.701951][ T5832] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 112.714328][ T7046] netlink: 'syz.4.307': attribute type 2 has an invalid length. [ 112.755525][ T7044] netlink: 8 bytes leftover after parsing attributes in process `syz.4.307'. [ 112.805351][ T7044] netlink: 8 bytes leftover after parsing attributes in process `syz.4.307'. [ 113.107292][ T6869] bridge_slave_1: left allmulticast mode [ 113.138913][ T6869] bridge_slave_1: left promiscuous mode [ 113.163049][ T6869] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.187191][ T6869] bridge_slave_0: left allmulticast mode [ 113.192876][ T6869] bridge_slave_0: left promiscuous mode [ 113.204310][ T6869] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.239122][ T7038] netlink: 28 bytes leftover after parsing attributes in process `syz.0.305'. [ 113.277287][ T7071] netlink: 4 bytes leftover after parsing attributes in process `syz.2.311'. [ 113.585078][ T6869] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 113.597873][ T6869] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 113.608250][ T6869] bond0 (unregistering): Released all slaves [ 113.633560][ T7069] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 113.651881][ T7069] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 113.670582][ T7070] netlink: 'syz.2.311': attribute type 12 has an invalid length. [ 113.679793][ T7070] netlink: 132 bytes leftover after parsing attributes in process `syz.2.311'. [ 114.093458][ T7089] xt_hashlimit: size too large, truncated to 1048576 [ 114.183016][ T7093] netlink: 16 bytes leftover after parsing attributes in process `syz.0.314'. [ 114.339167][ T7102] netlink: 8 bytes leftover after parsing attributes in process `syz.4.318'. [ 114.442424][ T7106] netlink: 'syz.2.321': attribute type 2 has an invalid length. [ 114.452903][ T6869] hsr_slave_0: left promiscuous mode [ 114.468981][ T7106] netlink: 'syz.2.321': attribute type 1 has an invalid length. [ 114.480547][ T6869] hsr_slave_1: left promiscuous mode [ 114.494063][ T6869] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 114.506468][ T7106] netlink: 224 bytes leftover after parsing attributes in process `syz.2.321'. [ 114.539258][ T6869] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 114.587332][ T6869] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 114.624782][ T6869] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 114.684085][ T6869] veth1_macvtap: left promiscuous mode [ 114.689726][ T6869] veth0_macvtap: left promiscuous mode [ 114.705169][ T6869] veth1_vlan: left promiscuous mode [ 114.711312][ T6869] veth0_vlan: left promiscuous mode [ 114.765008][ T5983] Bluetooth: hci3: command tx timeout [ 115.608645][ T6869] team0 (unregistering): Port device team_slave_1 removed [ 115.648989][ T6869] team0 (unregistering): Port device team_slave_0 removed [ 115.933076][ T7097] !: renamed from dummy0 (while UP) [ 116.194057][ T7153] netlink: 8 bytes leftover after parsing attributes in process `syz.2.324'. [ 116.330895][ T7047] chnl_net:caif_netlink_parms(): no params data found [ 116.723312][ T7047] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.725813][ T7164] __nla_validate_parse: 3 callbacks suppressed [ 116.725836][ T7164] netlink: 36 bytes leftover after parsing attributes in process `syz.2.328'. [ 116.746457][ T7047] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.753694][ T7047] bridge_slave_0: entered allmulticast mode [ 116.761508][ T7047] bridge_slave_0: entered promiscuous mode [ 116.772142][ T7155] netlink: 'syz.0.326': attribute type 1 has an invalid length. [ 116.783612][ T7155] netlink: 20 bytes leftover after parsing attributes in process `syz.0.326'. [ 116.792970][ T7155] netlink: 'syz.0.326': attribute type 1 has an invalid length. [ 116.802324][ T7155] netlink: 20 bytes leftover after parsing attributes in process `syz.0.326'. [ 116.811722][ T7155] netlink: 'syz.0.326': attribute type 1 has an invalid length. [ 116.819627][ T7155] netlink: 20 bytes leftover after parsing attributes in process `syz.0.326'. [ 116.828995][ T7155] netlink: 'syz.0.326': attribute type 1 has an invalid length. [ 116.839044][ T7155] netlink: 20 bytes leftover after parsing attributes in process `syz.0.326'. [ 116.848121][ T5983] Bluetooth: hci3: command tx timeout [ 116.848955][ T7155] netlink: 20 bytes leftover after parsing attributes in process `syz.0.326'. [ 116.863164][ T7155] netlink: 20 bytes leftover after parsing attributes in process `syz.0.326'. [ 116.872660][ T7155] netlink: 20 bytes leftover after parsing attributes in process `syz.0.326'. [ 116.882149][ T7155] netlink: 20 bytes leftover after parsing attributes in process `syz.0.326'. [ 116.892495][ T7155] netlink: 20 bytes leftover after parsing attributes in process `syz.0.326'. [ 116.922853][ T7047] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.934571][ T7047] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.942207][ T7047] bridge_slave_1: entered allmulticast mode [ 116.958408][ T7047] bridge_slave_1: entered promiscuous mode [ 116.977744][ T7166] 8021q: VLANs not supported on syzkaller1 [ 117.063262][ T7047] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 117.089379][ T7047] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 117.325756][ T7047] team0: Port device team_slave_0 added [ 117.680520][ T7047] team0: Port device team_slave_1 added [ 118.057294][ T7187] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 118.073556][ T7187] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 118.092314][ T7187] bond0 (unregistering): Released all slaves [ 118.149255][ T7047] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 118.156826][ T7047] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 118.187786][ T7047] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 118.230866][ T7047] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 118.239245][ T7047] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 118.275492][ T7047] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 118.460672][ T7047] hsr_slave_0: entered promiscuous mode [ 118.497095][ T7047] hsr_slave_1: entered promiscuous mode [ 118.503520][ T7047] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 118.511932][ T7047] Cannot create hsr debugfs directory [ 118.529147][ T7215] validate_nla: 74 callbacks suppressed [ 118.529163][ T7215] netlink: 'syz.4.339': attribute type 17 has an invalid length. [ 118.936351][ T5983] Bluetooth: hci3: command tx timeout [ 118.969835][ T7224] tipc: Started in network mode [ 118.975453][ T7224] tipc: Node identity 4a055640330a, cluster identity 4711 [ 118.989723][ T7224] tipc: Enabled bearer , priority 0 [ 119.034075][ T7224] syzkaller0: entered promiscuous mode [ 119.061203][ T7224] syzkaller0: entered allmulticast mode [ 119.141011][ T7223] tipc: Resetting bearer [ 119.158468][ T7223] tipc: Disabling bearer [ 119.678649][ T7256] macvlan3: entered promiscuous mode [ 119.698865][ T7256] macvlan3: entered allmulticast mode [ 119.709402][ T7256] ip6gretap0: entered allmulticast mode [ 120.048793][ T7262] syzkaller0: entered allmulticast mode [ 120.132084][ T7262] syzkaller0 (unregistering): left allmulticast mode [ 120.272367][ T7270] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 120.289320][ T7047] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 120.303550][ T7270] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 120.323359][ T7047] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 120.380206][ T7047] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 120.528201][ T7047] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 120.885121][ T7275] veth0_to_bond: entered promiscuous mode [ 120.997858][ T7047] 8021q: adding VLAN 0 to HW filter on device bond0 [ 121.005347][ T5983] Bluetooth: hci3: command tx timeout [ 121.029240][ T7275] veth0_to_bond: left promiscuous mode [ 121.065819][ T7047] 8021q: adding VLAN 0 to HW filter on device team0 [ 121.111995][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.119220][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 121.166072][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.173253][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 121.229273][ T7292] vlan0: entered promiscuous mode [ 121.263055][ T7293] bond_slave_1: entered promiscuous mode [ 121.374173][ T7305] x_tables: duplicate underflow at hook 1 [ 121.390896][ T7288] bond0: (slave bond_slave_1): Releasing backup interface [ 121.420423][ T7288] bond_slave_1 (unregistering): left promiscuous mode [ 122.056329][ T7047] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 122.084169][ T7339] __nla_validate_parse: 82 callbacks suppressed [ 122.084187][ T7339] netlink: 12 bytes leftover after parsing attributes in process `syz.4.378'. [ 122.117537][ T7339] macsec2: entered allmulticast mode [ 122.142884][ T7339] macvlan1: entered allmulticast mode [ 122.165935][ T7339] veth1_vlan: entered allmulticast mode [ 122.188687][ T7339] macvlan1: left allmulticast mode [ 122.197441][ T7339] veth1_vlan: left allmulticast mode [ 122.293435][ T7047] veth0_vlan: entered promiscuous mode [ 122.431491][ T7047] veth1_vlan: entered promiscuous mode [ 122.573766][ T7353] netlink: 24 bytes leftover after parsing attributes in process `syz.3.384'. [ 122.622343][ T7355] netlink: 20 bytes leftover after parsing attributes in process `syz.2.385'. [ 122.690878][ T7047] veth0_macvtap: entered promiscuous mode [ 122.823433][ T7047] veth1_macvtap: entered promiscuous mode [ 122.834283][ C1] Unknown status report in ack skb [ 122.925717][ T7366] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 122.929662][ T7047] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 122.932409][ T7366] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 122.982379][ T7047] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 123.020696][ T7370] netlink: 4 bytes leftover after parsing attributes in process `syz.2.391'. [ 123.021752][ T7047] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.049290][ T7047] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.059975][ T7047] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.069967][ T7047] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.101683][ T7370] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.168083][ T7370] bridge_slave_1 (unregistering): left allmulticast mode [ 123.179600][ T7370] bridge_slave_1 (unregistering): left promiscuous mode [ 123.208319][ T7370] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.463137][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.483781][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.521931][ T6871] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 123.546112][ T6871] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 123.546675][ T7387] bond0: option miimon: invalid value (18446744073072017407) [ 123.567105][ T7387] bond0: option miimon: allowed values 0 - 2147483647 [ 123.733222][ T7047] ------------[ cut here ]------------ [ 123.739234][ T7047] refcount_t: underflow; use-after-free. [ 123.745864][ T7047] WARNING: CPU: 0 PID: 7047 at lib/refcount.c:28 refcount_warn_saturate+0x11a/0x1d0 [ 123.755926][ T7047] Modules linked in: [ 123.762286][ T7047] CPU: 0 UID: 0 PID: 7047 Comm: syz-executor Not tainted 6.15.0-rc7-syzkaller-01658-gea15e046263b #0 PREEMPT(full) [ 123.776119][ T7047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 123.786840][ T7047] RIP: 0010:refcount_warn_saturate+0x11a/0x1d0 [ 123.793025][ T7047] Code: 80 aa c1 8b e8 e7 5e cb fc 90 0f 0b 90 90 eb d7 e8 4b 02 07 fd c6 05 f6 b5 b0 0a 01 90 48 c7 c7 e0 aa c1 8b e8 c7 5e cb fc 90 <0f> 0b 90 90 eb b7 e8 2b 02 07 fd c6 05 d3 b5 b0 0a 01 90 48 c7 c7 [ 123.813052][ T7047] RSP: 0018:ffffc9000408f7d8 EFLAGS: 00010246 [ 123.820128][ T7047] RAX: 0673a7cf57f33700 RBX: 0000000000000003 RCX: ffff8880313f0000 [ 123.828740][ T7047] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 123.838405][ T7047] RBP: 0000000000000000 R08: ffffc9000408f4c7 R09: 1ffff92000811e98 [ 123.846481][ T7047] R10: dffffc0000000000 R11: fffff52000811e99 R12: ffff888032d4c400 [ 123.854478][ T7047] R13: ffff88805dff6060 R14: ffff88805dff6078 R15: dffffc0000000000 [ 123.863347][ T7047] FS: 0000000000000000(0000) GS:ffff8881260b2000(0000) knlGS:0000000000000000 [ 123.873228][ T7047] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 123.879955][ T7047] CR2: 0000555564d5d5c8 CR3: 00000000325aa000 CR4: 00000000003526f0 [ 123.888065][ T7047] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 123.896196][ T7047] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 123.904283][ T7047] Call Trace: [ 123.907766][ T7047] [ 123.910725][ T7047] klist_dec_and_del+0x3c7/0x3d0 [ 123.915779][ T7047] klist_remove+0x1bd/0x340 [ 123.920307][ T7047] ? __pfx_klist_children_put+0x10/0x10 [ 123.926341][ T7047] ? __pfx_klist_remove+0x10/0x10 [ 123.931403][ T7047] ? __pfx_kobject_move+0x10/0x10 [ 123.936545][ T7047] ? get_device_parent+0x366/0x3a0 [ 123.941691][ T7047] device_move+0x193/0x700 [ 123.946209][ T7047] hci_conn_del_sysfs+0xb8/0x170 [ 123.951177][ T7047] hci_conn_del+0x8ff/0xcb0 [ 123.955769][ T7047] hci_conn_hash_flush+0x191/0x230 [ 123.960914][ T7047] hci_dev_close_sync+0xaef/0x1330 [ 123.967191][ T7047] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 123.972774][ T7047] ? up_write+0x1c4/0x420 [ 123.978047][ T7047] hci_unregister_dev+0x206/0x500 [ 123.983112][ T7047] vhci_release+0x80/0xd0 [ 123.987521][ T7047] ? __pfx_vhci_release+0x10/0x10 [ 123.992996][ T7047] __fput+0x44c/0xa70 [ 123.998026][ T7047] task_work_run+0x1d1/0x260 [ 124.002646][ T7047] ? __pfx_task_work_run+0x10/0x10 [ 124.007836][ T7047] ? kmem_cache_free+0x192/0x3f0 [ 124.012790][ T7047] do_exit+0x8d6/0x2550 [ 124.017002][ T7047] ? __pfx_do_exit+0x10/0x10 [ 124.021625][ T7047] ? _raw_spin_unlock_irq+0x23/0x50 [ 124.026893][ T7047] ? lockdep_hardirqs_on+0x9c/0x150 [ 124.032112][ T7047] do_group_exit+0x21c/0x2d0 [ 124.036757][ T7047] __x64_sys_exit_group+0x3f/0x40 [ 124.041789][ T7047] x64_sys_call+0x21ba/0x21c0 [ 124.046707][ T7047] do_syscall_64+0xf6/0x210 [ 124.051245][ T7047] ? clear_bhb_loop+0x60/0xb0 [ 124.056091][ T7047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.062001][ T7047] RIP: 0033:0x7fed2658e969 [ 124.067375][ T7047] Code: Unable to access opcode bytes at 0x7fed2658e93f. [ 124.074408][ T7047] RSP: 002b:00007fff40738f88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 124.083760][ T7047] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fed2658e969 [ 124.091831][ T7047] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 124.099858][ T7047] RBP: 00007fed265ee8f0 R08: 00007fff40736d27 R09: 0000000000000003 [ 124.107975][ T7047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 124.115994][ T7047] R13: 0000000000000003 R14: 00000000ffffffff R15: 00007fff40739140 [ 124.124007][ T7047] [ 124.128435][ T7047] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 124.135726][ T7047] CPU: 0 UID: 0 PID: 7047 Comm: syz-executor Not tainted 6.15.0-rc7-syzkaller-01658-gea15e046263b #0 PREEMPT(full) [ 124.147876][ T7047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 124.157938][ T7047] Call Trace: [ 124.161216][ T7047] [ 124.164139][ T7047] dump_stack_lvl+0x99/0x250 [ 124.168737][ T7047] ? __asan_memcpy+0x40/0x70 [ 124.173323][ T7047] ? __pfx_dump_stack_lvl+0x10/0x10 [ 124.178531][ T7047] ? __pfx__printk+0x10/0x10 [ 124.183134][ T7047] panic+0x2db/0x790 [ 124.187039][ T7047] ? __pfx_panic+0x10/0x10 [ 124.191470][ T7047] __warn+0x31b/0x4b0 [ 124.195449][ T7047] ? refcount_warn_saturate+0x11a/0x1d0 [ 124.200991][ T7047] ? refcount_warn_saturate+0x11a/0x1d0 [ 124.206533][ T7047] report_bug+0x2be/0x4f0 [ 124.210864][ T7047] ? refcount_warn_saturate+0x11a/0x1d0 [ 124.216404][ T7047] ? refcount_warn_saturate+0x11a/0x1d0 [ 124.221948][ T7047] ? refcount_warn_saturate+0x11c/0x1d0 [ 124.227485][ T7047] handle_bug+0x84/0x160 [ 124.231721][ T7047] exc_invalid_op+0x1a/0x50 [ 124.236215][ T7047] asm_exc_invalid_op+0x1a/0x20 [ 124.241054][ T7047] RIP: 0010:refcount_warn_saturate+0x11a/0x1d0 [ 124.247199][ T7047] Code: 80 aa c1 8b e8 e7 5e cb fc 90 0f 0b 90 90 eb d7 e8 4b 02 07 fd c6 05 f6 b5 b0 0a 01 90 48 c7 c7 e0 aa c1 8b e8 c7 5e cb fc 90 <0f> 0b 90 90 eb b7 e8 2b 02 07 fd c6 05 d3 b5 b0 0a 01 90 48 c7 c7 [ 124.266796][ T7047] RSP: 0018:ffffc9000408f7d8 EFLAGS: 00010246 [ 124.272855][ T7047] RAX: 0673a7cf57f33700 RBX: 0000000000000003 RCX: ffff8880313f0000 [ 124.280826][ T7047] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 124.288790][ T7047] RBP: 0000000000000000 R08: ffffc9000408f4c7 R09: 1ffff92000811e98 [ 124.296753][ T7047] R10: dffffc0000000000 R11: fffff52000811e99 R12: ffff888032d4c400 [ 124.304745][ T7047] R13: ffff88805dff6060 R14: ffff88805dff6078 R15: dffffc0000000000 [ 124.312722][ T7047] ? refcount_warn_saturate+0x119/0x1d0 [ 124.318265][ T7047] klist_dec_and_del+0x3c7/0x3d0 [ 124.323201][ T7047] klist_remove+0x1bd/0x340 [ 124.327741][ T7047] ? __pfx_klist_children_put+0x10/0x10 [ 124.333281][ T7047] ? __pfx_klist_remove+0x10/0x10 [ 124.338316][ T7047] ? __pfx_kobject_move+0x10/0x10 [ 124.343333][ T7047] ? get_device_parent+0x366/0x3a0 [ 124.348439][ T7047] device_move+0x193/0x700 [ 124.352853][ T7047] hci_conn_del_sysfs+0xb8/0x170 [ 124.357788][ T7047] hci_conn_del+0x8ff/0xcb0 [ 124.362375][ T7047] hci_conn_hash_flush+0x191/0x230 [ 124.367483][ T7047] hci_dev_close_sync+0xaef/0x1330 [ 124.372600][ T7047] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 124.378148][ T7047] ? up_write+0x1c4/0x420 [ 124.382561][ T7047] hci_unregister_dev+0x206/0x500 [ 124.387581][ T7047] vhci_release+0x80/0xd0 [ 124.391903][ T7047] ? __pfx_vhci_release+0x10/0x10 [ 124.396946][ T7047] __fput+0x44c/0xa70 [ 124.400931][ T7047] task_work_run+0x1d1/0x260 [ 124.405516][ T7047] ? __pfx_task_work_run+0x10/0x10 [ 124.410621][ T7047] ? kmem_cache_free+0x192/0x3f0 [ 124.415556][ T7047] do_exit+0x8d6/0x2550 [ 124.419726][ T7047] ? __pfx_do_exit+0x10/0x10 [ 124.424323][ T7047] ? _raw_spin_unlock_irq+0x23/0x50 [ 124.429513][ T7047] ? lockdep_hardirqs_on+0x9c/0x150 [ 124.434707][ T7047] do_group_exit+0x21c/0x2d0 [ 124.439295][ T7047] __x64_sys_exit_group+0x3f/0x40 [ 124.444312][ T7047] x64_sys_call+0x21ba/0x21c0 [ 124.448980][ T7047] do_syscall_64+0xf6/0x210 [ 124.453474][ T7047] ? clear_bhb_loop+0x60/0xb0 [ 124.458142][ T7047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.464021][ T7047] RIP: 0033:0x7fed2658e969 [ 124.468427][ T7047] Code: Unable to access opcode bytes at 0x7fed2658e93f. [ 124.475430][ T7047] RSP: 002b:00007fff40738f88 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 124.483846][ T7047] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fed2658e969 [ 124.491823][ T7047] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 124.499877][ T7047] RBP: 00007fed265ee8f0 R08: 00007fff40736d27 R09: 0000000000000003 [ 124.508033][ T7047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 124.516010][ T7047] R13: 0000000000000003 R14: 00000000ffffffff R15: 00007fff40739140 [ 124.523997][ T7047] [ 124.527250][ T7047] Kernel Offset: disabled [ 124.531582][ T7047] Rebooting in 86400 seconds..