last executing test programs: 1m50.827617583s ago: executing program 4 (id=2802): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd66a7400000000003be6026e60205f761ce85cdf75cdb95ca5d32b5bf87eed4184d49f8f48181ef2419efe82ebb18ee55772d562b3b49551714e805a5211a3f4e8e703c03e23b2074bc573dbb66d59e269b722637c4a2efb5241cae2f14774609ad91d66724c438455dc4fcf0b4c8fc235f6c190b4c82bb2556d1fbcd4468369e98e989986dcbc900c743162ce2c7e60610acf0c8e4ba94a7e7127c7de0e6c35acecee1b8434fdca4579f9ebc6a515f7d910b466eb583fb0a7e65fbecb2b8ee0e9da33afb88aa5da8da3a5e0e58fcb48de6f165826b046a8951a47e040bd419d0efa0f54e8e3694085a7bde6f6494968d820"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', 0x0}) setsockopt$sock_int(r1, 0x1, 0x2b, &(0x7f0000000040)=0x2, 0x4) sendto$packet(r1, 0x0, 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) setsockopt$sock_int(r3, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4) setsockopt$sock_attach_bpf(r3, 0x1, 0x34, &(0x7f0000000040)=r0, 0x4) setsockopt$sock_attach_bpf(r3, 0x1, 0x44, &(0x7f00000000c0), 0x4) 1m33.288402783s ago: executing program 3 (id=2664): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff3, 0xffff}}}, 0x24}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1m32.130198002s ago: executing program 4 (id=2802): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd66a7400000000003be6026e60205f761ce85cdf75cdb95ca5d32b5bf87eed4184d49f8f48181ef2419efe82ebb18ee55772d562b3b49551714e805a5211a3f4e8e703c03e23b2074bc573dbb66d59e269b722637c4a2efb5241cae2f14774609ad91d66724c438455dc4fcf0b4c8fc235f6c190b4c82bb2556d1fbcd4468369e98e989986dcbc900c743162ce2c7e60610acf0c8e4ba94a7e7127c7de0e6c35acecee1b8434fdca4579f9ebc6a515f7d910b466eb583fb0a7e65fbecb2b8ee0e9da33afb88aa5da8da3a5e0e58fcb48de6f165826b046a8951a47e040bd419d0efa0f54e8e3694085a7bde6f6494968d820"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', 0x0}) setsockopt$sock_int(r1, 0x1, 0x2b, &(0x7f0000000040)=0x2, 0x4) sendto$packet(r1, 0x0, 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) setsockopt$sock_int(r3, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4) setsockopt$sock_attach_bpf(r3, 0x1, 0x34, &(0x7f0000000040)=r0, 0x4) setsockopt$sock_attach_bpf(r3, 0x1, 0x44, &(0x7f00000000c0), 0x4) 1m11.809818799s ago: executing program 4 (id=2802): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd66a7400000000003be6026e60205f761ce85cdf75cdb95ca5d32b5bf87eed4184d49f8f48181ef2419efe82ebb18ee55772d562b3b49551714e805a5211a3f4e8e703c03e23b2074bc573dbb66d59e269b722637c4a2efb5241cae2f14774609ad91d66724c438455dc4fcf0b4c8fc235f6c190b4c82bb2556d1fbcd4468369e98e989986dcbc900c743162ce2c7e60610acf0c8e4ba94a7e7127c7de0e6c35acecee1b8434fdca4579f9ebc6a515f7d910b466eb583fb0a7e65fbecb2b8ee0e9da33afb88aa5da8da3a5e0e58fcb48de6f165826b046a8951a47e040bd419d0efa0f54e8e3694085a7bde6f6494968d820"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', 0x0}) setsockopt$sock_int(r1, 0x1, 0x2b, &(0x7f0000000040)=0x2, 0x4) sendto$packet(r1, 0x0, 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) setsockopt$sock_int(r3, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4) setsockopt$sock_attach_bpf(r3, 0x1, 0x34, &(0x7f0000000040)=r0, 0x4) setsockopt$sock_attach_bpf(r3, 0x1, 0x44, &(0x7f00000000c0), 0x4) 1m10.292633831s ago: executing program 3 (id=2664): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff3, 0xffff}}}, 0x24}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 49.977983242s ago: executing program 3 (id=2664): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff3, 0xffff}}}, 0x24}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 48.922103577s ago: executing program 4 (id=2802): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd66a7400000000003be6026e60205f761ce85cdf75cdb95ca5d32b5bf87eed4184d49f8f48181ef2419efe82ebb18ee55772d562b3b49551714e805a5211a3f4e8e703c03e23b2074bc573dbb66d59e269b722637c4a2efb5241cae2f14774609ad91d66724c438455dc4fcf0b4c8fc235f6c190b4c82bb2556d1fbcd4468369e98e989986dcbc900c743162ce2c7e60610acf0c8e4ba94a7e7127c7de0e6c35acecee1b8434fdca4579f9ebc6a515f7d910b466eb583fb0a7e65fbecb2b8ee0e9da33afb88aa5da8da3a5e0e58fcb48de6f165826b046a8951a47e040bd419d0efa0f54e8e3694085a7bde6f6494968d820"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', 0x0}) setsockopt$sock_int(r1, 0x1, 0x2b, &(0x7f0000000040)=0x2, 0x4) sendto$packet(r1, 0x0, 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) setsockopt$sock_int(r3, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4) setsockopt$sock_attach_bpf(r3, 0x1, 0x34, &(0x7f0000000040)=r0, 0x4) setsockopt$sock_attach_bpf(r3, 0x1, 0x44, &(0x7f00000000c0), 0x4) 34.022061444s ago: executing program 3 (id=2664): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff3, 0xffff}}}, 0x24}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 32.855496703s ago: executing program 4 (id=2802): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd66a7400000000003be6026e60205f761ce85cdf75cdb95ca5d32b5bf87eed4184d49f8f48181ef2419efe82ebb18ee55772d562b3b49551714e805a5211a3f4e8e703c03e23b2074bc573dbb66d59e269b722637c4a2efb5241cae2f14774609ad91d66724c438455dc4fcf0b4c8fc235f6c190b4c82bb2556d1fbcd4468369e98e989986dcbc900c743162ce2c7e60610acf0c8e4ba94a7e7127c7de0e6c35acecee1b8434fdca4579f9ebc6a515f7d910b466eb583fb0a7e65fbecb2b8ee0e9da33afb88aa5da8da3a5e0e58fcb48de6f165826b046a8951a47e040bd419d0efa0f54e8e3694085a7bde6f6494968d820"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', 0x0}) setsockopt$sock_int(r1, 0x1, 0x2b, &(0x7f0000000040)=0x2, 0x4) sendto$packet(r1, 0x0, 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) setsockopt$sock_int(r3, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4) setsockopt$sock_attach_bpf(r3, 0x1, 0x34, &(0x7f0000000040)=r0, 0x4) setsockopt$sock_attach_bpf(r3, 0x1, 0x44, &(0x7f00000000c0), 0x4) 18.964164519s ago: executing program 3 (id=2664): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff3, 0xffff}}}, 0x24}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 5.82988591s ago: executing program 1 (id=4121): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r1, 0x11b, 0x6, &(0x7f0000000000)=0x40000000, 0x4) ioctl$sock_inet_SIOCSIFNETMASK(r1, 0x891c, 0x0) sendmsg$xdp(r1, &(0x7f0000000380)={&(0x7f0000000180)={0x2c, 0x3, 0x0, 0x3e}, 0x10, &(0x7f0000000800)=[{&(0x7f00000001c0)}, {&(0x7f0000000200)="17cec3c0c6da3472ee5701271a750313bc66", 0x12}, {&(0x7f0000000400)}, {&(0x7f0000000500)="7feeaf8962c97d03ea75fb0a510f948732040dc6dfa2da59ddaeff71994277b5f872e5256c4c8b49139c7af210c5db83f52d8b36c49bb41f60c82dd4dc78ae1248c4e51ca69f323061817445ddc5baa4c0139f4cdbb56eb616dad8057d46dab4f29a8465dbb66ae5d011e910ea25dbfafeca0e2f8dade2b85aff3f95f2113d5615a7cfdfd194adbe42047d58027091caffc0598471127aea0ff78f6afdc38f0627a732b7a376174c3cdf32f6575d16b261", 0xb1}, {&(0x7f00000005c0)="6e6013b5c108f9d3bc22c987ee038edfd7edb6316ab6d69b7b5f11f4fbfae50540a024c3e1c3c174f8d0a1dc531a5069f069a0cd35948f55ebb300d2d68a3d9524c914fcc594a6c3b35a2d3f5a92f288f372b851898ee103e3e6aee1e593ea9dbfec105979634133028c690ca6368a7a1d", 0x71}, {&(0x7f0000000640)="84d50eb96e38467581376e10020db379ed7a834da9bf5f3615070d36db14877ba4fb6dbcf86a1a75148df208479b12db9a6fd2091bd72a902f", 0x39}], 0x6, 0x0, 0x0, 0x200008c0}, 0x24004000) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b006f0900000000000000eaff7f00cdb8e3a37b", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1f, 0x14, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000fcffffff0000000006000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000003000000850000000600000018110006d6c44f117c54061491913d940905a52c34e74cfce67bf312b4c8dee59ff136ba4a006b2f", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000040000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000006d0000009500000000000000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x11}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r4 = socket$igmp(0x2, 0x3, 0x2) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x14, 0x4, 0x4, 0x1}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x18, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000003700000000000000a6a000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x90) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r5, &(0x7f0000000040), 0x0}, 0x20) setsockopt$ARPT_SO_SET_REPLACE(r4, 0x0, 0x60, &(0x7f0000000940)={'filter\x00', 0x7, 0x4, 0x3c8, 0x2e0, 0x0, 0x1f8, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@arp={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, 0x0, 0xff, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'netdevsim0\x00', 'veth1_to_hsr\x00'}, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28}}, {{@arp={@dev={0xac, 0x14, 0x14, 0x24}, @rand_addr, 0xffffffff, 0x0, 0x0, 0x0, {@empty, {[0x0, 0x0, 0x0, 0xff]}}, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'macsec0\x00', 'veth0_virt_wifi\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @empty, @local, @broadcast}}}, {{@arp={@local, @private=0xa010100, 0x0, 0x0, 0x0, 0x0, {@mac=@random, {[0x0, 0x0, 0xff]}}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'bridge0\x00', 'geneve1\x00'}, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x418) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="58010000100001000000000000000000fe8000000000000000000000000000aa00000000000000000000ffffe000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000003200000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000af000800000000001c001700000000000000000000000000fdffffff00000000000000004c001400636d616328616573290000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010c00100004f5408bb3ec61fd7cc58c59f9187cac0e00559ce1eaf75831407b3419cf8dce76a6e495f81b21c26079a5911143b37c1a19a3162861da11507bded5429c3"], 0x158}}, 0x0) 4.382440788s ago: executing program 1 (id=4129): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r1) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) accept4$rose(r4, 0x0, 0x0, 0x80000) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={0x28, r2, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x73}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_USER_PORT_KEY={0x6}]}}}, @IFLA_MASTER={0x8, 0x3}]}, 0x9b}}, 0x0) r7 = socket$netlink(0x10, 0x3, 0x6) sendmmsg$inet6(r0, &(0x7f0000000880)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, 0x0}}, {{&(0x7f00000001c0)={0xa, 0x4e20, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x1}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYRESHEX=r6, @ANYRESHEX=r6], 0x18}}], 0x2, 0x4001) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r7, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000500)={0x25c, r2, 0x8, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x7ff, 0x72}}}}, [@NL80211_ATTR_TX_RATES={0x104, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x60, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HT={0x20, 0x2, [{0x4, 0x9}, {0x1}, {0x5, 0x2}, {0x0, 0x2}, {0x3, 0x8}, {0x1, 0x1}, {0x0, 0x5}, {0x4, 0x7}, {0x6, 0x2}, {0x2, 0x9}, {0x6}, {0x2, 0x1}, {0x6, 0x2}, {0x6, 0x8}, {0x5, 0x6}, {0x4, 0xa}, {0x7}, {0x1, 0x6}, {0x2, 0x8}, {0x1, 0x3}, {0x0, 0x2}, {0x1, 0x4}, {0x5, 0x4}, {0x5, 0x1}, {0x3, 0x7}, {0x6}, {0x1, 0x3}, {0x2, 0x3}]}, @NL80211_TXRATE_LEGACY={0x7, 0x1, [0x5, 0x1b, 0xc]}, @NL80211_TXRATE_LEGACY={0x8, 0x1, [0x36, 0x16, 0x12, 0x5]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4bb5, 0x2, 0x27, 0x6, 0x6b, 0x9, 0x9, 0x3]}}]}, @NL80211_BAND_2GHZ={0x18, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0xf, 0xfeff, 0x5, 0x100, 0x9, 0x4, 0x2]}}]}, @NL80211_BAND_5GHZ={0x88, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x2, 0x3, 0xc, 0x8, 0xf935, 0x3, 0x2]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_LEGACY={0x24, 0x1, [0xb, 0x60, 0x6c, 0x60, 0x16, 0x5, 0x16, 0xc, 0x16, 0x3, 0x24, 0x16, 0x30, 0xc, 0x36, 0x2, 0x6c, 0x1, 0x60, 0x12, 0x1, 0x36, 0x4, 0x60, 0x18, 0x9, 0x24, 0x36, 0x6c, 0x9, 0x24, 0x5]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x7ff, 0x1, 0x726, 0x222e, 0xa, 0x401, 0x1]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x2, 0x9, 0x5, 0x8, 0x45, 0x3, 0x5, 0x401]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x0, 0x5, 0x3, 0x6b8f, 0x6, 0x8, 0x5]}}, @NL80211_TXRATE_LEGACY={0x8, 0x1, [0x9, 0x36, 0x18, 0x1b]}]}]}, @NL80211_ATTR_TX_RATES={0x74, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x70, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0xc, 0x50, 0x7, 0x3ff, 0x4, 0x5, 0x3, 0xc]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xffff, 0x1, 0x1, 0x79, 0x9, 0x6, 0x1, 0x6]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x8001, 0x6, 0x2, 0x9b56, 0x8, 0x4, 0x1]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x400, 0x6, 0x32, 0x0, 0x5, 0x5, 0xc]}}, @NL80211_TXRATE_HT={0x11, 0x2, [{0x1, 0x8}, {0x0, 0x9}, {0x7, 0x6}, {0x1, 0x7}, {0x1, 0x7}, {}, {0x3, 0x6}, {0x6, 0x4}, {0x4, 0x8}, {0x5, 0x4}, {0x1, 0x5}, {0x0, 0x1}, {0x5, 0x1}]}]}]}, @NL80211_ATTR_TX_RATES={0xc4, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x48, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x2bd2, 0x3, 0x80, 0x1, 0x5, 0x9, 0x2, 0x7]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_6GHZ={0x34, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HT={0x8, 0x2, [{0x2, 0x5}, {0x4, 0x4}, {0x0, 0x7}, {0x1, 0x2}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_5GHZ={0x44, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x3, 0x5, 0x900, 0x3, 0x3, 0x1, 0x0, 0x5834]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x3, 0x1, 0xbfd, 0x2, 0xffff, 0x4, 0x6, 0x8]}}]}]}]}, 0x25c}}, 0x4000) r8 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r8, &(0x7f0000000140), 0x4924b68, 0x0) sendmsg$alg(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000200)="1f9f3cdbb3f746f0ea5501f61590c991", 0x10}, {&(0x7f00000002c0)="be0ea2e3d180", 0x6}, {&(0x7f0000000300)="369d9d75a4560d15f8bb6342468b29aec426f2c787234571e1", 0x19}, {&(0x7f0000000340)="3db387cce3aa81d32a2d902b23ef0ebefc8004315007d78ee9a08a7cf626af1303c4", 0x22}], 0x4, &(0x7f0000000780)=[@op={0x18}, @op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x8000}, @assoc={0x18, 0x117, 0x4, 0x27ba}, @op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x1ff}, @assoc={0x18, 0x117, 0x4, 0x5}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18, 0x117, 0x3, 0x1}], 0xd8, 0x8000}, 0x800) 4.230381259s ago: executing program 0 (id=4130): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xf, 0x4, 0x4, 0x7}, 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001fc0)={r1, &(0x7f0000001e80), 0x0}, 0x20) recvmmsg(r0, &(0x7f0000004ec0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)=""/4077, 0xfed}], 0x1}, 0x9}], 0x1, 0x2000, 0x0) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="180100002e00010000000000fcdbdf2507"], 0x118}], 0x1, 0x0, 0x0, 0x48085}, 0x0) 4.198218404s ago: executing program 2 (id=4131): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newsa={0x160, 0x1a, 0x713, 0x70bd28, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0xfffd, 0x8, 0x0, 0x2, 0x2, 0x0, 0x0, 0x3a, 0x0, 0xee00}, {@in=@multicast2, 0x4d5, 0x32}, @in=@initdev={0xac, 0x1e, 0x2, 0x0}, {0x2, 0x0, 0x0, 0x2, 0xffffffffffffffff, 0x1c00000000000}, {0x11df, 0xfffffffffffffffd, 0x0, 0xffffffffffffffff}, {0x9, 0x4}, 0x70bd25, 0x0, 0xa, 0x1}, [@algo_aead={0x70, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x120, 0x60, "00000000000000000000a1c31b3718243e97a18e6085921a4cf3f6e2bca135414f6bec0c"}}]}, 0x160}, 0x1, 0x0, 0x0, 0x40000}, 0x200000000000000) 4.098918481s ago: executing program 1 (id=4132): r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000040), 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) accept(r2, 0x0, 0x0) sendmsg$NFNL_MSG_COMPAT_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001bc0)=ANY=[@ANYBLOB="38000000000b01010000000000000000020032050a000100292e23782e00000008000340000000000c0002"], 0x38}}, 0x40001) 4.050450036s ago: executing program 2 (id=4133): r0 = socket$netlink(0x10, 0x3, 0x4) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) writev(r0, &(0x7f0000000100)=[{}, {&(0x7f0000000080)="255368352cc971035b1eac1ee16d8649ba9cb1f0155e3c6b739897b24e5566c122", 0x21}], 0x2) 4.019737921s ago: executing program 0 (id=4134): socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'lo\x00'}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010024bd7000e8dbdf252100000008000300", @ANYRES32=r6, @ANYBLOB="08009e00"], 0x24}, 0x1, 0x0, 0x0, 0x4014001}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="e5ffffff000000007111bf00000000008510000002000000850006000000000095000810000000009541f0366e402759"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) 4.018530592s ago: executing program 3 (id=2664): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff3, 0xffff}}}, 0x24}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.404723263s ago: executing program 0 (id=4135): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r0, 0x800448d4, &(0x7f0000000200)={0x4, 0x1, "fc0900", 0x71, 0xfe}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x48, 0x10, 0x1, 0x70bd2f, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x102}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_SPOOFCHK={0xc, 0x4, {0x9, 0x2}}]}]}]}, 0x48}}, 0x24040800) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e23, @private=0xa010101}, 0x10) 2.404274564s ago: executing program 1 (id=4136): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="b4050000000000006110780000000000630123000000000095000000000000008f6a138c9e4eb32e71d7754e127d8d87525e8d57dc3c002fa721249c4cdfd87788947190b59b5af99eaaecbf2ba57aa6ffd750ffd3bef751c89264a6a9ec3b188b69dc1b6a12211cbf01e697342cf987ca2161e2a58904"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x48) (async) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) (async) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}, 0x0, 0x6e6bb2}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0) (async) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001100)=@migrate={0xcc, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x50, 0x11, [{@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in6=@private2, @in=@rand_addr=0x64010102, @in6=@private2, 0x3c, 0x0, 0x0, 0x0, 0x8, 0x2}]}, @user_kmaddress={0x2c, 0x13, {@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x0, 0xa}}]}, 0xcc}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000014c0)=@newsa={0x138, 0x10, 0x1, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@broadcast}, {@in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x32}, @in=@loopback, {0x0, 0x0, 0x1000000000000000, 0x0, 0x0, 0x0, 0x0, 0x40000000}, {}, {0x0, 0xfffffffc}, 0x0, 0x0, 0x2, 0x0, 0x1}, [@algo_crypt={0x48, 0x2, {{'cbc(aes)\x00'}}}]}, 0x138}}, 0x0) (async, rerun: 32) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="6daa00000006000000000000000000009500000000000000"], &(0x7f0000000480)='syzkaller\x00'}, 0x80) (rerun: 32) 2.403134395s ago: executing program 2 (id=4137): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmmsg(r1, &(0x7f00000007c0)=[{{&(0x7f0000000380)=@in={0x2, 0x4e24, @local}, 0x80, 0x0}}], 0x1, 0x2c000011) setsockopt$inet_tcp_int(r1, 0x6, 0x9, &(0x7f0000000080)=0x7c6, 0x4) sendmsg$nl_xfrm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@updsa={0x180, 0x10, 0x1, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa, 0x20, 0x0, 0x5c}, {@in6=@loopback, 0x0, 0x33}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, {0x0, 0xffffffffffffffff, 0x5}, {0x0, 0xfffffffffffffffd, 0x1900000000000000}, {}, 0x0, 0x0, 0xa, 0x4, 0x80}, [@algo_auth_trunc={0x8d, 0x14, {{'sm3\x00'}, 0x208, 0x0, "a8841ff973ad4a7ffa45a84ae2540cfadba6d51b9b26bae4ce7c99365983d06d1ccd6bb6054247be71e404b434ebca103d267b7b4d5886028daf42a66adf39ff27"}}]}, 0x180}, 0x1, 0x0, 0x0, 0x20004001}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x105}]}], {0x14}}, 0x64}}, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f00000000c0)=0xeed8e09ecfe7acd0) 2.402948183s ago: executing program 4 (id=2802): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd66a7400000000003be6026e60205f761ce85cdf75cdb95ca5d32b5bf87eed4184d49f8f48181ef2419efe82ebb18ee55772d562b3b49551714e805a5211a3f4e8e703c03e23b2074bc573dbb66d59e269b722637c4a2efb5241cae2f14774609ad91d66724c438455dc4fcf0b4c8fc235f6c190b4c82bb2556d1fbcd4468369e98e989986dcbc900c743162ce2c7e60610acf0c8e4ba94a7e7127c7de0e6c35acecee1b8434fdca4579f9ebc6a515f7d910b466eb583fb0a7e65fbecb2b8ee0e9da33afb88aa5da8da3a5e0e58fcb48de6f165826b046a8951a47e040bd419d0efa0f54e8e3694085a7bde6f6494968d820"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', 0x0}) setsockopt$sock_int(r1, 0x1, 0x2b, &(0x7f0000000040)=0x2, 0x4) sendto$packet(r1, 0x0, 0x0, 0x0, &(0x7f0000000540)={0xc9, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) setsockopt$sock_int(r3, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4) setsockopt$sock_attach_bpf(r3, 0x1, 0x34, &(0x7f0000000040)=r0, 0x4) setsockopt$sock_attach_bpf(r3, 0x1, 0x44, &(0x7f00000000c0), 0x4) 1.161667918s ago: executing program 0 (id=4138): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)={0x90, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x51, 0xe, {{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0xc00}}, 0x0, @random=0x8, 0x1, @val, @void, @val={0x3, 0x1, 0x84}, @void, @void, @void, @void, @void, @void, @val={0x2d, 0x1a, {0x2, 0x0, 0x7, 0x0, {0x6, 0x2, 0x0, 0xbc}, 0x400, 0x3, 0x9}}, @val={0x72, 0x6}, @void, @void}}, @NL80211_ATTR_FTM_RESPONDER={0x8, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x90}, 0x1, 0x0, 0x0, 0x4800}, 0x0) 1.161359844s ago: executing program 1 (id=4139): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10) r1 = socket(0x1d, 0x2, 0x6) r2 = epoll_create(0x9660) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100)) (async) close(r1) (async) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=@mpls_getroute={0x24, 0x1a, 0x9e8a232eead7ae69, 0x0, 0x0, {0x1c, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x4}, [@RTA_TTL_PROPAGATE={0x5, 0x1a, 0x9}]}, 0x24}}, 0x10) (async) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0) (async) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@gettaction={0x28, 0x32, 0x6dd711a25f4cb68b, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}]}]}, 0x28}}, 0x0) (async) syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), r4) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r5, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)={0x1c, r6, 0x1, 0x26000, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}}, 0x1c}}, 0x40000) (async) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x28, r3, 0x300, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r7}, @val={0xc, 0x99, {0xc, 0x19}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x2000c050}, 0x0) (async) sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x44804010}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, r3, 0x400, 0x70bd27, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x2, 0x38}}}}, ["", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x8018}, 0x44813) 1.159363643s ago: executing program 2 (id=4140): bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1f, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18010000000000000000000000000000850000002e00000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a320000000098000000060a010400000000000000000100000008000b400000000070000480340001800b00010065787468647200002400028008000140000000874b51adb52c1b51612d0c080003400000000008000440000000220500020094000000380001800c0001006269747769736500280002800800034000000002080001400000001408000240000000120400058008000480040001000900010073797a30000000001487230c29b700000011"], 0x10c}}, 0x0) r2 = socket$inet6(0xa, 0x80000, 0x220) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0xe0000000}}, 0x1c) r3 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0) r4 = socket$igmp(0x2, 0x3, 0x2) sendmmsg$inet(r4, &(0x7f0000000380)=[{{&(0x7f0000000180)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private=0xa010101, @rand_addr=0x64010101}}}], 0x20}}, {{&(0x7f0000000300)={0x2, 0x4e22, @empty}, 0x10, 0x0, 0x0, &(0x7f00000004c0)}}], 0x2, 0x40000c4) mkdirat$cgroup(r0, &(0x7f0000000180)='syz1\x00', 0x1ff) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r5 = socket$unix(0x1, 0x2, 0x0) bind$unix(r5, &(0x7f0000000100)=@abs={0x1}, 0x6e) bind$unix(r5, &(0x7f0000000840)=@file={0x1, './file0\x00'}, 0x6e) socket$inet_sctp(0x2, 0x1, 0x84) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001480)={&(0x7f0000000980)=@newtaction={0x60, 0x30, 0x36eac49ec043b62f, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x20000009}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}}, 0x0) sendfile(r3, r3, 0x0, 0x9) 195.411378ms ago: executing program 2 (id=4141): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRES64=r0], 0x58}}, 0x10) 134.07339ms ago: executing program 1 (id=4142): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000400000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0xc0c4}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d80)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_DELSETELEM={0x20, 0xe, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}, 0x1, 0x0, 0x0, 0x8080}, 0x20000800) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r2, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000280)={0x44, r3, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000080)=0x14) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000001480)={@ifindex=r5, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 133.386216ms ago: executing program 0 (id=4143): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x9, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0xd}, 0x94) 49.302585ms ago: executing program 2 (id=4144): r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0x1c, 0x0, &(0x7f0000000140)) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000380)=@security={'security\x00', 0xe, 0x4, 0x3a0, 0xffffffff, 0xd0, 0xd0, 0xd0, 0xffffffff, 0xffffffff, 0x308, 0x308, 0x308, 0xffffffff, 0x4, &(0x7f0000000040), {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @multicast, 0x9, 0x7, [0x27, 0x22, 0x33, 0x32, 0x1f, 0x9, 0x23, 0x28, 0x17, 0x3d, 0x2c, 0x0, 0x1d, 0x1d, 0x7, 0x2a], 0x2, 0x1, 0x2}}}, {{@ip={@rand_addr=0x64010102, @broadcast, 0x0, 0x0, 'vxcan1\x00', 'ip6tnl0\x00', {}, {}, 0x4, 0x0, 0x36}, 0x0, 0xb8, 0x118, 0x0, {}, [@common=@icmp={{0x28}, {0x12, "f314"}}, @common=@socket0={{0x20}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, 0x5, 0x4, [0x29, 0x3c, 0x2, 0x3b, 0x3a, 0x25, 0x3d, 0x21, 0x14, 0x2b, 0x26, 0x36, 0x18, 0xb, 0x5, 0xe], 0x2, 0x1, 0x8000}}}, {{@ip={@multicast2, @broadcast, 0xff000000, 0xff000000, 'veth1_vlan\x00', 'veth1_macvtap\x00', {0xff}, {0xff}, 0x84, 0x1, 0x1}, 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x30}, {0x40, 0x110}}, @common=@socket0={{0x20}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x2, 0x0, 0x7, 0x0, 0x5], 0x5, 0x2}, {0x3, [0x5ec85c330cdbe765, 0x1, 0x2, 0x2, 0x6, 0x7], 0x1, 0x1}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x400) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$netlink(0x10, 0x3, 0x8000000004) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r3, 0x0, 0x3}, 0x18) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0xc7}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_128={{0x303}, "cfc86a00", "4617a9f6040839230fb7fead776dd8dc", "c6db0872", "a44a883fca4400"}, 0x28) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f00000000c0)={0x0, 0x9}, 0x8) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r6, &(0x7f0000002900)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb66514b1c5e45ff1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000002840)=[@rights={{0x14, 0x1, 0x1, [r5]}}, @rights={{0x14, 0x1, 0x1, [r5]}}, @rights={{0x18, 0x1, 0x1, [r5, 0xffffffffffffffff]}}], 0x48}}], 0x2, 0x0) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000180)) ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f0000000000)=@buf={0xcb, &(0x7f0000000280)="fb53a0e0623fb9be1416e848a6dd45a7f949c3dc69b7114bd50a00e0d3d673e56c7a9d6c1e7ca9c6f3c38adb525ece6389beda8302dc64d5aada16b548c23726c19b053b6e619b6004486631ea4b4afee0c5eaabc14f312d7725a885957afe6e3091f680beb4314cf5e2ba5572fd1afece29ef7abbf0936c6f2f90b220a050310d1694e08142a5ff06b20ad6a108a4fab932d5fe57f12de2f8678ff227de3ea504ea9259f20482b5b9708a79f4fa6ec069d414b5063128261ee0aca90259fdbcb9402340a5b4929a061eae"}) 0s ago: executing program 0 (id=4145): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) connect$inet6(r0, &(0x7f0000000600)={0x2, 0x4e23, 0x0, @dev}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000280)=[{&(0x7f0000000080)="580000001400add4050000000000000002117fffffff81004e230e227f000001925aa80020007b00090080007f000001e809000000ffff0100f5c71002000000ffffffffffffffffffe7ee000000000000000002000000ff", 0x58}], 0x1) kernel console output (not intermixed with test programs): tered promiscuous mode [ 457.937064][T17979] chnl_net:caif_netlink_parms(): no params data found [ 458.025528][T17941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 458.054517][T17941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 458.459869][T18091] netlink: 'syz.2.3714': attribute type 13 has an invalid length. [ 458.505740][T17941] team0: Port device team_slave_0 added [ 458.607425][T18097] IPVS: length: 157 != 24 [ 458.620048][ T7545] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 458.649720][T18091] macvtap0: refused to change device tx_queue_len [ 458.667247][T17941] team0: Port device team_slave_1 added [ 458.849067][T18108] netlink: 'syz.1.3720': attribute type 1 has an invalid length. [ 458.868220][ T7545] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 458.918849][T17941] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 458.939710][T17941] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 458.958671][T18111] x_tables: ip_tables: owner match: used from hooks PREROUTING, but only valid from OUTPUT/POSTROUTING [ 458.994061][T17941] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 459.013627][T17941] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 459.021348][T17941] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 459.059141][T17941] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 459.188562][ T5149] Bluetooth: hci3: command tx timeout [ 459.225888][T17979] bridge0: port 1(bridge_slave_0) entered blocking state [ 459.236427][T17979] bridge0: port 1(bridge_slave_0) entered disabled state [ 459.244382][T17979] bridge_slave_0: entered allmulticast mode [ 459.263150][T17979] bridge_slave_0: entered promiscuous mode [ 459.274309][T17979] bridge0: port 2(bridge_slave_1) entered blocking state [ 459.282256][T17979] bridge0: port 2(bridge_slave_1) entered disabled state [ 459.289613][T17979] bridge_slave_1: entered allmulticast mode [ 459.337146][T17979] bridge_slave_1: entered promiscuous mode [ 459.434162][ T7545] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.540864][T17941] hsr_slave_0: entered promiscuous mode [ 459.569359][T17941] hsr_slave_1: entered promiscuous mode [ 459.575908][T17941] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 459.608580][T17941] Cannot create hsr debugfs directory [ 459.772525][ T7545] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.828526][ T5149] Bluetooth: hci2: command tx timeout [ 459.965546][T17979] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 460.016548][T18152] netlink: 'syz.2.3731': attribute type 8 has an invalid length. [ 460.048522][T17979] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 460.424231][T18166] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3735'. [ 460.510821][T18166] bond6: (slave veth0_to_bond): Releasing active interface [ 460.536242][T17979] team0: Port device team_slave_0 added [ 460.601375][T17979] team0: Port device team_slave_1 added [ 460.759537][T18177] netlink: 'syz.0.3739': attribute type 21 has an invalid length. [ 460.809137][T17979] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 460.833351][T17979] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 460.867667][T17979] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 460.890736][T18183] netlink: 520 bytes leftover after parsing attributes in process `syz.2.3741'. [ 460.985245][T18185] netlink: 'syz.1.3742': attribute type 13 has an invalid length. [ 460.995593][T17979] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 461.026466][T18187] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3743'. [ 461.028237][T17979] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 461.067788][T17979] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 461.105006][T18185] macvtap0: refused to change device tx_queue_len [ 461.149411][ T7545] bridge_slave_1: left allmulticast mode [ 461.168377][ T7545] bridge_slave_1: left promiscuous mode [ 461.185401][ T7545] bridge0: port 2(bridge_slave_1) entered disabled state [ 461.228968][ T7545] bridge_slave_0: left allmulticast mode [ 461.234883][ T7545] bridge_slave_0: left promiscuous mode [ 461.256757][ T7545] bridge0: port 1(bridge_slave_0) entered disabled state [ 461.276728][ T5149] Bluetooth: hci3: command tx timeout [ 461.387941][T18202] netlink: 'syz.0.3747': attribute type 10 has an invalid length. [ 461.507623][T18204] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3749'. [ 461.909490][ T5149] Bluetooth: hci2: command tx timeout [ 461.982038][ T7545] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 461.997656][ T7545] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 462.008481][ T7545] bond0 (unregistering): Released all slaves [ 462.089980][T18202] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode [ 462.304129][T17979] hsr_slave_0: entered promiscuous mode [ 462.318950][T17979] hsr_slave_1: entered promiscuous mode [ 462.333931][T17979] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 462.344211][T17979] Cannot create hsr debugfs directory [ 462.359602][T18216] netlink: 520 bytes leftover after parsing attributes in process `syz.2.3753'. [ 462.431035][T18221] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3752'. [ 462.562494][T18227] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3754'. [ 463.046024][T18244] FAULT_INJECTION: forcing a failure. [ 463.046024][T18244] name failslab, interval 1, probability 0, space 0, times 0 [ 463.083186][T18244] CPU: 0 UID: 0 PID: 18244 Comm: syz.1.3757 Not tainted 6.16.0-rc3-syzkaller-00136-g561aa0e22b70 #0 PREEMPT(full) [ 463.083216][T18244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 463.083228][T18244] Call Trace: [ 463.083236][T18244] [ 463.083245][T18244] dump_stack_lvl+0x189/0x250 [ 463.083277][T18244] ? __pfx____ratelimit+0x10/0x10 [ 463.083303][T18244] ? __pfx_dump_stack_lvl+0x10/0x10 [ 463.083329][T18244] ? __pfx__printk+0x10/0x10 [ 463.083362][T18244] should_fail_ex+0x414/0x560 [ 463.083391][T18244] should_failslab+0xa8/0x100 [ 463.083412][T18244] kmem_cache_alloc_noprof+0x73/0x3c0 [ 463.083436][T18244] ? skb_clone+0x212/0x3a0 [ 463.083461][T18244] skb_clone+0x212/0x3a0 [ 463.083486][T18244] __netlink_deliver_tap+0x404/0x850 [ 463.083522][T18244] ? netlink_deliver_tap+0x2e/0x1b0 [ 463.083544][T18244] netlink_deliver_tap+0x19c/0x1b0 [ 463.083565][T18244] netlink_sendskb+0x68/0x140 [ 463.083585][T18244] nfnetlink_rcv+0x2290/0x2520 [ 463.083957][T18244] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 463.084007][T18244] ? ref_tracker_free+0x63a/0x7d0 [ 463.084066][T18244] ? __netlink_deliver_tap+0x807/0x850 [ 463.084093][T18244] ? netlink_deliver_tap+0x2e/0x1b0 [ 463.084111][T18244] ? netlink_deliver_tap+0x2e/0x1b0 [ 463.084134][T18244] netlink_unicast+0x75b/0x8d0 [ 463.084161][T18244] netlink_sendmsg+0x805/0xb30 [ 463.084188][T18244] ? __pfx_netlink_sendmsg+0x10/0x10 [ 463.084210][T18244] ? aa_sock_msg_perm+0x94/0x160 [ 463.084235][T18244] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 463.084257][T18244] ? __pfx_netlink_sendmsg+0x10/0x10 [ 463.084278][T18244] __sock_sendmsg+0x21c/0x270 [ 463.084308][T18244] ____sys_sendmsg+0x505/0x830 [ 463.084337][T18244] ? __pfx_____sys_sendmsg+0x10/0x10 [ 463.084370][T18244] ? import_iovec+0x74/0xa0 [ 463.084393][T18244] ___sys_sendmsg+0x21f/0x2a0 [ 463.084417][T18244] ? __pfx____sys_sendmsg+0x10/0x10 [ 463.084475][T18244] ? __fget_files+0x2a/0x420 [ 463.084494][T18244] ? __fget_files+0x3a0/0x420 [ 463.084523][T18244] __x64_sys_sendmsg+0x19b/0x260 [ 463.084545][T18244] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 463.084574][T18244] ? __pfx_ksys_write+0x10/0x10 [ 463.084587][T18244] ? rcu_is_watching+0x15/0xb0 [ 463.084617][T18244] ? do_syscall_64+0xbe/0x3b0 [ 463.084649][T18244] do_syscall_64+0xfa/0x3b0 [ 463.084664][T18244] ? lockdep_hardirqs_on+0x9c/0x150 [ 463.084689][T18244] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.084706][T18244] ? clear_bhb_loop+0x60/0xb0 [ 463.084728][T18244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.084747][T18244] RIP: 0033:0x7f5afe98e929 [ 463.084765][T18244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.084781][T18244] RSP: 002b:00007f5aff870038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 463.084802][T18244] RAX: ffffffffffffffda RBX: 00007f5afebb5fa0 RCX: 00007f5afe98e929 [ 463.084816][T18244] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 463.084828][T18244] RBP: 00007f5aff870090 R08: 0000000000000000 R09: 0000000000000000 [ 463.084839][T18244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 463.084849][T18244] R13: 0000000000000000 R14: 00007f5afebb5fa0 R15: 00007ffff3a13488 [ 463.084876][T18244] [ 463.446544][ T5149] Bluetooth: hci3: command tx timeout [ 463.855414][ T7545] hsr_slave_0: left promiscuous mode [ 463.886931][ T7545] hsr_slave_1: left promiscuous mode [ 463.929356][ T7545] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 463.987321][T18265] netlink: 'syz.0.3762': attribute type 10 has an invalid length. [ 464.005961][ T7545] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 464.125688][ T7545] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 464.155792][ T7545] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 464.367737][ T7545] veth1_macvtap: left promiscuous mode [ 464.395967][ T7545] veth0_macvtap: left promiscuous mode [ 464.412507][ T7545] veth1_vlan: left promiscuous mode [ 464.426868][ T7545] veth0_vlan: left promiscuous mode [ 464.808543][T18275] netlink: 596 bytes leftover after parsing attributes in process `syz.2.3764'. [ 465.324582][ T7545] team0 (unregistering): Port device team_slave_1 removed [ 465.397394][ T7545] team0 (unregistering): Port device team_slave_0 removed [ 466.335193][T18281] netlink: 'syz.1.3767': attribute type 3 has an invalid length. [ 466.344045][T18281] netlink: 666 bytes leftover after parsing attributes in process `syz.1.3767'. [ 466.563870][T18293] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on [ 466.598594][T18288] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3770'. [ 466.803854][T18299] Cannot find del_set index 17 as target [ 466.943816][T18306] FAULT_INJECTION: forcing a failure. [ 466.943816][T18306] name failslab, interval 1, probability 0, space 0, times 0 [ 466.963670][T18308] FAULT_INJECTION: forcing a failure. [ 466.963670][T18308] name failslab, interval 1, probability 0, space 0, times 0 [ 466.964458][T18306] CPU: 0 UID: 0 PID: 18306 Comm: syz.2.3776 Not tainted 6.16.0-rc3-syzkaller-00136-g561aa0e22b70 #0 PREEMPT(full) [ 466.964484][T18306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 466.964551][T18306] Call Trace: [ 466.964562][T18306] [ 466.964571][T18306] dump_stack_lvl+0x189/0x250 [ 466.964603][T18306] ? __pfx____ratelimit+0x10/0x10 [ 466.964629][T18306] ? __pfx_dump_stack_lvl+0x10/0x10 [ 466.964654][T18306] ? __pfx__printk+0x10/0x10 [ 466.964690][T18306] should_fail_ex+0x414/0x560 [ 466.964717][T18306] should_failslab+0xa8/0x100 [ 466.964738][T18306] __kmalloc_cache_noprof+0x70/0x3d0 [ 466.964756][T18306] ? sctp_add_bind_addr+0x8c/0x370 [ 466.964779][T18306] sctp_add_bind_addr+0x8c/0x370 [ 466.964802][T18306] sctp_copy_local_addr_list+0x30b/0x4e0 [ 466.964832][T18306] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 466.964858][T18306] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 466.964887][T18306] ? sctp_v6_is_any+0x64/0x80 [ 466.964908][T18306] ? sctp_copy_one_addr+0x93/0x360 [ 466.964930][T18306] sctp_bind_addr_copy+0xb3/0x3c0 [ 466.964949][T18306] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 466.964977][T18306] sctp_connect_new_asoc+0x2e0/0x690 [ 466.965003][T18306] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 466.965026][T18306] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 466.965048][T18306] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 466.965067][T18306] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 466.965089][T18306] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 466.965112][T18306] ? security_sctp_bind_connect+0x7e/0x2e0 [ 466.965135][T18306] sctp_sendmsg+0x155c/0x2810 [ 466.965170][T18306] ? __pfx_sctp_sendmsg+0x10/0x10 [ 466.965195][T18306] ? aa_sk_perm+0x81e/0x950 [ 466.965221][T18306] ? __pfx_aa_sk_perm+0x10/0x10 [ 466.965244][T18306] ? sock_rps_record_flow+0x19/0x410 [ 466.965271][T18306] ? inet_sendmsg+0x2f4/0x370 [ 466.965295][T18306] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 466.965320][T18306] __sock_sendmsg+0x19c/0x270 [ 466.965349][T18306] __sys_sendto+0x3bd/0x520 [ 466.965372][T18306] ? __pfx___sys_sendto+0x10/0x10 [ 466.965388][T18306] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 466.965434][T18306] ? __fget_files+0x3a0/0x420 [ 466.965466][T18306] ? ksys_write+0x22a/0x250 [ 466.965486][T18306] ? __pfx_ksys_write+0x10/0x10 [ 466.965509][T18306] ? rcu_is_watching+0x15/0xb0 [ 466.965541][T18306] __x64_sys_sendto+0xde/0x100 [ 466.965564][T18306] do_syscall_64+0xfa/0x3b0 [ 466.965580][T18306] ? lockdep_hardirqs_on+0x9c/0x150 [ 466.965605][T18306] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.965623][T18306] ? clear_bhb_loop+0x60/0xb0 [ 466.965644][T18306] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.965662][T18306] RIP: 0033:0x7fd5b418e929 [ 466.965680][T18306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 466.965696][T18306] RSP: 002b:00007fd5b5060038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 466.965715][T18306] RAX: ffffffffffffffda RBX: 00007fd5b43b5fa0 RCX: 00007fd5b418e929 [ 466.965728][T18306] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 466.965739][T18306] RBP: 00007fd5b5060090 R08: 0000200000000100 R09: 000000000000001c [ 466.965751][T18306] R10: 0000000000000014 R11: 0000000000000246 R12: 0000000000000002 [ 466.965762][T18306] R13: 0000000000000000 R14: 00007fd5b43b5fa0 R15: 00007fffc00c8a28 [ 466.965795][T18306] [ 467.235636][T18315] netlink: 'syz.2.3779': attribute type 10 has an invalid length. [ 467.238714][T18308] CPU: 1 UID: 0 PID: 18308 Comm: syz.1.3777 Not tainted 6.16.0-rc3-syzkaller-00136-g561aa0e22b70 #0 PREEMPT(full) [ 467.238742][T18308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 467.238753][T18308] Call Trace: [ 467.238760][T18308] [ 467.238768][T18308] dump_stack_lvl+0x189/0x250 [ 467.238799][T18308] ? __pfx____ratelimit+0x10/0x10 [ 467.238825][T18308] ? __pfx_dump_stack_lvl+0x10/0x10 [ 467.238856][T18308] ? __pfx__printk+0x10/0x10 [ 467.238882][T18308] ? __pfx___might_resched+0x10/0x10 [ 467.238907][T18308] ? fs_reclaim_acquire+0x7d/0x100 [ 467.238933][T18308] should_fail_ex+0x414/0x560 [ 467.238961][T18308] should_failslab+0xa8/0x100 [ 467.238983][T18308] __kmalloc_cache_noprof+0x70/0x3d0 [ 467.239001][T18308] ? genl_start+0x1c9/0x6c0 [ 467.239030][T18308] genl_start+0x1c9/0x6c0 [ 467.239052][T18308] ? netlink_lookup+0x30/0x200 [ 467.239077][T18308] __netlink_dump_start+0x469/0x7e0 [ 467.239107][T18308] genl_family_rcv_msg_dumpit+0x1e7/0x2c0 [ 467.239136][T18308] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 467.239167][T18308] ? rcu_is_watching+0x15/0xb0 [ 467.239191][T18308] ? __pfx_genl_start+0x10/0x10 [ 467.239209][T18308] ? __pfx_genl_dumpit+0x10/0x10 [ 467.239226][T18308] ? __pfx_genl_done+0x10/0x10 [ 467.239251][T18308] ? bpf_lsm_capable+0x9/0x20 [ 467.239267][T18308] ? security_capable+0x7e/0x2e0 [ 467.239295][T18308] genl_rcv_msg+0x5da/0x790 [ 467.239326][T18308] ? __pfx_genl_rcv_msg+0x10/0x10 [ 467.239346][T18308] ? ref_tracker_free+0x63a/0x7d0 [ 467.239366][T18308] ? __pfx_batadv_tt_local_dump+0x10/0x10 [ 467.239391][T18308] ? __pfx_ref_tracker_free+0x10/0x10 [ 467.239425][T18308] netlink_rcv_skb+0x208/0x470 [ 467.239446][T18308] ? __pfx_genl_rcv_msg+0x10/0x10 [ 467.239478][T18308] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 467.239534][T18308] ? down_read+0x1ad/0x2e0 [ 467.239556][T18308] genl_rcv+0x28/0x40 [ 467.239576][T18308] netlink_unicast+0x75b/0x8d0 [ 467.239607][T18308] netlink_sendmsg+0x805/0xb30 [ 467.239637][T18308] ? __pfx_netlink_sendmsg+0x10/0x10 [ 467.239661][T18308] ? aa_sock_msg_perm+0x94/0x160 [ 467.239685][T18308] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 467.239706][T18308] ? __pfx_netlink_sendmsg+0x10/0x10 [ 467.239728][T18308] __sock_sendmsg+0x21c/0x270 [ 467.239758][T18308] ____sys_sendmsg+0x505/0x830 [ 467.239784][T18308] ? __pfx_____sys_sendmsg+0x10/0x10 [ 467.239816][T18308] ? import_iovec+0x74/0xa0 [ 467.239838][T18308] ___sys_sendmsg+0x21f/0x2a0 [ 467.239862][T18308] ? __pfx____sys_sendmsg+0x10/0x10 [ 467.239923][T18308] ? __fget_files+0x2a/0x420 [ 467.239942][T18308] ? __fget_files+0x3a0/0x420 [ 467.239972][T18308] __x64_sys_sendmsg+0x19b/0x260 [ 467.239997][T18308] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 467.240029][T18308] ? __pfx_ksys_write+0x10/0x10 [ 467.240044][T18308] ? rcu_is_watching+0x15/0xb0 [ 467.240073][T18308] ? do_syscall_64+0xbe/0x3b0 [ 467.240094][T18308] do_syscall_64+0xfa/0x3b0 [ 467.240108][T18308] ? lockdep_hardirqs_on+0x9c/0x150 [ 467.240132][T18308] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 467.240149][T18308] ? clear_bhb_loop+0x60/0xb0 [ 467.240170][T18308] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 467.240187][T18308] RIP: 0033:0x7f5afe98e929 [ 467.240205][T18308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 467.240220][T18308] RSP: 002b:00007f5aff870038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 467.240239][T18308] RAX: ffffffffffffffda RBX: 00007f5afebb5fa0 RCX: 00007f5afe98e929 [ 467.240252][T18308] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 467.240264][T18308] RBP: 00007f5aff870090 R08: 0000000000000000 R09: 0000000000000000 [ 467.240275][T18308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 467.240286][T18308] R13: 0000000000000000 R14: 00007f5afebb5fa0 R15: 00007ffff3a13488 [ 467.240316][T18308] [ 467.549983][T18320] netlink: 'syz.1.3781': attribute type 10 has an invalid length. [ 467.889531][T18322] netlink: 'syz.1.3782': attribute type 11 has an invalid length. [ 467.906162][T18322] netlink: 'syz.1.3782': attribute type 11 has an invalid length. [ 467.914807][T18322] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3782'. [ 467.997163][T18325] FAULT_INJECTION: forcing a failure. [ 467.997163][T18325] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 468.036833][T18325] CPU: 1 UID: 0 PID: 18325 Comm: syz.2.3783 Not tainted 6.16.0-rc3-syzkaller-00136-g561aa0e22b70 #0 PREEMPT(full) [ 468.036856][T18325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 468.036865][T18325] Call Trace: [ 468.036872][T18325] [ 468.036879][T18325] dump_stack_lvl+0x189/0x250 [ 468.036905][T18325] ? __pfx____ratelimit+0x10/0x10 [ 468.036925][T18325] ? __pfx_dump_stack_lvl+0x10/0x10 [ 468.036944][T18325] ? __pfx__printk+0x10/0x10 [ 468.036959][T18325] ? __might_fault+0xb0/0x130 [ 468.036983][T18325] should_fail_ex+0x414/0x560 [ 468.037013][T18325] _copy_from_user+0x2d/0xb0 [ 468.037029][T18325] kstrtouint_from_user+0xc4/0x170 [ 468.037051][T18325] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 468.037151][T18325] proc_fail_nth_write+0x88/0x240 [ 468.037168][T18325] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 468.037190][T18325] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 468.037207][T18325] vfs_write+0x27e/0xa90 [ 468.037237][T18325] ? __pfx_vfs_write+0x10/0x10 [ 468.037259][T18325] ? __fget_files+0x2a/0x420 [ 468.037278][T18325] ? __fget_files+0x3a0/0x420 [ 468.037291][T18325] ? __fget_files+0x2a/0x420 [ 468.037314][T18325] ksys_write+0x145/0x250 [ 468.037329][T18325] ? __pfx_ksys_write+0x10/0x10 [ 468.037340][T18325] ? rcu_is_watching+0x15/0xb0 [ 468.037366][T18325] ? do_syscall_64+0xbe/0x3b0 [ 468.037383][T18325] do_syscall_64+0xfa/0x3b0 [ 468.037394][T18325] ? lockdep_hardirqs_on+0x9c/0x150 [ 468.037413][T18325] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.037431][T18325] ? clear_bhb_loop+0x60/0xb0 [ 468.037448][T18325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.037461][T18325] RIP: 0033:0x7fd5b418d3df [ 468.037475][T18325] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 468.037487][T18325] RSP: 002b:00007fd5b5060030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 468.037502][T18325] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd5b418d3df [ 468.037512][T18325] RDX: 0000000000000001 RSI: 00007fd5b50600a0 RDI: 0000000000000004 [ 468.037521][T18325] RBP: 00007fd5b5060090 R08: 0000000000000000 R09: 0000000000000000 [ 468.037529][T18325] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 468.037553][T18325] R13: 0000000000000000 R14: 00007fd5b43b5fa0 R15: 00007fffc00c8a28 [ 468.037578][T18325] [ 468.286971][T17979] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 468.313834][T17979] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 468.326526][T17979] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 468.340154][T18329] netlink: 'syz.1.3785': attribute type 1 has an invalid length. [ 468.373722][T17979] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 468.399569][T18331] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3786'. [ 468.456277][T18329] 8021q: adding VLAN 0 to HW filter on device bond5 [ 468.538810][T18333] 8021q: adding VLAN 0 to HW filter on device bond5 [ 468.544862][T18341] FAULT_INJECTION: forcing a failure. [ 468.544862][T18341] name failslab, interval 1, probability 0, space 0, times 0 [ 468.547794][T18333] bond5: (slave vxcan1): The slave device specified does not support setting the MAC address [ 468.572011][T18341] CPU: 0 UID: 0 PID: 18341 Comm: syz.2.3788 Not tainted 6.16.0-rc3-syzkaller-00136-g561aa0e22b70 #0 PREEMPT(full) [ 468.572053][T18341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 468.572064][T18341] Call Trace: [ 468.572079][T18341] [ 468.572093][T18341] dump_stack_lvl+0x189/0x250 [ 468.572140][T18341] ? __pfx____ratelimit+0x10/0x10 [ 468.572164][T18341] ? __pfx_dump_stack_lvl+0x10/0x10 [ 468.572186][T18341] ? __pfx__printk+0x10/0x10 [ 468.572216][T18341] should_fail_ex+0x414/0x560 [ 468.572299][T18341] should_failslab+0xa8/0x100 [ 468.572322][T18341] __kmalloc_cache_noprof+0x70/0x3d0 [ 468.572341][T18341] ? sctp_add_bind_addr+0x8c/0x370 [ 468.572365][T18341] sctp_add_bind_addr+0x8c/0x370 [ 468.572387][T18341] sctp_copy_local_addr_list+0x30b/0x4e0 [ 468.572419][T18341] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 468.572445][T18341] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 468.572472][T18341] ? sctp_v6_is_any+0x64/0x80 [ 468.572489][T18341] ? sctp_copy_one_addr+0x93/0x360 [ 468.572513][T18341] sctp_bind_addr_copy+0xb3/0x3c0 [ 468.572532][T18341] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 468.572560][T18341] sctp_connect_new_asoc+0x2e0/0x690 [ 468.572590][T18341] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 468.572612][T18341] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 468.572633][T18341] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 468.572652][T18341] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 468.572674][T18341] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 468.572698][T18341] ? security_sctp_bind_connect+0x7e/0x2e0 [ 468.572722][T18341] sctp_sendmsg+0x155c/0x2810 [ 468.572762][T18341] ? __pfx_sctp_sendmsg+0x10/0x10 [ 468.572787][T18341] ? aa_sk_perm+0x81e/0x950 [ 468.572814][T18341] ? __pfx_aa_sk_perm+0x10/0x10 [ 468.572836][T18341] ? sock_rps_record_flow+0x19/0x410 [ 468.572883][T18341] ? inet_sendmsg+0x2f4/0x370 [ 468.572906][T18341] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 468.572931][T18341] __sock_sendmsg+0x19c/0x270 [ 468.572961][T18341] __sys_sendto+0x3bd/0x520 [ 468.572982][T18341] ? __pfx___sys_sendto+0x10/0x10 [ 468.572998][T18341] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 468.573038][T18341] ? __fget_files+0x3a0/0x420 [ 468.573069][T18341] ? ksys_write+0x22a/0x250 [ 468.573088][T18341] ? __pfx_ksys_write+0x10/0x10 [ 468.573102][T18341] ? rcu_is_watching+0x15/0xb0 [ 468.573134][T18341] __x64_sys_sendto+0xde/0x100 [ 468.573157][T18341] do_syscall_64+0xfa/0x3b0 [ 468.573173][T18341] ? lockdep_hardirqs_on+0x9c/0x150 [ 468.573197][T18341] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.573215][T18341] ? clear_bhb_loop+0x60/0xb0 [ 468.573355][T18341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.573373][T18341] RIP: 0033:0x7fd5b418e929 [ 468.573430][T18341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 468.573446][T18341] RSP: 002b:00007fd5b5060038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 468.573466][T18341] RAX: ffffffffffffffda RBX: 00007fd5b43b5fa0 RCX: 00007fd5b418e929 [ 468.573480][T18341] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 468.573492][T18341] RBP: 00007fd5b5060090 R08: 0000200000000100 R09: 000000000000001c [ 468.573505][T18341] R10: 0000000000000014 R11: 0000000000000246 R12: 0000000000000002 [ 468.573516][T18341] R13: 0000000000000000 R14: 00007fd5b43b5fa0 R15: 00007fffc00c8a28 [ 468.573548][T18341] [ 468.937800][T18333] bond5: (slave vxcan1): Error -95 calling set_mac_address [ 469.051847][T18342] macvlan3: entered promiscuous mode [ 469.057602][T18342] macvlan3: entered allmulticast mode [ 469.069802][T18342] bond5: entered promiscuous mode [ 469.076047][T18342] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 469.091091][T18342] bond5: left promiscuous mode [ 469.123497][T18346] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 469.204506][T17941] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 469.241791][T17941] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 469.262789][T17941] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 469.312055][T17941] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 469.616018][T17941] 8021q: adding VLAN 0 to HW filter on device bond0 [ 469.656178][T17979] 8021q: adding VLAN 0 to HW filter on device bond0 [ 469.703790][T18379] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048) [ 469.733803][T17979] 8021q: adding VLAN 0 to HW filter on device team0 [ 469.782153][T17941] 8021q: adding VLAN 0 to HW filter on device team0 [ 469.839231][T11464] bridge0: port 1(bridge_slave_0) entered blocking state [ 469.846692][T11464] bridge0: port 1(bridge_slave_0) entered forwarding state [ 469.891129][ T3465] bridge0: port 1(bridge_slave_0) entered blocking state [ 469.898337][ T3465] bridge0: port 1(bridge_slave_0) entered forwarding state [ 469.956970][ T3465] bridge0: port 2(bridge_slave_1) entered blocking state [ 469.964416][ T3465] bridge0: port 2(bridge_slave_1) entered forwarding state [ 470.003886][ T3465] bridge0: port 2(bridge_slave_1) entered blocking state [ 470.011278][ T3465] bridge0: port 2(bridge_slave_1) entered forwarding state [ 470.183528][T18390] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3801'. [ 470.324222][T18393] vlan3: entered promiscuous mode [ 470.353207][T18393] bridge0: entered promiscuous mode [ 470.367923][T18397] xt_CT: You must specify a L4 protocol and not use inversions on it [ 470.486394][T18390] Bluetooth: MGMT ver 1.23 [ 470.548473][T18390] x_tables: unsorted entry at hook 3 [ 470.671099][T18410] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3803'. [ 470.721600][T17941] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 470.821503][ T30] audit: type=1800 audit(1751464223.398:2): pid=18415 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3803" name="memory.events" dev="tmpfs" ino=4733 res=0 errno=0 [ 470.868396][ C1] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 471.041749][T17979] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 471.200625][T17979] veth0_vlan: entered promiscuous mode [ 471.285145][T17979] veth1_vlan: entered promiscuous mode [ 471.343737][T18430] C: renamed from lo [ 471.362861][T18426] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3807'. [ 471.380885][T18430] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 471.434348][T18426] 8021q: VLANs not supported on ip6tnl0 [ 471.527857][T17979] veth0_macvtap: entered promiscuous mode [ 471.579430][T17979] veth1_macvtap: entered promiscuous mode [ 471.651935][T17979] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 471.690823][T17979] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 471.717893][T18439] netlink: 'syz.2.3811': attribute type 10 has an invalid length. [ 471.763366][T17979] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.778401][T17979] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.787273][T17979] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.803867][T17979] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 471.850236][T17941] veth0_vlan: entered promiscuous mode [ 471.945878][T17941] veth1_vlan: entered promiscuous mode [ 472.135093][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 472.176154][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 472.199007][T18456] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3817'. [ 472.217426][T18456] (unnamed net_device) (uninitialized): option use_carrier: invalid value (4) [ 472.244637][T17941] veth0_macvtap: entered promiscuous mode [ 472.305889][T17941] veth1_macvtap: entered promiscuous mode [ 472.322130][T10282] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 472.366997][T10282] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 472.390042][T17941] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 472.456124][T17941] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 472.502866][T17941] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 472.522610][T17941] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 472.535121][T17941] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 472.545324][T17941] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 472.733057][T18470] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3821'. [ 472.880304][T18473] netlink: 'syz.0.3822': attribute type 10 has an invalid length. [ 472.912082][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 472.926169][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 473.013080][T11470] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.070070][T18473] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 473.247907][T11470] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.304675][T10282] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 473.319204][T10282] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 473.374288][T11470] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.493658][T11470] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 473.809295][T11470] bridge_slave_1: left allmulticast mode [ 473.815195][T11470] bridge_slave_1: left promiscuous mode [ 473.825696][T11470] bridge0: port 2(bridge_slave_1) entered disabled state [ 473.848000][T11470] bridge_slave_0: left allmulticast mode [ 473.855106][T11470] bridge_slave_0: left promiscuous mode [ 473.867264][T11470] bridge0: port 1(bridge_slave_0) entered disabled state [ 474.051150][T18490] netlink: 'syz.1.3825': attribute type 10 has an invalid length. [ 474.330052][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 474.345804][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 474.355921][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 474.367115][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 474.386867][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 474.513155][T11470] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 474.526629][T11470] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 474.536976][T11470] bond0 (unregistering): Released all slaves [ 474.891856][T18498] FAULT_INJECTION: forcing a failure. [ 474.891856][T18498] name failslab, interval 1, probability 0, space 0, times 0 [ 474.917441][T18498] CPU: 0 UID: 0 PID: 18498 Comm: syz.1.3828 Not tainted 6.16.0-rc3-syzkaller-00136-g561aa0e22b70 #0 PREEMPT(full) [ 474.917465][T18498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 474.917475][T18498] Call Trace: [ 474.917483][T18498] [ 474.917492][T18498] dump_stack_lvl+0x189/0x250 [ 474.917528][T18498] ? __pfx____ratelimit+0x10/0x10 [ 474.917557][T18498] ? __pfx_dump_stack_lvl+0x10/0x10 [ 474.917583][T18498] ? __pfx__printk+0x10/0x10 [ 474.917618][T18498] should_fail_ex+0x414/0x560 [ 474.917650][T18498] should_failslab+0xa8/0x100 [ 474.917673][T18498] __kmalloc_cache_noprof+0x70/0x3d0 [ 474.917698][T18498] ? sctp_add_bind_addr+0x8c/0x370 [ 474.917722][T18498] sctp_add_bind_addr+0x8c/0x370 [ 474.917745][T18498] sctp_copy_local_addr_list+0x30b/0x4e0 [ 474.917777][T18498] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 474.917803][T18498] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 474.917855][T18498] ? sctp_v6_is_any+0x64/0x80 [ 474.917877][T18498] ? sctp_copy_one_addr+0x93/0x360 [ 474.917899][T18498] sctp_bind_addr_copy+0xb3/0x3c0 [ 474.917918][T18498] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 474.917948][T18498] sctp_connect_new_asoc+0x2e0/0x690 [ 474.917974][T18498] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 474.917997][T18498] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 474.918019][T18498] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 474.918039][T18498] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 474.918061][T18498] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 474.918085][T18498] ? security_sctp_bind_connect+0x7e/0x2e0 [ 474.918108][T18498] sctp_sendmsg+0x155c/0x2810 [ 474.918146][T18498] ? __pfx_sctp_sendmsg+0x10/0x10 [ 474.918167][T18498] ? aa_sk_perm+0x81e/0x950 [ 474.918192][T18498] ? __pfx_aa_sk_perm+0x10/0x10 [ 474.918213][T18498] ? sock_rps_record_flow+0x19/0x410 [ 474.918241][T18498] ? inet_sendmsg+0x2f4/0x370 [ 474.918263][T18498] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 474.918288][T18498] __sock_sendmsg+0x19c/0x270 [ 474.918320][T18498] __sys_sendto+0x3bd/0x520 [ 474.918343][T18498] ? __pfx___sys_sendto+0x10/0x10 [ 474.918359][T18498] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 474.918400][T18498] ? __fget_files+0x3a0/0x420 [ 474.918430][T18498] ? ksys_write+0x22a/0x250 [ 474.918448][T18498] ? __pfx_ksys_write+0x10/0x10 [ 474.918461][T18498] ? rcu_is_watching+0x15/0xb0 [ 474.918495][T18498] __x64_sys_sendto+0xde/0x100 [ 474.918518][T18498] do_syscall_64+0xfa/0x3b0 [ 474.918533][T18498] ? lockdep_hardirqs_on+0x9c/0x150 [ 474.918556][T18498] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.918574][T18498] ? clear_bhb_loop+0x60/0xb0 [ 474.918598][T18498] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.918615][T18498] RIP: 0033:0x7f5afe98e929 [ 474.918632][T18498] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 474.918648][T18498] RSP: 002b:00007f5aff870038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 474.918668][T18498] RAX: ffffffffffffffda RBX: 00007f5afebb5fa0 RCX: 00007f5afe98e929 [ 474.918682][T18498] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 474.918699][T18498] RBP: 00007f5aff870090 R08: 0000200000000100 R09: 000000000000001c [ 474.918711][T18498] R10: 0000000000000014 R11: 0000000000000246 R12: 0000000000000002 [ 474.918722][T18498] R13: 0000000000000000 R14: 00007f5afebb5fa0 R15: 00007ffff3a13488 [ 474.918753][T18498] [ 475.402406][T11470] hsr_slave_0: left promiscuous mode [ 475.425834][T11470] hsr_slave_1: left promiscuous mode [ 475.455789][ T5149] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 475.455955][T11470] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 475.472349][ T5149] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 475.482522][ T5149] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 475.492945][ T5149] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 475.495927][T11470] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 475.514693][ T5149] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 475.524842][T11470] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 475.568049][T11470] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 475.667514][T11470] veth1_macvtap: left promiscuous mode [ 475.683956][T11470] veth0_macvtap: left promiscuous mode [ 475.699647][T11470] veth1_vlan: left promiscuous mode [ 475.713439][T11470] veth0_vlan: left promiscuous mode [ 475.877358][T18520] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3832'. [ 475.889979][T18520] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 476.351432][T11470] team0 (unregistering): Port device team_slave_1 removed [ 476.406903][T11470] team0 (unregistering): Port device team_slave_0 removed [ 476.471133][ T51] Bluetooth: hci2: command tx timeout [ 477.049274][T18491] chnl_net:caif_netlink_parms(): no params data found [ 477.137361][T18525] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 477.436827][T18538] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3837'. [ 477.473268][T18491] bridge0: port 1(bridge_slave_0) entered blocking state [ 477.479120][T18538] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3837'. [ 477.508356][T18491] bridge0: port 1(bridge_slave_0) entered disabled state [ 477.516683][T18491] bridge_slave_0: entered allmulticast mode [ 477.532323][T18491] bridge_slave_0: entered promiscuous mode [ 477.565912][T18491] bridge0: port 2(bridge_slave_1) entered blocking state [ 477.576125][T18491] bridge0: port 2(bridge_slave_1) entered disabled state [ 477.595981][ T51] Bluetooth: hci3: command tx timeout [ 477.607644][T18545] FAULT_INJECTION: forcing a failure. [ 477.607644][T18545] name failslab, interval 1, probability 0, space 0, times 0 [ 477.625803][T18491] bridge_slave_1: entered allmulticast mode [ 477.643570][T18546] netlink: 'syz.2.3839': attribute type 10 has an invalid length. [ 477.648428][T18545] CPU: 1 UID: 0 PID: 18545 Comm: syz.0.3840 Not tainted 6.16.0-rc3-syzkaller-00136-g561aa0e22b70 #0 PREEMPT(full) [ 477.648458][T18545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 477.648469][T18545] Call Trace: [ 477.648481][T18545] [ 477.648491][T18545] dump_stack_lvl+0x189/0x250 [ 477.648523][T18545] ? __pfx____ratelimit+0x10/0x10 [ 477.648549][T18545] ? __pfx_dump_stack_lvl+0x10/0x10 [ 477.648574][T18545] ? __pfx__printk+0x10/0x10 [ 477.648609][T18545] should_fail_ex+0x414/0x560 [ 477.648636][T18545] should_failslab+0xa8/0x100 [ 477.648658][T18545] __kmalloc_cache_noprof+0x70/0x3d0 [ 477.648676][T18545] ? sctp_add_bind_addr+0x8c/0x370 [ 477.648699][T18545] sctp_add_bind_addr+0x8c/0x370 [ 477.648722][T18545] sctp_copy_local_addr_list+0x30b/0x4e0 [ 477.648753][T18545] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 477.648779][T18545] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 477.648807][T18545] ? sctp_v6_is_any+0x64/0x80 [ 477.648828][T18545] ? sctp_copy_one_addr+0x93/0x360 [ 477.648849][T18545] sctp_bind_addr_copy+0xb3/0x3c0 [ 477.648868][T18545] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 477.648896][T18545] sctp_connect_new_asoc+0x2e0/0x690 [ 477.648921][T18545] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 477.648944][T18545] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 477.648964][T18545] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 477.648984][T18545] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 477.649006][T18545] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 477.649028][T18545] ? security_sctp_bind_connect+0x7e/0x2e0 [ 477.649050][T18545] sctp_sendmsg+0x155c/0x2810 [ 477.649085][T18545] ? __pfx_sctp_sendmsg+0x10/0x10 [ 477.649126][T18545] ? aa_sk_perm+0x81e/0x950 [ 477.649152][T18545] ? __pfx_aa_sk_perm+0x10/0x10 [ 477.649174][T18545] ? sock_rps_record_flow+0x19/0x410 [ 477.649204][T18545] ? inet_sendmsg+0x2f4/0x370 [ 477.649227][T18545] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 477.649251][T18545] __sock_sendmsg+0x19c/0x270 [ 477.649282][T18545] __sys_sendto+0x3bd/0x520 [ 477.649303][T18545] ? __pfx___sys_sendto+0x10/0x10 [ 477.649320][T18545] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 477.649360][T18545] ? __fget_files+0x3a0/0x420 [ 477.649432][T18545] ? ksys_write+0x22a/0x250 [ 477.649451][T18545] ? __pfx_ksys_write+0x10/0x10 [ 477.649465][T18545] ? rcu_is_watching+0x15/0xb0 [ 477.649496][T18545] __x64_sys_sendto+0xde/0x100 [ 477.649520][T18545] do_syscall_64+0xfa/0x3b0 [ 477.649536][T18545] ? lockdep_hardirqs_on+0x9c/0x150 [ 477.649559][T18545] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 477.649576][T18545] ? clear_bhb_loop+0x60/0xb0 [ 477.649599][T18545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 477.649616][T18545] RIP: 0033:0x7fe500b8e929 [ 477.649633][T18545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 477.649649][T18545] RSP: 002b:00007fe5019cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 477.649669][T18545] RAX: ffffffffffffffda RBX: 00007fe500db5fa0 RCX: 00007fe500b8e929 [ 477.649683][T18545] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 477.649695][T18545] RBP: 00007fe5019cf090 R08: 0000200000000100 R09: 000000000000001c [ 477.649707][T18545] R10: 0000000000000014 R11: 0000000000000246 R12: 0000000000000002 [ 477.649718][T18545] R13: 0000000000000000 R14: 00007fe500db5fa0 R15: 00007fffdc48bd28 [ 477.649748][T18545] [ 477.671123][T18491] bridge_slave_1: entered promiscuous mode [ 478.067829][T18551] netlink: 'syz.0.3842': attribute type 1 has an invalid length. [ 478.123952][T18551] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3842'. [ 478.142849][T18491] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 478.157684][T18491] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 478.357987][T18565] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 478.362275][T18491] team0: Port device team_slave_0 added [ 478.429836][T11470] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 478.454302][T18491] team0: Port device team_slave_1 added [ 478.548532][ T51] Bluetooth: hci2: command tx timeout [ 478.647563][T11470] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 478.741005][T18491] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 478.756238][T18491] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 478.829072][T18491] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 478.859150][T18506] chnl_net:caif_netlink_parms(): no params data found [ 478.919449][T11470] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 478.964219][T18491] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 478.991750][T18491] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 479.047598][T18491] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 479.144408][T11470] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 479.164605][T18597] netlink: 'syz.0.3854': attribute type 10 has an invalid length. [ 479.344817][T18610] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3857'. [ 479.410838][T18491] hsr_slave_0: entered promiscuous mode [ 479.444828][T18491] hsr_slave_1: entered promiscuous mode [ 479.457198][T18491] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 479.468920][T18491] Cannot create hsr debugfs directory [ 479.540962][T18622] netlink: 596 bytes leftover after parsing attributes in process `syz.0.3861'. [ 479.677379][ T5149] Bluetooth: hci3: command tx timeout [ 479.856922][T18506] bridge0: port 1(bridge_slave_0) entered blocking state [ 479.871799][T18506] bridge0: port 1(bridge_slave_0) entered disabled state [ 479.887426][T18506] bridge_slave_0: entered allmulticast mode [ 479.900453][T18506] bridge_slave_0: entered promiscuous mode [ 479.920956][T18506] bridge0: port 2(bridge_slave_1) entered blocking state [ 479.929155][T18506] bridge0: port 2(bridge_slave_1) entered disabled state [ 479.936689][T18506] bridge_slave_1: entered allmulticast mode [ 479.965574][T18506] bridge_slave_1: entered promiscuous mode [ 480.085474][T18644] netlink: 'syz.1.3868': attribute type 10 has an invalid length. [ 480.162446][T18506] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 480.220902][T18506] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 480.310615][T11470] bridge_slave_1: left allmulticast mode [ 480.316350][T11470] bridge_slave_1: left promiscuous mode [ 480.334103][T11470] bridge0: port 2(bridge_slave_1) entered disabled state [ 480.370188][T11470] bridge_slave_0: left allmulticast mode [ 480.384078][T11470] bridge_slave_0: left promiscuous mode [ 480.410987][T11470] bridge0: port 1(bridge_slave_0) entered disabled state [ 480.492572][T18656] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3871'. [ 480.591669][T18661] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3871'. [ 480.616485][T18661] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 480.628651][ T5149] Bluetooth: hci2: command tx timeout [ 480.997599][T11470] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 481.013170][T11470] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 481.024164][T11470] bond0 (unregistering): Released all slaves [ 481.113586][T18506] team0: Port device team_slave_0 added [ 481.159289][T18506] team0: Port device team_slave_1 added [ 481.369512][T18668] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3875'. [ 481.470428][T18506] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 481.485496][T18506] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 481.520505][T18506] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 481.537876][T18506] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 481.546609][T18506] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 481.574287][T18506] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 481.636914][T18680] FAULT_INJECTION: forcing a failure. [ 481.636914][T18680] name failslab, interval 1, probability 0, space 0, times 0 [ 481.652141][T18680] CPU: 0 UID: 0 PID: 18680 Comm: syz.2.3878 Not tainted 6.16.0-rc3-syzkaller-00136-g561aa0e22b70 #0 PREEMPT(full) [ 481.652159][T18680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 481.652165][T18680] Call Trace: [ 481.652171][T18680] [ 481.652176][T18680] dump_stack_lvl+0x189/0x250 [ 481.652197][T18680] ? __pfx____ratelimit+0x10/0x10 [ 481.652214][T18680] ? __pfx_dump_stack_lvl+0x10/0x10 [ 481.652229][T18680] ? __pfx__printk+0x10/0x10 [ 481.652248][T18680] should_fail_ex+0x414/0x560 [ 481.652266][T18680] should_failslab+0xa8/0x100 [ 481.652279][T18680] __kmalloc_cache_noprof+0x70/0x3d0 [ 481.652289][T18680] ? sctp_add_bind_addr+0x8c/0x370 [ 481.652303][T18680] sctp_add_bind_addr+0x8c/0x370 [ 481.652315][T18680] sctp_copy_local_addr_list+0x30b/0x4e0 [ 481.652334][T18680] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 481.652349][T18680] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 481.652366][T18680] ? sctp_v6_is_any+0x64/0x80 [ 481.652378][T18680] ? sctp_copy_one_addr+0x93/0x360 [ 481.652390][T18680] sctp_bind_addr_copy+0xb3/0x3c0 [ 481.652400][T18680] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 481.652417][T18680] sctp_connect_new_asoc+0x2e0/0x690 [ 481.652432][T18680] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 481.652445][T18680] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 481.652457][T18680] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 481.652468][T18680] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 481.652481][T18680] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 481.652495][T18680] ? security_sctp_bind_connect+0x7e/0x2e0 [ 481.652508][T18680] sctp_sendmsg+0x155c/0x2810 [ 481.652527][T18680] ? __pfx_sctp_sendmsg+0x10/0x10 [ 481.652541][T18680] ? aa_sk_perm+0x81e/0x950 [ 481.652556][T18680] ? __pfx_aa_sk_perm+0x10/0x10 [ 481.652569][T18680] ? sock_rps_record_flow+0x19/0x410 [ 481.652587][T18680] ? inet_sendmsg+0x2f4/0x370 [ 481.652601][T18680] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 481.652615][T18680] __sock_sendmsg+0x19c/0x270 [ 481.652633][T18680] __sys_sendto+0x3bd/0x520 [ 481.652646][T18680] ? __pfx___sys_sendto+0x10/0x10 [ 481.652655][T18680] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 481.652679][T18680] ? __fget_files+0x3a0/0x420 [ 481.652696][T18680] ? ksys_write+0x22a/0x250 [ 481.652708][T18680] ? __pfx_ksys_write+0x10/0x10 [ 481.652716][T18680] ? rcu_is_watching+0x15/0xb0 [ 481.652735][T18680] __x64_sys_sendto+0xde/0x100 [ 481.652748][T18680] do_syscall_64+0xfa/0x3b0 [ 481.652766][T18680] ? lockdep_hardirqs_on+0x9c/0x150 [ 481.652780][T18680] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 481.652791][T18680] ? clear_bhb_loop+0x60/0xb0 [ 481.652803][T18680] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 481.652813][T18680] RIP: 0033:0x7fd5b418e929 [ 481.652824][T18680] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 481.652833][T18680] RSP: 002b:00007fd5b5060038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 481.652845][T18680] RAX: ffffffffffffffda RBX: 00007fd5b43b5fa0 RCX: 00007fd5b418e929 [ 481.652853][T18680] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 481.652860][T18680] RBP: 00007fd5b5060090 R08: 0000200000000100 R09: 000000000000001c [ 481.652867][T18680] R10: 0000000000000014 R11: 0000000000000246 R12: 0000000000000002 [ 481.652873][T18680] R13: 0000000000000000 R14: 00007fd5b43b5fa0 R15: 00007fffc00c8a28 [ 481.652890][T18680] [ 482.008903][ T5149] Bluetooth: hci3: command tx timeout [ 482.107080][T18686] netlink: 'syz.2.3880': attribute type 10 has an invalid length. [ 482.137701][T18687] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3879'. [ 482.162921][T18687] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3879'. [ 482.240964][T18506] hsr_slave_0: entered promiscuous mode [ 482.248234][T18506] hsr_slave_1: entered promiscuous mode [ 482.255907][T18506] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 482.264366][T18506] Cannot create hsr debugfs directory [ 482.394580][T11470] hsr_slave_0: left promiscuous mode [ 482.434391][T11470] hsr_slave_1: left promiscuous mode [ 482.451804][T11470] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 482.464266][T11470] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 482.519327][T11470] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 482.548900][T11470] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 482.643495][T11470] veth1_macvtap: left promiscuous mode [ 482.662935][T11470] veth0_macvtap: left promiscuous mode [ 482.670100][T11470] veth1_vlan: left promiscuous mode [ 482.677330][T11470] veth0_vlan: left promiscuous mode [ 482.708485][ T5149] Bluetooth: hci2: command tx timeout [ 483.258359][T11470] team0 (unregistering): Port device team_slave_1 removed [ 483.315848][T11470] team0 (unregistering): Port device team_slave_0 removed [ 483.715785][T18714] netlink: 'syz.0.3887': attribute type 10 has an invalid length. [ 483.995214][T18690] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 484.068692][ T5149] Bluetooth: hci3: command tx timeout [ 484.505588][T18723] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3891'. [ 484.540738][T18726] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3892'. [ 484.887623][T18491] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 484.905583][T18735] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3894'. [ 484.932291][T18491] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 485.032410][T18491] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 485.117603][T18491] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 485.457233][T18491] 8021q: adding VLAN 0 to HW filter on device bond0 [ 485.553487][T18491] 8021q: adding VLAN 0 to HW filter on device team0 [ 485.613792][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 485.618964][T18766] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3904'. [ 485.621344][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 485.697512][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 485.704811][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 485.752397][T18491] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 485.764796][T18491] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 485.913254][T18506] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 485.949557][T18506] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 485.973102][T18506] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 486.007368][T18506] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 486.366518][T18506] 8021q: adding VLAN 0 to HW filter on device bond0 [ 486.390658][T18491] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 486.435064][T18506] 8021q: adding VLAN 0 to HW filter on device team0 [ 486.445003][T18798] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3912'. [ 486.472863][T18798] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3912'. [ 486.513373][T10282] bridge0: port 1(bridge_slave_0) entered blocking state [ 486.520639][T10282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 486.535642][T10282] bridge0: port 2(bridge_slave_1) entered blocking state [ 486.542956][T10282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 486.575252][T18806] netlink: 'syz.1.3916': attribute type 2 has an invalid length. [ 486.592097][T18491] veth0_vlan: entered promiscuous mode [ 486.633809][T18806] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3916'. [ 486.642684][T18491] veth1_vlan: entered promiscuous mode [ 486.767736][T18811] netlink: 'syz.0.3918': attribute type 1 has an invalid length. [ 486.800371][T18491] veth0_macvtap: entered promiscuous mode [ 486.823257][T18491] veth1_macvtap: entered promiscuous mode [ 486.873002][T18491] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 486.910672][T18491] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 486.964889][T18491] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 486.996513][T18491] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.026479][T18491] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.047729][T18491] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.120859][T18824] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3921'. [ 487.209659][T18828] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3922'. [ 487.223483][T18831] netlink: 'syz.0.3923': attribute type 58 has an invalid length. [ 487.259161][T18830] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3922'. [ 487.277594][T18831] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3923'. [ 487.413320][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.448827][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 487.486481][T18506] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 487.577451][ T7545] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 487.633658][ T7545] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 487.701081][T18849] FAULT_INJECTION: forcing a failure. [ 487.701081][T18849] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 487.749477][T18849] CPU: 0 UID: 0 PID: 18849 Comm: syz.2.3928 Not tainted 6.16.0-rc3-syzkaller-00136-g561aa0e22b70 #0 PREEMPT(full) [ 487.749505][T18849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 487.749516][T18849] Call Trace: [ 487.749523][T18849] [ 487.749532][T18849] dump_stack_lvl+0x189/0x250 [ 487.749563][T18849] ? __pfx____ratelimit+0x10/0x10 [ 487.749588][T18849] ? __pfx_dump_stack_lvl+0x10/0x10 [ 487.749613][T18849] ? __pfx__printk+0x10/0x10 [ 487.749633][T18849] ? __might_fault+0xb0/0x130 [ 487.749663][T18849] should_fail_ex+0x414/0x560 [ 487.749691][T18849] _copy_from_iter+0x3f5/0x16f0 [ 487.749720][T18849] ? rcu_is_watching+0x15/0xb0 [ 487.749751][T18849] ? __pfx__copy_from_iter+0x10/0x10 [ 487.749776][T18849] ? __build_skb_around+0x257/0x3e0 [ 487.749799][T18849] ? netlink_sendmsg+0x642/0xb30 [ 487.749817][T18849] ? skb_put+0x11b/0x210 [ 487.749838][T18849] netlink_sendmsg+0x6b2/0xb30 [ 487.749864][T18849] ? __pfx_netlink_sendmsg+0x10/0x10 [ 487.749884][T18849] ? aa_sock_msg_perm+0x94/0x160 [ 487.749905][T18849] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 487.749924][T18849] ? __pfx_netlink_sendmsg+0x10/0x10 [ 487.749942][T18849] __sock_sendmsg+0x21c/0x270 [ 487.749969][T18849] ____sys_sendmsg+0x505/0x830 [ 487.749996][T18849] ? __pfx_____sys_sendmsg+0x10/0x10 [ 487.750024][T18849] ? import_iovec+0x74/0xa0 [ 487.750043][T18849] ___sys_sendmsg+0x21f/0x2a0 [ 487.750064][T18849] ? __pfx____sys_sendmsg+0x10/0x10 [ 487.750324][T18849] ? __fget_files+0x2a/0x420 [ 487.750345][T18849] ? __fget_files+0x3a0/0x420 [ 487.750389][T18849] __x64_sys_sendmsg+0x19b/0x260 [ 487.750414][T18849] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 487.750442][T18849] ? __pfx_ksys_write+0x10/0x10 [ 487.750454][T18849] ? rcu_is_watching+0x15/0xb0 [ 487.750482][T18849] ? do_syscall_64+0xbe/0x3b0 [ 487.750501][T18849] do_syscall_64+0xfa/0x3b0 [ 487.750515][T18849] ? lockdep_hardirqs_on+0x9c/0x150 [ 487.750536][T18849] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.750552][T18849] ? clear_bhb_loop+0x60/0xb0 [ 487.750573][T18849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.750591][T18849] RIP: 0033:0x7fd5b418e929 [ 487.750608][T18849] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 487.750622][T18849] RSP: 002b:00007fd5b5060038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 487.750642][T18849] RAX: ffffffffffffffda RBX: 00007fd5b43b5fa0 RCX: 00007fd5b418e929 [ 487.750656][T18849] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000004 [ 487.750666][T18849] RBP: 00007fd5b5060090 R08: 0000000000000000 R09: 0000000000000000 [ 487.750676][T18849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 487.750687][T18849] R13: 0000000000000000 R14: 00007fd5b43b5fa0 R15: 00007fffc00c8a28 [ 487.750719][T18849] [ 488.504139][T18876] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3936'. [ 488.589617][T18878] netlink: 'syz.0.3935': attribute type 83 has an invalid length. [ 488.891924][ T3465] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 488.945726][T18506] veth0_vlan: entered promiscuous mode [ 488.975504][T18506] veth1_vlan: entered promiscuous mode [ 489.013739][T18506] veth0_macvtap: entered promiscuous mode [ 489.033261][T18506] veth1_macvtap: entered promiscuous mode [ 489.065617][T18506] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 489.081922][T18506] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 489.098106][T18506] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 489.109138][T18506] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 489.118485][T18506] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 489.127296][T18506] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 489.160581][ T3465] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.250212][ T3465] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.289970][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 489.299606][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 489.330315][ T7545] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 489.342310][ T7545] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 489.365710][ T3465] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 489.560398][ T3465] bridge_slave_1: left allmulticast mode [ 489.566406][ T3465] bridge_slave_1: left promiscuous mode [ 489.573319][ T3465] bridge0: port 2(bridge_slave_1) entered disabled state [ 489.586058][ T3465] bridge_slave_0: left allmulticast mode [ 489.594525][ T3465] bridge_slave_0: left promiscuous mode [ 489.601159][ T3465] bridge0: port 1(bridge_slave_0) entered disabled state [ 490.267475][ T3465] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 490.289121][ T3465] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 490.304969][ T3465] bond0 (unregistering): Released all slaves [ 490.373107][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 490.394770][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 490.404552][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 490.430378][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 490.444474][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 490.684928][ T3465] hsr_slave_0: left promiscuous mode [ 490.694410][ T3465] hsr_slave_1: left promiscuous mode [ 490.701663][ T3465] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 490.711410][ T3465] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 490.722502][ T3465] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 490.730573][ T3465] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 490.752074][ T3465] veth1_macvtap: left promiscuous mode [ 490.757820][ T3465] veth0_macvtap: left promiscuous mode [ 490.763956][ T3465] veth1_vlan: left promiscuous mode [ 490.769572][ T3465] veth0_vlan: left promiscuous mode [ 491.685722][ T5149] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 491.702977][ T5149] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 491.722780][ T5149] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 491.733836][ T5149] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 491.745964][ T5149] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 491.854739][ T3465] team0 (unregistering): Port device team_slave_1 removed [ 491.913279][ T3465] team0 (unregistering): Port device team_slave_0 removed [ 492.470607][ T51] Bluetooth: hci2: command tx timeout [ 492.676436][T18940] FAULT_INJECTION: forcing a failure. [ 492.676436][T18940] name failslab, interval 1, probability 0, space 0, times 0 [ 492.690597][T18938] netlink: 'syz.0.3952': attribute type 1 has an invalid length. [ 492.691257][T18940] CPU: 0 UID: 0 PID: 18940 Comm: syz.2.3951 Not tainted 6.16.0-rc3-syzkaller-00136-g561aa0e22b70 #0 PREEMPT(full) [ 492.691281][T18940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 492.691293][T18940] Call Trace: [ 492.691301][T18940] [ 492.691310][T18940] dump_stack_lvl+0x189/0x250 [ 492.691342][T18940] ? __pfx____ratelimit+0x10/0x10 [ 492.691367][T18940] ? __pfx_dump_stack_lvl+0x10/0x10 [ 492.691393][T18940] ? __pfx__printk+0x10/0x10 [ 492.691418][T18940] ? __lock_acquire+0xab9/0xd20 [ 492.691449][T18940] should_fail_ex+0x414/0x560 [ 492.691477][T18940] should_failslab+0xa8/0x100 [ 492.691498][T18940] __kmalloc_cache_noprof+0x70/0x3d0 [ 492.691516][T18940] ? netlbl_unlhsh_add+0x449/0x1280 [ 492.691539][T18940] netlbl_unlhsh_add+0x449/0x1280 [ 492.691564][T18940] ? netlbl_unlhsh_add+0xdc/0x1280 [ 492.691584][T18940] ? __pfx_netlbl_unlhsh_add+0x10/0x10 [ 492.691604][T18940] ? apparmor_secctx_to_secid+0x98/0x110 [ 492.691646][T18940] netlbl_unlabel_staticadd+0x582/0x6e0 [ 492.691668][T18940] ? __pfx_netlbl_unlabel_staticadd+0x10/0x10 [ 492.691697][T18940] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 492.691731][T18940] genl_family_rcv_msg_doit+0x212/0x300 [ 492.691762][T18940] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 492.691801][T18940] ? bpf_lsm_capable+0x9/0x20 [ 492.691818][T18940] ? security_capable+0x7e/0x2e0 [ 492.691845][T18940] genl_rcv_msg+0x60e/0x790 [ 492.691873][T18940] ? __pfx_genl_rcv_msg+0x10/0x10 [ 492.691891][T18940] ? __pfx_netlbl_unlabel_staticadd+0x10/0x10 [ 492.691926][T18940] netlink_rcv_skb+0x208/0x470 [ 492.691947][T18940] ? __pfx_genl_rcv_msg+0x10/0x10 [ 492.691972][T18940] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 492.692010][T18940] ? down_read+0x1ad/0x2e0 [ 492.692032][T18940] genl_rcv+0x28/0x40 [ 492.692053][T18940] netlink_unicast+0x75b/0x8d0 [ 492.692083][T18940] netlink_sendmsg+0x805/0xb30 [ 492.692113][T18940] ? __pfx_netlink_sendmsg+0x10/0x10 [ 492.692137][T18940] ? aa_sock_msg_perm+0x94/0x160 [ 492.692159][T18940] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 492.692180][T18940] ? __pfx_netlink_sendmsg+0x10/0x10 [ 492.692201][T18940] __sock_sendmsg+0x21c/0x270 [ 492.692230][T18940] ____sys_sendmsg+0x505/0x830 [ 492.692257][T18940] ? __pfx_____sys_sendmsg+0x10/0x10 [ 492.692288][T18940] ? import_iovec+0x74/0xa0 [ 492.692310][T18940] ___sys_sendmsg+0x21f/0x2a0 [ 492.692333][T18940] ? __pfx____sys_sendmsg+0x10/0x10 [ 492.692394][T18940] ? __fget_files+0x2a/0x420 [ 492.692412][T18940] ? __fget_files+0x3a0/0x420 [ 492.692442][T18940] __x64_sys_sendmsg+0x19b/0x260 [ 492.692467][T18940] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 492.692499][T18940] ? __pfx_ksys_write+0x10/0x10 [ 492.692521][T18940] ? do_syscall_64+0xbe/0x3b0 [ 492.692542][T18940] do_syscall_64+0xfa/0x3b0 [ 492.692556][T18940] ? lockdep_hardirqs_on+0x9c/0x150 [ 492.692578][T18940] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.692596][T18940] ? clear_bhb_loop+0x60/0xb0 [ 492.692629][T18940] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.692647][T18940] RIP: 0033:0x7fd5b418e929 [ 492.692663][T18940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 492.692679][T18940] RSP: 002b:00007fd5b5060038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 492.692699][T18940] RAX: ffffffffffffffda RBX: 00007fd5b43b5fa0 RCX: 00007fd5b418e929 [ 492.692712][T18940] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000004 [ 492.692724][T18940] RBP: 00007fd5b5060090 R08: 0000000000000000 R09: 0000000000000000 [ 492.692735][T18940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 492.692743][T18940] R13: 0000000000000000 R14: 00007fd5b43b5fa0 R15: 00007fffc00c8a28 [ 492.692774][T18940] [ 493.126857][T18900] chnl_net:caif_netlink_parms(): no params data found [ 493.183105][T18942] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3953'. [ 493.228775][T18947] FAULT_INJECTION: forcing a failure. [ 493.228775][T18947] name failslab, interval 1, probability 0, space 0, times 0 [ 493.246882][T18947] CPU: 1 UID: 0 PID: 18947 Comm: syz.1.3954 Not tainted 6.16.0-rc3-syzkaller-00136-g561aa0e22b70 #0 PREEMPT(full) [ 493.246908][T18947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 493.246918][T18947] Call Trace: [ 493.246925][T18947] [ 493.246933][T18947] dump_stack_lvl+0x189/0x250 [ 493.246963][T18947] ? __pfx____ratelimit+0x10/0x10 [ 493.246988][T18947] ? __pfx_dump_stack_lvl+0x10/0x10 [ 493.247013][T18947] ? __pfx__printk+0x10/0x10 [ 493.247044][T18947] should_fail_ex+0x414/0x560 [ 493.247069][T18947] should_failslab+0xa8/0x100 [ 493.247090][T18947] __kmalloc_cache_noprof+0x70/0x3d0 [ 493.247108][T18947] ? sctp_add_bind_addr+0x8c/0x370 [ 493.247129][T18947] sctp_add_bind_addr+0x8c/0x370 [ 493.247147][T18947] sctp_copy_local_addr_list+0x30b/0x4e0 [ 493.247172][T18947] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 493.247193][T18947] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 493.247216][T18947] ? sctp_v6_is_any+0x64/0x80 [ 493.247233][T18947] ? sctp_copy_one_addr+0x93/0x360 [ 493.247250][T18947] sctp_bind_addr_copy+0xb3/0x3c0 [ 493.247266][T18947] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 493.247290][T18947] sctp_connect_new_asoc+0x2e0/0x690 [ 493.247310][T18947] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 493.247327][T18947] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 493.247344][T18947] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 493.247358][T18947] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 493.247374][T18947] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 493.247393][T18947] ? security_sctp_bind_connect+0x7e/0x2e0 [ 493.247411][T18947] sctp_sendmsg+0x155c/0x2810 [ 493.247439][T18947] ? __pfx_sctp_sendmsg+0x10/0x10 [ 493.247459][T18947] ? aa_sk_perm+0x81e/0x950 [ 493.247482][T18947] ? __pfx_aa_sk_perm+0x10/0x10 [ 493.247502][T18947] ? sock_rps_record_flow+0x19/0x410 [ 493.247527][T18947] ? inet_sendmsg+0x2f4/0x370 [ 493.247545][T18947] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 493.247566][T18947] __sock_sendmsg+0x19c/0x270 [ 493.247591][T18947] __sys_sendto+0x3bd/0x520 [ 493.247609][T18947] ? __pfx___sys_sendto+0x10/0x10 [ 493.247634][T18947] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 493.247668][T18947] ? __fget_files+0x3a0/0x420 [ 493.247694][T18947] ? ksys_write+0x22a/0x250 [ 493.247710][T18947] ? __pfx_ksys_write+0x10/0x10 [ 493.247722][T18947] ? rcu_is_watching+0x15/0xb0 [ 493.247748][T18947] __x64_sys_sendto+0xde/0x100 [ 493.247769][T18947] do_syscall_64+0xfa/0x3b0 [ 493.247785][T18947] ? lockdep_hardirqs_on+0x9c/0x150 [ 493.247808][T18947] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 493.247825][T18947] ? clear_bhb_loop+0x60/0xb0 [ 493.247846][T18947] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 493.247864][T18947] RIP: 0033:0x7f5afe98e929 [ 493.247880][T18947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 493.247896][T18947] RSP: 002b:00007f5aff870038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 493.247916][T18947] RAX: ffffffffffffffda RBX: 00007f5afebb5fa0 RCX: 00007f5afe98e929 [ 493.247930][T18947] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 493.247942][T18947] RBP: 00007f5aff870090 R08: 0000200000000100 R09: 000000000000001c [ 493.247954][T18947] R10: 0000000000000014 R11: 0000000000000246 R12: 0000000000000002 [ 493.247966][T18947] R13: 0000000000000000 R14: 00007f5afebb5fa0 R15: 00007ffff3a13488 [ 493.247997][T18947] [ 493.828763][ T51] Bluetooth: hci3: command tx timeout [ 493.904821][T18963] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3959'. [ 494.192608][T18979] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition [ 494.205660][T18979] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0) [ 494.230712][T18982] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3965'. [ 494.248630][T18982] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3965'. [ 494.284022][T18982] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3965'. [ 494.303602][T18900] bridge0: port 1(bridge_slave_0) entered blocking state [ 494.345462][T18900] bridge0: port 1(bridge_slave_0) entered disabled state [ 494.372499][T18900] bridge_slave_0: entered allmulticast mode [ 494.383917][T18987] FAULT_INJECTION: forcing a failure. [ 494.383917][T18987] name failslab, interval 1, probability 0, space 0, times 0 [ 494.402648][T18900] bridge_slave_0: entered promiscuous mode [ 494.403141][T18987] CPU: 0 UID: 0 PID: 18987 Comm: syz.1.3966 Not tainted 6.16.0-rc3-syzkaller-00136-g561aa0e22b70 #0 PREEMPT(full) [ 494.403165][T18987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 494.403176][T18987] Call Trace: [ 494.403185][T18987] [ 494.403193][T18987] dump_stack_lvl+0x189/0x250 [ 494.403224][T18987] ? __pfx____ratelimit+0x10/0x10 [ 494.403250][T18987] ? __pfx_dump_stack_lvl+0x10/0x10 [ 494.403275][T18987] ? __pfx__printk+0x10/0x10 [ 494.403309][T18987] should_fail_ex+0x414/0x560 [ 494.403337][T18987] should_failslab+0xa8/0x100 [ 494.403357][T18987] __kmalloc_cache_noprof+0x70/0x3d0 [ 494.403375][T18987] ? sctp_add_bind_addr+0x8c/0x370 [ 494.403396][T18987] sctp_add_bind_addr+0x8c/0x370 [ 494.403418][T18987] sctp_copy_local_addr_list+0x30b/0x4e0 [ 494.403449][T18987] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 494.403475][T18987] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 494.403512][T18987] ? sctp_v6_is_any+0x64/0x80 [ 494.403532][T18987] ? sctp_copy_one_addr+0x93/0x360 [ 494.403553][T18987] sctp_bind_addr_copy+0xb3/0x3c0 [ 494.403571][T18987] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 494.403599][T18987] sctp_connect_new_asoc+0x2e0/0x690 [ 494.403628][T18987] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 494.403651][T18987] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 494.403672][T18987] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 494.403691][T18987] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 494.403713][T18987] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 494.403735][T18987] ? security_sctp_bind_connect+0x7e/0x2e0 [ 494.403757][T18987] sctp_sendmsg+0x155c/0x2810 [ 494.403791][T18987] ? __pfx_sctp_sendmsg+0x10/0x10 [ 494.403815][T18987] ? aa_sk_perm+0x81e/0x950 [ 494.403840][T18987] ? __pfx_aa_sk_perm+0x10/0x10 [ 494.403864][T18987] ? sock_rps_record_flow+0x19/0x410 [ 494.403893][T18987] ? inet_sendmsg+0x2f4/0x370 [ 494.403915][T18987] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 494.403940][T18987] __sock_sendmsg+0x19c/0x270 [ 494.403968][T18987] __sys_sendto+0x3bd/0x520 [ 494.403989][T18987] ? __pfx___sys_sendto+0x10/0x10 [ 494.404006][T18987] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 494.404044][T18987] ? __fget_files+0x3a0/0x420 [ 494.404075][T18987] ? ksys_write+0x22a/0x250 [ 494.404094][T18987] ? __pfx_ksys_write+0x10/0x10 [ 494.404107][T18987] ? rcu_is_watching+0x15/0xb0 [ 494.404138][T18987] __x64_sys_sendto+0xde/0x100 [ 494.404160][T18987] do_syscall_64+0xfa/0x3b0 [ 494.404175][T18987] ? lockdep_hardirqs_on+0x9c/0x150 [ 494.404199][T18987] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.404216][T18987] ? clear_bhb_loop+0x60/0xb0 [ 494.404237][T18987] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.404253][T18987] RIP: 0033:0x7f5afe98e929 [ 494.404269][T18987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 494.404285][T18987] RSP: 002b:00007f5aff870038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 494.404304][T18987] RAX: ffffffffffffffda RBX: 00007f5afebb5fa0 RCX: 00007f5afe98e929 [ 494.404318][T18987] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 494.404329][T18987] RBP: 00007f5aff870090 R08: 0000200000000100 R09: 000000000000001c [ 494.404340][T18987] R10: 0000000000000014 R11: 0000000000000246 R12: 0000000000000002 [ 494.404351][T18987] R13: 0000000000000000 R14: 00007f5afebb5fa0 R15: 00007ffff3a13488 [ 494.404381][T18987] [ 494.557727][ T51] Bluetooth: hci2: command tx timeout [ 494.646683][T18900] bridge0: port 2(bridge_slave_1) entered blocking state [ 494.775032][T18900] bridge0: port 2(bridge_slave_1) entered disabled state [ 494.782782][T18900] bridge_slave_1: entered allmulticast mode [ 494.791106][T18900] bridge_slave_1: entered promiscuous mode [ 494.800155][T18933] chnl_net:caif_netlink_parms(): no params data found [ 494.908528][T19006] netlink: 'syz.1.3973': attribute type 1 has an invalid length. [ 494.975432][ T3465] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 494.987278][T19009] netlink: 'syz.2.3972': attribute type 13 has an invalid length. [ 495.012626][T18900] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 495.076869][T19009] macvtap0: refused to change device tx_queue_len [ 495.090977][T18900] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 495.104205][T19011] 8021q: adding VLAN 0 to HW filter on device bond6 [ 495.184812][ T3465] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 495.193267][T19019] set match dimension is over the limit! [ 495.205300][T19017] sctp: [Deprecated]: syz.1.3975 (pid 19017) Use of int in maxseg socket option. [ 495.205300][T19017] Use struct sctp_assoc_value instead [ 495.227225][T19019] set match dimension is over the limit! [ 495.335276][T18933] bridge0: port 1(bridge_slave_0) entered blocking state [ 495.358802][T18933] bridge0: port 1(bridge_slave_0) entered disabled state [ 495.373922][T18933] bridge_slave_0: entered allmulticast mode [ 495.393866][T18933] bridge_slave_0: entered promiscuous mode [ 495.435147][T18900] team0: Port device team_slave_0 added [ 495.465869][T18900] team0: Port device team_slave_1 added [ 495.486000][T19033] FAULT_INJECTION: forcing a failure. [ 495.486000][T19033] name failslab, interval 1, probability 0, space 0, times 0 [ 495.499756][T19033] CPU: 1 UID: 0 PID: 19033 Comm: syz.2.3979 Not tainted 6.16.0-rc3-syzkaller-00136-g561aa0e22b70 #0 PREEMPT(full) [ 495.499783][T19033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 495.499795][T19033] Call Trace: [ 495.499803][T19033] [ 495.499813][T19033] dump_stack_lvl+0x189/0x250 [ 495.499843][T19033] ? __pfx____ratelimit+0x10/0x10 [ 495.499868][T19033] ? __pfx_dump_stack_lvl+0x10/0x10 [ 495.499892][T19033] ? __pfx__printk+0x10/0x10 [ 495.499927][T19033] should_fail_ex+0x414/0x560 [ 495.499955][T19033] should_failslab+0xa8/0x100 [ 495.499977][T19033] __kmalloc_cache_noprof+0x70/0x3d0 [ 495.499995][T19033] ? sctp_add_bind_addr+0x8c/0x370 [ 495.500019][T19033] sctp_add_bind_addr+0x8c/0x370 [ 495.500040][T19033] sctp_copy_local_addr_list+0x30b/0x4e0 [ 495.500070][T19033] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 495.500096][T19033] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 495.500125][T19033] ? sctp_v6_is_any+0x64/0x80 [ 495.500146][T19033] ? sctp_copy_one_addr+0x93/0x360 [ 495.500167][T19033] sctp_bind_addr_copy+0xb3/0x3c0 [ 495.500187][T19033] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 495.500215][T19033] sctp_connect_new_asoc+0x2e0/0x690 [ 495.500240][T19033] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 495.500263][T19033] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 495.500284][T19033] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 495.500303][T19033] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 495.500325][T19033] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 495.500349][T19033] ? security_sctp_bind_connect+0x7e/0x2e0 [ 495.500372][T19033] sctp_sendmsg+0x155c/0x2810 [ 495.500406][T19033] ? __pfx_sctp_sendmsg+0x10/0x10 [ 495.500431][T19033] ? aa_sk_perm+0x81e/0x950 [ 495.500458][T19033] ? __pfx_aa_sk_perm+0x10/0x10 [ 495.500482][T19033] ? sock_rps_record_flow+0x19/0x410 [ 495.500511][T19033] ? inet_sendmsg+0x2f4/0x370 [ 495.500534][T19033] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 495.500557][T19033] __sock_sendmsg+0x19c/0x270 [ 495.500586][T19033] __sys_sendto+0x3bd/0x520 [ 495.500608][T19033] ? __pfx___sys_sendto+0x10/0x10 [ 495.500630][T19033] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 495.500666][T19033] ? __fget_files+0x3a0/0x420 [ 495.500696][T19033] ? ksys_write+0x22a/0x250 [ 495.500713][T19033] ? __pfx_ksys_write+0x10/0x10 [ 495.500724][T19033] ? rcu_is_watching+0x15/0xb0 [ 495.500753][T19033] __x64_sys_sendto+0xde/0x100 [ 495.500774][T19033] do_syscall_64+0xfa/0x3b0 [ 495.500789][T19033] ? lockdep_hardirqs_on+0x9c/0x150 [ 495.500812][T19033] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 495.500829][T19033] ? clear_bhb_loop+0x60/0xb0 [ 495.500849][T19033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 495.500864][T19033] RIP: 0033:0x7fd5b418e929 [ 495.500878][T19033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 495.500892][T19033] RSP: 002b:00007fd5b5060038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 495.500911][T19033] RAX: ffffffffffffffda RBX: 00007fd5b43b5fa0 RCX: 00007fd5b418e929 [ 495.500922][T19033] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 495.500932][T19033] RBP: 00007fd5b5060090 R08: 0000200000000100 R09: 000000000000001c [ 495.500944][T19033] R10: 0000000000000014 R11: 0000000000000246 R12: 0000000000000002 [ 495.500955][T19033] R13: 0000000000000000 R14: 00007fd5b43b5fa0 R15: 00007fffc00c8a28 [ 495.500986][T19033] [ 495.893179][ T3465] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 495.909478][ T51] Bluetooth: hci3: command tx timeout [ 495.916844][T18933] bridge0: port 2(bridge_slave_1) entered blocking state [ 495.931917][T18933] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.974032][T18933] bridge_slave_1: entered allmulticast mode [ 495.982561][T18933] bridge_slave_1: entered promiscuous mode [ 496.158723][ T3465] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 496.179164][T18933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 496.192325][T18933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 496.254741][T19051] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3981'. [ 496.287253][T18900] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 496.291747][T19054] netlink: 'syz.1.3985': attribute type 13 has an invalid length. [ 496.297734][T18900] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 496.330558][T18900] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 496.345962][T18900] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 496.355134][T18900] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 496.382448][T18900] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 496.442155][T19051] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 496.480460][T19054] macvtap0: refused to change device tx_queue_len [ 496.504071][T18933] team0: Port device team_slave_0 added [ 496.597329][T18933] team0: Port device team_slave_1 added [ 496.635944][T18900] hsr_slave_0: entered promiscuous mode [ 496.647866][T18900] hsr_slave_1: entered promiscuous mode [ 496.655633][T18900] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 496.664392][T18900] Cannot create hsr debugfs directory [ 496.708888][ T51] Bluetooth: hci2: command tx timeout [ 496.953706][T19075] FAULT_INJECTION: forcing a failure. [ 496.953706][T19075] name failslab, interval 1, probability 0, space 0, times 0 [ 496.976152][T19075] CPU: 1 UID: 0 PID: 19075 Comm: syz.1.3991 Not tainted 6.16.0-rc3-syzkaller-00136-g561aa0e22b70 #0 PREEMPT(full) [ 496.976173][T19075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 496.976180][T19075] Call Trace: [ 496.976187][T19075] [ 496.976194][T19075] dump_stack_lvl+0x189/0x250 [ 496.976215][T19075] ? __pfx____ratelimit+0x10/0x10 [ 496.976242][T19075] ? __pfx_dump_stack_lvl+0x10/0x10 [ 496.976257][T19075] ? __pfx__printk+0x10/0x10 [ 496.976284][T19075] should_fail_ex+0x414/0x560 [ 496.976312][T19075] should_failslab+0xa8/0x100 [ 496.976333][T19075] __kmalloc_cache_noprof+0x70/0x3d0 [ 496.976351][T19075] ? sctp_add_bind_addr+0x8c/0x370 [ 496.976373][T19075] sctp_add_bind_addr+0x8c/0x370 [ 496.976397][T19075] sctp_copy_local_addr_list+0x30b/0x4e0 [ 496.976419][T19075] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 496.976434][T19075] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 496.976451][T19075] ? sctp_v6_is_any+0x64/0x80 [ 496.976464][T19075] ? sctp_copy_one_addr+0x93/0x360 [ 496.976478][T19075] sctp_bind_addr_copy+0xb3/0x3c0 [ 496.976490][T19075] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 496.976507][T19075] sctp_connect_new_asoc+0x2e0/0x690 [ 496.976522][T19075] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 496.976535][T19075] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 496.976548][T19075] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 496.976559][T19075] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 496.976572][T19075] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 496.976586][T19075] ? security_sctp_bind_connect+0x7e/0x2e0 [ 496.976600][T19075] sctp_sendmsg+0x155c/0x2810 [ 496.976620][T19075] ? __pfx_sctp_sendmsg+0x10/0x10 [ 496.976634][T19075] ? aa_sk_perm+0x81e/0x950 [ 496.976649][T19075] ? __pfx_aa_sk_perm+0x10/0x10 [ 496.976663][T19075] ? sock_rps_record_flow+0x19/0x410 [ 496.976680][T19075] ? inet_sendmsg+0x2f4/0x370 [ 496.976693][T19075] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 496.976708][T19075] __sock_sendmsg+0x19c/0x270 [ 496.976726][T19075] __sys_sendto+0x3bd/0x520 [ 496.976739][T19075] ? __pfx___sys_sendto+0x10/0x10 [ 496.976749][T19075] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 496.976773][T19075] ? __fget_files+0x3a0/0x420 [ 496.976791][T19075] ? ksys_write+0x22a/0x250 [ 496.976802][T19075] ? __pfx_ksys_write+0x10/0x10 [ 496.976810][T19075] ? rcu_is_watching+0x15/0xb0 [ 496.976829][T19075] __x64_sys_sendto+0xde/0x100 [ 496.976842][T19075] do_syscall_64+0xfa/0x3b0 [ 496.976852][T19075] ? lockdep_hardirqs_on+0x9c/0x150 [ 496.976866][T19075] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 496.976876][T19075] ? clear_bhb_loop+0x60/0xb0 [ 496.976889][T19075] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 496.976899][T19075] RIP: 0033:0x7f5afe98e929 [ 496.976910][T19075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 496.976920][T19075] RSP: 002b:00007f5aff870038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 496.976932][T19075] RAX: ffffffffffffffda RBX: 00007f5afebb5fa0 RCX: 00007f5afe98e929 [ 496.976940][T19075] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 496.976947][T19075] RBP: 00007f5aff870090 R08: 0000200000000100 R09: 000000000000001c [ 496.976954][T19075] R10: 0000000000000014 R11: 0000000000000246 R12: 0000000000000002 [ 496.976960][T19075] R13: 0000000000000000 R14: 00007f5afebb5fa0 R15: 00007ffff3a13488 [ 496.976978][T19075] [ 497.501452][T18933] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 497.513673][T18933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 497.549497][T18933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 497.634086][T19084] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3995'. [ 497.692166][T18933] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 497.700103][T18933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 497.728920][T18933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 497.740469][ T3465] bridge_slave_1: left allmulticast mode [ 497.746482][ T3465] bridge_slave_1: left promiscuous mode [ 497.757155][ T3465] bridge0: port 2(bridge_slave_1) entered disabled state [ 497.766828][ T3465] bridge_slave_0: left allmulticast mode [ 497.775206][ T3465] bridge_slave_0: left promiscuous mode [ 497.781347][ T3465] bridge0: port 1(bridge_slave_0) entered disabled state [ 497.993260][ T51] Bluetooth: hci3: command tx timeout [ 498.213040][ T3465] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 498.225402][ T3465] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 498.236751][ T3465] bond0 (unregistering): Released all slaves [ 498.425785][T19091] netlink: 'syz.1.3997': attribute type 13 has an invalid length. [ 498.531632][T19091] macvtap0: refused to change device tx_queue_len [ 498.707528][T18933] hsr_slave_0: entered promiscuous mode [ 498.725703][T18933] hsr_slave_1: entered promiscuous mode [ 498.733687][T18933] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 498.748707][T18933] Cannot create hsr debugfs directory [ 498.789129][ T51] Bluetooth: hci2: command tx timeout [ 498.993933][ T3465] hsr_slave_0: left promiscuous mode [ 499.014882][ T3465] hsr_slave_1: left promiscuous mode [ 499.034284][ T3465] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 499.047823][ T3465] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 499.063733][ T3465] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 499.072872][ T3465] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 499.105226][ T3465] veth1_macvtap: left promiscuous mode [ 499.111762][ T3465] veth0_macvtap: left promiscuous mode [ 499.118165][ T3465] veth1_vlan: left promiscuous mode [ 499.124640][ T3465] veth0_vlan: left promiscuous mode [ 499.700731][ T3465] team0 (unregistering): Port device team_slave_1 removed [ 499.763506][ T3465] team0 (unregistering): Port device team_slave_0 removed [ 500.078426][ T51] Bluetooth: hci3: command tx timeout [ 500.483311][T19110] netlink: 520 bytes leftover after parsing attributes in process `syz.1.4004'. [ 500.494874][T19112] IPv6: NLM_F_CREATE should be specified when creating new route [ 500.815510][T19121] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4009'. [ 500.819301][T19122] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4008'. [ 500.950388][T18900] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 500.985486][T18900] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 501.013570][T18900] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 501.083018][T18900] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 501.312295][T19143] netlink: 'syz.2.4015': attribute type 2 has an invalid length. [ 501.353788][T18900] 8021q: adding VLAN 0 to HW filter on device bond0 [ 501.407260][T18900] 8021q: adding VLAN 0 to HW filter on device team0 [ 501.408674][T19145] netlink: 520 bytes leftover after parsing attributes in process `syz.2.4016'. [ 501.443153][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 501.450657][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 501.492357][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 501.500331][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 501.561992][T18933] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 501.604924][T19149] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 501.612433][T18933] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 501.650828][T18933] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 501.682307][T18933] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 501.922089][T18933] 8021q: adding VLAN 0 to HW filter on device bond0 [ 501.961271][T18933] 8021q: adding VLAN 0 to HW filter on device team0 [ 501.980720][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 501.988914][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 502.034736][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 502.042729][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 502.136149][T18900] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 502.250888][T19171] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4022'. [ 502.333759][T18900] veth0_vlan: entered promiscuous mode [ 502.372744][T18900] veth1_vlan: entered promiscuous mode [ 502.457232][T18900] veth0_macvtap: entered promiscuous mode [ 502.485350][T18900] veth1_macvtap: entered promiscuous mode [ 502.521177][T18933] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 502.532293][T18900] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 502.543972][T18900] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 502.567664][T18900] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 502.586382][T18900] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 502.606817][T18900] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 502.622862][T18900] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 502.780695][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 502.793351][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 502.890529][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 502.902512][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 503.182993][T18933] veth0_vlan: entered promiscuous mode [ 503.227705][T18933] veth1_vlan: entered promiscuous mode [ 503.283342][T19197] netlink: 51 bytes leftover after parsing attributes in process `syz.2.4025'. [ 503.334599][T18933] veth0_macvtap: entered promiscuous mode [ 503.373787][T18933] veth1_macvtap: entered promiscuous mode [ 503.411880][T18933] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 503.441154][T18933] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 503.461874][T18933] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 503.472920][T18933] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 503.483439][T18933] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 503.493072][T18933] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 503.654132][T19204] netlink: 6 bytes leftover after parsing attributes in process `syz.1.4028'. [ 503.691415][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 503.720026][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 503.781760][ T3465] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 503.793466][ T3465] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 504.054789][T10282] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 504.503801][T10282] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 504.839997][T19214] netlink: 'syz.1.4030': attribute type 11 has an invalid length. [ 504.943402][T19214] bond7: entered promiscuous mode [ 505.008570][T10282] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.117623][T10282] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.132503][ T5149] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 505.143995][ T5149] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 505.153916][ T5149] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 505.164290][ T5149] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 505.175174][ T5149] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 505.345276][T10282] bridge_slave_1: left allmulticast mode [ 505.353872][T10282] bridge_slave_1: left promiscuous mode [ 505.362967][T10282] bridge0: port 2(bridge_slave_1) entered disabled state [ 505.373462][T10282] bridge_slave_0: left allmulticast mode [ 505.380402][T10282] bridge_slave_0: left promiscuous mode [ 505.386363][T10282] bridge0: port 1(bridge_slave_0) entered disabled state [ 505.806078][T10282] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 505.819974][T10282] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 505.833553][T10282] bond0 (unregistering): Released all slaves [ 506.080942][T19230] netlink: 'syz.2.4034': attribute type 10 has an invalid length. [ 506.145782][T19218] chnl_net:caif_netlink_parms(): no params data found [ 506.288852][T19233] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4035'. [ 506.318980][T19234] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4035'. [ 506.413363][ T5149] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 506.436792][ T5149] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 506.448503][ T5149] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 506.464558][ T5149] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 506.474336][ T5149] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 506.474677][T10282] hsr_slave_0: left promiscuous mode [ 506.504176][T19243] netlink: 'syz.2.4036': attribute type 1 has an invalid length. [ 506.512542][T10282] hsr_slave_1: left promiscuous mode [ 506.518916][T10282] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 506.526392][T10282] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 506.534851][T10282] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 506.543108][T10282] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 506.574306][T10282] veth1_macvtap: left promiscuous mode [ 506.580281][T10282] veth0_macvtap: left promiscuous mode [ 506.586242][T10282] veth1_vlan: left promiscuous mode [ 506.592398][T10282] veth0_vlan: left promiscuous mode [ 506.849709][T19252] netlink: 'syz.2.4040': attribute type 10 has an invalid length. [ 506.927185][T19258] netlink: 'syz.2.4040': attribute type 10 has an invalid length. [ 507.261492][T19268] netlink: 'syz.1.4043': attribute type 25 has an invalid length. [ 507.281512][ T51] Bluetooth: hci2: command tx timeout [ 507.351461][T10282] team0 (unregistering): Port device team_slave_1 removed [ 507.407344][T10282] team0 (unregistering): Port device team_slave_0 removed [ 508.003853][T19252] tipc: Resetting bearer [ 508.087154][T19252] team0: Device veth0_vlan failed to register rx_handler [ 508.109032][T19252] tipc: Resetting bearer [ 508.118843][T19273] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4045'. [ 508.157873][T19252] syz.2.4040 (19252) used greatest stack depth: 18008 bytes left [ 508.179281][T19258] team0: Device veth0_vlan failed to register rx_handler [ 508.192502][T19258] tipc: Resetting bearer [ 508.294542][T19218] bridge0: port 1(bridge_slave_0) entered blocking state [ 508.304937][T19218] bridge0: port 1(bridge_slave_0) entered disabled state [ 508.314076][T19218] bridge_slave_0: entered allmulticast mode [ 508.323572][T19218] bridge_slave_0: entered promiscuous mode [ 508.408640][T19218] bridge0: port 2(bridge_slave_1) entered blocking state [ 508.417707][T19218] bridge0: port 2(bridge_slave_1) entered disabled state [ 508.441412][T19218] bridge_slave_1: entered allmulticast mode [ 508.460399][T19218] bridge_slave_1: entered promiscuous mode [ 508.548545][ T51] Bluetooth: hci3: command tx timeout [ 508.581643][T19289] netlink: 'syz.0.4050': attribute type 1 has an invalid length. [ 508.595026][T19289] netlink: 'syz.0.4050': attribute type 2 has an invalid length. [ 508.646211][T19218] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 508.777495][T19218] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 508.791037][ T9035] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 508.933516][T19218] team0: Port device team_slave_0 added [ 508.963138][T19218] team0: Port device team_slave_1 added [ 509.075051][T19218] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 509.085718][T19218] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 509.197477][T19218] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 509.230972][T19218] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 509.256353][T19218] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 509.301564][T19308] Timeout policy `syz0' can only be used by L3 protocol number 1536 [ 509.322709][T19218] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 509.356518][T19308] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4057'. [ 509.356887][ T51] Bluetooth: hci2: command tx timeout [ 509.381489][T19308] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4057'. [ 509.512035][T19316] netlink: 164 bytes leftover after parsing attributes in process `syz.1.4060'. [ 509.531895][T19218] hsr_slave_0: entered promiscuous mode [ 509.540674][T19218] hsr_slave_1: entered promiscuous mode [ 509.550181][T19218] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 509.559162][T19218] Cannot create hsr debugfs directory [ 509.670755][ T9035] ip6_tunnel: ip6gre2 xmit: Local address not yet configured! [ 509.683290][T19321] netlink: 'syz.1.4062': attribute type 10 has an invalid length. [ 509.697164][T10282] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 509.924589][T10282] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.117923][T10282] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.159979][T19345] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4069'. [ 510.174905][T19346] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4068'. [ 510.193094][T19346] netlink: 'syz.2.4068': attribute type 83 has an invalid length. [ 510.253783][T10282] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 510.280766][T19240] chnl_net:caif_netlink_parms(): no params data found [ 510.361080][T19351] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4071'. [ 510.619118][T19369] netlink: 'syz.2.4076': attribute type 10 has an invalid length. [ 510.630248][ T51] Bluetooth: hci3: command tx timeout [ 510.737724][T19240] bridge0: port 1(bridge_slave_0) entered blocking state [ 510.745914][T19240] bridge0: port 1(bridge_slave_0) entered disabled state [ 510.753763][T19240] bridge_slave_0: entered allmulticast mode [ 510.763658][T19240] bridge_slave_0: entered promiscuous mode [ 510.798546][T19240] bridge0: port 2(bridge_slave_1) entered blocking state [ 510.813491][T19240] bridge0: port 2(bridge_slave_1) entered disabled state [ 510.833487][T19240] bridge_slave_1: entered allmulticast mode [ 510.845824][T19240] bridge_slave_1: entered promiscuous mode [ 511.111430][T19240] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 511.123882][T10282] bridge_slave_1: left allmulticast mode [ 511.130710][T10282] bridge_slave_1: left promiscuous mode [ 511.137443][T10282] bridge0: port 2(bridge_slave_1) entered disabled state [ 511.146923][T10282] bridge_slave_0: left allmulticast mode [ 511.153120][T10282] bridge_slave_0: left promiscuous mode [ 511.159305][T10282] bridge0: port 1(bridge_slave_0) entered disabled state [ 511.188533][T19385] netlink: 128 bytes leftover after parsing attributes in process `syz.1.4081'. [ 511.428368][ T51] Bluetooth: hci2: command tx timeout [ 511.613741][T10282] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 511.626164][T10282] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 511.641698][T10282] bond0 (unregistering): Released all slaves [ 511.681173][T19240] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 511.984997][T19240] team0: Port device team_slave_0 added [ 512.009398][T19393] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 512.040809][T19240] team0: Port device team_slave_1 added [ 512.071221][T19399] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4085'. [ 512.430728][ T5909] hid-generic 0005:10CF:05DF.0003: item fetching failed at offset 0/1 [ 512.448895][T19240] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 512.456080][T19240] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 512.485906][ T5909] hid-generic 0005:10CF:05DF.0003: probe with driver hid-generic failed with error -22 [ 512.538872][T19240] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 512.571958][T19413] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4087'. [ 512.647409][T10282] hsr_slave_0: left promiscuous mode [ 512.656910][T10282] hsr_slave_1: left promiscuous mode [ 512.667642][T10282] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 512.688010][T10282] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 512.702837][T10282] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 512.713358][ T51] Bluetooth: hci3: command tx timeout [ 512.722831][T10282] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 512.772744][T10282] veth1_macvtap: left promiscuous mode [ 512.781835][T10282] veth0_macvtap: left promiscuous mode [ 512.787808][T10282] veth1_vlan: left promiscuous mode [ 512.794689][T10282] veth0_vlan: left promiscuous mode [ 513.300477][T10282] team0 (unregistering): Port device team_slave_1 removed [ 513.353817][T10282] team0 (unregistering): Port device team_slave_0 removed [ 513.518995][ T51] Bluetooth: hci2: command tx timeout [ 513.874712][T19424] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4090'. [ 513.874738][T19240] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 513.903706][T19424] netlink: 224 bytes leftover after parsing attributes in process `syz.2.4090'. [ 513.928442][T19240] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 514.016733][T19240] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 514.154471][T19433] tipc: Disabling bearer [ 514.321718][T19240] hsr_slave_0: entered promiscuous mode [ 514.349892][T19444] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4095'. [ 514.354538][T19240] hsr_slave_1: entered promiscuous mode [ 514.374179][T19240] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 514.383005][T19240] Cannot create hsr debugfs directory [ 514.417605][T19447] xt_CT: You must specify a L4 protocol and not use inversions on it [ 514.483478][T19218] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 514.525004][T19218] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 514.572866][T19218] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 514.646441][T19450] netdevsim netdevsim2 ÿÿÿÿÿÿ: renamed from netdevsim0 (while UP) [ 514.661520][T19218] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 514.789580][ T51] Bluetooth: hci3: command tx timeout [ 514.930460][T19454] team0 (unregistering): left promiscuous mode [ 514.954220][T19454] team0 (unregistering): Port device vlan0 removed [ 515.213328][T19478] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 515.379418][T19218] 8021q: adding VLAN 0 to HW filter on device bond0 [ 515.394044][T19484] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode [ 515.429674][T19218] 8021q: adding VLAN 0 to HW filter on device team0 [ 515.465145][ T7545] bridge0: port 1(bridge_slave_0) entered blocking state [ 515.472770][ T7545] bridge0: port 1(bridge_slave_0) entered forwarding state [ 515.564176][T19487] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 515.586178][ T7545] bridge0: port 2(bridge_slave_1) entered blocking state [ 515.593453][ T7545] bridge0: port 2(bridge_slave_1) entered forwarding state [ 515.602736][T19487] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 515.811237][T19218] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 515.848581][T19218] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 516.037596][T19240] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 516.057418][T19240] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 516.089227][T19240] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 516.128825][T19240] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 516.543377][T19240] 8021q: adding VLAN 0 to HW filter on device bond0 [ 516.574350][T19218] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 516.603363][T19240] 8021q: adding VLAN 0 to HW filter on device team0 [ 516.647289][ T3465] bridge0: port 1(bridge_slave_0) entered blocking state [ 516.654566][ T3465] bridge0: port 1(bridge_slave_0) entered forwarding state [ 516.691084][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 516.698301][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 516.801054][T19218] veth0_vlan: entered promiscuous mode [ 516.836568][T19218] veth1_vlan: entered promiscuous mode [ 516.926997][T19541] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4118'. [ 516.945757][T19218] veth0_macvtap: entered promiscuous mode [ 516.979333][T19541] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4118'. [ 517.000674][T19218] veth1_macvtap: entered promiscuous mode [ 517.062288][T19218] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 517.082024][T19547] syz.1.4121: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 517.111173][T19218] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 517.133830][T19547] CPU: 1 UID: 0 PID: 19547 Comm: syz.1.4121 Not tainted 6.16.0-rc3-syzkaller-00136-g561aa0e22b70 #0 PREEMPT(full) [ 517.133861][T19547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 517.133874][T19547] Call Trace: [ 517.133885][T19547] [ 517.133896][T19547] dump_stack_lvl+0x189/0x250 [ 517.133936][T19547] ? __pfx_dump_stack_lvl+0x10/0x10 [ 517.133966][T19547] ? __pfx__printk+0x10/0x10 [ 517.133986][T19547] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 517.134005][T19547] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 517.134026][T19547] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 517.134050][T19547] warn_alloc+0x214/0x310 [ 517.134071][T19547] ? stack_depot_save_flags+0x40/0x900 [ 517.134099][T19547] ? __pfx_warn_alloc+0x10/0x10 [ 517.134124][T19547] ? kasan_save_track+0x4f/0x80 [ 517.134152][T19547] ? xskq_create+0x56/0x170 [ 517.134198][T19547] ? xsk_init_queue+0xb0/0x110 [ 517.134220][T19547] ? xsk_setsockopt+0x43f/0x710 [ 517.134242][T19547] ? do_sock_setsockopt+0x257/0x3e0 [ 517.134263][T19547] ? __x64_sys_setsockopt+0x18b/0x220 [ 517.134283][T19547] ? do_syscall_64+0xfa/0x3b0 [ 517.134299][T19547] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 517.134328][T19547] __vmalloc_node_range_noprof+0x125/0x12f0 [ 517.134384][T19547] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 517.134407][T19547] ? xskq_create+0x56/0x170 [ 517.134434][T19547] ? __kasan_kmalloc+0x93/0xb0 [ 517.134463][T19547] vmalloc_user_noprof+0xad/0xf0 [ 517.134486][T19547] ? xskq_create+0xbf/0x170 [ 517.134513][T19547] xskq_create+0xbf/0x170 [ 517.134544][T19547] xsk_init_queue+0xb0/0x110 [ 517.134573][T19547] xsk_setsockopt+0x43f/0x710 [ 517.134602][T19547] ? __pfx_xsk_setsockopt+0x10/0x10 [ 517.134624][T19547] ? __lock_acquire+0xab9/0xd20 [ 517.134661][T19547] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 517.134683][T19547] ? __pfx_xsk_setsockopt+0x10/0x10 [ 517.134709][T19547] do_sock_setsockopt+0x257/0x3e0 [ 517.134735][T19547] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 517.134762][T19547] ? __fget_files+0x2a/0x420 [ 517.134793][T19547] __x64_sys_setsockopt+0x18b/0x220 [ 517.134821][T19547] do_syscall_64+0xfa/0x3b0 [ 517.134837][T19547] ? lockdep_hardirqs_on+0x9c/0x150 [ 517.134863][T19547] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 517.134882][T19547] ? clear_bhb_loop+0x60/0xb0 [ 517.134905][T19547] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 517.134925][T19547] RIP: 0033:0x7f5afe98e929 [ 517.134942][T19547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 517.134958][T19547] RSP: 002b:00007f5aff870038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 517.134979][T19547] RAX: ffffffffffffffda RBX: 00007f5afebb5fa0 RCX: 00007f5afe98e929 [ 517.134994][T19547] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000004 [ 517.135005][T19547] RBP: 00007f5afea10b39 R08: 0000000000000004 R09: 0000000000000000 [ 517.135017][T19547] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 517.135029][T19547] R13: 0000000000000000 R14: 00007f5afebb5fa0 R15: 00007ffff3a13488 [ 517.135062][T19547] [ 517.135085][T19547] Mem-Info: [ 517.184625][T19550] netlink: 277 bytes leftover after parsing attributes in process `syz.2.4123'. [ 517.196565][T19218] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.275812][T19547] active_anon:4874 inactive_anon:0 isolated_anon:0 [ 517.275812][T19547] active_file:1743 inactive_file:40040 isolated_file:0 [ 517.275812][T19547] unevictable:768 dirty:137 writeback:0 [ 517.275812][T19547] slab_reclaimable:11450 slab_unreclaimable:116708 [ 517.275812][T19547] mapped:29613 shmem:1374 pagetables:1239 [ 517.275812][T19547] sec_pagetables:0 bounce:0 [ 517.275812][T19547] kernel_misc_reclaimable:0 [ 517.275812][T19547] free:1311445 free_pcp:15030 free_cma:0 [ 517.316310][T19218] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.398932][T19547] Node 0 active_anon:19796kB inactive_anon:0kB active_file:6972kB inactive_file:159960kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:118552kB dirty:548kB writeback:0kB shmem:3960kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12504kB pagetables:4920kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 517.432019][T19218] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.478668][T19547] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 517.489165][T19218] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 517.518244][T19547] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 517.708268][T19547] lowmem_reserve[]: 0 2500 2502 2502 2502 [ 517.723185][T19547] Node 0 DMA32 free:1328084kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:19848kB inactive_anon:0kB active_file:6972kB inactive_file:158140kB unevictable:1536kB writepending:548kB present:3129332kB managed:2561004kB mlocked:0kB bounce:0kB free_pcp:41200kB local_pcp:21424kB free_cma:0kB [ 517.776088][T19547] lowmem_reserve[]: 0 0 1 1 1 [ 517.803619][T19547] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1820kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 517.853612][T19547] lowmem_reserve[]: 0 0 0 0 0 [ 517.875578][T19547] Node 1 Normal free:3902120kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:17532kB local_pcp:10920kB free_cma:0kB [ 517.972858][T19547] lowmem_reserve[]: 0 0 0 0 0 [ 517.997803][T19547] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 518.022964][T19240] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 518.044210][T19547] Node 0 DMA32: 717*4kB (ME) 343*8kB (UM) 84*16kB (UME) 148*32kB (UME) 174*64kB (UME) 545*128kB (UM) 497*256kB (UME) 304*512kB (UME) 174*1024kB (UME) 8*2048kB (UM) 185*4096kB (UM) = 1327788kB [ 518.071348][T10282] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 518.099225][T10282] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 518.128171][T19547] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 518.187046][T19547] Node 1 Normal: 210*4kB (UME) 28*8kB (UME) 7*16kB (UME) 165*32kB (UME) 60*64kB (UME) 11*128kB (UME) 5*256kB (UM) 3*512kB (UM) 3*1024kB (UME) 1*2048kB (E) 948*4096kB (M) = 3902648kB [ 518.206777][ T3465] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 518.245109][ T3465] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 518.249642][T19547] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 518.305273][T19547] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 518.330178][T19547] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 518.363585][T19576] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4127'. [ 518.373103][T19547] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 518.373133][T19547] 43154 total pagecache pages [ 518.373157][T19547] 0 pages in swap cache [ 518.373165][T19547] Free swap = 124996kB [ 518.373175][T19547] Total swap = 124996kB [ 518.373186][T19547] 2097051 pages RAM [ 518.373196][T19547] 0 pages HighMem/MovableOnly [ 518.373204][T19547] 424694 pages reserved [ 518.373213][T19547] 0 pages cma reserved [ 518.601343][T19582] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 518.648612][T19585] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4130'. [ 518.687199][T19585] netlink: 188 bytes leftover after parsing attributes in process `syz.0.4130'. [ 518.871855][T19240] veth0_vlan: entered promiscuous mode [ 518.963446][ T3465] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 519.022418][T19240] veth1_vlan: entered promiscuous mode [ 519.073552][ T3465] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 519.137442][ T3465] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 519.164120][T19240] veth0_macvtap: entered promiscuous mode [ 519.180306][T19240] veth1_macvtap: entered promiscuous mode [ 519.206059][T19240] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 519.225768][T19240] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 519.238007][T19240] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.249717][T19240] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.259894][T19240] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.269170][T19240] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 519.340675][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 519.349841][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 519.382246][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 519.392691][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 519.455937][ T3465] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 519.783622][ T3465] bridge_slave_1: left allmulticast mode [ 519.791804][ T3465] bridge_slave_1: left promiscuous mode [ 519.797549][ T3465] bridge0: port 2(bridge_slave_1) entered disabled state [ 519.806887][ T3465] bridge_slave_0: left allmulticast mode [ 519.813042][ T3465] bridge_slave_0: left promiscuous mode [ 519.819980][ T3465] bridge0: port 1(bridge_slave_0) entered disabled state [ 520.325954][ T3465] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 520.340060][ T3465] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 520.353487][ T3465] bond0 (unregistering): Released all slaves [ 520.851280][ T3465] hsr_slave_0: left promiscuous mode [ 520.865169][ T3465] hsr_slave_1: left promiscuous mode [ 520.887332][ T3465] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 520.906514][ T3465] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 520.927712][ T3465] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 520.936675][ T3465] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 520.969682][ T3465] veth1_macvtap: left promiscuous mode [ 520.975679][ T3465] veth0_macvtap: left promiscuous mode [ 520.982182][ T3465] veth1_vlan: left promiscuous mode [ 520.987788][ T3465] veth0_vlan: left promiscuous mode [ 521.147187][ T5149] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 521.163350][ T5149] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 521.172443][ T5149] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 521.182733][ T5149] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 521.191726][ T5149] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 521.754506][T19639] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4140'. [ 521.897519][ T3465] team0 (unregistering): Port device team_slave_1 removed [ 521.961256][ T3465] team0 (unregistering): Port device team_slave_0 removed [ 522.090770][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 522.115039][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 522.134955][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 522.151975][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 522.160003][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 522.882667][T19648] ------------[ cut here ]------------ [ 522.889191][T19648] WARNING: CPU: 0 PID: 19648 at ./include/net/mac80211.h:7748 _ieee80211_sta_cur_vht_bw+0x524/0x6e0 [ 522.901018][T19648] Modules linked in: [ 522.905437][T19648] CPU: 0 UID: 0 PID: 19648 Comm: syz.1.4142 Not tainted 6.16.0-rc3-syzkaller-00136-g561aa0e22b70 #0 PREEMPT(full) [ 522.917976][T19648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 522.928761][T19648] RIP: 0010:_ieee80211_sta_cur_vht_bw+0x524/0x6e0 [ 522.935819][T19648] Code: 00 00 00 eb 49 41 83 fd 05 74 30 41 83 fd 0d 75 13 e8 b0 52 e5 f6 b8 04 00 00 00 eb 31 e8 a4 52 e5 f6 eb 28 e8 9d 52 e5 f6 90 <0f> 0b 90 eb 1d e8 92 52 e5 f6 b8 02 00 00 00 eb 13 e8 86 52 e5 f6 [ 522.957071][T19648] RSP: 0018:ffffc90004556f48 EFLAGS: 00010287 [ 522.965031][T19648] RAX: ffffffff8adafbd3 RBX: ffff88807aad4000 RCX: 0000000000080000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 522.974141][T19648] RDX: ffffc9000c3f9000 RSI: 0000000000000409 RDI: 000000000000040a [ 522.985701][T19648] RBP: 0000000000000000 R08: ffff888027419e00 R09: 0000000000000007 [ 522.995088][T19648] R10: 000000000000000d R11: 0000000000000002 R12: 0000000000000000 [ 523.004064][T19648] R13: 0000000000000007 R14: ffff88807aad4180 R15: 1ffff1100f55a830 [ 523.012753][T19648] FS: 00007f5aff8706c0(0000) GS:ffff888125c50000(0000) knlGS:0000000000000000 [ 523.022177][T19648] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 523.030034][T19648] CR2: 000000110c34c8fe CR3: 0000000076f80000 CR4: 00000000003526f0 [ 523.038580][T19648] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 523.046687][T19648] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 523.056646][T19648] Call Trace: [ 523.062099][T19648] [ 523.065091][T19648] __ieee80211_vht_handle_opmode+0x3c0/0x850 [ 523.071941][T19648] ? ieee80211_get_link_sband+0x5f/0x3e0 [ 523.078903][T19648] ? __pfx___ieee80211_vht_handle_opmode+0x10/0x10 [ 523.085817][T19648] ? ieee80211_get_link_sband+0x5f/0x3e0 [ 523.092077][T19648] ? ieee80211_sta_init_nss+0x8dd/0xbe0 [ 523.097782][T19648] ? ieee80211_get_link_sband+0x335/0x3e0 [ 523.103921][T19648] sta_link_apply_parameters+0xbb8/0xec0 [ 523.110406][T19648] sta_apply_parameters+0x944/0x15b0 [ 523.115899][T19648] ieee80211_add_station+0x424/0x6a0 [ 523.121534][T19648] rdev_add_station+0x105/0x290 [ 523.126415][T19648] nl80211_new_station+0x1723/0x1b40 [ 523.132143][T19648] ? __pfx_nl80211_new_station+0x10/0x10 [ 523.138061][T19648] ? netdev_run_todo+0xe1d/0xea0 [ 523.143400][T19648] ? nl80211_pre_doit+0x4f1/0x930 [ 523.148908][T19648] genl_family_rcv_msg_doit+0x212/0x300 [ 523.154522][T19648] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 523.160710][T19648] ? bpf_lsm_capable+0x9/0x20 [ 523.166443][T19648] ? security_capable+0x7e/0x2e0 [ 523.172518][T19648] genl_rcv_msg+0x60e/0x790 [ 523.177094][T19648] ? __pfx_genl_rcv_msg+0x10/0x10 [ 523.183218][T19648] ? ref_tracker_free+0x63a/0x7d0 [ 523.188364][T19648] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 523.194408][T19648] ? __pfx_nl80211_new_station+0x10/0x10 [ 523.200903][T19648] ? __pfx_nl80211_post_doit+0x10/0x10 [ 523.206432][T19648] ? __pfx_ref_tracker_free+0x10/0x10 [ 523.212360][T19648] netlink_rcv_skb+0x208/0x470 [ 523.217448][T19648] ? __pfx_genl_rcv_msg+0x10/0x10 [ 523.222773][T19648] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 523.228177][T19648] ? down_read+0x1ad/0x2e0 [ 523.232637][T19648] genl_rcv+0x28/0x40 [ 523.236653][T19648] netlink_unicast+0x75b/0x8d0 [ 523.241759][T19648] netlink_sendmsg+0x805/0xb30 [ 523.246588][T19648] ? __pfx_netlink_sendmsg+0x10/0x10 [ 523.252003][T19648] ? aa_sock_msg_perm+0x94/0x160 [ 523.257078][T19648] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 523.262461][T19648] ? __pfx_netlink_sendmsg+0x10/0x10 [ 523.269313][ T5149] Bluetooth: hci2: command tx timeout [ 523.275811][T19648] __sock_sendmsg+0x21c/0x270 [ 523.281349][T19648] ____sys_sendmsg+0x505/0x830 [ 523.286458][T19648] ? __pfx_____sys_sendmsg+0x10/0x10 [ 523.292370][T19648] ? import_iovec+0x74/0xa0 [ 523.297747][T19648] ___sys_sendmsg+0x21f/0x2a0 [ 523.302999][T19648] ? __pfx____sys_sendmsg+0x10/0x10 [ 523.308787][T19648] ? __fget_files+0x2a/0x420 [ 523.313613][T19648] ? __fget_files+0x3a0/0x420 [ 523.318782][T19648] __x64_sys_sendmsg+0x19b/0x260 [ 523.324292][T19648] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 523.330219][T19648] ? rcu_is_watching+0x15/0xb0 [ 523.335148][T19648] ? do_syscall_64+0xbe/0x3b0 [ 523.340274][T19648] do_syscall_64+0xfa/0x3b0 [ 523.345533][T19648] ? lockdep_hardirqs_on+0x9c/0x150 [ 523.353144][T19648] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.360634][T19648] ? clear_bhb_loop+0x60/0xb0 [ 523.366586][T19648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.376552][T19648] RIP: 0033:0x7f5afe98e929 [ 523.382550][T19648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 523.410261][T19648] RSP: 002b:00007f5aff870038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 523.418761][T19648] RAX: ffffffffffffffda RBX: 00007f5afebb5fa0 RCX: 00007f5afe98e929 [ 523.426779][T19648] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000008 [ 523.434990][T19648] RBP: 00007f5afea10b39 R08: 0000000000000000 R09: 0000000000000000 [ 523.443423][T19648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 523.451576][T19648] R13: 0000000000000000 R14: 00007f5afebb5fa0 R15: 00007ffff3a13488 [ 523.459817][T19648] [ 523.462924][T19648] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 523.470501][T19648] CPU: 0 UID: 0 PID: 19648 Comm: syz.1.4142 Not tainted 6.16.0-rc3-syzkaller-00136-g561aa0e22b70 #0 PREEMPT(full) [ 523.483544][T19648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 523.493937][T19648] Call Trace: [ 523.497325][T19648] [ 523.501049][T19648] dump_stack_lvl+0x99/0x250 [ 523.505749][T19648] ? __asan_memcpy+0x40/0x70 [ 523.510459][T19648] ? __pfx_dump_stack_lvl+0x10/0x10 [ 523.515705][T19648] ? __pfx__printk+0x10/0x10 [ 523.520623][T19648] panic+0x2db/0x790 [ 523.524655][T19648] ? __pfx_panic+0x10/0x10 [ 523.529096][T19648] ? show_trace_log_lvl+0x4fb/0x550 [ 523.534331][T19648] __warn+0x31b/0x4b0 [ 523.538872][T19648] ? _ieee80211_sta_cur_vht_bw+0x524/0x6e0 [ 523.544892][T19648] ? _ieee80211_sta_cur_vht_bw+0x524/0x6e0 [ 523.550796][T19648] report_bug+0x2be/0x4f0 [ 523.555139][T19648] ? _ieee80211_sta_cur_vht_bw+0x524/0x6e0 [ 523.561054][T19648] ? _ieee80211_sta_cur_vht_bw+0x524/0x6e0 [ 523.566864][T19648] ? _ieee80211_sta_cur_vht_bw+0x526/0x6e0 [ 523.572932][T19648] handle_bug+0x84/0x160 [ 523.577182][T19648] exc_invalid_op+0x1a/0x50 [ 523.581689][T19648] asm_exc_invalid_op+0x1a/0x20 [ 523.586537][T19648] RIP: 0010:_ieee80211_sta_cur_vht_bw+0x524/0x6e0 [ 523.592992][T19648] Code: 00 00 00 eb 49 41 83 fd 05 74 30 41 83 fd 0d 75 13 e8 b0 52 e5 f6 b8 04 00 00 00 eb 31 e8 a4 52 e5 f6 eb 28 e8 9d 52 e5 f6 90 <0f> 0b 90 eb 1d e8 92 52 e5 f6 b8 02 00 00 00 eb 13 e8 86 52 e5 f6 [ 523.612688][T19648] RSP: 0018:ffffc90004556f48 EFLAGS: 00010287 [ 523.618756][T19648] RAX: ffffffff8adafbd3 RBX: ffff88807aad4000 RCX: 0000000000080000 [ 523.626929][T19648] RDX: ffffc9000c3f9000 RSI: 0000000000000409 RDI: 000000000000040a [ 523.635088][T19648] RBP: 0000000000000000 R08: ffff888027419e00 R09: 0000000000000007 [ 523.643408][T19648] R10: 000000000000000d R11: 0000000000000002 R12: 0000000000000000 [ 523.651435][T19648] R13: 0000000000000007 R14: ffff88807aad4180 R15: 1ffff1100f55a830 [ 523.659433][T19648] ? _ieee80211_sta_cur_vht_bw+0x523/0x6e0 [ 523.665265][T19648] ? _ieee80211_sta_cur_vht_bw+0x523/0x6e0 [ 523.671080][T19648] __ieee80211_vht_handle_opmode+0x3c0/0x850 [ 523.677349][T19648] ? ieee80211_get_link_sband+0x5f/0x3e0 [ 523.683210][T19648] ? __pfx___ieee80211_vht_handle_opmode+0x10/0x10 [ 523.690009][T19648] ? ieee80211_get_link_sband+0x5f/0x3e0 [ 523.695744][T19648] ? ieee80211_sta_init_nss+0x8dd/0xbe0 [ 523.701381][T19648] ? ieee80211_get_link_sband+0x335/0x3e0 [ 523.707516][T19648] sta_link_apply_parameters+0xbb8/0xec0 [ 523.713536][T19648] sta_apply_parameters+0x944/0x15b0 [ 523.718957][T19648] ieee80211_add_station+0x424/0x6a0 [ 523.724819][T19648] rdev_add_station+0x105/0x290 [ 523.729881][T19648] nl80211_new_station+0x1723/0x1b40 [ 523.735187][T19648] ? __pfx_nl80211_new_station+0x10/0x10 [ 523.740952][T19648] ? netdev_run_todo+0xe1d/0xea0 [ 523.745950][T19648] ? nl80211_pre_doit+0x4f1/0x930 [ 523.751132][T19648] genl_family_rcv_msg_doit+0x212/0x300 [ 523.756800][T19648] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 523.763075][T19648] ? bpf_lsm_capable+0x9/0x20 [ 523.767843][T19648] ? security_capable+0x7e/0x2e0 [ 523.772790][T19648] genl_rcv_msg+0x60e/0x790 [ 523.777325][T19648] ? __pfx_genl_rcv_msg+0x10/0x10 [ 523.782377][T19648] ? ref_tracker_free+0x63a/0x7d0 [ 523.787502][T19648] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 523.792916][T19648] ? __pfx_nl80211_new_station+0x10/0x10 [ 523.799538][T19648] ? __pfx_nl80211_post_doit+0x10/0x10 [ 523.805713][T19648] ? __pfx_ref_tracker_free+0x10/0x10 [ 523.811118][T19648] netlink_rcv_skb+0x208/0x470 [ 523.815915][T19648] ? __pfx_genl_rcv_msg+0x10/0x10 [ 523.821056][T19648] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 523.826501][T19648] ? down_read+0x1ad/0x2e0 [ 523.831031][T19648] genl_rcv+0x28/0x40 [ 523.835036][T19648] netlink_unicast+0x75b/0x8d0 [ 523.839813][T19648] netlink_sendmsg+0x805/0xb30 [ 523.844676][T19648] ? __pfx_netlink_sendmsg+0x10/0x10 [ 523.849974][T19648] ? aa_sock_msg_perm+0x94/0x160 [ 523.855001][T19648] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 523.860298][T19648] ? __pfx_netlink_sendmsg+0x10/0x10 [ 523.865599][T19648] __sock_sendmsg+0x21c/0x270 [ 523.870286][T19648] ____sys_sendmsg+0x505/0x830 [ 523.875228][T19648] ? __pfx_____sys_sendmsg+0x10/0x10 [ 523.880571][T19648] ? import_iovec+0x74/0xa0 [ 523.885190][T19648] ___sys_sendmsg+0x21f/0x2a0 [ 523.889887][T19648] ? __pfx____sys_sendmsg+0x10/0x10 [ 523.895298][T19648] ? __fget_files+0x2a/0x420 [ 523.899905][T19648] ? __fget_files+0x3a0/0x420 [ 523.904706][T19648] __x64_sys_sendmsg+0x19b/0x260 [ 523.909774][T19648] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 523.915255][T19648] ? rcu_is_watching+0x15/0xb0 [ 523.920051][T19648] ? do_syscall_64+0xbe/0x3b0 [ 523.924747][T19648] do_syscall_64+0xfa/0x3b0 [ 523.929371][T19648] ? lockdep_hardirqs_on+0x9c/0x150 [ 523.934687][T19648] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.941117][T19648] ? clear_bhb_loop+0x60/0xb0 [ 523.945953][T19648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.951965][T19648] RIP: 0033:0x7f5afe98e929 [ 523.956530][T19648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 523.977484][T19648] RSP: 002b:00007f5aff870038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 523.986263][T19648] RAX: ffffffffffffffda RBX: 00007f5afebb5fa0 RCX: 00007f5afe98e929 [ 523.994655][T19648] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000008 [ 524.002745][T19648] RBP: 00007f5afea10b39 R08: 0000000000000000 R09: 0000000000000000 [ 524.014380][T19648] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 524.022459][T19648] R13: 0000000000000000 R14: 00007f5afebb5fa0 R15: 00007ffff3a13488 [ 524.030987][T19648] [ 524.034364][T19648] Kernel Offset: disabled [ 524.038881][T19648] Rebooting in 86400 seconds..