last executing test programs: 1m33.730714778s ago: executing program 4 (id=3359): bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a000000080000000200000004"], 0x50) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000100)=0x3915, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f0000000580)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f00000000c0)=0x100, 0x4) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x2d, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000), &(0x7f0000000140)=0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xf, 0x14, &(0x7f0000000200)=ANY=[@ANYRES8=r0, @ANYRES16=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000001c00000003000000010000000000008405000000006100"], 0x0, 0x27, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) 1m18.513365689s ago: executing program 4 (id=3359): bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a000000080000000200000004"], 0x50) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000100)=0x3915, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f0000000580)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f00000000c0)=0x100, 0x4) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x2d, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000), &(0x7f0000000140)=0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xf, 0x14, &(0x7f0000000200)=ANY=[@ANYRES8=r0, @ANYRES16=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000001c00000003000000010000000000008405000000006100"], 0x0, 0x27, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) 57.213345281s ago: executing program 4 (id=3359): bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a000000080000000200000004"], 0x50) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000100)=0x3915, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f0000000580)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f00000000c0)=0x100, 0x4) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x2d, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000), &(0x7f0000000140)=0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xf, 0x14, &(0x7f0000000200)=ANY=[@ANYRES8=r0, @ANYRES16=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000001c00000003000000010000000000008405000000006100"], 0x0, 0x27, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) 38.241685512s ago: executing program 4 (id=3359): bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a000000080000000200000004"], 0x50) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000100)=0x3915, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f0000000580)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f00000000c0)=0x100, 0x4) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x2d, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000), &(0x7f0000000140)=0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xf, 0x14, &(0x7f0000000200)=ANY=[@ANYRES8=r0, @ANYRES16=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000001c00000003000000010000000000008405000000006100"], 0x0, 0x27, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) 21.781142707s ago: executing program 4 (id=3359): bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a000000080000000200000004"], 0x50) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000100)=0x3915, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f0000000580)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f00000000c0)=0x100, 0x4) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x2d, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000), &(0x7f0000000140)=0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xf, 0x14, &(0x7f0000000200)=ANY=[@ANYRES8=r0, @ANYRES16=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000001c00000003000000010000000000008405000000006100"], 0x0, 0x27, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) 7.079946732s ago: executing program 4 (id=3359): bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a000000080000000200000004"], 0x50) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000100)=0x3915, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f0000000580)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f00000000c0)=0x100, 0x4) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x2d, 0x0) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000), &(0x7f0000000140)=0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xf, 0x14, &(0x7f0000000200)=ANY=[@ANYRES8=r0, @ANYRES16=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000001c00000003000000010000000000008405000000006100"], 0x0, 0x27, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) 3.647465139s ago: executing program 3 (id=4176): socket$igmp(0x2, 0x3, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000400)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYBLOB="010800000000000000000b0000000800", @ANYRES32, @ANYBLOB="0a0006000802110000000000380050800800030006ac0f0011000100cabee339084eeef109002471f40000000800070000"], 0x60}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000000c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x14, 0x6, 0x0, @local, @local, {[], {{0x804, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x2}}}}}}}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0) close(r1) r2 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @loopback}, 0x10, 0x0}, 0x34004000) write$cgroup_type(r1, &(0x7f0000000080), 0x11ffffce1) 3.383036383s ago: executing program 3 (id=4179): r0 = socket$nl_generic(0x11, 0x3, 0x10) r1 = socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @random="a538ae464632", @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x11, 0x0, 0x0, @multicast1}}}}}, 0x0) sendmsg(r1, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{0x0}], 0x1, 0x0, 0x0, 0x11000000}, 0x0) sendmsg(r0, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) 3.274209652s ago: executing program 2 (id=4181): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@dev={0xfe, 0x80, '\x00', 0x3b}, @in6=@local, 0x0, 0x0, 0x0, 0xc9c, 0xa, 0x60, 0x30, 0x0, 0x0, 0xee01}, {0x0, 0x7f, 0x7, 0x0, 0x0, 0xfffffffffffffffd, 0x5, 0xffffffffffffffff}, {0xffffffff, 0x0, 0x0, 0x6}, 0x0, 0x0, 0x1, 0x0, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x90}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x8, 0x2c, 0x0, @remote, @local, {[], {{0x3a00, 0x5, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f00000001c0)=0x7, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000000300)=""/29, &(0x7f0000000240)=0x1d) syz_emit_ethernet(0x3b6, &(0x7f00000003c0)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb86dd60122d9203803afffe8000000000000000000000000000bbff02000000000000000000000000000186009078000000000000000000000000000aa78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af030200010000000500000000260004000018fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d88049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978001d06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000030b17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f0032107b8a3e100908f6164000000020000000000000000000000ffff008879e66485201a0015ca83747357a0274500040000000000000000000000145e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c0005d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) sendmmsg(r0, 0x0, 0x0, 0x20040010) sendto$inet6(r0, &(0x7f0000000040)="eca727e4a7d0dacebece68d033d58d05dede71cd8afe590897aa78ccb16ced4442e5718559a35326b93d5b8d6f99019c853ad34b8255226e135cdf5de5b00bc2a13edb6103fb5a8fabb4daa9f5d61ce0899fa0556cb837e776fc10f55abb4897c3b98af3a565c0b899a0346f2102ec0d44054410ed5fc07e11d0df271c64d273db575b7642f1d1818ee61021b9eb894324643940b2f4c544edc0ea0bb3aa79dea2b8220a0f1c117dc748c628ceadd8138de9858e057bd39716a264aaac576a10f5143b31839d163794b5db767e199d5d728d", 0xd2, 0x800, &(0x7f0000000140)={0xa, 0x4e23, 0x6, @private0, 0x74}, 0x1c) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000c40)='./cgroup/syz1\x00', 0x200002, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000380)={0x2, 0x4e22, @empty}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb7, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0xbd}, [@ldst={0x5, 0x3, 0x0, 0xa}]}, &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2a) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r4 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r4, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) recvmmsg(r4, &(0x7f0000001040)=[{{0x0, 0x0, 0x0}, 0x6}], 0x1, 0x22, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @default]}) setsockopt$ax25_SO_BINDTODEVICE(r4, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc) ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000)) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c) socket$nl_netfilter(0x10, 0x3, 0xc) 3.222192209s ago: executing program 3 (id=4182): bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x812, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xa, 0x9, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x6, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x3, 0x1, 0x0, r1}, @call={0x85, 0x0, 0x0, 0x2b}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r0, r2, 0x5, 0x0, 0x0, @void, @value}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000340), &(0x7f0000000300)=@tcp}, 0x20) shutdown(0xffffffffffffffff, 0x1) 3.02167202s ago: executing program 3 (id=4183): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000fcdbdf252100000008000300", @ANYRES32=r2, @ANYBLOB="14002c800800"], 0x30}, 0x1, 0x0, 0x0, 0x14001}, 0x9590f6cc3ea35512) 2.491306886s ago: executing program 0 (id=4185): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x1c, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_ASSOCIATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x7c, r1, 0x1, 0x70bd2c, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x96c}], @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_HT_CAPABILITY_MASK={0x1e, 0x94, {0x4000, 0x1, 0x6, 0x0, {0xc3, 0x3, 0x0, 0x37a, 0x0, 0x1, 0x1, 0x3, 0x1}, 0x1, 0x3ff, 0x4}}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x1000, 0x3, 0x0, 0x0, {0x5, 0x1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x9, 0xa}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4000815}, 0x850) 2.380803591s ago: executing program 0 (id=4186): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$inet_mreq(r1, 0x0, 0x23, 0x0, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x80, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c) 2.00438651s ago: executing program 1 (id=4187): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) writev(r0, &(0x7f0000000980)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f8864f0", 0x13}, {0x0}, {&(0x7f0000000880)='v', 0x1}], 0x3) 1.21821907s ago: executing program 2 (id=4188): socket$alg(0x26, 0x5, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) epoll_create1(0x0) socket(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r0}, &(0x7f00000001c0), &(0x7f0000000300)=r1}, 0x20) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x5, 0xd50, 0x0, &(0x7f00000003c0)="000000000000000000000001e370", 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) 1.217342436s ago: executing program 3 (id=4189): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c000000100001002cbd700000000000000000005a7893bfad6281dcd0665adfa791d0c1df6cb84a8b75b8fad398f24e8c9674908668e0dd9da8e847", @ANYRES32=0x0, @ANYBLOB="8021000000000000140003006e657464657673696d30000000000000180016801400018010000200050000001b090000fcffffff"], 0x4c}}, 0x0) bind$bt_hci(r0, &(0x7f0000000200)={0x27, 0x200, 0x3}, 0x6) r2 = socket$inet_udp(0x2, 0x2, 0x0) socket$alg(0x26, 0x5, 0x0) socket$kcm(0x2, 0x200000000000001, 0x106) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) socket$netlink(0x10, 0x3, 0x0) socket$tipc(0x1e, 0x2, 0x0) socket$tipc(0x1e, 0x5, 0x0) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e23, 0xee, @local, 0x8}, 0x1c) socket(0x1d, 0x2, 0x6) unshare(0x22020600) pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000000)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x1, 0x7fffffff}, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r5 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r4, &(0x7f00000017c0)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x14}, @ipv4=@udp={{0x6, 0x4, 0x3, 0x1b, 0x65, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x1a}, {[@timestamp={0x44, 0x4, 0x1c, 0x0, 0x6}]}}, {0x4e20, 0x4e22, 0x4d, 0x0, @wg=@data={0x4, 0x2, 0x8, "07771ac366586e56f446dcd22ec94c672f1cd650b4e9142373a300245d0bea516a2fbeddd0cb5cffbac1852e0cfe302d0000000000"}}}}, 0x73) close(r2) 1.172490219s ago: executing program 0 (id=4190): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x1) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x408, 0x0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x490, 0xffffffff, 0xffffffff, 0x490, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'vxcan1\x00', {0x8}}}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xfd}}, [], [0x0, 0xffffffff], 'pim6reg\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x200, 0x248, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x5}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'bridge_slave_0\x00', {0x53}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x468) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r3}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) 1.01632432s ago: executing program 1 (id=4191): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth0_vlan\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000ec0)=ANY=[@ANYBLOB="740000001000090400000000df00000000000000", @ANYRES32=r2, @ANYBLOB="000000000000000054001280110001006272696467655f736c617665000000003c"], 0x74}}, 0x0) 876.457619ms ago: executing program 2 (id=4192): r0 = socket$nl_generic(0x11, 0x3, 0x10) r1 = socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @random="a538ae464632", @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x11, 0x0, 0x0, @multicast1}}}}}, 0x0) sendmsg(r1, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{0x0}], 0x1, 0x0, 0x0, 0x11000000}, 0x0) sendmsg(r0, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) 719.880639ms ago: executing program 1 (id=4193): bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) 697.478972ms ago: executing program 0 (id=4194): bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x812, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xa, 0x9, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x6, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x3, 0x1, 0x0, r1}, @call={0x85, 0x0, 0x0, 0x2b}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r0, r2, 0x5, 0x0, 0x0, @void, @value}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000340), &(0x7f0000000300)=@tcp}, 0x20) shutdown(0xffffffffffffffff, 0x1) 594.342102ms ago: executing program 2 (id=4195): socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x28, 0x0, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}]}]}, 0x28}}, 0x10) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="1400000023000b6c8cfffdfccabb00f90429fc60", 0x14}], 0x1}, 0x2400c000) 450.744226ms ago: executing program 1 (id=4196): sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000880)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4880) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x10000, {{@in=@multicast2, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x8, 0x0, 0x100000001, 0x0, 0x0, 0xffffffffffffb473, 0xffffffffffffffff}, {0x1000000000, 0x2000000000000000, 0x4, 0xffffffffffffffff}, 0xfffffffe}}, 0xb8}}, 0x4004) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x1, 0x0, 0x1000, 0x0, 0xa, 0x20}, {}, {0x0, 0x0, 0x0, 0xfffffffffffffffe}}}, 0xb8}, 0x1, 0x0, 0x0, 0x404c830}, 0x0) 450.124218ms ago: executing program 2 (id=4197): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, 0x0, &(0x7f0000000140)) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={0x0, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="30000000000000008400000001000000000000017c"], 0x30}], 0x1, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x5, 0x20}, 0xc) 356.170723ms ago: executing program 0 (id=4198): r0 = socket(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc000000181100", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="b00000000002010400000000000000000700000608000940ffffffff08000440000000810800084000000003200001"], 0xb0}, 0x1, 0x0, 0x0, 0x8004}, 0x10) r3 = socket(0x2a, 0x2, 0x0) getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=@newqdisc={0xdc, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xb, 0x9}, {0xffe0, 0x8}, {0xfff1, 0x7}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x70}, @TCA_STAB={0xa8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x3, 0x7, 0x7f, 0x47b5, 0x1, 0x3, 0x3, 0x7}}, {0x12, 0x2, [0x1, 0x60, 0x144a, 0xe, 0x6d, 0x13e, 0x2]}}, {{0x1c, 0x1, {0x40, 0x1, 0x200, 0x4, 0x2, 0x40, 0xfffffff0}}, {0x4}}, {{0x1c, 0x1, {0x4, 0xb, 0xfff8, 0xc000, 0x2, 0x3, 0x7f, 0x3}}, {0xa, 0x2, [0x9, 0x6c, 0x8]}}, {{0x1c, 0x1, {0x9, 0xfc, 0x14, 0x6, 0x2, 0xbeaa, 0x6, 0x6}}, {0x10, 0x2, [0x2b, 0x1, 0x3, 0x4, 0x76, 0x1ff]}}]}, @TCA_RATE={0x6, 0x5, {0x8, 0x5}}]}, 0xdc}}, 0x800) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c00178018"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000300)=r2}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000004c0)={r5, &(0x7f0000000400)="e8", &(0x7f0000000480)=@tcp6=r0, 0x1}, 0x20) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[@ANYBLOB="240000000104010200000180000000000000000008000540000000000500010001"], 0x24}}, 0x0) r7 = socket$kcm(0x10, 0x2, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x1, 0x0, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x1, 0x0, 0x3, {@ip4=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x86dd}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000043c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="0d4201f3951384e3", 0x8}], 0x1}}], 0x1, 0x0) sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r2, 0x5, 0xe, 0x0, &(0x7f00000003c0)="000000000000000000000001e370", 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x50) 292.23835ms ago: executing program 1 (id=4199): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000fcdbdf252100000008000300", @ANYRES32=r2, @ANYBLOB="14002c800800"], 0x30}, 0x1, 0x0, 0x0, 0x14001}, 0x9590f6cc3ea35512) 244.00376ms ago: executing program 2 (id=4200): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x0, 0x0, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c) 48.610112ms ago: executing program 0 (id=4201): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x7c, 0x7c, 0x2, [@var, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{}, {}, {0x0, 0x4}, {}, {}, {}]}, @fwd, @volatile, @typedef={0x4, 0x0, 0x0, 0x8, 0x3}, @volatile={0x0, 0x0, 0x0, 0x9, 0x6}]}}, 0x0, 0x96, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, &(0x7f0000000040)=""/247, 0x26, 0xf7, 0x1, 0x0, 0x0, @void, @value}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x7, &(0x7f0000000180)=@framed={{}, [@func={0x85, 0x0, 0x1, 0x0, 0x3}, @map_val, @exit]}, 0x0, 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) unshare(0x20000400) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r4, r5, 0x5, 0x0, 0x0, @void, @value}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r4}, &(0x7f00000006c0), &(0x7f0000000700)=r3}, 0x20) r6 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@ipv6_getroute={0x24, 0x1a, 0x1, 0x0, 0x0, {0x2, 0x0, 0x20, 0xff}, [@RTA_MARK={0x8, 0x10, 0x6}]}, 0x24}}, 0x8000) sendmsg$inet(r2, &(0x7f0000000980)={0x0, 0x6000, &(0x7f0000000900)=[{&(0x7f0000000640)='U', 0xa00120}], 0x1}, 0x3) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x0, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) getpid() bpf$MAP_CREATE(0x0, 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x15, 0x10, 0x1ff, 0x0, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) sendmsg$IPSET_CMD_FLUSH(r7, &(0x7f0000000800)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000680)={&(0x7f0000000780)={0x44, 0x4, 0x6, 0x401, 0x0, 0x0, {0x7, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0xc080}, 0xe821651e0a1b45fc) 38.998486ms ago: executing program 3 (id=4202): socket$kcm(0xa, 0x922000000003, 0x11) socket$kcm(0xa, 0x922000000003, 0x11) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907a56675f37538ec86dd6317ce22667f1100db5b686158bbcfe8875a65969ff57b03000000"], 0xfdef) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fed007907001175f37538e486dd6317ce2200"], 0xcfa4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x88be, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 0s ago: executing program 1 (id=4203): syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x54}, 0x8000) kernel console output (not intermixed with test programs): 000141 [ 380.647261][T15359] RAX: ffffffffffffffda RBX: 00007fd0c8db5fa0 RCX: 00007fd0c8b8e929 [ 380.647277][T15359] RDX: 0000000000000028 RSI: 0000200000000080 RDI: 0000000000000012 [ 380.647292][T15359] RBP: 00007fd0c996e090 R08: 0000000000000000 R09: 0000000000000000 [ 380.647306][T15359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 380.647319][T15359] R13: 0000000000000001 R14: 00007fd0c8db5fa0 R15: 00007ffff514fcd8 [ 380.647353][T15359] [ 381.013160][T15363] FAULT_INJECTION: forcing a failure. [ 381.013160][T15363] name failslab, interval 1, probability 0, space 0, times 0 [ 381.031907][T15363] CPU: 0 UID: 0 PID: 15363 Comm: syz.1.3253 Not tainted 6.16.0-rc2-syzkaller-00623-g14966a8df77e #0 PREEMPT(full) [ 381.031938][T15363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 381.031951][T15363] Call Trace: [ 381.031960][T15363] [ 381.031970][T15363] dump_stack_lvl+0x189/0x250 [ 381.032006][T15363] ? __pfx____ratelimit+0x10/0x10 [ 381.032028][T15363] ? __pfx_dump_stack_lvl+0x10/0x10 [ 381.032059][T15363] ? __pfx__printk+0x10/0x10 [ 381.032096][T15363] should_fail_ex+0x414/0x560 [ 381.032127][T15363] should_failslab+0xa8/0x100 [ 381.032152][T15363] __kmalloc_cache_noprof+0x70/0x3d0 [ 381.032172][T15363] ? sctp_add_bind_addr+0x8c/0x370 [ 381.032200][T15363] sctp_add_bind_addr+0x8c/0x370 [ 381.032229][T15363] sctp_copy_local_addr_list+0x30b/0x4e0 [ 381.032255][T15363] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 381.032275][T15363] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 381.032296][T15363] ? sctp_v6_is_any+0x64/0x80 [ 381.032320][T15363] ? sctp_copy_one_addr+0x93/0x360 [ 381.032347][T15363] sctp_bind_addr_copy+0xb3/0x3c0 [ 381.032371][T15363] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 381.032408][T15363] sctp_connect_new_asoc+0x2e0/0x690 [ 381.032441][T15363] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 381.032475][T15363] ? __local_bh_enable_ip+0x12d/0x1c0 [ 381.032513][T15363] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 381.032559][T15363] ? security_sctp_bind_connect+0x7e/0x2e0 [ 381.032586][T15363] sctp_sendmsg+0x155c/0x2810 [ 381.032628][T15363] ? __pfx_sctp_sendmsg+0x10/0x10 [ 381.032661][T15363] ? aa_sk_perm+0x81e/0x950 [ 381.032691][T15363] ? __pfx_aa_sk_perm+0x10/0x10 [ 381.032719][T15363] ? sock_rps_record_flow+0x19/0x410 [ 381.032749][T15363] ? inet_sendmsg+0x2f4/0x370 [ 381.032777][T15363] __sock_sendmsg+0x19c/0x270 [ 381.032804][T15363] ____sys_sendmsg+0x52d/0x830 [ 381.032843][T15363] ? __pfx_____sys_sendmsg+0x10/0x10 [ 381.032885][T15363] ? import_iovec+0x74/0xa0 [ 381.032912][T15363] ___sys_sendmsg+0x21f/0x2a0 [ 381.032945][T15363] ? __pfx____sys_sendmsg+0x10/0x10 [ 381.033018][T15363] ? __fget_files+0x2a/0x420 [ 381.033040][T15363] ? __fget_files+0x3a0/0x420 [ 381.033076][T15363] __sys_sendmmsg+0x227/0x430 [ 381.033113][T15363] ? __pfx___sys_sendmmsg+0x10/0x10 [ 381.033141][T15363] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 381.033195][T15363] ? ksys_write+0x22a/0x250 [ 381.033218][T15363] ? __pfx_ksys_write+0x10/0x10 [ 381.033234][T15363] ? rcu_is_watching+0x15/0xb0 [ 381.033274][T15363] __x64_sys_sendmmsg+0xa0/0xc0 [ 381.033306][T15363] do_syscall_64+0xfa/0x3b0 [ 381.033328][T15363] ? lockdep_hardirqs_on+0x9c/0x150 [ 381.033348][T15363] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 381.033369][T15363] ? clear_bhb_loop+0x60/0xb0 [ 381.033395][T15363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 381.033416][T15363] RIP: 0033:0x7fd0c8b8e929 [ 381.033434][T15363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 381.033458][T15363] RSP: 002b:00007fd0c996e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 381.033480][T15363] RAX: ffffffffffffffda RBX: 00007fd0c8db5fa0 RCX: 00007fd0c8b8e929 [ 381.033496][T15363] RDX: 0000000000000002 RSI: 0000200000002380 RDI: 0000000000000003 [ 381.033509][T15363] RBP: 00007fd0c996e090 R08: 0000000000000000 R09: 0000000000000000 [ 381.033522][T15363] R10: 00000000200110d0 R11: 0000000000000246 R12: 0000000000000002 [ 381.033536][T15363] R13: 0000000000000000 R14: 00007fd0c8db5fa0 R15: 00007ffff514fcd8 [ 381.033569][T15363] [ 381.416337][ T5850] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 381.425681][ T5850] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 381.446945][ T5850] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 381.458641][ T5850] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 381.473249][ T5850] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 381.529463][ T5831]  (unregistering): left promiscuous mode [ 381.552346][ T7733] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 381.596726][ T7733] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 381.614754][T15374] xt_limit: Overflow, try lower: 262144/524288 [ 381.832775][T15366] lo speed is unknown, defaulting to 1000 [ 381.995289][T15384] validate_nla: 3 callbacks suppressed [ 381.995312][T15384] netlink: 'syz.2.3261': attribute type 39 has an invalid length. [ 382.126267][T15390] netlink: 'syz.1.3263': attribute type 14 has an invalid length. [ 382.509031][T15366] chnl_net:caif_netlink_parms(): no params data found [ 382.664262][T15412] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3272'. [ 382.827541][T15366] bridge0: port 1(bridge_slave_0) entered blocking state [ 382.839689][T15366] bridge0: port 1(bridge_slave_0) entered disabled state [ 382.847514][T15366] bridge_slave_0: entered allmulticast mode [ 382.857091][T15366] bridge_slave_0: entered promiscuous mode [ 382.867376][T15366] bridge0: port 2(bridge_slave_1) entered blocking state [ 382.895834][T15366] bridge0: port 2(bridge_slave_1) entered disabled state [ 382.917390][T15366] bridge_slave_1: entered allmulticast mode [ 382.940450][T15366] bridge_slave_1: entered promiscuous mode [ 383.006707][T15426] netlink: 'syz.3.3275': attribute type 13 has an invalid length. [ 383.029703][T15426] netlink: 'syz.3.3275': attribute type 17 has an invalid length. [ 383.119230][T15431] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3278'. [ 383.135101][T15431] netlink: 'syz.2.3278': attribute type 9 has an invalid length. [ 383.144795][T15426] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 383.161355][ T10] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 383.179507][T15366] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 383.209879][T15431] macvlan4: entered allmulticast mode [ 383.223741][T15432] block nbd0: server does not support multiple connections per device. [ 383.226883][T15366] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 383.250415][T15429] lo speed is unknown, defaulting to 1000 [ 383.259130][T15432] block nbd0: shutting down sockets [ 383.287909][T15433] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 383.357087][T15426] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 383.427974][T15366] team0: Port device team_slave_0 added [ 383.510823][T15366] team0: Port device team_slave_1 added [ 383.543255][ T5850] Bluetooth: hci5: command tx timeout [ 383.634717][T15366] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 383.641855][T15366] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 383.671490][T15366] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 383.683597][ T10] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 383.701849][T15445] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3282'. [ 383.727960][T15447] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3284'. [ 383.737385][T15447] netlink: 'syz.1.3284': attribute type 6 has an invalid length. [ 384.476750][T15454] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 384.486958][T15450] netlink: 'syz.3.3285': attribute type 83 has an invalid length. [ 384.516832][T15450] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.3285'. [ 384.560824][T15446] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 384.564297][T15456] FAULT_INJECTION: forcing a failure. [ 384.564297][T15456] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 384.585605][T15456] CPU: 1 UID: 0 PID: 15456 Comm: syz.2.3286 Not tainted 6.16.0-rc2-syzkaller-00623-g14966a8df77e #0 PREEMPT(full) [ 384.585635][T15456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 384.585648][T15456] Call Trace: [ 384.585656][T15456] [ 384.585665][T15456] dump_stack_lvl+0x189/0x250 [ 384.585701][T15456] ? __pfx____ratelimit+0x10/0x10 [ 384.585722][T15456] ? __pfx_dump_stack_lvl+0x10/0x10 [ 384.585749][T15456] ? __pfx__printk+0x10/0x10 [ 384.585779][T15456] should_fail_ex+0x414/0x560 [ 384.585807][T15456] _copy_to_user+0x31/0xb0 [ 384.585827][T15456] simple_read_from_buffer+0xe1/0x170 [ 384.585850][T15456] proc_fail_nth_read+0x1df/0x250 [ 384.585875][T15456] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 384.585899][T15456] ? rw_verify_area+0x258/0x650 [ 384.585925][T15456] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 384.585948][T15456] vfs_read+0x1fd/0x980 [ 384.585981][T15456] ? __pfx___mutex_lock+0x10/0x10 [ 384.586000][T15456] ? __pfx_vfs_read+0x10/0x10 [ 384.586028][T15456] ? __fget_files+0x2a/0x420 [ 384.586053][T15456] ? __fget_files+0x3a0/0x420 [ 384.586070][T15456] ? __fget_files+0x2a/0x420 [ 384.586098][T15456] ksys_read+0x145/0x250 [ 384.586117][T15456] ? __pfx_ksys_read+0x10/0x10 [ 384.586141][T15456] ? rcu_is_watching+0x15/0xb0 [ 384.586173][T15456] ? do_syscall_64+0xbe/0x3b0 [ 384.586196][T15456] do_syscall_64+0xfa/0x3b0 [ 384.586223][T15456] ? lockdep_hardirqs_on+0x9c/0x150 [ 384.586240][T15456] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.586258][T15456] ? clear_bhb_loop+0x60/0xb0 [ 384.586279][T15456] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.586296][T15456] RIP: 0033:0x7f11ed98d33c [ 384.586313][T15456] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 384.586330][T15456] RSP: 002b:00007f11ee828030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 384.586350][T15456] RAX: ffffffffffffffda RBX: 00007f11edbb5fa0 RCX: 00007f11ed98d33c [ 384.586363][T15456] RDX: 000000000000000f RSI: 00007f11ee8280a0 RDI: 000000000000000a [ 384.586375][T15456] RBP: 00007f11ee828090 R08: 0000000000000000 R09: 0000000000000000 [ 384.586386][T15456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 384.586397][T15456] R13: 0000000000000000 R14: 00007f11edbb5fa0 R15: 00007fff89077d88 [ 384.586425][T15456] [ 385.632995][ T5850] Bluetooth: hci5: command tx timeout [ 385.757822][T15366] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 385.765278][T15366] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 385.791823][T15366] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 385.823619][T15447] lo speed is unknown, defaulting to 1000 [ 385.985435][T15469] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3289'. [ 386.085863][T15366] hsr_slave_0: entered promiscuous mode [ 386.099354][T15366] hsr_slave_1: entered promiscuous mode [ 386.118168][T15366] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 386.134003][T15366] Cannot create hsr debugfs directory [ 386.169181][T15469] dummy0: entered promiscuous mode [ 386.186897][T15469] dummy0: left promiscuous mode [ 386.405848][T15481] netlink: 'syz.3.3294': attribute type 39 has an invalid length. [ 386.671813][T15366] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.860713][T15366] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 386.922983][T15495] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3301'. [ 386.931403][T15497] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3300'. [ 387.049014][T15366] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.308665][T15511] netlink: 'syz.2.3305': attribute type 39 has an invalid length. [ 387.369098][T15366] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.603874][T15517] netlink: 'syz.2.3308': attribute type 39 has an invalid length. [ 387.658504][T15521] FAULT_INJECTION: forcing a failure. [ 387.658504][T15521] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 387.680461][T15366] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 387.682535][T15521] CPU: 1 UID: 0 PID: 15521 Comm: syz.3.3310 Not tainted 6.16.0-rc2-syzkaller-00623-g14966a8df77e #0 PREEMPT(full) [ 387.682566][T15521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 387.682581][T15521] Call Trace: [ 387.682590][T15521] [ 387.682599][T15521] dump_stack_lvl+0x189/0x250 [ 387.682638][T15521] ? __pfx____ratelimit+0x10/0x10 [ 387.682661][T15521] ? __pfx_dump_stack_lvl+0x10/0x10 [ 387.682692][T15521] ? __pfx__printk+0x10/0x10 [ 387.682721][T15521] ? __might_fault+0xb0/0x130 [ 387.682755][T15521] should_fail_ex+0x414/0x560 [ 387.682788][T15521] _copy_from_user+0x2d/0xb0 [ 387.682812][T15521] map_update_elem+0x4a6/0x750 [ 387.682852][T15521] __sys_bpf+0x6a9/0x860 [ 387.682882][T15521] ? __pfx___sys_bpf+0x10/0x10 [ 387.682931][T15521] ? ksys_write+0x22a/0x250 [ 387.682955][T15521] ? __pfx_ksys_write+0x10/0x10 [ 387.682972][T15521] ? rcu_is_watching+0x15/0xb0 [ 387.683013][T15521] __x64_sys_bpf+0x7c/0x90 [ 387.683039][T15521] do_syscall_64+0xfa/0x3b0 [ 387.683062][T15521] ? lockdep_hardirqs_on+0x9c/0x150 [ 387.683084][T15521] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.683123][T15521] ? clear_bhb_loop+0x60/0xb0 [ 387.683151][T15521] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.683173][T15521] RIP: 0033:0x7f292fb8e929 [ 387.683194][T15521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 387.683216][T15521] RSP: 002b:00007f29309ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 387.683241][T15521] RAX: ffffffffffffffda RBX: 00007f292fdb5fa0 RCX: 00007f292fb8e929 [ 387.683259][T15521] RDX: 0000000000000020 RSI: 00002000000000c0 RDI: 0000000000000002 [ 387.683273][T15521] RBP: 00007f29309ce090 R08: 0000000000000000 R09: 0000000000000000 [ 387.683288][T15521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 387.683301][T15521] R13: 0000000000000000 R14: 00007f292fdb5fa0 R15: 00007ffd84a2d948 [ 387.683337][T15521] [ 387.729101][ T5850] Bluetooth: hci5: command tx timeout [ 387.921523][T15366] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 387.968808][T15366] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 387.990478][T15366] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 388.004605][T15526] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3313'. [ 388.082923][T15528] block nbd0: server does not support multiple connections per device. [ 388.098888][T15528] block nbd0: shutting down sockets [ 388.461062][T15366] 8021q: adding VLAN 0 to HW filter on device bond0 [ 388.527880][T15366] 8021q: adding VLAN 0 to HW filter on device team0 [ 388.559800][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 388.567023][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 388.617552][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 388.624762][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 388.649911][T15554] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3320'. [ 388.809422][T15557] netlink: 'syz.3.3321': attribute type 39 has an invalid length. [ 389.286615][T15366] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 389.410161][T15366] veth0_vlan: entered promiscuous mode [ 389.463894][T15366] veth1_vlan: entered promiscuous mode [ 389.533987][T15573] lo speed is unknown, defaulting to 1000 [ 389.591072][T15576] xt_limit: Overflow, try lower: 262144/524288 [ 389.696819][T15366] veth0_macvtap: entered promiscuous mode [ 389.715953][T15579] netlink: 'syz.1.3327': attribute type 13 has an invalid length. [ 389.753909][T15366] veth1_macvtap: entered promiscuous mode [ 389.869296][T15579] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3327'. [ 389.930524][T15579] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 389.947255][ T5850] Bluetooth: hci5: command tx timeout [ 389.947366][T15578] lo speed is unknown, defaulting to 1000 [ 389.970818][T15579] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 390.025373][T15366] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 390.138222][T15366] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 390.149967][T15584] IPVS: dh: UDP 224.0.0.2:0 - no destination available [ 390.150559][T15585] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 390.200185][T15573] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3326'. [ 390.334048][ T7733] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.378781][ T7733] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.622694][ T7733] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.640391][T15592] netlink: 'syz.3.3332': attribute type 39 has an invalid length. [ 390.650704][ T7733] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.825154][T15596] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3333'. [ 390.923595][T15596] dummy0: entered promiscuous mode [ 390.950392][T15596] dummy0: left promiscuous mode [ 391.084374][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 391.104778][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 391.230210][T15609] netlink: 'syz.4.3338': attribute type 39 has an invalid length. [ 391.438281][T15607] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 391.460916][T15607] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 391.481482][T15607] bond0 (unregistering): Released all slaves [ 391.510375][ T7733] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 391.518533][ T7733] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 391.761298][T15615] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3340'. [ 392.004885][T15630] netlink: 'syz.1.3345': attribute type 13 has an invalid length. [ 392.029719][T15630] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3345'. [ 392.048223][T15632] Cannot find del_set index 2 as target [ 392.214373][T15639] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3345'. [ 392.268004][T15630] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 392.281765][T15642] netlink: 'syz.2.3350': attribute type 1 has an invalid length. [ 392.311982][T15630] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 392.406550][T15630] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 392.517363][T15649] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3349'. [ 392.824091][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 392.838632][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 392.847683][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 392.848259][T15642] 8021q: adding VLAN 0 to HW filter on device bond1 [ 392.867750][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 392.877371][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 392.932651][T15648] bond1: (slave veth0_to_bond): making interface the new active one [ 392.957883][T15648] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 392.986490][T15651] vlan2: entered allmulticast mode [ 392.991696][T15651] veth1: entered allmulticast mode [ 393.009081][T15651] veth1: entered promiscuous mode [ 393.019992][T15651] veth1: left promiscuous mode [ 393.029306][T15651] bond1: (slave vlan2): Enslaving as an active interface with an up link [ 393.059267][T15634] lo speed is unknown, defaulting to 1000 [ 393.240227][T15656] lo speed is unknown, defaulting to 1000 [ 393.251532][T15663] xt_limit: Overflow, try lower: 262144/524288 [ 393.568135][T15672] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3357'. [ 393.584998][T15671] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3357'. [ 393.611007][T15670] netlink: 172 bytes leftover after parsing attributes in process `syz.2.3358'. [ 393.643392][T15672] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3357'. [ 393.664563][T15671] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 393.673335][T15672] netlink: 'syz.0.3357': attribute type 12 has an invalid length. [ 393.696334][T15672] netlink: 'syz.0.3357': attribute type 11 has an invalid length. [ 393.767269][T15672] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3357'. [ 393.793082][T15672] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3357'. [ 393.802983][T15672] netlink: 'syz.0.3357': attribute type 12 has an invalid length. [ 393.821121][T15672] netlink: 'syz.0.3357': attribute type 11 has an invalid length. [ 393.894656][ T7724] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 393.943002][T15672] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3357'. [ 393.953509][T15672] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3357'. [ 393.969409][T15656] chnl_net:caif_netlink_parms(): no params data found [ 394.003076][T15672] netlink: 'syz.0.3357': attribute type 12 has an invalid length. [ 394.013058][T15672] netlink: 'syz.0.3357': attribute type 11 has an invalid length. [ 394.190832][ T7724] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.239934][T15672] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3357'. [ 394.253403][T15672] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3357'. [ 394.262379][T15672] netlink: 'syz.0.3357': attribute type 12 has an invalid length. [ 394.274651][T15672] netlink: 'syz.0.3357': attribute type 11 has an invalid length. [ 394.480688][T15682] netlink: 'syz.1.3360': attribute type 39 has an invalid length. [ 394.495865][ T7724] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.890032][ T7724] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.903428][ T5850] Bluetooth: hci0: command tx timeout [ 395.058279][ T5833] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 395.070507][ T5833] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 395.080278][ T5833] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 395.099440][T15690] dummy0: entered promiscuous mode [ 395.106093][ T5833] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 395.123023][ T5833] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 395.128990][T15690] dummy0: left promiscuous mode [ 395.284123][T15680] lo speed is unknown, defaulting to 1000 [ 395.291068][T15656] bridge0: port 1(bridge_slave_0) entered blocking state [ 395.309456][T15656] bridge0: port 1(bridge_slave_0) entered disabled state [ 395.323354][T15656] bridge_slave_0: entered allmulticast mode [ 395.331024][T15656] bridge_slave_0: entered promiscuous mode [ 395.486667][T15698] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 395.505091][T15698] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 395.527124][T15698] bond0 (unregistering): Released all slaves [ 395.568747][T15656] bridge0: port 2(bridge_slave_1) entered blocking state [ 395.580167][T15656] bridge0: port 2(bridge_slave_1) entered disabled state [ 395.587471][T15656] bridge_slave_1: entered allmulticast mode [ 395.607293][T15656] bridge_slave_1: entered promiscuous mode [ 395.736945][T15656] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 395.775123][ T7729] bond1: (slave veth0_to_bond): link status definitely down, disabling slave [ 395.789515][ T7729] bond1: (slave vlan2): making interface the new active one [ 395.802374][T15707] netlink: 'syz.1.3367': attribute type 13 has an invalid length. [ 395.803948][ T7729] veth1: entered promiscuous mode [ 395.825910][ T7729] vlan2: entered promiscuous mode [ 395.865446][T15656] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 395.920931][T15707] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 396.058725][T15691] lo speed is unknown, defaulting to 1000 [ 396.079697][T15656] team0: Port device team_slave_0 added [ 396.090305][T15707] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 396.104283][T15656] team0: Port device team_slave_1 added [ 396.120788][T15707] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 396.131436][T15710] lo speed is unknown, defaulting to 1000 [ 396.131640][ T7724] bridge_slave_1: left allmulticast mode [ 396.144999][ T7724] bridge_slave_1: left promiscuous mode [ 396.152066][ T7724] bridge0: port 2(bridge_slave_1) entered disabled state [ 396.164278][ T7724] bridge_slave_0: left allmulticast mode [ 396.169964][ T7724] bridge_slave_0: left promiscuous mode [ 396.175880][ T7724] bridge0: port 1(bridge_slave_0) entered disabled state [ 396.197855][T15707] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 396.622498][T15656] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 396.629578][T15656] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 396.657155][T15656] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 396.708606][T15656] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 396.719675][T15656] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 396.746805][T15656] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 396.903958][T15656] hsr_slave_0: entered promiscuous mode [ 396.910821][T15656] hsr_slave_1: entered promiscuous mode [ 396.917317][T15656] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 396.925055][T15656] Cannot create hsr debugfs directory [ 396.983138][ T5850] Bluetooth: hci0: command tx timeout [ 397.228342][ T5850] Bluetooth: hci1: command tx timeout [ 397.448453][ T7724] hsr_slave_0: left promiscuous mode [ 397.458502][ T7724] hsr_slave_1: left promiscuous mode [ 397.472612][ T7724] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 397.480956][ T7724] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 397.495565][ T7724] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 397.503211][ T7724] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 397.531680][ T7724] veth1_macvtap: left promiscuous mode [ 397.537615][ T7724] veth0_macvtap: left promiscuous mode [ 397.543521][ T7724] veth1_vlan: left promiscuous mode [ 397.548983][ T7724] veth0_vlan: left promiscuous mode [ 398.121977][ T7724] team0 (unregistering): Port device team_slave_1 removed [ 398.172594][ T7724] team0 (unregistering): Port device team_slave_0 removed [ 398.781066][T15691] chnl_net:caif_netlink_parms(): no params data found [ 398.947511][T15751] __nla_validate_parse: 5 callbacks suppressed [ 398.947532][T15751] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3380'. [ 399.045829][T15751] batadv0: entered promiscuous mode [ 399.057967][T15751] macsec1: entered allmulticast mode [ 399.062455][T15758] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3382'. [ 399.076040][T15751] batadv0: entered allmulticast mode [ 399.076757][T15753] syz.2.3381: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 399.097302][T15753] CPU: 1 UID: 0 PID: 15753 Comm: syz.2.3381 Not tainted 6.16.0-rc2-syzkaller-00623-g14966a8df77e #0 PREEMPT(full) [ 399.097335][T15753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 399.097350][T15753] Call Trace: [ 399.097359][T15753] [ 399.097369][T15753] dump_stack_lvl+0x189/0x250 [ 399.097411][T15753] ? __pfx_dump_stack_lvl+0x10/0x10 [ 399.097444][T15753] ? __pfx__printk+0x10/0x10 [ 399.097467][ T5833] Bluetooth: hci0: command tx timeout [ 399.097467][T15753] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 399.097492][T15753] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 399.097517][T15753] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 399.097548][T15753] warn_alloc+0x214/0x310 [ 399.097578][T15753] ? stack_depot_save_flags+0x40/0x900 [ 399.097619][T15753] ? __pfx_warn_alloc+0x10/0x10 [ 399.097650][T15753] ? kasan_save_track+0x4f/0x80 [ 399.097688][T15753] ? xskq_create+0x56/0x170 [ 399.097710][T15753] ? xsk_init_queue+0xb0/0x110 [ 399.097755][T15753] ? xsk_setsockopt+0x43f/0x710 [ 399.097786][T15753] ? do_sock_setsockopt+0x257/0x3e0 [ 399.097817][T15753] ? __x64_sys_setsockopt+0x18b/0x220 [ 399.097848][T15753] ? do_syscall_64+0xfa/0x3b0 [ 399.097869][T15753] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.097902][T15753] __vmalloc_node_range_noprof+0x125/0x12f0 [ 399.097970][T15753] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 399.098005][T15753] ? __kasan_kmalloc+0x93/0xb0 [ 399.098031][T15753] vmalloc_user_noprof+0xad/0xf0 [ 399.098057][T15753] ? xskq_create+0xbf/0x170 [ 399.098080][T15753] xskq_create+0xbf/0x170 [ 399.098104][T15753] xsk_init_queue+0xb0/0x110 [ 399.098143][T15753] xsk_setsockopt+0x43f/0x710 [ 399.098178][T15753] ? __pfx_xsk_setsockopt+0x10/0x10 [ 399.098210][T15753] ? __lock_acquire+0xab9/0xd20 [ 399.098252][T15753] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 399.098280][T15753] ? __pfx_xsk_setsockopt+0x10/0x10 [ 399.098315][T15753] do_sock_setsockopt+0x257/0x3e0 [ 399.098351][T15753] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 399.098388][T15753] ? __fget_files+0x2a/0x420 [ 399.098423][T15753] __x64_sys_setsockopt+0x18b/0x220 [ 399.098463][T15753] do_syscall_64+0xfa/0x3b0 [ 399.098486][T15753] ? lockdep_hardirqs_on+0x9c/0x150 [ 399.098506][T15753] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.098528][T15753] ? clear_bhb_loop+0x60/0xb0 [ 399.098555][T15753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.098578][T15753] RIP: 0033:0x7f11ed98e929 [ 399.098598][T15753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 399.098619][T15753] RSP: 002b:00007f11ee828038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 399.098643][T15753] RAX: ffffffffffffffda RBX: 00007f11edbb5fa0 RCX: 00007f11ed98e929 [ 399.098661][T15753] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000004 [ 399.098675][T15753] RBP: 00007f11eda10b39 R08: 0000000000000004 R09: 0000000000000000 [ 399.098688][T15753] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 399.098704][T15753] R13: 0000000000000000 R14: 00007f11edbb5fa0 R15: 00007fff89077d88 [ 399.098739][T15753] [ 399.098761][T15753] Mem-Info: [ 399.308752][ T5833] Bluetooth: hci1: command tx timeout [ 399.313738][T15751] batadv0: left allmulticast mode [ 399.321867][T15753] active_anon:3564 inactive_anon:0 isolated_anon:0 [ 399.321867][T15753] active_file:1835 inactive_file:39966 isolated_file:0 [ 399.321867][T15753] unevictable:768 dirty:235 writeback:0 [ 399.321867][T15753] slab_reclaimable:13384 slab_unreclaimable:203996 [ 399.321867][T15753] mapped:29366 shmem:1359 pagetables:996 [ 399.321867][T15753] sec_pagetables:0 bounce:0 [ 399.321867][T15753] kernel_misc_reclaimable:0 [ 399.321867][T15753] free:1217660 free_pcp:14712 free_cma:0 [ 399.326923][T15751] batadv0: left promiscuous mode [ 399.330784][T15753] Node 0 active_anon:14256kB inactive_anon:0kB active_file:7340kB inactive_file:159660kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:117464kB dirty:940kB writeback:0kB shmem:3900kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13072kB pagetables:3840kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 399.526370][T15753] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 399.558968][T15753] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 399.664477][T15764] Bluetooth: MGMT ver 1.23 [ 399.674881][T15759] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 399.680798][T15753] lowmem_reserve[]: 0 2500 2502 2502 2502 [ 399.689397][T15753] Node 0 DMA32 free:955728kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14308kB inactive_anon:0kB active_file:7340kB inactive_file:157832kB unevictable:1536kB writepending:936kB present:3129332kB managed:2561008kB mlocked:0kB bounce:0kB free_pcp:38740kB local_pcp:22976kB free_cma:0kB [ 399.730565][T15753] lowmem_reserve[]: 0 0 1 1 1 [ 399.737546][T15753] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1828kB unevictable:0kB writepending:4kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 399.768709][T15753] lowmem_reserve[]: 0 0 0 0 0 [ 399.773710][T15753] Node 1 Normal free:3899392kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:19520kB local_pcp:13920kB free_cma:0kB [ 399.876774][T15656] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.903560][T15753] lowmem_reserve[]: 0 0 0 0 0 [ 399.908380][T15753] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 399.934123][T15753] Node 0 DMA32: 69*4kB (UME) 125*8kB (UE) 246*16kB (UME) 258*32kB (UM) 91*64kB (UM) 219*128kB (UME) 181*256kB (UME) 65*512kB (UM) 15*1024kB (UME) 1*2048kB (U) 198*4096kB (UM) = 955356kB [ 399.958362][T15691] bridge0: port 1(bridge_slave_0) entered blocking state [ 399.967008][T15691] bridge0: port 1(bridge_slave_0) entered disabled state [ 399.979671][T15753] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 400.001589][T15753] Node 1 Normal: 194*4kB (UE) 41*8kB (UME) 43*16kB (UME) 132*32kB (UME) 40*64kB (UME) 7*128kB (UME) 3*256kB (ME) 4*512kB (UME) 2*1024kB (ME) 1*2048kB (E) 948*4096kB (M) = 3899392kB [ 400.003207][T15691] bridge_slave_0: entered allmulticast mode [ 400.037997][T15753] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 400.058485][T15753] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 400.062158][T15691] bridge_slave_0: entered promiscuous mode [ 400.085042][T15753] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 400.095883][T15691] bridge0: port 2(bridge_slave_1) entered blocking state [ 400.103813][T15773] block nbd0: server does not support multiple connections per device. [ 400.108511][T15691] bridge0: port 2(bridge_slave_1) entered disabled state [ 400.112320][T15773] block nbd0: shutting down sockets [ 400.124779][T15753] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 400.124816][T15753] 43157 total pagecache pages [ 400.124843][T15753] 0 pages in swap cache [ 400.124853][T15753] Free swap = 124996kB [ 400.124864][T15753] Total swap = 124996kB [ 400.154298][T15691] bridge_slave_1: entered allmulticast mode [ 400.164938][T15691] bridge_slave_1: entered promiscuous mode [ 400.188752][T15753] 2097051 pages RAM [ 400.192632][T15753] 0 pages HighMem/MovableOnly [ 400.198051][T15753] 424693 pages reserved [ 400.202233][T15753] 0 pages cma reserved [ 400.211518][T15656] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 400.344522][T15656] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 400.354681][T15779] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3388'. [ 400.410974][T15777] lo speed is unknown, defaulting to 1000 [ 400.421349][T15656] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 400.497957][T15691] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 400.540929][T15691] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 400.553809][T15782] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3389'. [ 400.846977][T15691] team0: Port device team_slave_0 added [ 400.960381][T15691] team0: Port device team_slave_1 added [ 401.046711][T15788] syzkaller1: entered promiscuous mode [ 401.065574][T15788] syzkaller1: entered allmulticast mode [ 401.142596][T15691] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 401.160260][T15691] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 401.188996][T15691] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 401.218803][T15691] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 401.233132][T15691] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 401.260369][T15691] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 401.263287][ T8239] IPVS: starting estimator thread 0... [ 401.323848][T15795] lo speed is unknown, defaulting to 1000 [ 401.329754][T15656] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 401.348622][T15656] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 401.373653][T15797] IPVS: using max 25 ests per chain, 60000 per kthread [ 401.383154][ T5850] Bluetooth: hci1: command tx timeout [ 401.435030][T15656] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 401.452499][T15656] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 401.568511][T15691] hsr_slave_0: entered promiscuous mode [ 401.591209][T15691] hsr_slave_1: entered promiscuous mode [ 401.638545][T15803] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3392'. [ 401.873550][ T5833] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 401.974472][T15813] validate_nla: 1 callbacks suppressed [ 401.974494][T15813] netlink: 'syz.2.3394': attribute type 2 has an invalid length. [ 401.988185][T15813] netlink: 164 bytes leftover after parsing attributes in process `syz.2.3394'. [ 402.156235][T15817] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.3396'. [ 402.298093][T15823] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3399'. [ 402.313083][T15823] netlink: 'syz.0.3399': attribute type 9 has an invalid length. [ 402.401087][T15823] macvlan2: entered allmulticast mode [ 402.411995][T15823] veth1_vlan: entered allmulticast mode [ 402.610618][T15656] 8021q: adding VLAN 0 to HW filter on device bond0 [ 402.699756][T15656] 8021q: adding VLAN 0 to HW filter on device team0 [ 402.707144][T15834] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 402.805733][ T7724] bridge0: port 1(bridge_slave_0) entered blocking state [ 402.812947][ T7724] bridge0: port 1(bridge_slave_0) entered forwarding state [ 402.837207][ T7724] bridge0: port 2(bridge_slave_1) entered blocking state [ 402.844416][ T7724] bridge0: port 2(bridge_slave_1) entered forwarding state [ 402.978107][T15847] netlink: 'syz.2.3407': attribute type 13 has an invalid length. [ 402.995435][T15847] netlink: 'syz.2.3407': attribute type 17 has an invalid length. [ 403.024350][T15656] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 403.127787][T15847] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 403.209234][T15847] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3407'. [ 403.285969][T15858] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 403.349143][T15847] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 403.358787][T15691] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 403.374470][T15691] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 403.397068][T15846] lo speed is unknown, defaulting to 1000 [ 403.399734][T15691] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 403.419048][T15847] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 403.452697][T15852] lo speed is unknown, defaulting to 1000 [ 403.463097][T15691] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 403.464001][ T5833] Bluetooth: hci1: command tx timeout [ 403.729065][T15656] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 403.849678][T15656] veth0_vlan: entered promiscuous mode [ 403.879911][T15656] veth1_vlan: entered promiscuous mode [ 403.926366][T15691] 8021q: adding VLAN 0 to HW filter on device bond0 [ 404.001281][T15691] 8021q: adding VLAN 0 to HW filter on device team0 [ 404.031228][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 404.038643][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 404.070763][T15656] veth0_macvtap: entered promiscuous mode [ 404.087317][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 404.094520][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 404.112641][T15656] veth1_macvtap: entered promiscuous mode [ 404.219568][T15656] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 404.232668][T15878] netlink: 128 bytes leftover after parsing attributes in process `syz.0.3414'. [ 404.415180][T15656] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 404.473629][ T7737] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.484409][ T7737] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.502475][T15691] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 404.521834][ T7737] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.606808][ T7737] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.706806][T15891] netlink: 'syz.0.3419': attribute type 39 has an invalid length. [ 404.826500][T15894] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.3420'. [ 404.880189][ T7737] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 404.917183][ T7737] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 405.030534][ T7739] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 405.073088][ T7739] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 405.115264][T15901] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3422'. [ 405.145788][T15901] batadv0: entered promiscuous mode [ 405.162983][T15901] macsec1: entered allmulticast mode [ 405.168492][T15901] batadv0: entered allmulticast mode [ 405.191286][T15901] batadv0: left allmulticast mode [ 405.205461][T15901] batadv0: left promiscuous mode [ 405.279828][T15691] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 405.408641][T15907] netlink: 'syz.3.3346': attribute type 3 has an invalid length. [ 405.483151][T15911] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3423'. [ 405.817042][T15925] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3426'. [ 405.965477][T15929] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3428'. [ 406.162067][T15691] veth0_vlan: entered promiscuous mode [ 406.191812][T15691] veth1_vlan: entered promiscuous mode [ 406.274048][T15691] veth0_macvtap: entered promiscuous mode [ 406.304616][T15691] veth1_macvtap: entered promiscuous mode [ 406.346205][T15691] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 406.380118][T15691] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 406.421419][ T59] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.435924][ T59] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.448266][ T59] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.462595][ T59] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.964230][ T7724] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 406.973295][T15943] netlink: 84 bytes leftover after parsing attributes in process `syz.0.3431'. [ 406.982662][T15948] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3435'. [ 407.002084][ T7724] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 407.038944][T15945] lo speed is unknown, defaulting to 1000 [ 407.056406][T15948] batadv0: entered promiscuous mode [ 407.061878][T15948] macsec1: entered allmulticast mode [ 407.074966][T15948] batadv0: entered allmulticast mode [ 407.106069][T15948] batadv0: left allmulticast mode [ 407.112986][T15948] batadv0: left promiscuous mode [ 407.251209][ T7739] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 407.265393][ T7739] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 407.426467][T15960] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3440'. [ 407.733574][ T7729] vlan2: left promiscuous mode [ 408.169714][ T7733] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.252992][T15982] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3447'. [ 408.345595][T15985] lo speed is unknown, defaulting to 1000 [ 408.397209][T15986] syzkaller1: entered promiscuous mode [ 408.523289][ T7733] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.806799][ T7733] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.889920][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 408.899515][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 408.908304][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 408.918268][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 408.931845][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 409.005142][ T7733] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 409.183021][T15997] lo speed is unknown, defaulting to 1000 [ 409.255862][T16000] lo speed is unknown, defaulting to 1000 [ 409.302014][ T7733] bridge_slave_1: left allmulticast mode [ 409.312678][ T7733] bridge_slave_1: left promiscuous mode [ 409.318814][ T7733] bridge0: port 2(bridge_slave_1) entered disabled state [ 409.319684][T15985] __nla_validate_parse: 1 callbacks suppressed [ 409.319702][T15985] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3449'. [ 409.342460][ T8247] IPVS: starting estimator thread 0... [ 409.351753][ T7733] bridge_slave_0: left allmulticast mode [ 409.367929][ T7733] bridge_slave_0: left promiscuous mode [ 409.378297][ T7733] bridge0: port 1(bridge_slave_0) entered disabled state [ 409.432878][T16011] IPVS: using max 26 ests per chain, 62400 per kthread [ 409.831231][ T7733] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 409.843177][ T7733] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 409.859314][ T7733] bond0 (unregistering): Released all slaves [ 410.213054][T16024] netlink: 256 bytes leftover after parsing attributes in process `syz.3.3459'. [ 410.230003][T16024] netlink: 100 bytes leftover after parsing attributes in process `syz.3.3459'. [ 410.242680][T16024] netlink: 100 bytes leftover after parsing attributes in process `syz.3.3459'. [ 410.253105][T16026] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3458'. [ 410.262007][T16026] netlink: 'syz.1.3458': attribute type 9 has an invalid length. [ 410.358002][T16026] macvlan2: entered allmulticast mode [ 410.375882][T16026] veth1_vlan: entered allmulticast mode [ 410.469722][T16031] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3462'. [ 410.488793][T16031] bridge1: entered promiscuous mode [ 410.511709][T16031] bridge1: entered allmulticast mode [ 410.529816][T16031] team0: Port device bridge1 added [ 410.577660][T16035] netlink: 'syz.1.3463': attribute type 13 has an invalid length. [ 410.592346][T16035] netlink: 'syz.1.3463': attribute type 17 has an invalid length. [ 410.598707][ T7733] hsr_slave_0: left promiscuous mode [ 410.607531][ T7733] hsr_slave_1: left promiscuous mode [ 410.623708][ T7733] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 410.632685][ T7733] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 410.661382][ T7733] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 410.669668][ T7733] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 410.701009][ T7733] veth1_macvtap: left promiscuous mode [ 410.706953][ T7733] veth0_macvtap: left promiscuous mode [ 410.713369][ T7733] veth1_vlan: left promiscuous mode [ 410.718715][ T7733] veth0_vlan: left promiscuous mode [ 410.786815][T16041] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3463'. [ 410.815765][T16039] block nbd0: server does not support multiple connections per device. [ 410.828691][T16039] block nbd0: shutting down sockets [ 410.868810][T16042] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 410.885961][T16042] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 410.964712][T16042] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 410.982957][ T5850] Bluetooth: hci1: command tx timeout [ 411.329707][ T7733] team0 (unregistering): Port device team_slave_1 removed [ 411.370744][ T7733] team0 (unregistering): Port device team_slave_0 removed [ 411.788991][T16035] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 412.048775][T16052] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3467'. [ 412.281937][T16067] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3470'. [ 412.300968][T16069] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3471'. [ 412.331816][T16065] 8021q: adding VLAN 0 to HW filter on device bond1 [ 412.342505][T16065] team0: Port device bond1 added [ 412.417832][T15997] chnl_net:caif_netlink_parms(): no params data found [ 412.711344][T16078] bond0: (slave gretap1): Enslaving as an active interface with an up link [ 412.755319][T16082] dummy0: entered promiscuous mode [ 412.768795][T16082] dummy0: left promiscuous mode [ 412.929135][T15997] bridge0: port 1(bridge_slave_0) entered blocking state [ 412.936568][T15997] bridge0: port 1(bridge_slave_0) entered disabled state [ 412.953205][T15997] bridge_slave_0: entered allmulticast mode [ 412.961092][T15997] bridge_slave_0: entered promiscuous mode [ 413.000160][T15997] bridge0: port 2(bridge_slave_1) entered blocking state [ 413.015383][ T7733] IPVS: stop unused estimator thread 0... [ 413.026933][T15997] bridge0: port 2(bridge_slave_1) entered disabled state [ 413.044999][T15997] bridge_slave_1: entered allmulticast mode [ 413.059132][T15997] bridge_slave_1: entered promiscuous mode [ 413.065275][ T5850] Bluetooth: hci1: command tx timeout [ 413.159208][T15997] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 413.211664][T15997] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 413.362616][T15997] team0: Port device team_slave_0 added [ 413.378187][T16109] ip6gretap0: entered promiscuous mode [ 413.390223][T16109] ip6gretap0: left promiscuous mode [ 413.447236][T15997] team0: Port device team_slave_1 added [ 413.557619][T15997] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 413.565634][T15997] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 413.641212][T15997] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 413.675178][T15997] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 413.682166][T15997] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 413.720773][T15997] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 413.859050][T16131] netlink: 'syz.1.3488': attribute type 39 has an invalid length. [ 413.925584][T15997] hsr_slave_0: entered promiscuous mode [ 413.940561][T15997] hsr_slave_1: entered promiscuous mode [ 414.256791][T16138] 8021q: adding VLAN 0 to HW filter on device bond1 [ 414.279441][T16138] team0: Port device bond1 added [ 414.333481][T16145] block nbd0: server does not support multiple connections per device. [ 414.352359][T16145] block nbd0: shutting down sockets [ 414.421686][T16149] FAULT_INJECTION: forcing a failure. [ 414.421686][T16149] name failslab, interval 1, probability 0, space 0, times 0 [ 414.438287][T16149] CPU: 1 UID: 0 PID: 16149 Comm: syz.1.3496 Not tainted 6.16.0-rc2-syzkaller-00623-g14966a8df77e #0 PREEMPT(full) [ 414.438316][T16149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 414.438328][T16149] Call Trace: [ 414.438336][T16149] [ 414.438345][T16149] dump_stack_lvl+0x189/0x250 [ 414.438378][T16149] ? __pfx____ratelimit+0x10/0x10 [ 414.438397][T16149] ? __pfx_dump_stack_lvl+0x10/0x10 [ 414.438425][T16149] ? __pfx__printk+0x10/0x10 [ 414.438447][T16149] ? __pfx___might_resched+0x10/0x10 [ 414.438475][T16149] ? fs_reclaim_acquire+0x7d/0x100 [ 414.438502][T16149] should_fail_ex+0x414/0x560 [ 414.438530][T16149] should_failslab+0xa8/0x100 [ 414.438552][T16149] __kmalloc_noprof+0xcb/0x4f0 [ 414.438568][T16149] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 414.438593][T16149] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 414.438616][T16149] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 414.438641][T16149] genl_family_rcv_msg_doit+0xb8/0x300 [ 414.438666][T16149] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 414.438685][T16149] ? rcu_is_watching+0x15/0xb0 [ 414.438715][T16149] ? apparmor_capable+0x137/0x1b0 [ 414.438742][T16149] ? bpf_lsm_capable+0x9/0x20 [ 414.438758][T16149] ? security_capable+0x7e/0x2e0 [ 414.438787][T16149] genl_rcv_msg+0x60e/0x790 [ 414.438811][T16149] ? __pfx_genl_rcv_msg+0x10/0x10 [ 414.438825][T16149] ? ref_tracker_free+0x63a/0x7d0 [ 414.438848][T16149] ? __pfx_ethnl_act_module_fw_flash+0x10/0x10 [ 414.438869][T16149] ? __pfx_ref_tracker_free+0x10/0x10 [ 414.438903][T16149] netlink_rcv_skb+0x205/0x470 [ 414.438928][T16149] ? __pfx_genl_rcv_msg+0x10/0x10 [ 414.438946][T16149] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 414.438986][T16149] ? down_read+0x1ad/0x2e0 [ 414.439010][T16149] genl_rcv+0x28/0x40 [ 414.439036][T16149] netlink_unicast+0x758/0x8d0 [ 414.439067][T16149] netlink_sendmsg+0x805/0xb30 [ 414.439101][T16149] ? __pfx_netlink_sendmsg+0x10/0x10 [ 414.439128][T16149] ? aa_sock_msg_perm+0x94/0x160 [ 414.439153][T16149] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 414.439176][T16149] ? __pfx_netlink_sendmsg+0x10/0x10 [ 414.439200][T16149] __sock_sendmsg+0x21c/0x270 [ 414.439224][T16149] ____sys_sendmsg+0x505/0x830 [ 414.439257][T16149] ? __pfx_____sys_sendmsg+0x10/0x10 [ 414.439294][T16149] ? import_iovec+0x74/0xa0 [ 414.439316][T16149] ___sys_sendmsg+0x21f/0x2a0 [ 414.439346][T16149] ? __pfx____sys_sendmsg+0x10/0x10 [ 414.439411][T16149] ? __fget_files+0x2a/0x420 [ 414.439430][T16149] ? __fget_files+0x3a0/0x420 [ 414.439461][T16149] __x64_sys_sendmsg+0x19b/0x260 [ 414.439492][T16149] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 414.439531][T16149] ? __pfx_ksys_write+0x10/0x10 [ 414.439546][T16149] ? rcu_is_watching+0x15/0xb0 [ 414.439579][T16149] ? do_syscall_64+0xbe/0x3b0 [ 414.439603][T16149] do_syscall_64+0xfa/0x3b0 [ 414.439621][T16149] ? lockdep_hardirqs_on+0x9c/0x150 [ 414.439639][T16149] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.439657][T16149] ? clear_bhb_loop+0x60/0xb0 [ 414.439679][T16149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.439696][T16149] RIP: 0033:0x7fd0c8b8e929 [ 414.439714][T16149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 414.439730][T16149] RSP: 002b:00007fd0c996e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 414.439757][T16149] RAX: ffffffffffffffda RBX: 00007fd0c8db5fa0 RCX: 00007fd0c8b8e929 [ 414.439771][T16149] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000006 [ 414.439782][T16149] RBP: 00007fd0c996e090 R08: 0000000000000000 R09: 0000000000000000 [ 414.439794][T16149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 414.439805][T16149] R13: 0000000000000000 R14: 00007fd0c8db5fa0 R15: 00007ffff514fcd8 [ 414.439834][T16149] [ 414.861355][T16153] __nla_validate_parse: 4 callbacks suppressed [ 414.861377][T16153] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3498'. [ 414.938158][T16156] vlan3: entered promiscuous mode [ 415.105581][T16155] vlan3: entered promiscuous mode [ 415.144882][ T5850] Bluetooth: hci1: command tx timeout [ 415.170686][T16170] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3501'. [ 415.212105][T16165] netlink: 'syz.0.3501': attribute type 1 has an invalid length. [ 415.445416][T16176] xt_limit: Overflow, try lower: 262144/524288 [ 415.497467][T16170] veth1_vlan (unregistering): left allmulticast mode [ 415.719375][T16178] Cannot find set identified by id 0 to match [ 415.905995][T16182] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3508'. [ 416.035439][T16184] 8021q: adding VLAN 0 to HW filter on device bond0 [ 416.048099][T16184] team0: Port device bond0 added [ 416.191673][T16187] netlink: 'syz.0.3510': attribute type 39 has an invalid length. [ 416.710788][T15997] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 416.744647][T15997] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 416.866144][T15997] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 416.937696][T15997] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 417.217035][T16218] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3518'. [ 417.233077][ T5850] Bluetooth: hci1: command tx timeout [ 417.295956][T16205] lo speed is unknown, defaulting to 1000 [ 417.404873][T16220] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3520'. [ 417.485061][T16220] batadv0: entered promiscuous mode [ 417.491012][T16220] macsec1: entered allmulticast mode [ 417.503011][T16220] batadv0: entered allmulticast mode [ 417.523250][T16220] batadv0: left allmulticast mode [ 417.532842][T16220] batadv0: left promiscuous mode [ 417.753961][T15997] 8021q: adding VLAN 0 to HW filter on device bond0 [ 418.010524][T16230] netlink: 'syz.0.3523': attribute type 39 has an invalid length. [ 418.019279][T15997] 8021q: adding VLAN 0 to HW filter on device team0 [ 418.141870][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 418.149167][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 418.222112][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 418.229325][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 418.394682][T16234] 8021q: adding VLAN 0 to HW filter on device bond2 [ 418.404977][T16234] team0: Port device bond2 added [ 418.694309][T16246] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3528'. [ 419.297558][T15997] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 420.220000][T16296] netlink: 'syz.0.3540': attribute type 1 has an invalid length. [ 420.281296][T16296] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3540'. [ 420.323058][T16296] netlink: 'syz.0.3540': attribute type 1 has an invalid length. [ 420.325926][T16292] sctp: [Deprecated]: syz.0.3540 (pid 16292) Use of int in max_burst socket option. [ 420.325926][T16292] Use struct sctp_assoc_value instead [ 420.599021][T15997] veth0_vlan: entered promiscuous mode [ 420.634284][T16306] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3546'. [ 420.680644][T16309] FAULT_INJECTION: forcing a failure. [ 420.680644][T16309] name failslab, interval 1, probability 0, space 0, times 0 [ 420.698872][T16309] CPU: 1 UID: 0 PID: 16309 Comm: syz.2.3547 Not tainted 6.16.0-rc2-syzkaller-00623-g14966a8df77e #0 PREEMPT(full) [ 420.698899][T16309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 420.698911][T16309] Call Trace: [ 420.698919][T16309] [ 420.698927][T16309] dump_stack_lvl+0x189/0x250 [ 420.698961][T16309] ? __pfx____ratelimit+0x10/0x10 [ 420.698981][T16309] ? __pfx_dump_stack_lvl+0x10/0x10 [ 420.699009][T16309] ? __pfx__printk+0x10/0x10 [ 420.699045][T16309] should_fail_ex+0x414/0x560 [ 420.699073][T16309] should_failslab+0xa8/0x100 [ 420.699096][T16309] __kmalloc_cache_noprof+0x70/0x3d0 [ 420.699115][T16309] ? sctp_add_bind_addr+0x8c/0x370 [ 420.699149][T16309] sctp_add_bind_addr+0x8c/0x370 [ 420.699176][T16309] sctp_copy_local_addr_list+0x30b/0x4e0 [ 420.699202][T16309] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 420.699225][T16309] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 420.699248][T16309] ? sctp_v6_is_any+0x64/0x80 [ 420.699274][T16309] ? sctp_copy_one_addr+0x93/0x360 [ 420.699300][T16309] sctp_bind_addr_copy+0xb3/0x3c0 [ 420.699324][T16309] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 420.699359][T16309] sctp_connect_new_asoc+0x2e0/0x690 [ 420.699391][T16309] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 420.699417][T16309] ? __local_bh_enable_ip+0x12d/0x1c0 [ 420.699472][T16309] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 420.699501][T16309] ? security_sctp_bind_connect+0x7e/0x2e0 [ 420.699527][T16309] sctp_sendmsg+0x155c/0x2810 [ 420.699570][T16309] ? __pfx_sctp_sendmsg+0x10/0x10 [ 420.699603][T16309] ? aa_sk_perm+0x81e/0x950 [ 420.699633][T16309] ? __pfx_aa_sk_perm+0x10/0x10 [ 420.699662][T16309] ? sock_rps_record_flow+0x19/0x410 [ 420.699688][T16309] ? inet_sendmsg+0x2f4/0x370 [ 420.699715][T16309] __sock_sendmsg+0x19c/0x270 [ 420.699743][T16309] ____sys_sendmsg+0x52d/0x830 [ 420.699780][T16309] ? __pfx_____sys_sendmsg+0x10/0x10 [ 420.699822][T16309] ? import_iovec+0x74/0xa0 [ 420.699848][T16309] ___sys_sendmsg+0x21f/0x2a0 [ 420.699882][T16309] ? __pfx____sys_sendmsg+0x10/0x10 [ 420.699959][T16309] ? __fget_files+0x2a/0x420 [ 420.699981][T16309] ? __fget_files+0x3a0/0x420 [ 420.700016][T16309] __sys_sendmmsg+0x227/0x430 [ 420.700054][T16309] ? __pfx___sys_sendmmsg+0x10/0x10 [ 420.700083][T16309] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 420.700141][T16309] ? ksys_write+0x22a/0x250 [ 420.700164][T16309] ? __pfx_ksys_write+0x10/0x10 [ 420.700181][T16309] ? rcu_is_watching+0x15/0xb0 [ 420.700220][T16309] __x64_sys_sendmmsg+0xa0/0xc0 [ 420.700254][T16309] do_syscall_64+0xfa/0x3b0 [ 420.700275][T16309] ? lockdep_hardirqs_on+0x9c/0x150 [ 420.700297][T16309] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.700317][T16309] ? clear_bhb_loop+0x60/0xb0 [ 420.700344][T16309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.700365][T16309] RIP: 0033:0x7f11ed98e929 [ 420.700384][T16309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 420.700402][T16309] RSP: 002b:00007f11ee828038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 420.700425][T16309] RAX: ffffffffffffffda RBX: 00007f11edbb5fa0 RCX: 00007f11ed98e929 [ 420.700441][T16309] RDX: 0000000000000002 RSI: 0000200000002380 RDI: 0000000000000003 [ 420.700453][T16309] RBP: 00007f11ee828090 R08: 0000000000000000 R09: 0000000000000000 [ 420.700466][T16309] R10: 00000000200110d0 R11: 0000000000000246 R12: 0000000000000002 [ 420.700479][T16309] R13: 0000000000000000 R14: 00007f11edbb5fa0 R15: 00007fff89077d88 [ 420.700513][T16309] [ 421.192412][T15997] veth1_vlan: entered promiscuous mode [ 421.390046][T16312] team0: Port device bond0 removed [ 421.397491][T16312] bond0 (unregistering): Released all slaves [ 421.471311][T16319] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3551'. [ 421.481610][T16320] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 3, id = 0 [ 421.529720][T15997] veth0_macvtap: entered promiscuous mode [ 421.616249][T15997] veth1_macvtap: entered promiscuous mode [ 421.762372][T15997] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 421.791364][T16330] netlink: 'syz.2.3555': attribute type 39 has an invalid length. [ 421.808155][T15997] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 421.876804][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.912810][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.966723][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.986654][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 422.400435][ T7739] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 422.422941][ T7739] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 422.545287][ T7733] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 422.566135][ T7733] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 422.606640][T16353] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3562'. [ 423.180031][ T7735] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.405476][ T7735] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.592626][ T7735] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.836960][T16370] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3567'. [ 423.856026][ T7735] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.990996][T16376] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3570'. [ 424.384814][T16387] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3574'. [ 424.394384][ T7735] bridge_slave_1: left allmulticast mode [ 424.400068][ T7735] bridge_slave_1: left promiscuous mode [ 424.430599][ T7735] bridge0: port 2(bridge_slave_1) entered disabled state [ 424.501343][ T7735] bridge_slave_0: left allmulticast mode [ 424.516411][ T7735] bridge_slave_0: left promiscuous mode [ 424.537029][ T7735] bridge0: port 1(bridge_slave_0) entered disabled state [ 424.682538][ T5833] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 424.692099][ T5833] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 424.704842][ T5833] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 424.714325][ T5833] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 424.722047][ T5833] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 425.479547][ T7735] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 425.505501][ T7735] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 425.527567][ T7735] bond0 (unregistering): Released all slaves [ 425.578102][T16389] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 425.968557][T16396] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 426.027787][T16396] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 426.063315][T16396] bond0 (unregistering): Released all slaves [ 426.343529][T16393] lo speed is unknown, defaulting to 1000 [ 426.440400][T16408] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3580'. [ 426.479903][T16408] netlink: 'syz.0.3580': attribute type 9 has an invalid length. [ 426.700504][ T7735] hsr_slave_0: left promiscuous mode [ 426.748814][ T5850] Bluetooth: hci1: command tx timeout [ 426.792979][ T7735] hsr_slave_1: left promiscuous mode [ 426.800103][ T7735] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 426.822904][ T7735] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 426.873863][ T7735] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 426.881305][ T7735] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 426.921770][T16421] netlink: 'syz.2.3585': attribute type 6 has an invalid length. [ 426.979888][ T7735] veth1_macvtap: left promiscuous mode [ 426.995022][ T7735] veth0_macvtap: left promiscuous mode [ 427.009554][ T7735] veth1_vlan: left promiscuous mode [ 427.016543][T16424] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3584'. [ 427.036039][ T7735] veth0_vlan: left promiscuous mode [ 428.318355][ T7735] team0 (unregistering): Port device team_slave_1 removed [ 428.367412][ T7735] team0 (unregistering): Port device team_slave_0 removed [ 428.832076][ T5850] Bluetooth: hci1: command tx timeout [ 429.131497][T16440] xt_limit: Overflow, try lower: 262144/524288 [ 429.165290][T16442] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3590'. [ 429.197603][T16442] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3590'. [ 429.266574][T16442] smc: net device bond0 applied user defined pnetid SYZ [ 429.347545][T16450] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3593'. [ 429.378254][T16450] netlink: 'syz.1.3593': attribute type 9 has an invalid length. [ 429.482604][T16450] macvlan3: entered allmulticast mode [ 429.626106][T16453] 8021q: adding VLAN 0 to HW filter on device bond1 [ 429.637047][T16453] team0: Port device bond1 added [ 429.829531][T16463] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3597'. [ 429.981281][T16393] chnl_net:caif_netlink_parms(): no params data found [ 430.270863][T16475] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3602'. [ 430.439937][T16490] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3603'. [ 430.885631][T16393] bridge0: port 1(bridge_slave_0) entered blocking state [ 430.903047][ T5850] Bluetooth: hci1: command tx timeout [ 430.917861][T16393] bridge0: port 1(bridge_slave_0) entered disabled state [ 430.963328][T16393] bridge_slave_0: entered allmulticast mode [ 431.005663][T16393] bridge_slave_0: entered promiscuous mode [ 431.039352][T16393] bridge0: port 2(bridge_slave_1) entered blocking state [ 431.064100][T16393] bridge0: port 2(bridge_slave_1) entered disabled state [ 431.071438][T16393] bridge_slave_1: entered allmulticast mode [ 431.108153][T16393] bridge_slave_1: entered promiscuous mode [ 431.279657][T16502] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3606'. [ 431.321087][T16505] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3607'. [ 431.332584][T16505] netlink: 'syz.2.3607': attribute type 9 has an invalid length. [ 431.400273][T16505] macvlan3: entered allmulticast mode [ 431.449334][T16393] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 431.493229][T16506] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3606'. [ 431.526123][T16393] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 431.732105][T16512] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3609'. [ 431.880892][T16512] batadv0: entered promiscuous mode [ 431.903233][T16512] macsec1: entered allmulticast mode [ 431.908672][T16512] batadv0: entered allmulticast mode [ 431.932296][T16512] batadv0: left allmulticast mode [ 431.960710][T16512] batadv0: left promiscuous mode [ 432.095615][T16393] team0: Port device team_slave_0 added [ 432.132676][T16393] team0: Port device team_slave_1 added [ 432.384731][T16393] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 432.391720][T16393] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 432.446124][T16393] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 432.459757][T16393] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 432.466988][T16393] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 432.503951][T16533] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3614'. [ 432.533303][T16393] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 432.632212][T16538] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3616'. [ 432.664183][T16538] dummy0: entered promiscuous mode [ 432.682488][T16538] dummy0: left promiscuous mode [ 432.910890][T16545] bridge_slave_0: left allmulticast mode [ 432.924636][T16545] bridge_slave_0: left promiscuous mode [ 432.931039][T16545] bridge0: port 1(bridge_slave_0) entered disabled state [ 432.951351][T16554] netlink: 'syz.0.3621': attribute type 1 has an invalid length. [ 432.960837][T16545] bridge_slave_1: left allmulticast mode [ 432.966806][T16545] bridge_slave_1: left promiscuous mode [ 432.972829][T16545] bridge0: port 2(bridge_slave_1) entered disabled state [ 432.984095][ T5850] Bluetooth: hci1: command tx timeout [ 433.008404][T16557] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3621'. [ 433.019488][T16545] bond0: (slave bond_slave_0): Releasing backup interface [ 433.036304][T16545] bond0: (slave bond_slave_1): Releasing backup interface [ 433.093937][T16545] team0: Port device team_slave_0 removed [ 433.120840][T16545] team0: Port device team_slave_1 removed [ 433.129483][T16545] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 433.138616][T16545] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 433.152162][T16545] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 433.174606][T16545] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 433.201443][T16545] team0: Port device bridge1 removed [ 433.212385][T16545] team0: Port device bond1 removed [ 433.483455][T16393] hsr_slave_0: entered promiscuous mode [ 433.522953][T16393] hsr_slave_1: entered promiscuous mode [ 433.603140][T16566] xt_limit: Overflow, try lower: 262144/524288 [ 433.843274][T16572] GUP no longer grows the stack in syz.1.3625 (16572): 200000006000-20000000a000 (200000005000) [ 433.876389][T16572] CPU: 1 UID: 0 PID: 16572 Comm: syz.1.3625 Not tainted 6.16.0-rc2-syzkaller-00623-g14966a8df77e #0 PREEMPT(full) [ 433.876420][T16572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 433.876439][T16572] Call Trace: [ 433.876449][T16572] [ 433.876459][T16572] dump_stack_lvl+0x189/0x250 [ 433.876502][T16572] ? __pfx_dump_stack_lvl+0x10/0x10 [ 433.876537][T16572] ? __pfx__printk+0x10/0x10 [ 433.876557][T16572] ? find_vma+0xe7/0x160 [ 433.876594][T16572] __get_user_pages+0x2a60/0x30b0 [ 433.876667][T16572] ? __pfx___get_user_pages+0x10/0x10 [ 433.876698][T16572] ? __gup_longterm_locked+0xbf7/0x15b0 [ 433.876729][T16572] ? down_read_killable+0x1d1/0x350 [ 433.876754][T16572] ? try_get_folio+0x633/0x660 [ 433.876787][T16572] __gup_longterm_locked+0xd66/0x15b0 [ 433.876826][T16572] ? try_grab_folio_fast+0x1be/0x4f0 [ 433.876858][T16572] ? gup_fast_fallback+0x1afc/0x2260 [ 433.876893][T16572] gup_fast_fallback+0x1cd4/0x2260 [ 433.876967][T16572] ? __pfx_gup_fast_fallback+0x10/0x10 [ 433.876994][T16572] ? trace_contention_end+0x39/0x120 [ 433.877017][T16572] ? __mutex_lock+0x330/0xe80 [ 433.877046][T16572] ? is_valid_gup_args+0x11f/0x200 [ 433.877081][T16572] ? get_user_pages_fast+0x4d/0xb0 [ 433.877114][T16572] __iov_iter_get_pages_alloc+0x39a/0xb40 [ 433.877146][T16572] ? __pfx_pipe_clear_nowait+0x10/0x10 [ 433.877169][T16572] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 433.877200][T16572] ? wait_for_space+0x24d/0x2d0 [ 433.877225][T16572] iov_iter_get_pages2+0x5e/0xa0 [ 433.877251][T16572] __se_sys_vmsplice+0x548/0x10d0 [ 433.877298][T16572] ? __pfx___se_sys_vmsplice+0x10/0x10 [ 433.877320][T16572] ? __lock_acquire+0xab9/0xd20 [ 433.877352][T16572] ? __pfx_futex_wake+0x10/0x10 [ 433.877391][T16572] ? __lock_acquire+0xab9/0xd20 [ 433.877467][T16572] ? rcu_is_watching+0x15/0xb0 [ 433.877505][T16572] ? do_syscall_64+0xbe/0x3b0 [ 433.877534][T16572] do_syscall_64+0xfa/0x3b0 [ 433.877556][T16572] ? lockdep_hardirqs_on+0x9c/0x150 [ 433.877576][T16572] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.877597][T16572] ? clear_bhb_loop+0x60/0xb0 [ 433.877623][T16572] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 433.877650][T16572] RIP: 0033:0x7fd0c8b8e929 [ 433.877669][T16572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 433.877687][T16572] RSP: 002b:00007fd0c996e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 433.877711][T16572] RAX: ffffffffffffffda RBX: 00007fd0c8db5fa0 RCX: 00007fd0c8b8e929 [ 433.877727][T16572] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000011 [ 433.877742][T16572] RBP: 00007fd0c8c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 433.877754][T16572] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 433.877766][T16572] R13: 0000000000000000 R14: 00007fd0c8db5fa0 R15: 00007ffff514fcd8 [ 433.877837][T16572] [ 434.512365][T16581] 8021q: adding VLAN 0 to HW filter on device bond3 [ 434.522816][T16581] team0: Port device bond3 added [ 434.575798][T16584] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 434.611062][T16586] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3631'. [ 434.625502][T16584] netlink: 146840 bytes leftover after parsing attributes in process `syz.3.3630'. [ 434.655372][T16588] FAULT_INJECTION: forcing a failure. [ 434.655372][T16588] name failslab, interval 1, probability 0, space 0, times 0 [ 434.668601][T16588] CPU: 1 UID: 0 PID: 16588 Comm: syz.1.3632 Not tainted 6.16.0-rc2-syzkaller-00623-g14966a8df77e #0 PREEMPT(full) [ 434.668631][T16588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 434.668645][T16588] Call Trace: [ 434.668654][T16588] [ 434.668663][T16588] dump_stack_lvl+0x189/0x250 [ 434.668702][T16588] ? __pfx____ratelimit+0x10/0x10 [ 434.668733][T16588] ? __pfx_dump_stack_lvl+0x10/0x10 [ 434.668765][T16588] ? __pfx__printk+0x10/0x10 [ 434.668807][T16588] should_fail_ex+0x414/0x560 [ 434.668840][T16588] should_failslab+0xa8/0x100 [ 434.668866][T16588] __kmalloc_cache_noprof+0x70/0x3d0 [ 434.668887][T16588] ? sctp_add_bind_addr+0x8c/0x370 [ 434.668919][T16588] sctp_add_bind_addr+0x8c/0x370 [ 434.668949][T16588] sctp_copy_local_addr_list+0x30b/0x4e0 [ 434.668978][T16588] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 434.669004][T16588] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 434.669032][T16588] ? sctp_v6_is_any+0x64/0x80 [ 434.669061][T16588] ? sctp_copy_one_addr+0x93/0x360 [ 434.669090][T16588] sctp_bind_addr_copy+0xb3/0x3c0 [ 434.669117][T16588] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 434.669156][T16588] sctp_connect_new_asoc+0x2e0/0x690 [ 434.669191][T16588] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 434.669219][T16588] ? __local_bh_enable_ip+0x12d/0x1c0 [ 434.669261][T16588] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 434.669289][T16588] ? security_sctp_bind_connect+0x7e/0x2e0 [ 434.669317][T16588] sctp_sendmsg+0x155c/0x2810 [ 434.669361][T16588] ? __pfx_sctp_sendmsg+0x10/0x10 [ 434.669405][T16588] ? aa_sk_perm+0x81e/0x950 [ 434.669437][T16588] ? __pfx_aa_sk_perm+0x10/0x10 [ 434.669467][T16588] ? sock_rps_record_flow+0x19/0x410 [ 434.669494][T16588] ? inet_sendmsg+0x2f4/0x370 [ 434.669523][T16588] __sock_sendmsg+0x19c/0x270 [ 434.669552][T16588] ____sys_sendmsg+0x52d/0x830 [ 434.669591][T16588] ? __pfx_____sys_sendmsg+0x10/0x10 [ 434.669634][T16588] ? import_iovec+0x74/0xa0 [ 434.669661][T16588] ___sys_sendmsg+0x21f/0x2a0 [ 434.669696][T16588] ? __pfx____sys_sendmsg+0x10/0x10 [ 434.669789][T16588] ? __fget_files+0x2a/0x420 [ 434.669812][T16588] ? __fget_files+0x3a0/0x420 [ 434.669848][T16588] __sys_sendmmsg+0x227/0x430 [ 434.669887][T16588] ? __pfx___sys_sendmmsg+0x10/0x10 [ 434.669917][T16588] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 434.669972][T16588] ? ksys_write+0x22a/0x250 [ 434.669995][T16588] ? __pfx_ksys_write+0x10/0x10 [ 434.670012][T16588] ? rcu_is_watching+0x15/0xb0 [ 434.670053][T16588] __x64_sys_sendmmsg+0xa0/0xc0 [ 434.670087][T16588] do_syscall_64+0xfa/0x3b0 [ 434.670109][T16588] ? lockdep_hardirqs_on+0x9c/0x150 [ 434.670131][T16588] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.670153][T16588] ? clear_bhb_loop+0x60/0xb0 [ 434.670179][T16588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.670200][T16588] RIP: 0033:0x7fd0c8b8e929 [ 434.670219][T16588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 434.670238][T16588] RSP: 002b:00007fd0c996e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 434.670261][T16588] RAX: ffffffffffffffda RBX: 00007fd0c8db5fa0 RCX: 00007fd0c8b8e929 [ 434.670277][T16588] RDX: 0000000000000002 RSI: 0000200000002380 RDI: 0000000000000003 [ 434.670290][T16588] RBP: 00007fd0c996e090 R08: 0000000000000000 R09: 0000000000000000 [ 434.670304][T16588] R10: 00000000200110d0 R11: 0000000000000246 R12: 0000000000000002 [ 434.670317][T16588] R13: 0000000000000000 R14: 00007fd0c8db5fa0 R15: 00007ffff514fcd8 [ 434.670352][T16588] [ 435.316689][T16591] lo speed is unknown, defaulting to 1000 [ 435.325635][T16597] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3634'. [ 435.383797][T16597] dummy0: entered promiscuous mode [ 435.391586][T16597] dummy0: left promiscuous mode [ 435.842108][T16393] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 435.956507][T16393] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 435.980341][T16393] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 436.039849][T16393] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 436.257653][T16621] netlink: 'syz.1.3640': attribute type 39 has an invalid length. [ 436.733666][T16632] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 436.761015][T16393] 8021q: adding VLAN 0 to HW filter on device bond0 [ 436.779024][T16632] netlink: 146840 bytes leftover after parsing attributes in process `syz.0.3644'. [ 436.913948][T16393] 8021q: adding VLAN 0 to HW filter on device team0 [ 436.954203][ T7729] bridge0: port 1(bridge_slave_0) entered blocking state [ 436.961397][ T7729] bridge0: port 1(bridge_slave_0) entered forwarding state [ 437.185726][ T7729] bridge0: port 2(bridge_slave_1) entered blocking state [ 437.192975][ T7729] bridge0: port 2(bridge_slave_1) entered forwarding state [ 437.302463][T16393] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 437.346876][T16393] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 437.573541][T16652] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3652'. [ 437.818525][T16652] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR [ 437.838820][T16660] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3653'. [ 437.954152][T16660] dummy0: entered promiscuous mode [ 437.982285][T16660] dummy0: left promiscuous mode [ 438.159814][T16666] bond0 (unregistering): (slave gretap1): Releasing backup interface [ 438.229292][T16666] bond0 (unregistering): Released all slaves [ 438.408102][T16393] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 438.579071][T16678] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3661'. [ 438.976161][T16692] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3665'. [ 439.019910][T16694] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3666'. [ 439.224744][T16701] syzkaller1: entered promiscuous mode [ 439.230288][T16701] syzkaller1: entered allmulticast mode [ 439.376455][T16705] lo speed is unknown, defaulting to 1000 [ 439.512383][T16393] veth0_vlan: entered promiscuous mode [ 439.537079][T16710] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3670'. [ 439.648713][T16393] veth1_vlan: entered promiscuous mode [ 439.937376][T16393] veth0_macvtap: entered promiscuous mode [ 440.028054][T16393] veth1_macvtap: entered promiscuous mode [ 440.117832][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.153085][ T30] audit: type=1107 audit(1750621276.081:6): pid=16716 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='m' [ 440.238612][T16720] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3673'. [ 440.263030][T16722] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3674'. [ 440.324275][T16393] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 440.394035][T16393] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 440.484209][ T59] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.515539][ T59] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.594807][T16729] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3677'. [ 440.623839][ T59] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.701278][ T59] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 441.126989][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 441.127519][T16744] FAULT_INJECTION: forcing a failure. [ 441.127519][T16744] name failslab, interval 1, probability 0, space 0, times 0 [ 441.141130][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 441.186333][T16744] CPU: 0 UID: 0 PID: 16744 Comm: syz.3.3682 Not tainted 6.16.0-rc2-syzkaller-00623-g14966a8df77e #0 PREEMPT(full) [ 441.186367][T16744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 441.186381][T16744] Call Trace: [ 441.186390][T16744] [ 441.186399][T16744] dump_stack_lvl+0x189/0x250 [ 441.186437][T16744] ? __pfx____ratelimit+0x10/0x10 [ 441.186459][T16744] ? __pfx_dump_stack_lvl+0x10/0x10 [ 441.186497][T16744] ? __pfx__printk+0x10/0x10 [ 441.186535][T16744] should_fail_ex+0x414/0x560 [ 441.186567][T16744] should_failslab+0xa8/0x100 [ 441.186610][T16744] __kmalloc_cache_noprof+0x70/0x3d0 [ 441.186631][T16744] ? sctp_add_bind_addr+0x8c/0x370 [ 441.186662][T16744] sctp_add_bind_addr+0x8c/0x370 [ 441.186691][T16744] sctp_copy_local_addr_list+0x30b/0x4e0 [ 441.186720][T16744] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 441.186745][T16744] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 441.186772][T16744] ? sctp_v6_is_any+0x64/0x80 [ 441.186801][T16744] ? sctp_copy_one_addr+0x93/0x360 [ 441.186829][T16744] sctp_bind_addr_copy+0xb3/0x3c0 [ 441.186855][T16744] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 441.186892][T16744] sctp_connect_new_asoc+0x2e0/0x690 [ 441.186933][T16744] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 441.186961][T16744] ? security_sctp_bind_connect+0x1d/0x2e0 [ 441.186988][T16744] ? __sanitizer_cov_trace_pc+0x4/0x70 [ 441.187016][T16744] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 441.187045][T16744] ? security_sctp_bind_connect+0x7e/0x2e0 [ 441.187072][T16744] sctp_sendmsg+0x155c/0x2810 [ 441.187116][T16744] ? __pfx_sctp_sendmsg+0x10/0x10 [ 441.187153][T16744] ? aa_sk_perm+0x81e/0x950 [ 441.187184][T16744] ? __pfx_aa_sk_perm+0x10/0x10 [ 441.187213][T16744] ? sock_rps_record_flow+0x19/0x410 [ 441.187239][T16744] ? inet_sendmsg+0x2f4/0x370 [ 441.187268][T16744] __sock_sendmsg+0x19c/0x270 [ 441.187300][T16744] ____sys_sendmsg+0x52d/0x830 [ 441.187344][T16744] ? __pfx_____sys_sendmsg+0x10/0x10 [ 441.187387][T16744] ? import_iovec+0x74/0xa0 [ 441.187413][T16744] ___sys_sendmsg+0x21f/0x2a0 [ 441.187447][T16744] ? __pfx____sys_sendmsg+0x10/0x10 [ 441.187527][T16744] ? __fget_files+0x2a/0x420 [ 441.187550][T16744] ? __fget_files+0x3a0/0x420 [ 441.187585][T16744] __sys_sendmmsg+0x227/0x430 [ 441.187623][T16744] ? __pfx___sys_sendmmsg+0x10/0x10 [ 441.187652][T16744] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 441.187706][T16744] ? ksys_write+0x22a/0x250 [ 441.187729][T16744] ? __pfx_ksys_write+0x10/0x10 [ 441.187745][T16744] ? rcu_is_watching+0x15/0xb0 [ 441.187785][T16744] __x64_sys_sendmmsg+0xa0/0xc0 [ 441.187819][T16744] do_syscall_64+0xfa/0x3b0 [ 441.187841][T16744] ? lockdep_hardirqs_on+0x9c/0x150 [ 441.187861][T16744] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.187882][T16744] ? clear_bhb_loop+0x60/0xb0 [ 441.187909][T16744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.187929][T16744] RIP: 0033:0x7fa552b8e929 [ 441.187948][T16744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 441.187978][T16744] RSP: 002b:00007fa553990038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 441.188000][T16744] RAX: ffffffffffffffda RBX: 00007fa552db5fa0 RCX: 00007fa552b8e929 [ 441.188016][T16744] RDX: 0000000000000002 RSI: 0000200000002380 RDI: 0000000000000003 [ 441.188029][T16744] RBP: 00007fa553990090 R08: 0000000000000000 R09: 0000000000000000 [ 441.188041][T16744] R10: 00000000200110d0 R11: 0000000000000246 R12: 0000000000000002 [ 441.188054][T16744] R13: 0000000000000000 R14: 00007fa552db5fa0 R15: 00007ffc93346958 [ 441.188088][T16744] [ 442.104661][ T7739] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 442.128360][ T7739] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 442.179241][T16763] __nla_validate_parse: 3 callbacks suppressed [ 442.179261][T16763] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3689'. [ 442.267776][T16765] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3690'. [ 442.397146][T16767] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 442.471244][T16769] netlink: 'syz.2.3692': attribute type 39 has an invalid length. [ 442.504436][T16767] netlink: 146840 bytes leftover after parsing attributes in process `syz.3.3691'. [ 442.514311][T16771] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3693'. [ 442.806058][T16780] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3694'. [ 442.978507][ T12] bond1 (unregistering): (slave gretap1): Releasing active interface [ 443.509688][ T12] bond1 (unregistering): Released all slaves [ 443.682246][ T12] team0: Port device bond2 removed [ 443.690050][ T12] bond2 (unregistering): Released all slaves [ 443.832419][ T12] team0: Port device bond3 removed [ 443.839847][ T12] bond3 (unregistering): Released all slaves [ 443.999904][ T12] team0: Port device bond0 removed [ 444.011406][ T12] bond0 (unregistering): Released all slaves [ 444.132412][T16771] batadv0: entered promiscuous mode [ 444.162968][T16771] macsec1: entered allmulticast mode [ 444.183216][T16771] batadv0: entered allmulticast mode [ 444.222026][T16771] batadv0: left allmulticast mode [ 444.242550][T16771] batadv0: left promiscuous mode [ 444.307490][T16782] tipc: Enabling of bearer rejected, failed to enable media [ 444.343820][T16783] netlink: 'syz.0.3694': attribute type 10 has an invalid length. [ 444.377634][ T12] tipc: Disabling bearer [ 444.393312][ T12] tipc: Left network mode [ 445.475482][T16803] 8021q: adding VLAN 0 to HW filter on device bond2 [ 445.514450][T16803] team0: Port device bond2 added [ 445.963735][T16816] Cannot find del_set index 2 as target [ 445.979213][ T5833] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 445.988951][ T5833] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 446.003946][ T5833] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 446.014102][ T5833] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 446.022918][ T5833] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 446.199779][T16820] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3705'. [ 446.238628][T16820] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3705'. [ 446.321113][ T12] hsr_slave_0: left promiscuous mode [ 446.350992][ T12] hsr_slave_1: left promiscuous mode [ 446.411506][ T12] net veth1_virt_wifi virt_wifi0: left promiscuous mode [ 446.435305][ T12] veth1_macvtap: left promiscuous mode [ 446.449805][ T12] veth0_macvtap: left promiscuous mode [ 446.472469][ T12] veth1_vlan: left promiscuous mode [ 446.491167][ T12] veth0_vlan: left promiscuous mode [ 446.522995][T16832] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3710'. [ 448.113991][ T5850] Bluetooth: hci1: command tx timeout [ 448.338673][T16817] lo speed is unknown, defaulting to 1000 [ 448.450575][T16834] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 448.478581][T16834] batadv_slave_0: entered promiscuous mode [ 448.535174][T16840] bridge0: port 1(bridge_slave_0) entered forwarding state [ 448.634162][T16844] xt_hashlimit: size too large, truncated to 1048576 [ 448.717487][T16847] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3715'. [ 449.556630][T16817] chnl_net:caif_netlink_parms(): no params data found [ 449.727967][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.812274][T16875] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3728'. [ 449.970728][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.150952][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.202260][ T5850] Bluetooth: hci1: command tx timeout [ 450.225280][T16888] netlink: 'syz.3.3733': attribute type 1 has an invalid length. [ 450.347951][T16896] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3735'. [ 450.360644][T16888] IPVS: Scheduler module ip_vs_ not found [ 450.440159][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 450.561731][T16817] bridge0: port 1(bridge_slave_0) entered blocking state [ 450.602153][T16817] bridge0: port 1(bridge_slave_0) entered disabled state [ 450.623247][T16817] bridge_slave_0: entered allmulticast mode [ 450.661979][T16817] bridge_slave_0: entered promiscuous mode [ 450.723902][T16899] bridge1: port 1(veth5) entered blocking state [ 450.730338][T16899] bridge1: port 1(veth5) entered disabled state [ 450.753118][T16899] veth5: entered allmulticast mode [ 450.761611][T16899] veth5: entered promiscuous mode [ 450.826647][T16817] bridge0: port 2(bridge_slave_1) entered blocking state [ 450.847743][T16817] bridge0: port 2(bridge_slave_1) entered disabled state [ 450.886940][T16817] bridge_slave_1: entered allmulticast mode [ 450.915631][T16817] bridge_slave_1: entered promiscuous mode [ 451.078371][T16817] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 451.100743][T16817] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 451.348507][T16930] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 451.366678][T16817] team0: Port device team_slave_0 added [ 451.436531][T16817] team0: Port device team_slave_1 added [ 451.579968][T16932] netlink: 65536 bytes leftover after parsing attributes in process `syz.3.3751'. [ 451.653722][T16817] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 451.679286][T16817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 451.761107][T16817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 451.861754][T16940] tipc: Started in network mode [ 451.867552][T16940] tipc: Node identity 2, cluster identity 5 [ 451.882181][T16940] tipc: Node number set to 2 [ 451.891465][T16940] tipc: Cannot configure node identity twice [ 451.928065][T16946] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3758'. [ 451.956948][T16817] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 451.976422][T16817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 452.021573][T16817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 452.094785][ T12] bridge_slave_1: left allmulticast mode [ 452.100527][ T12] bridge_slave_1: left promiscuous mode [ 452.110920][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 452.189647][ T12] bridge_slave_0: left allmulticast mode [ 452.203782][ T12] bridge_slave_0: left promiscuous mode [ 452.209642][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 452.264643][ T5850] Bluetooth: hci1: command tx timeout [ 452.950281][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 452.971473][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 452.986377][ T12] bond0 (unregistering): Released all slaves [ 453.111576][T16956] bridge_slave_0: left allmulticast mode [ 453.122872][T16956] bridge_slave_0: left promiscuous mode [ 453.134143][T16956] bridge0: port 1(bridge_slave_0) entered disabled state [ 453.189514][T16956] bridge_slave_1: left allmulticast mode [ 453.204667][T16956] bridge_slave_1: left promiscuous mode [ 453.218406][T16956] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.269611][T16956] team0: Port device team_slave_0 removed [ 453.298068][T16956] team0: Port device team_slave_1 removed [ 453.314479][T16956] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 453.328487][T16956] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 453.340546][T16956] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 453.371537][T16956] team0: Port device bond1 removed [ 453.749457][T16817] hsr_slave_0: entered promiscuous mode [ 453.788317][T16817] hsr_slave_1: entered promiscuous mode [ 453.845716][T16817] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 453.865470][T16817] Cannot create hsr debugfs directory [ 454.357694][ T5850] Bluetooth: hci1: command tx timeout [ 454.448329][T16968] infiniband syz0: set active [ 454.453444][T16968] infiniband syz0: added batadv_slave_1 [ 454.461256][T16968] syz0: rxe_create_cq: returned err = -12 [ 454.467558][T16968] infiniband syz0: Couldn't create ib_mad CQ [ 454.476564][T16968] infiniband syz0: Couldn't open port 1 [ 454.532998][ T12] hsr_slave_0: left promiscuous mode [ 454.541492][T16968] RDS/IB: syz0: added [ 454.560605][T16968] smc: adding ib device syz0 with port count 1 [ 454.562335][ T12] hsr_slave_1: left promiscuous mode [ 454.580580][T16968] smc: ib device syz0 port 1 has pnetid [ 454.599148][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 454.617449][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 454.626098][T16998] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3775'. [ 454.662656][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 454.676939][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 454.789822][ T12] veth1_macvtap: left promiscuous mode [ 454.822156][ T12] veth0_macvtap: left promiscuous mode [ 454.832619][ T12] veth1_vlan: left promiscuous mode [ 454.845395][ T12] veth0_vlan: left promiscuous mode [ 455.720335][ T12] team0 (unregistering): Port device team_slave_1 removed [ 455.802587][ T12] team0 (unregistering): Port device team_slave_0 removed [ 456.691767][T16988] mac80211_hwsim hwsim87 wlan1: entered allmulticast mode [ 458.092462][T17049] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 458.139408][T17049] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3795'. [ 458.925438][T16817] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 458.979164][T16817] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 459.013669][T16817] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 459.062509][T16817] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 459.102201][T17074] netlink: 'syz.0.3807': attribute type 10 has an invalid length. [ 459.501528][T16817] 8021q: adding VLAN 0 to HW filter on device bond0 [ 459.630278][T16817] 8021q: adding VLAN 0 to HW filter on device team0 [ 459.670108][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 459.677330][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 459.748613][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 459.755866][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 459.849403][T17094] lo speed is unknown, defaulting to 1000 [ 460.583320][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 460.619236][T16817] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 461.604264][T16817] veth0_vlan: entered promiscuous mode [ 461.629379][T16817] veth1_vlan: entered promiscuous mode [ 461.756861][T16817] veth0_macvtap: entered promiscuous mode [ 461.806083][T17146] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3833'. [ 461.860402][T16817] veth1_macvtap: entered promiscuous mode [ 461.965682][T16817] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 461.998140][T16817] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 462.147379][ T59] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.183273][ T59] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.306788][ T59] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.326237][ T59] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.597371][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 462.628300][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 462.775607][ T7737] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 462.805398][ T7737] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 463.537542][ T59] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.680914][ T59] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.094748][ T59] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.205306][ T59] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.421314][ T59] bridge_slave_1: left allmulticast mode [ 464.433639][ T59] bridge_slave_1: left promiscuous mode [ 464.439440][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 464.486303][ T59] bridge_slave_0: left allmulticast mode [ 464.492081][ T59] bridge_slave_0: left promiscuous mode [ 464.507975][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 465.334993][ T5833] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 465.345276][ T5833] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 465.359457][ T5833] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 465.369406][ T5833] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 465.377698][ T5833] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 465.795604][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 465.817958][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 465.834446][ T59] bond0 (unregistering): Released all slaves [ 465.872969][T17206] syz_tun: entered allmulticast mode [ 465.960175][T17206] syz_tun: left allmulticast mode [ 466.116365][T17209] lo speed is unknown, defaulting to 1000 [ 467.084296][T17242] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3873'. [ 467.236064][T17242] IPVS: Error joining to the multicast group [ 467.474031][ T5850] Bluetooth: hci1: command tx timeout [ 467.568251][ T59] hsr_slave_0: left promiscuous mode [ 467.575245][ T59] hsr_slave_1: left promiscuous mode [ 467.581881][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 467.589807][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 467.613949][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 467.652099][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 467.712967][ T59] veth1_macvtap: left promiscuous mode [ 467.722667][ T59] veth0_macvtap: left promiscuous mode [ 467.733237][ T59] veth1_vlan: left promiscuous mode [ 467.742891][ T59] veth0_vlan: left promiscuous mode [ 468.549170][ T59] team0 (unregistering): Port device team_slave_1 removed [ 468.605366][ T59] team0 (unregistering): Port device team_slave_0 removed [ 469.544913][ T5833] Bluetooth: hci1: command tx timeout [ 469.958116][T17209] chnl_net:caif_netlink_parms(): no params data found [ 470.196651][T17296] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 470.694760][T17209] bridge0: port 1(bridge_slave_0) entered blocking state [ 470.715038][T17209] bridge0: port 1(bridge_slave_0) entered disabled state [ 470.741971][T17209] bridge_slave_0: entered allmulticast mode [ 470.771104][T17209] bridge_slave_0: entered promiscuous mode [ 470.803560][T17209] bridge0: port 2(bridge_slave_1) entered blocking state [ 470.835195][T17209] bridge0: port 2(bridge_slave_1) entered disabled state [ 470.877566][T17209] bridge_slave_1: entered allmulticast mode [ 470.925267][T17209] bridge_slave_1: entered promiscuous mode [ 471.114644][T17209] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 471.141064][T17209] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 471.371399][T17209] team0: Port device team_slave_0 added [ 471.431052][T17209] team0: Port device team_slave_1 added [ 471.624100][ T5850] Bluetooth: hci1: command tx timeout [ 471.668080][T17209] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 471.678218][T17209] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 471.711595][T17209] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 471.727621][T17209] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 471.742654][T17209] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 471.784978][T17209] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 472.408842][T17209] hsr_slave_0: entered promiscuous mode [ 472.420083][T17209] hsr_slave_1: entered promiscuous mode [ 472.915912][ T5850] Bluetooth: hci4: command 0x0406 tx timeout [ 473.712868][ T5833] Bluetooth: hci1: command tx timeout [ 474.352121][T17412] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3946'. [ 474.405413][T17209] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 474.477740][T17209] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 474.533083][T17209] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 474.596787][T17209] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 474.996743][T17209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 475.085877][T17209] 8021q: adding VLAN 0 to HW filter on device team0 [ 475.113304][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 475.120514][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 475.187814][T17450] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3958'. [ 475.210964][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 475.218183][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 475.379638][T17459] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3962'. [ 476.089545][T17209] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 476.442560][T17497] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3973'. [ 476.759851][T17513] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3977'. [ 477.170634][T17209] veth0_vlan: entered promiscuous mode [ 477.215310][T17209] veth1_vlan: entered promiscuous mode [ 477.310500][T17531] netlink: 88 bytes leftover after parsing attributes in process `syz.3.3986'. [ 477.428739][T17209] veth0_macvtap: entered promiscuous mode [ 477.496063][T17209] veth1_macvtap: entered promiscuous mode [ 477.589116][T17209] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 477.689663][T17209] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 477.756208][ T7733] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.779216][ T7733] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.887459][ T7733] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 477.917885][ T7733] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 478.157229][T17558] xt_hashlimit: size too large, truncated to 1048576 [ 478.231589][ T7737] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 478.260457][ T7737] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 478.323704][T17564] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3999'. [ 478.558603][ T7724] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 478.599606][ T7724] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 479.945791][ T59] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.151432][ T59] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.338491][ T59] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.428401][ T59] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 480.612665][ T59] bridge_slave_1: left allmulticast mode [ 480.618579][ T59] bridge_slave_1: left promiscuous mode [ 480.628484][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 480.643783][ T59] bridge_slave_0: left allmulticast mode [ 480.649566][ T59] bridge_slave_0: left promiscuous mode [ 480.661611][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 481.604942][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 481.621914][T17643] netlink: 68 bytes leftover after parsing attributes in process `syz.1.4034'. [ 481.637867][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 481.671870][ T59] bond0 (unregistering): Released all slaves [ 481.685476][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 481.695541][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 481.706686][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 481.714913][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 481.725041][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 481.845962][T17650] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 481.939376][T17654] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4038'. [ 482.103833][T17646] lo speed is unknown, defaulting to 1000 [ 483.412566][ T59] hsr_slave_0: left promiscuous mode [ 483.422505][ T59] hsr_slave_1: left promiscuous mode [ 483.439524][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 483.463390][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 483.517382][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 483.544634][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 483.655024][ T59] veth1_macvtap: left promiscuous mode [ 483.675069][ T59] veth0_macvtap: left promiscuous mode [ 483.694776][ T59] veth1_vlan: left promiscuous mode [ 483.709224][ T59] veth0_vlan: left promiscuous mode [ 483.786731][ T5833] Bluetooth: hci1: command tx timeout [ 484.109258][T17723] netlink: 'syz.2.4063': attribute type 39 has an invalid length. [ 484.697683][ T59] team0 (unregistering): Port device team_slave_1 removed [ 484.755059][ T59] team0 (unregistering): Port device team_slave_0 removed [ 485.792672][T17740] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 485.863794][ T5833] Bluetooth: hci1: command tx timeout [ 485.970418][T17646] chnl_net:caif_netlink_parms(): no params data found [ 486.725628][T17763] netlink: 'syz.1.4082': attribute type 39 has an invalid length. [ 486.863511][T17646] bridge0: port 1(bridge_slave_0) entered blocking state [ 486.870688][T17646] bridge0: port 1(bridge_slave_0) entered disabled state [ 486.933026][T17646] bridge_slave_0: entered allmulticast mode [ 486.940674][T17646] bridge_slave_0: entered promiscuous mode [ 486.980804][T17646] bridge0: port 2(bridge_slave_1) entered blocking state [ 486.988583][T17646] bridge0: port 2(bridge_slave_1) entered disabled state [ 487.008435][T17646] bridge_slave_1: entered allmulticast mode [ 487.022451][T17646] bridge_slave_1: entered promiscuous mode [ 487.023185][T17776] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 487.056556][T17778] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 487.074729][T17776] netlink: 146840 bytes leftover after parsing attributes in process `syz.1.4087'. [ 487.251377][T17646] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 487.321766][T17646] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 487.573754][T17646] team0: Port device team_slave_0 added [ 487.595670][T17646] team0: Port device team_slave_1 added [ 487.944265][ T5833] Bluetooth: hci1: command tx timeout [ 488.139949][T17646] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 488.151457][T17646] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 488.195177][T17646] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 488.241239][T17646] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 488.275437][T17810] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4100'. [ 488.287073][T17646] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 488.337963][T17646] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 488.445594][T17816] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 488.495987][T17816] netlink: 146840 bytes leftover after parsing attributes in process `syz.1.4102'. [ 488.726156][T17823] netlink: 'syz.1.4104': attribute type 39 has an invalid length. [ 488.750645][T17646] hsr_slave_0: entered promiscuous mode [ 488.774804][T17646] hsr_slave_1: entered promiscuous mode [ 489.461677][T17842] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 489.673881][T17846] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 489.715813][T17846] netlink: 146840 bytes leftover after parsing attributes in process `syz.1.4114'. [ 489.875107][T17850] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4115'. [ 490.023262][ T5833] Bluetooth: hci1: command tx timeout [ 490.302045][T17646] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 490.334983][T17646] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 490.366773][T17646] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 490.379235][T17857] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4119'. [ 490.380765][T17646] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 490.535183][T17858] syzkaller1: entered promiscuous mode [ 490.544192][T17858] syzkaller1: entered allmulticast mode [ 490.813152][T17646] 8021q: adding VLAN 0 to HW filter on device bond0 [ 490.904220][T17646] 8021q: adding VLAN 0 to HW filter on device team0 [ 490.974508][ T7733] bridge0: port 1(bridge_slave_0) entered blocking state [ 490.981689][ T7733] bridge0: port 1(bridge_slave_0) entered forwarding state [ 491.086624][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 491.092371][T17879] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4125'. [ 491.093858][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 491.834172][T17646] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 492.136309][T17902] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 492.436244][T17910] nbd3: detected capacity change from 0 to 63 [ 492.448538][T17912] block nbd3: NBD_DISCONNECT [ 492.475065][T17912] block nbd3: Disconnected due to user request. [ 492.482223][T17912] block nbd3: shutting down sockets [ 492.638139][T17646] veth0_vlan: entered promiscuous mode [ 492.692077][T17646] veth1_vlan: entered promiscuous mode [ 492.811608][T17646] veth0_macvtap: entered promiscuous mode [ 492.876045][T17646] veth1_macvtap: entered promiscuous mode [ 492.960935][T17646] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 492.999515][T17646] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 493.058100][T17922] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4138'. [ 493.085979][ T49] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 493.105362][ T49] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 493.153643][ T49] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 493.189437][ T49] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 493.368870][T17927] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4140'. [ 493.775162][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 493.802806][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 493.923209][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 493.942536][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 494.543617][T17954] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4152'. [ 494.618192][ T59] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 494.830951][ T59] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 495.070886][ T59] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 495.197577][ T59] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 495.380951][ T59] bridge_slave_1: left allmulticast mode [ 495.390113][ T59] bridge_slave_1: left promiscuous mode [ 495.402898][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 495.426043][ T59] bridge_slave_0: left allmulticast mode [ 495.431748][ T59] bridge_slave_0: left promiscuous mode [ 495.444693][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 495.776257][T17965] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4153'. [ 496.523399][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 496.538992][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 496.561380][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 496.569527][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 496.579391][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 496.587993][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 496.599157][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 496.635372][ T59] bond0 (unregistering): Released all slaves [ 496.686181][T17973] syz_tun: entered allmulticast mode [ 496.723945][T17967] syz_tun: left allmulticast mode [ 496.851657][T17983] lo speed is unknown, defaulting to 1000 [ 496.895156][T17990] netlink: 44 bytes leftover after parsing attributes in process `syz.0.4165'. [ 497.459022][T17999] syzkaller1: entered promiscuous mode [ 497.468436][T17999] syzkaller1: entered allmulticast mode [ 498.185761][T18024] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 498.253473][ T59] hsr_slave_0: left promiscuous mode [ 498.276695][ T59] hsr_slave_1: left promiscuous mode [ 498.299190][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 498.334888][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 498.382368][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 498.420581][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 498.500052][ T59] veth1_macvtap: left promiscuous mode [ 498.519460][ T59] veth0_macvtap: left promiscuous mode [ 498.529453][ T59] veth1_vlan: left promiscuous mode [ 498.542937][ T59] veth0_vlan: left promiscuous mode [ 498.663906][ T5833] Bluetooth: hci1: command tx timeout [ 499.418572][ T59] team0 (unregistering): Port device team_slave_1 removed [ 499.506671][ T59] team0 (unregistering): Port device team_slave_0 removed [ 500.203475][T18046] syz_tun: entered allmulticast mode [ 500.209489][T18046] syz_tun: left allmulticast mode [ 500.451585][T18056] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4189'. [ 500.468559][T18062] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4190'. [ 500.745429][ T5833] Bluetooth: hci1: command tx timeout [ 500.870605][T18066] syzkaller1: entered promiscuous mode [ 500.889893][T18066] syzkaller1: entered allmulticast mode [ 500.918567][T17983] chnl_net:caif_netlink_parms(): no params data found [ 501.290859][T18086] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 501.331492][T18086] netlink: 146840 bytes leftover after parsing attributes in process `syz.0.4198'. [ 501.436358][T18091] syz_tun: entered allmulticast mode [ 501.463779][T17983] bridge0: port 1(bridge_slave_0) entered blocking state [ 501.470924][T17983] bridge0: port 1(bridge_slave_0) entered disabled state [ 501.502057][T17983] bridge_slave_0: entered allmulticast mode [ 501.529021][T17983] bridge_slave_0: entered promiscuous mode [ 501.544173][T17983] bridge0: port 2(bridge_slave_1) entered blocking state [ 501.556898][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.572154][T17983] bridge0: port 2(bridge_slave_1) entered disabled state [ 501.580449][T17983] bridge_slave_1: entered allmulticast mode [ 501.595499][T17983] bridge_slave_1: entered promiscuous mode [ 501.635312][ C0] ------------[ cut here ]------------ [ 501.641075][ C0] WARNING: CPU: 0 PID: 9 at net/ipv4/ipmr.c:2302 ip_mr_output+0xbb1/0xe70 [ 501.649713][ C0] Modules linked in: [ 501.653947][ C0] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.16.0-rc2-syzkaller-00623-g14966a8df77e #0 PREEMPT(full) [ 501.665889][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 501.676165][ C0] Workqueue: events team_mcast_rejoin_work SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 501.682027][ C0] RIP: 0010:ip_mr_output+0xbb1/0xe70 [ 501.687443][ C0] Code: df e9 63 f6 ff ff e8 2e 16 c6 f7 48 8b 74 24 18 45 31 f6 31 ff ba 02 00 00 00 e8 7a 0b 4c ff e9 45 f6 ff ff e8 10 16 c6 f7 90 <0f> 0b 90 e9 94 f5 ff ff e8 02 16 c6 f7 90 0f 0b 90 42 80 3c 2b 00 [ 501.707337][ C0] RSP: 0018:ffffc90000007900 EFLAGS: 00010246 [ 501.713515][ C0] RAX: ffffffff89fa4640 RBX: ffff88805799b3c0 RCX: ffff88801d2a8000 [ 501.721513][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 501.729593][ C0] RBP: ffffc90000007a10 R08: ffff88801d2a8000 R09: 0000000000000004 [ 501.737689][ C0] R10: 0000000000000003 R11: ffffffff89fa3a90 R12: 0000000000000010 [ 501.745772][ C0] R13: dffffc0000000000 R14: ffff88805a0d3d00 R15: 0000000000000000 [ 501.753876][ C0] FS: 0000000000000000(0000) GS:ffff888125c4f000(0000) knlGS:0000000000000000 [ 501.762923][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 501.769539][ C0] CR2: 0000200000033000 CR3: 000000002782a000 CR4: 00000000003526f0 [ 501.777642][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 501.785742][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 501.793833][ C0] Call Trace: [ 501.797143][ C0] [ 501.800020][ C0] ? __pfx_dst_output+0x10/0x10 [ 501.805010][ C0] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 501.810432][ C0] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 501.816637][ C0] ? __pfx_ip_mr_output+0x10/0x10 [ 501.821715][ C0] ? skb_dst+0x4f/0xd0 [ 501.825933][ C0] ? dst_output+0x177/0x1c0 [ 501.830491][ C0] igmp_send_report+0x89e/0xdb0 [ 501.835482][ C0] ? __pfx_igmp_send_report+0x10/0x10 [ 501.840900][ C0] ? igmp_start_timer+0x211/0x2b0 [ 501.846069][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 501.851310][ C0] igmp_timer_expire+0x204/0x510 [ 501.856398][ C0] call_timer_fn+0x17e/0x5f0 [ 501.861035][ C0] ? __pfx_igmp_timer_expire+0x10/0x10 [ 501.866634][ C0] ? call_timer_fn+0xbe/0x5f0 [ 501.871350][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 501.876590][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 501.881855][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 501.887176][ C0] ? __pfx_igmp_timer_expire+0x10/0x10 [ 501.892765][ C0] __run_timer_base+0x61a/0x860 [ 501.897649][ C0] ? ktime_get+0x3e/0x1f0 [ 501.902023][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 501.907539][ C0] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 501.913934][ C0] run_timer_softirq+0xb7/0x180 [ 501.918838][ C0] handle_softirqs+0x286/0x870 [ 501.923748][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 501.928568][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 501.934013][ C0] __irq_exit_rcu+0xca/0x1f0 [ 501.938651][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 501.944114][ C0] irq_exit_rcu+0x9/0x30 [ 501.948423][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 501.954198][ C0] [ 501.957160][ C0] [ 501.960122][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 501.966242][ C0] RIP: 0010:queue_delayed_work_on+0x201/0x280 [ 501.972363][ C0] Code: 4d 85 e4 75 16 e8 ef 7f 35 00 eb 15 e8 e8 7f 35 00 e8 23 9c db 09 4d 85 e4 74 ea e8 d9 7f 35 00 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 04 2f 00 00 00 00 66 43 c7 44 2f 09 00 00 43 c6 44 2f 0b 00 [ 501.992120][ C0] RSP: 0018:ffffc900000e7980 EFLAGS: 00000293 [ 501.998352][ C0] RAX: ffffffff818adc77 RBX: ffff888043059001 RCX: ffff88801d2a8000 [ 502.006468][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 502.014582][ C0] RBP: ffffc900000e7a70 R08: ffffffff8fa120f7 R09: 1ffffffff1f4241e [ 502.022598][ C0] R10: dffffc0000000000 R11: fffffbfff1f4241f R12: 0000000000000200 [ 502.030695][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff9200001cf38 [ 502.038829][ C0] ? queue_delayed_work_on+0x1f7/0x280 [ 502.044458][ C0] ? __pfx_queue_delayed_work_on+0x10/0x10 [ 502.050305][ C0] ? team_mcast_rejoin_work+0x156/0x200 [ 502.055980][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 502.061744][ C0] process_scheduled_works+0xae1/0x17b0 [ 502.067474][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 502.073602][ C0] worker_thread+0x8a0/0xda0 [ 502.078253][ C0] kthread+0x70e/0x8a0 [ 502.082379][ C0] ? __pfx_worker_thread+0x10/0x10 [ 502.087634][ C0] ? __pfx_kthread+0x10/0x10 [ 502.092263][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 502.097619][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 502.102956][ C0] ? __pfx_kthread+0x10/0x10 [ 502.107582][ C0] ret_from_fork+0x3f9/0x770 [ 502.112221][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 502.117492][ C0] ? __switch_to_asm+0x39/0x70 [ 502.122293][ C0] ? __switch_to_asm+0x33/0x70 [ 502.127247][ C0] ? __pfx_kthread+0x10/0x10 [ 502.131895][ C0] ret_from_fork_asm+0x1a/0x30 [ 502.136822][ C0] [ 502.139877][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 502.147182][ C0] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.16.0-rc2-syzkaller-00623-g14966a8df77e #0 PREEMPT(full) [ 502.159020][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 502.169108][ C0] Workqueue: events team_mcast_rejoin_work [ 502.174972][ C0] Call Trace: [ 502.178286][ C0] [ 502.181181][ C0] dump_stack_lvl+0x99/0x250 [ 502.185821][ C0] ? __asan_memcpy+0x40/0x70 [ 502.190462][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 502.195710][ C0] ? __pfx__printk+0x10/0x10 [ 502.200356][ C0] panic+0x2db/0x790 [ 502.204292][ C0] ? __pfx_panic+0x10/0x10 [ 502.208732][ C0] ? show_trace_log_lvl+0x4fb/0x550 [ 502.213955][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 502.218908][ C0] __warn+0x31b/0x4b0 [ 502.222898][ C0] ? ip_mr_output+0xbb1/0xe70 [ 502.227592][ C0] ? ip_mr_output+0xbb1/0xe70 [ 502.232296][ C0] report_bug+0x2be/0x4f0 [ 502.236667][ C0] ? ip_mr_output+0xbb1/0xe70 [ 502.241367][ C0] ? ip_mr_output+0xbb1/0xe70 [ 502.246053][ C0] ? ip_mr_output+0xbb3/0xe70 [ 502.250747][ C0] handle_bug+0x84/0x160 [ 502.254994][ C0] exc_invalid_op+0x1a/0x50 [ 502.259514][ C0] asm_exc_invalid_op+0x1a/0x20 [ 502.264388][ C0] RIP: 0010:ip_mr_output+0xbb1/0xe70 [ 502.269702][ C0] Code: df e9 63 f6 ff ff e8 2e 16 c6 f7 48 8b 74 24 18 45 31 f6 31 ff ba 02 00 00 00 e8 7a 0b 4c ff e9 45 f6 ff ff e8 10 16 c6 f7 90 <0f> 0b 90 e9 94 f5 ff ff e8 02 16 c6 f7 90 0f 0b 90 42 80 3c 2b 00 [ 502.289323][ C0] RSP: 0018:ffffc90000007900 EFLAGS: 00010246 [ 502.295409][ C0] RAX: ffffffff89fa4640 RBX: ffff88805799b3c0 RCX: ffff88801d2a8000 [ 502.303392][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 502.311457][ C0] RBP: ffffc90000007a10 R08: ffff88801d2a8000 R09: 0000000000000004 [ 502.319431][ C0] R10: 0000000000000003 R11: ffffffff89fa3a90 R12: 0000000000000010 [ 502.327405][ C0] R13: dffffc0000000000 R14: ffff88805a0d3d00 R15: 0000000000000000 [ 502.335384][ C0] ? __pfx_ip_mr_output+0x10/0x10 [ 502.340420][ C0] ? ip_mr_output+0xbb0/0xe70 [ 502.345123][ C0] ? __pfx_dst_output+0x10/0x10 [ 502.349992][ C0] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 502.355397][ C0] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 502.361492][ C0] ? __pfx_ip_mr_output+0x10/0x10 [ 502.366532][ C0] ? skb_dst+0x4f/0xd0 [ 502.370616][ C0] ? dst_output+0x177/0x1c0 [ 502.375128][ C0] igmp_send_report+0x89e/0xdb0 [ 502.379996][ C0] ? __pfx_igmp_send_report+0x10/0x10 [ 502.385374][ C0] ? igmp_start_timer+0x211/0x2b0 [ 502.390423][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 502.395637][ C0] igmp_timer_expire+0x204/0x510 [ 502.400593][ C0] call_timer_fn+0x17e/0x5f0 [ 502.405190][ C0] ? __pfx_igmp_timer_expire+0x10/0x10 [ 502.410664][ C0] ? call_timer_fn+0xbe/0x5f0 [ 502.415355][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 502.420483][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 502.425697][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 502.430910][ C0] ? __pfx_igmp_timer_expire+0x10/0x10 [ 502.436388][ C0] __run_timer_base+0x61a/0x860 [ 502.441255][ C0] ? ktime_get+0x3e/0x1f0 [ 502.445870][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 502.451254][ C0] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 502.457520][ C0] run_timer_softirq+0xb7/0x180 [ 502.462387][ C0] handle_softirqs+0x286/0x870 [ 502.467170][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 502.471955][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 502.477264][ C0] __irq_exit_rcu+0xca/0x1f0 [ 502.481866][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 502.487084][ C0] irq_exit_rcu+0x9/0x30 [ 502.491346][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 502.496998][ C0] [ 502.499936][ C0] [ 502.502870][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 502.508854][ C0] RIP: 0010:queue_delayed_work_on+0x201/0x280 [ 502.514930][ C0] Code: 4d 85 e4 75 16 e8 ef 7f 35 00 eb 15 e8 e8 7f 35 00 e8 23 9c db 09 4d 85 e4 74 ea e8 d9 7f 35 00 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 04 2f 00 00 00 00 66 43 c7 44 2f 09 00 00 43 c6 44 2f 0b 00 [ 502.534570][ C0] RSP: 0018:ffffc900000e7980 EFLAGS: 00000293 [ 502.540663][ C0] RAX: ffffffff818adc77 RBX: ffff888043059001 RCX: ffff88801d2a8000 [ 502.548723][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 502.556698][ C0] RBP: ffffc900000e7a70 R08: ffffffff8fa120f7 R09: 1ffffffff1f4241e [ 502.564676][ C0] R10: dffffc0000000000 R11: fffffbfff1f4241f R12: 0000000000000200 [ 502.572650][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff9200001cf38 [ 502.580635][ C0] ? queue_delayed_work_on+0x1f7/0x280 [ 502.586117][ C0] ? __pfx_queue_delayed_work_on+0x10/0x10 [ 502.591932][ C0] ? team_mcast_rejoin_work+0x156/0x200 [ 502.597485][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 502.603311][ C0] process_scheduled_works+0xae1/0x17b0 [ 502.609006][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 502.615015][ C0] worker_thread+0x8a0/0xda0 [ 502.619633][ C0] kthread+0x70e/0x8a0 [ 502.623712][ C0] ? __pfx_worker_thread+0x10/0x10 [ 502.628834][ C0] ? __pfx_kthread+0x10/0x10 [ 502.633434][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 502.638647][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 502.643936][ C0] ? __pfx_kthread+0x10/0x10 [ 502.648534][ C0] ret_from_fork+0x3f9/0x770 [ 502.653148][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 502.658286][ C0] ? __switch_to_asm+0x39/0x70 [ 502.663056][ C0] ? __switch_to_asm+0x33/0x70 [ 502.667828][ C0] ? __pfx_kthread+0x10/0x10 [ 502.672423][ C0] ret_from_fork_asm+0x1a/0x30 [ 502.677291][ C0] [ 502.680643][ C0] Kernel Offset: disabled [ 502.684974][ C0] Rebooting in 86400 seconds..