last executing test programs: 32.104899741s ago: executing program 4 (id=23814): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="09000000010000006d05000001"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r0, 0x0, 0x11000000}, 0x38) (fail_nth: 6) 32.032318588s ago: executing program 4 (id=23816): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="380000000b1400042abd7000fedbdf2508003f0002000004000000080001000100000008003f000400"/56], 0x38}, 0x1, 0x0, 0x0, 0x880}, 0x4004081) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)={0x38, 0x40, 0x1, 0x7fffc, 0x4, {0x1}, [@nested={0x4, 0x48}, @nested={0x18, 0x1, 0x0, 0x1, [@nested={0x14, 0x10, 0x0, 0x1, [@nested={0x10, 0xb, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @ipv4=@remote}, @typed={0xfffffffffffffffa, 0x4e}]}]}]}, @typed={0x8, 0x2, 0x0, 0x0, @fd=r1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008801}, 0x4000000) 31.786260974s ago: executing program 4 (id=23817): r0 = socket(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xe, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x8c}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) (async) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0xf4, 0x0, 0xfffffffe}, 0x10) r1 = socket(0x2a, 0x2, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000014c0)=@newqdisc={0x64, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x7}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x38, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x24, 0x2, 0x1, 0x2, 0x200, 0x7ff}, {0x5, 0x0, 0xf, 0x7ff}, 0x6, 0x1aec, 0xf39}}, @TCA_TBF_RATE64={0xc, 0x4, 0xd71f3c2e6ceb9ec4}]}}]}, 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x2c, r6, 0x1, 0x72bd25, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_LEGACY={0x4}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async) sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x8c, r6, 0x400, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x4, 0x54}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "3d4e06c306"}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x2}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "445a18bcd7"}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "f7c7a8fb97ff083028222a8209"}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "3be64b9b8e"}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "1518fdf57aaf40343130cb35e2"}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac01}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4}, 0x20000000) 29.465362971s ago: executing program 4 (id=23825): r0 = socket$netlink(0x10, 0x3, 0x0) syz_emit_ethernet(0x4e, &(0x7f00000003c0)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0xb, 0x0, 0x0, 0x0, 0x0, {[@mss, @sack_perm={0x4, 0x2}, @generic={0x0, 0xfffffffffffffc7e, "a2898405704bcf372ce6"}]}}}}}}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000005c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_MATCH_INFO={0x10, 0x3, "1c4bf1f8cf3b69a3ab942767"}, @NFTA_MATCH_NAME={0x8, 0x1, 'mac\x00'}, @NFTA_MATCH_REV={0x8}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x8c}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000) sendmsg$nl_route_sched(r0, &(0x7f0000005c40)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0xa0, 0x30, 0x9, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_bpf={0x88, 0x1, 0x0, 0x0, {{0x8}, {0x60, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x3c, 0x4, [{}, {0x35, 0x0, 0x5}, {}, {}, {}, {}, {}]}, @TCA_ACT_BPF_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa0}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) 29.285245778s ago: executing program 4 (id=23830): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000140)="be38", 0xffe7}], 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaac14140000000b001400000000000000000000000800000007038b0100000000"], 0x38}, 0x0) 29.215210038s ago: executing program 4 (id=23832): bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[], 0x5c}, 0x1, 0x0, 0x0, 0xc0}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x63, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0x7, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x4, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x44, 0x32, 0x20, 0x70bd29, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1f, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x12, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x24048058) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 17.219062691s ago: executing program 0 (id=23949): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000791048000000000071041f000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x137b}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x200, 0x9377b5336e15b955}}}}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x9}]}, 0x50}}, 0x0) 17.216495419s ago: executing program 2 (id=23950): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendto$inet(r0, &(0x7f0000000980)="c23af0fe0100c527432869d50ea7d895891fec27f6d5ccde79ca204d6075f31011f618f6c913d62c787d651df7f74128f343ba5de5684648dcdf6c0ae679af0ff1503518dd687a11b3fbc788f75d6f6e5a7a2e5541f9c84430e1a1da69d3562e4218ce1d73db4b49cbdf4a6bc7dc80c95f295c30622d8a29734a5eed7ac74012a6eeec6ead0b6e84c1dc6b87ff44f704bb3a5947f5b92b0ca3975e7ca4c59f", 0x9f, 0x4080, &(0x7f0000000a40)={0x2, 0x4e23, @loopback}, 0x10) sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000000380)='g', 0x1, 0x8812, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000a80)=[{{&(0x7f0000000000)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000000300)=[{&(0x7f00000001c0)=""/96, 0x60}, {&(0x7f0000000240)=""/176, 0xb0}], 0x2, &(0x7f0000000340)=""/18, 0x12}, 0x3}, {{&(0x7f00000003c0)=@x25, 0x80, &(0x7f0000000780)=[{&(0x7f0000000440)=""/159, 0x9f}, {&(0x7f0000000500)=""/83, 0x53}, {&(0x7f0000000580)=""/233, 0xe9}, {&(0x7f0000000680)=""/244, 0xf4}], 0x4, &(0x7f00000007c0)=""/146, 0x92}, 0x8}, {{&(0x7f0000000880)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f0000000940)=[{&(0x7f0000000900)=""/6, 0x6}], 0x1, &(0x7f0000000b40)=""/256, 0x100}, 0x8}], 0x3, 0x10122, 0x0) 17.008791306s ago: executing program 3 (id=23953): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', 0x0}) ioctl$XFS_IOC_PATH_TO_FSHANDLE(r0, 0xc0385868, &(0x7f0000000180)={r0, &(0x7f0000000000)='($*\xd2)/', 0x2, &(0x7f00000000c0)={@align=0xc3d6, {0x8, 0xfffe, 0x10000, 0x3}}, 0x64, &(0x7f0000000100), &(0x7f0000000140)=0x8}) setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xcc, &(0x7f0000000200)={{0xa, 0x4e23, 0xd31, @mcast2, 0x51ab}, {0xa, 0x4e23, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x2}, 0x1, {[0x9, 0x1f, 0xfffffff8, 0x2, 0x3, 0x4, 0x0, 0xffff]}}, 0x5c) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@ipv4_newaddr={0x28, 0x14, 0x1, 0x524, 0x25dfdbfd, {0x2, 0x1f, 0x8b, 0xc8, r1}, [@IFA_LOCAL={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x3c}}, @IFA_RT_PRIORITY={0x8, 0x9, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 16.898336986s ago: executing program 0 (id=23954): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x1c, 0x2e, 0x9, 0x70bd27, 0x100, {0x5}, [@typed={0x8, 0x17, 0x0, 0x0, @u32=0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x46844}, 0x4000000) 16.862753873s ago: executing program 0 (id=23955): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_DYING(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x6, 0x1, 0x201, 0x0, 0x0, {0x0, 0x0, 0xa}, [""]}, 0x14}}, 0x4000000) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r2, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xb, 0x0, 0x0, 0x0, 0x18, {[@window={0x9, 0xfffffffffffffec4}, @timestamp={0x5, 0x2, 0x0, 0x8100000}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0xfd6c) 16.796151156s ago: executing program 3 (id=23956): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000e80)=@raw={'raw\x00', 0x3c1, 0x3, 0x338, 0x110, 0xc8, 0x8, 0x0, 0x5803, 0x268, 0x2e8, 0x2e8, 0x268, 0x2e8, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0x110, 0x0, {0x0, 0x2000000000000}}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x1, 0x6, 0x3, 0x4, 'syz0\x00', 'syz1\x00', {0x5}}}}, {{@ipv6={@remote, @remote, [0x0, 0x0, 0xffffff41, 0xffffffff], [0xff000000, 0xff, 0xffffffff, 0xff000000], 'veth1_to_bond\x00', 'geneve1\x00', {0xff}, {}, 0x0, 0x0, 0x2, 0x70}, 0x0, 0x138, 0x158, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x9}}, @common=@unspec=@physdev={{0x68}, {'veth0_virt_wifi\x00', {}, 'pimreg\x00', {}, 0x1, 0x1}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x398) 16.637540047s ago: executing program 3 (id=23957): syz_emit_ethernet(0x6e, &(0x7f0000000240)={@multicast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f4adf7", 0x38, 0x2c, 0x0, @dev, @mcast2, {[@hopopts={0x3c}, @srh={0x2e, 0x4, 0x4, 0x2, 0x2, 0x28, 0xb5, [@local, @private0]}], @echo_reply}}}}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@ipv6_newrule={0x38, 0x20, 0x511, 0x70bd23, 0x0, {0xa, 0x0, 0x20, 0x40, 0x0, 0x0, 0x0, 0x7, 0x1}, [@FRA_SRC={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @FIB_RULE_POLICY=@FRA_SUPPRESS_IFGROUP={0x8, 0xd, 0x9}]}, 0x38}, 0x1, 0x0, 0x0, 0x24048844}, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0) 16.637259964s ago: executing program 1 (id=23958): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x8001000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x268, 0xf8, 0x11, 0x148, 0xf8, 0x0, 0x1d0, 0x2a8, 0x2a8, 0x1d0, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x98, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x2, 0x5, 0x9, 0x7, 0x1], 0x4}, {0xffffffffffffffff, [0x7]}}}}, {{@ip={@multicast1, @empty, 0xffffffff, 0xfffffffe, 'veth1_to_batadv\x00', 'macsec0\x00', {0xff}, {}, 0x6, 0x2, 0x29}, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2df) 16.543334135s ago: executing program 3 (id=23959): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x500}, [@IFLA_MTU={0x8, 0x4, 0x600}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 16.495805204s ago: executing program 0 (id=23960): sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000040)={0xa, 0x0, 0xf444, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c) (async) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x48, 0x2, 0x8, 0x801, 0x0, 0x0, {0x0, 0x0, 0x7}, [@CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @icmpv6}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0xc001}, 0x8014) (async) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000002280)={0x3, &(0x7f0000000180)=[{0x20, 0x2, 0x81, 0xfffff034}, {0x20, 0x8, 0x8, 0xfffff010}, {0x6, 0xba, 0x2, 0xffff}]}, 0x10) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip_vti0\x00', 0x0}) sendto$packet(r1, &(0x7f00000000c0)="4701000000000000000220000000000000000000", 0x14, 0x81, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0xe, 0x6, @multicast}, 0x14) 16.4381232s ago: executing program 1 (id=23961): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081140000bfa30000000201000703000000feffff720af0fff8ffffff71a4f0ff0000000071104e00000000001d300500000000004704000001ed00000f030000000000001d44020000000000620a00fe040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a8641aa05a1336b3b4c4becea710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343cccc953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c9102"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) 16.317117776s ago: executing program 3 (id=23962): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc8a41, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x12, r1, 0x2000) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'\x00', 0x5}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[@ANYBLOB="180000002500010324bd7002ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000200), r2) recvmmsg(r2, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000480)=""/92, 0x5c}, {&(0x7f00000018c0)=""/4108, 0x100c}, {&(0x7f0000001680)=""/109, 0x6d}, {&(0x7f0000001740)=""/72, 0x48}, {&(0x7f0000000000)=""/65, 0x41}], 0x5}, 0x7}, {{0x0, 0x0, 0x0}, 0x8000005}], 0x3, 0x2000, 0x0) ioctl$TUNSETLINK(r0, 0x400454cd, 0x325) 16.308831254s ago: executing program 1 (id=23963): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="09000000010000006d05000001"], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x16, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="7a0a00ff00000028711093000000000095"], &(0x7f0000000480)='syzkaller\x00'}, 0x90) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x3c1, 0x3, 0x3b0, 0x1f0, 0x1170, 0x1170, 0x1f0, 0x1170, 0x2e0, 0x1398, 0x1398, 0x2e0, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @private2={0xfc, 0x2, '\x00', 0x1}, [0xffffffff, 0xff000000], [0x0, 0x0, 0x0, 0xffffff00], 'veth0_vlan\x00', 'veth0_to_hsr\x00', {}, {}, 0x2e, 0x0, 0x0, 0x46}, 0x0, 0x188, 0x1f0, 0x0, {}, [@common=@inet=@socket2={{0x28}, 0x1}, @common=@unspec=@conntrack1={{0xb8}, {{@ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [0x0, 0xff000000, 0xffffff00, 0xff], @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [0xffffff00, 0xff000000, 0xffffffff, 0xffffff00], @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, [0xffffff00, 0xffffff00], @ipv4=@local, [0xff, 0xffffff00, 0x0, 0xffff00], 0x0, 0x8, 0x8, 0x4e22, 0x4e21, 0x4e23, 0x4e20, 0x100, 0x1240}, 0x81, 0x41}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x10, 0xf5, 0x23, 0x7, '\x00', 'syz0\x00', {0xc}}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x410) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r0, 0x4, 0x11000000}, 0x38) 16.238286573s ago: executing program 0 (id=23964): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) (async) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x7fffffff}, 0x10) (async) sendmsg$kcm(r0, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="2e0000004a008102e00f80ecdb4cb9020a", 0x4a}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe1863473bbce6798a60e9", 0x1d}], 0x2, 0x0, 0x0, 0x10}, 0x0) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056842bb002552da15f6", @ANYRES32=0x0, @ANYBLOB="000000293c000000280012800a00010076786c616e00000018000280140013"], 0x48}}, 0x0) (async) r1 = socket(0x10, 0x3, 0x0) ioctl$NILFS_IOCTL_CHANGE_CPMODE(r1, 0x40106e80, &(0x7f0000000000)={0x3, 0x1}) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r1, 0xf502, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x4924b68, 0x0) 16.183515498s ago: executing program 2 (id=23965): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r0, 0x7d4165c9) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r2, 0x28, 0x2, &(0x7f0000000040)=0x8000000000000000, 0x8) listen(r1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r4, 0x7d4165c9) listen(r3, 0x0) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r5, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000780)={@in6={{0xa, 0x4e24, 0x2, @empty, 0xc}}, 0x0, 0x0, 0x20, 0x0, "9c0fe2154aa786d10084ecfbe8e86f7d312fcc8fde38d5823d22fbbb55a7837e5f2329f4d662f2185f18fae43e09d661d12a01669d6eef2e4733c2c29a3c3d16ef45c7c1c8ecfcc76b47d9ab9a573f11"}, 0xd8) listen(r6, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f0000000680)={@in6={{0xa, 0x4e21, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x81}}, 0x0, 0x0, 0x40, 0x0, "2b20a1a47cddc63b223be606d7303a4d4d11e10450d766feb63b382d54bab577021cad5de4fe7630a33b6deca160b1267ff02123bc27830000000000ffff40000000000000b5b29049cb65f00300"}, 0xd8) r7 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r7, &(0x7f0000000540)=[{&(0x7f0000000180)="580000001400192340834b80040d8c560a066f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc0000000a0000008000f0effeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1) 16.097726814s ago: executing program 1 (id=23966): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@ipv6_newrule={0x38, 0x20, 0x511, 0x70bd23, 0x0, {0xa, 0x0, 0x20, 0x40, 0x0, 0x0, 0x0, 0x7, 0x1}, [@FRA_SRC={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @FIB_RULE_POLICY=@FRA_SUPPRESS_IFGROUP={0x8, 0xd, 0x9}]}, 0x38}, 0x1, 0x0, 0x0, 0x24048844}, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x1000000000000000) 15.929650352s ago: executing program 2 (id=23967): r0 = socket$nl_route(0x10, 0x3, 0x0) (async) syz_emit_ethernet(0x66, &(0x7f0000001340)={@multicast, @remote, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x30, 0x0, 0x1, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, @local, {[@dstopts={0x1, 0x4, '\x00', [@hao={0xc9, 0x10, @private2}, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}]}}}}}, 0x0) (async, rerun: 32) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 32) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'erspan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0xc3b, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ENCAP_DPORT={0x6}]}}}]}, 0x40}}, 0x0) 15.819366935s ago: executing program 1 (id=23968): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1400000010000100000000000000f0000700000a200000001a0a01080000000000000000070000050900010073797a310000000048000000000a050000000000000000000100000308000240000000020c00044000000000000000050900010073797a3100000000080002"], 0x90}, 0x1, 0x0, 0x0, 0x4004020}, 0x80) 15.808076053s ago: executing program 0 (id=23969): setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x2, 0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f00000004c0)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) getsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, &(0x7f0000000100)) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r1, &(0x7f0000000180)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x1, 0x0, 0x14}, @ipv4=@icmp={{0x6, 0x4, 0x0, 0x0, 0x34, 0x1400, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local, {[@ra={0x94, 0x4}]}}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x1, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x1a, 0x0, @local, @remote}}}}, 0x42) setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x2, 0x0, 0x0) (async) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) (async) bind$bt_l2cap(r0, &(0x7f00000004c0)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) (async) getsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, &(0x7f0000000100)) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (async) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async) socket$kcm(0x2, 0xa, 0x2) (async) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) (async) write$tun(r1, &(0x7f0000000180)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x1, 0x0, 0x14}, @ipv4=@icmp={{0x6, 0x4, 0x0, 0x0, 0x34, 0x1400, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local, {[@ra={0x94, 0x4}]}}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x1, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x1a, 0x0, @local, @remote}}}}, 0x42) (async) 15.718211931s ago: executing program 2 (id=23970): bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x17, 0x5, &(0x7f0000000200)=@framed={{0xffffffb7, 0x5, 0x0, 0x0, 0x0, 0x79, 0x10, 0x70}, [@initr0={0x18, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0x0, 0x310}]}, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000080), 0x10}, 0x94) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'netdevsim0\x00'}) socket$netlink(0x10, 0x3, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000440)={0xffffffffffffffff, &(0x7f00000003c0)="eb0187b45f06dd8e7ddf2b0f16cc5079d46b11340f6e8be3561d9edb33ac175205ab4c1f2a9c5d5f75fb3d"}, 0x20) socket$nl_rdma(0x10, 0x3, 0x14) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x20, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}, @NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x5, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x2}]}], {0x14, 0x14}}, 0x7c}}, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x240040c0) 15.623448707s ago: executing program 3 (id=23971): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x600}, [@IFLA_MTU={0x8, 0x4, 0x600}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 15.600148086s ago: executing program 2 (id=23972): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$kcm(0x10, 0x2, 0x4) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a0b040000000000000000020000012400048020000180080001006669620014000280080001400000001608000240000000010900010073797a30000000000900020073797a3200000000140000001100010000000000000000000500000aec064b5f7156e78cf4053e00fb33577273533029d61c82ff4f4ffe83786b342c34adb0"], 0x78}, 0x1, 0x0, 0x0, 0x840}, 0x0) sendmsg$kcm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000150097f87059ae08060c040002ff0f020000000000000187ac1414aaa69d35a2cca84708f7abca1bac1414aabd7c493872f750375ed08a560400000003c48f93b82a03000000461e", 0x4c}], 0x1}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYRES32=r1, @ANYRES32=0x0, @ANYRES32=r4, @ANYRES32=r4], 0x44}}, 0x4004810) 15.55420636s ago: executing program 1 (id=23973): socket$inet6(0xa, 0x80003, 0xff) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="034886dd01001100000014"], 0xfdef) 15.281857164s ago: executing program 2 (id=23974): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000001e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0b04000000000000000002000000400004803c0001800900010068617368000000002c00028008000640e80000ff08000140000000030800044020000003080003400000000408000240000000120900010073797a30000000000900020073797a32"], 0x94}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000f000000050030000000000005002f000000000008000300", @ANYRES32=r3], 0x2c}}, 0x4000000) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x403, 0x70bd25, 0xffffffff, {0x0, 0x0, 0x0, 0x0, 0x4540}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IKEY={0x8, 0x4, 0x27b2}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000881}, 0x48004) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) (async) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000001e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0b04000000000000000002000000400004803c0001800900010068617368000000002c00028008000640e80000ff08000140000000030800044020000003080003400000000408000240000000120900010073797a30000000000900020073797a32"], 0x94}}, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000440)) (async) sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000f000000050030000000000005002f000000000008000300", @ANYRES32=r3], 0x2c}}, 0x4000000) (async) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x403, 0x70bd25, 0xffffffff, {0x0, 0x0, 0x0, 0x0, 0x4540}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IKEY={0x8, 0x4, 0x27b2}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000881}, 0x48004) (async) 135.43794ms ago: executing program 32 (id=23969): setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x2, 0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f00000004c0)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) getsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, &(0x7f0000000100)) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r1, &(0x7f0000000180)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x1, 0x0, 0x14}, @ipv4=@icmp={{0x6, 0x4, 0x0, 0x0, 0x34, 0x1400, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local, {[@ra={0x94, 0x4}]}}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x1, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x1a, 0x0, @local, @remote}}}}, 0x42) setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x2, 0x0, 0x0) (async) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) (async) bind$bt_l2cap(r0, &(0x7f00000004c0)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) (async) getsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, &(0x7f0000000100)) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) (async) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async) socket$kcm(0x2, 0xa, 0x2) (async) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) (async) write$tun(r1, &(0x7f0000000180)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x1, 0x0, 0x14}, @ipv4=@icmp={{0x6, 0x4, 0x0, 0x0, 0x34, 0x1400, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local, {[@ra={0x94, 0x4}]}}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x1, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x1a, 0x0, @local, @remote}}}}, 0x42) (async) 107.77468ms ago: executing program 33 (id=23973): socket$inet6(0xa, 0x80003, 0xff) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="034886dd01001100000014"], 0xfdef) 51.115643ms ago: executing program 34 (id=23974): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000001e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0b04000000000000000002000000400004803c0001800900010068617368000000002c00028008000640e80000ff08000140000000030800044020000003080003400000000408000240000000120900010073797a30000000000900020073797a32"], 0x94}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000f000000050030000000000005002f000000000008000300", @ANYRES32=r3], 0x2c}}, 0x4000000) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x403, 0x70bd25, 0xffffffff, {0x0, 0x0, 0x0, 0x0, 0x4540}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IKEY={0x8, 0x4, 0x27b2}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000881}, 0x48004) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff) (async) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000001e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0b04000000000000000002000000400004803c0001800900010068617368000000002c00028008000640e80000ff08000140000000030800044020000003080003400000000408000240000000120900010073797a30000000000900020073797a32"], 0x94}}, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000440)) (async) sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000f000000050030000000000005002f000000000008000300", @ANYRES32=r3], 0x2c}}, 0x4000000) (async) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x403, 0x70bd25, 0xffffffff, {0x0, 0x0, 0x0, 0x0, 0x4540}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IKEY={0x8, 0x4, 0x27b2}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000881}, 0x48004) (async) 0s ago: executing program 35 (id=23971): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x600}, [@IFLA_MTU={0x8, 0x4, 0x600}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) kernel console output (not intermixed with test programs): ? __fget_files+0x2a/0x420 [ 1292.262409][T29662] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 1292.262430][T29662] bpf_prog_test_run+0x2c7/0x340 [ 1292.262451][T29662] __sys_bpf+0x643/0x950 [ 1292.262475][T29662] ? __pfx___sys_bpf+0x10/0x10 [ 1292.262511][T29662] ? ksys_write+0x242/0x270 [ 1292.262536][T29662] ? __pfx_ksys_write+0x10/0x10 [ 1292.262561][T29662] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1292.262579][T29662] __x64_sys_bpf+0x7c/0x90 [ 1292.262601][T29662] do_syscall_64+0x15f/0xf80 [ 1292.262623][T29662] ? trace_irq_disable+0x3b/0x140 [ 1292.262646][T29662] ? clear_bhb_loop+0x40/0x90 [ 1292.262665][T29662] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1292.262680][T29662] RIP: 0033:0x7fc6a959ce59 [ 1292.262695][T29662] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1292.262709][T29662] RSP: 002b:00007fc6aa484028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1292.262727][T29662] RAX: ffffffffffffffda RBX: 00007fc6a9815fa0 RCX: 00007fc6a959ce59 [ 1292.262739][T29662] RDX: 0000000000000023 RSI: 0000200000000240 RDI: 000000000000000a [ 1292.262750][T29662] RBP: 00007fc6aa484090 R08: 0000000000000000 R09: 0000000000000000 [ 1292.262761][T29662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1292.262771][T29662] R13: 00007fc6a9816038 R14: 00007fc6a9815fa0 R15: 00007ffdadaed498 [ 1292.262800][T29662] [ 1292.556334][T10096] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1292.645247][T29675] openvswitch: netlink: Unexpected mask (mask=201040, allowed=10048) [ 1292.683642][T10096] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1292.791126][T29672] netlink: 8 bytes leftover after parsing attributes in process `syz.0.23071'. [ 1292.804033][T11300] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1292.913518][ T8426] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1293.037542][T29695] netlink: 'syz.4.23079': attribute type 4 has an invalid length. [ 1293.046359][T29695] netlink: 'syz.4.23079': attribute type 2 has an invalid length. [ 1293.380663][T29715] netlink: 4 bytes leftover after parsing attributes in process `syz.2.23086'. [ 1293.484226][T29719] netlink: 'syz.1.23087': attribute type 1 has an invalid length. [ 1293.604853][T29730] netlink: 'syz.4.23090': attribute type 21 has an invalid length. [ 1293.678871][T29719] bond29: entered promiscuous mode [ 1293.684770][T29719] 8021q: adding VLAN 0 to HW filter on device bond29 [ 1293.840236][T29748] __nla_validate_parse: 6 callbacks suppressed [ 1293.840255][T29748] netlink: 32 bytes leftover after parsing attributes in process `syz.0.23096'. [ 1293.895211][T29754] netlink: 'syz.4.23097': attribute type 1 has an invalid length. [ 1293.926893][T29754] netlink: 'syz.4.23097': attribute type 2 has an invalid length. [ 1293.964009][T29754] netlink: 4 bytes leftover after parsing attributes in process `syz.4.23097'. [ 1294.076711][T29754] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1294.189883][T29774] netlink: 8 bytes leftover after parsing attributes in process `syz.3.23103'. [ 1294.216456][T29774] netlink: 4 bytes leftover after parsing attributes in process `syz.3.23103'. [ 1294.227323][T29774] netlink: 8 bytes leftover after parsing attributes in process `syz.3.23103'. [ 1294.255114][T29774] netlink: 4 bytes leftover after parsing attributes in process `syz.3.23103'. [ 1296.992524][ T1019] net_ratelimit: 13 callbacks suppressed [ 1296.992543][ T1019] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1297.090922][T29791] netlink: 4 bytes leftover after parsing attributes in process `syz.3.23109'. [ 1297.132572][T13115] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1297.252629][T10096] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1297.320977][T29807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.23115'. [ 1297.342917][T29807] validate_nla: 4 callbacks suppressed [ 1297.342933][T29807] netlink: 'syz.2.23115': attribute type 18 has an invalid length. [ 1297.362045][T10096] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1297.374498][T29807] netlink: 4 bytes leftover after parsing attributes in process `syz.2.23115'. [ 1297.442408][T29807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.23115'. [ 1297.475746][T29807] netlink: 'syz.2.23115': attribute type 18 has an invalid length. [ 1297.482597][T10096] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1297.514614][T29818] netlink: ct family unspecified [ 1297.604758][T10096] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1297.774418][ T1019] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1297.902556][T13115] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1298.022998][ T1019] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1298.034957][T29849] xt_ipcomp: unknown flags 1D [ 1298.085966][T29851] tipc: Resetting bearer [ 1298.220422][T29862] netlink: 'syz.2.23137': attribute type 8 has an invalid length. [ 1298.738481][T29896] sctp: [Deprecated]: syz.0.23150 (pid 29896) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1298.738481][T29896] Use struct sctp_sack_info instead [ 1298.784485][T29896] sctp: [Deprecated]: syz.0.23150 (pid 29896) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1298.784485][T29896] Use struct sctp_sack_info instead [ 1299.031326][T29911] __nla_validate_parse: 10 callbacks suppressed [ 1299.031344][T29911] netlink: 8 bytes leftover after parsing attributes in process `syz.3.23156'. [ 1299.146595][T29921] syzkaller0: entered promiscuous mode [ 1299.162987][T29921] syzkaller0: entered allmulticast mode [ 1299.213722][T29922] syzkaller1: entered promiscuous mode [ 1299.233934][T29922] syzkaller1: entered allmulticast mode [ 1299.241355][T29927] SET target dimension over the limit! [ 1299.956769][T29978] syzkaller1: entered promiscuous mode [ 1299.975949][T29978] syzkaller1: entered allmulticast mode [ 1300.174161][T29989] netlink: 656 bytes leftover after parsing attributes in process `syz.4.23181'. [ 1300.507245][T30008] netlink: 'syz.3.23189': attribute type 1 has an invalid length. [ 1300.542224][T30010] netlink: 20 bytes leftover after parsing attributes in process `syz.1.23190'. [ 1300.560427][T30013] netlink: 12 bytes leftover after parsing attributes in process `syz.3.23189'. [ 1300.575719][T30008] bond42: entered promiscuous mode [ 1300.583769][T30008] 8021q: adding VLAN 0 to HW filter on device bond42 [ 1300.592633][T30013] netlink: 12 bytes leftover after parsing attributes in process `syz.3.23189'. [ 1300.628323][T30008] bond42: (slave bridge23): making interface the new active one [ 1300.637317][T30008] bridge23: entered promiscuous mode [ 1300.645148][T30008] bond42: (slave bridge23): Enslaving as an active interface with an up link [ 1300.747914][T30016] syzkaller1: entered promiscuous mode [ 1300.760796][T30022] netlink: 656 bytes leftover after parsing attributes in process `syz.4.23194'. [ 1300.762935][T30016] syzkaller1: entered allmulticast mode [ 1300.806008][T30020] netlink: 16 bytes leftover after parsing attributes in process `syz.1.23190'. [ 1301.146349][T30043] netlink: 'syz.2.23199': attribute type 3 has an invalid length. [ 1301.163640][T30043] netlink: 224 bytes leftover after parsing attributes in process `syz.2.23199'. [ 1301.327159][T30053] netlink: 12 bytes leftover after parsing attributes in process `syz.3.23203'. [ 1301.458481][T30060] netlink: 656 bytes leftover after parsing attributes in process `syz.3.23205'. [ 1302.078342][T30105] net_ratelimit: 38 callbacks suppressed [ 1302.078359][T30105] openvswitch: netlink: Missing valid actions attribute. [ 1302.093411][T10096] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1302.097674][T30107] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 1302.111405][T30105] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1302.212564][T13115] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1302.233328][T30118] xt_HMARK: spi-set and port-set can't be combined [ 1302.322580][T10096] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1302.414032][T30128] : entered promiscuous mode [ 1302.442569][ T8426] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1302.553227][T10096] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1302.661802][T30146] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 1302.672877][T10096] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1303.057466][T11300] smbdirect: ib_dev[syz0] removed [ 1306.296144][T30184] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1306.493276][T30240] __nla_validate_parse: 11 callbacks suppressed [ 1306.493294][T30240] netlink: 640 bytes leftover after parsing attributes in process `syz.4.23255'. [ 1306.534846][T30239] erspan1: entered promiscuous mode [ 1306.837568][T30264] FAULT_INJECTION: forcing a failure. [ 1306.837568][T30264] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1306.864506][T30264] CPU: 0 UID: 0 PID: 30264 Comm: syz.2.23266 Not tainted syzkaller #0 PREEMPT(full) [ 1306.864532][T30264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1306.864543][T30264] Call Trace: [ 1306.864550][T30264] [ 1306.864559][T30264] dump_stack_lvl+0xe8/0x150 [ 1306.864584][T30264] should_fail_ex+0x412/0x560 [ 1306.864613][T30264] _copy_to_user+0x31/0xb0 [ 1306.864639][T30264] simple_read_from_buffer+0xe1/0x170 [ 1306.864664][T30264] proc_fail_nth_read+0x1bb/0x230 [ 1306.864689][T30264] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1306.864713][T30264] ? rw_verify_area+0x2a6/0x4d0 [ 1306.864733][T30264] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1306.864752][T30264] vfs_read+0x20c/0xa70 [ 1306.864779][T30264] ? __pfx___mutex_lock+0x10/0x10 [ 1306.864803][T30264] ? __pfx_vfs_read+0x10/0x10 [ 1306.864826][T30264] ? __fget_files+0x2a/0x420 [ 1306.864850][T30264] ? __fget_files+0x3a0/0x420 [ 1306.864868][T30264] ? __fget_files+0x2a/0x420 [ 1306.864895][T30264] ksys_read+0x150/0x270 [ 1306.864926][T30264] ? __pfx_ksys_read+0x10/0x10 [ 1306.864956][T30264] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1306.864974][T30264] do_syscall_64+0x15f/0xf80 [ 1306.864995][T30264] ? trace_irq_disable+0x3b/0x140 [ 1306.865018][T30264] ? clear_bhb_loop+0x40/0x90 [ 1306.865038][T30264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1306.865054][T30264] RIP: 0033:0x7fcad9d5d68e [ 1306.865071][T30264] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1306.865085][T30264] RSP: 002b:00007fcadac5bfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1306.865103][T30264] RAX: ffffffffffffffda RBX: 00007fcadac5c6c0 RCX: 00007fcad9d5d68e [ 1306.865115][T30264] RDX: 000000000000000f RSI: 00007fcadac5c0a0 RDI: 0000000000000005 [ 1306.865124][T30264] RBP: 00007fcadac5c090 R08: 0000000000000000 R09: 0000000000000000 [ 1306.865133][T30264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1306.865142][T30264] R13: 00007fcada016038 R14: 00007fcada015fa0 R15: 00007ffddd4bcad8 [ 1306.865170][T30264] [ 1307.182971][T13115] net_ratelimit: 40 callbacks suppressed [ 1307.182989][T13115] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1307.209648][T30281] netlink: 640 bytes leftover after parsing attributes in process `syz.0.23273'. [ 1307.221686][T30281] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 1307.234704][T30282] netlink: 'syz.4.23271': attribute type 5 has an invalid length. [ 1307.304155][ T1019] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1307.419011][T30293] smc: net device team0 applied user defined pnetid SYZ2 [ 1307.434262][T30290] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 1307.472648][ T1019] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1307.583493][ T1019] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1307.629643][T30310] netlink: 'syz.1.23281': attribute type 1 has an invalid length. [ 1307.680411][T30310] 8021q: adding VLAN 0 to HW filter on device bond30 [ 1307.694811][ T1019] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1307.724329][T30310] 8021q: VLANs not supported on sit0 [ 1307.810109][T30310] bond30: (slave bridge10): making interface the new active one [ 1307.841119][T30310] bond30: (slave bridge10): Enslaving as an active interface with an up link [ 1307.952731][T10096] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1308.074215][T11303] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1308.182694][T11303] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1308.335568][T30363] SET target dimension over the limit! [ 1308.376523][T30361] syzkaller0: entered promiscuous mode [ 1308.392104][T30361] syzkaller0: entered allmulticast mode [ 1308.419486][T30361] netlink: 24 bytes leftover after parsing attributes in process `syz.4.23299'. [ 1308.481162][T30375] netlink: 16 bytes leftover after parsing attributes in process `syz.3.23298'. [ 1308.760795][T30394] netlink: 'syz.4.23305': attribute type 1 has an invalid length. [ 1308.783613][T30394] netlink: 228 bytes leftover after parsing attributes in process `syz.4.23305'. [ 1308.797057][T30394] netlink: 52 bytes leftover after parsing attributes in process `syz.4.23305'. [ 1308.936497][T30404] SET target dimension over the limit! [ 1309.005982][T30408] netlink: 'syz.3.23314': attribute type 83 has an invalid length. [ 1309.119058][T30419] syzkaller0: entered promiscuous mode [ 1309.133790][T30419] syzkaller0: entered allmulticast mode [ 1309.234909][T30433] netlink: 256 bytes leftover after parsing attributes in process `syz.1.23321'. [ 1309.276697][T30435] veth1_macvtap: entered allmulticast mode [ 1309.297015][T30435] netlink: 4 bytes leftover after parsing attributes in process `syz.0.23322'. [ 1309.330600][T30439] 8021q: adding VLAN 0 to HW filter on device .` [ 1309.340270][T30439] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1309.373413][T30439] veth0_to_team: left promiscuous mode [ 1309.439047][T30435] veth1_macvtap (unregistering): left allmulticast mode [ 1309.449412][T30446] netlink: 'syz.2.23326': attribute type 1 has an invalid length. [ 1309.465987][T30446] netlink: 'syz.2.23326': attribute type 3 has an invalid length. [ 1309.486339][T30446] netlink: 224 bytes leftover after parsing attributes in process `syz.2.23326'. [ 1309.549838][T11557] xfrm0 speed is unknown, defaulting to 1000 [ 1309.557029][T11557] syz1: Port: 1 Link ACTIVE [ 1309.573161][ T995] wg1 speed is unknown, defaulting to 1000 [ 1309.594140][ T995] syz2: Port: 1 Link ACTIVE [ 1309.605671][T11557] xfrm0 speed is unknown, defaulting to 1000 [ 1309.745178][T30460] netlink: 28 bytes leftover after parsing attributes in process `syz.2.23329'. [ 1309.803454][T30467] netlink: 'syz.2.23333': attribute type 5 has an invalid length. [ 1309.863382][T30469] IPVS: set_ctl: invalid protocol: 117 172.20.20.170:20000 [ 1310.176192][T30488] syzkaller1: entered promiscuous mode [ 1310.195831][T30488] syzkaller1: entered allmulticast mode [ 1310.457690][T30503] bond0: (slave gre0): refused to change device type [ 1310.676986][T30515] netlink: 'syz.1.23349': attribute type 1 has an invalid length. [ 1310.708230][T30515] netlink: 'syz.1.23349': attribute type 1 has an invalid length. [ 1310.874270][T30528] netlink: 'syz.1.23354': attribute type 7 has an invalid length. [ 1310.978822][T30538] xt_hashlimit: overflow, rate too high: 0 [ 1311.189261][T30544] syzkaller1: entered promiscuous mode [ 1311.210621][T30544] syzkaller1: entered allmulticast mode [ 1311.325050][T30560] bridge: RTM_NEWNEIGH with invalid ether address [ 1311.737087][T30591] __nla_validate_parse: 6 callbacks suppressed [ 1311.737106][T30591] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.23372'. [ 1312.192046][ T35] net_ratelimit: 32 callbacks suppressed [ 1312.192065][ T35] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1312.342495][ T8426] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1312.478638][T10096] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1312.581533][T30647] A link change request failed with some changes committed already. Interface ÿÿÿÿÿÿ may have been left with an inconsistent configuration, please check. [ 1312.642620][T30652] validate_nla: 3 callbacks suppressed [ 1312.642637][T30652] netlink: 'syz.4.23388': attribute type 29 has an invalid length. [ 1312.687112][T30652] netlink: 8 bytes leftover after parsing attributes in process `syz.4.23388'. [ 1312.722865][ T8426] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1312.762840][T30652] netlink: 41 bytes leftover after parsing attributes in process `syz.4.23388'. [ 1312.821498][T30652] netlink: 140 bytes leftover after parsing attributes in process `syz.4.23388'. [ 1312.862993][ T8426] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1312.889849][T30652] netlink: 41 bytes leftover after parsing attributes in process `syz.4.23388'. [ 1312.990585][T30672] syzkaller1: entered promiscuous mode [ 1313.015863][T30672] syzkaller1: entered allmulticast mode [ 1313.033354][T13115] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1313.099502][T30688] netlink: 28 bytes leftover after parsing attributes in process `syz.0.23393'. [ 1313.182067][ T1019] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1313.314809][ T8426] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1313.327937][T30704] netlink: 'syz.4.23399': attribute type 24 has an invalid length. [ 1313.348843][T30704] netlink: 212348 bytes leftover after parsing attributes in process `syz.4.23399'. [ 1313.484566][T30712] erspan0: left allmulticast mode [ 1313.504665][T30719] netlink: 12 bytes leftover after parsing attributes in process `syz.1.23404'. [ 1313.583323][ T8426] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1313.624906][T30712] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 1313.940471][T30739] syzkaller1: entered promiscuous mode [ 1313.954903][T30739] syzkaller1: entered allmulticast mode [ 1314.047768][T30749] netlink: 640 bytes leftover after parsing attributes in process `syz.4.23414'. [ 1314.166667][T30760] SET target dimension over the limit! [ 1314.257138][T30766] Cannot find add_set index 4 as target [ 1314.265041][T30768] netlink: 184 bytes leftover after parsing attributes in process `syz.2.23417'. [ 1314.411178][T30775] tc_dump_action: action bad kind [ 1314.667081][T30791] syzkaller1: entered promiscuous mode [ 1314.675770][T30791] syzkaller1: entered allmulticast mode [ 1314.713983][ C0] bridge0: port 1(00ªX¹¦Dö») entered learning state [ 1315.227416][T30823] tipc: Resetting bearer [ 1315.609360][T30841] syzkaller1: entered promiscuous mode [ 1315.618668][T30849] FAULT_INJECTION: forcing a failure. [ 1315.618668][T30849] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1315.628294][T30841] syzkaller1: entered allmulticast mode [ 1315.658367][T30849] CPU: 1 UID: 0 PID: 30849 Comm: syz.3.23445 Not tainted syzkaller #0 PREEMPT(full) [ 1315.658391][T30849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1315.658402][T30849] Call Trace: [ 1315.658410][T30849] [ 1315.658418][T30849] dump_stack_lvl+0xe8/0x150 [ 1315.658443][T30849] should_fail_ex+0x412/0x560 [ 1315.658470][T30849] _copy_to_user+0x31/0xb0 [ 1315.658495][T30849] simple_read_from_buffer+0xe1/0x170 [ 1315.658521][T30849] proc_fail_nth_read+0x1bb/0x230 [ 1315.658545][T30849] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1315.658569][T30849] ? rw_verify_area+0x2a6/0x4d0 [ 1315.658590][T30849] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1315.658611][T30849] vfs_read+0x20c/0xa70 [ 1315.658638][T30849] ? __pfx___mutex_lock+0x10/0x10 [ 1315.658663][T30849] ? __pfx_vfs_read+0x10/0x10 [ 1315.658686][T30849] ? __fget_files+0x2a/0x420 [ 1315.658709][T30849] ? __fget_files+0x3a0/0x420 [ 1315.658727][T30849] ? __fget_files+0x2a/0x420 [ 1315.658754][T30849] ksys_read+0x150/0x270 [ 1315.658778][T30849] ? __pfx_ksys_read+0x10/0x10 [ 1315.658808][T30849] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1315.658826][T30849] do_syscall_64+0x15f/0xf80 [ 1315.658847][T30849] ? trace_irq_disable+0x3b/0x140 [ 1315.658870][T30849] ? clear_bhb_loop+0x40/0x90 [ 1315.658891][T30849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1315.658906][T30849] RIP: 0033:0x7f075e75d68e [ 1315.658922][T30849] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1315.658936][T30849] RSP: 002b:00007f075f714fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1315.658954][T30849] RAX: ffffffffffffffda RBX: 00007f075f7156c0 RCX: 00007f075e75d68e [ 1315.658965][T30849] RDX: 000000000000000f RSI: 00007f075f7150a0 RDI: 0000000000000004 [ 1315.658975][T30849] RBP: 00007f075f715090 R08: 0000000000000000 R09: 0000000000000000 [ 1315.658985][T30849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1315.658995][T30849] R13: 00007f075ea16038 R14: 00007f075ea15fa0 R15: 00007ffc8650f538 [ 1315.659024][T30849] [ 1316.156171][T30867] IPVS: Unknown mcast interface: vcan0 [ 1316.430609][T30874] bridge0: port 1(00ªX¹¦Dö») entered disabled state [ 1317.210767][T30881] net_ratelimit: 26 callbacks suppressed [ 1317.210788][T30881] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 1317.284503][ T35] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1317.369245][T30909] __nla_validate_parse: 5 callbacks suppressed [ 1317.369262][T30909] netlink: 640 bytes leftover after parsing attributes in process `syz.4.23461'. [ 1317.419254][T30909] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 1317.432930][ T4090] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1317.555365][ T1019] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1317.654683][T30922] bond19: (slave C): Releasing backup interface [ 1317.694921][T30922] bond19: (slave C): last VLAN challenged slave left bond - VLAN blocking is removed [ 1317.717741][T30922] 0ªX¹¦Dö»: left allmulticast mode [ 1317.724041][T30922] 0ªX¹¦Dö»: left promiscuous mode [ 1317.729505][T30922] bridge0: port 1(00ªX¹¦Dö») entered disabled state [ 1317.748848][T30922] veth0_to_bond: left allmulticast mode [ 1317.759092][T30922] veth0_to_bond: left promiscuous mode [ 1317.767664][T30922] bridge10: port 2(veth0_to_bond) entered disabled state [ 1317.769926][T30932] FAULT_INJECTION: forcing a failure. [ 1317.769926][T30932] name failslab, interval 1, probability 0, space 0, times 0 [ 1317.779905][T30933] netlink: 28 bytes leftover after parsing attributes in process `syz.1.23466'. [ 1317.787408][T30932] CPU: 0 UID: 0 PID: 30932 Comm: syz.0.23468 Not tainted syzkaller #0 PREEMPT(full) [ 1317.787430][T30932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1317.787440][T30932] Call Trace: [ 1317.787448][T30932] [ 1317.787455][T30932] dump_stack_lvl+0xe8/0x150 [ 1317.787481][T30932] should_fail_ex+0x412/0x560 [ 1317.787509][T30932] should_failslab+0xa8/0x100 [ 1317.787532][T30932] ? skb_clone+0x212/0x3a0 [ 1317.787555][T30932] kmem_cache_alloc_noprof+0x87/0x650 [ 1317.787585][T30932] skb_clone+0x212/0x3a0 [ 1317.787610][T30932] bpf_clone_redirect+0x16a/0x4b0 [ 1317.787640][T30932] ? bpf_test_run+0x1d1/0x830 [ 1317.787662][T30932] bpf_prog_bf2aacce0757c8a7+0x65/0x7d [ 1317.787682][T30932] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1317.787716][T30932] ? __pfx___schedule+0x10/0x10 [ 1317.787735][T30932] ? ktime_get+0x45/0x220 [ 1317.787772][T30932] ? preempt_schedule_thunk+0x16/0x30 [ 1317.787795][T30932] ? preempt_schedule_common+0x82/0xd0 [ 1317.787815][T30932] ? bpf_test_run+0x1d1/0x830 [ 1317.787837][T30932] ? bpf_test_timer_continue+0x10c/0x320 [ 1317.787859][T30932] bpf_test_run+0x354/0x830 [ 1317.787897][T30932] ? __pfx_bpf_test_run+0x10/0x10 [ 1317.787932][T30932] ? eth_type_trans+0x484/0x7e0 [ 1317.787961][T30932] ? skb_dst_set+0x72/0x140 [ 1317.787984][T30932] bpf_prog_test_run_skb+0xe2c/0x2260 [ 1317.788024][T30932] ? __fget_files+0x3a0/0x420 [ 1317.788042][T30932] ? __fget_files+0x2a/0x420 [ 1317.788065][T30932] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 1317.788084][T30932] bpf_prog_test_run+0x2c7/0x340 [ 1317.788103][T30932] __sys_bpf+0x643/0x950 [ 1317.788127][T30932] ? __pfx___sys_bpf+0x10/0x10 [ 1317.788162][T30932] ? ksys_write+0x242/0x270 [ 1317.788186][T30932] ? __pfx_ksys_write+0x10/0x10 [ 1317.788210][T30932] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1317.788226][T30932] __x64_sys_bpf+0x7c/0x90 [ 1317.788248][T30932] do_syscall_64+0x15f/0xf80 [ 1317.788269][T30932] ? trace_irq_disable+0x3b/0x140 [ 1317.788291][T30932] ? clear_bhb_loop+0x40/0x90 [ 1317.788310][T30932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1317.788325][T30932] RIP: 0033:0x7f50ee99ce59 [ 1317.788340][T30932] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1317.788360][T30932] RSP: 002b:00007f50ef77e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1317.788378][T30932] RAX: ffffffffffffffda RBX: 00007f50eec15fa0 RCX: 00007f50ee99ce59 [ 1317.788389][T30932] RDX: 0000000000000023 RSI: 0000200000000240 RDI: 000000000000000a [ 1317.788400][T30932] RBP: 00007f50ef77e090 R08: 0000000000000000 R09: 0000000000000000 [ 1317.788410][T30932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1317.788419][T30932] R13: 00007f50eec16038 R14: 00007f50eec15fa0 R15: 00007ffc10cf3e98 [ 1317.788446][T30932] [ 1318.152694][T30922] team0: Port device ip6gre4 removed [ 1318.164797][T30922] bond11: (slave bond12): Releasing active interface [ 1318.194053][T30922] bond13: (slave ip6gretap1): Removing an active aggregator [ 1318.223925][T30922] bond13: (slave ip6gretap1): Releasing backup interface [ 1318.240176][T30922] veth9: left allmulticast mode [ 1318.246048][T30922] veth9: left promiscuous mode [ 1318.251060][T30922] bridge10: port 1(veth9) entered disabled state [ 1318.267475][T30922] bond18: (slave vcan1): Releasing backup interface [ 1318.279744][T30922] vcan1: left promiscuous mode [ 1318.302814][T10096] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1318.413550][ T1019] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1318.533193][T10096] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1318.561545][T30962] netlink: 12 bytes leftover after parsing attributes in process `syz.0.23475'. [ 1318.595771][T30962] block nbd3: Unsupported socket: should be TCP or UNIX. [ 1318.616883][T30972] netlink: 8 bytes leftover after parsing attributes in process `syz.0.23475'. [ 1318.642817][ T4090] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1318.763862][T30972] 8021q: adding VLAN 0 to HW filter on device bond33 [ 1318.775630][T30983] rdma_rxe: rxe_newlink: failed to add xfrm0 [ 1318.802931][T10096] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1318.851279][T30986] netlink: 148 bytes leftover after parsing attributes in process `syz.1.23478'. [ 1319.181124][ T7205] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1319.201600][ T7205] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1319.212876][ T7205] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1319.230384][ T7205] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1319.238219][ T7205] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1320.081650][T31035] ipt_REJECT: TCP_RESET invalid for non-tcp [ 1320.320120][T31043] netlink: 8 bytes leftover after parsing attributes in process `syz.3.23492'. [ 1320.338341][ T5854] syz_tun (unregistering): left allmulticast mode [ 1320.375791][T31005] wg1 speed is unknown, defaulting to 1000 [ 1320.394293][T31005] »»»»»» speed is unknown, defaulting to 1000 [ 1320.415145][T31005] xfrm0 speed is unknown, defaulting to 1000 [ 1320.448105][T31048] syzkaller0: entered promiscuous mode [ 1320.467946][T31048] syzkaller0: entered allmulticast mode [ 1321.014428][T31071] macsec0: left allmulticast mode [ 1321.019749][T31071] bond4: left promiscuous mode [ 1321.030973][T31071] bond4: left allmulticast mode [ 1321.037861][T31071] veth3: left allmulticast mode [ 1321.044074][T31071] ip6gre2: left allmulticast mode [ 1321.049286][T31071] : left promiscuous mode [ 1321.054288][T31071] bridge0: left promiscuous mode [ 1321.060299][T31071] gretap1: left promiscuous mode [ 1321.067465][T31071] gretap1: left allmulticast mode [ 1321.073411][T31071] vlan2: left allmulticast mode [ 1321.078411][T31071] veth1_virt_wifi: left allmulticast mode [ 1321.085833][T31071] bond9: left promiscuous mode [ 1321.090867][T31071] ip6gre4: left allmulticast mode [ 1321.097614][T31071] vlan3: left allmulticast mode [ 1321.103319][T31071] bond10: left allmulticast mode [ 1321.108704][T31071] veth5: left allmulticast mode [ 1321.114879][T31071] vlan4: left allmulticast mode [ 1321.119774][T31071] bond0: left allmulticast mode [ 1321.125712][T31071] macvlan0: left promiscuous mode [ 1321.131817][T31071] bond18: left promiscuous mode [ 1321.139370][T31071] ip6erspan2: left allmulticast mode [ 1321.146960][T31071] gtp1: left promiscuous mode [ 1321.151793][T31071] gtp1: left allmulticast mode [ 1321.159105][T31071] bond26: left promiscuous mode [ 1321.165182][T31071] veth11: left allmulticast mode [ 1321.170340][T31071] bridge14: left promiscuous mode [ 1321.184261][T31071] bridge14: left allmulticast mode [ 1321.272479][ T7205] Bluetooth: hci5: command tx timeout [ 1321.581439][T31005] bridge0: port 1(bridge_slave_0) entered blocking state [ 1321.589756][T31005] bridge0: port 1(bridge_slave_0) entered disabled state [ 1321.597642][T31005] bridge_slave_0: entered allmulticast mode [ 1321.606523][T31005] bridge_slave_0: entered promiscuous mode [ 1321.616195][T31005] bridge0: port 2(bridge_slave_1) entered blocking state [ 1321.624090][T31005] bridge0: port 2(bridge_slave_1) entered disabled state [ 1321.632589][T31005] bridge_slave_1: entered allmulticast mode [ 1321.639768][T31005] bridge_slave_1: entered promiscuous mode [ 1321.677890][T31005] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1321.691016][T31005] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1321.727204][T31005] team0: Port device team_slave_0 added [ 1321.736219][T31005] team0: Port device team_slave_1 added [ 1321.767614][T31005] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1321.775137][T31005] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1321.801673][T31005] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1321.814824][T31005] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1321.821777][T31005] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1321.848679][T31005] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1321.907452][T31005] hsr_slave_0: entered promiscuous mode [ 1321.914126][T31005] hsr_slave_1: entered promiscuous mode [ 1322.119568][T31100] tipc: Failed to remove unknown binding: 66,0,0/3758096385:968414125/968414127 [ 1322.129276][T31100] tipc: Failed to remove unknown binding: 66,0,0/3758096385:968414125/968414126 [ 1322.148560][T31100] tipc: Failed to remove unknown binding: 66,0,0/3758096385:968414125/968414127 [ 1322.158624][T31100] tipc: Failed to remove unknown binding: 66,0,0/3758096385:968414125/968414126 [ 1322.302458][T10096] net_ratelimit: 15 callbacks suppressed [ 1322.302479][T10096] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1322.422705][T10096] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1322.532526][T10096] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1322.642875][ T1117] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1322.762486][T10096] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1322.872561][ T4090] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1322.982496][T10096] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1323.095035][ T1019] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1323.213719][ T1019] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1323.322653][ T1019] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1323.352685][ T7205] Bluetooth: hci5: command tx timeout [ 1323.907998][T31067] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1323.954424][T31005] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1324.008453][T31005] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1324.024815][T31005] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1324.063313][T31005] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1324.078610][T31005] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1324.095648][T31127] netlink: 9 bytes leftover after parsing attributes in process `syz.0.23512'. [ 1324.100619][T31005] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1324.123343][T31005] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1324.147839][T31005] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1324.308319][T31124] netlink: 964 bytes leftover after parsing attributes in process `syz.4.23510'. [ 1324.463834][T31005] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1324.530736][T31152] netlink: 'syz.4.23516': attribute type 1 has an invalid length. [ 1324.547684][T31152] netlink: 12 bytes leftover after parsing attributes in process `syz.4.23516'. [ 1324.560895][T31005] 8021q: adding VLAN 0 to HW filter on device team0 [ 1324.573772][T31152] netlink: 658 bytes leftover after parsing attributes in process `syz.4.23516'. [ 1324.594150][ T1117] bridge0: port 1(bridge_slave_0) entered blocking state [ 1324.601404][ T1117] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1324.619463][T31152] netlink: 'syz.4.23516': attribute type 1 has an invalid length. [ 1324.659601][ T1117] bridge0: port 2(bridge_slave_1) entered blocking state [ 1324.666840][ T1117] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1324.873780][T31169] netlink: 144 bytes leftover after parsing attributes in process `syz.1.23521'. [ 1324.886190][T31170] netlink: 144 bytes leftover after parsing attributes in process `syz.1.23521'. [ 1325.089809][T31179] netlink: 9 bytes leftover after parsing attributes in process `syz.3.23523'. [ 1325.433975][ T7205] Bluetooth: hci5: command tx timeout [ 1325.777959][T31005] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1325.904739][T31005] veth0_vlan: entered promiscuous mode [ 1325.931839][T31005] veth1_vlan: entered promiscuous mode [ 1325.988964][T31005] veth0_macvtap: entered promiscuous mode [ 1326.021531][T31005] veth1_macvtap: entered promiscuous mode [ 1326.054507][T31005] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1326.074899][T31005] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1326.100767][ T4090] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1326.111410][ T35] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1326.121434][ T35] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1326.137386][ T35] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1326.409490][T31254] netlink: 4 bytes leftover after parsing attributes in process `syz.0.23544'. [ 1326.515474][ T1019] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1326.550753][ T1019] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1326.645962][ T1117] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1326.666480][ T1117] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1326.871402][T31282] netlink: 'syz.2.23484': attribute type 10 has an invalid length. [ 1326.967270][T31282] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1326.999126][T31282] bond0: (slave netdevsim1): Enslaving as an active interface with an up link [ 1327.270898][ T5858] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1327.285852][ T5858] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1327.298885][ T5858] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1327.313647][ T5858] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1327.326956][ T5858] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1327.335461][ T1117] net_ratelimit: 27 callbacks suppressed [ 1327.335476][ T1117] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1327.458234][T31315] netlink: 'syz.2.23561': attribute type 8 has an invalid length. [ 1327.513446][ T7205] Bluetooth: hci5: command tx timeout [ 1327.522852][ T35] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1327.584748][T31321] netlink: 640 bytes leftover after parsing attributes in process `syz.1.23563'. [ 1327.594986][T31321] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 1327.642572][ T1117] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1327.737920][T31324] openvswitch: netlink: IP tunnel dst address not specified [ 1327.762966][ T35] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1327.772807][T31324] netlink: 48 bytes leftover after parsing attributes in process `syz.4.23564'. [ 1327.902916][ T1019] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1327.956697][T31335] syzkaller1: entered promiscuous mode [ 1327.980545][T31335] syzkaller1: entered allmulticast mode [ 1328.102545][ T35] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1328.238892][ T4090] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1328.297411][T31302] wg1 speed is unknown, defaulting to 1000 [ 1328.313131][T31362] C: entered allmulticast mode [ 1328.336077][T31362] tunl0: entered allmulticast mode [ 1328.348620][T31362] gre0: entered allmulticast mode [ 1328.413496][T31369] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 1328.414220][T31362] 0ªX¹¦Dö»: entered allmulticast mode [ 1328.444949][T31362] erspan0: entered allmulticast mode [ 1328.455599][T31362] ip_vti0: entered allmulticast mode [ 1328.466574][T31362] ip6_vti0: entered allmulticast mode [ 1328.475624][T31362] sit0: entered allmulticast mode [ 1328.500889][T31362] ip6tnl0: entered allmulticast mode [ 1328.509978][T31362] ip6gre0: entered allmulticast mode [ 1328.522974][T31362] bridge0: entered allmulticast mode [ 1328.535995][T31362] bond0: entered allmulticast mode [ 1328.547298][T31362] team0: entered allmulticast mode [ 1328.554871][T31362] 8021q: adding VLAN 0 to HW filter on device team0 [ 1328.564375][T31362] H: entered allmulticast mode [ 1328.572808][T31362] nlmon0: entered allmulticast mode [ 1328.579622][T31362] batadv0: entered allmulticast mode [ 1328.587694][T31362] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1328.597719][T31302] »»»»»» speed is unknown, defaulting to 1000 [ 1328.614790][T31302] xfrm0 speed is unknown, defaulting to 1000 [ 1328.817686][T31384] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 1328.828978][T31387] Cannot find add_set index 0 as target [ 1328.965029][T31394] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 1329.113906][T31403] netlink: 'syz.2.23591': attribute type 1 has an invalid length. [ 1329.261835][T31414] bond32: option fail_over_mac: invalid value (16) [ 1329.275848][T31414] bond32 (unregistering): Released all slaves [ 1329.337712][T31417] __nla_validate_parse: 6 callbacks suppressed [ 1329.337730][T31417] netlink: 288 bytes leftover after parsing attributes in process `syz.0.23594'. [ 1329.435468][ T7205] Bluetooth: hci3: command tx timeout [ 1329.456377][T31427] tipc: Bearer : already 2 bearers with priority 10 [ 1329.464187][T31427] tipc: Bearer : trying with adjusted priority [ 1329.471170][T31427] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 1329.973422][T31302] bridge0: port 1(bridge_slave_0) entered blocking state [ 1330.007783][T31302] bridge0: port 1(bridge_slave_0) entered disabled state [ 1330.032933][T31302] bridge_slave_0: entered allmulticast mode [ 1330.051290][T31302] bridge_slave_0: entered promiscuous mode [ 1330.075851][T31302] bridge0: port 2(bridge_slave_1) entered blocking state [ 1330.100030][T31302] bridge0: port 2(bridge_slave_1) entered disabled state [ 1330.108412][T31302] bridge_slave_1: entered allmulticast mode [ 1330.118088][T31302] bridge_slave_1: entered promiscuous mode [ 1330.140766][T31461] tipc: Can't add remote ip to TIPC UDP multicast bearer [ 1330.168016][T31457] netlink: 4 bytes leftover after parsing attributes in process `syz.0.23604'. [ 1330.432604][T31302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1330.505230][T31302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1330.894484][T31302] team0: Port device team_slave_0 added [ 1330.959013][T31302] team0: Port device team_slave_1 added [ 1331.020266][T31489] syzkaller0: entered promiscuous mode [ 1331.034090][T31489] syzkaller0: entered allmulticast mode [ 1331.056859][T31500] tipc: Enabling not permitted [ 1331.070081][T31500] tipc: Enabling of bearer rejected, failed to enable media [ 1331.221352][T31507] netlink: 12 bytes leftover after parsing attributes in process `syz.2.23611'. [ 1331.283956][T31302] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1331.321186][T31302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1331.377362][T31302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1331.393730][T31302] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1331.411101][T31302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1331.479953][T31302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1331.514289][ T7205] Bluetooth: hci3: command tx timeout [ 1331.560986][T31302] hsr_slave_0: entered promiscuous mode [ 1331.568448][T31302] hsr_slave_1: entered promiscuous mode [ 1331.575461][T31302] debugfs: 'hsr0' already exists in 'hsr' [ 1331.581326][T31302] Cannot create hsr debugfs directory [ 1331.636765][T31519] IPv6: NLM_F_CREATE should be specified when creating new route [ 1331.784191][T31531] netlink: 640 bytes leftover after parsing attributes in process `syz.0.23618'. [ 1331.868216][T31534] ipvlan3: entered allmulticast mode [ 1331.937516][T31302] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1331.962719][T31536] tipc: Bearer : already 2 bearers with priority 10 [ 1331.970782][T31536] tipc: Bearer : trying with adjusted priority [ 1331.979038][T31536] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 1332.147908][T31302] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1332.302387][T31302] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1332.354100][ T4090] net_ratelimit: 16 callbacks suppressed [ 1332.354118][ T4090] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1332.390784][ T4090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1332.400958][ T4090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1332.428755][T31302] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1332.452770][T31564] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1332.488040][ T4090] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1332.608752][T11303] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1332.829963][T31302] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1332.846535][T31302] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1332.859190][T31302] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1332.873662][T31302] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1332.884574][T31302] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1332.901004][T31302] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1332.921172][T31302] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1332.961323][T31302] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1333.022163][T11303] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1333.171564][T31302] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1333.211784][T31302] 8021q: adding VLAN 0 to HW filter on device team0 [ 1333.245904][T11303] bridge0: port 1(bridge_slave_0) entered blocking state [ 1333.253112][T11303] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1333.271115][T13115] bridge0: port 2(bridge_slave_1) entered blocking state [ 1333.278364][T13115] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1333.432368][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1333.442449][T13115] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1333.485191][T31625] ipvlan3: entered allmulticast mode [ 1333.562974][ T4090] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1333.593483][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1333.593791][ T7205] Bluetooth: hci3: command tx timeout [ 1333.674752][ T141] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1333.722978][T31641] netlink: 60 bytes leftover after parsing attributes in process `syz.1.23660'. [ 1333.812688][T31476] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1333.850202][T31648] netlink: 8 bytes leftover after parsing attributes in process `syz.2.23661'. [ 1333.868250][T31648] : entered promiscuous mode [ 1334.364051][T31302] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1334.411859][T31682] syzkaller0: entered promiscuous mode [ 1334.419661][T31682] syzkaller0: entered allmulticast mode [ 1334.738784][T31302] veth0_vlan: entered promiscuous mode [ 1334.776464][T31302] veth1_vlan: entered promiscuous mode [ 1334.910129][T31714] vlan2: entered promiscuous mode [ 1334.916899][T31714] geneve1: entered promiscuous mode [ 1334.924355][T31714] vlan2: entered allmulticast mode [ 1334.929631][T31714] geneve1: entered allmulticast mode [ 1335.001013][T31302] veth0_macvtap: entered promiscuous mode [ 1335.083694][T31302] veth1_macvtap: entered promiscuous mode [ 1335.136931][T31302] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1335.328308][T31302] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1335.348738][T31476] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1335.380852][T31476] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1335.400032][T31476] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1335.426439][T31476] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1335.673752][ T7205] Bluetooth: hci3: command tx timeout [ 1335.681230][ T8426] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1335.703534][ T8426] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1335.794011][ T1117] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1335.821476][ T1117] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1336.413872][T31789] netlink: 8 bytes leftover after parsing attributes in process `syz.1.23709'. [ 1336.451656][T31789] netlink: 4 bytes leftover after parsing attributes in process `syz.1.23709'. [ 1336.473417][T31789] netlink: 'syz.1.23709': attribute type 14 has an invalid length. [ 1336.490345][T31789] netlink: 'syz.1.23709': attribute type 13 has an invalid length. [ 1336.531575][T31790] netlink: 72 bytes leftover after parsing attributes in process `syz.1.23709'. [ 1336.551690][T31789] netlink: 72 bytes leftover after parsing attributes in process `syz.1.23709'. [ 1336.581419][ T5858] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1336.605367][ T5858] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1336.613408][ T5858] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1336.621352][ T5858] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1336.629723][ T5858] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1336.685328][T31799] ipvlan2: entered allmulticast mode [ 1336.727599][T31799] batadv_slave_1: entered allmulticast mode [ 1336.746598][T31799] batman_adv: batadv0: Adding interface: ipvlan2 [ 1336.767774][T31799] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1336.803045][T31799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1336.830156][T31799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1336.855602][T31799] batman_adv: batadv0: Interface activated: ipvlan2 [ 1337.367920][T31792] wg1 speed is unknown, defaulting to 1000 [ 1337.383021][T31476] net_ratelimit: 22 callbacks suppressed [ 1337.383041][T31476] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1337.414482][T31792] »»»»»» speed is unknown, defaulting to 1000 [ 1337.441881][T31792] xfrm0 speed is unknown, defaulting to 1000 [ 1337.522473][T11303] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1337.595673][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1337.662900][ T1117] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1337.792786][ T8426] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1337.804066][T31862] netlink: 'syz.4.23727': attribute type 1 has an invalid length. [ 1337.816010][T31866] netlink: 8 bytes leftover after parsing attributes in process `syz.1.23728'. [ 1337.816141][T31862] netlink: 24 bytes leftover after parsing attributes in process `syz.4.23727'. [ 1337.837236][T31869] netlink: 104 bytes leftover after parsing attributes in process `syz.3.23729'. [ 1337.922331][ T8426] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1337.955026][T31862] netlink: 12 bytes leftover after parsing attributes in process `syz.4.23727'. [ 1338.043079][ T141] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1338.140290][T31880] FAULT_INJECTION: forcing a failure. [ 1338.140290][T31880] name failslab, interval 1, probability 0, space 0, times 0 [ 1338.153004][T31880] CPU: 1 UID: 0 PID: 31880 Comm: syz.1.23734 Not tainted syzkaller #0 PREEMPT(full) [ 1338.153025][T31880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1338.153036][T31880] Call Trace: [ 1338.153043][T31880] [ 1338.153050][T31880] dump_stack_lvl+0xe8/0x150 [ 1338.153073][T31880] should_fail_ex+0x412/0x560 [ 1338.153100][T31880] should_failslab+0xa8/0x100 [ 1338.153123][T31880] ? skb_clone+0x212/0x3a0 [ 1338.153146][T31880] kmem_cache_alloc_noprof+0x87/0x650 [ 1338.153169][T31880] ? __pfx_netif_rx_internal+0x10/0x10 [ 1338.153193][T31880] skb_clone+0x212/0x3a0 [ 1338.153219][T31880] bpf_clone_redirect+0x16a/0x4b0 [ 1338.153248][T31880] ? bpf_test_run+0x1d1/0x830 [ 1338.153269][T31880] bpf_prog_bf2aacce0757c8a7+0x65/0x7d [ 1338.153290][T31880] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1338.153324][T31880] ? __pfx___schedule+0x10/0x10 [ 1338.153344][T31880] ? ktime_get+0x45/0x220 [ 1338.153379][T31880] ? preempt_schedule_thunk+0x16/0x30 [ 1338.153403][T31880] ? preempt_schedule_common+0x82/0xd0 [ 1338.153422][T31880] ? bpf_test_run+0x1d1/0x830 [ 1338.153444][T31880] ? bpf_test_timer_continue+0x10c/0x320 [ 1338.153465][T31880] bpf_test_run+0x354/0x830 [ 1338.153504][T31880] ? __pfx_bpf_test_run+0x10/0x10 [ 1338.153540][T31880] ? eth_type_trans+0x484/0x7e0 [ 1338.153569][T31880] ? skb_dst_set+0x72/0x140 [ 1338.153592][T31880] bpf_prog_test_run_skb+0xe2c/0x2260 [ 1338.153635][T31880] ? __fget_files+0x3a0/0x420 [ 1338.153653][T31880] ? __fget_files+0x2a/0x420 [ 1338.153677][T31880] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 1338.153699][T31880] bpf_prog_test_run+0x2c7/0x340 [ 1338.153720][T31880] __sys_bpf+0x643/0x950 [ 1338.153745][T31880] ? __pfx___sys_bpf+0x10/0x10 [ 1338.153784][T31880] ? ksys_write+0x242/0x270 [ 1338.153807][T31880] ? __pfx_ksys_write+0x10/0x10 [ 1338.153834][T31880] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1338.153852][T31880] __x64_sys_bpf+0x7c/0x90 [ 1338.153875][T31880] do_syscall_64+0x15f/0xf80 [ 1338.153896][T31880] ? trace_irq_disable+0x3b/0x140 [ 1338.153918][T31880] ? clear_bhb_loop+0x40/0x90 [ 1338.153946][T31880] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1338.153962][T31880] RIP: 0033:0x7fc6a959ce59 [ 1338.153978][T31880] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1338.153991][T31880] RSP: 002b:00007fc6aa484028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1338.154009][T31880] RAX: ffffffffffffffda RBX: 00007fc6a9815fa0 RCX: 00007fc6a959ce59 [ 1338.154021][T31880] RDX: 0000000000000023 RSI: 0000200000000240 RDI: 000000000000000a [ 1338.154032][T31880] RBP: 00007fc6aa484090 R08: 0000000000000000 R09: 0000000000000000 [ 1338.154042][T31880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1338.154052][T31880] R13: 00007fc6a9816038 R14: 00007fc6a9815fa0 R15: 00007ffdadaed498 [ 1338.154081][T31880] [ 1338.635373][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1338.714679][ T7205] Bluetooth: hci4: command tx timeout [ 1338.762653][ T8426] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1338.958343][ T8426] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1338.968985][T31901] syzkaller0: entered promiscuous mode [ 1338.975042][T31901] syzkaller0: entered allmulticast mode [ 1339.141464][T31916] syz_tun: entered allmulticast mode [ 1339.214382][T31916] pimreg: entered allmulticast mode [ 1339.229442][T31927] No such timeout policy "syz1" [ 1339.288203][T31914] syz_tun: left allmulticast mode [ 1339.295066][T31792] bridge0: port 1(bridge_slave_0) entered blocking state [ 1339.315878][T31792] bridge0: port 1(bridge_slave_0) entered disabled state [ 1339.331226][T31792] bridge_slave_0: entered allmulticast mode [ 1339.355072][T31792] bridge_slave_0: entered promiscuous mode [ 1339.370843][T31792] bridge0: port 2(bridge_slave_1) entered blocking state [ 1339.386886][T31792] bridge0: port 2(bridge_slave_1) entered disabled state [ 1339.403018][T31792] bridge_slave_1: entered allmulticast mode [ 1339.416347][T31792] bridge_slave_1: entered promiscuous mode [ 1339.442769][T31936] x_tables: unsorted underflow at hook 1 [ 1339.490813][T31936] netlink: 224 bytes leftover after parsing attributes in process `syz.1.23756'. [ 1339.504145][T31792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1339.532029][T31936] netlink: 8 bytes leftover after parsing attributes in process `syz.1.23756'. [ 1339.539809][T31792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1339.778351][T31792] team0: Port device team_slave_0 added [ 1339.858928][T31792] team0: Port device team_slave_1 added [ 1339.919676][T31792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1339.944276][T31792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1339.986771][T31792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1340.015360][T31792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1340.023313][T31792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1340.049945][T31792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1340.186207][T31792] hsr_slave_0: entered promiscuous mode [ 1340.193371][T31792] hsr_slave_1: entered promiscuous mode [ 1340.200017][T31792] debugfs: 'hsr0' already exists in 'hsr' [ 1340.207741][T31792] Cannot create hsr debugfs directory [ 1340.681308][T31986] netlink: 'syz.1.23770': attribute type 1 has an invalid length. [ 1340.789534][T31792] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0 [ 1340.802674][ T7205] Bluetooth: hci4: command tx timeout [ 1340.816320][T31792] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 1340.970934][T32000] FAULT_INJECTION: forcing a failure. [ 1340.970934][T32000] name failslab, interval 1, probability 0, space 0, times 0 [ 1340.983623][T32000] CPU: 0 UID: 0 PID: 32000 Comm: syz.4.23776 Not tainted syzkaller #0 PREEMPT(full) [ 1340.983644][T32000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1340.983653][T32000] Call Trace: [ 1340.983660][T32000] [ 1340.983666][T32000] dump_stack_lvl+0xe8/0x150 [ 1340.983690][T32000] should_fail_ex+0x412/0x560 [ 1340.983716][T32000] should_failslab+0xa8/0x100 [ 1340.983739][T32000] ? skb_clone+0x212/0x3a0 [ 1340.983761][T32000] kmem_cache_alloc_noprof+0x87/0x650 [ 1340.983784][T32000] ? __pfx_netif_rx_internal+0x10/0x10 [ 1340.983808][T32000] skb_clone+0x212/0x3a0 [ 1340.983833][T32000] bpf_clone_redirect+0x16a/0x4b0 [ 1340.983863][T32000] ? bpf_test_run+0x1d1/0x830 [ 1340.983882][T32000] bpf_prog_bf2aacce0757c8a7+0x65/0x7d [ 1340.983900][T32000] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1340.983932][T32000] ? __pfx___schedule+0x10/0x10 [ 1340.983951][T32000] ? ktime_get+0x45/0x220 [ 1340.983983][T32000] ? preempt_schedule_thunk+0x16/0x30 [ 1340.984005][T32000] ? preempt_schedule_common+0x82/0xd0 [ 1340.984042][T32000] ? bpf_test_run+0x1d1/0x830 [ 1340.984062][T32000] ? bpf_test_timer_continue+0x10c/0x320 [ 1340.984091][T32000] bpf_test_run+0x354/0x830 [ 1340.984130][T32000] ? __pfx_bpf_test_run+0x10/0x10 [ 1340.984163][T32000] ? eth_type_trans+0x484/0x7e0 [ 1340.984191][T32000] ? skb_dst_set+0x72/0x140 [ 1340.984210][T32000] bpf_prog_test_run_skb+0xe2c/0x2260 [ 1340.984248][T32000] ? __fget_files+0x3a0/0x420 [ 1340.984264][T32000] ? __fget_files+0x2a/0x420 [ 1340.984284][T32000] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 1340.984303][T32000] bpf_prog_test_run+0x2c7/0x340 [ 1340.984324][T32000] __sys_bpf+0x643/0x950 [ 1340.984348][T32000] ? __pfx___sys_bpf+0x10/0x10 [ 1340.984385][T32000] ? ksys_write+0x242/0x270 [ 1340.984407][T32000] ? __pfx_ksys_write+0x10/0x10 [ 1340.984429][T32000] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1340.984444][T32000] __x64_sys_bpf+0x7c/0x90 [ 1340.984465][T32000] do_syscall_64+0x15f/0xf80 [ 1340.984484][T32000] ? trace_irq_disable+0x3b/0x140 [ 1340.984503][T32000] ? clear_bhb_loop+0x40/0x90 [ 1340.984522][T32000] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1340.984536][T32000] RIP: 0033:0x7fa0a459ce59 [ 1340.984550][T32000] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1340.984563][T32000] RSP: 002b:00007fa0a5386028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1340.984580][T32000] RAX: ffffffffffffffda RBX: 00007fa0a4815fa0 RCX: 00007fa0a459ce59 [ 1340.984591][T32000] RDX: 0000000000000023 RSI: 0000200000000240 RDI: 000000000000000a [ 1340.984600][T32000] RBP: 00007fa0a5386090 R08: 0000000000000000 R09: 0000000000000000 [ 1340.984607][T32000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1340.984615][T32000] R13: 00007fa0a4816038 R14: 00007fa0a4815fa0 R15: 00007fff6ab84c18 [ 1340.984639][T32000] [ 1341.461389][T32012] netlink: 'syz.4.23779': attribute type 1 has an invalid length. [ 1341.474138][T31792] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0 [ 1341.484835][T31792] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 1341.607328][T32007] bond32 (unregistering): Released all slaves [ 1341.641871][T32012] workqueue: Failed to create a rescuer kthread for wq "bond32": -EINTR [ 1341.645937][T32008] __nla_validate_parse: 6 callbacks suppressed [ 1341.645955][T32008] netlink: 68 bytes leftover after parsing attributes in process `syz.1.23778'. [ 1341.804753][T31792] bond0: (slave netdevsim1): Releasing backup interface [ 1341.839964][T31792] netdevsim netdevsim0 netdevsim1 (unregistering): left allmulticast mode [ 1341.845072][T32035] netlink: 640 bytes leftover after parsing attributes in process `syz.1.23784'. [ 1341.858003][T31792] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0 [ 1341.858061][T31792] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 1342.191845][T31792] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0 [ 1342.218561][T31792] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 1342.483053][ T141] net_ratelimit: 18 callbacks suppressed [ 1342.483072][ T141] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1342.601832][T32073] netlink: 640 bytes leftover after parsing attributes in process `syz.2.23798'. [ 1342.634277][T32073] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 1342.700402][T31792] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1342.734530][T32080] netlink: 36 bytes leftover after parsing attributes in process `syz.2.23801'. [ 1342.747869][T31792] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1342.765994][T31792] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1342.780213][T31792] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1342.794803][T25587] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1342.795174][T11303] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1342.819301][T31792] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1342.834690][T31792] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1342.843648][T32082] FAULT_INJECTION: forcing a failure. [ 1342.843648][T32082] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1342.858588][T31792] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1342.870858][T31792] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1342.878898][T32082] CPU: 1 UID: 0 PID: 32082 Comm: syz.3.23802 Not tainted syzkaller #0 PREEMPT(full) [ 1342.878920][T32082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1342.878930][T32082] Call Trace: [ 1342.878937][T32082] [ 1342.878945][T32082] dump_stack_lvl+0xe8/0x150 [ 1342.878972][T32082] should_fail_ex+0x412/0x560 [ 1342.878998][T32082] _copy_from_user+0x2d/0xb0 [ 1342.879022][T32082] generic_map_update_batch+0x69a/0x990 [ 1342.879052][T32082] ? __pfx_generic_map_update_batch+0x10/0x10 [ 1342.879072][T32082] ? __fget_files+0x2a/0x420 [ 1342.879098][T32082] ? __pfx_generic_map_update_batch+0x10/0x10 [ 1342.879118][T32082] bpf_map_do_batch+0x39b/0x630 [ 1342.879141][T32082] __sys_bpf+0x7c1/0x950 [ 1342.879166][T32082] ? __pfx___sys_bpf+0x10/0x10 [ 1342.879204][T32082] ? ksys_write+0x242/0x270 [ 1342.879228][T32082] ? __pfx_ksys_write+0x10/0x10 [ 1342.879254][T32082] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1342.879273][T32082] __x64_sys_bpf+0x7c/0x90 [ 1342.879295][T32082] do_syscall_64+0x15f/0xf80 [ 1342.879317][T32082] ? trace_irq_disable+0x3b/0x140 [ 1342.879339][T32082] ? clear_bhb_loop+0x40/0x90 [ 1342.879360][T32082] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1342.879376][T32082] RIP: 0033:0x7ff46499ce59 [ 1342.879393][T32082] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1342.879407][T32082] RSP: 002b:00007ff4658df028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1342.879425][T32082] RAX: ffffffffffffffda RBX: 00007ff464c15fa0 RCX: 00007ff46499ce59 [ 1342.879437][T32082] RDX: 0000000000000038 RSI: 0000200000000500 RDI: 000000000000001a [ 1342.879447][T32082] RBP: 00007ff4658df090 R08: 0000000000000000 R09: 0000000000000000 [ 1342.879461][T32082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1342.879471][T32082] R13: 00007ff464c16038 R14: 00007ff464c15fa0 R15: 00007ffff9f5fea8 [ 1342.879506][T32082] [ 1342.885169][ T7205] Bluetooth: hci4: command tx timeout [ 1343.302741][ T1117] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1343.317865][T32108] No such timeout policy "syz1" [ 1343.363048][T31792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1343.387577][T31792] 8021q: adding VLAN 0 to HW filter on device team0 [ 1343.409284][ T1117] bridge0: port 1(bridge_slave_0) entered blocking state [ 1343.416415][ T1117] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1343.474301][ T1117] bridge0: port 2(bridge_slave_1) entered blocking state [ 1343.481495][ T1117] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1343.532634][ T1117] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1343.564815][T32118] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.23810'. [ 1343.663169][ T4090] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1343.704135][T32125] netlink: 36 bytes leftover after parsing attributes in process `syz.4.23812'. [ 1343.764929][T32128] FAULT_INJECTION: forcing a failure. [ 1343.764929][T32128] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1343.779359][T32128] CPU: 0 UID: 0 PID: 32128 Comm: syz.4.23814 Not tainted syzkaller #0 PREEMPT(full) [ 1343.779381][T32128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1343.779399][T32128] Call Trace: [ 1343.779406][T32128] [ 1343.779414][T32128] dump_stack_lvl+0xe8/0x150 [ 1343.779439][T32128] should_fail_ex+0x412/0x560 [ 1343.779465][T32128] _copy_from_user+0x2d/0xb0 [ 1343.779486][T32128] generic_map_update_batch+0x648/0x990 [ 1343.779514][T32128] ? __pfx_generic_map_update_batch+0x10/0x10 [ 1343.779536][T32128] ? __fget_files+0x2a/0x420 [ 1343.779559][T32128] ? __pfx_generic_map_update_batch+0x10/0x10 [ 1343.779578][T32128] bpf_map_do_batch+0x39b/0x630 [ 1343.779600][T32128] __sys_bpf+0x7c1/0x950 [ 1343.779624][T32128] ? __pfx___sys_bpf+0x10/0x10 [ 1343.779661][T32128] ? ksys_write+0x242/0x270 [ 1343.779687][T32128] ? __pfx_ksys_write+0x10/0x10 [ 1343.779712][T32128] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1343.779731][T32128] __x64_sys_bpf+0x7c/0x90 [ 1343.779753][T32128] do_syscall_64+0x15f/0xf80 [ 1343.779775][T32128] ? trace_irq_disable+0x3b/0x140 [ 1343.779798][T32128] ? clear_bhb_loop+0x40/0x90 [ 1343.779818][T32128] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1343.779834][T32128] RIP: 0033:0x7fa0a459ce59 [ 1343.779850][T32128] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1343.779864][T32128] RSP: 002b:00007fa0a5386028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1343.779882][T32128] RAX: ffffffffffffffda RBX: 00007fa0a4815fa0 RCX: 00007fa0a459ce59 [ 1343.779893][T32128] RDX: 0000000000000038 RSI: 0000200000000500 RDI: 000000000000001a [ 1343.779903][T32128] RBP: 00007fa0a5386090 R08: 0000000000000000 R09: 0000000000000000 [ 1343.779913][T32128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1343.779922][T32128] R13: 00007fa0a4816038 R14: 00007fa0a4815fa0 R15: 00007fff6ab84c18 [ 1343.779947][T32128] [ 1343.783267][T13115] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1343.847186][T32130] netlink: 36 bytes leftover after parsing attributes in process `syz.1.23813'. [ 1343.851254][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1343.889548][T32132] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 1344.046624][T32134] ipvlan3: entered allmulticast mode [ 1344.077120][T32134] batman_adv: batadv0: Adding interface: ipvlan3 [ 1344.094906][T32134] batman_adv: batadv0: The MTU of interface ipvlan3 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1344.124850][T32134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1344.137606][T32134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1344.148015][T32134] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: ipvlan2 [ 1344.158534][T32134] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1344.169467][T32134] batman_adv: batadv0: Interface activated: ipvlan3 [ 1344.290050][T32147] No such timeout policy "syz1" [ 1344.419986][T32153] netlink: 'syz.3.23821': attribute type 8 has an invalid length. [ 1344.476757][T31792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1344.549531][T31792] veth0_vlan: entered promiscuous mode [ 1344.570271][T31792] veth1_vlan: entered promiscuous mode [ 1344.615504][T31792] veth0_macvtap: entered promiscuous mode [ 1344.629899][T31792] veth1_macvtap: entered promiscuous mode [ 1344.631571][T32160] netlink: 36 bytes leftover after parsing attributes in process `syz.3.23823'. [ 1344.651718][T31792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1344.671727][T31792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1344.688122][ T141] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1344.711748][ T141] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1344.734600][ T141] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1344.743714][ T141] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1344.752967][T32162] syzkaller1: entered promiscuous mode [ 1344.758602][T32162] syzkaller1: entered allmulticast mode [ 1345.123286][ T7205] Bluetooth: hci4: command tx timeout [ 1346.240252][T32100] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1346.456029][ T8426] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1346.490266][ T8426] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1346.567265][T32174] sctp: [Deprecated]: syz.3.23829 (pid 32174) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1346.567265][T32174] Use struct sctp_sack_info instead [ 1346.598562][ T1117] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1346.637421][ T1117] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1346.989014][T32199] lo: entered promiscuous mode [ 1347.009027][T32199] lo: entered allmulticast mode [ 1347.017605][T32199] tunl0: entered promiscuous mode [ 1347.024663][T32199] tunl0: entered allmulticast mode [ 1347.031436][T32199] gre0: entered promiscuous mode [ 1347.040787][T32199] gre0: entered allmulticast mode [ 1347.047701][T32199] gretap0: entered promiscuous mode [ 1347.053350][T32199] gretap0: entered allmulticast mode [ 1347.060505][T32199] erspan0: entered promiscuous mode [ 1347.066993][T32199] erspan0: entered allmulticast mode [ 1347.074411][T32199] ip_vti0: entered promiscuous mode [ 1347.079994][T32199] ip_vti0: entered allmulticast mode [ 1347.088870][T32199] ip6_vti0: entered promiscuous mode [ 1347.095552][T32199] ip6_vti0: entered allmulticast mode [ 1347.103633][T32199] sit0: entered promiscuous mode [ 1347.108951][T32199] sit0: entered allmulticast mode [ 1347.115476][T32199] ip6tnl0: entered promiscuous mode [ 1347.121072][T32199] ip6tnl0: entered allmulticast mode [ 1347.128728][T32199] ip6gre0: entered promiscuous mode [ 1347.134365][T32199] ip6gre0: entered allmulticast mode [ 1347.141080][T32199] syz_tun: entered promiscuous mode [ 1347.146992][T32199] syz_tun: entered allmulticast mode [ 1347.155849][T32199] ip6gretap0: entered promiscuous mode [ 1347.163315][T32199] ip6gretap0: entered allmulticast mode [ 1347.170889][T32199] bridge0: entered promiscuous mode [ 1347.176749][T32199] bridge0: entered allmulticast mode [ 1347.446979][T32182] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1347.460777][T32182] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 1347.518518][T32211] netlink: 4 bytes leftover after parsing attributes in process `syz.0.23837'. [ 1347.574368][T32211] netlink: 4 bytes leftover after parsing attributes in process `syz.0.23837'. [ 1347.574455][ T1117] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1347.632251][ T1117] net_ratelimit: 32 callbacks suppressed [ 1347.632268][ T1117] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1347.826482][ T141] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1347.827506][T32182] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1347.843305][ T35] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1347.856455][T32182] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 1347.868573][T32225] sock: sock_timestamping_bind_phc: sock not bind to device [ 1347.893147][T32227] netlink: 640 bytes leftover after parsing attributes in process `syz.0.23842'. [ 1347.917161][T32227] openvswitch: netlink: Message has 8 unknown bytes. [ 1347.925764][T32225] netlink: 'syz.2.23841': attribute type 1 has an invalid length. [ 1347.954872][T32223] bond1 (unregistering): Released all slaves [ 1347.982818][ T8426] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1347.998517][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1348.009701][T32229] tipc: Started in network mode [ 1348.018306][T32229] tipc: Node identity aaaaaaaaaa35, cluster identity 4711 [ 1348.026793][T32229] tipc: Enabled bearer , priority 14 [ 1348.078852][T32223] netlink: 44 bytes leftover after parsing attributes in process `syz.2.23841'. [ 1348.115043][T32182] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1348.124281][T32182] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 1348.173105][ T8426] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1348.289478][ T5858] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1348.300554][ T35] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1348.310858][ T5858] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1348.319626][ T5858] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1348.331098][T32243] No such timeout policy "syz1" [ 1348.337741][ T5858] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1348.347058][ T5858] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1348.402552][ T7205] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1348.411288][ T7205] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1348.418752][ T7205] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1348.428334][ T7205] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1348.436661][ T7205] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1348.488716][T32246] netlink: 12 bytes leftover after parsing attributes in process `syz.2.23848'. [ 1348.603159][ T8426] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1348.794396][ T35] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1348.798491][T32259] netlink: 8 bytes leftover after parsing attributes in process `syz.2.23851'. [ 1348.858014][T32259] netlink: 4 bytes leftover after parsing attributes in process `syz.2.23851'. [ 1348.930745][ T4090] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1349.033292][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1349.049810][T32275] netlink: 'syz.3.23855': attribute type 8 has an invalid length. [ 1349.117251][ T9] tipc: Node number set to 10463914 [ 1349.122700][T32259] netlink: 8 bytes leftover after parsing attributes in process `syz.2.23851'. [ 1349.136095][ T141] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1349.161603][T32259] netlink: 4 bytes leftover after parsing attributes in process `syz.2.23851'. [ 1349.161658][T32280] netlink: 184 bytes leftover after parsing attributes in process `syz.0.23856'. [ 1349.210429][ T141] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1349.231057][ T141] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1349.250945][ T141] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1349.284472][T32285] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 1349.316854][ T4090] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1349.368663][T32287] FAULT_INJECTION: forcing a failure. [ 1349.368663][T32287] name failslab, interval 1, probability 0, space 0, times 0 [ 1349.391147][T32287] CPU: 1 UID: 0 PID: 32287 Comm: syz.0.23858 Not tainted syzkaller #0 PREEMPT(full) [ 1349.391171][T32287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1349.391185][T32287] Call Trace: [ 1349.391193][T32287] [ 1349.391200][T32287] dump_stack_lvl+0xe8/0x150 [ 1349.391224][T32287] should_fail_ex+0x412/0x560 [ 1349.391249][T32287] should_failslab+0xa8/0x100 [ 1349.391274][T32287] kmem_cache_alloc_node_noprof+0x8f/0x690 [ 1349.391295][T32287] ? __alloc_skb+0x186/0x7d0 [ 1349.391313][T32287] ? __alloc_skb+0x1d0/0x7d0 [ 1349.391329][T32287] ? __local_bh_enable_ip+0xd0/0x130 [ 1349.391350][T32287] __alloc_skb+0x1d0/0x7d0 [ 1349.391371][T32287] netlink_sendmsg+0x5d4/0xb40 [ 1349.391401][T32287] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1349.391426][T32287] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1349.391449][T32287] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1349.391474][T32287] ____sys_sendmsg+0x972/0x9f0 [ 1349.391496][T32287] ? __might_fault+0xaf/0x130 [ 1349.391520][T32287] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1349.391551][T32287] ? import_iovec+0x73/0xa0 [ 1349.391577][T32287] ___sys_sendmsg+0x2a5/0x360 [ 1349.391595][T32287] ? __lock_acquire+0x6b5/0x2cf0 [ 1349.391616][T32287] ? __pfx____sys_sendmsg+0x10/0x10 [ 1349.391669][T32287] ? __fget_files+0x2a/0x420 [ 1349.391688][T32287] ? __fget_files+0x3a0/0x420 [ 1349.391724][T32287] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1349.391749][T32287] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1349.391780][T32287] ? __pfx_ksys_write+0x10/0x10 [ 1349.391808][T32287] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1349.391826][T32287] do_syscall_64+0x15f/0xf80 [ 1349.391848][T32287] ? trace_irq_disable+0x3b/0x140 [ 1349.391871][T32287] ? clear_bhb_loop+0x40/0x90 [ 1349.391890][T32287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1349.391903][T32287] RIP: 0033:0x7f223899ce59 [ 1349.391919][T32287] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1349.391931][T32287] RSP: 002b:00007f2239874028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1349.391948][T32287] RAX: ffffffffffffffda RBX: 00007f2238c15fa0 RCX: 00007f223899ce59 [ 1349.391960][T32287] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 1349.391969][T32287] RBP: 00007f2239874090 R08: 0000000000000000 R09: 0000000000000000 [ 1349.391979][T32287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1349.391988][T32287] R13: 00007f2238c16038 R14: 00007f2238c15fa0 R15: 00007ffd735f48e8 [ 1349.392016][T32287] [ 1349.658924][ T1117] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1349.694716][T32289] Timeout policy `syz1' can only be used by L3 protocol number 34948 [ 1349.717261][T32212] wg1 speed is unknown, defaulting to 1000 [ 1349.727300][ T4090] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1349.745177][T32212] »»»»»» speed is unknown, defaulting to 1000 [ 1349.768620][T32212] xfrm0 speed is unknown, defaulting to 1000 [ 1349.794037][ T4090] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1350.294015][T32320] netlink: 'syz.1.23872': attribute type 21 has an invalid length. [ 1350.362479][T32324] No such timeout policy "syz1" [ 1350.498950][T32319] bridge0: port 2(bridge_slave_1) entered disabled state [ 1350.506726][T32319] bridge0: port 1(bridge_slave_0) entered disabled state [ 1350.528485][T32320] netlink: 'syz.1.23872': attribute type 5 has an invalid length. [ 1350.554105][ T7205] Bluetooth: hci0: command tx timeout [ 1352.210447][ T4090] bond0 (unregistering): Released all slaves [ 1352.222039][ T4090] bond1 (unregistering): Released all slaves [ 1352.240517][ T4090] bond2 (unregistering): Released all slaves [ 1352.256693][ T4090] bond3 (unregistering): Released all slaves [ 1352.274399][ T4090] bond4 (unregistering): Released all slaves [ 1352.290551][ T4090] bond5 (unregistering): Released all slaves [ 1352.309919][ T4090] bond6 (unregistering): Released all slaves [ 1352.327697][ T4090] bond7 (unregistering): Released all slaves [ 1352.340961][ T4090] bond8 (unregistering): Released all slaves [ 1352.355681][ T4090] bond9 (unregistering): Released all slaves [ 1352.377643][ T4090] bond10 (unregistering): Released all slaves [ 1352.393295][ T4090] bond11 (unregistering): Released all slaves [ 1352.406975][ T4090] bond12 (unregistering): Released all slaves [ 1352.427896][ T4090] bond13 (unregistering): Released all slaves [ 1352.441362][ T4090] bond14 (unregistering): Released all slaves [ 1352.455598][ T4090] bond15 (unregistering): Released all slaves [ 1352.479076][ T4090] bond16 (unregistering): Released all slaves [ 1352.493043][ T4090] bond17 (unregistering): Released all slaves [ 1352.509388][ T4090] bond18 (unregistering): Released all slaves [ 1352.523801][ T4090] bond19 (unregistering): Released all slaves [ 1352.540226][ T4090] bond20 (unregistering): Released all slaves [ 1352.560627][ T4090] bond21 (unregistering): Released all slaves [ 1352.576752][ T4090] bond22 (unregistering): Released all slaves [ 1352.590780][ T4090] bond23 (unregistering): Released all slaves [ 1352.605245][ T4090] bond24 (unregistering): Released all slaves [ 1352.624332][ T4090] bond25 (unregistering): Released all slaves [ 1352.632151][ T7205] Bluetooth: hci0: command tx timeout [ 1352.644260][ T4090] bond26 (unregistering): Released all slaves [ 1352.661632][ T4090] bond27 (unregistering): Released all slaves [ 1352.680219][ T4090] bond28 (unregistering): Released all slaves [ 1352.696143][ T4090] bond29 (unregistering): Released all slaves [ 1352.709372][ T4090] bond30 (unregistering): Released all slaves [ 1352.730414][ T4090] bond31 (unregistering): Released all slaves [ 1352.743994][T32336] syzkaller0: entered promiscuous mode [ 1352.749599][T32336] syzkaller0: entered allmulticast mode [ 1352.947602][ T5289] 8021q: adding VLAN 0 to HW filter on device eth1 [ 1353.126497][ T9] net_ratelimit: 9 callbacks suppressed [ 1353.126516][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1353.142357][ T141] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1353.192378][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1353.214478][ T4090] tipc: Disabling bearer [ 1353.271020][ T4090] tipc: Disabling bearer [ 1353.345476][ T4090] tipc: Left network mode [ 1353.358670][T32386] __nla_validate_parse: 6 callbacks suppressed [ 1353.358687][T32386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.23889'. [ 1353.442461][ T141] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1353.487682][T32392] netlink: 9 bytes leftover after parsing attributes in process `syz.2.23890'. [ 1353.598693][ T141] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1353.755995][ T141] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1353.907247][T32405] netlink: 12 bytes leftover after parsing attributes in process `syz.1.23894'. [ 1353.962345][ T141] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1353.975194][ T4090] IPVS: stopping master sync thread 19485 ... [ 1354.232258][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1354.383465][ T1117] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1354.562861][T32212] bridge0: port 1(bridge_slave_0) entered blocking state [ 1354.599480][T32212] bridge0: port 1(bridge_slave_0) entered disabled state [ 1354.623239][T32458] netlink: 36 bytes leftover after parsing attributes in process `syz.0.23906'. [ 1354.644248][T32212] bridge_slave_0: entered allmulticast mode [ 1354.654931][T32212] bridge_slave_0: entered promiscuous mode [ 1354.716221][ T7205] Bluetooth: hci0: command tx timeout [ 1354.718294][ T5289] 8021q: adding VLAN 0 to HW filter on device eth2 [ 1354.749884][T32212] bridge0: port 2(bridge_slave_1) entered blocking state [ 1354.760723][T32212] bridge0: port 2(bridge_slave_1) entered disabled state [ 1354.781980][T32212] bridge_slave_1: entered allmulticast mode [ 1354.789737][T32212] bridge_slave_1: entered promiscuous mode [ 1355.041665][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1355.099214][T32212] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1355.186932][T32212] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1355.193944][T32476] FAULT_INJECTION: forcing a failure. [ 1355.193944][T32476] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1355.239150][T32476] CPU: 1 UID: 0 PID: 32476 Comm: syz.1.23912 Not tainted syzkaller #0 PREEMPT(full) [ 1355.239174][T32476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1355.239185][T32476] Call Trace: [ 1355.239192][T32476] [ 1355.239199][T32476] dump_stack_lvl+0xe8/0x150 [ 1355.239223][T32476] should_fail_ex+0x412/0x560 [ 1355.239249][T32476] _copy_from_user+0x2d/0xb0 [ 1355.239272][T32476] ___sys_sendmsg+0x1c6/0x360 [ 1355.239295][T32476] ? __lock_acquire+0x6b5/0x2cf0 [ 1355.239317][T32476] ? __pfx____sys_sendmsg+0x10/0x10 [ 1355.239371][T32476] ? __fget_files+0x2a/0x420 [ 1355.239388][T32476] ? __fget_files+0x3a0/0x420 [ 1355.239414][T32476] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1355.239437][T32476] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1355.239467][T32476] ? __pfx_ksys_write+0x10/0x10 [ 1355.239498][T32476] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1355.239515][T32476] do_syscall_64+0x15f/0xf80 [ 1355.239536][T32476] ? trace_irq_disable+0x3b/0x140 [ 1355.239559][T32476] ? clear_bhb_loop+0x40/0x90 [ 1355.239579][T32476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1355.239595][T32476] RIP: 0033:0x7fc6a959ce59 [ 1355.239611][T32476] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1355.239624][T32476] RSP: 002b:00007fc6aa484028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1355.239642][T32476] RAX: ffffffffffffffda RBX: 00007fc6a9815fa0 RCX: 00007fc6a959ce59 [ 1355.239653][T32476] RDX: 0000000004044844 RSI: 0000200000000300 RDI: 0000000000000004 [ 1355.239664][T32476] RBP: 00007fc6aa484090 R08: 0000000000000000 R09: 0000000000000000 [ 1355.239674][T32476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1355.239683][T32476] R13: 00007fc6a9816038 R14: 00007fc6a9815fa0 R15: 00007ffdadaed498 [ 1355.239711][T32476] [ 1355.474211][T32480] tipc: Enabling not permitted [ 1355.479823][T32480] tipc: Enabling of bearer rejected, failed to enable media [ 1355.517237][T32484] netlink: 8 bytes leftover after parsing attributes in process `syz.2.23913'. [ 1355.536743][T32212] team0: Port device team_slave_0 added [ 1355.558801][T32212] team0: Port device team_slave_1 added [ 1355.617883][T32494] netlink: 640 bytes leftover after parsing attributes in process `syz.2.23913'. [ 1355.628961][T32492] netlink: 9 bytes leftover after parsing attributes in process `syz.1.23916'. [ 1355.851188][T32212] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1355.880466][T32212] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1355.960662][T32212] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1355.996435][T32506] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.23918'. [ 1356.056966][T32212] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1356.064295][T32517] netlink: 'syz.2.23922': attribute type 17 has an invalid length. [ 1356.064316][T32517] netlink: 4 bytes leftover after parsing attributes in process `syz.2.23922'. [ 1356.108361][T32517] netlink: 28 bytes leftover after parsing attributes in process `syz.2.23922'. [ 1356.117746][T32212] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1356.152025][T32212] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1356.431275][T32533] FAULT_INJECTION: forcing a failure. [ 1356.431275][T32533] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1356.449522][T32533] CPU: 0 UID: 0 PID: 32533 Comm: syz.0.23925 Not tainted syzkaller #0 PREEMPT(full) [ 1356.449545][T32533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1356.449555][T32533] Call Trace: [ 1356.449562][T32533] [ 1356.449570][T32533] dump_stack_lvl+0xe8/0x150 [ 1356.449596][T32533] should_fail_ex+0x412/0x560 [ 1356.449623][T32533] _copy_from_user+0x2d/0xb0 [ 1356.449648][T32533] ___sys_sendmsg+0x1c6/0x360 [ 1356.449669][T32533] ? __lock_acquire+0x6b5/0x2cf0 [ 1356.449693][T32533] ? __pfx____sys_sendmsg+0x10/0x10 [ 1356.449748][T32533] ? __fget_files+0x2a/0x420 [ 1356.449766][T32533] ? __fget_files+0x3a0/0x420 [ 1356.449794][T32533] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1356.449818][T32533] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1356.449850][T32533] ? __pfx_ksys_write+0x10/0x10 [ 1356.449880][T32533] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1356.449899][T32533] do_syscall_64+0x15f/0xf80 [ 1356.449921][T32533] ? trace_irq_disable+0x3b/0x140 [ 1356.449942][T32533] ? clear_bhb_loop+0x40/0x90 [ 1356.449961][T32533] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1356.449976][T32533] RIP: 0033:0x7f223899ce59 [ 1356.449992][T32533] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1356.450006][T32533] RSP: 002b:00007f2239874028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1356.450032][T32533] RAX: ffffffffffffffda RBX: 00007f2238c15fa0 RCX: 00007f223899ce59 [ 1356.450043][T32533] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 1356.450052][T32533] RBP: 00007f2239874090 R08: 0000000000000000 R09: 0000000000000000 [ 1356.450062][T32533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1356.450072][T32533] R13: 00007f2238c16038 R14: 00007f2238c15fa0 R15: 00007ffd735f48e8 [ 1356.450100][T32533] [ 1356.466373][T32212] hsr_slave_0: entered promiscuous mode [ 1356.651073][T32212] hsr_slave_1: entered promiscuous mode [ 1356.658075][T32212] debugfs: 'hsr0' already exists in 'hsr' [ 1356.666868][T32212] Cannot create hsr debugfs directory [ 1356.675117][ T5289] 8021q: adding VLAN 0 to HW filter on device eth3 [ 1356.802243][ T7205] Bluetooth: hci0: command tx timeout [ 1357.147303][T32557] No such timeout policy "syz1" [ 1357.175401][T32554] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 1357.439820][T32575] FAULT_INJECTION: forcing a failure. [ 1357.439820][T32575] name failslab, interval 1, probability 0, space 0, times 0 [ 1357.480233][T32575] CPU: 1 UID: 0 PID: 32575 Comm: syz.3.23939 Not tainted syzkaller #0 PREEMPT(full) [ 1357.480256][T32575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1357.480265][T32575] Call Trace: [ 1357.480272][T32575] [ 1357.480279][T32575] dump_stack_lvl+0xe8/0x150 [ 1357.480304][T32575] should_fail_ex+0x412/0x560 [ 1357.480329][T32575] should_failslab+0xa8/0x100 [ 1357.480354][T32575] __kmalloc_noprof+0xe8/0x760 [ 1357.480375][T32575] ? fib_nl2rule+0x2e9/0x1a00 [ 1357.480494][T32575] fib_nl2rule+0x2e9/0x1a00 [ 1357.480520][T32575] ? __pfx_fib_nl2rule+0x10/0x10 [ 1357.480543][T32575] ? __nla_parse+0x40/0x60 [ 1357.480568][T32575] fib_delrule+0x328/0x1d70 [ 1357.480588][T32575] ? kasan_quarantine_put+0xbb/0x1f0 [ 1357.480607][T32575] ? lockdep_hardirqs_on+0x7a/0x110 [ 1357.480635][T32575] ? nlmon_xmit+0xb0/0x100 [ 1357.480650][T32575] ? kmem_cache_free+0x182/0x650 [ 1357.480681][T32575] ? __lock_acquire+0x6b5/0x2cf0 [ 1357.480700][T32575] ? __pfx_fib_delrule+0x10/0x10 [ 1357.480719][T32575] ? __dev_queue_xmit+0x2b6/0x3950 [ 1357.480771][T32575] ? __pfx_fib_nl_delrule+0x10/0x10 [ 1357.480790][T32575] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 1357.480813][T32575] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 1357.480830][T32575] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1357.480847][T32575] ? ref_tracker_free+0x693/0x840 [ 1357.480870][T32575] ? __pfx_ref_tracker_free+0x10/0x10 [ 1357.480899][T32575] netlink_rcv_skb+0x232/0x4b0 [ 1357.480921][T32575] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1357.480939][T32575] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1357.480984][T32575] ? netlink_deliver_tap+0x2e/0x1b0 [ 1357.481004][T32575] ? netlink_deliver_tap+0x2e/0x1b0 [ 1357.481030][T32575] netlink_unicast+0x75c/0x8e0 [ 1357.481055][T32575] netlink_sendmsg+0x813/0xb40 [ 1357.481084][T32575] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1357.481108][T32575] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1357.481131][T32575] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1357.481155][T32575] ____sys_sendmsg+0x972/0x9f0 [ 1357.481177][T32575] ? __might_fault+0xaf/0x130 [ 1357.481203][T32575] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1357.481233][T32575] ? import_iovec+0x73/0xa0 [ 1357.481259][T32575] ___sys_sendmsg+0x2a5/0x360 [ 1357.481280][T32575] ? __lock_acquire+0x6b5/0x2cf0 [ 1357.481301][T32575] ? __pfx____sys_sendmsg+0x10/0x10 [ 1357.481356][T32575] ? __fget_files+0x2a/0x420 [ 1357.481374][T32575] ? __fget_files+0x3a0/0x420 [ 1357.481399][T32575] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1357.481423][T32575] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1357.481452][T32575] ? __pfx_ksys_write+0x10/0x10 [ 1357.481482][T32575] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1357.481500][T32575] do_syscall_64+0x15f/0xf80 [ 1357.481520][T32575] ? trace_irq_disable+0x3b/0x140 [ 1357.481542][T32575] ? clear_bhb_loop+0x40/0x90 [ 1357.481562][T32575] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1357.481578][T32575] RIP: 0033:0x7ff46499ce59 [ 1357.481594][T32575] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1357.481607][T32575] RSP: 002b:00007ff4658df028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1357.481625][T32575] RAX: ffffffffffffffda RBX: 00007ff464c15fa0 RCX: 00007ff46499ce59 [ 1357.481636][T32575] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 1357.481646][T32575] RBP: 00007ff4658df090 R08: 0000000000000000 R09: 0000000000000000 [ 1357.481656][T32575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1357.481665][T32575] R13: 00007ff464c16038 R14: 00007ff464c15fa0 R15: 00007ffff9f5fea8 [ 1357.481693][T32575] [ 1358.508702][T32613] tipc: Enabling not permitted [ 1358.533760][T32613] tipc: Enabling of bearer rejected, failed to enable media [ 1358.728293][ T9] net_ratelimit: 20 callbacks suppressed [ 1358.728312][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1358.746646][T32627] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 1358.809358][T32621] veth3: entered promiscuous mode [ 1358.820734][T32621] veth3: entered allmulticast mode [ 1358.874273][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1359.142268][ T141] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1359.212618][T32646] __nla_validate_parse: 2 callbacks suppressed [ 1359.212749][T32646] netlink: 36 bytes leftover after parsing attributes in process `syz.3.23957'. [ 1359.227670][T32648] Timeout policy `syz1' can only be used by L3 protocol number 34948 [ 1359.269727][ T141] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1359.453391][T31476] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1359.516056][T22619] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1359.602806][T31476] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1359.656821][T32663] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1359.690699][T32666] netlink: 'syz.0.23964': attribute type 19 has an invalid length. [ 1359.847123][T32674] netlink: 36 bytes leftover after parsing attributes in process `syz.1.23966'. [ 1359.916532][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1359.972681][ T35] bond4: (slave ip6gretap0): failed to get link speed/duplex [ 1360.125478][T32687] netlink: 12 bytes leftover after parsing attributes in process `syz.1.23968'. [ 1364.072589][ T995] net_ratelimit: 4 callbacks suppressed [ 1364.072608][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1364.793837][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1365.112698][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1365.923053][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1366.153146][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1367.193171][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1368.234303][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1368.953436][T22619] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1369.113857][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1369.273255][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1370.312891][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1371.353441][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1371.992267][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1372.393345][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1373.432711][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1374.472941][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1375.033702][T22619] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1375.513924][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1375.934215][ T5858] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1375.946647][ T5858] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1375.963098][ T5858] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1375.971851][ T5858] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1375.979691][ T5858] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1376.091071][ T5858] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1376.111452][ T5858] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1376.124342][ T5858] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1376.149935][T32767] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1376.161314][T32767] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1376.208301][ T7205] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1376.225532][ T7205] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1376.239417][T31008] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1376.260654][T31008] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 1376.274871][T31008] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1376.283741][T31008] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 1376.292966][T31008] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1376.303434][T31008] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 1376.336739][T31008] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 1376.352836][T31008] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 1376.552763][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1377.593092][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1378.072470][ T7205] Bluetooth: hci1: command tx timeout [ 1378.072704][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1378.232195][ T7205] Bluetooth: hci6: command tx timeout [ 1378.392027][ T7205] Bluetooth: hci7: command tx timeout [ 1378.402116][ T7205] Bluetooth: hci8: command tx timeout [ 1378.632959][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1378.713873][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1379.673173][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1380.152142][ T7205] Bluetooth: hci1: command tx timeout [ 1380.312158][ T7205] Bluetooth: hci6: command tx timeout [ 1380.472373][ T7205] Bluetooth: hci8: command tx timeout [ 1380.472389][T31008] Bluetooth: hci7: command tx timeout [ 1380.713185][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1381.122426][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1381.753104][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1382.232119][T31008] Bluetooth: hci1: command tx timeout [ 1382.392230][T31008] Bluetooth: hci6: command tx timeout [ 1382.553058][ T7205] Bluetooth: hci7: command tx timeout [ 1382.560333][T31008] Bluetooth: hci8: command tx timeout [ 1382.792735][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1383.833508][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1384.152259][T22619] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1384.312244][ T7205] Bluetooth: hci1: command tx timeout [ 1384.472356][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1384.480937][ T7205] Bluetooth: hci6: command tx timeout [ 1384.632101][ T7205] Bluetooth: hci7: command tx timeout [ 1384.642186][ T7205] Bluetooth: hci8: command tx timeout [ 1384.872999][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1385.913697][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1386.953291][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1387.192730][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1387.678181][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1387.687721][T22619] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1387.992969][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1389.033195][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1390.072922][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1390.712204][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1391.112650][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1392.153655][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1393.192595][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1393.762631][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1394.233409][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1395.272897][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1396.312950][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1396.794247][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1397.272761][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1397.352599][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1397.913048][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1397.921201][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1397.931246][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1398.393742][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1399.433016][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1400.474626][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1400.952448][ T54] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1401.512997][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1402.553804][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1403.593368][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1403.992344][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1404.633284][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1405.672610][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1406.712903][ T995] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1407.032387][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1407.513036][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1407.752896][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1407.847538][T31008] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1407.856203][T31008] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1407.867231][T31008] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1407.880933][T31008] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1407.889615][T31008] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1408.793900][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1409.833213][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1409.992447][ T7205] Bluetooth: hci9: command tx timeout [ 1410.073751][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1410.872935][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1411.912532][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1412.072265][ T7205] Bluetooth: hci9: command tx timeout [ 1412.953388][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1413.117178][T22619] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1413.993027][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1414.152076][ T7205] Bluetooth: hci9: command tx timeout [ 1415.032661][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1416.072996][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1416.152857][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1416.233821][ T7205] Bluetooth: hci9: command tx timeout [ 1417.113156][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1417.123474][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1418.152578][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1419.193188][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1419.202583][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1420.232758][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1421.273428][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1422.244924][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1422.312794][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1423.352973][T25587] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1424.395010][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1425.274512][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1425.434078][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1426.472863][T25587] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1426.722548][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1427.513158][T25587] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1428.313949][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1428.553445][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1429.593388][T25587] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1430.632902][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1431.362830][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1431.674107][T25587] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1432.712834][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1433.753354][T25587] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1434.394341][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1434.792897][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1435.834054][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1436.313921][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1436.462251][T31008] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 1436.479412][T31008] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 1436.507166][T31008] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 1436.518080][T31008] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 1436.526381][T31008] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 1436.675865][T31008] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 1436.691063][T32767] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 1436.692156][T31008] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 1436.708291][T32767] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 1436.719942][T31008] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 1436.722809][T32767] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 1436.743541][T32767] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 1436.755073][T31008] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 1436.763632][T32767] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 1436.775465][T32767] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 1436.849735][ T7205] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 1436.872653][ T7205] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 1436.881399][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1436.890137][ T7205] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 1436.898649][ T7205] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 1436.910137][ T7205] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 1437.432213][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1437.912599][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1438.562281][ T7205] Bluetooth: hci10: command tx timeout [ 1438.792059][ T7205] Bluetooth: hci11: command tx timeout [ 1438.872052][ T7205] Bluetooth: hci12: command tx timeout [ 1438.952550][ T7205] Bluetooth: hci13: command tx timeout [ 1438.952772][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1439.993866][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1440.472543][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1440.632065][ T7205] Bluetooth: hci10: command tx timeout [ 1440.872107][ T7205] Bluetooth: hci11: command tx timeout [ 1440.952051][ T7205] Bluetooth: hci12: command tx timeout [ 1441.032090][ T7205] Bluetooth: hci13: command tx timeout [ 1441.039762][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1442.074569][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1442.722197][ T7205] Bluetooth: hci10: command tx timeout [ 1442.952180][ T7205] Bluetooth: hci11: command tx timeout [ 1443.042284][ T7205] Bluetooth: hci12: command tx timeout [ 1443.112046][ T7205] Bluetooth: hci13: command tx timeout [ 1443.118072][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1443.513225][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1444.152980][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1444.792033][ T7205] Bluetooth: hci10: command tx timeout [ 1445.032692][ T7205] Bluetooth: hci11: command tx timeout [ 1445.122174][ T7205] Bluetooth: hci12: command tx timeout [ 1445.192038][ T7205] Bluetooth: hci13: command tx timeout [ 1445.192913][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1445.912665][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1446.233232][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1446.552425][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1447.274124][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1448.312956][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1448.474484][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1449.354543][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1449.592505][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1450.392770][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1451.432857][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1451.444014][ T1019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1451.454937][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1451.465997][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1452.473030][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1452.636600][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1453.512966][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1454.552750][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1455.512487][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1455.597050][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1455.672489][T22619] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1456.633028][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1457.673065][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1458.717403][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1458.725550][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1458.733676][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1458.742863][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1459.753020][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1460.793017][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1461.752642][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1461.833045][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1462.873019][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1463.914129][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1464.792378][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1464.953541][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1465.992950][T30444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1467.032995][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1467.832428][T22619] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1467.920577][ T5858] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 1467.936444][ T5858] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 1467.944847][ T5858] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 1467.953793][ T5858] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 1467.963076][ T5858] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 1468.073118][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1468.312478][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1468.957136][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1468.965282][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1468.978114][ T8426] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1468.988109][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1468.996970][ T8426] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1469.006875][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1469.015013][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1469.025322][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1469.992040][ T5858] Bluetooth: hci14: command tx timeout [ 1471.032017][ T5858] Bluetooth: hci0: command 0x0406 tx timeout [ 1472.072026][ T7205] Bluetooth: hci14: command tx timeout [ 1473.276716][T25711] net_ratelimit: 5 callbacks suppressed [ 1473.276735][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1474.074136][T22619] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1474.152035][ T7205] Bluetooth: hci14: command tx timeout [ 1474.312693][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1475.122305][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1475.353017][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1476.232044][ T7205] Bluetooth: hci14: command tx timeout [ 1476.393171][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1477.432611][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1478.152773][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1478.472882][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1479.514446][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1480.552847][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1481.193278][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1481.592730][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1482.634596][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1483.672442][ T5962] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1483.680622][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1484.232238][ T5962] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1484.712874][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1485.752837][T25587] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1486.792635][T25587] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1487.274007][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1487.833169][T25587] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1488.874343][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1489.912761][T25587] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1490.313743][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1490.953463][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1491.993332][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1493.032917][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1493.273560][ T5962] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1493.352133][ T5962] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1494.073059][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1495.113039][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1496.152856][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1496.402534][T22619] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1496.565816][ T5858] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 1496.598114][T31008] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 1496.601159][ T5858] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 1496.614851][ T5858] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 1496.617977][T31008] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 1496.634676][ T5858] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 1496.643799][T31008] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 1496.653455][ T5858] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 1496.656651][T31008] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 1496.670287][T31008] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 1496.746852][T31008] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 1496.756379][T31008] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 1496.772389][T31008] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 1496.786813][T31008] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 1496.794663][T31008] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 1497.192921][T25587] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1497.527289][T32767] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1 [ 1497.542022][T32767] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9 [ 1497.551411][T32767] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9 [ 1497.560736][T32767] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4 [ 1497.568575][T32767] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2 [ 1498.232861][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1498.712052][T32767] Bluetooth: hci16: command tx timeout [ 1498.802169][T32767] Bluetooth: hci15: command tx timeout [ 1498.872098][T32767] Bluetooth: hci17: command tx timeout [ 1499.273174][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1499.445451][ T5962] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1499.676910][ T5858] Bluetooth: hci18: command tx timeout [ 1500.312847][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1500.792250][ T5858] Bluetooth: hci16: command tx timeout [ 1500.872033][ T5858] Bluetooth: hci15: command tx timeout [ 1500.952123][ T5858] Bluetooth: hci17: command tx timeout [ 1501.354002][T11557] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1501.752076][ T369] Bluetooth: hci8: command 0x0406 tx timeout [ 1501.760804][ T5858] Bluetooth: hci18: command tx timeout [ 1501.767542][ T5858] Bluetooth: hci7: command 0x0406 tx timeout [ 1501.773693][ T369] Bluetooth: hci6: command 0x0406 tx timeout [ 1501.777629][ T370] Bluetooth: hci1: command 0x0406 tx timeout [ 1502.392989][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1502.483505][ T5962] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1502.872343][ T7205] Bluetooth: hci16: command tx timeout [ 1502.882965][ T5962] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1502.952261][ T7205] Bluetooth: hci15: command tx timeout [ 1503.031995][ T7205] Bluetooth: hci17: command tx timeout [ 1503.432709][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1503.831992][ T7205] Bluetooth: hci18: command tx timeout [ 1504.473153][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1504.952994][ T7205] Bluetooth: hci16: command tx timeout [ 1505.042089][ T7205] Bluetooth: hci15: command tx timeout [ 1505.111958][ T7205] Bluetooth: hci17: command tx timeout [ 1505.512780][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1505.523575][ T5962] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1505.922123][ T7205] Bluetooth: hci18: command tx timeout [ 1506.552570][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1507.593166][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1508.564586][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1508.634517][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1509.672744][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1510.712961][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1511.593024][T22619] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1511.755418][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1512.472605][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1512.792832][T25587] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1513.833020][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1514.632508][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1514.872782][T25587] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1515.912722][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1516.953197][T25587] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1517.672426][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1517.994491][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1518.882343][ T30] INFO: task kworker/u8:2:35 blocked for more than 143 seconds. [ 1518.890069][ T30] Not tainted syzkaller #0 [ 1518.895106][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1518.903923][ T30] task:kworker/u8:2 state:D stack:20800 pid:35 tgid:35 ppid:2 task_flags:0x4208160 flags:0x00080000 [ 1518.916161][ T30] Workqueue: events_unbound linkwatch_event [ 1518.922649][ T30] Call Trace: [ 1518.925967][ T30] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1518.928910][ T30] __schedule+0x1821/0x5740 [ 1518.933798][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 1518.952145][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 1518.957221][ T30] ? __pfx___schedule+0x10/0x10 [ 1518.965070][ T30] ? schedule+0x90/0x360 [ 1518.975348][ T30] schedule+0x164/0x360 [ 1518.991896][ T30] schedule_preempt_disabled+0x13/0x30 [ 1518.997429][ T30] __mutex_lock+0x7f7/0x1550 [ 1519.005597][ T30] ? __mutex_lock+0x608/0x1550 [ 1519.010958][ T30] ? linkwatch_event+0xe/0x60 [ 1519.016149][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1519.021239][ T30] ? process_scheduled_works+0xa70/0x1860 [ 1519.027441][ T30] ? process_scheduled_works+0xa70/0x1860 [ 1519.033397][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1519.033760][ T30] linkwatch_event+0xe/0x60 [ 1519.054097][ T30] process_scheduled_works+0xb5d/0x1860 [ 1519.059738][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 1519.071870][ T30] ? assign_work+0x3d5/0x5e0 [ 1519.083374][ T30] worker_thread+0xa53/0xfc0 [ 1519.089568][ T30] kthread+0x389/0x470 [ 1519.093725][ T30] ? __pfx_worker_thread+0x10/0x10 [ 1519.098840][ T30] ? __pfx_kthread+0x10/0x10 [ 1519.104473][ T30] ret_from_fork+0x514/0xb70 [ 1519.109090][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 1519.114842][ T30] ? __switch_to+0xc79/0x1410 [ 1519.119553][ T30] ? __pfx_kthread+0x10/0x10 [ 1519.124514][ T30] ret_from_fork_asm+0x1a/0x30 [ 1519.129329][ T30] [ 1519.132551][ T30] INFO: task dhcpcd:5289 blocked for more than 143 seconds. [ 1519.139856][ T30] Not tainted syzkaller #0 [ 1519.149360][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1519.165206][ T30] task:dhcpcd state:D stack:21368 pid:5289 tgid:5289 ppid:5288 task_flags:0x400140 flags:0x00080000 [ 1519.177514][ T30] Call Trace: [ 1519.180831][ T30] [ 1519.183845][ T30] __schedule+0x1821/0x5740 [ 1519.188366][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 1519.198772][ T30] ? lapic_next_event+0x11/0x20 [ 1519.203769][ T30] ? __pfx___schedule+0x10/0x10 [ 1519.208658][ T30] ? schedule+0x90/0x360 [ 1519.213468][ T30] schedule+0x164/0x360 [ 1519.217678][ T30] schedule_preempt_disabled+0x13/0x30 [ 1519.223203][ T30] __mutex_lock+0x7f7/0x1550 [ 1519.227819][ T30] ? __pfx___nla_validate_parse+0x10/0x10 [ 1519.233991][ T30] ? __mutex_lock+0x608/0x1550 [ 1519.238815][ T30] ? inet_rtm_deladdr+0x1c1/0x790 [ 1519.243898][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1519.248966][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 1519.254049][ T30] ? __nla_parse+0x40/0x60 [ 1519.258506][ T30] inet_rtm_deladdr+0x1c1/0x790 [ 1519.263594][ T30] ? arch_stack_walk+0xfb/0x150 [ 1519.268469][ T30] ? __pfx_inet_rtm_deladdr+0x10/0x10 [ 1519.274132][ T30] ? __pfx_inet_rtm_deladdr+0x10/0x10 [ 1519.279556][ T30] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 1519.284590][ T30] ? kmem_cache_alloc_node_noprof+0x384/0x690 [ 1519.290680][ T30] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 1519.295999][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1519.301507][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 1519.307822][ T30] netlink_rcv_skb+0x232/0x4b0 [ 1519.312793][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1519.318438][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1519.324101][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 1519.329332][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 1519.334711][ T30] netlink_unicast+0x75c/0x8e0 [ 1519.339526][ T30] netlink_sendmsg+0x813/0xb40 [ 1519.344379][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1519.349682][ T30] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1519.354847][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1519.360192][ T30] ____sys_sendmsg+0x972/0x9f0 [ 1519.365049][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1519.370350][ T30] ? import_iovec+0x73/0xa0 [ 1519.375047][ T30] ___sys_sendmsg+0x2a5/0x360 [ 1519.379798][ T30] ? __asan_memcpy+0x40/0x70 [ 1519.384503][ T30] ? __pfx____sys_sendmsg+0x10/0x10 [ 1519.389798][ T30] ? __pfx_vfs_read+0x10/0x10 [ 1519.394661][ T30] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1519.399645][ T30] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1519.405220][ T30] ? __pfx_ksys_read+0x10/0x10 [ 1519.410003][ T30] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1519.417506][ T30] do_syscall_64+0x15f/0xf80 [ 1519.422188][ T30] ? clear_bhb_loop+0x40/0x90 [ 1519.426896][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1519.433768][ T30] RIP: 0033:0x7fd1d274e407 [ 1519.438215][ T30] RSP: 002b:00007ffcf9a27810 EFLAGS: 00000202 ORIG_RAX: 000000000000002e [ 1519.446721][ T30] RAX: ffffffffffffffda RBX: 00007fd1d26c4780 RCX: 00007fd1d274e407 [ 1519.455561][ T30] RDX: 0000000000000000 RSI: 00007ffcf9a3b9f0 RDI: 0000000000000004 [ 1519.463635][ T30] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1519.471617][ T30] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffcf9a4bc20 [ 1519.479830][ T30] R13: 00007fd1d26c4708 R14: 0000000000000020 R15: 00007ffcf9a3b9f0 [ 1519.487906][ T30] [ 1519.491098][ T30] INFO: task syz-executor:32212 blocked for more than 143 seconds. [ 1519.499131][ T30] Not tainted syzkaller #0 [ 1519.504150][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1519.513399][ T30] task:syz-executor state:D stack:22232 pid:32212 tgid:32212 ppid:1 task_flags:0x400140 flags:0x00080002 [ 1519.525524][ T30] Call Trace: [ 1519.528836][ T30] [ 1519.531773][ T30] __schedule+0x1821/0x5740 [ 1519.536475][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 1519.541433][ T30] ? device_initial_probe+0xa1/0xd0 [ 1519.546943][ T30] ? bus_probe_device+0x12a/0x220 [ 1519.552163][ T30] ? kernfs_fop_write_iter+0x3af/0x540 [ 1519.557677][ T30] ? do_syscall_64+0x15f/0xf80 [ 1519.566960][ T30] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1519.573232][ T30] ? __pfx___schedule+0x10/0x10 [ 1519.578320][ T30] ? schedule+0x90/0x360 [ 1519.582628][ T30] schedule+0x164/0x360 [ 1519.586797][ T30] schedule_preempt_disabled+0x13/0x30 [ 1519.592520][ T30] __mutex_lock+0x7f7/0x1550 [ 1519.597148][ T30] ? ktime_get_coarse_real_ts64_mg+0x1c5/0x1e0 [ 1519.603385][ T30] ? __mutex_lock+0x608/0x1550 [ 1519.608162][ T30] ? rtnl_net_dev_lock+0x257/0x2f0 [ 1519.613448][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1519.618543][ T30] ? rtnl_net_dev_lock+0x36/0x2f0 [ 1519.623878][ T30] ? rtnl_net_dev_lock+0x36/0x2f0 [ 1519.628925][ T30] rtnl_net_dev_lock+0x257/0x2f0 [ 1519.634072][ T30] register_netdevice_notifier_dev_net+0x33/0x240 [ 1519.640566][ T30] nsim_create+0xce7/0x1160 [ 1519.645225][ T30] __nsim_dev_port_add+0x857/0xd30 [ 1519.650432][ T30] ? __pfx___nsim_dev_port_add+0x10/0x10 [ 1519.656251][ T30] ? do_raw_spin_unlock+0xf5/0x210 [ 1519.661419][ T30] ? __mod_timer+0xb37/0xf30 [ 1519.666337][ T30] ? queue_delayed_work_on+0x12f/0x1e0 [ 1519.672153][ T30] ? queue_delayed_work_on+0x171/0x1e0 [ 1519.677803][ T30] nsim_dev_port_add_all+0x37/0xf0 [ 1519.683035][ T30] nsim_drv_probe+0x905/0xc20 [ 1519.687907][ T30] ? up_write+0x1ab/0x410 [ 1519.692391][ T30] ? __pfx_nsim_drv_probe+0x10/0x10 [ 1519.697626][ T30] ? kernfs_put+0x4bf/0x520 [ 1519.702362][ T30] ? kernfs_create_link+0x187/0x200 [ 1519.707782][ T30] ? driver_sysfs_add+0x1fe/0x210 [ 1519.712975][ T30] ? __pfx_nsim_bus_probe+0x10/0x10 [ 1519.718229][ T30] really_probe+0x267/0xaf0 [ 1519.722858][ T30] __driver_probe_device+0x1ef/0x380 [ 1519.728185][ T30] driver_probe_device+0x4f/0x240 [ 1519.733385][ T30] __device_attach_driver+0x279/0x430 [ 1519.738823][ T30] bus_for_each_drv+0x258/0x2f0 [ 1519.743885][ T30] ? __pfx___device_attach_driver+0x10/0x10 [ 1519.749824][ T30] ? __pfx_bus_for_each_drv+0x10/0x10 [ 1519.755386][ T30] __device_attach+0x2c5/0x450 [ 1519.760203][ T30] ? __pfx___device_attach+0x10/0x10 [ 1519.765662][ T30] ? _raw_spin_unlock+0x28/0x50 [ 1519.770544][ T30] device_initial_probe+0xa1/0xd0 [ 1519.775845][ T30] bus_probe_device+0x12a/0x220 [ 1519.780746][ T30] device_add+0x7e9/0xbb0 [ 1519.785136][ T30] new_device_store+0x37b/0x710 [ 1519.790006][ T30] ? __pfx_new_device_store+0x10/0x10 [ 1519.795551][ T30] ? sysfs_file_kobj+0x1a/0x230 [ 1519.800479][ T30] ? sysfs_file_kobj+0x1e4/0x230 [ 1519.805489][ T30] ? sysfs_kf_write+0x166/0x260 [ 1519.810528][ T30] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1519.815842][ T30] kernfs_fop_write_iter+0x3af/0x540 [ 1519.821184][ T30] vfs_write+0x61d/0xb90 [ 1519.825513][ T30] ? __pfx_vfs_write+0x10/0x10 [ 1519.830289][ T30] ? do_sys_openat2+0x14c/0x200 [ 1519.835382][ T30] ? kmem_cache_free+0x182/0x650 [ 1519.840367][ T30] ? fd_install+0x94/0x3d0 [ 1519.844865][ T30] ksys_write+0x150/0x270 [ 1519.849208][ T30] ? __pfx_ksys_write+0x10/0x10 [ 1519.854266][ T30] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1519.860366][ T30] do_syscall_64+0x15f/0xf80 [ 1519.865049][ T30] ? trace_irq_disable+0x3b/0x140 [ 1519.870096][ T30] ? clear_bhb_loop+0x40/0x90 [ 1519.874915][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1519.880848][ T30] RIP: 0033:0x7fa26c75d68e [ 1519.885321][ T30] RSP: 002b:00007ffcf041b408 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1519.893898][ T30] RAX: ffffffffffffffda RBX: 000055556ccea500 RCX: 00007fa26c75d68e [ 1519.901951][ T30] RDX: 0000000000000003 RSI: 00007ffcf041b490 RDI: 0000000000000005 [ 1519.909933][ T30] RBP: 00007fa26c833616 R08: 0000000000000000 R09: 0000000000000000 [ 1519.918077][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 1519.926141][ T30] R13: 00007ffcf041b490 R14: 00007fa26d544620 R15: 0000000000000003 [ 1519.934298][ T30] [ 1519.937369][ T30] INFO: task syz.0.23969:32685 blocked for more than 144 seconds. [ 1519.945304][ T30] Not tainted syzkaller #0 [ 1519.950236][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1519.959068][ T30] task:syz.0.23969 state:D stack:28088 pid:32685 tgid:32684 ppid:31792 task_flags:0x400140 flags:0x00080002 [ 1519.971151][ T30] Call Trace: [ 1519.974593][ T30] [ 1519.977559][ T30] __schedule+0x1821/0x5740 [ 1519.982163][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 1519.987148][ T30] ? __pfx___schedule+0x10/0x10 [ 1519.992199][ T30] ? schedule+0x90/0x360 [ 1519.996478][ T30] schedule+0x164/0x360 [ 1520.000641][ T30] schedule_preempt_disabled+0x13/0x30 [ 1520.008730][ T30] __mutex_lock+0x7f7/0x1550 [ 1520.013500][ T30] ? __mutex_lock+0x608/0x1550 [ 1520.018312][ T30] ? __tun_chr_ioctl+0x3bc/0x1e10 [ 1520.023414][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1520.028458][ T30] __tun_chr_ioctl+0x3bc/0x1e10 [ 1520.033453][ T30] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 1520.038788][ T30] ? __fget_files+0x2a/0x420 [ 1520.043455][ T30] ? __fget_files+0x3a0/0x420 [ 1520.048141][ T30] ? __fget_files+0x2a/0x420 [ 1520.052863][ T30] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1520.057847][ T30] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 1520.063048][ T30] __se_sys_ioctl+0xfc/0x170 [ 1520.067657][ T30] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1520.072774][T25711] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1520.074037][ T30] do_syscall_64+0x15f/0xf80 [ 1520.086810][ T30] ? trace_irq_disable+0x3b/0x140 [ 1520.092409][ T30] ? clear_bhb_loop+0x40/0x90 [ 1520.097149][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1520.103126][ T30] RIP: 0033:0x7f223899ce59 [ 1520.107540][ T30] RSP: 002b:00007f2239874028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1520.116082][ T30] RAX: ffffffffffffffda RBX: 00007f2238c15fa0 RCX: 00007f223899ce59 [ 1520.124150][ T30] RDX: 0000200000000200 RSI: 00000000400454ca RDI: 0000000000000003 [ 1520.132331][ T30] RBP: 00007f2238a32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1520.140342][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1520.148382][ T30] R13: 00007f2238c16038 R14: 00007f2238c15fa0 R15: 00007ffd735f48e8 [ 1520.156940][ T30] [ 1520.160011][ T30] INFO: task syz.0.23969:32691 blocked for more than 144 seconds. [ 1520.168139][ T30] Not tainted syzkaller #0 [ 1520.173228][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1520.182321][ T30] task:syz.0.23969 state:D stack:27392 pid:32691 tgid:32684 ppid:31792 task_flags:0x400140 flags:0x00080002 [ 1520.194617][ T30] Call Trace: [ 1520.197946][ T30] [ 1520.200883][ T30] __schedule+0x1821/0x5740 [ 1520.206210][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 1520.211198][ T30] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1520.217209][ T30] ? __pfx___schedule+0x10/0x10 [ 1520.222181][ T30] ? schedule+0x90/0x360 [ 1520.226439][ T30] schedule+0x164/0x360 [ 1520.230601][ T30] schedule_preempt_disabled+0x13/0x30 [ 1520.239959][ T30] __mutex_lock+0x7f7/0x1550 [ 1520.244665][ T30] ? __pfx_free_modprobe_argv+0x10/0x10 [ 1520.250234][ T30] ? __mutex_lock+0x608/0x1550 [ 1520.255202][ T30] ? devinet_ioctl+0x32b/0x1b30 [ 1520.260097][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1520.265207][ T30] ? bpf_lsm_capable+0x9/0x20 [ 1520.269892][ T30] ? security_capable+0x7e/0x2c0 [ 1520.274973][ T30] devinet_ioctl+0x32b/0x1b30 [ 1520.279707][ T30] ? __pfx_devinet_ioctl+0x10/0x10 [ 1520.284919][ T30] ? get_user_ifreq+0x12b/0x180 [ 1520.289794][ T30] inet_ioctl+0x42a/0x560 [ 1520.294343][ T30] ? __pfx_inet_ioctl+0x10/0x10 [ 1520.299252][ T30] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1520.304361][ T30] ? packet_ioctl+0x254/0x350 [ 1520.309163][ T30] sock_do_ioctl+0x101/0x320 [ 1520.314097][ T30] ? __pfx_sock_do_ioctl+0x10/0x10 [ 1520.319268][ T30] ? do_futex+0x395/0x420 [ 1520.323695][ T30] sock_ioctl+0x5c6/0x7f0 [ 1520.328046][ T30] ? __pfx_sock_ioctl+0x10/0x10 [ 1520.333057][ T30] ? __fget_files+0x2a/0x420 [ 1520.337724][ T30] ? __fget_files+0x3a0/0x420 [ 1520.342487][ T30] ? __fget_files+0x2a/0x420 [ 1520.347091][ T30] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1520.352188][ T30] ? __pfx_sock_ioctl+0x10/0x10 [ 1520.357084][ T30] __se_sys_ioctl+0xfc/0x170 [ 1520.361706][ T30] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1520.367863][ T30] do_syscall_64+0x15f/0xf80 [ 1520.372641][ T30] ? trace_irq_disable+0x3b/0x140 [ 1520.377798][ T30] ? clear_bhb_loop+0x40/0x90 [ 1520.382508][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1520.388411][ T30] RIP: 0033:0x7f223899ce59 [ 1520.392983][ T30] RSP: 002b:00007f2239853028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1520.401529][ T30] RAX: ffffffffffffffda RBX: 00007f2238c16090 RCX: 00007f223899ce59 [ 1520.409720][ T30] RDX: 0000200000000040 RSI: 0000000000008914 RDI: 0000000000000005 [ 1520.417927][ T30] RBP: 00007f2238a32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1520.425993][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1520.434123][ T30] R13: 00007f2238c16128 R14: 00007f2238c16090 R15: 00007ffd735f48e8 [ 1520.442202][ T30] [ 1520.445261][ T30] INFO: task syz.3.23971:32699 blocked for more than 144 seconds. [ 1520.453273][ T30] Not tainted syzkaller #0 [ 1520.458239][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1520.466995][ T30] task:syz.3.23971 state:D stack:26840 pid:32699 tgid:32696 ppid:31302 task_flags:0x400140 flags:0x00080002 [ 1520.479022][ T30] Call Trace: [ 1520.482356][ T30] [ 1520.485290][ T30] __schedule+0x1821/0x5740 [ 1520.489792][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 1520.494876][ T30] ? __pfx_stack_trace_save+0x10/0x10 [ 1520.500306][ T30] ? stack_depot_save_flags+0x33/0x810 [ 1520.505838][ T30] ? __pfx___schedule+0x10/0x10 [ 1520.510705][ T30] ? schedule+0x90/0x360 [ 1520.515181][ T30] schedule+0x164/0x360 [ 1520.519397][ T30] schedule_preempt_disabled+0x13/0x30 [ 1520.524941][ T30] __mutex_lock+0x7f7/0x1550 [ 1520.529577][ T30] ? __pfx___nla_validate_parse+0x10/0x10 [ 1520.535462][ T30] ? __mutex_lock+0x608/0x1550 [ 1520.540273][ T30] ? rtnl_newlink+0x883/0x1bb0 [ 1520.545137][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1520.550182][ T30] ? ns_capable+0x89/0xe0 [ 1520.555322][ T30] rtnl_newlink+0x883/0x1bb0 [ 1520.559982][ T30] ? netlink_deliver_tap+0x19c/0x1b0 [ 1520.565336][ T30] ? netlink_unicast+0x730/0x8e0 [ 1520.570288][ T30] ? __pfx_rtnl_newlink+0x10/0x10 [ 1520.575442][ T30] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1520.581579][ T30] ? kasan_quarantine_put+0xbb/0x1f0 [ 1520.586969][ T30] ? lockdep_hardirqs_on+0x7a/0x110 [ 1520.592294][ T30] ? nlmon_xmit+0xb0/0x100 [ 1520.596738][ T30] ? kmem_cache_free+0x182/0x650 [ 1520.601697][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 1520.606714][ T30] ? __dev_queue_xmit+0x2b6/0x3950 [ 1520.611989][ T30] ? __local_bh_enable_ip+0xd0/0x130 [ 1520.617307][ T30] ? lockdep_hardirqs_on+0x7a/0x110 [ 1520.622691][ T30] ? __dev_queue_xmit+0x2b6/0x3950 [ 1520.627842][ T30] ? __local_bh_enable_ip+0xd0/0x130 [ 1520.633291][ T30] ? __dev_queue_xmit+0x2b6/0x3950 [ 1520.638451][ T30] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 1520.643666][ T30] ? __pfx_rtnl_newlink+0x10/0x10 [ 1520.648715][ T30] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 1520.653778][ T30] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 1520.658928][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1520.664449][ T30] ? ref_tracker_free+0x693/0x840 [ 1520.669499][ T30] ? __pfx_ref_tracker_free+0x10/0x10 [ 1520.675046][ T30] netlink_rcv_skb+0x232/0x4b0 [ 1520.679859][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1520.685380][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1520.690777][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 1520.696120][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 1520.701362][ T30] netlink_unicast+0x75c/0x8e0 [ 1520.706231][ T30] netlink_sendmsg+0x813/0xb40 [ 1520.711021][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1520.716679][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1520.724960][ T30] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1520.730040][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1520.735557][ T30] ____sys_sendmsg+0x972/0x9f0 [ 1520.740366][ T30] ? __might_fault+0xaf/0x130 [ 1520.745137][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1520.750453][ T30] ? import_iovec+0x73/0xa0 [ 1520.755126][ T30] ___sys_sendmsg+0x2a5/0x360 [ 1520.759845][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 1520.764876][ T30] ? __pfx____sys_sendmsg+0x10/0x10 [ 1520.770097][ T30] ? futex_wait+0x2a2/0x390 [ 1520.774742][ T30] ? __fget_files+0x2a/0x420 [ 1520.779375][ T30] ? __fget_files+0x3a0/0x420 [ 1520.784139][ T30] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1520.789099][ T30] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1520.798884][ T30] ? rcu_is_watching+0x15/0xb0 [ 1520.803750][ T30] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1520.809993][ T30] do_syscall_64+0x15f/0xf80 [ 1520.814741][ T30] ? trace_irq_disable+0x3b/0x140 [ 1520.819801][ T30] ? clear_bhb_loop+0x40/0x90 [ 1520.824572][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1520.830473][ T30] RIP: 0033:0x7ff46499ce59 [ 1520.835010][ T30] RSP: 002b:00007ff4658df028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1520.843603][ T30] RAX: ffffffffffffffda RBX: 00007ff464c15fa0 RCX: 00007ff46499ce59 [ 1520.851606][ T30] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 1520.859739][ T30] RBP: 00007ff464a32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1520.867795][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1520.875928][ T30] R13: 00007ff464c16038 R14: 00007ff464c15fa0 R15: 00007ffff9f5fea8 [ 1520.884000][ T30] [ 1520.887047][ T30] INFO: task syz.1.23973:32701 blocked for more than 145 seconds. [ 1520.895552][ T30] Not tainted syzkaller #0 [ 1520.900510][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1520.909197][ T30] task:syz.1.23973 state:D stack:28120 pid:32701 tgid:32698 ppid:5848 task_flags:0x400140 flags:0x00080002 [ 1520.921241][ T30] Call Trace: [ 1520.924611][ T30] [ 1520.927546][ T30] __schedule+0x1821/0x5740 [ 1520.932170][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 1520.937162][ T30] ? __pfx___schedule+0x10/0x10 [ 1520.942097][ T30] ? schedule+0x90/0x360 [ 1520.946346][ T30] schedule+0x164/0x360 [ 1520.950503][ T30] schedule_preempt_disabled+0x13/0x30 [ 1520.956137][ T30] __mutex_lock+0x7f7/0x1550 [ 1520.960777][ T30] ? __mutex_lock+0x608/0x1550 [ 1520.965606][ T30] ? __tun_chr_ioctl+0x3bc/0x1e10 [ 1520.970638][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1520.975849][ T30] __tun_chr_ioctl+0x3bc/0x1e10 [ 1520.980736][ T30] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 1520.986099][ T30] ? __fget_files+0x2a/0x420 [ 1520.990706][ T30] ? __fget_files+0x3a0/0x420 [ 1520.995575][ T30] ? __fget_files+0x2a/0x420 [ 1521.000215][ T30] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1521.005262][ T30] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 1521.010461][ T30] __se_sys_ioctl+0xfc/0x170 [ 1521.015198][ T30] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1521.021315][ T30] do_syscall_64+0x15f/0xf80 [ 1521.025946][ T30] ? trace_irq_disable+0x3b/0x140 [ 1521.030989][ T30] ? clear_bhb_loop+0x40/0x90 [ 1521.036248][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1521.042233][ T30] RIP: 0033:0x7fc6a959ce59 [ 1521.046659][ T30] RSP: 002b:00007fc6aa484028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1521.055216][ T30] RAX: ffffffffffffffda RBX: 00007fc6a9815fa0 RCX: 00007fc6a959ce59 [ 1521.063357][ T30] RDX: 0000200000000200 RSI: 00000000400454ca RDI: 0000000000000004 [ 1521.071352][ T30] RBP: 00007fc6a9632d6f R08: 0000000000000000 R09: 0000000000000000 [ 1521.079454][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1521.087502][ T30] R13: 00007fc6a9816038 R14: 00007fc6a9815fa0 R15: 00007ffdadaed498 [ 1521.095646][ T30] [ 1521.098704][ T30] INFO: task syz.1.23973:32705 blocked for more than 145 seconds. [ 1521.106587][ T30] Not tainted syzkaller #0 [ 1521.111528][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1521.113054][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1521.120571][ T30] task:syz.1.23973 state:D stack:28072 pid:32705 tgid:32698 ppid:5848 task_flags:0x400140 flags:0x00080002 [ 1521.141204][ T30] Call Trace: [ 1521.144727][ T30] [ 1521.147701][ T30] __schedule+0x1821/0x5740 [ 1521.152654][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 1521.157837][ T30] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1521.163749][ T30] ? __pfx___schedule+0x10/0x10 [ 1521.168617][ T30] ? schedule+0x90/0x360 [ 1521.173075][ T30] schedule+0x164/0x360 [ 1521.177267][ T30] schedule_preempt_disabled+0x13/0x30 [ 1521.182790][ T30] __mutex_lock+0x7f7/0x1550 [ 1521.187404][ T30] ? __pfx_free_modprobe_argv+0x10/0x10 [ 1521.193229][ T30] ? __mutex_lock+0x608/0x1550 [ 1521.198034][ T30] ? devinet_ioctl+0x32b/0x1b30 [ 1521.202947][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1521.207986][ T30] ? bpf_lsm_capable+0x9/0x20 [ 1521.212831][ T30] ? security_capable+0x7e/0x2c0 [ 1521.217811][ T30] devinet_ioctl+0x32b/0x1b30 [ 1521.222610][ T30] ? __pfx_devinet_ioctl+0x10/0x10 [ 1521.227741][ T30] ? get_user_ifreq+0x12b/0x180 [ 1521.232797][ T30] inet_ioctl+0x42a/0x560 [ 1521.237170][ T30] ? __pfx_inet_ioctl+0x10/0x10 [ 1521.242356][ T30] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1521.247403][ T30] ? packet_ioctl+0x254/0x350 [ 1521.252289][ T30] sock_do_ioctl+0x101/0x320 [ 1521.256916][ T30] ? __pfx_sock_do_ioctl+0x10/0x10 [ 1521.262079][ T30] ? do_futex+0x333/0x420 [ 1521.266432][ T30] sock_ioctl+0x5c6/0x7f0 [ 1521.270782][ T30] ? __pfx_sock_ioctl+0x10/0x10 [ 1521.279242][ T30] ? __fget_files+0x2a/0x420 [ 1521.284035][ T30] ? __fget_files+0x3a0/0x420 [ 1521.288743][ T30] ? __fget_files+0x2a/0x420 [ 1521.293509][ T30] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1521.298496][ T30] ? __pfx_sock_ioctl+0x10/0x10 [ 1521.303409][ T30] __se_sys_ioctl+0xfc/0x170 [ 1521.308026][ T30] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1521.314265][ T30] do_syscall_64+0x15f/0xf80 [ 1521.318900][ T30] ? trace_irq_disable+0x3b/0x140 [ 1521.323973][ T30] ? clear_bhb_loop+0x40/0x90 [ 1521.328667][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1521.334742][ T30] RIP: 0033:0x7fc6a959ce59 [ 1521.339187][ T30] RSP: 002b:00007fc6aa463028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1521.347672][ T30] RAX: ffffffffffffffda RBX: 00007fc6a9816090 RCX: 00007fc6a959ce59 [ 1521.356002][ T30] RDX: 0000200000000180 RSI: 0000000000008914 RDI: 0000000000000006 [ 1521.364053][ T30] RBP: 00007fc6a9632d6f R08: 0000000000000000 R09: 0000000000000000 [ 1521.372197][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1521.380205][ T30] R13: 00007fc6a9816128 R14: 00007fc6a9816090 R15: 00007ffdadaed498 [ 1521.388285][ T30] [ 1521.391398][ T30] INFO: task syz.2.23974:32717 blocked for more than 145 seconds. [ 1521.399668][ T30] Not tainted syzkaller #0 [ 1521.404742][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1521.413710][ T30] task:syz.2.23974 state:D stack:26656 pid:32717 tgid:32716 ppid:31005 task_flags:0x400140 flags:0x00080002 [ 1521.425723][ T30] Call Trace: [ 1521.429032][ T30] [ 1521.432427][ T30] __schedule+0x1821/0x5740 [ 1521.436988][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 1521.442239][ T30] ? __pfx___schedule+0x10/0x10 [ 1521.447244][ T30] ? schedule+0x90/0x360 [ 1521.451502][ T30] schedule+0x164/0x360 [ 1521.455797][ T30] schedule_preempt_disabled+0x13/0x30 [ 1521.461414][ T30] __mutex_lock+0x7f7/0x1550 [ 1521.466179][ T30] ? __mutex_lock+0x608/0x1550 [ 1521.470992][ T30] ? batadv_netlink_set_mesh+0x5c2/0x1110 [ 1521.476933][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1521.482094][ T30] ? batadv_netlink_set_mesh+0x51f/0x1110 [ 1521.487850][ T30] ? __local_bh_enable_ip+0xd0/0x130 [ 1521.493262][ T30] batadv_netlink_set_mesh+0x5c2/0x1110 [ 1521.498844][ T30] genl_family_rcv_msg_doit+0x22a/0x330 [ 1521.504608][ T30] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1521.510718][ T30] ? bpf_lsm_capable+0x9/0x20 [ 1521.515753][ T30] ? security_capable+0x7e/0x2c0 [ 1521.520754][ T30] genl_rcv_msg+0x61c/0x7a0 [ 1521.525726][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1521.530792][ T30] ? __pfx_batadv_pre_doit+0x10/0x10 [ 1521.536216][ T30] ? __pfx_batadv_netlink_set_mesh+0x10/0x10 [ 1521.542418][ T30] ? __pfx_batadv_post_doit+0x10/0x10 [ 1521.547808][ T30] ? __pfx_ref_tracker_free+0x10/0x10 [ 1521.553346][ T30] netlink_rcv_skb+0x232/0x4b0 [ 1521.558152][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1521.563230][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1521.568548][ T30] ? down_read+0x270/0x2e0 [ 1521.573195][ T30] ? genl_rcv+0xd/0x40 [ 1521.577298][ T30] genl_rcv+0x28/0x40 [ 1521.581300][ T30] netlink_unicast+0x75c/0x8e0 [ 1521.586178][ T30] netlink_sendmsg+0x813/0xb40 [ 1521.590970][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1521.596763][ T30] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1521.601750][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1521.607137][ T30] ____sys_sendmsg+0x972/0x9f0 [ 1521.612127][ T30] ? __might_fault+0xaf/0x130 [ 1521.616935][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1521.622280][ T30] ? import_iovec+0x73/0xa0 [ 1521.626810][ T30] ___sys_sendmsg+0x2a5/0x360 [ 1521.631499][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 1521.636608][ T30] ? __pfx____sys_sendmsg+0x10/0x10 [ 1521.641921][ T30] ? futex_wake+0x4ac/0x580 [ 1521.646494][ T30] ? __fget_files+0x2a/0x420 [ 1521.651107][ T30] ? __fget_files+0x3a0/0x420 [ 1521.656188][ T30] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1521.661187][ T30] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1521.666747][ T30] ? rcu_is_watching+0x15/0xb0 [ 1521.671543][ T30] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1521.678057][ T30] do_syscall_64+0x15f/0xf80 [ 1521.682970][ T30] ? trace_irq_disable+0x3b/0x140 [ 1521.688051][ T30] ? clear_bhb_loop+0x40/0x90 [ 1521.692871][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1521.698812][ T30] RIP: 0033:0x7fcbfe99ce59 [ 1521.703309][ T30] RSP: 002b:00007fcbfcbf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1521.711730][ T30] RAX: ffffffffffffffda RBX: 00007fcbfec15fa0 RCX: 00007fcbfe99ce59 [ 1521.719892][ T30] RDX: 0000000004000000 RSI: 0000200000000540 RDI: 0000000000000004 [ 1521.728086][ T30] RBP: 00007fcbfea32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1521.736234][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1521.744249][ T30] R13: 00007fcbfec16038 R14: 00007fcbfec15fa0 R15: 00007ffca47243a8 [ 1521.752352][ T30] [ 1521.755408][ T30] INFO: task syz.2.23974:32721 blocked for more than 146 seconds. [ 1521.763311][ T30] Not tainted syzkaller #0 [ 1521.768257][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1521.777650][ T30] task:syz.2.23974 state:D stack:26776 pid:32721 tgid:32716 ppid:31005 task_flags:0x400140 flags:0x00080002 [ 1521.789653][ T30] Call Trace: [ 1521.793062][ T30] [ 1521.796018][ T30] __schedule+0x1821/0x5740 [ 1521.800523][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 1521.805558][ T30] ? __pfx___schedule+0x10/0x10 [ 1521.810595][ T30] ? schedule+0x90/0x360 [ 1521.814970][ T30] schedule+0x164/0x360 [ 1521.819159][ T30] schedule_preempt_disabled+0x13/0x30 [ 1521.824688][ T30] __mutex_lock+0x7f7/0x1550 [ 1521.829297][ T30] ? __pfx___nla_validate_parse+0x10/0x10 [ 1521.835314][ T30] ? __mutex_lock+0x608/0x1550 [ 1521.840153][ T30] ? rtnl_newlink+0x883/0x1bb0 [ 1521.845007][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1521.850066][ T30] ? ns_capable+0x89/0xe0 [ 1521.854577][ T30] rtnl_newlink+0x883/0x1bb0 [ 1521.859219][ T30] ? netlink_deliver_tap+0x19c/0x1b0 [ 1521.864535][ T30] ? netlink_unicast+0x730/0x8e0 [ 1521.869490][ T30] ? __pfx_rtnl_newlink+0x10/0x10 [ 1521.874650][ T30] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1521.880786][ T30] ? kasan_quarantine_put+0xbb/0x1f0 [ 1521.886159][ T30] ? lockdep_hardirqs_on+0x7a/0x110 [ 1521.891377][ T30] ? nlmon_xmit+0xb0/0x100 [ 1521.895943][ T30] ? kmem_cache_free+0x182/0x650 [ 1521.900931][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 1521.905961][ T30] ? __dev_queue_xmit+0x2b6/0x3950 [ 1521.911092][ T30] ? __local_bh_enable_ip+0xd0/0x130 [ 1521.916572][ T30] ? lockdep_hardirqs_on+0x7a/0x110 [ 1521.921836][ T30] ? __dev_queue_xmit+0x2b6/0x3950 [ 1521.926960][ T30] ? __local_bh_enable_ip+0xd0/0x130 [ 1521.932379][ T30] ? __dev_queue_xmit+0x2b6/0x3950 [ 1521.937582][ T30] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 1521.942892][ T30] ? __pfx_rtnl_newlink+0x10/0x10 [ 1521.947961][ T30] rtnetlink_rcv_msg+0x7d5/0xbe0 [ 1521.953049][ T30] ? rtnetlink_rcv_msg+0x1b9/0xbe0 [ 1521.958202][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1521.963730][ T30] ? ref_tracker_free+0x693/0x840 [ 1521.968767][ T30] ? __pfx_ref_tracker_free+0x10/0x10 [ 1521.974305][ T30] netlink_rcv_skb+0x232/0x4b0 [ 1521.979114][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1521.984658][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1521.989961][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 1521.995300][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 1522.000557][ T30] netlink_unicast+0x75c/0x8e0 [ 1522.005421][ T30] netlink_sendmsg+0x813/0xb40 [ 1522.010207][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1522.015649][ T30] ? page_table_check_set+0x126/0x510 [ 1522.021080][ T30] ? lock_acquire+0x106/0x350 [ 1522.026167][ T30] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1522.031145][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1522.036585][ T30] ____sys_sendmsg+0x972/0x9f0 [ 1522.041393][ T30] ? __might_fault+0xaf/0x130 [ 1522.046131][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1522.051442][ T30] ? import_iovec+0x73/0xa0 [ 1522.056160][ T30] ___sys_sendmsg+0x2a5/0x360 [ 1522.060874][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 1522.065899][ T30] ? __pfx____sys_sendmsg+0x10/0x10 [ 1522.071145][ T30] ? __fget_files+0x2a/0x420 [ 1522.076241][ T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1522.084547][ T30] ? __fget_files+0x3a0/0x420 [ 1522.089279][ T30] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1522.094361][ T30] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1522.099858][ T30] ? __se_sys_rt_sigprocmask+0x22f/0x2a0 [ 1522.105575][ T30] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1522.111650][ T30] do_syscall_64+0x15f/0xf80 [ 1522.116378][ T30] ? trace_irq_disable+0x3b/0x140 [ 1522.121444][ T30] ? clear_bhb_loop+0x40/0x90 [ 1522.126217][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1522.132304][ T30] RIP: 0033:0x7fcbfe99ce59 [ 1522.136750][ T30] RSP: 002b:00007fcbfcbd5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1522.145218][ T30] RAX: ffffffffffffffda RBX: 00007fcbfec16090 RCX: 00007fcbfe99ce59 [ 1522.153458][ T6028] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1522.153466][ T30] RDX: 0000000000048004 RSI: 0000200000000280 RDI: 0000000000000003 [ 1522.153482][ T30] RBP: 00007fcbfea32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1522.178090][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1522.186174][ T30] R13: 00007fcbfec16128 R14: 00007fcbfec16090 R15: 00007ffca47243a8 [ 1522.194274][ T30] [ 1522.197299][ T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 1522.206396][ T30] [ 1522.206396][ T30] Showing all locks held in the system: [ 1522.214245][ T30] 1 lock held by khungtaskd/30: [ 1522.219100][ T30] #0: ffffffff8e95cda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 1522.229009][ T30] 3 locks held by kworker/u8:2/35: [ 1522.234276][ T30] #0: ffff88801ae84140 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 1522.246051][ T30] #1: ffffc90000ab7c40 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 1522.257124][ T30] #2: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 1522.266205][ T30] 3 locks held by kworker/1:2/995: [ 1522.271315][ T30] #0: ffff88813fe41d40 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 1522.284067][ T30] #1: ffffc90004fa7c40 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 1522.296177][ T30] #2: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0xab/0x1090 [ 1522.306370][ T30] 1 lock held by dhcpcd/5289: [ 1522.311059][ T30] #0: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_deladdr+0x1c1/0x790 [ 1522.324039][ T30] 2 locks held by getty/5380: [ 1522.328836][ T30] #0: ffff8880317990a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1522.338818][ T30] #1: ffffc900032332e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13a0 [ 1522.349026][ T30] 5 locks held by kworker/u8:1/4090: [ 1522.354619][ T30] #0: ffff88801be8e140 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 1522.365581][ T30] #1: ffffc900032afc40 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 1522.376298][ T30] #2: ffffffff8fdc1568 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf4/0x800 [ 1522.385700][ T30] #3: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xe5/0x9e0 [ 1522.396070][ T30] #4: ffff888064a78dc8 (&dev_instance_lock_key#17){+.+.}-{4:4}, at: napi_disable+0x4e/0x80 [ 1522.406451][ T30] 3 locks held by kworker/u8:10/10096: [ 1522.412025][ T30] #0: ffff88803158c940 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0xa35/0x1860 [ 1522.423682][ T30] #1: ffffc900059bfc40 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0xa70/0x1860 [ 1522.437484][ T30] #2: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 1522.447207][ T30] 7 locks held by syz-executor/32212: [ 1522.452676][ T30] #0: ffff888033e12410 (sb_writers#7){.+.+}-{0:0}, at: vfs_write+0x227/0xb90 [ 1522.461611][ T30] #1: ffff88802745b080 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x1de/0x540 [ 1522.471447][ T30] #2: ffff888029a46e18 (kn->active#58){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x231/0x540 [ 1522.481644][ T30] #3: ffffffff8f64f6e0 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: new_device_store+0x13c/0x710 [ 1522.492188][ T30] #4: ffff8880aba46128 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x450 [ 1522.501461][ T30] #5: ffff8880aba43258 (&devlink->lock_key#9){+.+.}-{4:4}, at: nsim_drv_probe+0xc9/0xc20 [ 1522.511578][ T30] #6: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_dev_lock+0x257/0x2f0 [ 1522.521144][ T30] 1 lock held by syz.0.23969/32685: [ 1522.526439][ T30] #0: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: __tun_chr_ioctl+0x3bc/0x1e10 [ 1522.535893][ T30] 1 lock held by syz.0.23969/32691: [ 1522.541097][ T30] #0: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: devinet_ioctl+0x32b/0x1b30 [ 1522.550323][ T30] 1 lock held by syz.3.23971/32699: [ 1522.555737][ T30] #0: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0 [ 1522.564901][ T30] 1 lock held by syz.1.23973/32701: [ 1522.570106][ T30] #0: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: __tun_chr_ioctl+0x3bc/0x1e10 [ 1522.579623][ T30] 1 lock held by syz.1.23973/32705: [ 1522.584899][ T30] #0: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: devinet_ioctl+0x32b/0x1b30 [ 1522.594162][ T30] 3 locks held by syz.2.23974/32717: [ 1522.599468][ T30] #0: ffffffff8fe3fb28 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1522.607719][ T30] #1: ffffffff8fe3f960 (genl_mutex){+.+.}-{4:4}, at: genl_rcv_msg+0x10b/0x7a0 [ 1522.616879][ T30] #2: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: batadv_netlink_set_mesh+0x5c2/0x1110 [ 1522.626986][ T30] 2 locks held by syz.2.23974/32721: [ 1522.632614][ T30] #0: ffffffff90326a18 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 1522.642254][ T30] #1: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x883/0x1bb0 [ 1522.651327][ T30] 1 lock held by syz-executor/32758: [ 1522.656748][ T30] #0: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 1522.666240][ T30] 1 lock held by syz-executor/32762: [ 1522.671518][ T30] #0: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 1522.681110][ T30] 1 lock held by syz-executor/32765: [ 1522.686459][ T30] #0: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 1522.696056][ T30] 1 lock held by syz-executor/32766: [ 1522.701367][ T30] #0: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 1522.710929][ T30] 1 lock held by syz-executor/311: [ 1522.716264][ T30] #0: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 1522.725880][ T30] 1 lock held by syz-executor/320: [ 1522.731025][ T30] #0: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 1522.741522][ T30] 1 lock held by syz-executor/325: [ 1522.746734][ T30] #0: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 1522.756314][ T30] 1 lock held by syz-executor/326: [ 1522.761481][ T30] #0: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 1522.771220][ T30] 1 lock held by syz-executor/332: [ 1522.776458][ T30] #0: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 1522.786143][ T30] 1 lock held by syz-executor/339: [ 1522.791299][ T30] #0: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 1522.800882][ T30] 1 lock held by syz-executor/348: [ 1522.806133][ T30] #0: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 1522.815865][ T30] 1 lock held by syz-executor/349: [ 1522.820995][ T30] #0: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 1522.830524][ T30] 1 lock held by syz-executor/354: [ 1522.835789][ T30] #0: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 1522.845492][ T30] 1 lock held by syz-executor/364: [ 1522.850614][ T30] #0: ffffffff8fdd0240 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x404/0x1ad0 [ 1522.860232][ T30] [ 1522.862628][ T30] ============================================= [ 1522.862628][ T30] [ 1522.871068][ T30] NMI backtrace for cpu 0 [ 1522.871084][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 1522.871100][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1522.871106][ T30] Call Trace: [ 1522.871112][ T30] [ 1522.871117][ T30] dump_stack_lvl+0xe8/0x150 [ 1522.871134][ T30] nmi_cpu_backtrace+0x274/0x2d0 [ 1522.871217][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1522.871234][ T30] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 1522.871254][ T30] sys_info+0x135/0x170 [ 1522.871300][ T30] watchdog+0xfd3/0x1030 [ 1522.871331][ T30] ? watchdog+0x1c9/0x1030 [ 1522.871353][ T30] kthread+0x389/0x470 [ 1522.871366][ T30] ? __pfx_watchdog+0x10/0x10 [ 1522.871377][ T30] ? __pfx_kthread+0x10/0x10 [ 1522.871389][ T30] ret_from_fork+0x514/0xb70 [ 1522.871402][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 1522.871411][ T30] ? __switch_to+0xc79/0x1410 [ 1522.871426][ T30] ? __pfx_kthread+0x10/0x10 [ 1522.871437][ T30] ret_from_fork_asm+0x1a/0x30 [ 1522.871456][ T30] [ 1522.871460][ T30] Sending NMI from CPU 0 to CPUs 1: [ 1522.981728][ C1] NMI backtrace for cpu 1 [ 1522.981746][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) [ 1522.981764][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1522.981774][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 1522.981833][ C1] Code: ab 7d 02 e9 93 f7 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d d3 a1 20 00 fb f4 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 [ 1522.981849][ C1] RSP: 0018:ffffc90000197e20 EFLAGS: 00000246 [ 1522.981863][ C1] RAX: 0000000000950905 RBX: ffffffff819a958a RCX: 0000000080000001 [ 1522.981875][ C1] RDX: 0000000000000001 RSI: ffffffff8dfa6b31 RDI: ffffffff8c28af60 [ 1522.981886][ C1] RBP: ffffc90000197f10 R08: ffff8880b87339db R09: 1ffff110170e673b [ 1522.981898][ C1] R10: dffffc0000000000 R11: ffffed10170e673c R12: 0000000000000001 [ 1522.981909][ C1] R13: 1ffff11003b5b000 R14: 0000000000000001 R15: 1ffff11003b5b000 [ 1522.981921][ C1] FS: 0000000000000000(0000) GS:ffff88812538a000(0000) knlGS:0000000000000000 [ 1522.981933][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1522.981944][ C1] CR2: 000055987327bf40 CR3: 000000000e74a000 CR4: 00000000003526f0 [ 1522.981958][ C1] Call Trace: [ 1522.981966][ C1] [ 1522.981972][ C1] default_idle+0x9/0x20 [ 1522.981989][ C1] default_idle_call+0x72/0xb0 [ 1522.982007][ C1] do_idle+0x36a/0x5f0 [ 1522.982025][ C1] ? asm_sysvec_call_function_single+0x1a/0x20 [ 1522.982045][ C1] ? __pfx_do_idle+0x10/0x10 [ 1522.982068][ C1] cpu_startup_entry+0x43/0x60 [ 1522.982085][ C1] start_secondary+0x101/0x110 [ 1522.982100][ C1] common_startup_64+0x13e/0x147 [ 1522.982129][ C1] [ 1522.982826][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 1522.982845][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 1522.982863][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1522.982873][ T30] Call Trace: [ 1522.982882][ T30] [ 1522.982889][ T30] vpanic+0x56c/0xa60 [ 1522.982912][ T30] ? __pfx___schedule+0x10/0x10 [ 1522.982934][ T30] ? __pfx_vpanic+0x10/0x10 [ 1522.982960][ T30] panic+0xc5/0xd0 [ 1522.982978][ T30] ? __pfx_panic+0x10/0x10 [ 1522.982998][ T30] ? preempt_schedule_thunk+0x16/0x30 [ 1522.983026][ T30] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 1522.983049][ T30] watchdog+0x102c/0x1030 [ 1522.983079][ T30] ? watchdog+0x1c9/0x1030 [ 1522.983106][ T30] kthread+0x389/0x470 [ 1522.983128][ T30] ? __pfx_watchdog+0x10/0x10 [ 1522.983149][ T30] ? __pfx_kthread+0x10/0x10 [ 1522.983170][ T30] ret_from_fork+0x514/0xb70 [ 1522.983191][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 1522.983209][ T30] ? __switch_to+0xc79/0x1410 [ 1522.983233][ T30] ? __pfx_kthread+0x10/0x10 [ 1522.983254][ T30] ret_from_fork_asm+0x1a/0x30 [ 1522.983287][ T30] [ 1523.260794][ T30] Kernel Offset: disabled [ 1523.265104][ T30] Rebooting in 86400 seconds..