last executing test programs: 1m47.969476117s ago: executing program 3 (id=1925): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000cc0)={'batadv_slave_1\x00'}) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0xfeffffff, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001800efe000000000000000000a00000000000000000000000c00090008000000", @ANYRES32=0x0, @ANYBLOB="1400050000000000000000000b00000000000002"], 0x3c}, 0x1, 0x11}, 0x0) 1m47.969450319s ago: executing program 1 (id=1216): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001a00010000000000fdffffff0a000000", @ANYRES32=0x0, @ANYBLOB="000000001400030007000000000000000000009fcd1c970014000100ff4c"], 0x44}}, 0x0) r2 = socket$pptp(0x18, 0x1, 0x2) ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000000000)) sendmsg$netlink(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000002d0200000000000000000000b619180000801400380000000000000000000000ffff6401000100ad090ae8a5e1fa8700"], 0x2c}], 0x1, 0x0, 0x0, 0x2000000}, 0x8000) 1m47.969435805s ago: executing program 3 (id=1925): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000cc0)={'batadv_slave_1\x00'}) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0xfeffffff, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001800efe000000000000000000a00000000000000000000000c00090008000000", @ANYRES32=0x0, @ANYBLOB="1400050000000000000000000b00000000000002"], 0x3c}, 0x1, 0x11}, 0x0) 1m47.969412463s ago: executing program 1 (id=1216): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001a00010000000000fdffffff0a000000", @ANYRES32=0x0, @ANYBLOB="000000001400030007000000000000000000009fcd1c970014000100ff4c"], 0x44}}, 0x0) r2 = socket$pptp(0x18, 0x1, 0x2) ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000000000)) sendmsg$netlink(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000002d0200000000000000000000b619180000801400380000000000000000000000ffff6401000100ad090ae8a5e1fa8700"], 0x2c}], 0x1, 0x0, 0x0, 0x2000000}, 0x8000) 1m47.969395996s ago: executing program 3 (id=1925): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000cc0)={'batadv_slave_1\x00'}) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0xfeffffff, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001800efe000000000000000000a00000000000000000000000c00090008000000", @ANYRES32=0x0, @ANYBLOB="1400050000000000000000000b00000000000002"], 0x3c}, 0x1, 0x11}, 0x0) 1m47.969374241s ago: executing program 1 (id=1216): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001a00010000000000fdffffff0a000000", @ANYRES32=0x0, @ANYBLOB="000000001400030007000000000000000000009fcd1c970014000100ff4c"], 0x44}}, 0x0) r2 = socket$pptp(0x18, 0x1, 0x2) ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000000000)) sendmsg$netlink(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000002d0200000000000000000000b619180000801400380000000000000000000000ffff6401000100ad090ae8a5e1fa8700"], 0x2c}], 0x1, 0x0, 0x0, 0x2000000}, 0x8000) 1m43.421032273s ago: executing program 3 (id=1925): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000cc0)={'batadv_slave_1\x00'}) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0xfeffffff, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001800efe000000000000000000a00000000000000000000000c00090008000000", @ANYRES32=0x0, @ANYBLOB="1400050000000000000000000b00000000000002"], 0x3c}, 0x1, 0x11}, 0x0) 1m42.1186009s ago: executing program 1 (id=1216): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001a00010000000000fdffffff0a000000", @ANYRES32=0x0, @ANYBLOB="000000001400030007000000000000000000009fcd1c970014000100ff4c"], 0x44}}, 0x0) r2 = socket$pptp(0x18, 0x1, 0x2) ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000000000)) sendmsg$netlink(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000002d0200000000000000000000b619180000801400380000000000000000000000ffff6401000100ad090ae8a5e1fa8700"], 0x2c}], 0x1, 0x0, 0x0, 0x2000000}, 0x8000) 1m30.27990201s ago: executing program 3 (id=1925): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000cc0)={'batadv_slave_1\x00'}) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0xfeffffff, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001800efe000000000000000000a00000000000000000000000c00090008000000", @ANYRES32=0x0, @ANYBLOB="1400050000000000000000000b00000000000002"], 0x3c}, 0x1, 0x11}, 0x0) 1m28.784269888s ago: executing program 1 (id=1216): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001a00010000000000fdffffff0a000000", @ANYRES32=0x0, @ANYBLOB="000000001400030007000000000000000000009fcd1c970014000100ff4c"], 0x44}}, 0x0) r2 = socket$pptp(0x18, 0x1, 0x2) ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000000000)) sendmsg$netlink(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000002d0200000000000000000000b619180000801400380000000000000000000000ffff6401000100ad090ae8a5e1fa8700"], 0x2c}], 0x1, 0x0, 0x0, 0x2000000}, 0x8000) 1m25.989288666s ago: executing program 2 (id=2333): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="44000000200001002bbd700000ff00000a108000000000080400010014000200fc0200000000000000000000000000001400010020"], 0x44}}, 0x40000) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x5c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private2}]}}}]}, 0x5c}}, 0x0) 1m25.708166758s ago: executing program 2 (id=2335): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a050000e22dcbc80b47befa0000000900010073797a30000000002c000000030a01020000000000000000010000030900030073797a30000000000900010073797a300000f5ff540000001a0a010400000000000000000100000008000b4000000000090001"], 0xc8}}, 0x0) 1m25.520509282s ago: executing program 2 (id=2336): r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000500190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) 1m25.301000448s ago: executing program 2 (id=2338): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x34, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_ID={0x8, 0x1, 0x1}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc0000001900010000000000000000001c140000fe000001000000008400120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005001a000d00"], 0xbc}, 0x1, 0x0, 0x0, 0x4000845}, 0x0) (async) r2 = epoll_create(0x3ff) r3 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000240)={0xa0000000}) epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r3, &(0x7f0000000280)={0x2000000}) epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r3, &(0x7f0000000100)={0x4}) 1m25.032037142s ago: executing program 2 (id=2339): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000002340)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca0200000000000000adcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d070490893616810a121ff4feedd1d176b313b9fc7bf31ddff431a4a50760ce18a76c4b7aa73cec3eec984c76d16f798c436410f3f4a41715e736a132c3cb9421be0b3c2bd40b75896c007fa2d47e3d8392d905d582b8eff689b0f493770c91e8c2e8bd0b08ffa4fd0289b04b0ea024768d196ef721314d68d29988b01871c6ea39f95a0b77744caadd24867acab274e8e4bf3fb44df31e15ffdce52"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000012c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@cgroup=r1, r1, 0x2f}, 0x20) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="2f0000001800000004000000", @ANYRES32, @ANYBLOB="407d0e80958000f84aa45e5de464fb9040370c2495db4de61181ae956c156886e83ca2426c477741c940c7c23e4c303ef9142b2aa4d6cebb951f88e80e136b31d06ff793d0cd5618434df24ddf0f908340045d3b75b683ab83c39ae90e2a1a08bfa5222961d9198af195d3039b9fb0ea1932ce2f8806f2457843334095d714decda4ac608299888c4546ec15", @ANYRES64=0x0], 0x20) 1m24.993886182s ago: executing program 3 (id=1925): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000cc0)={'batadv_slave_1\x00'}) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0xfeffffff, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001800efe000000000000000000a00000000000000000000000c00090008000000", @ANYRES32=0x0, @ANYBLOB="1400050000000000000000000b00000000000002"], 0x3c}, 0x1, 0x11}, 0x0) 1m24.940918106s ago: executing program 2 (id=2340): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xb, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x10000}, [@call={0x85, 0x0, 0x0, 0x18}]}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x8004, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1m24.403182365s ago: executing program 32 (id=1925): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000cc0)={'batadv_slave_1\x00'}) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0xfeffffff, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001800efe000000000000000000a00000000000000000000000c00090008000000", @ANYRES32=0x0, @ANYBLOB="1400050000000000000000000b00000000000002"], 0x3c}, 0x1, 0x11}, 0x0) 1m24.395887492s ago: executing program 1 (id=1216): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001a00010000000000fdffffff0a000000", @ANYRES32=0x0, @ANYBLOB="000000001400030007000000000000000000009fcd1c970014000100ff4c"], 0x44}}, 0x0) r2 = socket$pptp(0x18, 0x1, 0x2) ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000000000)) sendmsg$netlink(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000002d0200000000000000000000b619180000801400380000000000000000000000ffff6401000100ad090ae8a5e1fa8700"], 0x2c}], 0x1, 0x0, 0x0, 0x2000000}, 0x8000) 1m24.268402839s ago: executing program 33 (id=1216): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001a00010000000000fdffffff0a000000", @ANYRES32=0x0, @ANYBLOB="000000001400030007000000000000000000009fcd1c970014000100ff4c"], 0x44}}, 0x0) r2 = socket$pptp(0x18, 0x1, 0x2) ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000000000)) sendmsg$netlink(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000002d0200000000000000000000b619180000801400380000000000000000000000ffff6401000100ad090ae8a5e1fa8700"], 0x2c}], 0x1, 0x0, 0x0, 0x2000000}, 0x8000) 1m24.224051944s ago: executing program 34 (id=2340): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xb, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x10000}, [@call={0x85, 0x0, 0x0, 0x18}]}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x8004, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 3.724316654s ago: executing program 5 (id=3080): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x3, 0x30, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0x10, 0x6071, 0x0, 0xe7, {[@exp_smc={0xfe, 0x6}]}}}}}}}, 0x0) 3.156150101s ago: executing program 7 (id=3093): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r3, 0x8943, &(0x7f0000000100)={'syzkaller0\x00'}) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="110000000002"}) 2.871074355s ago: executing program 5 (id=3099): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f00000002c0)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0xac}, {0x6}]}, 0x10) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x2, 0x0, @local, 0x2}]}, &(0x7f00000002c0)=0x10) 2.569306092s ago: executing program 4 (id=3104): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000140), r1) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) write$cgroup_pid(r3, &(0x7f0000000000), 0x2a979d) ioctl$SIOCSIFHWADDR(r3, 0x401c5820, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca41989140003"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014) sendmsg$TIPC_NL_MON_SET(r3, &(0x7f0000000840)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000800)={&(0x7f0000000600)={0x1cc, r5, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@TIPC_NLA_NODE={0x18, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_LINK={0x50, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_LINK={0x13c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xf28}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5e}]}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7ec9a8f5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff7fff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x40}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x772}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x200}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x101}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}]}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xd}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}]}]}, 0x1cc}, 0x1, 0x0, 0x0, 0x4}, 0x8000) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000400)={@map=r3, 0x27, 0x1, 0x7, &(0x7f00000002c0)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000340)=[0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40) sendmsg$NLBL_MGMT_C_LISTDEF(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="01062abd7000ffdbdf250600000006000b000a000000"], 0x1c}, 0x1, 0x0, 0x0, 0x4004001}, 0x40) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000180)={0x138, 0x0, 0x1, 0x101, 0x0, 0x0, {0x0, 0x0, 0x3}, [@CTA_SEQ_ADJ_ORIG={0x34, 0xf, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x300000}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x7f}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x1}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x6}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x4}]}, @CTA_TUPLE_ORIG={0xc, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_LABELS={0xc, 0x16, 0x1, 0x0, [0x1, 0x7]}, @CTA_TUPLE_REPLY={0x70, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x21}}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x14}}, {0x14, 0x4, @empty}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x2}, @CTA_NAT_DST={0x50, 0xd, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @private=0xa010101}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}, @CTA_NAT_V6_MINIP={0x14, 0x4, @local}, @CTA_NAT_V4_MINIP={0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_V6_MINIP={0x14, 0x4, @local}]}, @CTA_TUPLE_ORIG={0x10, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}]}, 0x138}, 0x1, 0x0, 0x0, 0x4c040}, 0x10) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="640000000206010100000000000000000000000005000100070000000900020073797a30000000001400078008001240fffffffe080013400000080015000300686173683a69702c706f72742c6e6574000000000500050002000000050004"], 0x64}, 0x1, 0x0, 0x0, 0x4001}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x65205, 0xc900}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x2020d}}}}}}, @IFLA_MTU={0x8, 0x4, 0x7ff}]}, 0x50}, 0x1, 0x0, 0x0, 0x84}, 0x0) socket(0x6, 0x1, 0x0) 1.920565567s ago: executing program 5 (id=3107): r0 = socket(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @empty, 0x4000002}, 0x1c) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newlink={0x28, 0x10, 0x1, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x60938, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000) setsockopt$inet6_int(r0, 0x29, 0x19, 0x0, 0x0) syz_emit_ethernet(0x6e, &(0x7f0000000280)={@multicast, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x9, 0x6, 'z&-', 0x38, 0x3a, 0xfe, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x4fe, {0x2, 0x6, "081331", 0x3f6f, 0xff, 0x0, @mcast1, @loopback, [@fragment={0x84, 0x0, 0xa, 0x0, 0x0, 0x7, 0x65}]}}}}}}}, 0x0) 932.666137ms ago: executing program 6 (id=3109): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000000)={r1, @in={{0x2, 0x4e24, @empty}}, 0x100, 0x600}, 0x90) 879.31073ms ago: executing program 7 (id=3110): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x10, 0x803, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xfffd}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd2a, 0x8000002, {0x0, 0x0, 0x0, 0x0, {0x0, 0x6}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffd}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x5, 0x8, 0x2}, {0x1, 0x1, 0x2}}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x24008004}, 0x0) 828.243443ms ago: executing program 5 (id=3111): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x18, 0x2, 0x2, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@CTA_EXPECT_TUPLE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000}, 0x4040080) 797.442292ms ago: executing program 6 (id=3113): ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) r1 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000440)={'syz_tun\x00', 0x101}) close(r0) 769.597934ms ago: executing program 4 (id=3114): syz_init_net_socket$netrom(0x6, 0x5, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b18, &(0x7f0000000000)={'wlan0\x00'}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000002c0)={0x5c, r6, 0x1, 0x70bd29, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FRAME={0x3e, 0x33, @probe_request={{{0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1}, {0x1}, @device_b, @device_a, @initial, {0x4, 0x9}, @value=@ver_80211n={0x0, 0xd6, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1}}, @val, @void, @void, @val={0x2d, 0x1a, {0x800, 0x0, 0x0, 0x0, {0x10, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2}, 0x400, 0x6, 0x9}}, @void}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x6a845ecb4f20be70}, 0x24008080) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) 668.005739ms ago: executing program 0 (id=3115): r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, &(0x7f0000000040)=0x1, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'gretap0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000080)={&(0x7f0000000580)={0x1d, r1}, 0x10, &(0x7f00000003c0)={&(0x7f0000000100)=@canfd={{0x2, 0x1, 0x1}, 0x4e, 0x2, 0x0, 0x0, "2efe3849b4459172c264d529b6f4c2734b1aeff23c889d06e1b6204780968d24f0191115930e37b3ee9f05fb11cd2fb8033efd685bb306c878e1d2157e3bdb2d"}, 0x48}, 0x2, 0x0, 0x0, 0xc}, 0x20044040) 667.868619ms ago: executing program 5 (id=3116): r0 = socket$inet6_icmp(0xa, 0x2, 0x3a) sendto$inet6(r0, &(0x7f00000000c0)="a00064bced2a4a68", 0x1c, 0x24000810, &(0x7f0000000000)={0xa, 0x4e22, 0x10003, @private1={0xfc, 0x1, '\x00', 0x8}, 0x8001}, 0x1c) 599.89115ms ago: executing program 5 (id=3117): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) syz_emit_ethernet(0x3a, &(0x7f0000000100)={@local, @random="0000101d00", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x23, 0x2c, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x10, 0x7, 0x0, 0xe7, {[@exp_fastopen={0xfe, 0x4}]}}}}}}}, 0x0) 592.672858ms ago: executing program 7 (id=3118): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'macvtap0\x00', &(0x7f0000000240)=@ethtool_per_queue_op={0x4b, 0x21, [0x8, 0x1, 0x2, 0xc, 0x9, 0xf94, 0x4000f1, 0x37, 0x409, 0x6, 0x1, 0x6, 0x1, 0x5, 0x7f, 0x2, 0x80000000, 0x2, 0x0, 0x9, 0x8, 0x5, 0x7, 0x2, 0x6, 0x1675, 0x1, 0xff, 0x4, 0x200, 0x4, 0x4107a2b1, 0x358827d1, 0x6, 0x2, 0x1, 0x80000001, 0xc0010, 0x9c, 0x4, 0x2, 0x7, 0x3, 0xfffffffc, 0x200, 0x5, 0x4, 0x5, 0x0, 0x1, 0x1, 0x0, 0x4928, 0x3, 0xffffffff, 0x7, 0x4, 0x5, 0x80000004, 0x0, 0x9733, 0x6, 0x80000001, 0x8, 0x9fd8, 0x5, 0x9, 0x8, 0x8, 0x4, 0x101, 0x9, 0x71, 0x0, 0x6, 0x0, 0x3, 0x5, 0x165, 0x9, 0x6, 0x4, 0x9, 0x8, 0x40, 0x6, 0x5, 0x7, 0x0, 0x3, 0x2, 0x2, 0x0, 0xa, 0xffffffff, 0x471, 0x4, 0x0, 0x7, 0x3, 0x6, 0x1000, 0x3, 0x2, 0xb, 0xffff, 0x80, 0x4, 0x4, 0x2, 0x40, 0xb, 0xfffffffd, 0x5, 0x7, 0x0, 0x2, 0x2, 0x0, 0x7, 0x5, 0x8000, 0x1, 0xa, 0x200ffff, 0xa1, 0x6, 0x9]}}) 524.188934ms ago: executing program 4 (id=3119): bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="0600000004000000001000008500", @ANYRES32], 0x50) 524.053977ms ago: executing program 0 (id=3120): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_type(r0, 0x0, 0x2, 0x0) mkdirat$cgroup(r0, &(0x7f0000000080)='syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r1 = openat$cgroup(r0, &(0x7f00000002c0)='syz0\x00', 0x200002, 0x0) mkdirat$cgroup(r1, &(0x7f0000000340)='syz0\x00', 0x1ff) 505.326391ms ago: executing program 6 (id=3121): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e) connect$pppoe(r1, &(0x7f0000000040)={0x18, 0x0, {0x3, @local, 'batadv0\x00'}}, 0x1e) connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x0, @remote, 'veth0_to_batadv\x00'}}, 0x1e) 449.699759ms ago: executing program 0 (id=3122): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x6, &(0x7f0000000080)=@framed={{0x18, 0x2}, [@func={0x85, 0x0, 0x1, 0x0, 0x1}, @exit, @call={0x85, 0x0, 0x0, 0x7a}]}, &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0xa}, 0x94) 379.267739ms ago: executing program 4 (id=3123): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_NAME_TABLE_GET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x14, 0x0, 0xf01, 0x70bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x1021}, 0x4000000) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0) 379.133307ms ago: executing program 7 (id=3124): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, 0x0, 0x810) sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="20000000021401040000000001dcdf25080001000000000005005400"], 0x20}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810) 371.481561ms ago: executing program 6 (id=3125): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x1, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2e}}, 0x7}, 0x1c) ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xfff}, 0x1c) recvfrom(r0, 0x0, 0x0, 0x22, 0x0, 0x0) sendmmsg$inet6(r0, &(0x7f0000001540)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="02", 0x1}], 0x1}}], 0x1, 0x404c851) 310.087514ms ago: executing program 0 (id=3126): r0 = socket(0xa, 0x3, 0xff) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000080)=0x8, 0x4) sendmsg$unix(r0, &(0x7f0000001680)={&(0x7f00000000c0)=@abs={0x0, 0x0, 0x103}, 0x6e, &(0x7f0000000000)=[{&(0x7f00000001c0)="655be7c09841f6a9e16c7f5cdae341ad778ba0d6f3ff0300001259873a2f5af70a1666e57ab0ee70", 0x28}], 0x1}, 0x2) 308.296473ms ago: executing program 4 (id=3127): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r1, &(0x7f0000000140)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x8016, 0x1400, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x1400, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @loopback}}}}, 0xfdef) 228.169743ms ago: executing program 6 (id=3128): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x10, 0x803, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0xfffd}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd2a, 0x8000002, {0x0, 0x0, 0x0, 0x0, {0x0, 0x6}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffd}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x5, 0x8, 0x2}, {0x1, 0x1, 0x2}}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x24008004}, 0x0) 228.055372ms ago: executing program 7 (id=3129): r0 = socket$packet(0x11, 0x2, 0x300) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, 0x0, 0x0) setsockopt$packet_drop_memb(r0, 0x107, 0x2, 0x0, 0x0) 171.81898ms ago: executing program 0 (id=3130): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x4}}, @call={0x85, 0x0, 0x0, 0x50}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff6) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001e80)={&(0x7f0000000180)=@abs={0x1, 0x5c, 0x1}, 0x6e, 0x0}, 0x20000) ioctl$TUNGETVNETLE(r0, 0x40047451, &(0x7f0000000180)) 121.381424ms ago: executing program 7 (id=3131): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000040)={@val={0x0, 0x6003}, @void, @eth={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x4004, 0x0, 0x3, 0x2f, 0x0, @private=0x1fe1, @multicast1}, {0xa000, 0x6558, 0x10, 0x0, @gue={{0x2, 0x0, 0x1, 0x2, 0x0, @val=0x80}}}}}}}}, 0x36) 22.943865ms ago: executing program 4 (id=3132): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000004b80)=[{{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f00000008c0)="3bcbdb0fcfa026557d2ea2b0fa34b7b3ddf4e60fe678186210e935989ea66d7c81fcd371943f18f118107da91cf43c5479ca82428e90b96b3635a98e39939ef5109511d949224164c044f18fb4d64db5c0404f01b99fba50263ee03e82a28fcd751660b0cab68a62a8b6eac29946c988fc747092d35e935ad8442feece96b4ee481cf95a8feb6ec3d6e5cff03f59eb97136d7cb400c1d0ed4ed9b83090abb113aa4e926069", 0xa5}, {&(0x7f0000000980)="742f311a83a225186454bcfd09e48b60d703de616d0e6f11523b39811b58bc14", 0x20}], 0x2}}, {{0x0, 0x0, &(0x7f0000004080)=[{&(0x7f0000000f00)="52348bf9812fc081678b5760a4c4967393fd8939aaf12a894c5424df616c4eea14fbac2dad114a75c405d89fafa5715b56abba4bbceca456d8225e3f6eb57a03287e74c7bd74e40e3fda3150f92d181e7c82cb2f8ea0416fc4c0f111161cdb9a52911925644e25f871d02f403c83214f830f93b30b874e75cab53f1ed7871f21c0d654a47fab0637868517d7e8d9915e99b4dc2dcafdcb2ef2a012ec95418a544c32181fb969e01318e00a12fd1b2a0eb57bcf7de086e320f2d4be4e1453010be849e4d7dba41558329699aacd3d1c7d97b9bf74caf8b7946647309d209558b1965ef7ea4576ec0e289b73c2089310271d0a67d88a312f4cb0194c4f28ec3c2fe269311d0cec1fe0efef17d376d183b08e392b6cb58e930e1f959dd4528ec95350fc86e5297e6d59af036b132df17833881238ba8692842a8da4d5b4a37c94915331143d9128a197495433c2f550b4455a9ae03b937305e192e861ca3a60f9b3a14288e3daeb6936593485388a4aaab39b3843ee2960d9c8728eafb904333e7b78a270480e8dd89bc4cf0b791013cff43bf314e11a44d5f9c4fdad8a2fcdb04f76de29a50a0428148f4bc3eff1e84d25ea95dabddfba6162860a3c3389ee366450b6bcf1409f920caf1be5702af0402e2cef4896d9544a26ebfab694d7a47eca55bd2f62e7d7eb1f6061f7e441df5ab31344f02179764822036ef706133ea1a6380e042f074b2b0ddcc578cb8a668a846b9d5792f8d434f8ec7b562594587c49e8e6b3450e545fc070644bd06a36106cdb63f9e8ad7ae50b5b44e47f377961f5e29392330fb40d63c911ffd13e094f0452cc5c77b0731b56211b2d8a7554f6077ae593626a54f56d6dea49058fd1d48db02a7b33d50474b58a7e14e6a4d935bfaf4865f00074d59ece4b2d5f5e768e952733ee2c34b3e4b0be230f792f8b16f872afbbd155fe5314d4f54ea7b747eb2cd2410db7464c73ecd4815cda0bcc839fb603bb3f0c04b2d233b54a78b7aa3db974e469c8788e155cc2ef39bcf8491101058093c842df8cd0ac03d29e6d6902187f31eaf960b306debf734d8d26cc34a7e62c64a98b5a8a61020d81f5213d4d5722088be5b5ea6b1ee19b148d1f8b7172cd507533360d2d668e85252463b1d61302a75a7e3dc5e8c607a1026c66c2e8a6cbd34e3e5e99890da6cf07ed1247a07f004a6b1d643e00be7c156127bd7b39326e84ea6963d0530a4538eea35cf8048440a65148f1fe6314020bbe9c9358242589360fa5b1425d24b9f59141d81c0dbdd2e802eb82849e6342a4ffd0dcf307e2c73c707f54d54a2d04f2e504cae3d1719253ea4f455ae0e5fd35c08808b1fb8c6f5a25e7a3b082cd2159b9e624b67f1ed7faf2e5a0e6cd2560e26e4eabf626b65ce42c7855512ad92bcd6849d0c73e4cf41962ae0d17d850cd598e016b1db978f7a8d7f5fd88c7952982633e7673f11f3dc1ea4363ecbd106b3f410be357a29d0ddff9cb8448f71b39c60c3e7d5fba9e6115e64e88813418614419fcc8e27c2bd13109425528e44927ff85444cc076fbebbbf5c8b5a7bb8c7c9dd61a2bb4eed88d057a7268904cdd84f5e1eb8e4800a4d0c516e33e97c83f859c5e83fcd841ec6af3eb609c50bfd4794edb29d3a4c50088821ebd1f964eb9689e75c8ba3912ef50641b12a090e8687542763ed9", 0x4ad}], 0x1}}], 0x2, 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 22.792315ms ago: executing program 0 (id=3133): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000090000000500000007"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000004c0), &(0x7f00000004c0), 0x3f, r0}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000280)={r0, &(0x7f00000005c0), &(0x7f0000000200)=""/35}, 0x20) 0s ago: executing program 6 (id=3134): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00', 0x800, 0x0, 0x103, 0x1}, 0x20) sendmsg$inet6(r0, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0x0, @dev}, 0x1c, 0x0, 0x0, &(0x7f0000000200)=[@hopopts_2292={{0x60, 0x29, 0xb, {0x0, 0x8, '\x00', [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @hao={0xc9, 0x10, @mcast2}, @calipso={0x7, 0x20, {0x3, 0x6, 0x0, 0x0, [0x0, 0x0, 0x0]}}]}}}], 0x60}, 0x20004018) kernel console output (not intermixed with test programs): bridge_slave_1: left allmulticast mode [ 356.443756][ T6614] bridge_slave_1: left promiscuous mode [ 356.451180][ T6614] bridge0: port 2(bridge_slave_1) entered disabled state [ 356.462433][ T6614] bridge_slave_0: left allmulticast mode [ 356.468923][ T6614] bridge_slave_0: left promiscuous mode [ 356.474934][ T6614] bridge0: port 1(bridge_slave_0) entered disabled state [ 356.839890][ T6614] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 356.852342][ T6614] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 356.870380][ T6614] bond0 (unregistering): Released all slaves [ 357.174007][ T5858] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 357.184024][ T5858] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 357.195997][ T5858] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 357.205374][ T5858] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 357.213947][ T5858] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 357.253902][ T6614] hsr_slave_0: left promiscuous mode [ 357.262001][ T6614] hsr_slave_1: left promiscuous mode [ 357.270061][ T6614] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 357.280615][ T6614] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 357.289162][ T6614] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 357.298282][ T6614] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 357.322528][ T6614] veth1_macvtap: left promiscuous mode [ 357.328723][ T6614] veth0_macvtap: left promiscuous mode [ 357.334357][ T6614] veth1_vlan: left promiscuous mode [ 357.340111][ T6614] veth0_vlan: left promiscuous mode [ 357.577643][ T5858] Bluetooth: hci0: command tx timeout [ 357.793366][ T6614] team0 (unregistering): Port device team_slave_1 removed [ 357.836808][ T6614] team0 (unregistering): Port device team_slave_0 removed [ 358.268317][T12987] lo speed is unknown, defaulting to 1000 [ 358.533798][T12978] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 358.557722][T12978] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 358.571670][T12978] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 358.589386][T12978] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 358.600311][T12987] chnl_net:caif_netlink_parms(): no params data found [ 358.719452][T12987] bridge0: port 1(bridge_slave_0) entered blocking state [ 358.727542][T12987] bridge0: port 1(bridge_slave_0) entered disabled state [ 358.735450][T12987] bridge_slave_0: entered allmulticast mode [ 358.742672][T12987] bridge_slave_0: entered promiscuous mode [ 358.782016][ T6614] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.802405][T12987] bridge0: port 2(bridge_slave_1) entered blocking state [ 358.809849][T12987] bridge0: port 2(bridge_slave_1) entered disabled state [ 358.817544][T12987] bridge_slave_1: entered allmulticast mode [ 358.825024][T12987] bridge_slave_1: entered promiscuous mode [ 358.866363][ T6614] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.903503][T12987] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 358.916998][T12987] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 358.948208][ T6614] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.020690][T12987] team0: Port device team_slave_0 added [ 359.043149][ T6614] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.068085][T12987] team0: Port device team_slave_1 added [ 359.133907][T12978] 8021q: adding VLAN 0 to HW filter on device bond0 [ 359.144698][T12987] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 359.151687][T12987] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 359.178160][T12987] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 359.191992][T12987] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 359.200497][T12987] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 359.232864][T12987] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 359.255747][ T5859] Bluetooth: hci4: command tx timeout [ 359.335770][T12987] hsr_slave_0: entered promiscuous mode [ 359.342505][T12987] hsr_slave_1: entered promiscuous mode [ 359.351590][T12987] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 359.359831][T12987] Cannot create hsr debugfs directory [ 359.368243][T12978] 8021q: adding VLAN 0 to HW filter on device team0 [ 359.459634][T11037] bridge0: port 1(bridge_slave_0) entered blocking state [ 359.466843][T11037] bridge0: port 1(bridge_slave_0) entered forwarding state [ 359.475894][ T6614] bridge_slave_1: left allmulticast mode [ 359.481570][ T6614] bridge_slave_1: left promiscuous mode [ 359.487435][ T6614] bridge0: port 2(bridge_slave_1) entered disabled state [ 359.497461][ T6614] bridge_slave_0: left allmulticast mode [ 359.503116][ T6614] bridge_slave_0: left promiscuous mode [ 359.509982][ T6614] bridge0: port 1(bridge_slave_0) entered disabled state [ 359.665221][ T5859] Bluetooth: hci0: command tx timeout [ 359.862877][ T6614] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 359.874386][ T6614] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 359.886227][ T6614] bond0 (unregistering): Released all slaves [ 359.916824][T11033] bridge0: port 2(bridge_slave_1) entered blocking state [ 359.924028][T11033] bridge0: port 2(bridge_slave_1) entered forwarding state [ 360.172534][T13011] netlink: 84 bytes leftover after parsing attributes in process `syz.2.2216'. [ 360.292410][T13014] netlink: 'syz.4.2217': attribute type 6 has an invalid length. [ 360.408786][ T6614] hsr_slave_0: left promiscuous mode [ 360.426744][ T6614] hsr_slave_1: left promiscuous mode [ 360.432923][ T6614] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 360.449311][ T6614] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 360.458083][ T6614] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 360.465612][ T6614] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 360.491351][T13018] IPVS: Scheduler module ip_vs_sip not found [ 360.519487][ T6614] veth1_macvtap: left promiscuous mode [ 360.529293][ T6614] veth0_macvtap: left promiscuous mode [ 360.538752][ T6614] veth1_vlan: left promiscuous mode [ 360.544064][ T6614] veth0_vlan: left promiscuous mode [ 360.564819][T13022] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2219'. [ 361.059486][ T6614] team0 (unregistering): Port device team_slave_1 removed [ 361.104037][ T6614] team0 (unregistering): Port device team_slave_0 removed [ 361.334915][ T5859] Bluetooth: hci4: command tx timeout [ 361.735163][ T5859] Bluetooth: hci0: command tx timeout [ 362.160899][T12978] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 362.207200][T12987] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 362.239318][T12987] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 362.269200][T12987] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 362.303699][T12987] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 362.361320][T12978] veth0_vlan: entered promiscuous mode [ 362.429466][T12978] veth1_vlan: entered promiscuous mode [ 362.474649][T13056] netlink: 'syz.4.2229': attribute type 1 has an invalid length. [ 362.591239][T13056] 8021q: adding VLAN 0 to HW filter on device bond16 [ 362.602059][T13056] bond15: (slave bond16): making interface the new active one [ 362.621050][T13056] bond15: (slave bond16): Enslaving as an active interface with an up link [ 362.623584][T13063] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2231'. [ 362.638886][T13064] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2229'. [ 362.657909][T12978] veth0_macvtap: entered promiscuous mode [ 362.672968][T12978] veth1_macvtap: entered promiscuous mode [ 362.689268][T13063] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2231'. [ 362.745714][T13064] 8021q: adding VLAN 0 to HW filter on device bond15 [ 362.804148][T12978] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 362.859723][T12978] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 362.930119][T12987] 8021q: adding VLAN 0 to HW filter on device bond0 [ 362.944090][T11037] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.953492][T11037] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.963384][ T6614] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 363.008718][T11036] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 363.024088][T13076] netlink: 92 bytes leftover after parsing attributes in process `syz.4.2234'. [ 363.087745][T13076] gretap3: entered promiscuous mode [ 363.093021][T13076] gretap3: entered allmulticast mode [ 363.104127][T13079] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2236'. [ 363.125670][T13076] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2234'. [ 363.128296][T13079] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2236'. [ 363.172094][T12987] 8021q: adding VLAN 0 to HW filter on device team0 [ 363.201783][T11037] bridge0: port 1(bridge_slave_0) entered blocking state [ 363.209055][T11037] bridge0: port 1(bridge_slave_0) entered forwarding state [ 363.230217][T11037] bridge0: port 2(bridge_slave_1) entered blocking state [ 363.237484][T11037] bridge0: port 2(bridge_slave_1) entered forwarding state [ 363.417824][ T5859] Bluetooth: hci4: command tx timeout [ 363.653171][T12987] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 363.816153][ T5859] Bluetooth: hci0: command tx timeout [ 363.824628][T11036] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 363.834563][T12987] veth0_vlan: entered promiscuous mode [ 363.840403][T11036] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 363.856777][T12987] veth1_vlan: entered promiscuous mode [ 363.982007][T11038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 364.005252][T11038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 364.037236][T12987] veth0_macvtap: entered promiscuous mode [ 364.067595][T12987] veth1_macvtap: entered promiscuous mode [ 364.114253][T12987] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 364.132169][T13098] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2241'. [ 364.173274][T12987] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 364.251575][ T6614] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.269629][ T6614] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.331498][ T6614] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.346906][ T6614] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.363852][T13105] veth0_to_bridge: entered promiscuous mode [ 364.388381][T13104] veth0_to_bridge: left promiscuous mode [ 364.505581][ T6614] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 364.524931][ T6614] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 364.677727][T11038] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.723871][T11037] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 364.733888][T11037] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 364.812341][T11038] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.909832][T11038] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.023361][T11038] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.147869][T11038] bridge_slave_1: left allmulticast mode [ 365.153542][T11038] bridge_slave_1: left promiscuous mode [ 365.162057][T11038] bridge0: port 2(bridge_slave_1) entered disabled state [ 365.173098][T11038] bridge_slave_0: left allmulticast mode [ 365.180696][T11038] bridge_slave_0: left promiscuous mode [ 365.186666][T11038] bridge0: port 1(bridge_slave_0) entered disabled state [ 365.534159][T11038] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 365.551824][T11038] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 365.562101][T11038] bond0 (unregistering): Released all slaves [ 365.904677][T11038] hsr_slave_0: left promiscuous mode [ 365.920493][T11038] hsr_slave_1: left promiscuous mode [ 365.935663][T11038] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 365.943103][T11038] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 365.965633][T11038] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 365.990198][T11038] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 366.079150][T11038] veth1_macvtap: left promiscuous mode [ 366.094977][T11038] veth0_macvtap: left promiscuous mode [ 366.102321][T11038] veth1_vlan: left promiscuous mode [ 366.114982][T11038] veth0_vlan: left promiscuous mode [ 366.305645][ T5858] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 366.315091][ T5858] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 366.323474][ T5858] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 366.332971][ T5858] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 366.343463][ T5858] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 366.691143][T11038] team0 (unregistering): Port device team_slave_1 removed [ 366.736665][T11038] team0 (unregistering): Port device team_slave_0 removed [ 367.181700][T13112] lo speed is unknown, defaulting to 1000 [ 367.414053][T13112] chnl_net:caif_netlink_parms(): no params data found [ 367.510988][T13112] bridge0: port 1(bridge_slave_0) entered blocking state [ 367.518590][T13112] bridge0: port 1(bridge_slave_0) entered disabled state [ 367.526597][T13112] bridge_slave_0: entered allmulticast mode [ 367.534980][T13112] bridge_slave_0: entered promiscuous mode [ 367.543481][T13112] bridge0: port 2(bridge_slave_1) entered blocking state [ 367.551327][T13112] bridge0: port 2(bridge_slave_1) entered disabled state [ 367.559802][T13112] bridge_slave_1: entered allmulticast mode [ 367.568033][T13112] bridge_slave_1: entered promiscuous mode [ 367.598755][T11038] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.646233][T13112] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 367.662724][T13112] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 367.700354][T11038] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.733706][T13112] team0: Port device team_slave_0 added [ 367.742645][T13112] team0: Port device team_slave_1 added [ 367.791388][T11038] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.905915][T13112] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 367.912907][T13112] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 367.979313][T13112] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 368.073030][T11038] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.111159][T13112] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 368.122328][T13112] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 368.152003][T13112] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 368.214389][T13135] lo speed is unknown, defaulting to 1000 [ 368.272474][T13134] lo speed is unknown, defaulting to 1000 [ 368.376594][ T5859] Bluetooth: hci0: command tx timeout [ 368.550797][T13141] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2252'. [ 368.582551][T13135] openvswitch: netlink: Tunnel attr 226 out of range max 16 [ 368.594729][T13141] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2252'. [ 368.708791][T13112] hsr_slave_0: entered promiscuous mode [ 368.722916][T13112] hsr_slave_1: entered promiscuous mode [ 368.743200][T13112] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 368.753313][T13112] Cannot create hsr debugfs directory [ 368.766496][ T5858] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 368.782599][ T5858] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 368.791292][ T5858] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 368.807593][ T5858] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 368.816211][ T5858] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 369.071541][T11038] bridge_slave_1: left allmulticast mode [ 369.087367][T11038] bridge_slave_1: left promiscuous mode [ 369.113613][T11038] bridge0: port 2(bridge_slave_1) entered disabled state [ 369.127808][T11038] bridge_slave_0: left allmulticast mode [ 369.152646][T11038] bridge_slave_0: left promiscuous mode [ 369.164914][T11038] bridge0: port 1(bridge_slave_0) entered disabled state [ 369.767450][T11038] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 369.778674][T11038] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 369.789605][T11038] bond0 (unregistering): Released all slaves [ 369.811161][T13145] lo speed is unknown, defaulting to 1000 [ 369.833377][T13151] 8021q: adding VLAN 0 to HW filter on device macvlan7 [ 370.096798][T13156] netlink: 'syz.0.2255': attribute type 9 has an invalid length. [ 370.296232][T13159] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 370.303491][T13159] IPv6: NLM_F_CREATE should be set when creating new route [ 370.357939][T11038] hsr_slave_0: left promiscuous mode [ 370.373951][T11038] hsr_slave_1: left promiscuous mode [ 370.386064][T11038] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 370.393507][T11038] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 370.404335][T11038] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 370.412445][T11038] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 370.436293][T11038] veth1_macvtap: left promiscuous mode [ 370.441903][T11038] veth0_macvtap: left promiscuous mode [ 370.447780][T11038] veth1_vlan: left promiscuous mode [ 370.453080][T11038] veth0_vlan: left promiscuous mode [ 370.455501][ T5858] Bluetooth: hci0: command tx timeout [ 370.857550][ T5858] Bluetooth: hci4: command tx timeout [ 370.917302][T11038] team0 (unregistering): Port device team_slave_1 removed [ 370.960420][T11038] team0 (unregistering): Port device team_slave_0 removed [ 371.484018][T13167] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2259'. [ 371.559438][T13172] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2260'. [ 371.826220][T13181] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2263'. [ 371.867230][T13145] chnl_net:caif_netlink_parms(): no params data found [ 371.949080][T13183] netlink: 248 bytes leftover after parsing attributes in process `syz.0.2264'. [ 371.952263][T13185] netlink: 'syz.4.2265': attribute type 6 has an invalid length. [ 372.232675][T13190] lo speed is unknown, defaulting to 1000 [ 372.272108][T13145] bridge0: port 1(bridge_slave_0) entered blocking state [ 372.286752][T13145] bridge0: port 1(bridge_slave_0) entered disabled state [ 372.294055][T13145] bridge_slave_0: entered allmulticast mode [ 372.303009][T13145] bridge_slave_0: entered promiscuous mode [ 372.362070][T13145] bridge0: port 2(bridge_slave_1) entered blocking state [ 372.376510][T13145] bridge0: port 2(bridge_slave_1) entered disabled state [ 372.397904][T13145] bridge_slave_1: entered allmulticast mode [ 372.416443][T13145] bridge_slave_1: entered promiscuous mode [ 372.472325][T13197] lo speed is unknown, defaulting to 1000 [ 372.535138][ T5858] Bluetooth: hci0: command tx timeout [ 372.691267][T13145] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 372.781578][T13145] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 372.893495][T13207] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2272'. [ 372.933877][T13145] team0: Port device team_slave_0 added [ 372.940781][ T5858] Bluetooth: hci4: command tx timeout [ 372.991758][T13145] team0: Port device team_slave_1 added [ 373.132235][T13112] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 373.179484][T13145] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 373.209946][T13145] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 373.249195][T13145] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 373.324173][T13112] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 373.371036][T13212] ip6tnl3: entered promiscuous mode [ 373.379500][T13212] ip6tnl3: entered allmulticast mode [ 373.388042][T13212] team0: Device ip6tnl3 is up. Set it down before adding it as a team port [ 373.417781][T13145] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 373.425172][T13145] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 373.451308][T13145] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 373.484910][T13112] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 373.507740][T13112] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 373.568786][T13219] netlink: 'syz.4.2275': attribute type 2 has an invalid length. [ 373.579643][T13219] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2275'. [ 373.653607][T13221] netlink: 'syz.4.2275': attribute type 12 has an invalid length. [ 373.675142][T13221] netlink: 9472 bytes leftover after parsing attributes in process `syz.4.2275'. [ 373.770540][T13145] hsr_slave_0: entered promiscuous mode [ 373.795266][T13145] hsr_slave_1: entered promiscuous mode [ 373.805680][T13145] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 373.823504][T13145] Cannot create hsr debugfs directory [ 374.013772][T13231] netlink: 'syz.2.2278': attribute type 10 has an invalid length. [ 374.282569][T13240] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2281'. [ 374.369918][T11037] netdevsim netdevsim4 netdevsim0: set [1, 2] type 2 family 0 port 20000 - 0 [ 374.433461][T13244] : entered promiscuous mode [ 374.443800][T13246] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2283'. [ 374.473778][T11037] netdevsim netdevsim4 netdevsim1: set [1, 2] type 2 family 0 port 20000 - 0 [ 374.515491][T11037] netdevsim netdevsim4 netdevsim2: set [1, 2] type 2 family 0 port 20000 - 0 [ 374.595445][T11037] netdevsim netdevsim4 netdevsim3: set [1, 2] type 2 family 0 port 20000 - 0 [ 374.615158][ T5858] Bluetooth: hci0: command tx timeout [ 374.666514][T13112] 8021q: adding VLAN 0 to HW filter on device bond0 [ 374.715136][ T5929] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 374.771564][T13252] A link change request failed with some changes committed already. Interface bond9 may have been left with an inconsistent configuration, please check. [ 374.827988][T13112] 8021q: adding VLAN 0 to HW filter on device team0 [ 374.882593][T13259] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2289'. [ 374.902943][ T6614] bridge0: port 1(bridge_slave_0) entered blocking state [ 374.910153][ T6614] bridge0: port 1(bridge_slave_0) entered forwarding state [ 375.015293][ T5858] Bluetooth: hci4: command tx timeout [ 375.131790][T11032] bridge0: port 2(bridge_slave_1) entered blocking state [ 375.139028][T11032] bridge0: port 2(bridge_slave_1) entered forwarding state [ 375.323054][T13145] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 375.379971][T13145] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 375.398886][T13145] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 375.426525][T13145] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 375.586303][ T43] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 375.783887][T13145] 8021q: adding VLAN 0 to HW filter on device bond0 [ 375.866069][T13145] 8021q: adding VLAN 0 to HW filter on device team0 [ 375.909853][T11038] bridge0: port 1(bridge_slave_0) entered blocking state [ 375.917093][T11038] bridge0: port 1(bridge_slave_0) entered forwarding state [ 375.977746][T11033] bridge0: port 2(bridge_slave_1) entered blocking state [ 375.984975][T11033] bridge0: port 2(bridge_slave_1) entered forwarding state [ 376.211888][T13320] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT [ 376.265751][T13112] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 376.402663][T13327] netlink: 100 bytes leftover after parsing attributes in process `syz.2.2303'. [ 376.428944][T13328] netlink: 'syz.0.2304': attribute type 4 has an invalid length. [ 376.488570][T13112] veth0_vlan: entered promiscuous mode [ 376.562462][T13112] veth1_vlan: entered promiscuous mode [ 376.653038][T13112] veth0_macvtap: entered promiscuous mode [ 376.683404][T13112] veth1_macvtap: entered promiscuous mode [ 376.703097][T13338] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2305'. [ 376.752211][T13340] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2307'. [ 376.770611][T13112] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 376.792158][T13145] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 376.804254][T13112] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 376.823035][T13340] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2307'. [ 376.833268][T13340] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2307'. [ 376.834371][T11032] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.858146][ T6614] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.888766][ T6614] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.914341][ T6614] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.016115][T11032] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 377.032066][T11032] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 377.095179][ T5858] Bluetooth: hci4: command tx timeout [ 377.193573][T13145] veth0_vlan: entered promiscuous mode [ 377.210216][T11036] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 377.241733][T11036] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 377.260036][T13145] veth1_vlan: entered promiscuous mode [ 377.322092][T13145] veth0_macvtap: entered promiscuous mode [ 377.463080][T13145] veth1_macvtap: entered promiscuous mode [ 377.540774][T13145] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 377.599484][T13145] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 377.642030][T11037] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.675471][T11032] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.703150][T13363] netlink: 'syz.2.2316': attribute type 1 has an invalid length. [ 377.861202][ T6614] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.929112][T11037] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.952454][T11037] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.029551][T13369] 8021q: adding VLAN 0 to HW filter on device bond12 [ 378.039963][T13369] bond0: (slave bond12): making interface the new active one [ 378.048529][T13369] bond0: (slave bond12): Enslaving as an active interface with an up link [ 378.081998][T13374] 8021q: adding VLAN 0 to HW filter on device bond0 [ 378.126975][ T6614] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 378.206116][ T6614] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 378.239409][T11032] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 378.254799][T11032] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 378.291056][T11036] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 378.299817][T11036] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 378.413730][ T6614] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 378.696012][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 378.724317][ T6614] bridge_slave_1: left allmulticast mode [ 378.730673][ T6614] bridge_slave_1: left promiscuous mode [ 378.736770][ T6614] bridge0: port 2(bridge_slave_1) entered disabled state [ 378.747191][ T6614] bridge_slave_0: left allmulticast mode [ 378.752848][ T6614] bridge_slave_0: left promiscuous mode [ 378.758653][ T6614] bridge0: port 1(bridge_slave_0) entered disabled state [ 379.373204][ T6614] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 379.385581][ T6614] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 379.396183][ T6614] bond0 (unregistering): Released all slaves [ 379.536959][ T5859] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 379.550523][ T5859] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 379.560479][ T5859] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 379.571747][ T5859] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 379.580648][ T5859] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 379.623314][T13385] lo speed is unknown, defaulting to 1000 [ 379.747478][ T6614] hsr_slave_0: left promiscuous mode [ 379.753506][ T6614] hsr_slave_1: left promiscuous mode [ 379.761234][ T6614] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 379.769733][ T6614] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 379.777815][ T6614] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 379.785642][ T6614] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 379.808794][ T6614] veth1_macvtap: left promiscuous mode [ 379.814345][ T6614] veth0_macvtap: left promiscuous mode [ 379.820247][ T6614] veth1_vlan: left promiscuous mode [ 379.825983][ T6614] veth0_vlan: left promiscuous mode [ 380.299290][ T6614] team0 (unregistering): Port device team_slave_1 removed [ 380.348858][ T6614] team0 (unregistering): Port device team_slave_0 removed [ 380.941419][T13385] chnl_net:caif_netlink_parms(): no params data found [ 381.382607][T13385] bridge0: port 1(bridge_slave_0) entered blocking state [ 381.416034][T13385] bridge0: port 1(bridge_slave_0) entered disabled state [ 381.441191][T13385] bridge_slave_0: entered allmulticast mode [ 381.447969][T13417] __nla_validate_parse: 1 callbacks suppressed [ 381.447988][T13417] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2327'. [ 381.494191][T13385] bridge_slave_0: entered promiscuous mode [ 381.545166][T13385] bridge0: port 2(bridge_slave_1) entered blocking state [ 381.555084][T13385] bridge0: port 2(bridge_slave_1) entered disabled state [ 381.573288][T13385] bridge_slave_1: entered allmulticast mode [ 381.592786][T13385] bridge_slave_1: entered promiscuous mode [ 381.610365][ T5859] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 381.623422][ T5859] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 381.634864][ T5859] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 381.646326][ T5859] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 381.656256][ T5859] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 381.665368][ T5859] Bluetooth: hci0: command tx timeout [ 381.703478][T13417] 8021q: adding VLAN 0 to HW filter on device bond0 [ 381.801781][T13385] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 381.836348][T13385] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 381.914792][T13436] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2331'. [ 382.029140][T13436] xfrm1: entered promiscuous mode [ 382.034247][T13436] xfrm1: entered allmulticast mode [ 382.100061][ T6614] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.101925][T13436] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2331'. [ 382.147597][T13444] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2334'. [ 382.148367][T13385] team0: Port device team_slave_0 added [ 382.170442][T13424] lo speed is unknown, defaulting to 1000 [ 382.173148][T13385] team0: Port device team_slave_1 added [ 382.281107][T13450] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2335'. [ 382.333098][ T6614] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.372352][T13385] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 382.394550][T13385] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 382.411594][T13453] netlink: 'syz.2.2336': attribute type 4 has an invalid length. [ 382.437885][T13385] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 382.451374][T13385] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 382.458902][T13385] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 382.487177][T13385] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 382.629025][ T6614] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.744176][ T6614] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 383.296968][ T6614] bridge_slave_1: left allmulticast mode [ 383.302835][ T6614] bridge_slave_1: left promiscuous mode [ 383.344954][ T6614] bridge0: port 2(bridge_slave_1) entered disabled state [ 383.383591][ T6614] bridge_slave_0: left allmulticast mode [ 383.395009][ T6614] bridge_slave_0: left promiscuous mode [ 383.400854][ T6614] bridge0: port 1(bridge_slave_0) entered disabled state [ 383.600502][T13470] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2342'. [ 384.258855][ T5858] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 384.268140][ T5858] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 384.276377][ T5858] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 384.298477][ T5858] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 384.306515][ T5858] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 384.435001][ T5858] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 384.461037][ T5858] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 384.470684][ T5858] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 384.471113][ T5855] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 384.495324][ T5855] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 384.502689][ T5858] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 384.503637][ T5855] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 384.519049][ T5858] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 384.519643][ T5855] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 384.550398][ T5855] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 384.588348][ T6614] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 384.600493][ T6614] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 384.611105][ T6614] bond0 (unregistering): Released all slaves [ 384.768250][T13484] lo speed is unknown, defaulting to 1000 [ 384.867843][T13480] lo speed is unknown, defaulting to 1000 [ 384.911840][T13482] lo speed is unknown, defaulting to 1000 [ 385.189778][ T6614] hsr_slave_0: left promiscuous mode [ 385.219130][ T6614] hsr_slave_1: left promiscuous mode [ 385.225631][ T6614] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 385.233523][ T6614] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 385.250028][ T6614] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 385.258574][ T6614] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 385.300674][ T6614] veth1_macvtap: left promiscuous mode [ 385.311647][ T6614] veth0_macvtap: left promiscuous mode [ 385.318246][ T6614] veth1_vlan: left promiscuous mode [ 385.323634][ T6614] veth0_vlan: left promiscuous mode [ 386.309640][ T6614] team0 (unregistering): Port device team_slave_1 removed [ 386.375714][ T51] Bluetooth: hci0: command tx timeout [ 386.383518][ T6614] team0 (unregistering): Port device team_slave_0 removed [ 386.619151][ T51] Bluetooth: hci4: command tx timeout [ 386.626036][ T5855] Bluetooth: hci3: command tx timeout [ 387.023680][T13508] netlink: 'syz.4.2355': attribute type 1 has an invalid length. [ 387.040186][T13508] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2355'. [ 387.094469][T13508] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2355'. [ 387.409678][T13480] chnl_net:caif_netlink_parms(): no params data found [ 387.442054][T13484] chnl_net:caif_netlink_parms(): no params data found [ 387.469929][T13518] macvtap2: entered allmulticast mode [ 387.568983][T13523] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2359'. [ 387.590838][T13522] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.2358'. [ 387.603600][T13522] netlink: zone id is out of range [ 387.608974][T13522] netlink: get zone limit has 8 unknown bytes [ 387.689060][T13482] chnl_net:caif_netlink_parms(): no params data found [ 387.892905][T13480] bridge0: port 1(bridge_slave_0) entered blocking state [ 387.901289][T13480] bridge0: port 1(bridge_slave_0) entered disabled state [ 387.908760][T13480] bridge_slave_0: entered allmulticast mode [ 387.916680][T13480] bridge_slave_0: entered promiscuous mode [ 387.946814][T13484] bridge0: port 1(bridge_slave_0) entered blocking state [ 387.954048][T13484] bridge0: port 1(bridge_slave_0) entered disabled state [ 387.961968][T13484] bridge_slave_0: entered allmulticast mode [ 387.970148][T13484] bridge_slave_0: entered promiscuous mode [ 387.983740][ T6614] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.011740][T13539] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2362'. [ 388.023157][T13539] netlink: 19 bytes leftover after parsing attributes in process `syz.4.2362'. [ 388.032360][T13539] netlink: 19 bytes leftover after parsing attributes in process `syz.4.2362'. [ 388.063580][T13480] bridge0: port 2(bridge_slave_1) entered blocking state [ 388.075382][T13480] bridge0: port 2(bridge_slave_1) entered disabled state [ 388.082768][T13480] bridge_slave_1: entered allmulticast mode [ 388.099185][T13480] bridge_slave_1: entered promiscuous mode [ 388.148540][T13484] bridge0: port 2(bridge_slave_1) entered blocking state [ 388.156093][T13484] bridge0: port 2(bridge_slave_1) entered disabled state [ 388.163484][T13484] bridge_slave_1: entered allmulticast mode [ 388.171869][T13484] bridge_slave_1: entered promiscuous mode [ 388.222664][T13484] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 388.257963][T13480] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 388.282948][ T6614] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.373727][T13484] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 388.400979][T13480] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 388.454100][ T6614] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.455750][ T5855] Bluetooth: hci0: command tx timeout [ 388.609325][T13484] team0: Port device team_slave_0 added [ 388.627313][T13558] netlink: 'syz.4.2365': attribute type 33 has an invalid length. [ 388.635690][T13558] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2365'. [ 388.660321][T13482] bridge0: port 1(bridge_slave_0) entered blocking state [ 388.670083][T13482] bridge0: port 1(bridge_slave_0) entered disabled state [ 388.677672][T13482] bridge_slave_0: entered allmulticast mode [ 388.685540][T13482] bridge_slave_0: entered promiscuous mode [ 388.695087][ T5855] Bluetooth: hci3: command tx timeout [ 388.695404][ T51] Bluetooth: hci4: command tx timeout [ 388.707601][ T6614] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.726517][T13484] team0: Port device team_slave_1 added [ 388.749548][T13558] bond0: option broadcast_neighbor: mode dependency failed, not supported in mode active-backup(1) [ 388.776621][T13480] team0: Port device team_slave_0 added [ 388.782975][T13482] bridge0: port 2(bridge_slave_1) entered blocking state [ 388.796552][T13482] bridge0: port 2(bridge_slave_1) entered disabled state [ 388.803942][T13482] bridge_slave_1: entered allmulticast mode [ 388.817670][T13482] bridge_slave_1: entered promiscuous mode [ 388.898652][T13480] team0: Port device team_slave_1 added [ 388.945301][T13484] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 388.952295][T13484] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 388.980085][T13484] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 388.997442][T13484] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 389.004666][T13484] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 389.030812][T13484] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 389.050458][T13566] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2366'. [ 389.063738][T13480] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 389.070884][T13480] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 389.102822][T13480] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 389.125843][T13482] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 389.179688][T13569] netlink: 'syz.4.2367': attribute type 16 has an invalid length. [ 389.188088][T13569] netlink: 'syz.4.2367': attribute type 17 has an invalid length. [ 389.262876][T13569] 8021q: adding VLAN 0 to HW filter on device  [ 389.272306][T13569] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 389.290598][ T5936] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 389.299902][T13480] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 389.307421][T13480] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 389.334063][T13480] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 389.349747][T13482] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 389.359845][ T5936] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 389.388576][T13571] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2368'. [ 389.522899][T13482] team0: Port device team_slave_0 added [ 389.582896][T13482] team0: Port device team_slave_1 added [ 389.611281][T13484] hsr_slave_0: entered promiscuous mode [ 389.618425][T13484] hsr_slave_1: entered promiscuous mode [ 389.625683][T13484] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 389.633308][T13484] Cannot create hsr debugfs directory [ 389.648665][T13480] hsr_slave_0: entered promiscuous mode [ 389.655980][T13480] hsr_slave_1: entered promiscuous mode [ 389.662305][T13480] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 389.670319][T13480] Cannot create hsr debugfs directory [ 389.845418][T13482] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 389.853792][T13482] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 389.889281][T13482] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 389.910709][T13482] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 389.935103][T13482] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 389.968710][T13482] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 389.989093][ T6614] dummy0: left allmulticast mode [ 389.994467][ T6614] bridge0: port 2(dummy0) entered disabled state [ 390.010981][ T6614] bridge_slave_0: left allmulticast mode [ 390.021306][ T6614] bridge_slave_0: left promiscuous mode [ 390.032150][ T6614] bridge0: port 1(bridge_slave_0) entered disabled state [ 390.062091][ T6614] bridge_slave_1: left allmulticast mode [ 390.070380][ T6614] bridge_slave_1: left promiscuous mode [ 390.084912][ T6614] bridge0: port 2(bridge_slave_1) entered disabled state [ 390.101481][ T6614] bridge_slave_0: left allmulticast mode [ 390.109629][ T6614] bridge_slave_0: left promiscuous mode [ 390.121041][ T6614] bridge0: port 1(bridge_slave_0) entered disabled state [ 390.529789][T13583] openvswitch: netlink: Tunnel attr 226 out of range max 16 [ 390.538189][ T51] Bluetooth: hci0: command tx timeout [ 390.686035][ T6614] bond1 (unregistering): (slave gretap1): Releasing backup interface [ 390.694345][ T6614] bond1 (unregistering): (slave gretap1): the permanent HWaddr of slave - b6:39:85:a4:1d:11 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 390.726540][ T6614] bond1 (unregistering): (slave bond2): making interface the new active one [ 390.775749][ T51] Bluetooth: hci4: command tx timeout [ 390.777873][ T5855] Bluetooth: hci3: command tx timeout [ 390.977759][ T6614] bond1 (unregistering): (slave bond2): Releasing backup interface [ 390.986802][ T6614] bond1 (unregistering): Released all slaves [ 391.097804][ T6614] bond2 (unregistering): Released all slaves [ 391.201342][ T6614] bond3 (unregistering): (slave bond4): Releasing backup interface [ 391.214632][ T6614] bond3 (unregistering): Released all slaves [ 391.320120][ T6614] bond4 (unregistering): Released all slaves [ 391.435947][ T6614] bond5 (unregistering): Released all slaves [ 391.547519][ T6614] bond6 (unregistering): (slave bond7): Releasing backup interface [ 391.556495][ T6614] bond6 (unregistering): Released all slaves [ 391.659776][ T6614] bond7 (unregistering): Released all slaves [ 391.768569][ T6614] bond8 (unregistering): (slave bond9): Releasing backup interface [ 391.777532][ T6614] bond8 (unregistering): Released all slaves [ 391.883403][ T6614] bond9 (unregistering): Released all slaves [ 391.997973][ T6614] bond10 (unregistering): (slave bond11): Releasing backup interface [ 392.010641][ T6614] bond10 (unregistering): Released all slaves [ 392.110237][ T6614] bond11 (unregistering): Released all slaves [ 392.213695][ T6614] bond0 (unregistering): (slave bond12): Releasing backup interface [ 392.223248][ T6614] bond0 (unregistering): Released all slaves [ 392.326583][ T6614] bond12 (unregistering): Released all slaves [ 392.432414][ T6614] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 392.443280][ T6614] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 392.453808][ T6614] bond0 (unregistering): Released all slaves [ 392.614625][ T5855] Bluetooth: hci0: command tx timeout [ 392.633440][T13588] __nla_validate_parse: 1 callbacks suppressed [ 392.633460][T13588] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2374'. [ 392.703892][ T6614] k›*·]‘: left promiscuous mode [ 392.789950][T13482] hsr_slave_0: entered promiscuous mode [ 392.804087][T13482] hsr_slave_1: entered promiscuous mode [ 392.810963][T13482] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 392.819323][T13482] Cannot create hsr debugfs directory [ 392.825378][T13581] lo speed is unknown, defaulting to 1000 [ 392.844960][ T6614] : left promiscuous mode [ 392.854836][ T5855] Bluetooth: hci4: command tx timeout [ 392.855336][ T51] Bluetooth: hci3: command tx timeout [ 392.967083][T13592] IPVS: Scheduler module ip_vs_sip not found [ 393.024408][ T6614] tipc: Left network mode [ 393.035338][T13594] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2376'. [ 393.593229][T13605] netlink: 'syz.0.2380': attribute type 33 has an invalid length. [ 393.603924][T13605] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2380'. [ 393.614297][T13605] bond0: option broadcast_neighbor: mode dependency failed, not supported in mode balance-rr(0) [ 393.682140][T13484] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 393.698410][T13607] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2381'. [ 393.712364][T13484] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 393.782399][T13484] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 393.855248][T13484] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 393.995772][ T6614] mac80211_hwsim hwsim4 wlan0 (unregistering): left allmulticast mode [ 394.157968][T13480] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 394.199454][T13480] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 394.271446][ T6614] hsr_slave_0: left promiscuous mode [ 394.296105][ T6614] hsr_slave_1: left promiscuous mode [ 394.302122][ T6614] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 394.334139][ T6614] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 394.353449][ T6614] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 394.364543][ T6614] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 394.379959][ T6614] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 394.395638][ T6614] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 394.447253][T13625] IPVS: Scheduler module ip_vs_sip not found [ 394.519223][ T6614] veth1_to_team: left allmulticast mode [ 394.525333][T13627] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2385'. [ 394.544734][ T6614] veth1_to_team: left promiscuous mode [ 394.550361][ T6614] veth1_macvtap: left promiscuous mode [ 394.561636][ T6614] veth0_macvtap: left promiscuous mode [ 394.569013][ T6614] veth1_vlan: left promiscuous mode [ 394.574425][ T6614] veth0_vlan: left promiscuous mode [ 395.350147][ T6614] team0 (unregistering): Port device team_slave_1 removed [ 395.391054][ T6614] team0 (unregistering): Port device team_slave_0 removed [ 395.737014][ T6614] team0 (unregistering): Port device team_slave_1 removed [ 395.769574][ T6614] team0 (unregistering): Port device team_slave_0 removed [ 395.918724][T13480] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 395.930468][T13480] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 396.211137][T13653] netlink: 'syz.4.2387': attribute type 1 has an invalid length. [ 396.220329][T13651] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 396.303529][T13653] 8021q: adding VLAN 0 to HW filter on device bond18 [ 396.316631][T13653] bond17: (slave bond18): making interface the new active one [ 396.325114][T13653] bond17: (slave bond18): Enslaving as an active interface with an up link [ 396.349666][T13484] 8021q: adding VLAN 0 to HW filter on device bond0 [ 396.422890][T13653] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2387'. [ 396.448487][T13482] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 396.517376][T13653] 8021q: adding VLAN 0 to HW filter on device bond17 [ 396.533312][T13482] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 396.569856][T13482] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 396.585799][T13666] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2388'. [ 396.656170][T13482] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 396.822985][T13484] 8021q: adding VLAN 0 to HW filter on device team0 [ 396.916010][T13679] veth0_to_bridge: entered promiscuous mode [ 396.947999][T13667] veth0_to_bridge: left promiscuous mode [ 397.012034][T13480] 8021q: adding VLAN 0 to HW filter on device bond0 [ 397.068300][T11032] bridge0: port 1(bridge_slave_0) entered blocking state [ 397.075538][T11032] bridge0: port 1(bridge_slave_0) entered forwarding state [ 397.122236][T11032] bridge0: port 2(bridge_slave_1) entered blocking state [ 397.129486][T11032] bridge0: port 2(bridge_slave_1) entered forwarding state [ 397.324381][T13480] 8021q: adding VLAN 0 to HW filter on device team0 [ 397.408029][T11036] bridge0: port 1(bridge_slave_0) entered blocking state [ 397.415299][T11036] bridge0: port 1(bridge_slave_0) entered forwarding state [ 397.441575][T11036] bridge0: port 2(bridge_slave_1) entered blocking state [ 397.448816][T11036] bridge0: port 2(bridge_slave_1) entered forwarding state [ 397.511551][T13484] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 397.531612][T13484] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 397.753782][T13702] bond0: entered promiscuous mode [ 397.762707][T13702] bond0: left promiscuous mode [ 397.858069][T13482] 8021q: adding VLAN 0 to HW filter on device bond0 [ 397.918628][T13482] 8021q: adding VLAN 0 to HW filter on device team0 [ 397.990558][T11038] bridge0: port 1(bridge_slave_0) entered blocking state [ 397.997755][T11038] bridge0: port 1(bridge_slave_0) entered forwarding state [ 398.049300][T13713] netlink: 'syz.4.2395': attribute type 9 has an invalid length. [ 398.086825][T13480] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 398.140655][T11038] bridge0: port 2(bridge_slave_1) entered blocking state [ 398.147901][T11038] bridge0: port 2(bridge_slave_1) entered forwarding state [ 398.632235][T13484] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 398.636410][T13734] FAULT_INJECTION: forcing a failure. [ 398.636410][T13734] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 398.655005][T13735] netlink: 'syz.4.2400': attribute type 21 has an invalid length. [ 398.674966][T13735] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2400'. [ 398.686446][T13735] netlink: 'syz.4.2400': attribute type 4 has an invalid length. [ 398.694195][T13735] netlink: 35 bytes leftover after parsing attributes in process `syz.4.2400'. [ 398.729331][T13734] CPU: 1 UID: 0 PID: 13734 Comm: syz.0.2399 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 398.729364][T13734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 398.729381][T13734] Call Trace: [ 398.729390][T13734] [ 398.729400][T13734] dump_stack_lvl+0x189/0x250 [ 398.729439][T13734] ? __pfx____ratelimit+0x10/0x10 [ 398.729467][T13734] ? __pfx_dump_stack_lvl+0x10/0x10 [ 398.729492][T13734] ? __pfx__printk+0x10/0x10 [ 398.729520][T13734] ? __might_fault+0xb0/0x130 [ 398.729558][T13734] should_fail_ex+0x414/0x560 [ 398.729593][T13734] _copy_from_user+0x2d/0xb0 [ 398.729618][T13734] ___sys_sendmsg+0x158/0x2a0 [ 398.729641][T13734] ? __pfx____sys_sendmsg+0x10/0x10 [ 398.729700][T13734] ? __fget_files+0x2a/0x420 [ 398.729726][T13734] ? __fget_files+0x3a0/0x420 [ 398.729764][T13734] __x64_sys_sendmsg+0x19b/0x260 [ 398.729787][T13734] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 398.729817][T13734] ? __pfx_ksys_write+0x10/0x10 [ 398.729838][T13734] ? rcu_is_watching+0x15/0xb0 [ 398.729868][T13734] ? do_syscall_64+0xbe/0x3b0 [ 398.729900][T13734] do_syscall_64+0xfa/0x3b0 [ 398.729927][T13734] ? lockdep_hardirqs_on+0x9c/0x150 [ 398.729953][T13734] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.729974][T13734] ? clear_bhb_loop+0x60/0xb0 [ 398.729999][T13734] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.730022][T13734] RIP: 0033:0x7f2ab998e929 [ 398.730042][T13734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 398.730060][T13734] RSP: 002b:00007f2aba76a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 398.730083][T13734] RAX: ffffffffffffffda RBX: 00007f2ab9bb5fa0 RCX: 00007f2ab998e929 [ 398.730098][T13734] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 398.730111][T13734] RBP: 00007f2aba76a090 R08: 0000000000000000 R09: 0000000000000000 [ 398.730124][T13734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 398.730136][T13734] R13: 0000000000000000 R14: 00007f2ab9bb5fa0 R15: 00007ffef78e9e88 [ 398.730168][T13734] [ 399.130315][T13480] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 399.452824][T13482] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 399.982328][T13484] veth0_vlan: entered promiscuous mode [ 400.321081][T13484] veth1_vlan: entered promiscuous mode [ 400.547788][T13484] veth0_macvtap: entered promiscuous mode [ 400.577068][T13484] veth1_macvtap: entered promiscuous mode [ 400.668443][T13484] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 400.731815][T13484] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 400.811207][T11033] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.830696][T11033] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.907956][T11033] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.923990][T11033] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 401.038689][T13480] veth0_vlan: entered promiscuous mode [ 401.149947][T13480] veth1_vlan: entered promiscuous mode [ 401.180965][ T6614] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 401.205262][ T6614] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 401.243861][T13482] veth0_vlan: entered promiscuous mode [ 401.342907][T13482] veth1_vlan: entered promiscuous mode [ 401.357766][T11033] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 401.378449][T11033] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 401.428668][T13480] veth0_macvtap: entered promiscuous mode [ 401.487206][T13480] veth1_macvtap: entered promiscuous mode [ 401.516649][T13482] veth0_macvtap: entered promiscuous mode [ 401.569583][T13482] veth1_macvtap: entered promiscuous mode [ 401.583567][T13480] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 401.666358][T13480] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 401.698509][T13803] netlink: 'syz.0.2410': attribute type 1 has an invalid length. [ 401.711038][T13482] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 401.730385][T13803] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2410'. [ 401.743714][T13482] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 401.764763][T13803] netlink: 'syz.0.2410': attribute type 1 has an invalid length. [ 401.787511][ T6614] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 401.817885][T13803] Cannot find add_set index 4 as target [ 401.818648][ T6614] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 401.841486][ T6614] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 401.923045][ T6614] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 401.948643][ T6614] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.005797][T11037] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.040336][T11037] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.074420][T11037] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.354299][T11033] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 402.393967][T11033] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 402.532525][T11033] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 402.579348][T11033] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 402.736391][T11038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 402.744303][T11038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 402.760793][T11033] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 402.794849][T11033] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 403.179379][T13851] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2415'. [ 403.637029][T13869] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2421'. [ 403.695281][ T30] audit: type=1800 audit(1752667883.537:4): pid=13874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2421" name="blkio.bfq.time_recursive" dev="tmpfs" ino=2802 res=0 errno=0 [ 403.741561][T13869] netlink: 156 bytes leftover after parsing attributes in process `syz.4.2421'. [ 403.793110][T13869] ªªªªª²DœL‰ 1 [ 405.020651][ T5855] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 405.029660][ T5855] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 405.061197][ T5855] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 405.099395][ T5855] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 405.849189][T13908] lo speed is unknown, defaulting to 1000 [ 406.176933][T13925] netlink: 100 bytes leftover after parsing attributes in process `syz.7.2436'. [ 406.188623][T13927] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2437'. [ 406.344150][T11033] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 406.375361][T11033] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.606751][T13945] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2441'. [ 406.737608][T11033] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 406.865876][T11033] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.880150][T13952] netlink: 'syz.6.2443': attribute type 4 has an invalid length. [ 407.109246][T11033] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 407.187358][ T51] Bluetooth: hci1: command tx timeout [ 407.236955][T11033] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 407.281607][T13908] chnl_net:caif_netlink_parms(): no params data found [ 407.366003][T13948] lo speed is unknown, defaulting to 1000 [ 407.524036][T11033] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 407.554903][T11033] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 407.653154][T13961] netlink: 'syz.6.2445': attribute type 13 has an invalid length. [ 407.669046][T13961] netlink: 'syz.6.2445': attribute type 17 has an invalid length. [ 407.816655][T13961] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 407.852019][T13908] bridge0: port 1(bridge_slave_0) entered blocking state [ 407.860437][T13908] bridge0: port 1(bridge_slave_0) entered disabled state [ 407.880419][T13908] bridge_slave_0: entered allmulticast mode [ 407.896406][T13908] bridge_slave_0: entered promiscuous mode [ 407.951263][T13908] bridge0: port 2(bridge_slave_1) entered blocking state [ 407.959895][T13908] bridge0: port 2(bridge_slave_1) entered disabled state [ 407.967520][T13908] bridge_slave_1: entered allmulticast mode [ 407.976397][T13908] bridge_slave_1: entered promiscuous mode [ 408.088111][T13964] lo speed is unknown, defaulting to 1000 [ 408.097273][T13908] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 408.134380][T13908] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 408.208992][T13908] team0: Port device team_slave_0 added [ 408.240435][T13908] team0: Port device team_slave_1 added [ 408.452943][T13973] netlink: 'syz.4.2449': attribute type 1 has an invalid length. [ 408.629801][T13978] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2449'. [ 408.780795][T11033] bond1 (unregistering): Released all slaves [ 408.888462][T11033] bond2 (unregistering): Released all slaves [ 408.998786][T11033] bond3 (unregistering): Released all slaves [ 409.120619][T11033] bond4 (unregistering): Released all slaves [ 409.235834][T11033] bond5 (unregistering): Released all slaves [ 409.267294][ T51] Bluetooth: hci1: command tx timeout [ 409.363585][T11033] bond6 (unregistering): Released all slaves [ 409.484380][T11033] bond7 (unregistering): Released all slaves [ 409.593880][T11033] bond0 (unregistering): Released all slaves [ 409.634582][T13973] workqueue: Failed to create a rescuer kthread for wq "bond19": -EINTR [ 409.643943][T13974] workqueue: Failed to create a rescuer kthread for wq "bond19": -EINTR [ 409.669774][T13977] dummy0: entered promiscuous mode [ 409.694279][T13977] vlan2: entered promiscuous mode [ 409.762807][T13908] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 409.770184][T13908] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 409.838605][T13908] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 409.866985][T13908] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 409.873986][T13908] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 409.921526][T13908] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 409.937579][T11033] : left promiscuous mode [ 410.091432][T11033] tipc: Left network mode [ 410.175505][T13993] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2451'. [ 410.220227][T13908] hsr_slave_0: entered promiscuous mode [ 410.240759][T13908] hsr_slave_1: entered promiscuous mode [ 410.255644][T13908] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 410.276150][T13908] Cannot create hsr debugfs directory [ 410.409301][T14005] netlink: 'syz.5.2456': attribute type 33 has an invalid length. [ 410.471763][T14005] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2456'. [ 410.654704][T14005] bond0: option broadcast_neighbor: mode dependency failed, not supported in mode balance-rr(0) [ 411.104442][T14017] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2461'. [ 411.338499][ T51] Bluetooth: hci1: command tx timeout [ 411.417406][T14026] IPVS: Scheduler module ip_vs_sip not found [ 411.488694][T14028] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2464'. [ 411.622317][T11033] hsr_slave_0: left promiscuous mode [ 411.640893][T11033] hsr_slave_1: left promiscuous mode [ 411.651797][T14036] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2468'. [ 411.676183][T11033] veth1_to_team: left allmulticast mode [ 411.688099][T11033] veth1_to_team: left promiscuous mode [ 411.707463][T11033] veth1_macvtap: left promiscuous mode [ 411.719064][T11033] veth0_macvtap: left promiscuous mode [ 411.731341][T11033] veth1_vlan: left promiscuous mode [ 413.238606][T14058] IPVS: Scheduler module ip_vs_sip not found [ 413.312836][T14058] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2477'. [ 413.405193][T14048] team_slave_0: entered promiscuous mode [ 413.411220][T14048] team_slave_1: entered promiscuous mode [ 413.421157][T14048] vlan2: entered promiscuous mode [ 413.424906][ T51] Bluetooth: hci1: command tx timeout [ 413.430691][T14048] team0: entered promiscuous mode [ 413.529469][T14063] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2478'. [ 413.674244][T13908] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 413.761126][T14067] bridge1: entered promiscuous mode [ 413.770428][T14067] bridge1: entered allmulticast mode [ 413.776384][T13908] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 413.855547][T13908] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 413.920832][T13908] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 414.020715][T14080] bridge0: port 3(vlan2) entered blocking state [ 414.027334][T14080] bridge0: port 3(vlan2) entered disabled state [ 414.033964][T14080] vlan2: entered allmulticast mode [ 414.055084][T14080] netdevsim netdevsim6 netdevsim0: entered allmulticast mode [ 414.065730][T14080] vlan2: entered promiscuous mode [ 414.074595][T14080] netdevsim netdevsim6 netdevsim0: entered promiscuous mode [ 414.118384][T11033] IPVS: stop unused estimator thread 0... [ 414.263134][T14092] IPVS: Scheduler module ip_vs_sip not found [ 414.283790][T14095] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2490'. [ 414.292953][T14099] netlink: 'syz.6.2491': attribute type 30 has an invalid length. [ 414.315520][T14092] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2489'. [ 414.347733][T14099] (unnamed net_device) (uninitialized): option arp_missed_max: invalid value (0) [ 414.370107][T14099] (unnamed net_device) (uninitialized): option arp_missed_max: allowed values 1 - 255 [ 414.490544][T13908] 8021q: adding VLAN 0 to HW filter on device bond0 [ 414.563101][T13908] 8021q: adding VLAN 0 to HW filter on device team0 [ 414.580655][T14108] xt_TCPMSS: Only works on TCP SYN packets [ 414.592674][T14106] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2495'. [ 414.606232][T11032] bridge0: port 1(bridge_slave_0) entered blocking state [ 414.613430][T11032] bridge0: port 1(bridge_slave_0) entered forwarding state [ 414.664870][T11032] bridge0: port 2(bridge_slave_1) entered blocking state [ 414.672107][T11032] bridge0: port 2(bridge_slave_1) entered forwarding state [ 415.089752][T14119] netlink: 'syz.5.2499': attribute type 12 has an invalid length. [ 415.199464][T14123] netlink: 'syz.6.2500': attribute type 9 has an invalid length. [ 415.537786][T13908] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 415.674667][T14131] Bluetooth: MGMT ver 1.23 [ 415.818073][T14142] netlink: 'syz.6.2506': attribute type 4 has an invalid length. [ 415.952124][T13908] veth0_vlan: entered promiscuous mode [ 416.091721][T13908] veth1_vlan: entered promiscuous mode [ 416.194357][T13908] veth0_macvtap: entered promiscuous mode [ 416.222827][T13908] veth1_macvtap: entered promiscuous mode [ 416.306720][T14160] tipc: Started in network mode [ 416.320417][T14160] tipc: Node identity 8, cluster identity 5 [ 416.335821][T14160] tipc: Node number set to 8 [ 416.343387][T14160] tipc: Cannot configure node identity twice [ 416.396768][T13908] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 416.444164][T13908] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 416.507259][ T6614] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 416.520632][ T6614] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 416.551645][ T6614] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 416.567133][ T6614] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 416.738155][T11031] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 416.754537][T11031] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 416.771100][T14177] __nla_validate_parse: 3 callbacks suppressed [ 416.771122][T14177] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2523'. [ 416.854215][ T6614] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 416.880105][ T6614] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 417.327256][T14195] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2422'. [ 417.331955][T14199] netlink: 'syz.6.2531': attribute type 9 has an invalid length. [ 417.341782][T14201] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2532'. [ 417.700571][T14215] Cannot find del_set index 0 as target [ 417.709799][T14214] netlink: 'syz.0.2538': attribute type 3 has an invalid length. [ 417.861828][T14221] netlink: 'syz.5.2542': attribute type 1 has an invalid length. [ 417.951468][T14221] bond1 (unregistering): Released all slaves [ 418.023910][T14232] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2542'. [ 418.054052][T14234] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 418.122639][T14231] veth1_to_team: entered promiscuous mode [ 418.131069][T14231] macvtap1: entered allmulticast mode [ 418.139848][T14231] veth1_to_team: entered allmulticast mode [ 418.318911][T14244] netlink: 'syz.5.2552': attribute type 33 has an invalid length. [ 418.336042][T14244] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2552'. [ 418.351977][T14244] bond0: option broadcast_neighbor: mode dependency failed, not supported in mode balance-rr(0) [ 418.476399][T14249] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2551'. [ 418.560010][T14254] lo speed is unknown, defaulting to 1000 [ 418.625382][T14254] lo speed is unknown, defaulting to 1000 [ 418.657548][T14254] lo speed is unknown, defaulting to 1000 [ 418.712554][T14254] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 418.758576][T14261] IPVS: Scheduler module ip_vs_sip not found [ 418.773695][T14261] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2557'. [ 418.784739][T14272] netlink: 'syz.7.2558': attribute type 13 has an invalid length. [ 418.792603][T14272] netlink: 'syz.7.2558': attribute type 17 has an invalid length. [ 418.912330][T14272] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 418.938098][T14254] lo speed is unknown, defaulting to 1000 [ 418.947210][T14254] lo speed is unknown, defaulting to 1000 [ 418.959065][T14254] lo speed is unknown, defaulting to 1000 [ 418.987480][T14272] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 419.020972][T14254] lo speed is unknown, defaulting to 1000 [ 419.046886][T14254] lo speed is unknown, defaulting to 1000 [ 419.058443][T14268] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 419.077024][T14254] lo speed is unknown, defaulting to 1000 [ 419.128459][T14268] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 419.225388][T14290] tipc: Enabling of bearer rejected, failed to enable media [ 419.764018][T14310] xt_connbytes: Forcing CT accounting to be enabled [ 419.776986][T14310] Cannot find set identified by id 0 to match [ 419.972375][T14316] IPVS: Scheduler module ip_vs_sip not found [ 419.983375][T14316] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2575'. [ 420.240110][T14336] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2580'. [ 420.275049][T14336] ip6gretap0: entered promiscuous mode [ 420.286374][T14336] macvtap2: entered promiscuous mode [ 420.299987][T14336] macvtap2: entered allmulticast mode [ 420.307947][T14336] ip6gretap0: entered allmulticast mode [ 420.334871][T14338] ip6gretap0: left allmulticast mode [ 420.340505][T14338] ip6gretap0: left promiscuous mode [ 420.366100][T14340] validate_nla: 2 callbacks suppressed [ 420.366119][T14340] netlink: 'syz.5.2583': attribute type 13 has an invalid length. [ 420.384006][T14340] netlink: 'syz.5.2583': attribute type 17 has an invalid length. [ 420.439402][T14340] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 420.477419][T14340] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 420.543832][T14340] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 420.608991][T14339] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 420.773124][T14355] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2588'. [ 420.858013][T14355] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 420.866125][ T5836] IPVS: starting estimator thread 0... [ 420.878413][T14356] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 420.966123][T14357] IPVS: using max 24 ests per chain, 57600 per kthread [ 421.138928][T14362] IPVS: Scheduler module ip_vs_sip not found [ 421.374946][T14378] lo speed is unknown, defaulting to 1000 [ 421.415681][T14384] FAULT_INJECTION: forcing a failure. [ 421.415681][T14384] name failslab, interval 1, probability 0, space 0, times 0 [ 421.467085][T14384] CPU: 1 UID: 0 PID: 14384 Comm: syz.5.2597 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 421.467117][T14384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 421.467130][T14384] Call Trace: [ 421.467140][T14384] [ 421.467150][T14384] dump_stack_lvl+0x189/0x250 [ 421.467181][T14384] ? __pfx____ratelimit+0x10/0x10 [ 421.467210][T14384] ? __pfx_dump_stack_lvl+0x10/0x10 [ 421.467236][T14384] ? __pfx__printk+0x10/0x10 [ 421.467269][T14384] ? __pfx___might_resched+0x10/0x10 [ 421.467294][T14384] ? fs_reclaim_acquire+0x7d/0x100 [ 421.467330][T14384] should_fail_ex+0x414/0x560 [ 421.467377][T14384] should_failslab+0xa8/0x100 [ 421.467407][T14384] __kmalloc_noprof+0xcb/0x4f0 [ 421.467431][T14384] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 421.467463][T14384] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 421.467493][T14384] genl_start+0x180/0x6c0 [ 421.467514][T14384] ? netlink_lookup+0x30/0x200 [ 421.467547][T14384] __netlink_dump_start+0x469/0x7e0 [ 421.467583][T14384] genl_family_rcv_msg_dumpit+0x1e7/0x2c0 [ 421.467611][T14384] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 421.467633][T14384] ? genl_get_cmd+0x67f/0x910 [ 421.467663][T14384] ? __pfx_genl_start+0x10/0x10 [ 421.467682][T14384] ? __pfx_genl_dumpit+0x10/0x10 [ 421.467701][T14384] ? __pfx_genl_done+0x10/0x10 [ 421.467752][T14384] genl_rcv_msg+0x5da/0x790 [ 421.467780][T14384] ? __pfx_genl_rcv_msg+0x10/0x10 [ 421.467799][T14384] ? ref_tracker_free+0x63a/0x7d0 [ 421.467826][T14384] ? __pfx_ethnl_rss_dump_start+0x10/0x10 [ 421.467845][T14384] ? __pfx_ethnl_rss_dumpit+0x10/0x10 [ 421.467868][T14384] ? __pfx_ref_tracker_free+0x10/0x10 [ 421.467911][T14384] netlink_rcv_skb+0x205/0x470 [ 421.467940][T14384] ? __pfx_genl_rcv_msg+0x10/0x10 [ 421.467963][T14384] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 421.468012][T14384] ? down_read+0x1ad/0x2e0 [ 421.468045][T14384] genl_rcv+0x28/0x40 [ 421.468064][T14384] netlink_unicast+0x759/0x8e0 [ 421.468103][T14384] netlink_sendmsg+0x805/0xb30 [ 421.468143][T14384] ? __pfx_netlink_sendmsg+0x10/0x10 [ 421.468175][T14384] ? aa_sock_msg_perm+0x94/0x160 [ 421.468208][T14384] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 421.468238][T14384] ? __pfx_netlink_sendmsg+0x10/0x10 [ 421.468268][T14384] __sock_sendmsg+0x21c/0x270 [ 421.468297][T14384] ____sys_sendmsg+0x505/0x830 [ 421.468336][T14384] ? __pfx_____sys_sendmsg+0x10/0x10 [ 421.468386][T14384] ? import_iovec+0x74/0xa0 [ 421.468415][T14384] ___sys_sendmsg+0x21f/0x2a0 [ 421.468438][T14384] ? __pfx____sys_sendmsg+0x10/0x10 [ 421.468496][T14384] ? __fget_files+0x2a/0x420 [ 421.468522][T14384] ? __fget_files+0x3a0/0x420 [ 421.468560][T14384] __x64_sys_sendmsg+0x19b/0x260 [ 421.468582][T14384] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 421.468613][T14384] ? __pfx_ksys_write+0x10/0x10 [ 421.468634][T14384] ? rcu_is_watching+0x15/0xb0 [ 421.468664][T14384] ? do_syscall_64+0xbe/0x3b0 [ 421.468721][T14384] do_syscall_64+0xfa/0x3b0 [ 421.468747][T14384] ? lockdep_hardirqs_on+0x9c/0x150 [ 421.468773][T14384] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.468794][T14384] ? clear_bhb_loop+0x60/0xb0 [ 421.468820][T14384] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.468840][T14384] RIP: 0033:0x7f4f0dd8e929 [ 421.468859][T14384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 421.468878][T14384] RSP: 002b:00007f4f0bbf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 421.468899][T14384] RAX: ffffffffffffffda RBX: 00007f4f0dfb6080 RCX: 00007f4f0dd8e929 [ 421.468915][T14384] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000005 [ 421.468929][T14384] RBP: 00007f4f0bbf6090 R08: 0000000000000000 R09: 0000000000000000 [ 421.468942][T14384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 421.468954][T14384] R13: 0000000000000000 R14: 00007f4f0dfb6080 R15: 00007ffdaa91a5a8 [ 421.468989][T14384] [ 421.894102][T14394] __nla_validate_parse: 2 callbacks suppressed [ 421.894122][T14394] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2601'. [ 422.005693][T14399] netlink: 'syz.7.2602': attribute type 9 has an invalid length. [ 422.179644][T14406] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2605'. [ 422.350358][T14413] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.2608'. [ 422.440314][T14409] IPVS: Scheduler module ip_vs_sip not found [ 422.508429][T14409] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2606'. [ 422.653806][T14430] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2611'. [ 422.674445][T14432] netlink: 'syz.0.2613': attribute type 1 has an invalid length. [ 422.819312][T14432] bond1 (unregistering): Released all slaves [ 422.870221][T14443] netlink: 'syz.7.2617': attribute type 12 has an invalid length. [ 422.878521][T14443] netlink: 9472 bytes leftover after parsing attributes in process `syz.7.2617'. [ 423.422440][T14467] IPVS: Scheduler module ip_vs_sip not found [ 423.453657][T14467] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2625'. [ 423.692803][T14476] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2629'. [ 424.046186][ T5855] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 424.057455][ T5855] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 424.065546][ T5855] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 424.080554][ T5855] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 424.088539][ T5855] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 424.120505][T14488] pimreg: entered allmulticast mode [ 424.150689][T14495] pimreg: left allmulticast mode [ 424.323475][T11037] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 424.336621][T11037] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 56673 - 0 [ 424.350164][T11037] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0 [ 424.391635][T14504] IPVS: Scheduler module ip_vs_sip not found [ 424.431112][T14490] lo speed is unknown, defaulting to 1000 [ 424.489257][T14510] lo speed is unknown, defaulting to 1000 [ 424.564838][T14504] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2638'. [ 424.658930][T11037] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 424.681146][T11037] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 56673 - 0 [ 424.692983][T11037] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0 [ 424.804018][T14519] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2642'. [ 424.856530][T11037] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 424.867082][T11037] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 56673 - 0 [ 424.879506][T11037] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0 [ 424.959127][T14525] xt_HMARK: spi-set and port-set can't be combined [ 425.150702][T11037] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 425.190349][T11037] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 56673 - 0 [ 425.202441][T14537] Cannot find add_set index 2 as target [ 425.211428][T11037] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 2] type 2 family 0 port 20000 - 0 [ 425.603808][T14490] chnl_net:caif_netlink_parms(): no params data found [ 425.709367][T11037] tipc: Resetting bearer [ 425.900689][T14563] netlink: 'syz.0.2658': attribute type 9 has an invalid length. [ 425.970055][T14565] FAULT_INJECTION: forcing a failure. [ 425.970055][T14565] name failslab, interval 1, probability 0, space 0, times 0 [ 426.014944][T14565] CPU: 0 UID: 0 PID: 14565 Comm: syz.5.2659 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 426.014978][T14565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 426.015000][T14565] Call Trace: [ 426.015009][T14565] [ 426.015019][T14565] dump_stack_lvl+0x189/0x250 [ 426.015050][T14565] ? __pfx____ratelimit+0x10/0x10 [ 426.015078][T14565] ? __pfx_dump_stack_lvl+0x10/0x10 [ 426.015104][T14565] ? __pfx__printk+0x10/0x10 [ 426.015137][T14565] ? __pfx___might_resched+0x10/0x10 [ 426.015167][T14565] should_fail_ex+0x414/0x560 [ 426.015202][T14565] should_failslab+0xa8/0x100 [ 426.015231][T14565] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 426.015259][T14565] ? __alloc_skb+0x112/0x2d0 [ 426.015293][T14565] __alloc_skb+0x112/0x2d0 [ 426.015328][T14565] netlink_sendmsg+0x5c6/0xb30 [ 426.015368][T14565] ? __pfx_netlink_sendmsg+0x10/0x10 [ 426.015402][T14565] ? aa_sock_msg_perm+0x94/0x160 [ 426.015435][T14565] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 426.015466][T14565] ? __pfx_netlink_sendmsg+0x10/0x10 [ 426.015496][T14565] __sock_sendmsg+0x21c/0x270 [ 426.015526][T14565] ____sys_sendmsg+0x505/0x830 [ 426.015565][T14565] ? __pfx_____sys_sendmsg+0x10/0x10 [ 426.015609][T14565] ? import_iovec+0x74/0xa0 [ 426.015638][T14565] ___sys_sendmsg+0x21f/0x2a0 [ 426.015661][T14565] ? __pfx____sys_sendmsg+0x10/0x10 [ 426.015722][T14565] ? __fget_files+0x2a/0x420 [ 426.015749][T14565] ? __fget_files+0x3a0/0x420 [ 426.015788][T14565] __x64_sys_sendmsg+0x19b/0x260 [ 426.015812][T14565] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 426.015844][T14565] ? __pfx_ksys_write+0x10/0x10 [ 426.015874][T14565] ? do_syscall_64+0xbe/0x3b0 [ 426.015912][T14565] do_syscall_64+0xfa/0x3b0 [ 426.015940][T14565] ? lockdep_hardirqs_on+0x9c/0x150 [ 426.015968][T14565] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.015995][T14565] ? clear_bhb_loop+0x60/0xb0 [ 426.016022][T14565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.016042][T14565] RIP: 0033:0x7f4f0dd8e929 [ 426.016062][T14565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 426.016080][T14565] RSP: 002b:00007f4f0bbf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 426.016102][T14565] RAX: ffffffffffffffda RBX: 00007f4f0dfb6080 RCX: 00007f4f0dd8e929 [ 426.016118][T14565] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 426.016130][T14565] RBP: 00007f4f0bbf6090 R08: 0000000000000000 R09: 0000000000000000 [ 426.016143][T14565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 426.016155][T14565] R13: 0000000000000001 R14: 00007f4f0dfb6080 R15: 00007ffdaa91a5a8 [ 426.016187][T14565] [ 426.320016][ T51] Bluetooth: hci2: command tx timeout [ 426.328453][T11037] tipc: Disabling bearer [ 426.354347][T14571] Cannot find del_set index 0 as target [ 426.943503][T11037]  (unregistering): Released all slaves [ 427.060837][T11037] bond1 (unregistering): Released all slaves [ 427.168647][T11037] bond2 (unregistering): Released all slaves [ 427.272442][T11037] bond3 (unregistering): Released all slaves [ 427.387842][T11037] bond4 (unregistering): Released all slaves [ 427.508630][T11037] bond5 (unregistering): Released all slaves [ 427.620817][T11037] bond6 (unregistering): Released all slaves [ 427.726032][T11037] bond7 (unregistering): Released all slaves [ 427.833206][T11037] bond8 (unregistering): Released all slaves [ 427.850592][T11037] bond9 (unregistering): Released all slaves [ 427.971724][T11037] bond0 (unregistering): (slave bond10): Releasing backup interface [ 427.983399][T11037] bond0 (unregistering): Released all slaves [ 428.093892][T11037] bond10 (unregistering): Released all slaves [ 428.201548][T11037] bond11 (unregistering): (slave bond12): Releasing backup interface [ 428.211071][T11037] bond11 (unregistering): Released all slaves [ 428.313889][T11037] bond12 (unregistering): Released all slaves [ 428.376618][ T51] Bluetooth: hci2: command tx timeout [ 428.430942][T11037] bond13 (unregistering): (slave bond14): Releasing backup interface [ 428.439759][T11037] bond13 (unregistering): Released all slaves [ 428.549747][T11037] bond14 (unregistering): Released all slaves [ 428.660622][T11037] bond15 (unregistering): (slave bond16): Releasing backup interface [ 428.670351][T11037] bond15 (unregistering): Released all slaves [ 428.777795][T11037] bond16 (unregistering): Released all slaves [ 428.882847][T11037] bond17 (unregistering): (slave bond18): Releasing backup interface [ 428.895087][T11037] bond17 (unregistering): Released all slaves [ 429.001099][T11037] bond18 (unregistering): Released all slaves [ 429.244763][T14490] bridge0: port 1(bridge_slave_0) entered blocking state [ 429.252612][T14490] bridge0: port 1(bridge_slave_0) entered disabled state [ 429.272512][T14490] bridge_slave_0: entered allmulticast mode [ 429.282962][T14490] bridge_slave_0: entered promiscuous mode [ 429.322303][T14490] bridge0: port 2(bridge_slave_1) entered blocking state [ 429.338159][T14490] bridge0: port 2(bridge_slave_1) entered disabled state [ 429.355168][T14490] bridge_slave_1: entered allmulticast mode [ 429.363116][T14490] bridge_slave_1: entered promiscuous mode [ 429.401922][T11037] : left promiscuous mode [ 429.441332][T14591] __nla_validate_parse: 3 callbacks suppressed [ 429.441354][T14591] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2667'. [ 429.483437][T14591] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2667'. [ 429.520112][T11037] tipc: Disabling bearer [ 429.562535][T11037] tipc: Left network mode [ 429.980072][T14630] xt_hashlimit: size too large, truncated to 1048576 [ 430.054083][T14630] xt_hashlimit: max too large, truncated to 1048576 [ 430.232017][T14630] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 430.259142][T14490] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 430.288350][T14597] veth0_to_bridge: entered promiscuous mode [ 430.301653][T14594] veth0_to_bridge: left promiscuous mode [ 430.405547][T14490] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 430.464651][ T51] Bluetooth: hci2: command tx timeout [ 430.827988][T14490] team0: Port device team_slave_0 added [ 430.840235][T14646] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2675'. [ 430.868351][T14490] team0: Port device team_slave_1 added [ 430.938685][T14649] veth2: entered allmulticast mode [ 430.991444][T14654] netlink: 'syz.6.2678': attribute type 13 has an invalid length. [ 431.045003][T14654] netlink: 'syz.6.2678': attribute type 17 has an invalid length. [ 431.103865][T14490] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 431.134308][T14490] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 431.184434][T14490] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 431.210573][T14664] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 431.273055][T14654] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 431.291585][T14664] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 431.346442][T14490] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 431.353446][T14490] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 431.382317][T14654] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 431.389779][T14490] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 431.410180][T14663] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2682'. [ 431.433801][T14665] lo speed is unknown, defaulting to 1000 [ 431.476263][T14663] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2682'. [ 431.511856][ T6600] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 431.522918][ T6600] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 431.532935][T11036] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 431.578267][T11036] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 431.799735][T14490] hsr_slave_0: entered promiscuous mode [ 431.808887][T14490] hsr_slave_1: entered promiscuous mode [ 431.818468][T14490] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 431.829004][T14490] Cannot create hsr debugfs directory [ 431.904736][T14680] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2686'. [ 432.051688][T14681] lo speed is unknown, defaulting to 1000 [ 432.101290][T14688] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2689'. [ 432.219243][T14682] lo speed is unknown, defaulting to 1000 [ 432.257655][T14694] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2690'. [ 432.534985][ T51] Bluetooth: hci2: command tx timeout [ 432.777931][T14696] lo speed is unknown, defaulting to 1000 [ 432.940997][T14712] netlink: 'syz.0.2697': attribute type 13 has an invalid length. [ 432.953755][T14712] netlink: 'syz.0.2697': attribute type 17 has an invalid length. [ 433.029399][T14697] lo speed is unknown, defaulting to 1000 [ 433.131176][T14720] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 433.174952][T14712] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 433.211055][T14712] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 433.286830][T14712] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 433.314603][ T5966] lo speed is unknown, defaulting to 1000 [ 433.362905][T11037] hsr_slave_0: left promiscuous mode [ 433.370818][T11037] hsr_slave_1: left promiscuous mode [ 433.388623][T11037] veth1_to_team: left allmulticast mode [ 433.394344][T11037] veth1_to_team: left promiscuous mode [ 433.402522][T11037] veth1_macvtap: left promiscuous mode [ 433.408770][T11037] veth0_macvtap: left promiscuous mode [ 433.415167][T11037] veth1_vlan: left promiscuous mode [ 434.075924][T14725] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2699'. [ 435.467003][T14737] bridge0: port 3(vlan3) entered blocking state [ 435.483145][T14737] bridge0: port 3(vlan3) entered disabled state [ 435.490125][T14737] vlan3: entered allmulticast mode [ 435.496195][T14737] netdevsim netdevsim5 netdevsim0: entered allmulticast mode [ 435.507043][T14737] vlan3: entered promiscuous mode [ 435.512533][T14737] netdevsim netdevsim5 netdevsim0: entered promiscuous mode [ 435.523407][T14490] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 435.601836][T14490] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 435.632187][T14490] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 435.665769][T14490] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 435.711308][T11037] IPVS: stop unused estimator thread 0... [ 436.242212][T14490] 8021q: adding VLAN 0 to HW filter on device bond0 [ 436.373364][T14490] 8021q: adding VLAN 0 to HW filter on device team0 [ 436.410542][ T6619] bridge0: port 1(bridge_slave_0) entered blocking state [ 436.417801][ T6619] bridge0: port 1(bridge_slave_0) entered forwarding state [ 436.472085][ T6619] bridge0: port 2(bridge_slave_1) entered blocking state [ 436.479359][ T6619] bridge0: port 2(bridge_slave_1) entered forwarding state [ 437.102812][T14792] mac80211_hwsim hwsim92 wlan0: entered promiscuous mode [ 437.144995][T14792] macsec1: entered promiscuous mode [ 437.169408][T14792] macsec1: entered allmulticast mode [ 437.191321][T14792] mac80211_hwsim hwsim92 wlan0: entered allmulticast mode [ 437.202128][T14800] netlink: 'syz.6.2720': attribute type 10 has an invalid length. [ 437.303419][T14490] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 437.455484][T14808] IPVS: sync thread started: state = BACKUP, mcast_ifn = vlan0, syncid = 1, id = 0 [ 437.465780][T14805] IPVS: stopping backup sync thread 14808 ... [ 437.601649][T14812] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2723'. [ 437.619628][T14814] netlink: 'syz.7.2724': attribute type 1 has an invalid length. [ 437.634847][T14812] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2723'. [ 437.770068][T14814] 8021q: adding VLAN 0 to HW filter on device bond1 [ 437.869598][T14819] 8021q: adding VLAN 0 to HW filter on device bond1 [ 437.885231][T14819] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 437.917414][T14819] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 438.063466][T14828] netlink: 'syz.5.2728': attribute type 12 has an invalid length. [ 438.094597][T14828] netlink: 9472 bytes leftover after parsing attributes in process `syz.5.2728'. [ 438.191588][T14829] veth3: entered promiscuous mode [ 438.270823][T14819] erspan0: entered allmulticast mode [ 438.413637][T14490] veth0_vlan: entered promiscuous mode [ 438.462020][T14490] veth1_vlan: entered promiscuous mode [ 438.570942][T14490] veth0_macvtap: entered promiscuous mode [ 438.615393][T14490] veth1_macvtap: entered promiscuous mode [ 438.660147][T14490] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 438.680061][T14490] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 438.710797][ T6600] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 438.743118][ T6600] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 438.780762][ T6600] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 438.790698][ T6600] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 439.025924][ T6600] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 439.044602][ T6600] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 439.093503][T14851] Cannot find del_set index 0 as target [ 439.160231][ T6619] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 439.185296][ T6619] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 439.526668][T14870] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 439.592195][T14875] FAULT_INJECTION: forcing a failure. [ 439.592195][T14875] name failslab, interval 1, probability 0, space 0, times 0 [ 439.623296][T14875] CPU: 0 UID: 0 PID: 14875 Comm: syz.6.2741 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 439.623328][T14875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 439.623342][T14875] Call Trace: [ 439.623350][T14875] [ 439.623361][T14875] dump_stack_lvl+0x189/0x250 [ 439.623392][T14875] ? __pfx____ratelimit+0x10/0x10 [ 439.623419][T14875] ? __pfx_dump_stack_lvl+0x10/0x10 [ 439.623444][T14875] ? __pfx__printk+0x10/0x10 [ 439.623489][T14875] should_fail_ex+0x414/0x560 [ 439.623525][T14875] should_failslab+0xa8/0x100 [ 439.623554][T14875] kmem_cache_alloc_noprof+0x73/0x3c0 [ 439.623578][T14875] ? skb_clone+0x212/0x3a0 [ 439.623604][T14875] skb_clone+0x212/0x3a0 [ 439.623628][T14875] __netlink_deliver_tap+0x404/0x850 [ 439.623670][T14875] ? netlink_deliver_tap+0x2e/0x1b0 [ 439.623701][T14875] netlink_deliver_tap+0x19c/0x1b0 [ 439.623731][T14875] netlink_sendskb+0x68/0x140 [ 439.623760][T14875] netlink_rcv_skb+0x28c/0x470 [ 439.623788][T14875] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 439.623815][T14875] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 439.623855][T14875] ? bpf_lsm_capable+0x9/0x20 [ 439.623878][T14875] ? security_capable+0x7e/0x2e0 [ 439.623916][T14875] nfnetlink_rcv+0x26a/0x2520 [ 439.623943][T14875] ? __dev_queue_xmit+0x1d79/0x3b50 [ 439.623977][T14875] ? __dev_queue_xmit+0x27b/0x3b50 [ 439.624000][T14875] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.624039][T14875] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 439.624062][T14875] ? __pfx___dev_queue_xmit+0x10/0x10 [ 439.624100][T14875] ? ref_tracker_free+0x63a/0x7d0 [ 439.624129][T14875] ? __copy_skb_header+0xa7/0x550 [ 439.624152][T14875] ? __pfx_ref_tracker_free+0x10/0x10 [ 439.624181][T14875] ? __skb_clone+0x63/0x7a0 [ 439.624207][T14875] ? __skb_clone+0x483/0x7a0 [ 439.624234][T14875] ? skb_clone+0x246/0x3a0 [ 439.624258][T14875] ? __netlink_deliver_tap+0x807/0x850 [ 439.624287][T14875] ? netlink_deliver_tap+0x2e/0x1b0 [ 439.624322][T14875] ? netlink_deliver_tap+0x2e/0x1b0 [ 439.624349][T14875] ? netlink_deliver_tap+0x2e/0x1b0 [ 439.624383][T14875] netlink_unicast+0x759/0x8e0 [ 439.624421][T14875] netlink_sendmsg+0x805/0xb30 [ 439.624466][T14875] ? __pfx_netlink_sendmsg+0x10/0x10 [ 439.624497][T14875] ? aa_sock_msg_perm+0x94/0x160 [ 439.624528][T14875] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 439.624556][T14875] ? __pfx_netlink_sendmsg+0x10/0x10 [ 439.624586][T14875] __sock_sendmsg+0x21c/0x270 [ 439.624614][T14875] ____sys_sendmsg+0x505/0x830 [ 439.624653][T14875] ? __pfx_____sys_sendmsg+0x10/0x10 [ 439.624696][T14875] ? import_iovec+0x74/0xa0 [ 439.624724][T14875] ___sys_sendmsg+0x21f/0x2a0 [ 439.624747][T14875] ? __pfx____sys_sendmsg+0x10/0x10 [ 439.624807][T14875] ? __fget_files+0x2a/0x420 [ 439.624834][T14875] ? __fget_files+0x3a0/0x420 [ 439.624872][T14875] __x64_sys_sendmsg+0x19b/0x260 [ 439.624895][T14875] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 439.624927][T14875] ? __pfx_ksys_write+0x10/0x10 [ 439.624947][T14875] ? rcu_is_watching+0x15/0xb0 [ 439.624978][T14875] ? do_syscall_64+0xbe/0x3b0 [ 439.625011][T14875] do_syscall_64+0xfa/0x3b0 [ 439.625044][T14875] ? lockdep_hardirqs_on+0x9c/0x150 [ 439.625070][T14875] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.625091][T14875] ? clear_bhb_loop+0x60/0xb0 [ 439.625116][T14875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.625136][T14875] RIP: 0033:0x7f871798e929 [ 439.625155][T14875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 439.625173][T14875] RSP: 002b:00007f871887b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 439.625195][T14875] RAX: ffffffffffffffda RBX: 00007f8717bb5fa0 RCX: 00007f871798e929 [ 439.625211][T14875] RDX: 0000000000040040 RSI: 0000200000000300 RDI: 0000000000000003 [ 439.625225][T14875] RBP: 00007f871887b090 R08: 0000000000000000 R09: 0000000000000000 [ 439.625238][T14875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 439.625250][T14875] R13: 0000000000000000 R14: 00007f8717bb5fa0 R15: 00007fff715203b8 [ 439.625284][T14875] [ 440.183413][T14864] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2737'. [ 440.200284][T14864] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2737'. [ 440.500422][T14900] netlink: 'syz.7.2750': attribute type 25 has an invalid length. [ 440.509077][T14900] netlink: 'syz.7.2750': attribute type 7 has an invalid length. [ 440.681152][T14909] veth0_to_bridge: entered promiscuous mode [ 440.750269][T14902] veth0_to_bridge: left promiscuous mode [ 440.960568][T14922] tipc: Enabling of bearer rejected, failed to enable media [ 441.382608][T14944] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2764'. [ 441.401983][T14944] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2764'. [ 441.711835][T14969] veth0_to_bridge: entered promiscuous mode [ 441.773302][T14960] veth0_to_bridge: left promiscuous mode [ 441.789185][T14973] netlink: 'syz.0.2772': attribute type 1 has an invalid length. [ 441.808087][T14973] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2772'. [ 441.991795][T14984] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2776'. [ 442.053356][T14986] xt_connbytes: Forcing CT accounting to be enabled [ 442.064177][T14986] Cannot find set identified by id 0 to match [ 442.356260][T14984] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 442.378872][T14984] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 442.400417][T14984] bond0 (unregistering): Released all slaves [ 442.843593][T15017] veth0_to_bridge: entered promiscuous mode [ 442.945127][T15014] veth0_to_bridge: left promiscuous mode [ 442.987193][T15022] FAULT_INJECTION: forcing a failure. [ 442.987193][T15022] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 443.007075][T15022] CPU: 0 UID: 0 PID: 15022 Comm: syz.4.2788 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 443.007107][T15022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 443.007121][T15022] Call Trace: [ 443.007130][T15022] [ 443.007140][T15022] dump_stack_lvl+0x189/0x250 [ 443.007170][T15022] ? __pfx____ratelimit+0x10/0x10 [ 443.007199][T15022] ? __pfx_dump_stack_lvl+0x10/0x10 [ 443.007225][T15022] ? __pfx__printk+0x10/0x10 [ 443.007254][T15022] ? __might_fault+0xb0/0x130 [ 443.007291][T15022] should_fail_ex+0x414/0x560 [ 443.007327][T15022] _copy_from_user+0x2d/0xb0 [ 443.007353][T15022] __sys_bpf+0x1ed/0x860 [ 443.007388][T15022] ? __pfx___sys_bpf+0x10/0x10 [ 443.007435][T15022] ? ksys_write+0x22a/0x250 [ 443.007462][T15022] ? __pfx_ksys_write+0x10/0x10 [ 443.007483][T15022] ? rcu_is_watching+0x15/0xb0 [ 443.007525][T15022] __x64_sys_bpf+0x7c/0x90 [ 443.007555][T15022] do_syscall_64+0xfa/0x3b0 [ 443.007583][T15022] ? lockdep_hardirqs_on+0x9c/0x150 [ 443.007611][T15022] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 443.007632][T15022] ? clear_bhb_loop+0x60/0xb0 [ 443.007658][T15022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 443.007679][T15022] RIP: 0033:0x7f3ab1b8e929 [ 443.007698][T15022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 443.007728][T15022] RSP: 002b:00007f3ab2971038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 443.007750][T15022] RAX: ffffffffffffffda RBX: 00007f3ab1db5fa0 RCX: 00007f3ab1b8e929 [ 443.007766][T15022] RDX: 0000000000000020 RSI: 0000200000000600 RDI: 0000000000000002 [ 443.007779][T15022] RBP: 00007f3ab2971090 R08: 0000000000000000 R09: 0000000000000000 [ 443.007793][T15022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 443.007806][T15022] R13: 0000000000000000 R14: 00007f3ab1db5fa0 R15: 00007ffd0595ccd8 [ 443.007838][T15022] [ 443.224341][T15025] netlink: 'syz.5.2791': attribute type 9 has an invalid length. [ 443.421787][T15037] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2795'. [ 443.453534][T15039] gretap1: entered promiscuous mode [ 443.462519][T15039] gretap1: entered allmulticast mode [ 443.475004][T15037] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2795'. [ 443.489591][T15036] Cannot find set identified by id 2 to match [ 443.583661][T15045] netlink: 100 bytes leftover after parsing attributes in process `syz.6.2798'. [ 443.650515][T15047] netlink: 'syz.4.2799': attribute type 6 has an invalid length. [ 443.699329][T15053] netlink: 104 bytes leftover after parsing attributes in process `syz.5.2802'. [ 443.739229][T15049] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2800'. [ 443.763658][T15057] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2803'. [ 443.920530][T15069] netlink: 'syz.4.2804': attribute type 12 has an invalid length. [ 443.975297][T15069] netlink: 9472 bytes leftover after parsing attributes in process `syz.4.2804'. [ 444.064244][T15056] bridge0: port 2(bridge_slave_1) entered disabled state [ 444.072128][T15056] bridge0: port 1(bridge_slave_0) entered disabled state [ 444.258634][T15056] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 444.277807][T15056] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 444.539760][T15100] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2809'. [ 444.584323][ T10] lo speed is unknown, defaulting to 1000 [ 444.590579][ T10] syz1: Port: 1 Link DOWN [ 444.672481][ T6609] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 444.695219][ T6609] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.749309][ T6609] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 444.771187][ T6609] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.798959][ T6609] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 444.835063][T15107] netlink: 780 bytes leftover after parsing attributes in process `syz.7.2811'. [ 444.836736][ T6609] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.883271][ T6609] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 444.905813][ T6609] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 444.971063][T15111] netlink: 'syz.6.2813': attribute type 1 has an invalid length. [ 445.070111][T15111] 8021q: adding VLAN 0 to HW filter on device bond1 [ 445.216272][T15122] 8021q: adding VLAN 0 to HW filter on device bond1 [ 445.223437][T15122] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 445.280671][T15122] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 445.489235][T15135] veth3: entered promiscuous mode [ 445.545759][T15138] erspan0: entered allmulticast mode [ 445.655579][T15144] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2822'. [ 446.415332][T15155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 446.512503][T15155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 446.541663][T15155] bond0 (unregistering): Released all slaves [ 448.227551][T15219] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 448.283122][T15219] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 448.300655][T15219] bond0 (unregistering): Released all slaves [ 448.509037][T15242] __nla_validate_parse: 13 callbacks suppressed [ 448.509067][T15242] netlink: 104 bytes leftover after parsing attributes in process `syz.5.2854'. [ 448.586010][T15245] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2856'. [ 448.780698][T15252] openvswitch: netlink: ct_state flags 0000ee01 unsupported [ 448.802115][T15252] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2859'. [ 448.840895][T15255] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2861'. [ 448.881283][T15255] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2861'. [ 448.943389][T15252] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2859'. [ 449.263796][T15267] lo speed is unknown, defaulting to 1000 [ 449.367864][T15277] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2868'. [ 449.417382][T15277] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2868'. [ 449.467441][T15277] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2868'. [ 449.746245][T15285] lo speed is unknown, defaulting to 1000 [ 449.774778][T15293] netlink: 14 bytes leftover after parsing attributes in process `syz.6.2870'. [ 450.049807][T15293] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 450.070769][T15293] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 450.108251][T15293] bond0 (unregistering): Released all slaves [ 450.218076][T15307] netlink: 'syz.5.2874': attribute type 10 has an invalid length. [ 450.270625][T15310] netlink: 'syz.5.2874': attribute type 10 has an invalid length. [ 450.281874][T15307] team0: Port device dummy0 added [ 450.379864][T15310] team0: Port device dummy0 removed [ 450.393429][T15310] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 450.578169][T15320] openvswitch: netlink: Missing valid actions attribute. [ 450.595352][T15320] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 450.615560][T15322] netlink: 'syz.0.2879': attribute type 3 has an invalid length. [ 451.006137][T15344] netlink: 'syz.7.2885': attribute type 9 has an invalid length. [ 451.325708][T15356] tipc: Enabling of bearer rejected, failed to enable media [ 451.411145][T15363] netlink: 'syz.7.2891': attribute type 13 has an invalid length. [ 451.459495][T15363] netlink: 'syz.7.2891': attribute type 17 has an invalid length. [ 451.504312][T15363] erspan0: left allmulticast mode [ 451.528647][T15363] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 451.547790][T15372] netlink: 'syz.0.2894': attribute type 1 has an invalid length. [ 451.581678][T15372] veth0_to_bridge: entered promiscuous mode [ 451.603594][T15363] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 451.684829][T15363] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 451.725379][T15365] veth0_to_bridge: left promiscuous mode [ 451.781728][T15359] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 451.926169][T15392] FAULT_INJECTION: forcing a failure. [ 451.926169][T15392] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 451.980635][T15392] CPU: 1 UID: 0 PID: 15392 Comm: syz.5.2902 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 451.980666][T15392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 451.980679][T15392] Call Trace: [ 451.980687][T15392] [ 451.980697][T15392] dump_stack_lvl+0x189/0x250 [ 451.980728][T15392] ? __pfx____ratelimit+0x10/0x10 [ 451.980798][T15392] ? __pfx_dump_stack_lvl+0x10/0x10 [ 451.980823][T15392] ? __pfx__printk+0x10/0x10 [ 451.980852][T15392] ? __might_fault+0xb0/0x130 [ 451.980901][T15392] should_fail_ex+0x414/0x560 [ 451.980935][T15392] _copy_from_user+0x2d/0xb0 [ 451.980960][T15392] set_user_sigmask+0xa1/0x1b0 [ 451.980984][T15392] ? __pfx_set_user_sigmask+0x10/0x10 [ 451.981006][T15392] ? timespec64_add_safe+0x179/0x1e0 [ 451.981036][T15392] ? __pfx_timespec64_add_safe+0x10/0x10 [ 451.981054][T15392] ? bpf_trace_run2+0x322/0x4b0 [ 451.981088][T15392] do_epoll_pwait+0x2c/0x1d0 [ 451.981118][T15392] __x64_sys_epoll_pwait+0x20a/0x250 [ 451.981146][T15392] ? __pfx___x64_sys_epoll_pwait+0x10/0x10 [ 451.981174][T15392] ? rcu_is_watching+0x15/0xb0 [ 451.981199][T15392] ? trace_sys_enter+0x25/0x120 [ 451.981226][T15392] do_syscall_64+0xfa/0x3b0 [ 451.981253][T15392] ? lockdep_hardirqs_on+0x9c/0x150 [ 451.981279][T15392] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.981299][T15392] ? clear_bhb_loop+0x60/0xb0 [ 451.981324][T15392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.981343][T15392] RIP: 0033:0x7f4f0dd8e929 [ 451.981361][T15392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.981379][T15392] RSP: 002b:00007f4f0eb22038 EFLAGS: 00000246 ORIG_RAX: 0000000000000119 [ 451.981400][T15392] RAX: ffffffffffffffda RBX: 00007f4f0dfb5fa0 RCX: 00007f4f0dd8e929 [ 451.981415][T15392] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffffff [ 451.981428][T15392] RBP: 00007f4f0eb22090 R08: 0000200000001080 R09: 0000000000000008 [ 451.981441][T15392] R10: 000000000000098a R11: 0000000000000246 R12: 0000000000000001 [ 451.981454][T15392] R13: 0000000000000000 R14: 00007f4f0dfb5fa0 R15: 00007ffdaa91a5a8 [ 451.981486][T15392] [ 452.500861][T15405] bridge0: port 2(bridge_slave_1) entered disabled state [ 452.508753][T15405] bridge0: port 1(bridge_slave_0) entered disabled state [ 452.522067][T15412] xt_hashlimit: size too large, truncated to 1048576 [ 452.532405][T15412] xt_hashlimit: max too large, truncated to 1048576 [ 452.622265][T15412] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 452.806039][T15405] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 452.843976][T15405] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 453.094017][T15405] bridge1: left promiscuous mode [ 453.100019][T15405] bridge1: left allmulticast mode [ 453.163546][T11032] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.188816][T11032] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.207266][T11032] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.229552][T11032] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.587721][T15449] veth0_to_bridge: entered promiscuous mode [ 453.614637][T15444] veth0_to_bridge: left promiscuous mode [ 453.842327][T15462] openvswitch: netlink: ct_state flags 0000ee01 unsupported [ 453.858207][T15462] __nla_validate_parse: 11 callbacks suppressed [ 453.858230][T15462] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2925'. [ 453.917454][T15466] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2925'. [ 454.006447][T15468] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2926'. [ 454.080481][T15478] netlink: 'syz.0.2929': attribute type 9 has an invalid length. [ 454.268785][T15482] lo speed is unknown, defaulting to 1000 [ 454.326881][T15487] netlink: 'syz.7.2933': attribute type 6 has an invalid length. [ 454.553323][T15494] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2935'. [ 454.681655][T15498] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2937'. [ 454.745124][T15504] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2939'. [ 454.771455][T15500] : entered promiscuous mode [ 455.075090][T15510] xt_CT: No such helper "netbios-ns" [ 455.126849][T15519] netlink: 'syz.0.2946': attribute type 1 has an invalid length. [ 455.232590][T15527] netlink: 'syz.6.2949': attribute type 13 has an invalid length. [ 455.251360][T15527] netlink: 'syz.6.2949': attribute type 17 has an invalid length. [ 455.328031][T15536] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2946'. [ 455.335496][T15538] netlink: 'syz.5.2950': attribute type 12 has an invalid length. [ 455.350652][T15538] netlink: 9472 bytes leftover after parsing attributes in process `syz.5.2950'. [ 455.364218][T15526] 8021q: adding VLAN 0 to HW filter on device bond1 [ 455.373195][T15526] bond0: (slave bond1): making interface the new active one [ 455.387835][T15526] bond0: (slave bond1): Enslaving as an active interface with an up link [ 455.448464][T15530] bond0: (slave gretap1): Enslaving as a backup interface with an up link [ 455.480046][T15527] erspan0: left allmulticast mode [ 455.529574][T15527] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 455.576635][T15536] 8021q: adding VLAN 0 to HW filter on device bond0 [ 455.683220][T15545] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 456.482048][T15573] tipc: Started in network mode [ 456.497980][T15573] tipc: Node identity 4e572aff3528, cluster identity 4711 [ 456.524970][T15573] tipc: Enabled bearer , priority 0 [ 456.562036][T15573] syzkaller0: entered promiscuous mode [ 456.574046][T15573] syzkaller0: entered allmulticast mode [ 456.626377][T15585] netlink: 'syz.6.2969': attribute type 5 has an invalid length. [ 456.635538][T15585] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2969'. [ 456.648617][T15573] tipc: Resetting bearer [ 456.675302][T15572] tipc: Resetting bearer [ 456.700298][T15572] tipc: Disabling bearer [ 456.722902][T15577] lo speed is unknown, defaulting to 1000 [ 457.149827][T15609] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2978'. [ 457.284355][T15620] sctp: [Deprecated]: syz.0.2983 (pid 15620) Use of struct sctp_assoc_value in delayed_ack socket option. [ 457.284355][T15620] Use struct sctp_sack_info instead [ 457.287453][T15609] dummy0: entered promiscuous mode [ 457.307168][T15609] macvtap1: entered promiscuous mode [ 457.312830][T15609] macvtap1: entered allmulticast mode [ 457.319597][T15609] dummy0: entered allmulticast mode [ 458.876868][T15685] __nla_validate_parse: 4 callbacks suppressed [ 458.876959][T15685] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3014'. [ 459.495312][T15717] xt_CT: You must specify a L4 protocol and not use inversions on it [ 459.828422][T15740] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3041'. [ 460.734643][T15749] bridge0: port 2(bridge_slave_1) entered disabled state [ 460.743229][T15749] bridge0: port 1(bridge_slave_0) entered disabled state [ 460.762971][T15755] netlink: 212408 bytes leftover after parsing attributes in process `syz.7.3047'. [ 460.776413][T15756] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3046'. [ 460.842830][T15749] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 460.860959][T15749] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 461.004117][T15749] dummy0: left allmulticast mode [ 461.078989][T11032] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.109100][T11032] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.137028][T11032] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.156586][T11032] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.213792][T15765] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3050'. [ 461.329860][T15771] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3054'. [ 462.249478][T15784] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3059'. [ 463.750310][T15820] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3073'. [ 464.091423][T15829] IPVS: sync thread started: state = BACKUP, mcast_ifn = vlan0, syncid = 1, id = 0 [ 464.549134][T15846] xt_l2tp: missing protocol rule (udp|l2tpip) [ 466.322076][T15896] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3108'. [ 466.980001][T15884] veth2: entered allmulticast mode [ 467.094828][ T51] Bluetooth: hci2: command tx timeout [ 467.712183][T15936] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3127'. [ 467.736751][T15936] syzkaller1: entered promiscuous mode [ 467.745161][T15936] syzkaller1: entered allmulticast mode [ 467.979686][T15946] ================================================================== [ 467.987812][T15946] BUG: KASAN: slab-use-after-free in tcp_prune_ofo_queue+0x37e/0x6e0 [ 467.995916][T15946] Read of size 4 at addr ffff88801a507ad0 by task syz.4.3132/15946 [ 468.003813][T15946] [ 468.006149][T15946] CPU: 0 UID: 0 PID: 15946 Comm: syz.4.3132 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 468.006172][T15946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 468.006185][T15946] Call Trace: [ 468.006193][T15946] [ 468.006202][T15946] dump_stack_lvl+0x189/0x250 [ 468.006225][T15946] ? rcu_is_watching+0x15/0xb0 [ 468.006258][T15946] ? __kasan_check_byte+0x12/0x40 [ 468.006279][T15946] ? __pfx_dump_stack_lvl+0x10/0x10 [ 468.006298][T15946] ? rcu_is_watching+0x15/0xb0 [ 468.006317][T15946] ? lock_release+0x4b/0x3e0 [ 468.006335][T15946] ? _raw_spin_lock_irqsave+0xb3/0xf0 [ 468.006355][T15946] ? __virt_addr_valid+0x1c8/0x5c0 [ 468.006376][T15946] ? __virt_addr_valid+0x4a5/0x5c0 [ 468.006398][T15946] print_report+0xd2/0x2b0 [ 468.006415][T15946] ? tcp_prune_ofo_queue+0x37e/0x6e0 [ 468.006436][T15946] kasan_report+0x118/0x150 [ 468.006457][T15946] ? tcp_prune_ofo_queue+0x37e/0x6e0 [ 468.006480][T15946] tcp_prune_ofo_queue+0x37e/0x6e0 [ 468.006506][T15946] tcp_try_rmem_schedule+0xb6b/0x1830 [ 468.006532][T15946] tcp_data_queue+0x4e3/0x6380 [ 468.006577][T15946] ? __pfx_tcp_data_queue+0x10/0x10 [ 468.006596][T15946] ? __pfx_tcp_urg+0x10/0x10 [ 468.006614][T15946] ? read_tsc+0x9/0x20 [ 468.006631][T15946] tcp_rcv_established+0xf9e/0x1eb0 [ 468.006652][T15946] ? rt_is_expired+0x1c/0x2d0 [ 468.006687][T15946] ? __pfx_tcp_rcv_established+0x10/0x10 [ 468.006704][T15946] ? rt_is_expired+0x1c/0x2d0 [ 468.006728][T15946] ? rt_is_expired+0x1c/0x2d0 [ 468.006752][T15946] ? rt_is_expired+0x250/0x2d0 [ 468.006776][T15946] ? __pfx_ipv4_dst_check+0x10/0x10 [ 468.006800][T15946] ? __pfx_ipv4_dst_check+0x10/0x10 [ 468.006825][T15946] tcp_v4_do_rcv+0xa23/0xce0 [ 468.006851][T15946] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 468.006873][T15946] __release_sock+0x21c/0x350 [ 468.006895][T15946] release_sock+0x5f/0x1f0 [ 468.006918][T15946] tcp_sendmsg+0x39/0x50 [ 468.006937][T15946] __sock_sendmsg+0x19c/0x270 [ 468.006959][T15946] __sys_sendto+0x3bd/0x520 [ 468.006984][T15946] ? __pfx___sys_sendto+0x10/0x10 [ 468.007006][T15946] ? do_futex+0x395/0x420 [ 468.007043][T15946] ? rcu_is_watching+0x15/0xb0 [ 468.007064][T15946] __x64_sys_sendto+0xde/0x100 [ 468.007089][T15946] do_syscall_64+0xfa/0x3b0 [ 468.007111][T15946] ? lockdep_hardirqs_on+0x9c/0x150 [ 468.007132][T15946] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.007149][T15946] ? clear_bhb_loop+0x60/0xb0 [ 468.007169][T15946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.007186][T15946] RIP: 0033:0x7f3ab1b8e929 [ 468.007202][T15946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 468.007218][T15946] RSP: 002b:00007f3ab2971038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 468.007237][T15946] RAX: ffffffffffffffda RBX: 00007f3ab1db5fa0 RCX: 00007f3ab1b8e929 [ 468.007250][T15946] RDX: 000000000000059a RSI: 0000200000000580 RDI: 0000000000000003 [ 468.007262][T15946] RBP: 00007f3ab1c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 468.007274][T15946] R10: 0000000010008095 R11: 0000000000000246 R12: 0000000000000000 [ 468.007285][T15946] R13: 0000000000000000 R14: 00007f3ab1db5fa0 R15: 00007ffd0595ccd8 [ 468.007306][T15946] [ 468.007313][T15946] [ 468.323208][T15946] Allocated by task 15946: [ 468.327645][T15946] kasan_save_track+0x3e/0x80 [ 468.332360][T15946] __kasan_slab_alloc+0x6c/0x80 [ 468.337231][T15946] kmem_cache_alloc_node_noprof+0x1bb/0x3c0 [ 468.343133][T15946] __alloc_skb+0x112/0x2d0 [ 468.347559][T15946] tcp_stream_alloc_skb+0x3d/0x340 [ 468.352675][T15946] tcp_write_xmit+0xeec/0x67f0 [ 468.357556][T15946] __tcp_push_pending_frames+0x97/0x360 [ 468.363115][T15946] tcp_sendmsg_locked+0x483c/0x56d0 [ 468.368330][T15946] tcp_sendmsg+0x2f/0x50 [ 468.372580][T15946] __sock_sendmsg+0x19c/0x270 [ 468.377266][T15946] __sys_sendto+0x3bd/0x520 [ 468.381783][T15946] __x64_sys_sendto+0xde/0x100 [ 468.386553][T15946] do_syscall_64+0xfa/0x3b0 [ 468.391068][T15946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.396963][T15946] [ 468.399290][T15946] Freed by task 15946: [ 468.403356][T15946] kasan_save_track+0x3e/0x80 [ 468.408046][T15946] kasan_save_free_info+0x46/0x50 [ 468.413096][T15946] __kasan_slab_free+0x62/0x70 [ 468.417879][T15946] kmem_cache_free+0x18f/0x400 [ 468.422660][T15946] tcp_prune_ofo_queue+0x198/0x6e0 [ 468.427786][T15946] tcp_try_rmem_schedule+0xb6b/0x1830 [ 468.433168][T15946] tcp_data_queue+0x4e3/0x6380 [ 468.437942][T15946] tcp_rcv_established+0xf9e/0x1eb0 [ 468.443147][T15946] tcp_v4_do_rcv+0xa23/0xce0 [ 468.447747][T15946] __release_sock+0x21c/0x350 [ 468.452429][T15946] release_sock+0x5f/0x1f0 [ 468.456853][T15946] tcp_sendmsg+0x39/0x50 [ 468.461098][T15946] __sock_sendmsg+0x19c/0x270 [ 468.465782][T15946] __sys_sendto+0x3bd/0x520 [ 468.470293][T15946] __x64_sys_sendto+0xde/0x100 [ 468.475069][T15946] do_syscall_64+0xfa/0x3b0 [ 468.479595][T15946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.485491][T15946] [ 468.487823][T15946] The buggy address belongs to the object at ffff88801a507900 [ 468.487823][T15946] which belongs to the cache skbuff_fclone_cache of size 488 [ 468.502568][T15946] The buggy address is located 464 bytes inside of [ 468.502568][T15946] freed 488-byte region [ffff88801a507900, ffff88801a507ae8) [ 468.516369][T15946] [ 468.518699][T15946] The buggy address belongs to the physical page: [ 468.525107][T15946] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1a506 [ 468.533884][T15946] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 468.542387][T15946] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 468.550296][T15946] page_type: f5(slab) [ 468.554284][T15946] raw: 00fff00000000040 ffff888140ae1a00 ffffea0001e13c80 0000000000000003 [ 468.562883][T15946] raw: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 468.571473][T15946] head: 00fff00000000040 ffff888140ae1a00 ffffea0001e13c80 0000000000000003 [ 468.580143][T15946] head: 0000000000000000 00000000000c000c 00000000f5000000 0000000000000000 [ 468.588819][T15946] head: 00fff00000000001 ffffea0000694181 00000000ffffffff 00000000ffffffff [ 468.597494][T15946] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 468.606163][T15946] page dumped because: kasan: bad access detected [ 468.612584][T15946] page_owner tracks the page as allocated [ 468.618295][T15946] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 15131, tgid 15110 (syz.6.2813), ts 445709510894, free_ts 443878587398 [ 468.639841][T15946] post_alloc_hook+0x240/0x2a0 [ 468.644625][T15946] get_page_from_freelist+0x21e4/0x22c0 [ 468.650201][T15946] __alloc_frozen_pages_noprof+0x181/0x370 [ 468.656017][T15946] alloc_pages_mpol+0x232/0x4a0 [ 468.660875][T15946] allocate_slab+0x8a/0x3b0 [ 468.665388][T15946] ___slab_alloc+0xbfc/0x1480 [ 468.670072][T15946] kmem_cache_alloc_node_noprof+0x280/0x3c0 [ 468.675970][T15946] __alloc_skb+0x112/0x2d0 [ 468.680398][T15946] tipc_msg_build+0x13b/0xcf0 [ 468.685084][T15946] __tipc_sendstream+0x8ac/0x1290 [ 468.690112][T15946] tipc_sendstream+0x55/0x70 [ 468.694707][T15946] __sock_sendmsg+0x21c/0x270 [ 468.699406][T15946] ____sys_sendmsg+0x505/0x830 [ 468.704183][T15946] ___sys_sendmsg+0x21f/0x2a0 [ 468.708859][T15946] __x64_sys_sendmsg+0x19b/0x260 [ 468.713825][T15946] do_syscall_64+0xfa/0x3b0 [ 468.718346][T15946] page last free pid 15062 tgid 15062 stack trace: [ 468.724848][T15946] __free_frozen_pages+0xc71/0xe70 [ 468.729967][T15946] __slab_free+0x326/0x400 [ 468.734403][T15946] qlist_free_all+0x97/0x140 [ 468.738996][T15946] kasan_quarantine_reduce+0x148/0x160 [ 468.744460][T15946] __kasan_slab_alloc+0x22/0x80 [ 468.749322][T15946] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 468.754782][T15946] __pmd_alloc+0xc6/0x3b0 [ 468.759117][T15946] __handle_mm_fault+0xa63/0x5620 [ 468.764143][T15946] handle_mm_fault+0x40a/0x8e0 [ 468.768910][T15946] do_user_addr_fault+0xa81/0x1390 [ 468.774024][T15946] exc_page_fault+0x76/0xf0 [ 468.778537][T15946] asm_exc_page_fault+0x26/0x30 [ 468.783400][T15946] [ 468.785729][T15946] Memory state around the buggy address: [ 468.791365][T15946] ffff88801a507980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 468.799515][T15946] ffff88801a507a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 468.807584][T15946] >ffff88801a507a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc [ 468.815659][T15946] ^ [ 468.822336][T15946] ffff88801a507b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 468.830400][T15946] ffff88801a507b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 468.838464][T15946] ================================================================== [ 468.878352][T15946] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 468.885609][T15946] CPU: 0 UID: 0 PID: 15946 Comm: syz.4.3132 Not tainted 6.16.0-rc5-syzkaller-01458-gc3886ccaadf8 #0 PREEMPT(full) [ 468.897717][T15946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 468.907805][T15946] Call Trace: [ 468.911096][T15946] [ 468.914040][T15946] dump_stack_lvl+0x99/0x250 [ 468.918658][T15946] ? __asan_memcpy+0x40/0x70 [ 468.923264][T15946] ? __pfx_dump_stack_lvl+0x10/0x10 [ 468.928475][T15946] ? __pfx__printk+0x10/0x10 [ 468.933084][T15946] panic+0x2db/0x790 [ 468.936993][T15946] ? __pfx_preempt_schedule+0x10/0x10 [ 468.942394][T15946] ? __pfx_panic+0x10/0x10 [ 468.946828][T15946] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 468.952729][T15946] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 468.959068][T15946] ? tcp_prune_ofo_queue+0x37e/0x6e0 [ 468.964365][T15946] check_panic_on_warn+0x89/0xb0 [ 468.969321][T15946] ? tcp_prune_ofo_queue+0x37e/0x6e0 [ 468.974618][T15946] end_report+0x78/0x160 [ 468.978878][T15946] kasan_report+0x129/0x150 [ 468.983392][T15946] ? tcp_prune_ofo_queue+0x37e/0x6e0 [ 468.988691][T15946] tcp_prune_ofo_queue+0x37e/0x6e0 [ 468.993823][T15946] tcp_try_rmem_schedule+0xb6b/0x1830 [ 468.999211][T15946] tcp_data_queue+0x4e3/0x6380 [ 469.003993][T15946] ? __pfx_tcp_data_queue+0x10/0x10 [ 469.009198][T15946] ? __pfx_tcp_urg+0x10/0x10 [ 469.013799][T15946] ? read_tsc+0x9/0x20 [ 469.017892][T15946] tcp_rcv_established+0xf9e/0x1eb0 [ 469.023099][T15946] ? rt_is_expired+0x1c/0x2d0 [ 469.027795][T15946] ? __pfx_tcp_rcv_established+0x10/0x10 [ 469.033437][T15946] ? rt_is_expired+0x1c/0x2d0 [ 469.038123][T15946] ? rt_is_expired+0x1c/0x2d0 [ 469.042834][T15946] ? rt_is_expired+0x250/0x2d0 [ 469.047612][T15946] ? __pfx_ipv4_dst_check+0x10/0x10 [ 469.052833][T15946] ? __pfx_ipv4_dst_check+0x10/0x10 [ 469.058048][T15946] tcp_v4_do_rcv+0xa23/0xce0 [ 469.062655][T15946] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 469.067779][T15946] __release_sock+0x21c/0x350 [ 469.072468][T15946] release_sock+0x5f/0x1f0 [ 469.076896][T15946] tcp_sendmsg+0x39/0x50 [ 469.081145][T15946] __sock_sendmsg+0x19c/0x270 [ 469.085836][T15946] __sys_sendto+0x3bd/0x520 [ 469.090351][T15946] ? __pfx___sys_sendto+0x10/0x10 [ 469.095385][T15946] ? do_futex+0x395/0x420 [ 469.099747][T15946] ? rcu_is_watching+0x15/0xb0 [ 469.104525][T15946] __x64_sys_sendto+0xde/0x100 [ 469.109300][T15946] do_syscall_64+0xfa/0x3b0 [ 469.113816][T15946] ? lockdep_hardirqs_on+0x9c/0x150 [ 469.119024][T15946] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 469.125097][T15946] ? clear_bhb_loop+0x60/0xb0 [ 469.129778][T15946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 469.135677][T15946] RIP: 0033:0x7f3ab1b8e929 [ 469.140098][T15946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 469.159713][T15946] RSP: 002b:00007f3ab2971038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 469.168145][T15946] RAX: ffffffffffffffda RBX: 00007f3ab1db5fa0 RCX: 00007f3ab1b8e929 [ 469.176131][T15946] RDX: 000000000000059a RSI: 0000200000000580 RDI: 0000000000000003 [ 469.184109][T15946] RBP: 00007f3ab1c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 469.192084][T15946] R10: 0000000010008095 R11: 0000000000000246 R12: 0000000000000000 [ 469.200063][T15946] R13: 0000000000000000 R14: 00007f3ab1db5fa0 R15: 00007ffd0595ccd8 [ 469.208050][T15946] [ 469.211461][T15946] Kernel Offset: disabled [ 469.215788][T15946] Rebooting in 86400 seconds..