last executing test programs: 1m16.42276029s ago: executing program 2 (id=1333): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=@newtaction={0x6c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xe4ffffff}}}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_TCINDEX={0x6}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) 1m2.201458247s ago: executing program 2 (id=1333): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=@newtaction={0x6c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xe4ffffff}}}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_TCINDEX={0x6}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) 52.553950634s ago: executing program 2 (id=1333): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=@newtaction={0x6c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xe4ffffff}}}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_TCINDEX={0x6}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) 43.50914636s ago: executing program 2 (id=1333): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=@newtaction={0x6c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xe4ffffff}}}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_TCINDEX={0x6}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) 34.303441233s ago: executing program 2 (id=1333): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=@newtaction={0x6c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xe4ffffff}}}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_TCINDEX={0x6}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) 16.296819005s ago: executing program 2 (id=1333): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=@newtaction={0x6c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xe4ffffff}}}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_TCINDEX={0x6}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) 7.397438474s ago: executing program 3 (id=2127): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) 7.381805865s ago: executing program 3 (id=2128): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000000)={0x1, 0x0}, 0x20) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001418) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRES64=r0, @ANYRESDEC=r1, @ANYRES8=r0], 0x48) ioctl$TUNSETOFFLOAD(r1, 0x40047451, 0x20000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[], 0x40}, 0x1, 0x0, 0x0, 0x4000004}, 0x0) socket$packet(0x11, 0x2, 0x300) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[], 0xb4}}, 0x44884) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000009c0)=ANY=[@ANYBLOB], 0x594}, 0x1, 0x0, 0x0, 0x4}, 0x800) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) sendto$inet6(r5, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f0000000580)={0x7}, 0xe) recvmmsg(r5, &(0x7f0000000100)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=""/32, 0x5}}], 0x196, 0x2, 0x0) r6 = socket$inet6(0x10, 0x3, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="d0f3018f89a4f8a50000160000001400018010746e6c3000"], 0x28}}, 0x0) r9 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000400)=ANY=[], 0x44}, 0x1, 0x10000000}, 0x0) sendto$inet6(r6, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 6.377377158s ago: executing program 3 (id=2136): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=@deltaction={0x14}, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) (async) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB="4000000010003904000000000400000000000000", @ANYRES32=r3, @ANYBLOB="030000007f0000002000128008000100736974001400028008000100", @ANYRES32=r2], 0x40}}, 0x0) r4 = socket$inet(0xa, 0x801, 0x84) socket$inet(0xa, 0x801, 0x84) (async) r5 = socket$inet(0xa, 0x801, 0x84) connect$inet(r5, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r5, 0xfffffffd) (async) listen(r5, 0xfffffffd) listen(r4, 0x8) (async) listen(r4, 0x8) socket$inet(0xa, 0x801, 0x84) (async) r6 = socket$inet(0xa, 0x801, 0x84) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) listen(r7, 0x100) listen(r6, 0x8) r8 = socket$inet(0xa, 0x801, 0x84) listen(r8, 0x1) (async) listen(r8, 0x1) socket$netlink(0x10, 0x3, 0x4) (async) r9 = socket$netlink(0x10, 0x3, 0x4) r10 = socket$nl_crypto(0x10, 0x3, 0x15) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="8500000011000000350000000000000085000000070000009500000000000000f4670880271e3503200ffa95b2c8c037c5e96a21a755752f475b6da142c9a8d76287066c51adde96fcc309926fa397fabd5f9810e81ae03737"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$netlink(r10, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000580)=ANY=[@ANYBLOB="2c02000010000b0500000200000000006f6d8864d22a3e2f00a46c887c090200002b0e13e735a3184f1b3d6da2f1acfac0ee50d2b184b27db1f302de337c0004060000000000bf852c89867f6691b01b2d44e4ff2d282d28"], 0x22c}], 0x1}, 0x0) (async) sendmsg$netlink(r10, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000580)=ANY=[@ANYBLOB="2c02000010000b0500000200000000006f6d8864d22a3e2f00a46c887c090200002b0e13e735a3184f1b3d6da2f1acfac0ee50d2b184b27db1f302de337c0004060000000000bf852c89867f6691b01b2d44e4ff2d282d28"], 0x22c}], 0x1}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r9) writev(r9, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000780)=@newlink={0x38, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0xe403, r2}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @multicast1}]}}}]}, 0x38}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r12 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r12, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000500)=@newsa={0x138, 0x10, 0x1, 0x0, 0x0, {{@in=@local, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@mcast2, 0x0, 0x6c}, @in6=@remote, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x0) (async) sendmsg$nl_xfrm(r12, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000500)=@newsa={0x138, 0x10, 0x1, 0x0, 0x0, {{@in=@local, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@mcast2, 0x0, 0x6c}, @in6=@remote, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x0) 6.173187309s ago: executing program 0 (id=2140): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000840)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0xa, [@fwd={0x8}, @volatile={0x0, 0x0, 0x0, 0x9, 0x3}, @typedef={0x8, 0x0, 0x0, 0xf, 0x1}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f]}}, 0x0, 0x46, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet(r1, &(0x7f0000001bc0)={&(0x7f0000000480)={0x2, 0x4e23, @remote}, 0x10, 0x0, 0x0, &(0x7f0000001b40)=[@ip_retopts={{0x14, 0x0, 0x7, {[@ra={0x94, 0x4, 0x1}]}}}], 0x18}, 0x8000) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a320000000014000480080001400100000008000240000000000900010073797a30"], 0xd4}}, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, &(0x7f0000000500), &(0x7f00000005c0)=0x30) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, 0x0, &(0x7f00000001c0)) r4 = socket$kcm(0xa, 0x5, 0x0) r5 = socket$kcm(0xa, 0x5, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000002800000028000000020000000100000000000001e5ff00004000000000000000010000840600040000"], 0x0, 0x42, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x8916, &(0x7f0000000000)={r5}) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x8936, &(0x7f0000000000)={r5}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000340)={{0x1, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000240)='%pi6 \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000400)={r6}, 0x4) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x6) sendmsg$nl_route_sched(r8, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r9, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r10 = socket(0x1, 0x803, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r8, 0x10e, 0x4, &(0x7f00000004c0)=0x4, 0x4) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r11}]}, 0x3c}}, 0x0) r12 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r12, &(0x7f00000002c0), 0x40000000000009f, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c0000001000030400ff00"/20, @ANYRES32=0x0, @ANYBLOB="00090000000000001c00128009000100766c616e000000000c00028006000100fe0f000008000500", @ANYRES32, @ANYBLOB="080000681b4f1b2ddb6bd3b235c7b71f510a80952a2dc24a0fabe512f5621167efd74e0a00", @ANYRES32, @ANYBLOB], 0x4c}}, 0x0) 6.106652101s ago: executing program 3 (id=2142): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="8fcacb7907051175f37538e486dd6300800701082c00db5b686158bbcfe8875a060300000023000000000000000000000000ac1414aa"], 0xfdef) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e486dd6372"], 0xfdef) 5.763515197s ago: executing program 0 (id=2145): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff) r2 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000140)='syz0\x00', 0x200002, 0x0) openat$cgroup_ro(r2, &(0x7f0000000180)='blkio.bfq.io_serviced\x00', 0x0, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_NEW_SEC_DEV(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x44, r1, 0x8, 0x70bd25, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_SEC_DEVICE={0x24, 0x2e, 0x0, 0x1, [@NL802154_DEV_ATTR_SECLEVEL_EXEMPT={0x5}, @NL802154_DEV_ATTR_SHORT_ADDR={0x6, 0x3, 0xfffd}, @NL802154_DEV_ATTR_KEY_MODE={0x8, 0x6, 0x1}, @NL802154_DEV_ATTR_SECLEVEL_EXEMPT={0x5, 0x5, 0x1}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x60042081}, 0x4000000) ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000400)={'wpan0\x00', 0x0}) r5 = bpf$ITER_CREATE(0x21, &(0x7f00000001c0), 0x8) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r5, 0x0, 0x61, &(0x7f0000000280)={'filter\x00', 0x4}, 0x68) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000004c0)={0x5c, r1, 0x3, 0xfffffffd, 0xffffffff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_SEC_DEVKEY={0x40, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_ID={0x20, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}]}, @NL802154_KEY_ID_ATTR_MODE={0x8}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x6}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x280d0}, 0x40014) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000340)={0x44, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_FRAME={0x25, 0x33, @action={{{}, {}, @device_b}, @addba_resp}}]}, 0x44}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_MGMT(r5, &(0x7f0000000480)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000440)={&(0x7f00000008c0)={0x268, r7, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_TDLS_INITIATOR={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x68}, @NL80211_ATTR_TDLS_DIALOG_TOKEN={0x5, 0x89, 0x44}, @NL80211_ATTR_TDLS_INITIATOR={0x4}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x51}, @NL80211_ATTR_IE={0x1e8, 0x2a, [@ssid={0x0, 0x6, @default_ibss_ssid}, @rann={0x7e, 0x15, {{0x1, 0x5}, 0x9, 0x8, @device_a, 0x1000, 0xa7e, 0x1d39}}, @perr={0x84, 0xdb, {0x1, 0xd, [{{}, @device_b, 0xfff, @void, 0x21}, {{0x0, 0x1}, @broadcast, 0x6, @value=@broadcast, 0x1a}, {{0x0, 0x1}, @device_b, 0x9e, @value, 0x1f}, {{}, @broadcast, 0x9a7, @void, 0x13}, {{}, @broadcast, 0x9, @void, 0x34}, {{0x0, 0x1}, @broadcast, 0xa4b, @value=@device_b, 0x6}, {{0x0, 0x1}, @device_a, 0x21d, @value, 0x1a}, {{0x0, 0x1}, @device_a, 0x400, @value=@broadcast, 0x14}, {{}, @device_b, 0x6, @void, 0x1}, {{0x0, 0x1}, @broadcast, 0xffffffa0, @value=@device_b, 0xc}, {{}, @device_a, 0x5, @void, 0x42}, {{0x0, 0x1}, @broadcast, 0x6, @value=@broadcast, 0x17}, {{0x0, 0x1}, @device_a, 0x5, @value=@broadcast, 0x1}]}}, @link_id={0x65, 0x12, {@random="cde407cc26c7"}}, @measure_req={0x26, 0xd2, {0xc, 0x7, 0x0, "7e370008b5d723578ebe9b7b7e2e6377addd6ab00bff22047254e79b40731d893067d3b11c474b2f6811321768839cfdcdc76e705bf79dbc2fbd692fdeabfeb39614420698e591bc1e42ed6780cfbb0980b52d3bf12205ef2af7e596ee7fc8c79b43c1f0f8628e4393b793fb6093a99cd8a0c404f739bd2991e3b2681f9a4cec006b27d8bf944cbac14f26e797570f6e3bcbfe39c91f8a81adaf28b58ba016b35a6a1ed7c7d69d7c68a655d015cf90ea54404d6b1a222797b753e44e2bfeacd52365a8094fab2054987a3dfb6c5074"}}]}, @NL80211_ATTR_TDLS_INITIATOR={0x4}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x34}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x8}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x268}, 0x1, 0x0, 0x0, 0x404c010}, 0x4000050) 3.897511893s ago: executing program 3 (id=2147): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000000)={0x1, 0x0}, 0x20) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x20001418) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRES64=r0, @ANYRESDEC=r1, @ANYRES8=r0], 0x48) ioctl$TUNSETOFFLOAD(r1, 0x40047451, 0x20000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[], 0x40}, 0x1, 0x0, 0x0, 0x4000004}, 0x0) socket$packet(0x11, 0x2, 0x300) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[], 0xb4}}, 0x44884) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000009c0)=ANY=[@ANYBLOB], 0x594}, 0x1, 0x0, 0x0, 0x4}, 0x800) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) sendto$inet6(r5, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f0000000580)={0x7}, 0xe) recvmmsg(r5, &(0x7f0000000100)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=""/32, 0x5}}], 0x196, 0x2, 0x0) r6 = socket$inet6(0x10, 0x3, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="d0f3018f89a4f8a50000160000001400018010746e6c3000"], 0x28}}, 0x0) r9 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000400)=ANY=[], 0x44}, 0x1, 0x10000000}, 0x0) sendto$inet6(r6, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 3.837330969s ago: executing program 0 (id=2148): ioctl$sock_ax25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000700)={@default, @default, 0x8, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @default, @null, @null, @bcast, @bcast]}) 3.727663253s ago: executing program 0 (id=2151): sendmsg$NFNL_MSG_ACCT_DEL(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0xd8, 0x3, 0x7, 0x201, 0x0, 0x0, {0x7}, [@NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_FILTER={0xc, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x80}]}, @NFACCT_FILTER={0x34, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x5}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x5}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x8}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x4}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x5}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x57}]}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x4}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x3}, @NFACCT_FLAGS={0x8}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFACCT_FILTER={0x54, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0xfffffffe}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0xf}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x6}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x4}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x9}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x6}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x3}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0xd}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x7fff}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x7}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x100040c0}, 0x8080) r0 = accept$inet(0xffffffffffffffff, 0x0, &(0x7f00000001c0)) getsockopt$inet_int(r0, 0x0, 0xa, &(0x7f0000000200), &(0x7f0000000240)=0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={r2, 0xe0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x90, 0x0, 0x0, 0x10, &(0x7f0000000480), &(0x7f00000004c0), 0x8, 0x46, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)={0x2, 0x4, 0x8, 0x1, 0x80, r1, 0x9, '\x00', r3, 0xffffffffffffffff, 0x3, 0x2, 0x4, 0x0, @void, @value, @void, @value}, 0x50) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_FLUSH(r1, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000300)={&(0x7f0000000480)={0x314, r4, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0x84, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x400}]}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xcd0}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xca}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NODE={0x54, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x2}, @TIPC_NLA_NODE_KEY={0x45, 0x4, {'gcm(aes)\x00', 0x1d, "2a0d5c388b1c5e4b15e463506d8e929d258beab3c99fe9918fa465d07a"}}]}, @TIPC_NLA_NODE={0x128, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ID={0x5a, 0x3, "76bd3ccf9bfa63babdbf1c9ef42f51f859a8a30104e1ee7e7975cf10fc9d80cfaa60e71324be66f46129afb7e54e214fd67e0a57a63473eeec870d683ae688d42bbd217a22d26399d620a2527f1d1b0c073172c48f66"}, @TIPC_NLA_NODE_ID={0xa9, 0x3, "ee6514499683c4c272509d2e4b4642f1878fdbf2ef30978d56c781236c09a716aa611eb283eb05512b56811dcebc51e33ff3df731d5aaa6b36425ee091368b9597d5064d3a7392282d627a979ce7a37c9f21ea40ec86daa331768bb0ce01ed20ead19001e1bba457ba17bc4242ab941b9574557391df46714795c8fba02c210443883c2b658493fafab9bd7a1f898ca48a0de338b67e3c086912703afb589b7633da2f7754"}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x7}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}]}, @TIPC_NLA_MEDIA={0xc8, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000001}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffff7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}]}, @TIPC_NLA_NET={0x38, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0xffffffffffffff80}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3bd}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3ff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}]}]}, 0x314}, 0x1, 0x0, 0x0, 0x20000011}, 0x60000010) r5 = socket$kcm(0x11, 0x2, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) r8 = socket$pppl2tp(0x18, 0x1, 0x1) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006b40)=[{{&(0x7f00000050c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000540)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x2, 0x0) connect$pppl2tp(r8, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r7, {}, 0xa}}, 0x26) sendmmsg$inet(r8, &(0x7f0000005f80)=[{{0x0, 0x0, &(0x7f0000005dc0)=[{&(0x7f00000010c0)="7d5107673289eeae3f806c5c62db497a0299399ab6101c3b", 0x1}], 0x1}}], 0x4000000000001ce, 0x8040) r9 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r9, 0xc004743e, &(0x7f0000000140)) unshare(0x68040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r10 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$IP6T_SO_GET_INFO(r10, 0x29, 0x40, &(0x7f0000000040)={'nat\x00', 0x0, [0x40, 0x101, 0x6a1, 0x0, 0x106]}, &(0x7f0000000000)=0x54) ioctl$PPPIOCSPASS(r9, 0x40107447, &(0x7f0000000180)={0x1, &(0x7f00000000c0)=[{0x6}]}) write$ppp(r9, &(0x7f00000001c0)="38d5", 0x2) sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newlink={0x44, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4048b}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_PMTUDISC={0x5}, @IFLA_IPTUN_TOS={0x5, 0x5, 0x10}]}}}]}, 0x44}}, 0x0) sendmsg$kcm(r5, &(0x7f0000000440)={&(0x7f0000001340)=@hci={0x1f, 0x8e88, 0x47}, 0x80, 0x0}, 0x0) 3.44114471s ago: executing program 4 (id=2154): socket$nl_route(0x10, 0x3, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_LBT_MODE(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="04"], 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000cc0), r1) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000300), r1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c) listen(r4, 0x0) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x14, r7, 0x1}, 0x14}}, 0x0) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, r7, 0x1, 0x70bd2b, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000084}, 0x40) sendmsg$NLBL_MGMT_C_VERSION(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000940)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="030f00000000000000000800"], 0x2c}}, 0x0) r8 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000c80)={'lo\x00'}) 3.097089699s ago: executing program 4 (id=2156): r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r0, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @rand_addr=0xac1414bb}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000201}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000240)="b9", 0x1}], 0x1}}], 0x2, 0x0) 2.887859257s ago: executing program 4 (id=2157): write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="8fcacb7907051175f37538e486dd6300800701082c00db5b686158bbcfe8875a060300000023000000000000000000000000ac1414aa"], 0xfdef) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e486dd6372"], 0xfdef) 2.298374583s ago: executing program 1 (id=2159): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={r0, &(0x7f0000000180)="29837380bc6de9d34d8662fb4bbff8779c979fd3f2cc716330248dc7424cae4915967c97637f19bb7e2251bbb038cd4120c10a7052284af454514ed86462e3c099da3f8efffb7879c22cf192484064403cc8a0db9c3a4fcf2e48af5722f603a0484db3f97cafd1c65eaf107e2213ca07c8500697b08fe8ddacccbfc6ebd14fe565983a4d7369a4a3a4c46ab52a960040b4d0ee5d5ec7cda61f2b689e670db83092f32fd6ab69029f38021c2b3071c92762a2adc16dde868097a4e0986bdda1d1691b79efdd96feffffffe5d21a5c9b6cc2dd2a30a3ab2c5c3167930fcaaf0f49505d4d1702aff933f710028825a4f74d8bc2c01eb6ac6392029dd4c8ca8ab156443ee6f86fc5cc4fc3464aeac3f0ae918f50c5086a90a30b587d9332430a40641c4a332f1cc7a2f0ad312f0cfdb9801997633d5dee", &(0x7f0000000680)=""/233}, 0x20) (async) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1}, &(0x7f00000000c0), &(0x7f0000000100)}, 0x20) r2 = socket(0x22, 0x2, 0x3) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000000), 0x14) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r1}, 0x4) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x10, &(0x7f0000000e80)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}]}, &(0x7f0000000300)='GPL\x00', 0x9, 0xff0, &(0x7f0000001e00)=""/4080, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 2.185399704s ago: executing program 1 (id=2160): socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0xf}}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000100)={r1, 0x1}, 0x8) 1.334109384s ago: executing program 1 (id=2161): r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000001400)=@base={0x1a, 0xcf3b, 0xffffffff, 0xfffffffa, 0x8, 0xffffffffffffffff, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x4, 0x0, @void, @value, @void, @value}, 0x50) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000780)={r1, r1, 0x8, 0x0, 0x0, 0xb, 0x4d, 0x7, 0xfff9, 0x0, 0x1, 0x4, 'syz0\x00'}) 1.233215906s ago: executing program 1 (id=2162): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000840)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0xa, [@fwd={0x8}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5f]}}, 0x0, 0x2e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) 1.192134139s ago: executing program 1 (id=2163): r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r0, 0x8947, &(0x7f0000000580)={'bond0\x00', 0x10001}) 516.524103ms ago: executing program 1 (id=2164): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendto$inet6(r0, &(0x7f0000000200)="18", 0x1, 0x14000000, &(0x7f0000000000)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00', 0x81}, 0x1c) sendto$inet6(r0, &(0x7f00000000c0)='/', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @remote, 0x9}, 0x1c) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000003, 0x32, r0, 0x0) getsockopt(r1, 0xff, 0x1, 0x0, &(0x7f0000000040)) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f0000000580)={&(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x9}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000080)=' ', 0x1}], 0x1}, 0x0) r2 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_DONE(r2, 0x29, 0xc9, 0x0, 0x0) setsockopt(r0, 0x84, 0x14, &(0x7f00000001c0)="020000000980ffff", 0x8) 463.159474ms ago: executing program 4 (id=2165): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="400000001000210400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002000128008000100767469001400028008000500ac1e000108000100", @ANYRESDEC], 0x40}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$FOU_CMD_ADD(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x0, 0x4, 0xfffffffb, 0x25dfdbfe, {}, [@FOU_ATTR_PEER_V4={0x8, 0x8, @multicast1}, @FOU_ATTR_TYPE={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x80040c0}, 0x20800) 411.826691ms ago: executing program 3 (id=2166): socket$nl_route(0x10, 0x3, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_LBT_MODE(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="04"], 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000cc0), r1) r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000300), r1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c) listen(r4, 0x0) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x14, r7, 0x1}, 0x14}}, 0x0) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, r7, 0x1, 0x70bd2b, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000084}, 0x40) sendmsg$NLBL_MGMT_C_VERSION(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000940)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="030f00000000000000000800"], 0x2c}}, 0x0) r8 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000c80)={'lo\x00'}) 299.33573ms ago: executing program 4 (id=2167): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-pclmul\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$tipc(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000380)="f62083111ce15d728a5bf8f3e3", 0xd}], 0x1, 0x0, 0x0, 0x20000040}, 0x20000000) r3 = socket$packet(0x11, 0x3, 0x300) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f00000004c0)={0x0, @broadcast, @local}, &(0x7f0000000580)=0xc) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000005c0)={0x0, 0x0}, &(0x7f0000000640)=0xc) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000006c0)={{{@in=@empty, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4e21, 0x0, 0x4e23, 0xf, 0x2, 0xa0, 0x20, 0x3c, r4, r5}, {0x8, 0xf6e, 0x6, 0x6, 0x1, 0x4, 0xffffffff, 0x4}, {0x3, 0x8, 0xfffffffffffffffd, 0x3f6a}, 0x2, 0x0, 0x2, 0x1, 0x2, 0x1}, {{@in6=@mcast1, 0x4d3, 0x2b}, 0xa, @in=@loopback, 0x3502, 0x2, 0x3, 0xe4, 0x80000001, 0x8c69, 0x1}}, 0xe8) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r8) sendmsg$NFC_CMD_GET_TARGET(r8, &(0x7f0000000240)={0x0, 0xffffffffffffff0c, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r9, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r8) r10 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r8) sendmsg$NBD_CMD_CONNECT(r7, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="c0000000", @ANYRES16=r10, @ANYBLOB="010028bd7000fddbdf250400"], 0xc0}}, 0x0) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002400128009000100766c616e00000000140002800600c800000000000600050088a800000800050090a8cbf7f4c3f0f700ea1ddda5d53835e682930384aeb5fc46e73255c43c54e5c2eb2d7823869c73138a93ca", @ANYRES32=r6, @ANYBLOB="08000300", @ANYRES32=0x0, @ANYBLOB], 0x54}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r12 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0) recvmmsg(r12, &(0x7f0000001300)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) recvmsg$kcm(r12, &(0x7f0000002d40)={0x0, 0x0, &(0x7f0000002c80)=[{&(0x7f0000001840)=""/225, 0xe1}, {&(0x7f0000001940)=""/184, 0xb8}, {&(0x7f0000019580)=""/4099, 0x1003}, {&(0x7f0000000600)=""/34, 0x22}, {&(0x7f00000003c0)=""/57, 0x39}], 0x5}, 0x40012110) r13 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r13, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newlink={0x48, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10a0}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @sit={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_6RD_RELAY_PREFIXLEN={0x6}, @IFLA_IPTUN_6RD_RELAY_PREFIX={0x8}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @remote}]}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x404800d}, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000340)={r0, 0xffffffffffffffff}, 0x2b) bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0)={0x0, r14}, 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x0, 0x11, &(0x7f00000008c0)=ANY=[@ANYBLOB="18020000ffffff7f00000000000000008500000023000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095000000000000000e136494932519591b4b232117e14e84c83d7ec5ed47d4ec8e21140ab8596798b813ea8403a874e77d533c920cb34202b6b92f001904378d6d0bdd393a2c3f581c2d25c641023f4d09320cba8a8d603a0876591ad5fcbccf514f6535151280e7283c663b1594de63423b2caa810e99de1c43706341e1609afb957e1376839eeb8bf93297931cd3ba1fd5a6f4d41b831e2421408191cf3a36fd998758acd6946d5aeeb3150d73771e5327af29037c56a7ede93c29276a363f4a6c71dee039cbedd7739e52be8bf3a3121cc12abc4cc7cf337021937f1cd8c0272d5312cad03dbb9d0d52c2"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket(0x1e, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 109.367937ms ago: executing program 0 (id=2168): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) connect$can_bcm(r1, &(0x7f00000004c0)={0x1d, r2}, 0x10) sendmsg$can_bcm(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000700)=ANY=[@ANYBLOB="05000000030000000000000000400000", @ANYRES64=r1], 0x38}, 0x300, 0x0, 0x108, 0x8010}, 0x40004) 52.561366ms ago: executing program 4 (id=2169): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x278, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x1a8, 0xffffffff, 0xffffffff, 0x1a8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [0x0, 0x0, 0xff], [], 'veth0_macvtap\x00', 'veth0\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x2d8) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f0000000040)=0xe, 0x36) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f00000000c0)=0xfffffe01, 0x4) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) getsockopt$inet_opts(r0, 0x0, 0x0, &(0x7f0000002a40)=""/4106, &(0x7f0000000180)=0x100a) socket$kcm(0x2, 0x3, 0x2) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000800), 0xffffffffffffffff) r4 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000e80)='ns/net\x00') getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f0000000300)=0xfff, &(0x7f0000000340)=0x2) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r2, &(0x7f0000000f40)={0x0, 0x0, &(0x7f0000000f00)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000001400000008001d00", @ANYRES32=r4, @ANYBLOB="0800010000000000d63ec9a22058548a65c21fb18955e41d1a81f4fd49e9c9f6ab0601cc8921369b637619d1b982d7eab75eae7ad75071c2794c48b7d30fb25f91ea5ed749ca0f0e80357443916174923adef898ec135ceb1441ad006a47bc27cfcc1fe828e9e4273ed5ab9ea0bf6a7582f47b"], 0x24}}, 0x0) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CCA_MODE(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[@ANYBLOB="24800000", @ANYRES16=r5, @ANYBLOB="000127bd7000fcdbdf250d00000008000d00010000000800010001000000"], 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0) r6 = socket(0x10, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000002440)=@nat={'nat\x00', 0x1b, 0x5, 0x598, 0x3d8, 0x3d8, 0xffffffff, 0x3d8, 0x330, 0x500, 0x500, 0xffffffff, 0x500, 0x500, 0x5, &(0x7f0000000100), {[{{@uncond, 0x0, 0x1c0, 0x1f8, 0x0, {}, [@common=@inet=@hashlimit2={{0x150}, {'nicvf0\x00', {0x81, 0xf, 0x1, 0x10000, 0x7, 0x1, 0x9, 0x58, 0x78}, {0x2}}}]}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @multicast2, @remote, @gre_key=0xbe65, @icmp_id=0x64}}}}, {{@uncond, 0x0, 0xf0, 0x138, 0x0, {}, [@common=@set={{0x40}, {{0x0, [0x3, 0x6, 0x5, 0x5, 0x4], 0x0, 0x6}}}, @common=@set={{0x40}, {{0x2, [0x2, 0x582a8fef829fe1b6, 0x2, 0x0, 0x1], 0x5, 0x3}}}]}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x1, @ipv6=@mcast1, @ipv4=@rand_addr=0x64010102, @port=0x4e22, @port=0x4e22}}}, {{@uncond, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x1e, @multicast1, @local, @gre_key=0x4, @port=0x4e23}}}}, {{@uncond, 0x0, 0xf0, 0x128, 0x0, {}, [@common=@osf={{0x50}, {'syz1\x00', 0x0, 0x2, 0x1, 0x2}}, @common=@ah={{0x30}, {[0xd, 0x5], 0x1}}]}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x4, @remote, @multicast2, @gre_key=0x3, @port=0x4e22}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x5f8) r7 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r7, &(0x7f0000000440), 0x10) listen(r7, 0x0) r8 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r8, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) writev(r8, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x2) close(0x3) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r6, 0x89f1, &(0x7f0000002400)={'ip6gre0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, @local, @mcast2={0xff, 0x5}, 0x0, 0x8}}) 0s ago: executing program 0 (id=2170): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x2c, 0x1, 0xfdff, 0x0, "", [@nested={0x103, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f8c"]}]}, 0x114}], 0x1}, 0x0) kernel console output (not intermixed with test programs): process `syz.1.1414'. [ 219.676102][ T9862] veth1_vlan: entered promiscuous mode [ 219.687530][T10153] netlink: 'syz.4.1415': attribute type 1 has an invalid length. [ 219.687821][T10147] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1414'. [ 219.805814][T10156] bond13: (slave veth31): Enslaving as a backup interface with a down link [ 219.875553][T10156] bond13: (slave veth33): Enslaving as a backup interface with a down link [ 220.011632][ T9862] veth0_macvtap: entered promiscuous mode [ 220.050001][ T9862] veth1_macvtap: entered promiscuous mode [ 220.133879][T10165] syzkaller0: create flow: hash 4051868342 index 2 [ 220.163970][ T9862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.187263][ T9862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.202565][ T9862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.214528][ T9862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.230901][ T9862] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.240154][T10162] netlink: 'syz.1.1419': attribute type 1 has an invalid length. [ 220.428174][T10168] bond12: (slave veth33): Enslaving as a backup interface with a down link [ 220.503689][T10165] syzkaller0: delete flow: hash 4051868342 index 2 [ 220.526966][ T9862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.540417][ T9862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.550889][ T9862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.570242][ T9862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.585899][ T9862] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 220.596228][ T6056] syzkaller0: tun_net_xmit 76 [ 220.610543][ T6056] syzkaller0: tun_net_xmit 48 [ 220.903673][T10187] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1424'. [ 222.320414][T10177] netlink: 'syz.0.1421': attribute type 1 has an invalid length. [ 222.328778][T10177] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR [ 222.356035][T10193] netlink: 'syz.3.1425': attribute type 1 has an invalid length. [ 222.393294][ T9862] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.407215][ T9862] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.418983][T10198] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1426'. [ 222.426741][ T9862] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.437653][ T9862] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.478823][T10198] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1426'. [ 222.519082][ T6055] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 222.526952][ T6055] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.609256][T10201] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1427'. [ 222.616332][T10202] xt_CT: You must specify a L4 protocol and not use inversions on it [ 222.674003][T10204] netlink: 'syz.1.1429': attribute type 1 has an invalid length. [ 222.751477][ T6056] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 222.775412][T10211] FAULT_INJECTION: forcing a failure. [ 222.775412][T10211] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 222.789515][ T6056] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.803401][T10211] CPU: 1 UID: 0 PID: 10211 Comm: syz.3.1430 Not tainted 6.12.0-rc5-syzkaller-01187-ga84e8c05f583 #0 [ 222.814214][T10211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 222.824285][T10211] Call Trace: [ 222.827564][T10211] [ 222.830493][T10211] dump_stack_lvl+0x241/0x360 [ 222.835183][T10211] ? __pfx_dump_stack_lvl+0x10/0x10 [ 222.840390][T10211] ? __pfx__printk+0x10/0x10 [ 222.844989][T10211] ? __pfx_lock_release+0x10/0x10 [ 222.850025][T10211] should_fail_ex+0x3b0/0x4e0 [ 222.854702][T10211] _copy_from_iter+0x21f/0x1e70 [ 222.859553][T10211] ? __virt_addr_valid+0x183/0x530 [ 222.864660][T10211] ? __pfx_lock_release+0x10/0x10 [ 222.869691][T10211] ? __alloc_skb+0x28f/0x440 [ 222.874281][T10211] ? __pfx__copy_from_iter+0x10/0x10 [ 222.879571][T10211] ? __virt_addr_valid+0x183/0x530 [ 222.884677][T10211] ? __virt_addr_valid+0x183/0x530 [ 222.889788][T10211] ? __virt_addr_valid+0x45f/0x530 [ 222.894895][T10211] ? __check_object_size+0x48e/0x900 [ 222.900184][T10211] netlink_sendmsg+0x73d/0xcb0 [ 222.904963][T10211] ? __pfx_netlink_sendmsg+0x10/0x10 [ 222.910247][T10211] ? aa_sock_msg_perm+0x91/0x160 [ 222.915192][T10211] ? __pfx_netlink_sendmsg+0x10/0x10 [ 222.920476][T10211] __sock_sendmsg+0x221/0x270 [ 222.925152][T10211] ____sys_sendmsg+0x52a/0x7e0 [ 222.929922][T10211] ? __pfx_____sys_sendmsg+0x10/0x10 [ 222.935216][T10211] __sys_sendmsg+0x292/0x380 [ 222.939808][T10211] ? __pfx___sys_sendmsg+0x10/0x10 [ 222.944924][T10211] ? __pfx_vfs_write+0x10/0x10 [ 222.949705][T10211] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 222.956028][T10211] ? do_syscall_64+0x100/0x230 [ 222.960787][T10211] ? do_syscall_64+0xb6/0x230 [ 222.965461][T10211] do_syscall_64+0xf3/0x230 [ 222.969959][T10211] ? clear_bhb_loop+0x35/0x90 [ 222.974633][T10211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.980537][T10211] RIP: 0033:0x7fe8b117e719 [ 222.984948][T10211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 223.004552][T10211] RSP: 002b:00007fe8b1fd7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 223.012969][T10211] RAX: ffffffffffffffda RBX: 00007fe8b1336058 RCX: 00007fe8b117e719 [ 223.020934][T10211] RDX: 0000000004000880 RSI: 00000000200005c0 RDI: 0000000000000007 [ 223.028904][T10211] RBP: 00007fe8b1fd7090 R08: 0000000000000000 R09: 0000000000000000 [ 223.036873][T10211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 223.044842][T10211] R13: 0000000000000001 R14: 00007fe8b1336058 R15: 00007fffba54ffd8 [ 223.052825][T10211] [ 223.076153][T10206] bond13: (slave veth35): Enslaving as a backup interface with a down link [ 223.147232][T10215] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1432'. [ 223.207085][ T6048] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 223.216219][ T6048] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 223.237291][T10218] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1435'. [ 223.252433][T10222] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1434'. [ 223.297608][T10220] bond0: (slave team0): Releasing backup interface [ 223.380418][T10220] team0: Port device wg2 removed [ 223.398945][T10220] bond1: (slave veth3): Releasing backup interface [ 223.405568][T10220] bond1: (slave veth3): the permanent HWaddr of slave - 7a:8d:a2:71:74:1f - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 223.449002][T10220] bond1: (slave veth5): Releasing backup interface [ 223.473048][T10220] bond2: (slave veth7): Releasing backup interface [ 223.487644][T10220] bond2: (slave veth7): the permanent HWaddr of slave - 8a:71:d4:fa:68:25 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 223.515097][T10220] bond2: (slave veth9): Releasing backup interface [ 223.525116][T10220] bond3: (slave veth11): Releasing backup interface [ 223.551161][T10220] bond4: (slave bond5): Releasing backup interface [ 223.558964][T10220] bond5: left promiscuous mode [ 223.566508][T10220] bond6: (slave veth13): Releasing backup interface [ 223.574033][T10220] bond6: (slave veth13): the permanent HWaddr of slave - a2:10:9a:a4:fb:49 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 223.599188][T10220] bond6: (slave veth15): Releasing backup interface [ 223.609931][T10220] bond8: (slave veth17): Releasing backup interface [ 223.623231][T10220] bond9: (slave veth19): Releasing backup interface [ 223.634210][T10220] bond9: (slave veth19): the permanent HWaddr of slave - 9e:a8:d7:40:7f:2f - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 223.656684][T10220] bond9: (slave veth21): Releasing backup interface [ 223.667233][T10220] bond12: (slave veth27): Releasing backup interface [ 223.674583][T10220] bond12: (slave veth27): the permanent HWaddr of slave - ea:99:9a:73:d8:ba - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 223.697112][T10220] bond12: (slave veth29): Releasing backup interface [ 223.709023][T10220] bond13: (slave veth31): Releasing backup interface [ 223.715939][T10220] bond13: (slave veth31): the permanent HWaddr of slave - 2e:d1:0a:2a:be:db - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 223.737415][T10220] bond13: (slave veth33): Releasing backup interface [ 223.746819][T10218] netlink: 'syz.1.1435': attribute type 2 has an invalid length. [ 223.817268][T10225] team0: Port device wg2 added [ 223.843028][T10234] netlink: 'syz.3.1437': attribute type 1 has an invalid length. [ 223.942455][T10236] bond13: (slave veth29): Enslaving as a backup interface with a down link [ 223.956243][T10239] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode [ 224.359329][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 224.375873][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 224.384202][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 224.395319][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 224.415984][ T5845] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 224.426188][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 225.838393][T10249] netlink: 'syz.4.1441': attribute type 4 has an invalid length. [ 225.849057][T10251] hsr_slave_0: left promiscuous mode [ 225.855421][T10251] hsr_slave_1: left promiscuous mode [ 226.023874][ T6052] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.047630][T10261] (unnamed net_device) (uninitialized): option use_carrier: invalid value (5) [ 226.058991][T10252] lo speed is unknown, defaulting to 1000 [ 226.138588][T10264] netlink: 'syz.1.1445': attribute type 1 has an invalid length. [ 226.202181][ T6052] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.225637][T10275] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xd [ 226.260464][T10271] bond14: (slave veth37): Enslaving as a backup interface with a down link [ 226.305220][T10267] lo speed is unknown, defaulting to 1000 [ 226.322369][T10275] vlan4: entered allmulticast mode [ 226.337742][T10275] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode [ 226.408918][T10275] mac80211_hwsim hwsim11 wlan1: left allmulticast mode [ 226.498478][ T5858] Bluetooth: hci2: command tx timeout [ 226.567086][ T6052] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.735133][ T6052] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.744686][T10290] xt_connbytes: Forcing CT accounting to be enabled [ 226.880952][T10285] syz.4.1448 (10285) used greatest stack depth: 18768 bytes left [ 226.895995][T10252] chnl_net:caif_netlink_parms(): no params data found [ 227.009843][T10298] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1453'. [ 227.198794][T10301] netlink: 'syz.3.1454': attribute type 1 has an invalid length. [ 227.236170][T10303] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1454'. [ 227.271055][T10303] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 227.292360][T10313] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1458'. [ 227.309264][T10303] bond14: (slave batadv2): Enslaving as a backup interface with an up link [ 228.589435][ T5858] Bluetooth: hci2: command tx timeout [ 228.915353][T10304] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1455'. [ 228.935049][T10307] bond14 (unregistering): (slave batadv2): Releasing backup interface [ 228.948445][T10307] bond14 (unregistering): Released all slaves [ 229.116768][ T6052] bridge_slave_1: left allmulticast mode [ 229.125079][ T6052] bridge_slave_1: left promiscuous mode [ 229.132560][ T6052] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.145181][ T6052] bridge_slave_0: left allmulticast mode [ 229.151314][ T6052] bridge_slave_0: left promiscuous mode [ 229.157001][ T6052] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.535262][ T6052] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 229.547812][ T6052] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 229.561371][ T6052] bond0 (unregistering): Released all slaves [ 229.573024][T10323] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1461'. [ 229.600429][T10252] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.633032][T10252] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.651374][T10252] bridge_slave_0: entered allmulticast mode [ 229.666724][T10252] bridge_slave_0: entered promiscuous mode [ 229.698451][T10331] netlink: 'syz.1.1460': attribute type 1 has an invalid length. [ 229.715543][T10338] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1464'. [ 229.725044][T10338] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1464'. [ 229.736454][T10338] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1464'. [ 229.754017][T10332] netlink: 'syz.3.1463': attribute type 1 has an invalid length. [ 229.832877][T10335] bond14: (slave veth31): Enslaving as a backup interface with a down link [ 229.849110][T10344] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1465'. [ 229.936236][T10252] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.945264][T10252] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.953246][T10252] bridge_slave_1: entered allmulticast mode [ 229.960998][T10252] bridge_slave_1: entered promiscuous mode [ 230.157272][T10348] netlink: 'syz.3.1467': attribute type 1 has an invalid length. [ 230.180106][T10348] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1467'. [ 230.270236][T10252] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 230.284566][T10252] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 230.383552][ T6052] hsr_slave_0: left promiscuous mode [ 230.395127][ T6052] hsr_slave_1: left promiscuous mode [ 230.401876][ T6052] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 230.418937][ T6052] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 230.432468][ T6052] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 230.446600][ T6052] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 230.491405][ T6052] veth1_macvtap: left promiscuous mode [ 230.497028][ T6052] veth0_macvtap: left promiscuous mode [ 230.503124][ T6052] veth1_vlan: left promiscuous mode [ 230.508959][ T6052] veth0_vlan: left promiscuous mode [ 230.668938][ T5858] Bluetooth: hci2: command tx timeout [ 230.984930][ T6052] team0 (unregistering): Port device team_slave_1 removed [ 231.035782][ T6052] team0 (unregistering): Port device team_slave_0 removed [ 231.516814][T10252] team0: Port device team_slave_0 added [ 231.526632][T10252] team0: Port device team_slave_1 added [ 231.545354][T10375] netlink: 'syz.4.1469': attribute type 2 has an invalid length. [ 231.659595][T10252] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 231.676716][T10252] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 231.703847][T10252] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 231.756283][T10252] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 231.773913][T10252] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 231.810998][T10252] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 231.823226][T10391] netlink: 'syz.4.1476': attribute type 1 has an invalid length. [ 231.917776][T10252] hsr_slave_0: entered promiscuous mode [ 231.936852][T10252] hsr_slave_1: entered promiscuous mode [ 232.661669][T10412] netlink: 'syz.0.1483': attribute type 1 has an invalid length. [ 232.738211][ T5858] Bluetooth: hci2: command tx timeout [ 232.795801][T10412] bond6: (slave veth25): Enslaving as a backup interface with a down link [ 232.831955][T10252] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 232.850866][T10252] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 232.863809][T10419] netlink: 'syz.1.1485': attribute type 1 has an invalid length. [ 232.934547][T10419] bond16: (slave veth39): Enslaving as a backup interface with a down link [ 232.943834][T10252] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 232.968806][T10252] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 233.037676][T10423] __nla_validate_parse: 2 callbacks suppressed [ 233.037695][T10423] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1486'. [ 233.122612][T10426] netlink: 'syz.0.1486': attribute type 2 has an invalid length. [ 233.167567][T10252] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.227214][T10429] netlink: 'syz.3.1488': attribute type 1 has an invalid length. [ 233.309472][T10252] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.313112][T10439] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1491'. [ 233.326841][T10425] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1487'. [ 233.338887][T10437] netlink: 11 bytes leftover after parsing attributes in process `syz.0.1490'. [ 233.358394][T10425] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1487'. [ 233.377620][T10441] netlink: 244 bytes leftover after parsing attributes in process `syz.4.1492'. [ 233.412189][T10425] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1487'. [ 233.429919][ T6053] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.437094][ T6053] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.473278][ T6053] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.480487][ T6053] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.651509][T10453] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0 [ 233.710243][T10453] IPv6: sit1: Disabled Multicast RS [ 233.846513][T10252] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 233.886994][T10461] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1497'. [ 233.897599][T10461] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1497'. [ 233.921487][T10461] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1497'. [ 233.926200][T10252] veth0_vlan: entered promiscuous mode [ 233.961728][T10252] veth1_vlan: entered promiscuous mode [ 233.988581][T10252] veth0_macvtap: entered promiscuous mode [ 233.997134][T10252] veth1_macvtap: entered promiscuous mode [ 234.016254][T10252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.027478][T10252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.037400][T10252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.048893][T10252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.060463][T10252] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 234.074707][T10252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 234.093864][T10252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.104923][T10252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 234.115905][T10252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.127172][T10252] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 234.147808][T10252] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.157098][T10252] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.178080][T10252] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.187785][T10252] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.203038][T10468] netlink: 'syz.1.1498': attribute type 1 has an invalid length. [ 234.254612][T10469] bond17: (slave veth41): Enslaving as a backup interface with a down link [ 234.266713][T10472] dvmrp5: entered allmulticast mode [ 234.281649][T10472] dvmrp5: left allmulticast mode [ 234.323943][T10469] bond17: (slave veth43): Enslaving as a backup interface with a down link [ 234.436558][ T6055] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.447404][ T6055] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.450605][ T6050] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.462724][ T6050] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.562704][T10477] netlink: 'syz.0.1501': attribute type 1 has an invalid length. [ 234.714318][T10477] bond7: (slave veth27): Enslaving as a backup interface with a down link [ 234.770984][T10492] netlink: 'syz.4.1507': attribute type 1 has an invalid length. [ 234.872083][T10492] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 234.895104][T10492] bond16: (slave batadv2): Enslaving as a backup interface with an up link [ 234.919616][T10492] bond16 (unregistering): (slave batadv2): Releasing backup interface [ 234.936476][T10492] bond16 (unregistering): Released all slaves [ 235.068482][T10505] netlink: 'syz.4.1510': attribute type 1 has an invalid length. [ 235.115743][T10505] 8021q: adding VLAN 0 to HW filter on device batadv3 [ 235.124414][T10505] bond16: (slave batadv3): Enslaving as a backup interface with an up link [ 235.155890][T10505] bond16 (unregistering): (slave batadv3): Releasing backup interface [ 235.172085][T10505] bond16 (unregistering): Released all slaves [ 235.687097][T10535] bond16: (slave veth35): Enslaving as a backup interface with a down link [ 235.707568][T10535] bond16: (slave veth37): Enslaving as a backup interface with a down link [ 235.958959][ T6052] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.340041][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 236.350180][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 236.358147][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 236.360089][T10562] bond17 (unregistering): Released all slaves [ 236.386031][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 236.402697][ T5845] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 236.410467][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 236.452054][T10560] lo speed is unknown, defaulting to 1000 [ 236.710655][T10560] chnl_net:caif_netlink_parms(): no params data found [ 236.831224][T10560] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.839123][T10560] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.846603][T10560] bridge_slave_0: entered allmulticast mode [ 236.853897][T10560] bridge_slave_0: entered promiscuous mode [ 236.862248][T10560] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.869913][T10560] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.877169][T10560] bridge_slave_1: entered allmulticast mode [ 236.884367][T10560] bridge_slave_1: entered promiscuous mode [ 236.931469][T10560] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 236.944153][T10560] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 236.982534][T10560] team0: Port device team_slave_0 added [ 236.991240][T10560] team0: Port device team_slave_1 added [ 237.015503][T10560] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 237.022747][T10560] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 237.049389][T10560] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 237.064188][T10560] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 237.071604][T10560] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 237.097857][T10560] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 237.141067][ T6052] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.183693][T10560] hsr_slave_0: entered promiscuous mode [ 237.192080][T10560] hsr_slave_1: entered promiscuous mode [ 237.198459][T10560] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 237.206071][T10560] Cannot create hsr debugfs directory [ 237.305628][ T6052] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.379134][ T6052] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.564300][ T6052] bridge_slave_1: left allmulticast mode [ 237.581805][ T6052] bridge_slave_1: left promiscuous mode [ 237.596900][ T6052] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.614918][ T6052] bridge_slave_0: left allmulticast mode [ 237.654645][ T6052] bridge_slave_0: left promiscuous mode [ 237.671529][ T6052] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.706363][T10613] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0 [ 238.224443][ T6052] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 238.238275][ T6052] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 238.250340][ T6052] bond0 (unregistering): Released all slaves [ 238.315409][T10622] bond0: (slave team0): Releasing backup interface [ 238.463956][T10622] bond0: (slave bond_slave_0): Releasing backup interface [ 238.478910][T10622] bond0: (slave bond_slave_1): Releasing backup interface [ 238.498146][ T5845] Bluetooth: hci2: command tx timeout [ 238.527848][T10622] team0: Port device team_slave_0 removed [ 238.555379][T10622] team0: Port device team_slave_1 removed [ 238.568886][T10622] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 238.576322][T10622] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 238.586574][T10622] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 238.594405][T10622] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 238.610093][T10622] bond1: (slave veth3): Releasing backup interface [ 238.623691][T10622] bond3: (slave veth5): Releasing backup interface [ 238.634596][T10622] bond3: (slave veth5): the permanent HWaddr of slave - be:5f:08:12:79:8c - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 238.659783][T10622] bond3: (slave veth7): Releasing backup interface [ 238.676998][T10622] bond4: (slave veth9): Releasing backup interface [ 238.684171][T10622] bond4: (slave veth9): the permanent HWaddr of slave - 16:b0:73:09:47:22 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 238.706851][T10622] bond4: (slave veth11): Releasing backup interface [ 238.724321][T10622] bond6: (slave veth13): Releasing backup interface [ 238.731243][T10622] bond6: (slave veth13): the permanent HWaddr of slave - ce:b2:3a:d6:05:68 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 238.754845][T10622] bond6: (slave veth15): Releasing backup interface [ 238.771416][T10622] bond7: (slave bond8): Releasing backup interface [ 238.779481][T10622] bond8: left promiscuous mode [ 238.790978][T10622] bond9: (slave veth17): Releasing backup interface [ 238.797598][T10622] bond9: (slave veth17): the permanent HWaddr of slave - f2:1b:db:02:9a:7a - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 238.822719][T10622] bond9: (slave veth19): Releasing backup interface [ 238.836011][T10622] bond0: (slave veth21): Releasing backup interface [ 238.848997][T10622] bond0: (slave veth23): Releasing backup interface [ 238.864477][T10622] bond10: (slave bond11): Releasing backup interface [ 238.877379][T10622] bond12: (slave veth25): Releasing backup interface [ 238.884513][T10622] bond12: (slave veth25): the permanent HWaddr of slave - 66:44:9e:9a:b3:ad - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 238.912818][T10622] bond12: (slave veth27): Releasing backup interface [ 238.927087][T10622] bond13: (slave veth29): Releasing backup interface [ 238.941248][T10622] bond14: (slave veth31): Releasing backup interface [ 238.958661][T10628] wg2: entered promiscuous mode [ 238.999322][T10628] team0: Port device wg2 added [ 239.250414][T10647] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0 [ 239.322263][ T6052] hsr_slave_0: left promiscuous mode [ 239.333801][ T6052] hsr_slave_1: left promiscuous mode [ 239.340284][ T6052] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 239.353008][ T6052] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 239.367753][ T6052] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 239.378145][ T6052] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 239.418620][ T6052] veth1_macvtap: left promiscuous mode [ 239.424363][ T6052] veth0_macvtap: left promiscuous mode [ 239.431417][ T6052] veth1_vlan: left promiscuous mode [ 239.436922][ T6052] veth0_vlan: left promiscuous mode [ 239.955050][ T6052] team0 (unregistering): Port device team_slave_1 removed [ 240.003336][ T6052] team0 (unregistering): Port device team_slave_0 removed [ 240.421094][T10653] validate_nla: 3 callbacks suppressed [ 240.421116][T10653] netlink: 'syz.4.1554': attribute type 1 has an invalid length. [ 240.435656][T10653] workqueue: Failed to create a rescuer kthread for wq "bond17": -EINTR [ 240.584417][ T5845] Bluetooth: hci2: command tx timeout [ 240.623653][T10662] __nla_validate_parse: 13 callbacks suppressed [ 240.623673][T10662] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1555'. [ 240.680146][T10661] netlink: 'syz.1.1556': attribute type 1 has an invalid length. [ 240.704277][T10667] nbd: couldn't find a device at index 0 [ 240.761742][T10560] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 240.786289][T10658] xt_connbytes: Forcing CT accounting to be enabled [ 240.796425][T10560] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 240.859262][T10663] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1557'. [ 240.881639][T10661] bond18: (slave veth45): Enslaving as a backup interface with a down link [ 240.893153][T10663] netlink: 'syz.4.1557': attribute type 2 has an invalid length. [ 240.901469][T10560] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 240.913161][T10560] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 240.958936][T10673] dvmrp5: entered allmulticast mode [ 241.008210][T10671] dvmrp5: left allmulticast mode [ 241.129678][T10681] netlink: 'syz.1.1563': attribute type 4 has an invalid length. [ 241.303497][T10692] netlink: 220 bytes leftover after parsing attributes in process `syz.4.1567'. [ 241.370643][T10692] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1567'. [ 241.423860][T10560] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.454624][T10697] netlink: 'syz.1.1569': attribute type 1 has an invalid length. [ 241.587806][T10697] bond19: (slave veth47): Enslaving as a backup interface with a down link [ 241.608774][T10705] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1571'. [ 241.675958][T10560] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.707661][T10560] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 241.718842][T10560] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 241.739230][ T6055] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.746343][ T6055] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.813744][ T6055] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.820983][ T6055] bridge0: port 2(bridge_slave_1) entered forwarding state [ 242.063463][T10560] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 242.142472][T10731] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1581'. [ 242.170573][T10560] veth0_vlan: entered promiscuous mode [ 242.209317][T10560] veth1_vlan: entered promiscuous mode [ 242.281152][T10732] vlan3: entered promiscuous mode [ 242.324535][T10560] veth0_macvtap: entered promiscuous mode [ 242.347466][T10739] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1583'. [ 242.382775][T10560] veth1_macvtap: entered promiscuous mode [ 242.433774][T10560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 242.475629][T10560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.494929][T10560] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 242.539935][T10560] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 242.570834][T10560] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.599442][T10560] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 242.617583][T10741] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1584'. [ 242.634825][T10741] batadv3: entered promiscuous mode [ 242.658962][ T5845] Bluetooth: hci2: command tx timeout [ 242.666315][T10560] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.696261][T10560] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.705657][T10560] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.714698][T10560] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.773124][T10761] xt_CT: You must specify a L4 protocol and not use inversions on it [ 242.847009][ T6047] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.893424][ T6047] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 242.965129][ T6052] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.000515][ T6052] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.063014][T10775] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1595'. [ 243.085625][T10777] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1594'. [ 243.526847][ T6056] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.538286][ T6056] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.095624][ T6047] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.124225][T10821] lo speed is unknown, defaulting to 1000 [ 244.770503][ T6047] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 244.883843][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 244.893836][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 244.902632][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 244.911530][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 244.920312][ T5858] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 244.927657][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 245.025729][T10847] lo speed is unknown, defaulting to 1000 [ 245.070742][ T6047] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.225894][T10862] ip6t_REJECT: ECHOREPLY is not supported [ 245.235794][ T6047] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 245.275871][T10852] netlink: 'syz.4.1618': attribute type 2 has an invalid length. [ 246.985619][ T5858] Bluetooth: hci2: command tx timeout [ 247.230735][T10847] chnl_net:caif_netlink_parms(): no params data found [ 247.323288][T10876] __nla_validate_parse: 15 callbacks suppressed [ 247.323307][T10876] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1624'. [ 247.446846][ T6047] bridge_slave_1: left allmulticast mode [ 247.455302][ T6047] bridge_slave_1: left promiscuous mode [ 247.470011][ T6047] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.481067][ T6047] bridge_slave_0: left allmulticast mode [ 247.486742][ T6047] bridge_slave_0: left promiscuous mode [ 247.496179][ T6047] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.504573][T10891] netlink: 'syz.0.1627': attribute type 11 has an invalid length. [ 247.516416][T10891] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1627'. [ 247.717350][T10897] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1628'. [ 247.798266][T10898] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1628'. [ 247.931804][ T6047] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 247.946843][ T6047] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 247.957659][ T6047] bond0 (unregistering): Released all slaves [ 247.970110][T10882] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1625'. [ 247.980268][T10886] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1627'. [ 247.989705][T10881] netlink: 'syz.1.1626': attribute type 4 has an invalid length. [ 248.032323][T10896] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1628'. [ 248.077836][T10847] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.090773][T10847] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.116409][T10847] bridge_slave_0: entered allmulticast mode [ 248.126727][T10847] bridge_slave_0: entered promiscuous mode [ 248.135105][T10847] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.142687][T10847] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.150541][T10847] bridge_slave_1: entered allmulticast mode [ 248.157637][T10847] bridge_slave_1: entered promiscuous mode [ 248.289949][T10847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 248.441296][T10847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 248.512488][T10913] netlink: 11 bytes leftover after parsing attributes in process `syz.4.1636'. [ 248.551079][ T6047] hsr_slave_0: left promiscuous mode [ 248.557372][ T6047] hsr_slave_1: left promiscuous mode [ 248.574462][ T6047] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 248.583263][ T6047] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 248.591519][ T6047] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 248.600191][ T6047] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 248.624685][ T6047] veth1_macvtap: left promiscuous mode [ 248.630447][ T6047] veth0_macvtap: left promiscuous mode [ 248.640198][ T6047] veth1_vlan: left promiscuous mode [ 248.645587][ T6047] veth0_vlan: left promiscuous mode [ 249.061452][ T5858] Bluetooth: hci2: command tx timeout [ 249.190804][ T6047] team0 (unregistering): Port device team_slave_1 removed [ 249.239813][ T6047] team0 (unregistering): Port device team_slave_0 removed [ 249.724176][T10914] netlink: 'syz.0.1633': attribute type 1 has an invalid length. [ 249.733373][T10914] workqueue: Failed to create a rescuer kthread for wq "bond8": -EINTR [ 249.744222][T10847] team0: Port device team_slave_0 added [ 249.802624][T10926] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1637'. [ 249.871994][T10847] team0: Port device team_slave_1 added [ 250.016734][T10847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 250.024230][T10847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 250.076171][T10847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 250.090516][T10847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 250.097487][T10847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 250.124227][T10847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 250.222805][T10847] hsr_slave_0: entered promiscuous mode [ 250.230415][T10847] hsr_slave_1: entered promiscuous mode [ 250.372630][T10951] netlink: 'syz.1.1643': attribute type 1 has an invalid length. [ 250.406015][T10954] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1643'. [ 250.434188][T10954] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 250.447223][T10954] bond20: (slave batadv2): Enslaving as a backup interface with an up link [ 250.463016][T10953] netlink: 'syz.0.1644': attribute type 1 has an invalid length. [ 250.518802][T10951] bond20 (unregistering): (slave batadv2): Releasing backup interface [ 250.558984][T10951] bond20 (unregistering): Released all slaves [ 250.589185][T10957] bond8: (slave veth29): Enslaving as a backup interface with a down link [ 251.065425][T10974] netlink: 'syz.1.1650': attribute type 1 has an invalid length. [ 251.117839][T10974] bond20: (slave veth49): Enslaving as a backup interface with a down link [ 251.144196][T10974] bond20: (slave veth51): Enslaving as a backup interface with a down link [ 251.148157][ T5858] Bluetooth: hci2: command tx timeout [ 251.285968][T10847] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 251.296135][T10847] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 251.309966][T10847] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 251.329818][T10980] netlink: 'syz.1.1652': attribute type 1 has an invalid length. [ 251.348905][T10847] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 251.391674][T10980] bond21: (slave veth53): Enslaving as a backup interface with a down link [ 251.432262][T10980] bond21: (slave veth55): Enslaving as a backup interface with a down link [ 251.521767][T10986] netlink: 'syz.1.1654': attribute type 2 has an invalid length. [ 251.590322][T10847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 251.614158][T10988] netlink: 'syz.1.1655': attribute type 2 has an invalid length. [ 251.648149][T10847] 8021q: adding VLAN 0 to HW filter on device team0 [ 251.670981][ T3537] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.678274][ T3537] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.728285][ T6053] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.735429][ T6053] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.805452][T10993] netlink: 'syz.3.1657': attribute type 11 has an invalid length. [ 252.130150][T10847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 252.159576][T11012] lo speed is unknown, defaulting to 1000 [ 252.229886][T11014] mac80211_hwsim hwsim6 syzkaller0: entered promiscuous mode [ 252.239512][T11014] mac80211_hwsim hwsim6 syzkaller0: entered allmulticast mode [ 252.384944][T10847] veth0_vlan: entered promiscuous mode [ 252.464711][T10847] veth1_vlan: entered promiscuous mode [ 252.543879][T10847] veth0_macvtap: entered promiscuous mode [ 252.563981][T10847] veth1_macvtap: entered promiscuous mode [ 252.606141][T10847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 252.637559][T10847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.670421][T10847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 252.680884][T11030] __nla_validate_parse: 11 callbacks suppressed [ 252.680902][T11030] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1671'. [ 252.691793][T10847] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 252.707371][T11033] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xd [ 252.721564][T10847] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 252.744455][T10847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 252.813274][T11033] vlan3: entered allmulticast mode [ 252.896675][T10847] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 252.907023][T10847] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 252.916325][T10847] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 252.925345][T10847] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 253.228532][ T5858] Bluetooth: hci2: command tx timeout [ 254.927836][T11044] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1674'. [ 254.954489][T11046] bridge0: entered promiscuous mode [ 254.985421][T11046] bond0: (slave macvlan3): Enslaving as an active interface with an up link [ 255.037393][T11053] lo speed is unknown, defaulting to 1000 [ 255.105178][T11056] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1678'. [ 255.122966][T11056] netlink: 'syz.0.1678': attribute type 2 has an invalid length. [ 255.135986][T11058] nbd: device at index 3 is going down [ 255.238152][T11060] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1680'. [ 255.322610][T11060] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 255.349598][T11067] netlink: 11 bytes leftover after parsing attributes in process `syz.0.1683'. [ 255.350299][ T6053] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 255.374674][ T6053] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 255.511465][T11073] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1684'. [ 255.527374][ T6055] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 255.545900][ T6055] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 255.680089][T11081] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1687'. [ 255.869765][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.975845][T11086] FAULT_INJECTION: forcing a failure. [ 255.975845][T11086] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 255.989667][T11086] CPU: 0 UID: 0 PID: 11086 Comm: syz.3.1689 Not tainted 6.12.0-rc5-syzkaller-01187-ga84e8c05f583 #0 [ 256.000472][T11086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 256.010654][T11086] Call Trace: [ 256.013945][T11086] [ 256.016871][T11086] dump_stack_lvl+0x241/0x360 [ 256.021555][T11086] ? __pfx_dump_stack_lvl+0x10/0x10 [ 256.026773][T11086] ? __pfx__printk+0x10/0x10 [ 256.031362][T11086] ? snprintf+0xda/0x120 [ 256.035600][T11086] should_fail_ex+0x3b0/0x4e0 [ 256.040273][T11086] _copy_to_user+0x31/0xb0 [ 256.044689][T11086] simple_read_from_buffer+0xca/0x150 [ 256.050079][T11086] proc_fail_nth_read+0x1e9/0x250 [ 256.055139][T11086] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 256.060696][T11086] ? rw_verify_area+0x55e/0x6f0 [ 256.065549][T11086] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 256.071103][T11086] vfs_read+0x1fc/0xb70 [ 256.075270][T11086] ? fdget_pos+0x24e/0x320 [ 256.079687][T11086] ? __pfx_vfs_read+0x10/0x10 [ 256.084372][T11086] ? __fget_files+0x3f3/0x470 [ 256.089076][T11086] ? fdget_pos+0x24e/0x320 [ 256.093492][T11086] ksys_read+0x183/0x2b0 [ 256.097732][T11086] ? __pfx_ksys_read+0x10/0x10 [ 256.102510][T11086] ? do_syscall_64+0x100/0x230 [ 256.107279][T11086] ? do_syscall_64+0xb6/0x230 [ 256.111952][T11086] do_syscall_64+0xf3/0x230 [ 256.116451][T11086] ? clear_bhb_loop+0x35/0x90 [ 256.121129][T11086] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.127037][T11086] RIP: 0033:0x7fe8b117d15c [ 256.131448][T11086] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 256.151053][T11086] RSP: 002b:00007fe8b1fd7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 256.159470][T11086] RAX: ffffffffffffffda RBX: 00007fe8b1336058 RCX: 00007fe8b117d15c [ 256.167438][T11086] RDX: 000000000000000f RSI: 00007fe8b1fd70a0 RDI: 0000000000000004 [ 256.175404][T11086] RBP: 00007fe8b1fd7090 R08: 0000000000000000 R09: 0000000000000000 [ 256.183371][T11086] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000001 [ 256.191355][T11086] R13: 0000000000000001 R14: 00007fe8b1336058 R15: 00007fffba54ffd8 [ 256.199355][T11086] [ 257.935065][T11093] netlink: 'syz.1.1692': attribute type 1 has an invalid length. [ 258.052995][T11092] bond22: (slave veth59): Enslaving as a backup interface with a down link [ 258.187108][T11102] netlink: 'syz.0.1694': attribute type 1 has an invalid length. [ 258.250765][ T6053] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.280319][T11102] bond9: (slave veth31): Enslaving as a backup interface with a down link [ 258.301812][T11102] bond9: (slave veth33): Enslaving as a backup interface with a down link [ 258.550532][ T6053] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.604110][ T6053] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.666462][ T6053] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.812317][T11115] netlink: 'syz.0.1697': attribute type 1 has an invalid length. [ 258.847338][T11115] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1697'. [ 258.858959][ T6053] bridge_slave_1: left allmulticast mode [ 258.864635][ T6053] bridge_slave_1: left promiscuous mode [ 258.887135][ T6053] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.910767][ T6053] bridge_slave_0: left allmulticast mode [ 258.918271][ T6053] bridge_slave_0: left promiscuous mode [ 258.924013][ T6053] bridge0: port 1(bridge_slave_0) entered disabled state [ 258.949986][T11121] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1699'. [ 259.002405][T11124] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1698'. [ 259.199233][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 259.210540][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 259.225138][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 259.235169][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 259.249355][ T5845] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 259.264726][T11133] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1698'. [ 259.274509][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 259.651938][ T6053] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 259.681637][ T6053] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 259.703505][ T6053] bond0 (unregistering): Released all slaves [ 259.772369][T11121] netlink: 'syz.3.1699': attribute type 2 has an invalid length. [ 259.805674][T11127] netlink: 'syz.4.1701': attribute type 1 has an invalid length. [ 259.866824][T11139] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1704'. [ 259.888630][T11127] workqueue: Failed to create a rescuer kthread for wq "bond17": -EINTR [ 260.010808][T11145] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1706'. [ 260.038229][T11137] dvmrp0: entered allmulticast mode [ 260.145279][T11128] lo speed is unknown, defaulting to 1000 [ 260.156605][T11149] netlink: 'syz.3.1708': attribute type 1 has an invalid length. [ 260.308585][T11149] bond16: (slave veth33): Enslaving as a backup interface with a down link [ 260.355104][T11159] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1710'. [ 260.382367][ T6053] hsr_slave_0: left promiscuous mode [ 260.389071][ T6053] hsr_slave_1: left promiscuous mode [ 260.395381][ T6053] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 260.403513][ T6053] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 260.412333][ T6053] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 260.420472][ T6053] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 260.449659][ T6053] veth1_macvtap: left promiscuous mode [ 260.455542][ T6053] veth0_macvtap: left promiscuous mode [ 260.461367][ T6053] veth1_vlan: left promiscuous mode [ 260.466803][ T6053] veth0_vlan: left promiscuous mode [ 261.146382][ T6053] team0 (unregistering): Port device team_slave_1 removed [ 261.230793][ T6053] team0 (unregistering): Port device team_slave_0 removed [ 261.388471][ T5845] Bluetooth: hci2: command tx timeout [ 262.071869][T11128] chnl_net:caif_netlink_parms(): no params data found [ 262.190882][T11189] netlink: 'syz.4.1718': attribute type 1 has an invalid length. [ 262.319380][T11198] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1719'. [ 262.333788][T11194] bond17: (slave veth39): Enslaving as a backup interface with a down link [ 262.364053][T11198] batadv_slave_1: entered promiscuous mode [ 262.440191][T11128] bridge0: port 1(bridge_slave_0) entered blocking state [ 262.447329][T11128] bridge0: port 1(bridge_slave_0) entered disabled state [ 262.469094][T11128] bridge_slave_0: entered allmulticast mode [ 262.476722][T11128] bridge_slave_0: entered promiscuous mode [ 262.497682][T11193] batadv_slave_1: left promiscuous mode [ 262.518771][T11128] bridge0: port 2(bridge_slave_1) entered blocking state [ 262.528807][T11128] bridge0: port 2(bridge_slave_1) entered disabled state [ 262.536235][T11128] bridge_slave_1: entered allmulticast mode [ 262.544144][T11128] bridge_slave_1: entered promiscuous mode [ 262.581003][T11128] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 262.604547][T11128] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 262.630075][T11212] netlink: 'syz.3.1722': attribute type 3 has an invalid length. [ 262.667440][T11128] team0: Port device team_slave_0 added [ 262.685744][T11128] team0: Port device team_slave_1 added [ 262.767161][T11221] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1724'. [ 262.811299][T11128] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 262.824320][T11128] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 262.873899][T11128] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 262.951010][T11128] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 262.958205][T11128] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 263.004039][T11128] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 263.197559][T11224] veth0_vlan: left promiscuous mode [ 263.468233][ T5845] Bluetooth: hci2: command tx timeout [ 263.585952][T11220] delete_channel: no stack [ 263.682292][T11128] hsr_slave_0: entered promiscuous mode [ 263.695287][T11128] hsr_slave_1: entered promiscuous mode [ 263.823723][T11240] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1728'. [ 263.847800][T11239] sch_tbf: peakrate 8 is lower than or equals to rate 12 ! [ 264.038931][T11255] netlink: 'syz.3.1730': attribute type 4 has an invalid length. [ 264.227398][T11262] netlink: 'syz.1.1736': attribute type 1 has an invalid length. [ 264.334478][T11262] bond23: (slave veth61): Enslaving as a backup interface with a down link [ 264.459802][T11271] tipc: Enabling of bearer rejected, failed to enable media [ 264.473901][T11273] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1739'. [ 264.554246][T11128] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 264.595434][T11128] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 264.624033][T11128] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 264.653862][T11128] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 264.797003][T11290] lo speed is unknown, defaulting to 1000 [ 264.816504][T11293] netlink: 'syz.4.1744': attribute type 10 has an invalid length. [ 264.844829][T11293] netdevsim netdevsim4 netdevsim0: left allmulticast mode [ 264.857259][T11293] team0: Device netdevsim0 is of different type [ 264.887345][T11296] netlink: 'syz.4.1744': attribute type 10 has an invalid length. [ 264.911028][T11296] bond0: (slave netdevsim0): refused to change device type [ 264.932827][T11298] FAULT_INJECTION: forcing a failure. [ 264.932827][T11298] name failslab, interval 1, probability 0, space 0, times 0 [ 264.954949][T11128] 8021q: adding VLAN 0 to HW filter on device bond0 [ 264.968167][T11298] CPU: 0 UID: 0 PID: 11298 Comm: syz.1.1746 Not tainted 6.12.0-rc5-syzkaller-01187-ga84e8c05f583 #0 [ 264.978980][T11298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 264.988909][T11128] 8021q: adding VLAN 0 to HW filter on device team0 [ 264.989033][T11298] Call Trace: [ 264.998919][T11298] [ 265.001874][T11298] dump_stack_lvl+0x241/0x360 [ 265.006590][T11298] ? __pfx_dump_stack_lvl+0x10/0x10 [ 265.011822][T11298] ? __pfx__printk+0x10/0x10 [ 265.016449][T11298] ? kmem_cache_alloc_noprof+0x44/0x2a0 [ 265.022033][T11298] ? __pfx___might_resched+0x10/0x10 [ 265.027346][T11298] ? __kvmalloc_node_noprof+0x72/0x190 [ 265.032834][T11298] should_fail_ex+0x3b0/0x4e0 [ 265.037542][T11298] ? __proc_create+0x44f/0xa50 [ 265.042335][T11298] should_failslab+0xac/0x100 [ 265.047044][T11298] ? __proc_create+0x44f/0xa50 [ 265.051836][T11298] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 265.052180][T11128] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 265.057219][T11298] __proc_create+0x44f/0xa50 [ 265.057251][T11298] ? __pfx___proc_create+0x10/0x10 [ 265.057281][T11298] proc_create_data+0x128/0x2c0 [ 265.079751][T11128] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 265.082204][T11298] ? __pfx_proc_create_data+0x10/0x10 [ 265.082234][T11298] ? __kmalloc_node_noprof+0x247/0x440 [ 265.103436][T11298] ? recent_mt_check+0x56b/0xbc0 [ 265.108410][T11298] recent_mt_check+0x875/0xbc0 [ 265.113222][T11298] ? __pfx_recent_mt_check+0x10/0x10 [ 265.118539][T11298] ? recent_mt_check_v0+0xad/0x120 [ 265.123691][T11298] recent_mt_check_v0+0xce/0x120 [ 265.128668][T11298] ? __pfx_recent_mt_check_v0+0x10/0x10 [ 265.134275][T11298] ? rcu_is_watching+0x15/0xb0 [ 265.139073][T11298] ? trace_contention_end+0x3c/0x120 [ 265.144387][T11298] ? __mutex_lock+0x2ef/0xd70 [ 265.149096][T11298] xt_check_match+0x368/0xa40 [ 265.153808][T11298] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 265.159818][T11298] ? __pfx_xt_check_match+0x10/0x10 [ 265.165058][T11298] ? xt_find_match+0x1d3/0x210 [ 265.169854][T11298] translate_table+0x15c5/0x2260 [ 265.174844][T11298] ? __pfx_translate_table+0x10/0x10 [ 265.180161][T11298] ? __might_fault+0xaa/0x120 [ 265.184874][T11298] ? __pfx_lock_release+0x10/0x10 [ 265.189937][T11298] ? __might_fault+0xc6/0x120 [ 265.194645][T11298] ? _copy_from_user+0x99/0xc0 [ 265.199442][T11298] ? copy_from_sockptr_offset+0x6b/0xb0 [ 265.205017][T11298] do_ipt_set_ctl+0xe3d/0x1250 [ 265.209815][T11298] ? __pfx___might_resched+0x10/0x10 [ 265.215136][T11298] ? __pfx_do_ipt_set_ctl+0x10/0x10 [ 265.220376][T11298] ? __pfx_lock_release+0x10/0x10 [ 265.225447][T11298] ? __mutex_unlock_slowpath+0x21d/0x750 [ 265.231103][T11298] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 265.236511][T11298] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 265.242513][T11298] ? aa_sk_perm+0x96d/0xab0 [ 265.247056][T11298] ? __pfx_aa_sk_perm+0x10/0x10 [ 265.251935][T11298] nf_setsockopt+0x295/0x2c0 [ 265.256561][T11298] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 265.262479][T11298] do_sock_setsockopt+0x3af/0x720 [ 265.267544][T11298] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 265.273106][T11298] ? __fget_files+0x29/0x470 [ 265.277692][T11298] ? __fget_files+0x3f3/0x470 [ 265.282382][T11298] ? __fget_files+0x29/0x470 [ 265.287022][T11298] __sys_setsockopt+0x1a2/0x250 [ 265.291909][T11298] __x64_sys_setsockopt+0xb5/0xd0 [ 265.296968][T11298] do_syscall_64+0xf3/0x230 [ 265.301509][T11298] ? clear_bhb_loop+0x35/0x90 [ 265.306195][T11298] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.312110][T11298] RIP: 0033:0x7f56f937e719 [ 265.316516][T11298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.336118][T11298] RSP: 002b:00007f56fa24d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 265.344529][T11298] RAX: ffffffffffffffda RBX: 00007f56f9535f80 RCX: 00007f56f937e719 [ 265.352672][T11298] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003 [ 265.360636][T11298] RBP: 00007f56fa24d090 R08: 0000000000000400 R09: 0000000000000000 [ 265.368600][T11298] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001 [ 265.376577][T11298] R13: 0000000000000000 R14: 00007f56f9535f80 R15: 00007ffdc15749b8 [ 265.384553][T11298] [ 265.398587][ T6048] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.405738][ T6048] bridge0: port 1(bridge_slave_0) entered forwarding state [ 265.416479][ T6048] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.423664][ T6048] bridge0: port 2(bridge_slave_1) entered forwarding state [ 265.540811][ T5845] Bluetooth: hci2: command tx timeout [ 265.759296][T11310] netlink: 'syz.0.1750': attribute type 1 has an invalid length. [ 265.771640][T11313] netlink: 'syz.3.1752': attribute type 1 has an invalid length. [ 265.798125][T11313] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1752'. [ 265.842868][T11128] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 265.955209][T11310] bond10: (slave veth35): Enslaving as a backup interface with a down link [ 266.008861][T11128] veth0_vlan: entered promiscuous mode [ 266.054220][T11128] veth1_vlan: entered promiscuous mode [ 266.097263][T11128] veth0_macvtap: entered promiscuous mode [ 266.106719][T11128] veth1_macvtap: entered promiscuous mode [ 266.153368][T11128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 266.178370][T11128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 266.199691][T11128] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 266.234160][T11128] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 266.258433][T11128] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 266.279589][T11128] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 266.308869][T11128] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.317622][T11128] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.344874][T11128] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.354063][T11128] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.454102][T11340] netlink: 'syz.1.1761': attribute type 4 has an invalid length. [ 266.475149][ T6050] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 266.499532][ T6050] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 266.564897][ T6053] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 266.577556][ T6053] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 266.682785][T11349] netlink: 'syz.1.1763': attribute type 2 has an invalid length. [ 266.793502][T11355] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1765'. [ 266.826423][T11355] gretap1: entered promiscuous mode [ 266.980674][T11359] netlink: 'syz.0.1767': attribute type 1 has an invalid length. [ 267.071393][T11359] bond11: (slave veth37): Enslaving as a backup interface with a down link [ 267.119974][T11359] bond11: (slave veth39): Enslaving as a backup interface with a down link [ 267.159001][T11368] bridge_slave_0: left allmulticast mode [ 267.164700][T11368] bridge_slave_0: left promiscuous mode [ 267.195669][T11368] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.213178][T11368] bridge_slave_1: left allmulticast mode [ 267.221225][T11368] bridge_slave_1: left promiscuous mode [ 267.226979][T11368] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.245232][T11368] bond0: (slave bond_slave_0): Releasing backup interface [ 267.273415][T11368] bond0: (slave bond_slave_1): Releasing backup interface [ 267.310986][T11368] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 267.319824][T11368] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 267.330840][T11368] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 267.339047][T11368] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 267.356266][T11368] bond1: (slave veth3): Releasing backup interface [ 267.364229][T11368] bond1: (slave veth3): the permanent HWaddr of slave - 3e:3c:eb:74:42:76 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 267.423422][T11368] bond1: (slave veth5): Releasing backup interface [ 267.440912][T11368] bond2: (slave veth7): Releasing backup interface [ 267.461395][T11368] bond3: (slave veth9): Releasing backup interface [ 267.479417][T11368] bond3: (slave veth9): the permanent HWaddr of slave - e2:60:d9:97:29:1b - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 267.510081][T11368] bond3: (slave veth11): Releasing backup interface [ 267.540726][T11368] bond4: (slave veth13): Releasing backup interface [ 267.560440][T11368] bond5: (slave veth15): Releasing backup interface [ 267.575677][T11368] bond7: (slave veth17): Releasing backup interface [ 267.595240][T11368] bond8: (slave veth19): Releasing backup interface [ 267.612619][T11368] bond9: (slave veth21): Releasing backup interface [ 267.632114][T11368] bond10: (slave veth23): Releasing backup interface [ 267.651136][T11368] bond11: (slave veth25): Releasing backup interface [ 267.658107][T11368] bond11: (slave veth25): the permanent HWaddr of slave - 2e:34:d8:2e:d9:0c - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 267.686510][T11368] bond11: (slave veth27): Releasing backup interface [ 267.718817][T11368] bond0: (slave veth29): Releasing backup interface [ 267.745681][T11368] bond0: (slave veth31): Releasing backup interface [ 267.763013][T11368] bond12: (slave veth33): Releasing backup interface [ 267.796441][T11368] bond13: (slave veth35): Releasing backup interface [ 267.840291][T11368] bond14: (slave veth37): Releasing backup interface [ 267.873843][T11368] bond16: (slave veth39): Releasing backup interface [ 267.933908][T11368] bond17: (slave veth41): Releasing backup interface [ 267.940997][T11368] bond17: (slave veth41): the permanent HWaddr of slave - 46:7f:aa:e1:23:2f - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 267.964352][T11368] bond17: (slave veth43): Releasing backup interface [ 267.991609][T11368] bond18: (slave veth45): Releasing backup interface [ 268.006232][T11368] bond19: (slave veth47): Releasing backup interface [ 268.029095][T11368] bond20: (slave veth49): Releasing backup interface [ 268.036331][T11368] bond20: (slave veth49): the permanent HWaddr of slave - 66:17:2e:b0:f9:c8 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 268.067257][T11368] bond20: (slave veth51): Releasing backup interface [ 268.083049][T11368] bond21: (slave veth53): Releasing backup interface [ 268.089961][T11368] bond21: (slave veth53): the permanent HWaddr of slave - 2e:f6:8b:ea:00:f5 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 268.116669][T11368] bond21: (slave veth55): Releasing backup interface [ 268.132013][T11368] bond0: (slave macvlan3): Releasing backup interface [ 268.158931][T11368] bridge0: left promiscuous mode [ 268.183480][T11368] bond22: (slave veth59): Releasing backup interface [ 268.197117][T11368] bond23: (slave veth61): Releasing backup interface [ 268.226464][T11364] wg2: entered promiscuous mode [ 268.247598][T11369] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1769'. [ 268.350653][ T6050] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 268.814837][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 268.829874][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 268.837928][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 268.846404][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 268.854986][ T5858] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 268.862453][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 268.890717][T11393] lo speed is unknown, defaulting to 1000 [ 268.934120][T11395] nbd: device at index 0 is going down [ 268.946583][T11397] netlink: 'syz.1.1778': attribute type 1 has an invalid length. [ 268.957046][T11397] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1778'. [ 269.000295][T11405] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1779'. [ 269.037301][T11405] netlink: 'syz.4.1779': attribute type 2 has an invalid length. [ 269.115132][ T6050] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 269.153392][T11393] chnl_net:caif_netlink_parms(): no params data found [ 269.225919][T11413] netlink: 'syz.1.1780': attribute type 1 has an invalid length. [ 269.292394][T11409] bond24: (slave veth63): Enslaving as a backup interface with a down link [ 269.311909][T11409] bond24: (slave veth65): Enslaving as a backup interface with a down link [ 269.372144][T11393] bridge0: port 1(bridge_slave_0) entered blocking state [ 269.380655][T11393] bridge0: port 1(bridge_slave_0) entered disabled state [ 269.406776][T11393] bridge_slave_0: entered allmulticast mode [ 269.428828][T11393] bridge_slave_0: entered promiscuous mode [ 269.461403][ T6050] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 269.473709][T11393] bridge0: port 2(bridge_slave_1) entered blocking state [ 269.481949][T11393] bridge0: port 2(bridge_slave_1) entered disabled state [ 269.490014][T11393] bridge_slave_1: entered allmulticast mode [ 269.499264][T11393] bridge_slave_1: entered promiscuous mode [ 269.507305][T11426] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 269.531236][T11426] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 54008 - 0 [ 269.547815][T11426] netdevsim netdevsim1 eth3 (unregistering): unset [1, 1] type 2 family 0 port 43146 - 0 [ 269.575580][T11426] netdevsim netdevsim1 eth3 (unregistering): unset [1, 2] type 2 family 0 port 6081 - 0 [ 269.607331][T11432] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1785'. [ 269.660958][ T6050] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 269.701595][T11426] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 269.726814][T11426] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 54008 - 0 [ 269.751834][T11426] netdevsim netdevsim1 eth2 (unregistering): unset [1, 1] type 2 family 0 port 43146 - 0 [ 269.769315][T11426] netdevsim netdevsim1 eth2 (unregistering): unset [1, 2] type 2 family 0 port 6081 - 0 [ 269.804696][T11393] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 269.817257][T11393] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 269.833528][T11426] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 269.844102][T11426] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 54008 - 0 [ 269.855307][T11426] netdevsim netdevsim1 eth1 (unregistering): unset [1, 1] type 2 family 0 port 43146 - 0 [ 269.865653][T11426] netdevsim netdevsim1 eth1 (unregistering): unset [1, 2] type 2 family 0 port 6081 - 0 [ 269.918769][T11393] team0: Port device team_slave_0 added [ 269.929418][T11393] team0: Port device team_slave_1 added [ 269.963036][T11426] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 269.978477][T11426] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 54008 - 0 [ 269.991955][T11426] netdevsim netdevsim1 eth0 (unregistering): unset [1, 1] type 2 family 0 port 43146 - 0 [ 270.002798][T11426] netdevsim netdevsim1 eth0 (unregistering): unset [1, 2] type 2 family 0 port 6081 - 0 [ 270.008258][T11440] x_tables: duplicate underflow at hook 3 [ 270.050814][T11393] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 270.068114][T11393] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 270.096068][T11442] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input6 [ 270.107254][T11393] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 270.149593][T11393] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 270.156572][T11393] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 270.186205][T11393] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 270.238604][ T6050] bridge_slave_1: left allmulticast mode [ 270.248146][ T6050] bridge_slave_1: left promiscuous mode [ 270.256640][ T6050] bridge0: port 2(bridge_slave_1) entered disabled state [ 270.267401][ T6050] bridge_slave_0: left allmulticast mode [ 270.274534][ T6050] bridge_slave_0: left promiscuous mode [ 270.280965][ T6050] bridge0: port 1(bridge_slave_0) entered disabled state [ 270.662024][ T6050] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 270.675781][ T6050] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 270.687778][ T6050] bond0 (unregistering): Released all slaves [ 270.707390][T11444] netlink: 'syz.0.1791': attribute type 1 has an invalid length. [ 270.813126][T11449] bond12: (slave veth41): Enslaving as a backup interface with a down link [ 270.928776][T11426] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 270.937010][T11426] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 54008 - 0 [ 270.966481][T11458] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1793'. [ 270.967893][T11426] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 43146 - 0 [ 270.978419][ T5845] Bluetooth: hci2: command tx timeout [ 270.992014][T11426] netdevsim netdevsim1 eth0: set [1, 2] type 2 family 0 port 6081 - 0 [ 271.026438][T11426] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 271.036251][T11426] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 54008 - 0 [ 271.045403][T11426] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 43146 - 0 [ 271.054108][T11426] netdevsim netdevsim1 eth1: set [1, 2] type 2 family 0 port 6081 - 0 [ 271.065429][T11461] netlink: 'syz.3.1794': attribute type 1 has an invalid length. [ 271.123723][T11393] hsr_slave_0: entered promiscuous mode [ 271.164382][T11393] hsr_slave_1: entered promiscuous mode [ 271.180750][T11393] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 271.194459][T11393] Cannot create hsr debugfs directory [ 271.207658][T11426] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 271.216433][T11426] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 54008 - 0 [ 271.233025][T11426] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 43146 - 0 [ 271.246836][T11426] netdevsim netdevsim1 eth2: set [1, 2] type 2 family 0 port 6081 - 0 [ 271.288794][T11454] bond17: (slave veth35): Enslaving as a backup interface with a down link [ 271.312716][T11465] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1797'. [ 271.492754][T11426] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 271.507950][T11426] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 54008 - 0 [ 271.517426][T11426] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 43146 - 0 [ 271.532844][T11426] netdevsim netdevsim1 eth3: set [1, 2] type 2 family 0 port 6081 - 0 [ 271.647337][ T6050] hsr_slave_0: left promiscuous mode [ 271.667267][ T6050] hsr_slave_1: left promiscuous mode [ 271.674280][ T6050] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 271.682452][ T6050] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 271.691546][ T6050] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 271.704117][ T6050] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 271.745047][ T6050] veth1_macvtap: left promiscuous mode [ 271.751691][ T6050] veth0_macvtap: left promiscuous mode [ 271.757367][ T6050] veth1_vlan: left promiscuous mode [ 271.762874][ T6050] veth0_vlan: left promiscuous mode [ 272.258331][ T6050] team0 (unregistering): Port device team_slave_1 removed [ 272.300697][ T6050] team0 (unregistering): Port device team_slave_0 removed [ 272.713654][T11487] netlink: 'syz.4.1801': attribute type 1 has an invalid length. [ 272.722875][T11487] workqueue: Failed to create a rescuer kthread for wq "bond18": -EINTR [ 272.756894][T11489] dvmrp0: entered allmulticast mode [ 272.943907][T11498] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 272.979854][T11501] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1806'. [ 273.003901][T11501] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1806'. [ 273.073343][ T5845] Bluetooth: hci2: command tx timeout [ 273.090246][T11510] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1806'. [ 273.140289][T11512] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1809'. [ 273.261362][T11517] syz.1.1808[11517] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 273.261463][T11517] syz.1.1808[11517] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 273.265751][T11519] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1810'. [ 273.302153][T11517] syz.1.1808[11517] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 273.571752][T11530] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1815'. [ 273.659662][T11530] bond25: entered promiscuous mode [ 273.979462][T11393] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 273.986555][T11546] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1820'. [ 274.042160][T11393] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 274.065921][T11551] netlink: 'syz.1.1820': attribute type 2 has an invalid length. [ 274.085797][T11393] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 274.117588][T11393] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 274.309517][T11393] 8021q: adding VLAN 0 to HW filter on device bond0 [ 274.355162][T11393] 8021q: adding VLAN 0 to HW filter on device team0 [ 274.379824][ T6052] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.386969][ T6052] bridge0: port 1(bridge_slave_0) entered forwarding state [ 274.405033][ T3537] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.412212][ T3537] bridge0: port 2(bridge_slave_1) entered forwarding state [ 274.646613][T11588] __nla_validate_parse: 6 callbacks suppressed [ 274.646634][T11588] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1835'. [ 274.780278][T11594] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 274.827666][T11596] netlink: 'syz.1.1839': attribute type 1 has an invalid length. [ 274.865125][T11393] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 274.903164][T11598] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1837'. [ 274.946507][T11596] bond26: (slave veth67): Enslaving as a backup interface with a down link [ 274.968793][T11393] veth0_vlan: entered promiscuous mode [ 274.994004][T11393] veth1_vlan: entered promiscuous mode [ 275.071047][T11393] veth0_macvtap: entered promiscuous mode [ 275.080072][T11609] tipc: Enabling of bearer rejected, failed to enable media [ 275.110563][T11393] veth1_macvtap: entered promiscuous mode [ 275.147674][ T5845] Bluetooth: hci2: command tx timeout [ 275.161624][T11393] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 275.174626][T11393] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 275.186050][T11393] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.195205][T11393] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.210337][T11393] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.223582][T11393] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.254779][T11613] netlink: 'syz.0.1844': attribute type 5 has an invalid length. [ 275.344376][ T6056] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 275.352714][ T6056] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 275.441655][ T6056] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 275.450464][ T6056] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 275.675132][T11629] netlink: 'syz.0.1851': attribute type 1 has an invalid length. [ 275.770728][T11638] bond13: (slave veth43): Enslaving as a backup interface with a down link [ 275.829560][T11638] bond13: (slave veth45): Enslaving as a backup interface with a down link [ 275.839406][T11640] sch_tbf: peakrate 64 is lower than or equals to rate 4294967295 ! [ 275.848423][T11642] netlink: 'syz.3.1857': attribute type 4 has an invalid length. [ 275.857380][T11642] hsr0: entered promiscuous mode [ 275.948970][T11644] netlink: 'syz.1.1858': attribute type 2 has an invalid length. [ 276.161048][T11654] xt_cgroup: invalid path, errno=-2 [ 276.426399][T11666] netlink: 'syz.1.1868': attribute type 12 has an invalid length. [ 276.448059][T11668] netlink: 'syz.3.1869': attribute type 1 has an invalid length. [ 276.503923][T11668] bond18: (slave veth39): Enslaving as a backup interface with a down link [ 276.544591][T11668] bond18: (slave veth41): Enslaving as a backup interface with a down link [ 276.597319][T11674] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1871'. [ 276.631010][T11674] bond0: option use_carrier: invalid value (6) [ 276.700163][T11681] netlink: 'syz.3.1873': attribute type 4 has an invalid length. [ 276.812958][ T6050] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 277.698900][T11697] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1876'. [ 277.858386][ T6050] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 277.908645][T11702] bridge3: entered promiscuous mode [ 277.928009][T11702] bridge3: entered allmulticast mode [ 277.951420][T11702] team0: Device bridge3 is of different type [ 277.965831][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 277.975644][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 277.983506][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 277.992149][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 278.005282][ T5858] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 278.014510][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 278.110562][T11707] netlink: 'syz.3.1879': attribute type 10 has an invalid length. [ 278.138124][T11707] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 278.206560][ T6050] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.226836][T11709] bridge0: port 1(ip6gretap0) entered blocking state [ 278.237604][T11709] bridge0: port 1(ip6gretap0) entered disabled state [ 278.264236][T11709] ip6gretap0: entered allmulticast mode [ 278.276611][T11709] ip6gretap0: entered promiscuous mode [ 278.283200][T11709] bridge0: port 1(ip6gretap0) entered blocking state [ 278.290028][T11709] bridge0: port 1(ip6gretap0) entered listening state [ 278.334940][ T6050] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.362740][T11708] lo speed is unknown, defaulting to 1000 [ 278.699220][ T6050] bridge_slave_1: left allmulticast mode [ 278.705065][ T6050] bridge_slave_1: left promiscuous mode [ 278.711846][ T6050] bridge0: port 2(bridge_slave_1) entered disabled state [ 278.723407][ T6050] bridge_slave_0: left allmulticast mode [ 278.730377][ T6050] bridge_slave_0: left promiscuous mode [ 278.740157][ T6050] bridge0: port 1(bridge_slave_0) entered disabled state [ 279.310231][ T6050] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 279.323719][ T6050] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 279.335802][ T6050] bond0 (unregistering): Released all slaves [ 279.376068][T11708] chnl_net:caif_netlink_parms(): no params data found [ 279.396108][T11742] netlink: 'syz.3.1888': attribute type 4 has an invalid length. [ 279.860033][T11708] bridge0: port 1(bridge_slave_0) entered blocking state [ 279.867208][T11708] bridge0: port 1(bridge_slave_0) entered disabled state [ 279.874560][T11708] bridge_slave_0: entered allmulticast mode [ 279.882842][T11708] bridge_slave_0: entered promiscuous mode [ 279.890918][T11708] bridge0: port 2(bridge_slave_1) entered blocking state [ 279.898110][T11708] bridge0: port 2(bridge_slave_1) entered disabled state [ 279.905313][T11708] bridge_slave_1: entered allmulticast mode [ 279.912475][T11708] bridge_slave_1: entered promiscuous mode [ 280.020451][T11769] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1893'. [ 280.094579][T11775] netlink: 'syz.1.1895': attribute type 1 has an invalid length. [ 280.102487][ T5858] Bluetooth: hci2: command tx timeout [ 280.124784][T11786] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1896'. [ 280.161908][T11786] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1896'. [ 280.194560][T11778] bond27: (slave veth69): Enslaving as a backup interface with a down link [ 280.211838][T11784] vlan0: entered promiscuous mode [ 280.236542][T11776] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1894'. [ 280.305790][ T6050] hsr_slave_0: left promiscuous mode [ 280.337630][ T6050] hsr_slave_1: left promiscuous mode [ 280.344508][T11783] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1894'. [ 280.351640][T11800] openvswitch: netlink: Key 2 has unexpected len 0 expected 4 [ 280.385978][ T6050] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 280.393757][ T6050] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 280.428921][ T6050] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 280.436375][ T6050] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 280.463700][ T6050] veth1_macvtap: left promiscuous mode [ 280.469634][ T6050] veth0_macvtap: left promiscuous mode [ 280.475229][ T6050] veth1_vlan: left promiscuous mode [ 280.480599][ T6050] veth0_vlan: left promiscuous mode [ 281.047233][ T6050] team0 (unregistering): Port device team_slave_1 removed [ 281.091563][ T6050] team0 (unregistering): Port device team_slave_0 removed [ 281.507744][T11708] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 281.524008][T11790] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1894'. [ 281.657236][T11708] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 281.783023][T11708] team0: Port device team_slave_0 added [ 281.799442][T11708] team0: Port device team_slave_1 added [ 281.954846][T11824] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1906'. [ 281.997285][T11819] netlink: 244 bytes leftover after parsing attributes in process `syz.4.1907'. [ 282.029889][T11708] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 282.068691][T11708] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 282.138025][T11708] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 282.161187][T11708] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 282.181251][T11708] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 282.183797][ T5858] Bluetooth: hci2: command tx timeout [ 282.224459][T11708] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 282.271397][T11818] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1906'. [ 282.298156][T11813] netlink: 288 bytes leftover after parsing attributes in process `syz.1.1904'. [ 282.440001][T11708] hsr_slave_0: entered promiscuous mode [ 282.463101][T11708] hsr_slave_1: entered promiscuous mode [ 282.739544][T11851] netlink: 'syz.4.1917': attribute type 1 has an invalid length. [ 282.834196][T11851] bond18: (slave veth41): Enslaving as a backup interface with a down link [ 282.864552][T11851] bond18: (slave veth43): Enslaving as a backup interface with a down link [ 282.874042][T11860] siw: device registration error -23 [ 282.892472][T11860] sch_tbf: peakrate 64 is lower than or equals to rate 4294967295 ! [ 283.058113][T11708] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 283.067751][T11708] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 283.077462][T11708] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 283.105491][T11708] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 283.242281][T11872] netlink: 'syz.4.1924': attribute type 2 has an invalid length. [ 283.262174][T11708] 8021q: adding VLAN 0 to HW filter on device bond0 [ 283.302847][T11708] 8021q: adding VLAN 0 to HW filter on device team0 [ 283.322787][ T6055] bridge0: port 1(bridge_slave_0) entered blocking state [ 283.329971][ T6055] bridge0: port 1(bridge_slave_0) entered forwarding state [ 283.354954][ T6056] bridge0: port 2(bridge_slave_1) entered blocking state [ 283.362122][ T6056] bridge0: port 2(bridge_slave_1) entered forwarding state [ 283.380396][T11874] netlink: 'syz.4.1925': attribute type 4 has an invalid length. [ 283.680412][T11887] netlink: 'syz.4.1927': attribute type 1 has an invalid length. [ 283.756803][T11708] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 283.850136][T11708] veth0_vlan: entered promiscuous mode [ 283.906579][T11895] bond19: entered promiscuous mode [ 283.931496][T11708] veth1_vlan: entered promiscuous mode [ 283.981397][T11895] 8021q: adding VLAN 0 to HW filter on device bond20 [ 283.989465][T11895] bond20: entered promiscuous mode [ 283.996504][T11895] bond19: (slave bond20): Enslaving as an active interface with an up link [ 284.130789][T11708] veth0_macvtap: entered promiscuous mode [ 284.152297][T11708] veth1_macvtap: entered promiscuous mode [ 284.180773][T11912] netlink: 'syz.3.1935': attribute type 2 has an invalid length. [ 284.237335][T11915] dvmrp0: entered allmulticast mode [ 284.266105][ T5858] Bluetooth: hci2: command tx timeout [ 284.305143][T11708] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 284.321222][T11922] bridge0: port 2(vlan4) entered blocking state [ 284.328742][T11922] bridge0: port 2(vlan4) entered disabled state [ 284.335184][T11922] vlan4: entered allmulticast mode [ 284.340400][T11922] dummy0: entered allmulticast mode [ 284.346777][T11922] vlan4: entered promiscuous mode [ 284.357396][T11922] dummy0: entered promiscuous mode [ 284.364432][T11922] bridge0: port 2(vlan4) entered blocking state [ 284.371209][T11922] bridge0: port 2(vlan4) entered listening state [ 284.422493][T11708] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 284.435742][T11708] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.445025][T11708] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.468127][T11708] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.488278][T11708] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.627267][ T3537] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 284.640445][ T3537] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 284.686408][ T3537] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 284.715043][ T3537] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 285.237027][T11949] netlink: 'syz.4.1951': attribute type 1 has an invalid length. [ 285.376346][T11949] bond21: (slave veth45): Enslaving as a backup interface with a down link [ 285.426798][T11961] __nla_validate_parse: 8 callbacks suppressed [ 285.426817][T11961] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1956'. [ 285.444568][T11959] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1955'. [ 285.487537][T11959] netlink: 'syz.1.1955': attribute type 2 has an invalid length. [ 285.551256][T11963] netlink: 'syz.0.1957': attribute type 1 has an invalid length. [ 285.580379][T11966] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0 [ 285.664456][T11963] bond14: (slave veth49): Enslaving as a backup interface with a down link [ 285.793584][T11978] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1962'. [ 285.916691][T11983] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1965'. [ 286.179166][ T6053] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 287.191890][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 287.206341][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 287.217698][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 287.244519][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 287.254041][T12008] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1970'. [ 287.254353][ T5845] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 287.277566][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 288.368905][ T6053] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.387053][T11998] netlink: 11 bytes leftover after parsing attributes in process `syz.4.1969'. [ 288.400358][T12001] netlink: 'syz.1.1970': attribute type 2 has an invalid length. [ 288.454309][T12003] lo speed is unknown, defaulting to 1000 [ 288.533398][ T6053] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.579078][T12014] netlink: 'syz.0.1972': attribute type 1 has an invalid length. [ 288.635147][T12012] bond15: (slave veth51): Enslaving as a backup interface with a down link [ 288.690822][ T6053] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.743149][T12012] bond15: (slave veth53): Enslaving as a backup interface with a down link [ 288.762110][T12024] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1976'. [ 288.926472][T12033] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 288.935193][ T6053] bridge_slave_1: left allmulticast mode [ 288.941352][ T6053] bridge_slave_1: left promiscuous mode [ 288.957286][ T6053] bridge0: port 2(bridge_slave_1) entered disabled state [ 288.977382][ T6053] bridge_slave_0: left allmulticast mode [ 288.988012][ T6053] bridge_slave_0: left promiscuous mode [ 288.995446][ T6053] bridge0: port 1(bridge_slave_0) entered disabled state [ 289.380964][ T5845] Bluetooth: hci2: command tx timeout [ 289.484547][ T6053] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 289.504457][ T6053] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 289.521883][ T6053] bond0 (unregistering): Released all slaves [ 289.536547][T12003] chnl_net:caif_netlink_parms(): no params data found [ 289.771394][T12056] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1983'. [ 289.954084][T12056] netlink: 'syz.4.1983': attribute type 2 has an invalid length. [ 290.000523][T12003] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.021859][T12003] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.037735][T12003] bridge_slave_0: entered allmulticast mode [ 290.048918][T12003] bridge_slave_0: entered promiscuous mode [ 290.057373][T12072] netlink: 'syz.0.1989': attribute type 1 has an invalid length. [ 290.122937][T12076] bond16: (slave veth55): Enslaving as a backup interface with a down link [ 290.141866][T12003] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.149231][T12003] bridge0: port 2(bridge_slave_1) entered disabled state [ 290.156633][T12003] bridge_slave_1: entered allmulticast mode [ 290.165996][T12003] bridge_slave_1: entered promiscuous mode [ 290.262091][T12003] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 290.291429][T12003] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 290.364056][ T6053] hsr_slave_0: left promiscuous mode [ 290.380378][ T6053] hsr_slave_1: left promiscuous mode [ 290.386621][ T6053] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 290.400685][ T6053] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 290.419717][ T6053] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 290.438080][ T6053] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 290.451180][T12086] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1991'. [ 290.498056][ T6053] veth1_macvtap: left promiscuous mode [ 290.503633][ T6053] veth0_macvtap: left promiscuous mode [ 290.518352][ T6053] veth1_vlan: left promiscuous mode [ 290.528141][ T6053] veth0_vlan: left promiscuous mode [ 291.144523][ T6053] team0 (unregistering): Port device team_slave_1 removed [ 291.252956][ T6053] team0 (unregistering): Port device team_slave_0 removed [ 291.458127][ T5845] Bluetooth: hci2: command tx timeout [ 292.053546][T12080] netlink: 160 bytes leftover after parsing attributes in process `syz.0.1991'. [ 292.084665][T12092] netlink: 'syz.4.1993': attribute type 1 has an invalid length. [ 292.104021][T12092] workqueue: Failed to create a rescuer kthread for wq "bond22": -EINTR [ 292.199659][T12003] team0: Port device team_slave_0 added [ 292.229037][T12003] team0: Port device team_slave_1 added [ 292.234876][T12108] netlink: 'syz.0.1997': attribute type 10 has an invalid length. [ 292.283062][T12108] : (slave bridge0): Enslaving as an active interface with an up link [ 292.400857][T12003] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 292.438060][T12003] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 292.531571][T12003] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 292.564838][T12003] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 292.593175][T12003] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 292.665686][T12003] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 292.681427][T12131] netlink: 244 bytes leftover after parsing attributes in process `syz.0.2006'. [ 292.691452][T12118] netlink: 'syz.3.2001': attribute type 1 has an invalid length. [ 292.761032][T12125] bond19: (slave veth43): Enslaving as a backup interface with a down link [ 293.256369][T12146] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2009'. [ 293.276349][T12149] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2011'. [ 293.289912][T12149] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2011'. [ 293.305306][T12155] netlink: 'syz.1.2013': attribute type 1 has an invalid length. [ 293.338823][T12155] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2013'. [ 293.365749][T12003] hsr_slave_0: entered promiscuous mode [ 293.371904][T12155] FAULT_INJECTION: forcing a failure. [ 293.371904][T12155] name failslab, interval 1, probability 0, space 0, times 0 [ 293.405923][T12003] hsr_slave_1: entered promiscuous mode [ 293.420391][T12155] CPU: 1 UID: 0 PID: 12155 Comm: syz.1.2013 Not tainted 6.12.0-rc5-syzkaller-01187-ga84e8c05f583 #0 [ 293.431198][T12155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 293.441275][T12155] Call Trace: [ 293.444582][T12155] [ 293.447538][T12155] dump_stack_lvl+0x241/0x360 [ 293.452256][T12155] ? __pfx_dump_stack_lvl+0x10/0x10 [ 293.457484][T12155] ? __pfx__printk+0x10/0x10 [ 293.462094][T12155] ? __kmalloc_node_track_caller_noprof+0xb2/0x440 [ 293.468596][T12155] ? __pfx___might_resched+0x10/0x10 [ 293.473891][T12155] should_fail_ex+0x3b0/0x4e0 [ 293.478941][T12155] should_failslab+0xac/0x100 [ 293.483638][T12155] __kmalloc_node_track_caller_noprof+0xda/0x440 [ 293.489993][T12155] ? kasprintf+0xd5/0x120 [ 293.494342][T12155] kvasprintf+0xdf/0x190 [ 293.498638][T12155] ? __pfx_kvasprintf+0x10/0x10 [ 293.503524][T12155] ? lockdep_unlock+0x16a/0x300 [ 293.508404][T12155] ? __pfx_lockdep_unlock+0x10/0x10 [ 293.513609][T12155] ? preempt_count_add+0x93/0x190 [ 293.518647][T12155] kasprintf+0xd5/0x120 [ 293.522814][T12155] ? __pfx_kasprintf+0x10/0x10 [ 293.527588][T12155] alloc_workqueue+0x121/0x210 [ 293.532364][T12155] ? __pfx_alloc_workqueue+0x10/0x10 [ 293.537669][T12155] ieee802154_register_hw+0x125/0x8d0 [ 293.543047][T12155] ? __pfx_ieee802154_register_hw+0x10/0x10 [ 293.548941][T12155] ? __kasan_kmalloc+0x98/0xb0 [ 293.553700][T12155] ? hwsim_add_one+0x34c/0x11d0 [ 293.558548][T12155] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 293.564107][T12155] hwsim_add_one+0x489/0x11d0 [ 293.568793][T12155] genl_rcv_msg+0xb14/0xec0 [ 293.573300][T12155] ? __pfx_genl_rcv_msg+0x10/0x10 [ 293.578350][T12155] ? __pfx_lock_acquire+0x10/0x10 [ 293.583381][T12155] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 293.588926][T12155] ? __pfx___might_resched+0x10/0x10 [ 293.594215][T12155] netlink_rcv_skb+0x1e3/0x430 [ 293.598982][T12155] ? __pfx_genl_rcv_msg+0x10/0x10 [ 293.604005][T12155] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 293.609309][T12155] genl_rcv+0x28/0x40 [ 293.613283][T12155] netlink_unicast+0x7f6/0x990 [ 293.618051][T12155] ? __pfx_netlink_unicast+0x10/0x10 [ 293.623345][T12155] ? __virt_addr_valid+0x183/0x530 [ 293.628473][T12155] ? __check_object_size+0x48e/0x900 [ 293.633787][T12155] netlink_sendmsg+0x8e4/0xcb0 [ 293.638581][T12155] ? __pfx_netlink_sendmsg+0x10/0x10 [ 293.643872][T12155] ? aa_sock_msg_perm+0x91/0x160 [ 293.648821][T12155] ? __pfx_netlink_sendmsg+0x10/0x10 [ 293.654110][T12155] __sock_sendmsg+0x221/0x270 [ 293.658796][T12155] ____sys_sendmsg+0x52a/0x7e0 [ 293.663575][T12155] ? __pfx_____sys_sendmsg+0x10/0x10 [ 293.668877][T12155] __sys_sendmsg+0x292/0x380 [ 293.673470][T12155] ? __pfx___sys_sendmsg+0x10/0x10 [ 293.678938][T12155] ? __pfx_vfs_write+0x10/0x10 [ 293.683732][T12155] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 293.690063][T12155] ? do_syscall_64+0x100/0x230 [ 293.694827][T12155] ? do_syscall_64+0xb6/0x230 [ 293.699501][T12155] do_syscall_64+0xf3/0x230 [ 293.704004][T12155] ? clear_bhb_loop+0x35/0x90 [ 293.708678][T12155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.714576][T12155] RIP: 0033:0x7f56f937e719 [ 293.718986][T12155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 293.738589][T12155] RSP: 002b:00007f56fa24d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 293.747003][T12155] RAX: ffffffffffffffda RBX: 00007f56f9535f80 RCX: 00007f56f937e719 [ 293.754972][T12155] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 293.762939][T12155] RBP: 00007f56fa24d090 R08: 0000000000000000 R09: 0000000000000000 [ 293.770903][T12155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 293.778871][T12155] R13: 0000000000000000 R14: 00007f56f9535f80 R15: 00007ffdc15749b8 [ 293.786851][T12155] [ 293.792223][ T5845] Bluetooth: hci2: command tx timeout [ 293.928957][T12169] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2016'. [ 293.986150][T12171] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 294.061229][T12176] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2020'. [ 294.086716][T12176] netlink: 'syz.3.2020': attribute type 2 has an invalid length. [ 294.109943][T12177] lo speed is unknown, defaulting to 1000 [ 294.470936][T12189] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2024'. [ 294.653813][T12199] x_tables: duplicate underflow at hook 3 [ 294.665396][T12199] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input7 [ 294.830649][T12003] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 294.892951][T12003] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 294.943785][T12209] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0 [ 294.953460][T12003] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 294.974443][T12003] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 295.859586][ T5845] Bluetooth: hci2: command tx timeout [ 297.169020][T12226] vlan5: entered promiscuous mode [ 297.194523][T12232] netlink: 'syz.0.2037': attribute type 1 has an invalid length. [ 297.349504][T12003] 8021q: adding VLAN 0 to HW filter on device bond0 [ 297.369506][T12229] __nla_validate_parse: 4 callbacks suppressed [ 297.369523][T12229] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2036'. [ 297.417281][T12229] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2036'. [ 297.431739][T12003] 8021q: adding VLAN 0 to HW filter on device team0 [ 297.479625][T12229] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2036'. [ 297.480435][ T6052] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.495837][ T6052] bridge0: port 1(bridge_slave_0) entered forwarding state [ 297.587397][T12244] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0 [ 297.601092][ T6052] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.608255][ T6052] bridge0: port 2(bridge_slave_1) entered forwarding state [ 297.629858][T12244] FAULT_INJECTION: forcing a failure. [ 297.629858][T12244] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 297.686327][T12244] CPU: 0 UID: 0 PID: 12244 Comm: syz.1.2041 Not tainted 6.12.0-rc5-syzkaller-01187-ga84e8c05f583 #0 [ 297.697237][T12244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 297.707325][T12244] Call Trace: [ 297.710629][T12244] [ 297.713591][T12244] dump_stack_lvl+0x241/0x360 [ 297.718309][T12244] ? __pfx_dump_stack_lvl+0x10/0x10 [ 297.723530][T12244] ? __pfx__printk+0x10/0x10 [ 297.728129][T12244] ? snprintf+0xda/0x120 [ 297.732373][T12244] should_fail_ex+0x3b0/0x4e0 [ 297.737049][T12244] _copy_to_user+0x31/0xb0 [ 297.741481][T12244] simple_read_from_buffer+0xca/0x150 [ 297.746862][T12244] proc_fail_nth_read+0x1e9/0x250 [ 297.751890][T12244] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 297.757437][T12244] ? rw_verify_area+0x55e/0x6f0 [ 297.762286][T12244] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 297.767840][T12244] vfs_read+0x1fc/0xb70 [ 297.772006][T12244] ? fdget_pos+0x24e/0x320 [ 297.776420][T12244] ? __pfx_vfs_read+0x10/0x10 [ 297.781100][T12244] ? __fget_files+0x3f3/0x470 [ 297.785779][T12244] ? fdget_pos+0x24e/0x320 [ 297.790195][T12244] ksys_read+0x183/0x2b0 [ 297.794438][T12244] ? __pfx_ksys_read+0x10/0x10 [ 297.799206][T12244] ? do_syscall_64+0x100/0x230 [ 297.803967][T12244] ? do_syscall_64+0xb6/0x230 [ 297.808639][T12244] do_syscall_64+0xf3/0x230 [ 297.813134][T12244] ? clear_bhb_loop+0x35/0x90 [ 297.817808][T12244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.823713][T12244] RIP: 0033:0x7f56f937d15c [ 297.828126][T12244] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 297.847734][T12244] RSP: 002b:00007f56fa24d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 297.856148][T12244] RAX: ffffffffffffffda RBX: 00007f56f9535f80 RCX: 00007f56f937d15c [ 297.864120][T12244] RDX: 000000000000000f RSI: 00007f56fa24d0a0 RDI: 0000000000000004 [ 297.872092][T12244] RBP: 00007f56fa24d090 R08: 0000000000000000 R09: 0000000000000000 [ 297.880058][T12244] R10: 0000000020000d80 R11: 0000000000000246 R12: 0000000000000001 [ 297.888025][T12244] R13: 0000000000000000 R14: 00007f56f9535f80 R15: 00007ffdc15749b8 [ 297.896008][T12244] [ 297.933193][T12003] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 298.916768][ T5858] Bluetooth: hci4: command 0x0406 tx timeout [ 300.145509][T12272] netlink: 'syz.0.2048': attribute type 1 has an invalid length. [ 300.154145][T12272] workqueue: Failed to create a rescuer kthread for wq "bond17": -EINTR [ 300.197787][T12279] netlink: 'syz.3.2049': attribute type 1 has an invalid length. [ 300.228941][T12279] workqueue: Failed to create a rescuer kthread for wq "bond20": -EINTR [ 300.230622][T12280] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2049'. [ 300.301985][T12003] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 300.406762][T12003] veth0_vlan: entered promiscuous mode [ 300.452797][T12003] veth1_vlan: entered promiscuous mode [ 300.549449][T12003] veth0_macvtap: entered promiscuous mode [ 300.562446][T12297] netlink: 'syz.4.2056': attribute type 4 has an invalid length. [ 300.577063][T12295] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2054'. [ 300.596926][T12003] veth1_macvtap: entered promiscuous mode [ 300.626836][T12003] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 300.670464][T12003] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 300.706227][T12003] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.744605][T12003] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.777892][T12003] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.791227][T12003] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 300.829950][T12312] tipc: Enabling of bearer rejected, failed to enable media [ 300.882064][T12312] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2060'. [ 303.163944][T12328] lo speed is unknown, defaulting to 1000 [ 303.180780][T12332] netlink: 'syz.1.2065': attribute type 4 has an invalid length. [ 303.248465][T12341] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2068'. [ 303.257576][T12341] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2068'. [ 303.350182][ T6055] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 303.368695][ T6055] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 303.424718][T12349] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2070'. [ 303.436246][T12350] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2071'. [ 303.490919][T12350] bridge4: entered promiscuous mode [ 303.496333][T12350] bridge4: entered allmulticast mode [ 303.507240][ T6056] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 303.513764][T12352] IPVS: set_ctl: invalid protocol: 58 100.1.1.1:20000 [ 303.515238][ T6056] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 303.605235][T12354] netlink: 'syz.0.2073': attribute type 1 has an invalid length. [ 303.657150][T12354] bond17: (slave veth57): Enslaving as a backup interface with a down link [ 303.682152][T12354] bond17: (slave veth59): Enslaving as a backup interface with a down link [ 304.146223][ T6053] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.238897][ T6053] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.311320][ T6053] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.812001][ T6053] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.915886][ T6053] bridge_slave_1: left allmulticast mode [ 304.922017][ T6053] bridge_slave_1: left promiscuous mode [ 304.927676][ T6053] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.936112][ T6053] bridge_slave_0: left allmulticast mode [ 304.942147][ T6053] bridge_slave_0: left promiscuous mode [ 304.947797][ T6053] bridge0: port 1(bridge_slave_0) entered disabled state [ 305.265047][T12388] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2082'. [ 305.447724][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 305.457493][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 305.472374][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 305.533481][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 305.546179][ T5858] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 305.553973][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 305.598942][ T6053] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 305.612632][ T6053] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 305.623708][ T6053] bond0 (unregistering): Released all slaves [ 305.634318][T12383] dvmrp0: left allmulticast mode [ 305.704084][T12391] mac80211_hwsim hwsim6 syzkaller0: left promiscuous mode [ 305.712046][T12391] mac80211_hwsim hwsim6 syzkaller0: left allmulticast mode [ 305.719880][T12384] netlink: 'syz.4.2081': attribute type 1 has an invalid length. [ 305.735283][T12399] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2084'. [ 305.744394][T12399] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2084'. [ 305.854676][T12396] lo speed is unknown, defaulting to 1000 [ 305.978769][T12403] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2086'. [ 306.006370][T12407] netlink: 'syz.4.2088': attribute type 1 has an invalid length. [ 306.064729][ T6053] hsr_slave_0: left promiscuous mode [ 306.072309][ T6053] hsr_slave_1: left promiscuous mode [ 306.079830][ T6053] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 306.087338][ T6053] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 306.096677][ T6053] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 306.104226][ T6053] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 306.132275][ T6053] veth1_macvtap: left promiscuous mode [ 306.137778][ T6053] veth0_macvtap: left promiscuous mode [ 306.146414][ T6053] veth1_vlan: left promiscuous mode [ 306.156480][ T6053] veth0_vlan: left promiscuous mode [ 306.656704][ T6053] team0 (unregistering): Port device team_slave_1 removed [ 306.708343][ T6053] team0 (unregistering): Port device team_slave_0 removed [ 306.998725][T12419] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input8 [ 307.289290][T12403] netlink: 'syz.0.2086': attribute type 2 has an invalid length. [ 307.352297][T12407] bond22: (slave veth47): Enslaving as a backup interface with a down link [ 307.622131][T12396] chnl_net:caif_netlink_parms(): no params data found [ 307.629743][ T5858] Bluetooth: hci2: command tx timeout [ 307.692653][T12437] vlan3: entered allmulticast mode [ 307.709588][T12437] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode [ 307.727554][T12440] tipc: Failed to remove unknown binding: 66,1,1/257:3728279564/3728279566 [ 307.738400][T12440] tipc: Failed to remove unknown binding: 66,1,1/257:3728279564/3728279566 [ 307.747506][T12437] mac80211_hwsim hwsim7 wlan1: left allmulticast mode [ 308.341848][ C1] bridge0: port 1(ip6gretap0) entered learning state [ 309.698063][ T5858] Bluetooth: hci2: command tx timeout [ 309.711590][T12454] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present [ 309.721603][T12454] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1) [ 309.872475][T12396] bridge0: port 1(bridge_slave_0) entered blocking state [ 309.887800][T12396] bridge0: port 1(bridge_slave_0) entered disabled state [ 309.897814][T12396] bridge_slave_0: entered allmulticast mode [ 309.905703][T12396] bridge_slave_0: entered promiscuous mode [ 309.920879][T12463] netlink: 'syz.1.2103': attribute type 1 has an invalid length. [ 309.966859][T12396] bridge0: port 2(bridge_slave_1) entered blocking state [ 309.992389][T12396] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.008546][T12396] bridge_slave_1: entered allmulticast mode [ 310.015294][T12396] bridge_slave_1: entered promiscuous mode [ 310.023992][T12472] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2106'. [ 310.050396][T12463] bond28: (slave veth71): Enslaving as a backup interface with a down link [ 310.059747][T12475] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2106'. [ 310.073549][T12473] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2104'. [ 310.133087][T12467] netlink: 'syz.0.2104': attribute type 2 has an invalid length. [ 310.170824][T12396] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 310.201298][T12481] xt_NFQUEUE: number of total queues is 0 [ 310.216965][T12396] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 310.312029][T12396] team0: Port device team_slave_0 added [ 310.342859][T12396] team0: Port device team_slave_1 added [ 310.419901][T12396] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 310.438499][T12396] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 310.465166][T12396] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 310.515840][T12486] netlink: 'syz.0.2111': attribute type 1 has an invalid length. [ 310.564853][T12396] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 310.584379][T12396] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 310.612370][T12396] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 311.789675][ T5858] Bluetooth: hci2: command tx timeout [ 312.412404][T12496] bond18: (slave veth61): Enslaving as a backup interface with a down link [ 312.527037][T12519] netlink: 'syz.0.2119': attribute type 1 has an invalid length. [ 312.545266][T12511] netlink: 'syz.1.2118': attribute type 1 has an invalid length. [ 312.555905][T12511] workqueue: Failed to create a rescuer kthread for wq "bond29": -EINTR [ 312.621297][T12520] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2121'. [ 312.678584][T12396] hsr_slave_0: entered promiscuous mode [ 312.688641][T12396] hsr_slave_1: entered promiscuous mode [ 312.696256][T12520] netlink: 'syz.4.2121': attribute type 2 has an invalid length. [ 313.241059][T12552] xt_TCPMSS: Only works on TCP SYN packets [ 313.258799][T12552] IPVS: set_ctl: invalid protocol: 92 127.0.0.1:20003 [ 313.429591][T12558] dvmrp5: entered allmulticast mode [ 313.438515][T12558] dvmrp0: left allmulticast mode [ 313.443558][T12558] dvmrp5: left allmulticast mode [ 313.586383][T12396] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 313.602637][T12396] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 313.628846][T12396] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 313.651087][T12396] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 313.672892][T12561] netlink: 'syz.1.2133': attribute type 1 has an invalid length. [ 313.748621][T12561] bond29: (slave veth73): Enslaving as a backup interface with a down link [ 313.827058][T12561] bond29: (slave veth75): Enslaving as a backup interface with a down link [ 313.835928][T12548] syz.0.2129 (12548) used greatest stack depth: 17648 bytes left [ 313.858301][ T5858] Bluetooth: hci2: command tx timeout [ 313.895610][T12564] vxcan0: entered promiscuous mode [ 313.929614][T12564] vlan3: entered promiscuous mode [ 313.950516][T12564] vxcan0: left promiscuous mode [ 313.999565][T12569] netlink: 'syz.0.2137': attribute type 10 has an invalid length. [ 314.009369][T12571] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2136'. [ 314.172657][T12396] 8021q: adding VLAN 0 to HW filter on device bond0 [ 314.205390][T12584] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2141'. [ 314.253977][T12581] netlink: 'syz.0.2140': attribute type 1 has an invalid length. [ 314.288868][T12578] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2139'. [ 314.343564][T12396] 8021q: adding VLAN 0 to HW filter on device team0 [ 314.415881][T12588] bond19: (slave veth63): Enslaving as a backup interface with a down link [ 314.751231][ C0] bridge0: port 2(vlan4) entered learning state [ 316.277447][T12595] netlink: 'syz.4.2144': attribute type 4 has an invalid length. [ 316.301094][ T6047] bridge0: port 1(bridge_slave_0) entered blocking state [ 316.308254][ T6047] bridge0: port 1(bridge_slave_0) entered forwarding state [ 316.338159][T12606] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2146'. [ 316.363157][ T6053] bridge0: port 2(bridge_slave_1) entered blocking state [ 316.370331][ T6053] bridge0: port 2(bridge_slave_1) entered forwarding state [ 316.495257][T12396] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 316.653447][T12622] vlan3: entered promiscuous mode [ 316.756205][T12630] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2153'. [ 316.789738][T12630] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2153'. [ 316.802256][T12627] lo speed is unknown, defaulting to 1000 [ 316.846487][T12625] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2153'. [ 316.850753][T12396] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 316.883512][T12634] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2154'. [ 317.052154][T12396] veth0_vlan: entered promiscuous mode [ 317.086962][T12640] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2155'. [ 317.120240][T12396] veth1_vlan: entered promiscuous mode [ 317.231670][T12396] veth0_macvtap: entered promiscuous mode [ 317.255005][T12396] veth1_macvtap: entered promiscuous mode [ 317.294975][T12396] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 317.332559][T12396] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 317.359511][T12396] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.379893][T12396] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.393019][T12396] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.402003][T12396] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.947203][T12655] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input9 [ 319.896639][ T6056] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 319.913682][ T6056] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 319.995511][ T6056] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 320.013374][ T6056] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 320.046707][T12672] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2166'. [ 320.066311][T12671] netlink: 172 bytes leftover after parsing attributes in process `syz.4.2167'. [ 320.079286][T12671] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2167'. [ 320.262108][T12656] ================================================================== [ 320.270195][T12656] BUG: KASAN: slab-use-after-free in __mutex_lock+0x6c0/0xd70 [ 320.277662][T12656] Read of size 8 at addr ffff88805b5b8060 by task khidpd_0007fff9/12656 [ 320.285997][T12656] [ 320.288324][T12656] CPU: 0 UID: 0 PID: 12656 Comm: khidpd_0007fff9 Not tainted 6.12.0-rc5-syzkaller-01187-ga84e8c05f583 #0 [ 320.299527][T12656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 320.309590][T12656] Call Trace: [ 320.312881][T12656] [ 320.315821][T12656] dump_stack_lvl+0x241/0x360 [ 320.320521][T12656] ? __pfx_dump_stack_lvl+0x10/0x10 [ 320.325752][T12656] ? __pfx__printk+0x10/0x10 [ 320.330346][T12656] ? _printk+0xd5/0x120 [ 320.334515][T12656] ? __virt_addr_valid+0x183/0x530 [ 320.339637][T12656] ? __virt_addr_valid+0x183/0x530 [ 320.344761][T12656] print_report+0x169/0x550 [ 320.349279][T12656] ? __virt_addr_valid+0x183/0x530 [ 320.354383][T12656] ? __virt_addr_valid+0x183/0x530 [ 320.359488][T12656] ? __virt_addr_valid+0x45f/0x530 [ 320.364593][T12656] ? __phys_addr+0xba/0x170 [ 320.369089][T12656] ? __mutex_lock+0x6c0/0xd70 [ 320.373758][T12656] kasan_report+0x143/0x180 [ 320.378253][T12656] ? __mutex_lock+0x6c0/0xd70 [ 320.382926][T12656] __mutex_lock+0x6c0/0xd70 [ 320.387420][T12656] ? __mutex_lock+0x52a/0xd70 [ 320.392088][T12656] ? l2cap_unregister_user+0x6a/0x1c0 [ 320.397455][T12656] ? __pfx___mutex_lock+0x10/0x10 [ 320.402472][T12656] ? __pfx___timer_delete_sync+0x10/0x10 [ 320.408118][T12656] l2cap_unregister_user+0x6a/0x1c0 [ 320.413334][T12656] hidp_session_thread+0x450/0x490 [ 320.418440][T12656] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 320.424326][T12656] ? __pfx_hidp_session_thread+0x10/0x10 [ 320.429950][T12656] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 320.435835][T12656] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 320.442067][T12656] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 320.448325][T12656] ? __kthread_parkme+0x169/0x1d0 [ 320.453344][T12656] ? __pfx_hidp_session_thread+0x10/0x10 [ 320.458966][T12656] kthread+0x2f0/0x390 [ 320.463025][T12656] ? __pfx_hidp_session_thread+0x10/0x10 [ 320.468651][T12656] ? __pfx_kthread+0x10/0x10 [ 320.473228][T12656] ret_from_fork+0x4b/0x80 [ 320.477640][T12656] ? __pfx_kthread+0x10/0x10 [ 320.482219][T12656] ret_from_fork_asm+0x1a/0x30 [ 320.486986][T12656] [ 320.489993][T12656] [ 320.492304][T12656] Allocated by task 12396: [ 320.496699][T12656] kasan_save_track+0x3f/0x80 [ 320.501366][T12656] __kasan_kmalloc+0x98/0xb0 [ 320.505944][T12656] __kmalloc_noprof+0x1fc/0x400 [ 320.510782][T12656] hci_alloc_dev_priv+0x27/0x2030 [ 320.515791][T12656] vhci_create_device+0x116/0x6a0 [ 320.520802][T12656] vhci_write+0x3cf/0x490 [ 320.525116][T12656] vfs_write+0xaeb/0xd30 [ 320.529350][T12656] ksys_write+0x183/0x2b0 [ 320.533673][T12656] do_syscall_64+0xf3/0x230 [ 320.538162][T12656] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.544051][T12656] [ 320.546357][T12656] Freed by task 12396: [ 320.550405][T12656] kasan_save_track+0x3f/0x80 [ 320.555075][T12656] kasan_save_free_info+0x40/0x50 [ 320.560088][T12656] __kasan_slab_free+0x59/0x70 [ 320.564838][T12656] kfree+0x1a0/0x440 [ 320.568722][T12656] hci_release_dev+0x1525/0x16b0 [ 320.573647][T12656] bt_host_release+0x83/0x90 [ 320.578225][T12656] device_release+0x99/0x1c0 [ 320.582806][T12656] kobject_put+0x22f/0x480 [ 320.587213][T12656] vhci_release+0x88/0xd0 [ 320.591561][T12656] __fput+0x23f/0x880 [ 320.595555][T12656] task_work_run+0x24f/0x310 [ 320.600133][T12656] do_exit+0xa2f/0x28e0 [ 320.604271][T12656] do_group_exit+0x207/0x2c0 [ 320.608845][T12656] __x64_sys_exit_group+0x3f/0x40 [ 320.613860][T12656] x64_sys_call+0x2634/0x2640 [ 320.618531][T12656] do_syscall_64+0xf3/0x230 [ 320.623021][T12656] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.628903][T12656] [ 320.631215][T12656] Last potentially related work creation: [ 320.636913][T12656] kasan_save_stack+0x3f/0x60 [ 320.641596][T12656] __kasan_record_aux_stack+0xac/0xc0 [ 320.646958][T12656] insert_work+0x3e/0x330 [ 320.651278][T12656] __queue_work+0xb66/0xf50 [ 320.655771][T12656] queue_work_on+0x1c2/0x380 [ 320.660353][T12656] process_scheduled_works+0xa63/0x1850 [ 320.665890][T12656] worker_thread+0x870/0xd30 [ 320.670474][T12656] kthread+0x2f0/0x390 [ 320.674528][T12656] ret_from_fork+0x4b/0x80 [ 320.678935][T12656] ret_from_fork_asm+0x1a/0x30 [ 320.683692][T12656] [ 320.685999][T12656] Second to last potentially related work creation: [ 320.692570][T12656] kasan_save_stack+0x3f/0x60 [ 320.697238][T12656] __kasan_record_aux_stack+0xac/0xc0 [ 320.702598][T12656] insert_work+0x3e/0x330 [ 320.706916][T12656] __queue_work+0xc8b/0xf50 [ 320.711408][T12656] call_timer_fn+0x18e/0x650 [ 320.715986][T12656] __run_timer_base+0x695/0x8e0 [ 320.720827][T12656] run_timer_softirq+0xb7/0x170 [ 320.725667][T12656] handle_softirqs+0x2c5/0x980 [ 320.730419][T12656] __irq_exit_rcu+0xf4/0x1c0 [ 320.734997][T12656] irq_exit_rcu+0x9/0x30 [ 320.739235][T12656] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 320.744861][T12656] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 320.750836][T12656] [ 320.753146][T12656] The buggy address belongs to the object at ffff88805b5b8000 [ 320.753146][T12656] which belongs to the cache kmalloc-8k of size 8192 [ 320.767184][T12656] The buggy address is located 96 bytes inside of [ 320.767184][T12656] freed 8192-byte region [ffff88805b5b8000, ffff88805b5ba000) [ 320.780979][T12656] [ 320.783292][T12656] The buggy address belongs to the physical page: [ 320.789697][T12656] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5b5b8 [ 320.798447][T12656] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 320.806932][T12656] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 320.814464][T12656] page_type: f5(slab) [ 320.818437][T12656] raw: 00fff00000000040 ffff88801ac42280 dead000000000122 0000000000000000 [ 320.827008][T12656] raw: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000 [ 320.835608][T12656] head: 00fff00000000040 ffff88801ac42280 dead000000000122 0000000000000000 [ 320.844270][T12656] head: 0000000000000000 0000000000020002 00000001f5000000 0000000000000000 [ 320.852928][T12656] head: 00fff00000000003 ffffea00016d6e01 ffffffffffffffff 0000000000000000 [ 320.861589][T12656] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 320.870260][T12656] page dumped because: kasan: bad access detected [ 320.876664][T12656] page_owner tracks the page as allocated [ 320.882361][T12656] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 12396, tgid 12396 (syz-executor), ts 305436769346, free_ts 299763766735 [ 320.905824][T12656] post_alloc_hook+0x1f3/0x230 [ 320.910591][T12656] get_page_from_freelist+0x303f/0x3190 [ 320.916121][T12656] __alloc_pages_noprof+0x292/0x710 [ 320.921309][T12656] alloc_pages_mpol_noprof+0x3e8/0x680 [ 320.926759][T12656] alloc_slab_page+0x6a/0x120 [ 320.931429][T12656] allocate_slab+0x5a/0x2f0 [ 320.935919][T12656] ___slab_alloc+0xcd1/0x14b0 [ 320.940587][T12656] __slab_alloc+0x58/0xa0 [ 320.944905][T12656] __kmalloc_noprof+0x25a/0x400 [ 320.949747][T12656] hci_alloc_dev_priv+0x27/0x2030 [ 320.954756][T12656] vhci_create_device+0x116/0x6a0 [ 320.959767][T12656] vhci_write+0x3cf/0x490 [ 320.964085][T12656] vfs_write+0xaeb/0xd30 [ 320.968322][T12656] ksys_write+0x183/0x2b0 [ 320.972636][T12656] do_syscall_64+0xf3/0x230 [ 320.977124][T12656] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.983009][T12656] page last free pid 12278 tgid 12278 stack trace: [ 320.989496][T12656] free_unref_page+0xcfb/0xf20 [ 320.994255][T12656] __put_partials+0xeb/0x130 [ 320.998839][T12656] put_cpu_partial+0x17c/0x250 [ 321.003597][T12656] __slab_free+0x2ea/0x3d0 [ 321.008004][T12656] qlist_free_all+0x9a/0x140 [ 321.012585][T12656] kasan_quarantine_reduce+0x14f/0x170 [ 321.018040][T12656] __kasan_slab_alloc+0x23/0x80 [ 321.022885][T12656] kmem_cache_alloc_noprof+0x135/0x2a0 [ 321.028341][T12656] taskstats_exit+0x360/0xa60 [ 321.033007][T12656] do_exit+0x9ad/0x28e0 [ 321.037155][T12656] do_group_exit+0x207/0x2c0 [ 321.041746][T12656] __x64_sys_exit_group+0x3f/0x40 [ 321.046760][T12656] x64_sys_call+0x2634/0x2640 [ 321.051519][T12656] do_syscall_64+0xf3/0x230 [ 321.056016][T12656] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.061908][T12656] [ 321.064246][T12656] Memory state around the buggy address: [ 321.069874][T12656] ffff88805b5b7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 321.077931][T12656] ffff88805b5b7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 321.085984][T12656] >ffff88805b5b8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 321.094035][T12656] ^ [ 321.101219][T12656] ffff88805b5b8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 321.109268][T12656] ffff88805b5b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 321.117320][T12656] ================================================================== [ 321.127055][T12656] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 321.134277][T12656] CPU: 0 UID: 0 PID: 12656 Comm: khidpd_0007fff9 Not tainted 6.12.0-rc5-syzkaller-01187-ga84e8c05f583 #0 [ 321.145478][T12656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 321.155547][T12656] Call Trace: [ 321.158835][T12656] [ 321.161772][T12656] dump_stack_lvl+0x241/0x360 [ 321.166463][T12656] ? __pfx_dump_stack_lvl+0x10/0x10 [ 321.171673][T12656] ? __pfx__printk+0x10/0x10 [ 321.176292][T12656] ? vscnprintf+0x5d/0x90 [ 321.180645][T12656] panic+0x349/0x880 [ 321.184563][T12656] ? check_panic_on_warn+0x21/0xb0 [ 321.189693][T12656] ? __pfx_panic+0x10/0x10 [ 321.194124][T12656] ? mark_lock+0x9a/0x360 [ 321.198469][T12656] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 321.204384][T12656] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 321.210307][T12656] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 321.216657][T12656] ? print_report+0x502/0x550 [ 321.221353][T12656] check_panic_on_warn+0x86/0xb0 [ 321.226309][T12656] ? __mutex_lock+0x6c0/0xd70 [ 321.230996][T12656] end_report+0x77/0x160 [ 321.235251][T12656] kasan_report+0x154/0x180 [ 321.239765][T12656] ? __mutex_lock+0x6c0/0xd70 [ 321.244453][T12656] __mutex_lock+0x6c0/0xd70 [ 321.248973][T12656] ? __mutex_lock+0x52a/0xd70 [ 321.253664][T12656] ? l2cap_unregister_user+0x6a/0x1c0 [ 321.259053][T12656] ? __pfx___mutex_lock+0x10/0x10 [ 321.264101][T12656] ? __pfx___timer_delete_sync+0x10/0x10 [ 321.269751][T12656] l2cap_unregister_user+0x6a/0x1c0 [ 321.274964][T12656] hidp_session_thread+0x450/0x490 [ 321.280088][T12656] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 321.286006][T12656] ? __pfx_hidp_session_thread+0x10/0x10 [ 321.291655][T12656] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 321.297561][T12656] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 321.303814][T12656] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 321.310074][T12656] ? __kthread_parkme+0x169/0x1d0 [ 321.315109][T12656] ? __pfx_hidp_session_thread+0x10/0x10 [ 321.320759][T12656] kthread+0x2f0/0x390 [ 321.324835][T12656] ? __pfx_hidp_session_thread+0x10/0x10 [ 321.330477][T12656] ? __pfx_kthread+0x10/0x10 [ 321.335077][T12656] ret_from_fork+0x4b/0x80 [ 321.339507][T12656] ? __pfx_kthread+0x10/0x10 [ 321.344106][T12656] ret_from_fork_asm+0x1a/0x30 [ 321.348896][T12656] [ 321.352197][T12656] Kernel Offset: disabled [ 321.356509][T12656] Rebooting in 86400 seconds..