last executing test programs: 1m1.416388843s ago: executing program 1 (id=303): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x15, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x20040080) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xe, 0x9}, {0x5}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_flow={{0x9}, {0x40, 0x2, [@TCA_FLOW_EMATCHES={0x3c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x312a}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x2c, 0x1, 0x0, 0x0, {{0x8, 0x9, 0x69e1}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x4}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x3}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_DATA={0x4}]}}]}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x8}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 47.574889738s ago: executing program 1 (id=303): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x15, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x20040080) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xe, 0x9}, {0x5}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_flow={{0x9}, {0x40, 0x2, [@TCA_FLOW_EMATCHES={0x3c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x312a}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x2c, 0x1, 0x0, 0x0, {{0x8, 0x9, 0x69e1}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x4}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x3}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_DATA={0x4}]}}]}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x8}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 45.839805929s ago: executing program 1 (id=303): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x15, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x20040080) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xe, 0x9}, {0x5}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_flow={{0x9}, {0x40, 0x2, [@TCA_FLOW_EMATCHES={0x3c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x312a}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x2c, 0x1, 0x0, 0x0, {{0x8, 0x9, 0x69e1}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x4}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x3}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_DATA={0x4}]}}]}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x8}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 36.723989931s ago: executing program 1 (id=303): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x15, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x20040080) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xe, 0x9}, {0x5}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_flow={{0x9}, {0x40, 0x2, [@TCA_FLOW_EMATCHES={0x3c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x312a}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x2c, 0x1, 0x0, 0x0, {{0x8, 0x9, 0x69e1}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x4}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x3}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_DATA={0x4}]}}]}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x8}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 25.522216291s ago: executing program 3 (id=1047): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[], 0x1c}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001", @ANYRESDEC=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r0], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x68}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYRES64=0x0, @ANYRES8=r0, @ANYBLOB="040100050000000000000000000000e400000000", @ANYRES64=r2], 0x104}}, 0x20044000) 25.416864683s ago: executing program 3 (id=1049): r0 = socket(0x40000000015, 0x5, 0x0) pipe(&(0x7f0000001540)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x8031, 0xffffffffffffffff, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt(r3, 0xff, 0x1, 0x0, &(0x7f0000000040)=0xfffffffffffffe85) listen(r2, 0x0) splice(r2, 0x0, r1, 0x0, 0x406f413, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) r4 = socket$kcm(0xf, 0x3, 0x2) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x61, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10) sendmsg$inet(r4, &(0x7f0000003780)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="020a000302000000e4a17c45c8d260c9", 0x10}], 0x1}, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x0, @remote}, 0x10) sendmsg$rds(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000100)=[@zcopy_cookie={0x18}], 0x18}, 0x4000000) 25.184182841s ago: executing program 1 (id=303): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x15, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x20040080) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xe, 0x9}, {0x5}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_flow={{0x9}, {0x40, 0x2, [@TCA_FLOW_EMATCHES={0x3c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x312a}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x2c, 0x1, 0x0, 0x0, {{0x8, 0x9, 0x69e1}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x4}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x3}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_DATA={0x4}]}}]}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x8}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 23.817950838s ago: executing program 3 (id=1056): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000180)={@cgroup=r2, r3, 0x2, 0x0, 0x0, @void, @value}, 0x20) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2, 0x2, 0x0, @void, @value}, 0x10) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@cgroup=r4, 0x2, 0x1, 0x0, &(0x7f00000002c0)=[0x0, 0x0], 0x2, 0x0, 0x0, 0x0, 0x0}, 0x40) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x215}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x3c}, 0x1, 0xba01}, 0x0) 22.179663993s ago: executing program 3 (id=1058): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000c80)=@bpf_lsm={0x6, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000580000000000000000000008c31800000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 22.094086169s ago: executing program 3 (id=1060): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000600)=ANY=[@ANYBLOB="1802"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e1f, @remote}, 0x10) r1 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r1, 0x29, 0xd0, &(0x7f0000000180)=0x2f14ae094adfaae1, 0x4) sendmsg$tipc(r1, &(0x7f0000000540)={&(0x7f0000000180)=@name={0x1e, 0x2, 0x2, {{0x41}, 0x2}}, 0x10, &(0x7f0000000280)=[{&(0x7f0000000480)}], 0x1, &(0x7f0000000500)="e798976b99bbca4c6d", 0x9, 0x81}, 0x40000) setsockopt$sock_linger(r0, 0x1, 0x3d, &(0x7f0000000080), 0x8) sendmmsg$sock(r0, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@txtime={{0x18, 0x1, 0x3d, 0x5}}], 0x18}}], 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xa, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180500000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x102, 0x1108, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000002c0), 0xb}, 0x38) r3 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x10, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x28}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000040)) sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r5, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28e) r8 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000480)={r6, r2}, 0xc) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYRESHEX=r3, @ANYRES8=r5, @ANYBLOB="01980000000000001800128008000100677265000c00028008000700ffffffff94df305f7e9e823d1eab1f5a2cd7df3c0d75d3801a968235a60d0688b9caa8344c7a2e6e254cc257152e502ddf6ebaa7e4383f6eb294421858c184bd421788e458fc079c2f6e4136933165494b99792d5aec3d1111d161eae80f6254c4acdb9c81f21980b7340faed5fd31c4d2ff91ec9cb4be56bc522c5911c3733b86dba06f29f2a43e06e6209066bdd78dda466deee391709499ce6e9c664596c2afd35bde694bf6c6a151f074e62c172dda8457b3f1160334782b2012000000"], 0x38}}, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r5) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071121d000000000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r5) r10 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)={0x34, r12, 0x1, 0xfffffffe, 0xffffffff, {{0x2}, {@val={0x8, 0x3, r11}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16e9}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x5}]]}, 0x34}}, 0x0) sendmsg$NL80211_CMD_DEL_MPATH(r5, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="827f", @ANYRES32=r11, @ANYBLOB="0c009900010400001b0000000a00060008021100000100000a0006000802110000000000"], 0x40}, 0x1, 0x0, 0x0, 0x94}, 0x40) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000002980)=ANY=[@ANYBLOB="5c00000010003904000000400004004000000000", @ANYRES32=r7, @ANYBLOB="00000000000000003c0012800800010067726500300002800400120005000a000100000005000a00000000000800070064"], 0x5c}}, 0x0) 11.310254233s ago: executing program 4 (id=1111): socket$inet_tcp(0x2, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f0000000040)=@req={0x28, &(0x7f0000000000)={'dvmrp0\x00', @ifru_map={0xffff, 0x4, 0x2, 0xb, 0x1, 0xe5}}}) close(0x4) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, &(0x7f0000001d80), &(0x7f0000000280)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000300), 0x0}, 0x20) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c00000010000104000000000000000000002000", @ANYRES32=0x0, @ANYBLOB="03000000000000002c0012800c0001006d6163766c616e001c000280080001000800000006ef0200010000001ffe02000000000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES16], 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0xc010) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) connect$bt_l2cap(r4, 0x0, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000f40)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf2000000000000007000000080000002d0301000000000095000000000000007126000000000000bf670000000000005601000000ff07ad6706000002000000070300000ee60000bf250000000000002d350000000000006507000002000000070700004c0000001f75000000000000bf54000000000000160400000400f9ffad3001000000000084000000000000004500000001f0ffff95000000000000006e8ad524a56600a5585b7351ca1136aef2e9407e5c2501d11900db85604036883647b1003f1403b816f511c8c56e56e40b01005505f8a89dae4293b10f3631b25fc9f189084c7fddccff01361d355f6cce8ec2abcdf1bc9040daef2cfa2046e2091e269f4734ffa55eb2d4e8de20b38c8808b365b46bd54c68cd30139a8c3827a7dd6d6e2b5fea3906f8456b0000000000ff07efffffff0047018ae79db613d2aec070f718ab629b4975320dd7a7da532281fd22c7b835005bf52715396669836db6000000005b4f0591ee7c8cd263dd172b28d01c4d8ddaf2cdad3d1a74a2f078aa6402483856a6e495408d0b33047f06aec2cc590df28efc7dbec6857db922195a271af103f03e1155197e067b2ebf4e2dae06e394c9639564f000fc3cdd05a157544d0200000000000000ee48f5287123a0d246c0c4c00fe979dbc09ed4db22d7172adc6ae8faa5f9ad188e07000000000000008d88a0b4684559d46cae41db1b914e93f1f88e80ef80c6ed3e1ff91ff111000000000000000000e33de432e488ad0e724c2d14a1e770e116984a5700afb8a1f3d47277ef0e33e7e00ec5f74e10937ba0e321346977b7d1b18013f509675b5b0f352e30dffda780055c301f4fc7d5a76475ace6b128b02bfd71023daffdf748a6bd356fcbacec96373d1101000736ac0bbcb5f4836bddfe8bf46308000000ade9e59fcf271bb98bd0b8b5216b858b414c31682f9f3db2e4d8e5898e445fe55ac56c0ddd932d838ff651023853d42210642986f8bbc7340bc8393f774318c9fc9b05788de2c6e601b50777e8dff581de1d5ae3d801ead7eba31126e2172fa1eadf5f3bec81004d00000000c8e4692e051c731f9ac766b7fd66278d40f0760f23e8c7d1f47cd8e02504e85e152955ad8acd989c0b2eea71414f533f5685c3904bfe1d0011ffc1ba5398f3d68124674478186edd036f15bf847c33f79e1a0ad3d2b5080ecb01420c9f1b534e969fce97ffff07000009000000bfe0ed7c5853a665c0805752dca0e571d75cac5a5d8e4f6e05055b6dec5a9a5696f053a92d81fd9e5f2b9dbbe24f38e745b5a95d45003d0600e413dc623f3e6b096c8b0ad7438c6631388892c55b0671140afbfb83bba415f729fea4c8a8a86189dceedad84cdd17c46bdd847a1f4b0facd3744f5bbb06abb319204fca4bcd4297fe7b4cee75abf43e14fe861224799c0f12702964fc890a176fdafa2c9387280b5693c000c0304cece48642649375dae0b7979b229f708a97349e96e783af9a23cd3980a2c29d3d62875e5319cd51bdd224878a0b25edf0e83c930633bd9a823e28f359608ea326c77a1aa17318f392a0ec6c188916f4149c503027feccfd68ec8278a90252693fb133c4615801077e1d75420017c03990b855fe481a20b4919bb11c6d737b6545ef140a0fc339bb53953662f1454f9852e7c4e17eb8e68f076c659f56d6c7f97a94d604f45cfe88b30c170000000001000000ef931f137967de563c29d81aacb3d48226a4e4b6670900000000000000fa68bff3693afc44db223f0400000000000000d23b48bb38b31a14ffcddd92c38f6b6d86a0e56d47a82bad5d2a6dce4c4d353261260c9d7a6bd9f2c872c4172a3d2ac80dfb718cc159e6423065624f1300007d6072f0cf120ad2ba519afdd43a14000000000000000000000000007ef2f3c58d045f0700000094069acbe333aebd10f2118fbfeda3fa5500d52cd5241588d2b68a332edfef6d701c8936a25d68b841f982511392cc0d3a78616f8ce0f2877d099258bf85866d0ee7f803fa50fd41ef62b028d12028a7b497d92f544523290f520b0d000000000000000000007758b1267669ded883b5867c5916a74843b784955108f750c57744c76a09629dd0aaca5cb0f14f49db80a1aa2692c18fbb31cbdb3f2e138e6d5ba3491fc3617b511f24bad26466407e39000000000080d7a1bf4624d31c13a6840f45a7f4e01a50d790132abb36915e35b1ac35bf3921357f635b2427847b8fe1e2123153ecd6d1f76820d4f8fa0b96b50c457ae8d5f2351cdb7bc8170380557bc11cf6ee3395974e37018a2a7473312cb32affb8ff72a253e0d36099e460f13694b9891af526d9608271838e83d17103887f34210dd4c0cf60dec608b4ca5ba2f3037bf381e7b5d5b27820000000000000000000000b719bd34f3244730f708fdd532640edc6b82dd4ad72ecbaccafef806f5447aba2246d56a601bbd8c24ba1e16dda3296ce10de6830"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000080)={0x3, 0x200, 0x7, 0xf, 0x0}, &(0x7f00000000c0)=0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000000680000000000000ffdbdf008000000000020000001e000008ef1d0001000000"], 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x0) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000200)={r5, 0xfffffffb}, &(0x7f0000000240)=0x8) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x80002, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) 10.799970293s ago: executing program 4 (id=1116): unshare(0x400) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) connect$unix(r0, 0x0, 0x0) 10.596588786s ago: executing program 4 (id=1118): socket$can_raw(0x1d, 0x3, 0x1) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$kcm(0x10, 0x2, 0x0) (async, rerun: 32) bind$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x0, 0x2ddfdbff, 0x2ffffffff}, 0xc) (async, rerun: 32) r2 = socket$netlink(0x10, 0x3, 0x10) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c) (async) r4 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000040)={{{@in=@empty, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x4, 0x1, 0x0, 0x3, 0x4005, 0xfffffffffffffffc}, {}, 0x0, 0x0, 0x1, 0x0, 0x3}, {{@in6=@private2, 0x0, 0x32}, 0xa, @in=@local, 0x0, 0x4, 0x0, 0x0, 0x8}}, 0xe8) connect$inet6(r4, &(0x7f0000000280)={0xa, 0x9, 0x0, @mcast1}, 0x3d) (async) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x806000) socket(0x2a, 0x2, 0x0) (async) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r5}, 0x10) (async) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFC_CMD_GET_TARGET(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x4}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(0x0, r6) (async, rerun: 64) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) (rerun: 64) socketpair$tipc(0x1e, 0x5, 0x0, 0x0) (async) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) (async) ioctl$sock_SIOCADDDLCI(0xffffffffffffffff, 0x8980, &(0x7f0000000180)={'vcan0\x00', 0x689}) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4) (async) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfe1b) (async, rerun: 64) r7 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) sendmsg$nl_generic(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000002c00010026bd7000fedbdf250400"], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) (async, rerun: 64) sendmsg$kcm(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)}, 0x0) (rerun: 64) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) socket(0xf, 0x4, 0x2) 10.324650147s ago: executing program 4 (id=1120): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff0000000002"], 0x7c}}, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000380)=ANY=[@ANYRES32=r2, @ANYRES32=r3, @ANYBLOB="02"], 0x10) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000380)=ANY=[], 0x10) r4 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)={0x90, r4, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [{{0x8, 0x1, r5}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}]}, 0x90}, 0x1, 0x0, 0x0, 0x24004044}, 0x24040840) sendmsg$nl_crypto(r1, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000040)={&(0x7f0000000140)=@getstat={0xe0, 0x15, 0x800, 0x70bd26, 0x25dfdbfb, {{'drbg_pr_hmac_sha512\x00'}, '\x00', '\x00', 0x0, 0x2000}, [""]}, 0xe0}, 0x1, 0x0, 0x0, 0x20000000}, 0x4080) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x437, 0x800000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4048b}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GENEVE_UDP_ZERO_CSUM6_TX={0x5}, @IFLA_GENEVE_UDP_CSUM={0x5, 0x8, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x0) 10.053596894s ago: executing program 4 (id=1121): unshare(0x400) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="05000000050000000100000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x16, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000580)={{0x0, @broadcast, 0x4e22, 0x0, 'none\x00', 0x5c, 0x3, 0x9}, {@private=0xa010102, 0x4e22, 0x10000, 0x40, 0x200, 0xf}}, 0x44) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0xe, &(0x7f0000000000)=@raw=[@generic={0x0, 0x2, 0x8, 0x101, 0x5}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x10}, @cb_func={0x18, 0x1, 0x4, 0x0, 0x400}, @exit, @exit, @alu={0x4, 0x0, 0x1, 0x8, 0x5, 0x30, 0xffffffffffffffff}, @map_fd={0x18, 0x6, 0x1, 0x0, r0}, @jmp={0x5, 0x0, 0x4, 0xb, 0xa, 0xffffffffffffffff}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x4}], &(0x7f0000000580)='syzkaller\x00', 0xa, 0x5, &(0x7f0000000140)=""/5, 0x40f00, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x7, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[r0, r0, r0, r0, 0xffffffffffffffff, r0], 0x0, 0x10, 0xfffffffe, @void, @value}, 0xc3) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r4) connect$unix(r3, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000500)=@gcm_256={{0x303}, "125d89ea980434d1", "150bc50a728deaecb4af62493b0da4a9ba50134c8fdb2a4440d5cc5ddfbfde52", "8eab4310", "f7f5d61363ab30e2"}, 0x38) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) write$cgroup_int(r5, &(0x7f0000000000), 0xffffff6a) sendfile(r2, r5, 0x0, 0x9) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000000)=r5, 0x4) 9.837061021s ago: executing program 4 (id=1123): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) sendmmsg$unix(r1, &(0x7f00000014c0)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000200)='G', 0x1}], 0x1, 0x0, 0x0, 0x81}}], 0x1, 0x24004081) bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x15, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="b70000000000000007000000000000009500e200000000001e52865743569406"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000009000000dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359caa1af3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef682cc4375f594425d408ccc58187feb0e3d43347f989007a7c63f6dae2acb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259621818c3c75da31290bce645451b851111dd98ac4d8da9317c2c082020e0b2d634086785f3fe41a3053645cc413790faf7e229c782845b5bb774f7f154263178151ea93ff2cac4b181332c9c9a1c7d85616c8100000000000000d8300d19d585000000fc005774b56a7142047326f940e95b8489e1c5650f5c61299a295f39c88456391cffdef93e29f10f4a11f0cfbfc0ff976b20fef6033495b9b94777db9bb9b678ffc1130000009faa798226a080c01e47151268a02dc1a557cfdcf76305fbf6643df66b1b4d2d5e7bf698fc5a18d984ecb91e6683a5f522d536e2f3c43b89823659d1945258fc668950e5aacfffffffffffffff7f7a266c90e64efc8d8f730867202a9ee94e6a00"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0xf5010000, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x6d) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={r3, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f00000000c0)={0x2, &(0x7f0000000000)=[{0x60, 0x4, 0xfd}, {0x6, 0x3}]}) r4 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_buf(r4, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) getsockopt$inet6_opts(r4, 0x29, 0x3b, 0x0, &(0x7f0000000740)) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)) 9.139001456s ago: executing program 3 (id=1060): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000600)=ANY=[@ANYBLOB="1802"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e1f, @remote}, 0x10) r1 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r1, 0x29, 0xd0, &(0x7f0000000180)=0x2f14ae094adfaae1, 0x4) sendmsg$tipc(r1, &(0x7f0000000540)={&(0x7f0000000180)=@name={0x1e, 0x2, 0x2, {{0x41}, 0x2}}, 0x10, &(0x7f0000000280)=[{&(0x7f0000000480)}], 0x1, &(0x7f0000000500)="e798976b99bbca4c6d", 0x9, 0x81}, 0x40000) setsockopt$sock_linger(r0, 0x1, 0x3d, &(0x7f0000000080), 0x8) sendmmsg$sock(r0, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@txtime={{0x18, 0x1, 0x3d, 0x5}}], 0x18}}], 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xa, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180500000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x102, 0x1108, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000002c0), 0xb}, 0x38) r3 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x10, 0x4, &(0x7f0000000080)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x28}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000040)) sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r5, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28e) r8 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000480)={r6, r2}, 0xc) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYRESHEX=r3, @ANYRES8=r5, @ANYBLOB="01980000000000001800128008000100677265000c00028008000700ffffffff94df305f7e9e823d1eab1f5a2cd7df3c0d75d3801a968235a60d0688b9caa8344c7a2e6e254cc257152e502ddf6ebaa7e4383f6eb294421858c184bd421788e458fc079c2f6e4136933165494b99792d5aec3d1111d161eae80f6254c4acdb9c81f21980b7340faed5fd31c4d2ff91ec9cb4be56bc522c5911c3733b86dba06f29f2a43e06e6209066bdd78dda466deee391709499ce6e9c664596c2afd35bde694bf6c6a151f074e62c172dda8457b3f1160334782b2012000000"], 0x38}}, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r5) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071121d000000000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r5) r10 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)={0x34, r12, 0x1, 0xfffffffe, 0xffffffff, {{0x2}, {@val={0x8, 0x3, r11}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16e9}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x5}]]}, 0x34}}, 0x0) sendmsg$NL80211_CMD_DEL_MPATH(r5, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="827f", @ANYRES32=r11, @ANYBLOB="0c009900010400001b0000000a00060008021100000100000a0006000802110000000000"], 0x40}, 0x1, 0x0, 0x0, 0x94}, 0x40) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000002980)=ANY=[@ANYBLOB="5c00000010003904000000400004004000000000", @ANYRES32=r7, @ANYBLOB="00000000000000003c0012800800010067726500300002800400120005000a000100000005000a00000000000800070064"], 0x5c}}, 0x0) 8.810947222s ago: executing program 1 (id=303): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x15, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x20040080) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xe, 0x9}, {0x5}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_flow={{0x9}, {0x40, 0x2, [@TCA_FLOW_EMATCHES={0x3c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x312a}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x2c, 0x1, 0x0, 0x0, {{0x8, 0x9, 0x69e1}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x4}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x3}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_MATCH_DATA={0x4}]}}]}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x8}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.49784967s ago: executing program 0 (id=1157): unshare(0x60480) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x3a, 0x1, 0x0, 0x0) 2.401549833s ago: executing program 0 (id=1159): r0 = socket$kcm(0x23, 0x2, 0x0) sendmsg$sock(r0, 0x0, 0x0) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) (async, rerun: 32) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) (async, rerun: 32) r1 = socket$kcm(0x2b, 0x1, 0x0) sendmsg$inet(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x200048cc) r2 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000600)={0x2}) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000022780)=@newlink={0x40, 0x10, 0x49920d862a92153b, 0x70bd26, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x12900, 0x20610}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GTP_ROLE={0x8, 0x4, 0x2}, @IFLA_GTP_PDP_HASHSIZE={0x8, 0x3, 0xbc7}]}}}]}, 0x40}}, 0x0) (async) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)={0x64, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0xfffc}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5, 0x3, 0x1f}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x64}}, 0x0) (async) sendmsg$IPSET_CMD_ADD(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x2c, 0x9, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="fc000000190001000000000000000000ac1414bb000000000000000000000000ac1e000100000000000000000000000000000000000000000200000000000000bd625668c0461d2373d98cd8a5bac8c39adc2bf25d8ea99c8062eaadf3", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000007000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000044000800e0000001000000000000000000000000000004d22b00000000000000ff02000000000000000000000000000100"/180], 0xfc}}, 0x0) 2.320278427s ago: executing program 2 (id=1160): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x7, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4}, [@jmp={0x6, 0x0, 0xa, 0x0, 0x0, 0x2}, @generic={0x5, 0x0, 0x0, 0x2}, @jmp={0x5, 0x0, 0x2}, @jmp={0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x8}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000240)={0x2, &(0x7f0000000400)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x6, 0x0, 0x0, 0x6}]}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x7, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4}, [@jmp={0x6, 0x0, 0xa, 0x0, 0x0, 0x2}, @generic={0x5, 0x0, 0x0, 0x2}, @jmp={0x5, 0x0, 0x2}, @jmp={0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x8}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) socket$packet(0x11, 0x2, 0x300) (async) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000240)={0x2, &(0x7f0000000400)=[{0x28, 0x0, 0x0, 0xfffff024}, {0x6, 0x0, 0x0, 0x6}]}, 0x10) (async) 2.282469685s ago: executing program 0 (id=1161): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e21, 0xeb, @initdev={0xfe, 0x88, '\x00', 0x21, 0x0}, 0x5b56}, 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f0000000700), 0x0, 0x40094, &(0x7f0000000040)={0xa, 0x1000, 0x6, @rand_addr=' \x01\x00'}, 0x1c) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6(0xa, 0x3, 0x7) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000040)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000200)=0x80000002, 0x12) r4 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f00000000c0)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r4, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x2, r1}, 0x2) sendmsg$inet6(r4, &(0x7f0000000600)={&(0x7f0000000080)={0xa, 0x4e20, 0x1000000080000, @dev={0xfe, 0x80, '\x00', 0x3f}}, 0x1c, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000029000000040000002b00000000000007180000000000000029"], 0x30}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket$l2tp6(0xa, 0x2, 0x73) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000240)={'gre0\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x1, 0x0, 0xd9, 0x9fee, {{0x14, 0x4, 0x0, 0x0, 0x50, 0x66, 0x0, 0x5, 0x2f, 0x0, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@noop, @lsrr={0x83, 0xb, 0xa0, [@loopback, @multicast2]}, @end, @generic={0x82, 0x7, "52863fcc6d"}, @timestamp={0x44, 0x1c, 0xbd, 0x0, 0xe, [0x2, 0x3, 0x2, 0x7, 0xfffff368, 0x3]}, @rr={0x7, 0xb, 0xfd, [@empty, @private=0xa010101]}]}}}}}) sendmmsg$inet6(r5, &(0x7f0000002f00), 0x1, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x1, 0x0, 0x1, 0x0, 0x1}}, 0xb8}}, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r7 = accept4(r6, 0x0, 0x0, 0x80800) sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x3c, r8, 0x400, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_BSS_BASIC_RATES={0x20, 0x24, [{0x60, 0x1}, {0x6d}, {0xb}, {0x2}, {0x18, 0x1}, {0x3, 0x1}, {0x30}, {0xb, 0x1}, {0x1}, {0x9}, {0x4d, 0x1}, {0x6, 0x1}, {0xb, 0x1}, {0x1}, {0x6c}, {0x24}, {0xc}, {0xc}, {0x14, 0x1}, {0x9, 0x1}, {0x30, 0x1}, {0x18}, {0x36, 0x1}, {0x24}, {0x1}, {0x36}, {0x30, 0x1}, {0x24}]}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xb}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48044}, 0x0) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="c4000000190001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000001"], 0xc4}}, 0x0) 2.232693115s ago: executing program 2 (id=1162): unshare(0x400) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) connect$unix(r0, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) 2.131407655s ago: executing program 0 (id=1163): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xfe}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={r0, 0x4, 0x5}) write$cgroup_pressure(r1, &(0x7f0000000040)={'some', 0x20, 0x5, 0x20, 0x2}, 0x2f) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xfe}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) (async) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={r0, 0x4, 0x5}) (async) write$cgroup_pressure(r1, &(0x7f0000000040)={'some', 0x20, 0x5, 0x20, 0x2}, 0x2f) (async) 2.12977878s ago: executing program 2 (id=1164): unshare(0x60480) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x3a, 0x1, 0x0, 0x0) (fail_nth: 2) 1.928310322s ago: executing program 2 (id=1165): syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) close(r0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000280)={0x1c, 0x33, 0x1, 0x70bd2a, 0x25dbdbff, {0x1}, [@typed={0x8, 0x4, 0x0, 0x0, @u32=0x24}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24001}, 0x4000000) (async, rerun: 64) sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)={0x14, 0x33, 0x107, 0x0, 0x0, {0x1, 0x7c}}, 0x14}, 0x1, 0x0, 0x0, 0x28804}, 0x40000) (async, rerun: 64) r3 = socket$alg(0x26, 0x5, 0x0) (async, rerun: 32) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) (async, rerun: 32) socket$nl_route(0x10, 0x3, 0x0) (async) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async, rerun: 32) r4 = socket$tipc(0x1e, 0x5, 0x0) (rerun: 32) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) (rerun: 32) sendmsg$TIPC_CMD_SET_NODE_ADDR(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x24, r6, 0x1, 0x709d23, 0x25dfdbff, {{}, {}, {0x8, 0x11, 0x6}}}, 0x24}, 0x1, 0x0, 0x0, 0x40804}, 0x0) r7 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) (async) r8 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r8, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) bind$alg(r3, &(0x7f00000018c0)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58) r9 = accept4(r3, 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_LIST(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x7, 0x6, 0x3, 0x0, 0x0, {0xa, 0x0, 0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x1f}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) (async) r10 = socket(0x10, 0x3, 0x0) (async, rerun: 32) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 32) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) socket$alg(0x26, 0x5, 0x0) (async) sendmsg$nl_route_sched(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=@newqdisc={0x4c, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r12, {0x0, 0x8}, {0xffff, 0xffff}, {0xffe2, 0x9}}, [@TCA_RATE={0x6, 0x5, {0x4}}, @qdisc_kind_options=@q_hfsc={{0x9}, {0xffffffffffffffcf, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x3, 0x9, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40084}, 0x44880) (async) syz_init_net_socket$x25(0x9, 0x5, 0x0) 1.86384745s ago: executing program 2 (id=1166): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x6e, &(0x7f0000000240)={@local, @multicast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '\x00', 0x38, 0x2b, 0x0, @private2, @local, {[@hopopts={0x67}], {0x2100, 0x0, 0xffffffffffffff98, 0x0, @opaque="0d87aedaaa7fc9a56dc2d42b221003a116fd256378e5e186d69b1c57326a7371394d0c6bae77d286"}}}}}}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)={0x28, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e24}]}]}, 0x28}}, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000017c0000040000000c00018006000600800a000004050280000514"], 0x528}}, 0xc000) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r4 = socket$inet(0xa, 0x801, 0x84) shutdown(r4, 0x0) listen(r4, 0x10008) accept4(r4, 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {0x3}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5, 0x14, 0xd}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000005}, 0x2) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00'}) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x4) r5 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r5, &(0x7f0000004ec0)=[{{&(0x7f0000000100)={0xa, 0x4e22, 0xf, @dev={0xfe, 0x80, '\x00', 0x17}, 0x7}, 0x1c, &(0x7f00000004c0)=[{&(0x7f0000000600)="92", 0x1}], 0x1}}], 0x1, 0x20000800) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x92, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}}, 0x0) 341.468639ms ago: executing program 0 (id=1167): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x20, 0x1410, 0x1, 0x70bd2c, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x24044836}, 0xc094) (fail_nth: 1) 324.606947ms ago: executing program 2 (id=1168): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x18, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x6d) r1 = socket$xdp(0x2c, 0x3, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000008c0)={@fallback, 0xffffffffffffffff, 0x16, 0x4c, 0x0, @void, @value}, 0x20) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x1030000, 0x1000, 0x5, 0x4}, 0x20) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) unshare(0x6a040000) unshare(0x20000400) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="02420900a60200001864000001000000000000000000010018000000010000800000000002000000a5b597042228"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_init_net_socket$nfc_raw(0x27, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0x8, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r2, 0x58, &(0x7f00000003c0)}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, 0x0, 0x0) r5 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYRES16=r5, @ANYBLOB="f3f40000000000000000030000007000018008000300000000000d0001007564703a73797bb100000000440004"], 0x84}}, 0x0) r6 = syz_init_net_socket$x25(0x9, 0x5, 0x0) setsockopt$X25_QBITINCL(r6, 0x106, 0x1, 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000020000000900010073797a310000000060000000160a03000000000000000000020000000900010073797a31000000000900020073797a31000000002c000380080002400000000008000140000000001800038014000100776c616e3100000000000000000000000800074000000001"], 0xa8}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='syzkaller\x00', 0x4, 0xc5, &(0x7f0000000300)=""/197, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000002c0), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$nl_route(r7, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) 0s ago: executing program 0 (id=1169): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan0\x00'}) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair(0x25, 0x6, 0x7, &(0x7f0000000180)={0xffffffffffffffff}) setsockopt$inet_sctp6_SCTP_INITMSG(r2, 0x84, 0x2, &(0x7f00000001c0)={0x7, 0x6, 0x7}, 0x8) (async) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r1) sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000008700)={0x34, r3, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x16ba183637aa1df2) (async) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94) (async, rerun: 64) r5 = socket(0x1d, 0x2, 0x6) (rerun: 64) setsockopt$inet6_IPV6_ADDRFORM(r5, 0x29, 0x1, 0x0, 0x0) (async) bind$alg(r5, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'morus640-generic\x00'}, 0x58) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async, rerun: 32) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r4}, 0x10) (async, rerun: 32) r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) (async) pipe(&(0x7f0000000200)={0xffffffffffffffff}) vmsplice(r7, &(0x7f0000000640)=[{&(0x7f0000000180)="b4", 0x1}], 0x1, 0x3) openat$cgroup_ro(r7, &(0x7f0000000340)='blkio.bfq.group_wait_time\x00', 0x0, 0x0) (async) r8 = bpf$ITER_CREATE(0xb, &(0x7f00000004c0)={r6}, 0x8) close(r8) (async) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r6, 0x8, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) (async) r9 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r9, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) (async) setsockopt$inet_udp_encap(r9, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4) (async, rerun: 32) syz_emit_ethernet(0x86, &(0x7f0000000440)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x4, 0x0, "017cea08e90a62168facaecca577cb43f478fd5e6e5d4fb33ecffe357eac8a8e", "66d379b886319c62896eb4629b6baae1", {"a41819bdef458b3c84740f618752a2e5", "396954ec098e6a74ec194039740c8a59"}}}}}}}, 0x0) (async, rerun: 32) bpf$LINK_DETACH(0x22, 0x0, 0x0) (async) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={r8, 0x0, 0x0}, 0x10) kernel console output (not intermixed with test programs): 2.396546][ T7683] ? rcu_is_watching+0x15/0xb0 [ 112.396565][ T7683] ? trace_sys_enter+0x25/0x120 [ 112.396587][ T7683] do_syscall_64+0xf3/0x230 [ 112.396604][ T7683] ? clear_bhb_loop+0x35/0x90 [ 112.396628][ T7683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.396647][ T7683] RIP: 0033:0x7fbc2c58bb7c [ 112.396662][ T7683] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 112.396675][ T7683] RSP: 002b:00007fbc2d4ca030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 112.396693][ T7683] RAX: ffffffffffffffda RBX: 00007fbc2c7a5fa0 RCX: 00007fbc2c58bb7c [ 112.396705][ T7683] RDX: 000000000000000f RSI: 00007fbc2d4ca0a0 RDI: 0000000000000005 [ 112.396715][ T7683] RBP: 00007fbc2d4ca090 R08: 0000000000000000 R09: 0000000000000000 [ 112.396725][ T7683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 112.396734][ T7683] R13: 0000000000000000 R14: 00007fbc2c7a5fa0 R15: 00007ffd08800a38 [ 112.396760][ T7683] [ 112.699326][ T7685] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 112.811469][ T3014] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 112.835011][ T3014] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 112.849642][ T3014] bond0 (unregistering): Released all slaves [ 112.974413][ T7695] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 113.000643][ T7695] netlink: 36 bytes leftover after parsing attributes in process `syz.3.513'. [ 113.047641][ T7697] netlink: 8 bytes leftover after parsing attributes in process `syz.2.514'. [ 113.071846][ T7697] netlink: 12 bytes leftover after parsing attributes in process `syz.2.514'. [ 113.166179][ T7634] chnl_net:caif_netlink_parms(): no params data found [ 113.788669][ T7723] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 113.843754][ T7725] set match dimension is over the limit! [ 113.939467][ T3014] hsr_slave_0: left promiscuous mode [ 113.952762][ T3014] hsr_slave_1: left promiscuous mode [ 113.958659][ T3014] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 113.992416][ T3014] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 114.012019][ T3014] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 114.019503][ T3014] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 114.066903][ T3014] veth1_macvtap: left promiscuous mode [ 114.074185][ T3014] veth0_macvtap: left promiscuous mode [ 114.079869][ T3014] veth1_vlan: left promiscuous mode [ 114.085347][ T3014] veth0_vlan: left promiscuous mode [ 114.105957][ T7738] openvswitch: netlink: Key type 216 is out of range max 32 [ 114.431783][ T5146] Bluetooth: hci4: command tx timeout [ 114.936322][ T3014] team0 (unregistering): Port device team_slave_1 removed [ 114.982249][ T3014] team0 (unregistering): Port device team_slave_0 removed [ 115.399881][ T7634] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.407868][ T7634] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.415895][ T7634] bridge_slave_0: entered allmulticast mode [ 115.423006][ T7634] bridge_slave_0: entered promiscuous mode [ 115.430543][ T7634] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.438939][ T7634] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.446883][ T7634] bridge_slave_1: entered allmulticast mode [ 115.453759][ T7634] bridge_slave_1: entered promiscuous mode [ 115.464723][ T7729] pim6reg: entered allmulticast mode [ 115.475553][ T7736] vti0: entered allmulticast mode [ 115.612041][ T7757] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 115.628914][ T7753] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 115.637255][ T7757] netlink: 36 bytes leftover after parsing attributes in process `syz.3.530'. [ 115.659055][ T7753] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 115.684938][ T7634] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 115.725988][ T7634] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 115.738261][ T7756] netlink: 12 bytes leftover after parsing attributes in process `syz.2.531'. [ 115.798791][ T7768] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 116.007673][ T7770] Driver unsupported XDP return value 0 on prog (id 172) dev N/A, expect packet loss! [ 116.033626][ T7634] team0: Port device team_slave_0 added [ 116.042971][ T7776] netlink: 28 bytes leftover after parsing attributes in process `syz.4.534'. [ 116.052889][ T7634] team0: Port device team_slave_1 added [ 116.063460][ T7774] x_tables: duplicate underflow at hook 3 [ 116.071033][ T7776] netlink: 'syz.4.534': attribute type 7 has an invalid length. [ 116.078713][ T7776] netlink: 'syz.4.534': attribute type 8 has an invalid length. [ 116.157481][ T7776] netlink: 8 bytes leftover after parsing attributes in process `syz.4.534'. [ 116.222229][ T7634] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 116.246737][ T7634] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.293361][ T7634] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 116.306731][ T7634] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 116.315510][ T7634] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.379439][ T7634] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 116.435306][ T7787] __nla_validate_parse: 1 callbacks suppressed [ 116.435326][ T7787] netlink: 16 bytes leftover after parsing attributes in process `syz.3.537'. [ 116.461848][ T7787] netlink: 64 bytes leftover after parsing attributes in process `syz.3.537'. [ 116.474643][ T7787] tipc: Invalid UDP bearer configuration [ 116.474693][ T7787] tipc: Enabling of bearer rejected, failed to enable media [ 116.520153][ T5146] Bluetooth: hci4: command tx timeout [ 116.605655][ T7796] netlink: 36 bytes leftover after parsing attributes in process `syz.0.543'. [ 116.614788][ T7796] netlink: 12 bytes leftover after parsing attributes in process `syz.0.543'. [ 116.675325][ T7634] hsr_slave_0: entered promiscuous mode [ 116.702716][ T7634] hsr_slave_1: entered promiscuous mode [ 116.719582][ T7634] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 116.737794][ T7634] Cannot create hsr debugfs directory [ 116.764061][ T7794] lo speed is unknown, defaulting to 1000 [ 116.777514][ T7802] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 117.023012][ T7809] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 117.053380][ T7809] netlink: 36 bytes leftover after parsing attributes in process `syz.3.547'. [ 117.454435][ T7824] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 117.507445][ T7826] netlink: 8 bytes leftover after parsing attributes in process `syz.0.550'. [ 117.556617][ T7826] netlink: 12 bytes leftover after parsing attributes in process `syz.0.550'. [ 117.758350][ T7833] netlink: 48 bytes leftover after parsing attributes in process `syz.3.552'. [ 117.805561][ T7634] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 117.821933][ T7634] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 117.850837][ T7634] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 117.865302][ T7790] netlink: 28 bytes leftover after parsing attributes in process `syz.2.540'. [ 117.892927][ T7790] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 117.923264][ T5879] lo speed is unknown, defaulting to 1000 [ 117.943589][ T7634] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 117.988470][ T7845] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 118.002418][ T7790] lo speed is unknown, defaulting to 1000 [ 118.173449][ T7848] netlink: 76 bytes leftover after parsing attributes in process `syz.0.556'. [ 118.284944][ T7852] netlink: 'syz.4.559': attribute type 9 has an invalid length. [ 118.459445][ T7851] lo speed is unknown, defaulting to 1000 [ 118.520244][ T7634] 8021q: adding VLAN 0 to HW filter on device bond0 [ 118.563857][ T7634] 8021q: adding VLAN 0 to HW filter on device team0 [ 118.591503][ T5146] Bluetooth: hci4: command tx timeout [ 118.609407][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.616647][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.644021][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.651255][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 121.580222][ T7869] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 121.617960][ T7869] netlink: 36 bytes leftover after parsing attributes in process `syz.0.562'. [ 121.863143][ T7634] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 121.908077][ T7880] netlink: 16 bytes leftover after parsing attributes in process `syz.2.566'. [ 121.933325][ T7880] netlink: 16 bytes leftover after parsing attributes in process `syz.2.566'. [ 121.965657][ T7882] lo speed is unknown, defaulting to 1000 [ 121.966502][ T7884] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 121.985204][ T7634] veth0_vlan: entered promiscuous mode [ 122.025785][ T7634] veth1_vlan: entered promiscuous mode [ 122.101768][ T7634] veth0_macvtap: entered promiscuous mode [ 122.123325][ T7634] veth1_macvtap: entered promiscuous mode [ 122.193631][ T7634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 122.214152][ T7634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.234623][ T7634] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 122.268304][ T7889] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.309459][ T7634] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 122.340720][ T7634] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 122.366430][ T7634] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 122.379088][ T7898] TCP: TCP_TX_DELAY enabled [ 122.394945][ T7634] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.405427][ T7634] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.418466][ T7634] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.437143][ T7901] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 122.447375][ T7634] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 122.454184][ T7901] netlink: 36 bytes leftover after parsing attributes in process `syz.3.574'. [ 122.476095][ T7889] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.519215][ T7903] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 0, id = 0 [ 122.578270][ T7889] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.716012][ T7889] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.785066][ T2963] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.820899][ T2963] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.879743][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 122.929327][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.956400][ T7916] netlink: 16 bytes leftover after parsing attributes in process `syz.3.580'. [ 122.974694][ T7916] netlink: 16 bytes leftover after parsing attributes in process `syz.3.580'. [ 123.045113][ T7882] lo speed is unknown, defaulting to 1000 [ 123.155392][ T7924] netlink: 36 bytes leftover after parsing attributes in process `syz.3.581'. [ 123.172904][ T7918] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.198238][ T7925] netlink: 36 bytes leftover after parsing attributes in process `syz.3.581'. [ 123.230208][ T7889] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.249238][ T7889] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.270213][ T7907] lo: entered promiscuous mode [ 123.275974][ T7907] tunl0: entered promiscuous mode [ 123.305495][ T7907] gre0: entered promiscuous mode [ 123.321554][ T7907] gretap0: entered promiscuous mode [ 123.327100][ T7907] erspan0: entered promiscuous mode [ 123.341287][ T7907] ip_vti0: entered promiscuous mode [ 123.346957][ T7907] ip6_vti0: entered promiscuous mode [ 123.354514][ T7907] sit0: entered promiscuous mode [ 123.360156][ T7907] ip6tnl0: entered promiscuous mode [ 123.366165][ T7907] ip6gre0: entered promiscuous mode [ 123.372473][ T7907] syz_tun: entered promiscuous mode [ 123.378039][ T7907] ip6gretap0: entered promiscuous mode [ 123.385362][ T7907] bridge0: entered promiscuous mode [ 123.390588][ T7907] vlan1: entered promiscuous mode [ 123.397261][ T7907] bond0: entered promiscuous mode [ 123.403921][ T7907] vcan0: entered promiscuous mode [ 123.409613][ T7907] team0: entered promiscuous mode [ 123.415535][ T7907] dummy0: entered promiscuous mode [ 123.421175][ T7907] nlmon0: entered promiscuous mode [ 123.426936][ T7907] caif0: entered promiscuous mode [ 123.432531][ T7907] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 123.484403][ T7918] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.508343][ T7889] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.527965][ T7927] xt_CT: You must specify a L4 protocol and not use inversions on it [ 123.653920][ T7889] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 123.742803][ T7918] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.940802][ T7929] lo speed is unknown, defaulting to 1000 [ 123.957431][ T7918] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.109852][ T7918] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.148686][ T7918] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.180206][ T7918] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.196737][ T7918] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 124.521182][ T2963] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.538359][ T7936] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 124.558640][ T7936] netlink: 36 bytes leftover after parsing attributes in process `syz.4.585'. [ 124.669197][ T2963] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.723385][ T7940] netlink: 'syz.4.586': attribute type 5 has an invalid length. [ 124.860384][ T2963] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.979759][ T5834] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 125.001131][ T5834] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 125.013659][ T5834] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 125.026210][ T5834] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 125.051428][ T5834] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 125.058814][ T5834] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 125.067508][ T2963] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.257606][ T7943] lo speed is unknown, defaulting to 1000 [ 125.358776][ T2963] bridge_slave_1: left allmulticast mode [ 125.367294][ T2963] bridge_slave_1: left promiscuous mode [ 125.373517][ T2963] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.461646][ T2963] bridge_slave_0: left allmulticast mode [ 125.470764][ T2963] bridge_slave_0: left promiscuous mode [ 125.483317][ T2963] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.929987][ T7964] netlink: 'syz.0.592': attribute type 10 has an invalid length. [ 126.427195][ T2963] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 126.440383][ T2963] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 126.451931][ T2963] bond0 (unregistering): Released all slaves [ 126.504992][ T7964] macvlan0: entered allmulticast mode [ 126.518984][ T7964] veth1_vlan: entered allmulticast mode [ 126.570504][ T7964] macvlan0: entered promiscuous mode [ 126.592071][ T7964] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 126.859056][ T3522] bridge0: port 1(vlan1) entered blocking state [ 126.865580][ T3522] bridge0: port 1(vlan1) entered forwarding state [ 126.890992][ T7979] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 126.917082][ T7979] netlink: 36 bytes leftover after parsing attributes in process `syz.3.596'. [ 127.151902][ T5146] Bluetooth: hci4: command tx timeout [ 127.420266][ T7992] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 127.429465][ T7992] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 127.438360][ T7992] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 127.447321][ T7992] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 127.815659][ T2963] hsr_slave_0: left promiscuous mode [ 127.835714][ T2963] hsr_slave_1: left promiscuous mode [ 127.851863][ T2963] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 127.862790][ T2963] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 127.887888][ T2963] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 127.916942][ T2963] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 128.000927][ T2963] veth1_macvtap: left promiscuous mode [ 128.019392][ T2963] veth0_macvtap: left promiscuous mode [ 128.029081][ T2963] veth1_vlan: left promiscuous mode [ 128.037133][ T2963] veth0_vlan: left promiscuous mode [ 128.370188][ T7940] Set syz1 is full, maxelem 65536 reached [ 128.670031][ T2963] team0 (unregistering): Port device team_slave_1 removed [ 128.712262][ T2963] team0 (unregistering): Port device team_slave_0 removed [ 129.130401][ T8002] netlink: 16 bytes leftover after parsing attributes in process `syz.3.600'. [ 129.144802][ T7996] netlink: 16 bytes leftover after parsing attributes in process `syz.3.600'. [ 129.158926][ T7943] chnl_net:caif_netlink_parms(): no params data found [ 129.233054][ T5146] Bluetooth: hci4: command tx timeout [ 129.285333][ T8022] netlink: 8 bytes leftover after parsing attributes in process `syz.3.605'. [ 129.310040][ T8022] netlink: 312 bytes leftover after parsing attributes in process `syz.3.605'. [ 129.314590][ T8024] netlink: 4 bytes leftover after parsing attributes in process `syz.4.606'. [ 129.468662][ T8031] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 129.487970][ T8031] netlink: 36 bytes leftover after parsing attributes in process `syz.2.608'. [ 129.685483][ T8042] netlink: 16 bytes leftover after parsing attributes in process `syz.4.610'. [ 129.716863][ T7943] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.744370][ T7943] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.746328][ T8047] netlink: 12 bytes leftover after parsing attributes in process `syz.2.611'. [ 129.761041][ T7943] bridge_slave_0: entered allmulticast mode [ 129.767991][ T7943] bridge_slave_0: entered promiscuous mode [ 129.791092][ T8042] netlink: 16 bytes leftover after parsing attributes in process `syz.4.610'. [ 129.800308][ T7943] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.830984][ T7943] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.838255][ T7943] bridge_slave_1: entered allmulticast mode [ 129.869581][ T7943] bridge_slave_1: entered promiscuous mode [ 129.900277][ T8049] netlink: 'syz.3.612': attribute type 1 has an invalid length. [ 129.981506][ T7943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 129.991318][ T8048] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 130.010157][ T7943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 130.087665][ T7943] team0: Port device team_slave_0 added [ 130.207116][ T7943] team0: Port device team_slave_1 added [ 130.309972][ T7943] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 130.324318][ T7943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 130.380796][ T7943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 130.408307][ T7943] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 130.411704][ T8073] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 130.426428][ T7943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 130.512436][ T7943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 130.667684][ T7943] hsr_slave_0: entered promiscuous mode [ 130.690093][ T7943] hsr_slave_1: entered promiscuous mode [ 130.699245][ T7943] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 130.707332][ T7943] Cannot create hsr debugfs directory [ 130.708892][ T8082] netlink: 'syz.3.624': attribute type 10 has an invalid length. [ 130.733312][ T8077] lo speed is unknown, defaulting to 1000 [ 130.814419][ T8081] vlan2: entered allmulticast mode [ 130.819604][ T8081] veth0_to_batadv: entered allmulticast mode [ 130.893172][ T8082] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 131.311439][ T5146] Bluetooth: hci4: command tx timeout [ 131.686590][ T7943] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 131.709845][ T7943] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 131.731083][ T7943] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 131.753976][ T7943] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 131.954870][ T7943] 8021q: adding VLAN 0 to HW filter on device bond0 [ 132.000200][ T7943] 8021q: adding VLAN 0 to HW filter on device team0 [ 132.023926][ T3522] bridge0: port 1(bridge_slave_0) entered blocking state [ 132.031137][ T3522] bridge0: port 1(bridge_slave_0) entered forwarding state [ 132.054475][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 132.061708][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 132.093087][ T8105] __nla_validate_parse: 13 callbacks suppressed [ 132.093104][ T8105] netlink: 4 bytes leftover after parsing attributes in process `syz.4.631'. [ 132.103669][ T8104] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 132.370301][ T8110] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 132.390467][ T8110] netlink: 36 bytes leftover after parsing attributes in process `syz.2.633'. [ 132.477591][ T8111] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.524696][ T7943] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 132.649711][ T7943] veth0_vlan: entered promiscuous mode [ 132.691638][ T7943] veth1_vlan: entered promiscuous mode [ 132.767188][ T7943] veth0_macvtap: entered promiscuous mode [ 132.792647][ T7943] veth1_macvtap: entered promiscuous mode [ 132.833443][ T7943] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 132.845223][ T8127] netlink: 'syz.4.637': attribute type 1 has an invalid length. [ 132.850764][ T7943] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 132.853608][ T8127] netlink: 160 bytes leftover after parsing attributes in process `syz.4.637'. [ 132.889405][ T7943] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 132.922529][ T7943] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 132.930792][ T8127] NCSI netlink: No device for ifindex 65628 [ 132.940929][ T7943] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 132.976122][ T7943] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 133.004306][ T7943] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.021160][ T7943] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.040258][ T7943] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.053646][ T7943] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.114134][ T8131] netlink: 16 bytes leftover after parsing attributes in process `syz.0.640'. [ 133.177857][ T8131] netlink: 16 bytes leftover after parsing attributes in process `syz.0.640'. [ 133.241522][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.288469][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.304373][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.314790][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.339880][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.391844][ T5146] Bluetooth: hci4: command tx timeout [ 133.439877][ T8133] FAULT_INJECTION: forcing a failure. [ 133.439877][ T8133] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 133.480960][ T8133] CPU: 0 UID: 0 PID: 8133 Comm: syz.0.642 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0 [ 133.480988][ T8133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 133.480998][ T8133] Call Trace: [ 133.481004][ T8133] [ 133.481012][ T8133] dump_stack_lvl+0x241/0x360 [ 133.481039][ T8133] ? __pfx_dump_stack_lvl+0x10/0x10 [ 133.481056][ T8133] ? __pfx__printk+0x10/0x10 [ 133.481075][ T8133] ? __pfx_lock_release+0x10/0x10 [ 133.481098][ T8133] ? vfs_write+0x7fa/0xd10 [ 133.481119][ T8133] should_fail_ex+0x40a/0x550 [ 133.481145][ T8133] _copy_from_user+0x2d/0xb0 [ 133.481166][ T8133] move_addr_to_kernel+0x82/0x150 [ 133.481188][ T8133] __sys_connect+0xb6/0x2d0 [ 133.481209][ T8133] ? __fget_files+0x2a/0x410 [ 133.481230][ T8133] ? __pfx___sys_connect+0x10/0x10 [ 133.481263][ T8133] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 133.481286][ T8133] ? do_syscall_64+0x100/0x230 [ 133.481309][ T8133] __x64_sys_connect+0x7a/0x90 [ 133.481332][ T8133] do_syscall_64+0xf3/0x230 [ 133.481351][ T8133] ? clear_bhb_loop+0x35/0x90 [ 133.481374][ T8133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.481395][ T8133] RIP: 0033:0x7fb85dd8d169 [ 133.481409][ T8133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.481423][ T8133] RSP: 002b:00007fb85ebf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 133.481441][ T8133] RAX: ffffffffffffffda RBX: 00007fb85dfa5fa0 RCX: 00007fb85dd8d169 [ 133.481453][ T8133] RDX: 000000000000006e RSI: 0000400000000180 RDI: 0000000000000003 [ 133.481463][ T8133] RBP: 00007fb85ebf6090 R08: 0000000000000000 R09: 0000000000000000 [ 133.481473][ T8133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 133.481482][ T8133] R13: 0000000000000000 R14: 00007fb85dfa5fa0 R15: 00007ffd096000e8 [ 133.481508][ T8133] [ 133.734294][ T8136] netlink: 12 bytes leftover after parsing attributes in process `syz.2.641'. [ 134.004241][ T8143] netlink: 8 bytes leftover after parsing attributes in process `syz.4.644'. [ 134.153044][ T8145] netlink: 148 bytes leftover after parsing attributes in process `syz.2.646'. [ 134.187551][ T8145] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 134.481632][ T8156] netlink: 'syz.2.648': attribute type 10 has an invalid length. [ 134.524761][ T8156] 8021q: adding VLAN 0 to HW filter on device team0 [ 134.574103][ T8156] bond0: (slave team0): Enslaving as an active interface with an up link [ 134.707066][ T8168] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 134.724709][ T8168] netlink: 36 bytes leftover after parsing attributes in process `syz.4.651'. [ 134.828286][ T8173] netlink: 12 bytes leftover after parsing attributes in process `syz.2.652'. [ 134.997321][ T8178] openvswitch: netlink: Actions may not be safe on all matching packets [ 135.023320][ T8178] openvswitch: netlink: nsh attr 9472 is out of range max 3 [ 135.288076][ T3522] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.852149][ T3522] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.954996][ T3522] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.098519][ T3522] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.272003][ T8224] netlink: 'syz.2.658': attribute type 64 has an invalid length. [ 136.572987][ T3522] bridge_slave_1: left allmulticast mode [ 136.587637][ T3522] bridge_slave_1: left promiscuous mode [ 136.602986][ T3522] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.680057][ T3522] bridge_slave_0: left allmulticast mode [ 136.689406][ T3522] bridge_slave_0: left promiscuous mode [ 136.720997][ T3522] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.908508][ T5841] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 136.923872][ T5841] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 136.933635][ T5841] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 136.943266][ T5841] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 136.953456][ T5841] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 136.961848][ T5841] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 137.146275][ T8252] __nla_validate_parse: 3 callbacks suppressed [ 137.146291][ T8252] netlink: 12 bytes leftover after parsing attributes in process `syz.0.664'. [ 137.312632][ T5834] Bluetooth: hci3: command 0x0405 tx timeout [ 137.333981][ T3522] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 137.345529][ T3522] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 137.356264][ T3522] bond0 (unregistering): Released all slaves [ 137.381985][ T8252] netlink: 16 bytes leftover after parsing attributes in process `syz.0.664'. [ 137.417535][ T8237] lo speed is unknown, defaulting to 1000 [ 137.420472][ T8253] netlink: 16 bytes leftover after parsing attributes in process `syz.0.664'. [ 137.577628][ T8256] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 137.639235][ T8258] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 137.675955][ T8258] netlink: 36 bytes leftover after parsing attributes in process `syz.0.667'. [ 137.774505][ T8262] netlink: 12 bytes leftover after parsing attributes in process `syz.2.668'. [ 137.865904][ T8269] netlink: 12 bytes leftover after parsing attributes in process `syz.2.671'. [ 137.975001][ T8271] netlink: 'syz.2.671': attribute type 18 has an invalid length. [ 138.091771][ T8274] netlink: 104 bytes leftover after parsing attributes in process `syz.3.672'. [ 138.333304][ T3522] hsr_slave_0: left promiscuous mode [ 138.376721][ T3522] hsr_slave_1: left promiscuous mode [ 138.394939][ T3522] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 138.405400][ T3522] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 138.415234][ T3522] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 138.423157][ T3522] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 138.435493][ T8288] netlink: 'syz.4.677': attribute type 10 has an invalid length. [ 138.466987][ T8282] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 138.481875][ T3522] veth1_macvtap: left promiscuous mode [ 138.487474][ T3522] veth0_macvtap: left promiscuous mode [ 138.494511][ T3522] veth1_vlan: left promiscuous mode [ 138.499862][ T3522] veth0_vlan: left promiscuous mode [ 138.994723][ T5834] Bluetooth: hci4: command tx timeout [ 139.346005][ T3522] team0 (unregistering): Port device team_slave_1 removed [ 139.398748][ T3522] team0 (unregistering): Port device team_slave_0 removed [ 139.858517][ T8237] chnl_net:caif_netlink_parms(): no params data found [ 140.174081][ T8237] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.189705][ T8237] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.220937][ T8237] bridge_slave_0: entered allmulticast mode [ 140.228081][ T8237] bridge_slave_0: entered promiscuous mode [ 140.236437][ T8237] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.243780][ T8237] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.252238][ T8237] bridge_slave_1: entered allmulticast mode [ 140.260043][ T8237] bridge_slave_1: entered promiscuous mode [ 140.263100][ T8322] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 140.269541][ T8320] tipc: Started in network mode [ 140.278441][ T8320] tipc: Node identity 3e337bd3a3f, cluster identity 4711 [ 140.286267][ T8320] tipc: Enabled bearer , priority 0 [ 140.302946][ T8322] netlink: 36 bytes leftover after parsing attributes in process `syz.4.683'. [ 140.328634][ T8328] netlink: 4 bytes leftover after parsing attributes in process `syz.0.685'. [ 140.391062][ T8237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 140.419163][ T8237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 140.759870][ T8237] team0: Port device team_slave_0 added [ 140.783482][ T8237] team0: Port device team_slave_1 added [ 140.950207][ T8318] tipc: Disabling bearer [ 140.975960][ T8237] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 140.984521][ T8237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 141.005426][ T8345] netlink: 8 bytes leftover after parsing attributes in process `syz.4.689'. [ 141.015521][ T8237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 141.071504][ T5834] Bluetooth: hci4: command tx timeout [ 141.119963][ T8237] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 141.162359][ T8237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 141.192104][ T8237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 141.253358][ T8362] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 141.387287][ T8237] hsr_slave_0: entered promiscuous mode [ 141.395244][ T8237] hsr_slave_1: entered promiscuous mode [ 141.406579][ T8237] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 141.416429][ T8237] Cannot create hsr debugfs directory [ 141.429168][ T8362] lo speed is unknown, defaulting to 1000 [ 141.703587][ T8377] netlink: 'syz.0.697': attribute type 1 has an invalid length. [ 141.750203][ T8377] bond1: entered promiscuous mode [ 141.759846][ T8377] 8021q: adding VLAN 0 to HW filter on device bond1 [ 141.789233][ T8380] batadv1: entered promiscuous mode [ 141.814194][ T8383] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 141.830880][ T8380] batadv1: entered allmulticast mode [ 141.839078][ T8380] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 141.854571][ T8380] bond1: (slave batadv1): making interface the new active one [ 141.864894][ T8380] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 141.961196][ T8388] xt_bpf: check failed: parse error [ 141.981663][ T8377] bond1: (slave veth5): Enslaving as an active interface with a down link [ 142.303815][ T8390] FAULT_INJECTION: forcing a failure. [ 142.303815][ T8390] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 142.354103][ T8390] CPU: 0 UID: 0 PID: 8390 Comm: syz.0.701 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0 [ 142.354132][ T8390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 142.354141][ T8390] Call Trace: [ 142.354147][ T8390] [ 142.354154][ T8390] dump_stack_lvl+0x241/0x360 [ 142.354181][ T8390] ? __pfx_dump_stack_lvl+0x10/0x10 [ 142.354198][ T8390] ? __pfx__printk+0x10/0x10 [ 142.354216][ T8390] ? __pfx_lock_release+0x10/0x10 [ 142.354247][ T8390] should_fail_ex+0x40a/0x550 [ 142.354273][ T8390] _copy_from_user+0x2d/0xb0 [ 142.354294][ T8390] copy_msghdr_from_user+0xae/0x680 [ 142.354321][ T8390] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 142.354339][ T8390] ? __fget_files+0x2a/0x410 [ 142.354363][ T8390] ? __fget_files+0x2a/0x410 [ 142.354391][ T8390] __sys_sendmsg+0x209/0x350 [ 142.354414][ T8390] ? __pfx___sys_sendmsg+0x10/0x10 [ 142.354456][ T8390] ? __might_fault+0xaa/0x120 [ 142.354473][ T8390] ? __pfx_lock_release+0x10/0x10 [ 142.354505][ T8390] ? rcu_is_watching+0x15/0xb0 [ 142.354523][ T8390] ? trace_sys_enter+0x25/0x120 [ 142.354548][ T8390] do_syscall_64+0xf3/0x230 [ 142.354567][ T8390] ? clear_bhb_loop+0x35/0x90 [ 142.354590][ T8390] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.354610][ T8390] RIP: 0033:0x7fb85dd8d169 [ 142.354624][ T8390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 142.354637][ T8390] RSP: 002b:00007fb85ebf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 142.354660][ T8390] RAX: ffffffffffffffda RBX: 00007fb85dfa5fa0 RCX: 00007fb85dd8d169 [ 142.354672][ T8390] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000006 [ 142.354682][ T8390] RBP: 00007fb85ebf6090 R08: 0000000000000000 R09: 0000000000000000 [ 142.354692][ T8390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.354701][ T8390] R13: 0000000000000000 R14: 00007fb85dfa5fa0 R15: 00007ffd096000e8 [ 142.354727][ T8390] [ 142.638811][ T8395] __nla_validate_parse: 4 callbacks suppressed [ 142.638830][ T8395] netlink: 12 bytes leftover after parsing attributes in process `syz.2.703'. [ 142.747224][ T8400] netlink: 16 bytes leftover after parsing attributes in process `syz.3.704'. [ 142.799053][ T8400] netlink: 16 bytes leftover after parsing attributes in process `syz.3.704'. [ 142.861930][ T8395] netlink: 'syz.2.703': attribute type 2 has an invalid length. [ 142.872484][ T8395] netlink: 'syz.2.703': attribute type 8 has an invalid length. [ 142.880463][ T8395] netlink: 132 bytes leftover after parsing attributes in process `syz.2.703'. [ 143.059061][ T8237] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 143.084060][ T8237] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 143.113569][ T8237] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 143.135905][ T8237] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 143.151497][ T5834] Bluetooth: hci4: command tx timeout [ 143.153992][ T8417] netlink: 12 bytes leftover after parsing attributes in process `syz.0.709'. [ 143.170195][ T8420] netlink: 60 bytes leftover after parsing attributes in process `syz.3.712'. [ 143.195762][ T8420] unsupported nlmsg_type 40 [ 143.196167][ T8421] batadv_slave_0: entered promiscuous mode [ 143.208951][ T8421] batadv_slave_0: entered allmulticast mode [ 143.352823][ T8426] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 143.374085][ T8426] netlink: 36 bytes leftover after parsing attributes in process `syz.3.714'. [ 143.447929][ T8430] FAULT_INJECTION: forcing a failure. [ 143.447929][ T8430] name failslab, interval 1, probability 0, space 0, times 1 [ 143.449366][ T8237] 8021q: adding VLAN 0 to HW filter on device bond0 [ 143.499914][ T8428] lo speed is unknown, defaulting to 1000 [ 143.510847][ T8430] CPU: 1 UID: 0 PID: 8430 Comm: syz.0.715 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0 [ 143.510874][ T8430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 143.510883][ T8430] Call Trace: [ 143.510889][ T8430] [ 143.510897][ T8430] dump_stack_lvl+0x241/0x360 [ 143.510923][ T8430] ? __pfx_dump_stack_lvl+0x10/0x10 [ 143.510940][ T8430] ? __pfx__printk+0x10/0x10 [ 143.510958][ T8430] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 143.510981][ T8430] ? __pfx___might_resched+0x10/0x10 [ 143.511007][ T8430] should_fail_ex+0x40a/0x550 [ 143.511033][ T8430] should_failslab+0xac/0x100 [ 143.511060][ T8430] kmem_cache_alloc_node_noprof+0x77/0x380 [ 143.511080][ T8430] ? __alloc_skb+0x1c3/0x440 [ 143.511100][ T8430] __alloc_skb+0x1c3/0x440 [ 143.511120][ T8430] ? __pfx___alloc_skb+0x10/0x10 [ 143.511137][ T8430] ? netlink_autobind+0xd6/0x2f0 [ 143.511156][ T8430] ? netlink_autobind+0x2b0/0x2f0 [ 143.511181][ T8430] netlink_sendmsg+0x634/0xcb0 [ 143.511216][ T8430] ? __pfx_netlink_sendmsg+0x10/0x10 [ 143.511240][ T8430] ? aa_sock_msg_perm+0x91/0x160 [ 143.511268][ T8430] ? __pfx_netlink_sendmsg+0x10/0x10 [ 143.511292][ T8430] __sock_sendmsg+0x221/0x270 [ 143.511315][ T8430] ____sys_sendmsg+0x53a/0x860 [ 143.511341][ T8430] ? __pfx_____sys_sendmsg+0x10/0x10 [ 143.511356][ T8430] ? __fget_files+0x2a/0x410 [ 143.511381][ T8430] ? __fget_files+0x2a/0x410 [ 143.511409][ T8430] __sys_sendmsg+0x269/0x350 [ 143.511431][ T8430] ? __pfx___sys_sendmsg+0x10/0x10 [ 143.511460][ T8430] ? do_sys_openat2+0x17a/0x1d0 [ 143.511504][ T8430] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 143.511533][ T8430] ? do_syscall_64+0x100/0x230 [ 143.511555][ T8430] ? do_syscall_64+0xb6/0x230 [ 143.511576][ T8430] do_syscall_64+0xf3/0x230 [ 143.511594][ T8430] ? clear_bhb_loop+0x35/0x90 [ 143.511617][ T8430] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.511651][ T8430] RIP: 0033:0x7fb85dd8d169 [ 143.511666][ T8430] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 143.511679][ T8430] RSP: 002b:00007fb85ebf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 143.511697][ T8430] RAX: ffffffffffffffda RBX: 00007fb85dfa5fa0 RCX: 00007fb85dd8d169 [ 143.511709][ T8430] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000006 [ 143.511719][ T8430] RBP: 00007fb85ebf6090 R08: 0000000000000000 R09: 0000000000000000 [ 143.511730][ T8430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 143.511745][ T8430] R13: 0000000000000000 R14: 00007fb85dfa5fa0 R15: 00007ffd096000e8 [ 143.511776][ T8430] [ 143.516274][ T8237] 8021q: adding VLAN 0 to HW filter on device team0 [ 143.932173][ T2963] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.939352][ T2963] bridge0: port 1(bridge_slave_0) entered forwarding state [ 143.982279][ T2963] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.989605][ T2963] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.091813][ T8438] netlink: 16 bytes leftover after parsing attributes in process `syz.0.718'. [ 144.121461][ T8438] netlink: 16 bytes leftover after parsing attributes in process `syz.0.718'. [ 144.655524][ T8237] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 144.789033][ T8237] veth0_vlan: entered promiscuous mode [ 144.817619][ T8237] veth1_vlan: entered promiscuous mode [ 144.864397][ T8475] netlink: 16 bytes leftover after parsing attributes in process `syz.0.726'. [ 145.007043][ T8237] veth0_macvtap: entered promiscuous mode [ 145.028278][ T8237] veth1_macvtap: entered promiscuous mode [ 145.105663][ T8237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 145.136683][ T8237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.164544][ T8237] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 145.252206][ T5834] Bluetooth: hci4: command tx timeout [ 145.263768][ T8237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 145.304859][ T8237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 145.350392][ T8237] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 145.358668][ T8487] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 145.413990][ T8237] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.437516][ T8237] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.481283][ T8237] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.516717][ T8237] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.734102][ T8492] netlink: 'syz.4.731': attribute type 1 has an invalid length. [ 145.783201][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 145.820770][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 145.880028][ T8495] bridge0: entered promiscuous mode [ 145.897165][ T8495] macvlan2: entered promiscuous mode [ 145.908599][ T8495] bridge0: port 3(macvlan2) entered blocking state [ 145.928092][ T8495] bridge0: port 3(macvlan2) entered disabled state [ 145.944123][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 145.961427][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 145.991236][ T8495] macvlan2: entered allmulticast mode [ 145.997295][ T8495] bridge0: entered allmulticast mode [ 146.026364][ T8495] macvlan2: left allmulticast mode [ 146.091375][ T8495] bridge0: left allmulticast mode [ 146.098402][ T8495] bridge0: left promiscuous mode [ 146.660486][ T8509] lo speed is unknown, defaulting to 1000 [ 146.914904][ T8516] FAULT_INJECTION: forcing a failure. [ 146.914904][ T8516] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 146.982700][ T8516] CPU: 0 UID: 0 PID: 8516 Comm: syz.4.740 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0 [ 146.982731][ T8516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 146.982740][ T8516] Call Trace: [ 146.982746][ T8516] [ 146.982753][ T8516] dump_stack_lvl+0x241/0x360 [ 146.982778][ T8516] ? __pfx_dump_stack_lvl+0x10/0x10 [ 146.982795][ T8516] ? __pfx__printk+0x10/0x10 [ 146.982811][ T8516] ? __pfx_lock_release+0x10/0x10 [ 146.982839][ T8516] should_fail_ex+0x40a/0x550 [ 146.982863][ T8516] _copy_from_iter+0x1df/0x1c40 [ 146.982880][ T8516] ? __virt_addr_valid+0x183/0x530 [ 146.982895][ T8516] ? __pfx_lock_release+0x10/0x10 [ 146.982919][ T8516] ? __alloc_skb+0x28f/0x440 [ 146.982934][ T8516] ? __pfx__copy_from_iter+0x10/0x10 [ 146.982951][ T8516] ? __virt_addr_valid+0x183/0x530 [ 146.982965][ T8516] ? __virt_addr_valid+0x183/0x530 [ 146.982993][ T8516] ? __virt_addr_valid+0x45f/0x530 [ 146.983008][ T8516] ? __phys_addr_symbol+0x2f/0x70 [ 146.983021][ T8516] ? __check_object_size+0x47a/0x730 [ 146.983044][ T8516] netlink_sendmsg+0x742/0xcb0 [ 146.983074][ T8516] ? __pfx_netlink_sendmsg+0x10/0x10 [ 146.983096][ T8516] ? aa_sock_msg_perm+0x91/0x160 [ 146.983121][ T8516] ? __pfx_netlink_sendmsg+0x10/0x10 [ 146.983138][ T8516] __sock_sendmsg+0x221/0x270 [ 146.983160][ T8516] ____sys_sendmsg+0x53a/0x860 [ 146.983183][ T8516] ? __pfx_____sys_sendmsg+0x10/0x10 [ 146.983198][ T8516] ? __fget_files+0x2a/0x410 [ 146.983219][ T8516] ? __fget_files+0x2a/0x410 [ 146.983245][ T8516] __sys_sendmsg+0x269/0x350 [ 146.983265][ T8516] ? __pfx___sys_sendmsg+0x10/0x10 [ 146.983291][ T8516] ? do_sys_openat2+0x17a/0x1d0 [ 146.983331][ T8516] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 146.983353][ T8516] ? do_syscall_64+0x100/0x230 [ 146.983374][ T8516] ? do_syscall_64+0xb6/0x230 [ 146.983392][ T8516] do_syscall_64+0xf3/0x230 [ 146.983407][ T8516] ? clear_bhb_loop+0x35/0x90 [ 146.983429][ T8516] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.983448][ T8516] RIP: 0033:0x7fbc2c58d169 [ 146.983470][ T8516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 146.983482][ T8516] RSP: 002b:00007fbc2d4ca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 146.983499][ T8516] RAX: ffffffffffffffda RBX: 00007fbc2c7a5fa0 RCX: 00007fbc2c58d169 [ 146.983509][ T8516] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000006 [ 146.983519][ T8516] RBP: 00007fbc2d4ca090 R08: 0000000000000000 R09: 0000000000000000 [ 146.983529][ T8516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 146.983538][ T8516] R13: 0000000000000000 R14: 00007fbc2c7a5fa0 R15: 00007ffd08800a38 [ 146.983560][ T8516] [ 147.291755][ T8523] netlink: 'syz.3.741': attribute type 11 has an invalid length. [ 147.349868][ T11] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.492747][ T11] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.840745][ T11] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.888771][ T11] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.197915][ T11] bridge_slave_1: left allmulticast mode [ 148.211632][ T11] bridge_slave_1: left promiscuous mode [ 148.220984][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.247890][ T11] bridge_slave_0: left allmulticast mode [ 148.261306][ T11] bridge_slave_0: left promiscuous mode [ 148.268279][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.400943][ T974] IPVS: starting estimator thread 0... [ 148.510924][ T8555] IPVS: using max 26 ests per chain, 62400 per kthread [ 148.636159][ T5146] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 148.723522][ T5146] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 148.738428][ T5146] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 148.749571][ T5146] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 148.765111][ T5146] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 148.776626][ T5146] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 149.289939][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 149.300855][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 149.319972][ T11] bond0 (unregistering): Released all slaves [ 149.427769][ T8566] lo speed is unknown, defaulting to 1000 [ 149.819746][ T8578] __nla_validate_parse: 4 callbacks suppressed [ 149.819765][ T8578] netlink: 4 bytes leftover after parsing attributes in process `syz.3.756'. [ 149.859007][ T8578] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 149.872603][ T8578] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 149.948279][ T8578] batadv0 (unregistering): left promiscuous mode [ 150.002355][ T8580] ip6gretap1: entered allmulticast mode [ 150.032700][ T8594] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 150.056838][ T8594] netlink: 36 bytes leftover after parsing attributes in process `syz.4.760'. [ 150.060222][ T11] hsr_slave_0: left promiscuous mode [ 150.077183][ T11] hsr_slave_1: left promiscuous mode [ 150.083462][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 150.110973][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 150.131839][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 150.154488][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 150.319183][ T11] veth1_macvtap: left promiscuous mode [ 150.329540][ T11] veth0_macvtap: left promiscuous mode [ 150.356871][ T11] veth1_vlan: left promiscuous mode [ 150.375614][ T11] veth0_vlan: left promiscuous mode [ 150.477606][ T8609] netlink: 8 bytes leftover after parsing attributes in process `syz.3.764'. [ 150.835410][ T5834] Bluetooth: hci4: command tx timeout [ 150.995092][ T11] team0 (unregistering): Port device team_slave_1 removed [ 151.042929][ T11] team0 (unregistering): Port device team_slave_0 removed [ 151.733659][ T8566] chnl_net:caif_netlink_parms(): no params data found [ 152.105329][ T8566] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.117438][ T8566] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.127605][ T8566] bridge_slave_0: entered allmulticast mode [ 152.170456][ T8566] bridge_slave_0: entered promiscuous mode [ 152.195413][ T8566] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.220353][ T8566] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.246073][ T8566] bridge_slave_1: entered allmulticast mode [ 152.272894][ T8566] bridge_slave_1: entered promiscuous mode [ 152.429074][ T8566] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 152.510089][ T8566] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 152.696344][ T8656] netlink: 'syz.0.776': attribute type 10 has an invalid length. [ 152.745591][ T8658] netlink: 24 bytes leftover after parsing attributes in process `syz.3.775'. [ 152.777174][ T8656] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 152.785604][ T8656] batadv0: entered promiscuous mode [ 152.793518][ T8656] team0: Port device batadv0 added [ 152.805897][ T8566] team0: Port device team_slave_0 added [ 152.820822][ T8566] team0: Port device team_slave_1 added [ 152.911234][ T5834] Bluetooth: hci4: command tx timeout [ 154.995001][ T5834] Bluetooth: hci4: command tx timeout [ 155.142850][ T8566] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 155.149853][ T8566] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 155.188250][ T8566] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 155.209252][ T8693] openvswitch: netlink: IPv4 frag type 255 is out of range max 2 [ 155.222282][ T8693] netlink: 16 bytes leftover after parsing attributes in process `syz.3.785'. [ 155.227560][ T8566] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 155.253743][ T8566] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 155.311870][ T8566] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 155.348044][ T8700] netlink: 'syz.0.787': attribute type 10 has an invalid length. [ 155.580050][ T8566] hsr_slave_0: entered promiscuous mode [ 155.597581][ T8566] hsr_slave_1: entered promiscuous mode [ 155.610204][ T8566] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 155.618433][ T8566] Cannot create hsr debugfs directory [ 156.297214][ T8749] netlink: 'syz.2.804': attribute type 10 has an invalid length. [ 156.336212][ T8749] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 156.365711][ T8749] team0: Port device batadv0 added [ 156.704086][ T8566] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 156.722524][ T8756] netlink: 4 bytes leftover after parsing attributes in process `syz.2.806'. [ 156.735812][ T8756] netlink: 24 bytes leftover after parsing attributes in process `syz.2.806'. [ 156.745053][ T8756] tc_dump_action: action bad kind [ 156.755066][ T8757] netlink: 8 bytes leftover after parsing attributes in process `syz.3.807'. [ 156.781688][ T8566] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 156.796805][ T8758] netlink: 8 bytes leftover after parsing attributes in process `syz.3.807'. [ 156.807004][ T8756] netlink: 'syz.2.806': attribute type 1 has an invalid length. [ 156.817561][ T8756] netlink: 224 bytes leftover after parsing attributes in process `syz.2.806'. [ 156.827450][ T8566] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 156.867068][ T8566] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 157.007642][ T8757] lo speed is unknown, defaulting to 1000 [ 157.071934][ T5834] Bluetooth: hci4: command tx timeout [ 157.124822][ T8566] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.159314][ T8566] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.184393][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.191583][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.219794][ T8774] netlink: 12 bytes leftover after parsing attributes in process `syz.4.811'. [ 157.228964][ T8774] netlink: 20 bytes leftover after parsing attributes in process `syz.4.811'. [ 157.249420][ T76] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.256715][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.465994][ T8761] lo speed is unknown, defaulting to 1000 [ 157.624638][ T8785] netlink: 4 bytes leftover after parsing attributes in process `syz.4.814'. [ 157.747300][ T8566] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.845111][ T8789] lo speed is unknown, defaulting to 1000 [ 157.949048][ T8566] veth0_vlan: entered promiscuous mode [ 157.949955][ T8799] netlink: 164 bytes leftover after parsing attributes in process `syz.4.817'. [ 157.960329][ T8566] veth1_vlan: entered promiscuous mode [ 158.058986][ T8566] veth0_macvtap: entered promiscuous mode [ 158.084986][ T8566] veth1_macvtap: entered promiscuous mode [ 158.137474][ T8566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.173764][ T8566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.193023][ T8566] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 158.308277][ T8806] sch_tbf: burst 32855 is lower than device lo mtu (11337746) ! [ 158.482340][ T8566] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 158.513354][ T8566] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.535276][ T8566] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 158.630638][ T8566] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.641648][ T8566] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.650385][ T8566] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.678584][ T8566] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.892120][ T3014] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 158.907408][ T3014] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 158.977674][ T3014] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 158.991178][ T3014] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.539945][ T8842] netlink: 'syz.0.832': attribute type 10 has an invalid length. [ 159.607227][ T8843] lo speed is unknown, defaulting to 1000 [ 160.088613][ T8855] delete_channel: no stack [ 160.468598][ T8887] __nla_validate_parse: 8 callbacks suppressed [ 160.468619][ T8887] netlink: 8 bytes leftover after parsing attributes in process `syz.4.844'. [ 160.729477][ T8900] netlink: 384 bytes leftover after parsing attributes in process `syz.2.847'. [ 160.764258][ T8902] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 161.143772][ T8902] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 161.227505][ T8902] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 161.294436][ T8902] bond0: (slave netdevsim0): Releasing backup interface [ 161.304411][ T8902] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 161.377046][ T8902] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 161.390967][ T8902] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 161.410888][ T8902] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 161.448132][ T76] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.470114][ T8902] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 161.542928][ T76] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.654381][ T76] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.727068][ T76] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.797260][ T76] bridge_slave_1: left allmulticast mode [ 161.803209][ T76] bridge_slave_1: left promiscuous mode [ 161.808944][ T76] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.817480][ T76] bridge_slave_0: left allmulticast mode [ 161.823349][ T76] bridge_slave_0: left promiscuous mode [ 161.829032][ T76] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.370534][ T5146] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 162.389633][ T5146] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 162.399921][ T5146] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 162.408988][ T5146] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 162.429775][ T5146] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 162.446885][ T5146] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 162.469085][ T8943] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 162.637604][ T76] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 162.654908][ T76] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 162.668837][ T76] bond0 (unregistering): Released all slaves [ 162.731105][ T8932] vlan2: entered allmulticast mode [ 163.086129][ T76] hsr_slave_0: left promiscuous mode [ 163.092048][ T76] hsr_slave_1: left promiscuous mode [ 163.097842][ T76] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 163.105446][ T76] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 163.114058][ T76] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 163.121566][ T76] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 163.142237][ T76] veth1_macvtap: left promiscuous mode [ 163.147766][ T76] veth0_macvtap: left promiscuous mode [ 163.153702][ T76] veth1_vlan: left promiscuous mode [ 163.158998][ T76] veth0_vlan: left promiscuous mode [ 163.733493][ T76] team0 (unregistering): Port device team_slave_1 removed [ 163.911253][ T76] team0 (unregistering): Port device team_slave_0 removed [ 164.051259][ T5146] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 164.078338][ T5146] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 164.087310][ T5146] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 164.102987][ T5146] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 164.124074][ T5146] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 164.137766][ T5146] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 164.479139][ T8969] lo speed is unknown, defaulting to 1000 [ 164.652797][ T8981] netlink: 12 bytes leftover after parsing attributes in process `syz.0.867'. [ 164.736743][ T8981] bond2: entered promiscuous mode [ 164.765433][ T8981] bond2: entered allmulticast mode [ 164.788276][ T8978] lo speed is unknown, defaulting to 1000 [ 164.862302][ T8987] bond0: (slave team0): Releasing backup interface [ 164.930104][ T8987] team0: Port device batadv0 removed [ 164.938276][ T8987] bridge_slave_0: left allmulticast mode [ 164.951523][ T8987] bridge_slave_0: left promiscuous mode [ 164.967831][ T8987] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.997340][ T8987] bridge_slave_1: left allmulticast mode [ 165.003450][ T8987] bridge_slave_1: left promiscuous mode [ 165.009560][ T8987] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.022269][ T8987] bond0: (slave 5@ÿ): Releasing backup interface [ 165.035345][ T8987] bond0: (slave bond_slave_1): Releasing backup interface [ 165.052153][ T8987] team0: Port device team_slave_0 removed [ 165.065505][ T8987] team0: Port device team_slave_1 removed [ 165.073361][ T8987] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 165.081888][ T8987] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 165.091336][ T8987] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 165.101293][ T8987] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 165.134806][ T8992] vlan3: entered allmulticast mode [ 165.140145][ T8992] bond0: entered allmulticast mode [ 165.167070][ T8992] bridge0: port 1(vlan3) entered blocking state [ 165.178145][ T8992] bridge0: port 1(vlan3) entered disabled state [ 165.185773][ T8992] vlan3: entered promiscuous mode [ 165.191615][ T8992] bond0: entered promiscuous mode [ 165.199936][ T8991] lo speed is unknown, defaulting to 1000 [ 165.390000][ T9005] netlink: 12 bytes leftover after parsing attributes in process `syz.2.870'. [ 165.840140][ T8969] chnl_net:caif_netlink_parms(): no params data found [ 165.924628][ T9034] netlink: 4 bytes leftover after parsing attributes in process `syz.3.877'. [ 165.950533][ T9035] netlink: 4 bytes leftover after parsing attributes in process `syz.3.877'. [ 166.190959][ T5146] Bluetooth: hci4: command tx timeout [ 166.357079][ T9041] netlink: 4 bytes leftover after parsing attributes in process `syz.2.879'. [ 166.396087][ T8969] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.419427][ T8969] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.446615][ T8969] bridge_slave_0: entered allmulticast mode [ 166.469167][ T9061] netlink: 332 bytes leftover after parsing attributes in process `syz.4.882'. [ 166.469752][ T8969] bridge_slave_0: entered promiscuous mode [ 166.479794][ T9061] netlink: 104 bytes leftover after parsing attributes in process `syz.4.882'. [ 166.491620][ T9041] vlan3: left promiscuous mode [ 166.498789][ T9061] netlink: 32 bytes leftover after parsing attributes in process `syz.4.882'. [ 166.498821][ T9041] bond0: left promiscuous mode [ 166.515460][ T9041] bridge0: port 1(vlan3) entered disabled state [ 166.652507][ T8969] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.660658][ T8969] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.668143][ T8969] bridge_slave_1: entered allmulticast mode [ 166.675507][ T8969] bridge_slave_1: entered promiscuous mode [ 166.734704][ T8969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 166.747966][ T8969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 166.833744][ T8969] team0: Port device team_slave_0 added [ 166.862677][ T8969] team0: Port device team_slave_1 added [ 166.956338][ T8969] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 166.969163][ T9079] x_tables: duplicate underflow at hook 1 [ 166.971716][ T8969] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.019006][ T8969] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 167.066252][ T8969] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 167.086208][ T8969] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.155456][ T8969] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 167.171126][ T9085] netlink: 'syz.3.890': attribute type 10 has an invalid length. [ 167.255963][ T8969] hsr_slave_0: entered promiscuous mode [ 167.271544][ T8969] hsr_slave_1: entered promiscuous mode [ 167.278065][ T8969] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 167.300891][ T8969] Cannot create hsr debugfs directory [ 167.377478][ T9102] netlink: 12 bytes leftover after parsing attributes in process `syz.4.893'. [ 167.386734][ T9102] netlink: 112 bytes leftover after parsing attributes in process `syz.4.893'. [ 167.455301][ T9102] netlink: 12 bytes leftover after parsing attributes in process `syz.4.893'. [ 167.519481][ T9108] netlink: 4 bytes leftover after parsing attributes in process `syz.2.896'. [ 167.536226][ T9093] infiniband syz1: set down [ 167.542932][ T9093] infiniband syz1: added team_slave_0 [ 167.687141][ T9093] RDS/IB: syz1: added [ 167.700020][ T9093] smc: adding ib device syz1 with port count 1 [ 167.724589][ T9093] smc: ib device syz1 port 1 has pnetid [ 168.270896][ T5146] Bluetooth: hci4: command tx timeout [ 168.329164][ T8969] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 168.356488][ T8969] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 168.390149][ T8969] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 168.420163][ T8969] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 168.545728][ T9150] ax25_connect(): syz.2.907 uses autobind, please contact jreuter@yaina.de [ 168.675579][ T8969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.725138][ T8969] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.753869][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.761048][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.788761][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.795978][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.832865][ T9164] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 168.927135][ T9165] lo speed is unknown, defaulting to 1000 [ 168.989215][ T8969] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 169.502238][ T8969] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 169.531262][ T9195] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 169.783059][ T8969] veth0_vlan: entered promiscuous mode [ 169.835320][ T8969] veth1_vlan: entered promiscuous mode [ 170.015838][ T8969] veth0_macvtap: entered promiscuous mode [ 170.152263][ T9217] pimreg: entered allmulticast mode [ 170.193548][ T8969] veth1_macvtap: entered promiscuous mode [ 170.248366][ T9218] : renamed from bond0 (while UP) [ 170.298072][ T8969] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 170.352426][ T5146] Bluetooth: hci4: command tx timeout [ 170.357510][ T9229] netlink: 'syz.4.930': attribute type 18 has an invalid length. [ 170.381625][ T9232] netlink: 'syz.2.928': attribute type 1 has an invalid length. [ 170.501962][ T8969] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 170.546038][ T8969] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 170.572183][ T8969] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 170.581203][ T8969] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 170.590010][ T8969] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 170.739176][ T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 170.757338][ T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 170.796329][ T3014] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 170.816111][ T3014] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 171.380431][ T9284] __nla_validate_parse: 6 callbacks suppressed [ 171.380450][ T9284] netlink: 60 bytes leftover after parsing attributes in process `syz.4.945'. [ 171.498727][ T9290] pim6reg1: entered promiscuous mode [ 171.505608][ T9290] pim6reg1: entered allmulticast mode [ 171.583404][ T9293] netlink: 20 bytes leftover after parsing attributes in process `syz.2.949'. [ 171.760388][ T2963] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.916303][ T2963] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.141282][ T2963] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.209596][ T2963] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.299939][ T2963] bridge_slave_1: left allmulticast mode [ 172.306707][ T2963] bridge_slave_1: left promiscuous mode [ 172.312593][ T2963] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.321392][ T2963] bridge_slave_0: left allmulticast mode [ 172.327049][ T2963] bridge_slave_0: left promiscuous mode [ 172.332925][ T2963] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.707207][ T2963] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 172.718266][ T2963] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 172.730773][ T2963] bond0 (unregistering): Released all slaves [ 172.888855][ T9317] netlink: 'syz.3.955': attribute type 10 has an invalid length. [ 173.415621][ T9339] lo speed is unknown, defaulting to 1000 [ 173.453478][ T5834] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 173.464289][ T9348] netlink: 44 bytes leftover after parsing attributes in process `syz.2.963'. [ 173.473815][ T5834] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 173.482617][ T5834] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 173.502007][ T5834] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 173.510656][ T5834] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 173.521229][ T5834] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 173.573585][ T2963] hsr_slave_0: left promiscuous mode [ 173.583307][ T9350] netlink: 17 bytes leftover after parsing attributes in process `syz.4.964'. [ 173.590766][ T2963] hsr_slave_1: left promiscuous mode [ 173.607498][ T2963] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 173.619727][ T2963] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 173.628491][ T9350] netlink: zone id is out of range [ 173.634858][ T2963] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 173.642788][ T2963] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 173.650041][ T9350] netlink: zone id is out of range [ 173.655305][ T9350] netlink: zone id is out of range [ 173.660558][ T9350] netlink: zone id is out of range [ 173.665774][ T9350] netlink: zone id is out of range [ 173.671457][ T9350] netlink: zone id is out of range [ 173.676616][ T9350] netlink: zone id is out of range [ 173.681890][ T9350] netlink: zone id is out of range [ 173.687066][ T9350] netlink: zone id is out of range [ 173.738779][ T2963] veth1_macvtap: left promiscuous mode [ 173.744982][ T2963] veth0_macvtap: left promiscuous mode [ 173.751072][ T2963] veth1_vlan: left promiscuous mode [ 173.756575][ T2963] veth0_vlan: left promiscuous mode [ 174.205708][ T2963] team0 (unregistering): Port device team_slave_1 removed [ 174.248450][ T2963] team0 (unregistering): Port device team_slave_0 removed [ 174.829247][ T9348] bond0: left allmulticast mode [ 175.326202][ T9348] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.336524][ T9348] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.345238][ T9348] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.353719][ T9348] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.391705][ T9348] hsr0: left promiscuous mode [ 175.491495][ T9355] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.504189][ T9355] bond0: entered allmulticast mode [ 175.511046][ T9355] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.527144][ T9355] net_ratelimit: 76 callbacks suppressed [ 175.527150][ T9355] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 175.584790][ T974] lo speed is unknown, defaulting to 1000 [ 175.622368][ T9359] lo speed is unknown, defaulting to 1000 [ 175.631816][ T5146] Bluetooth: hci4: command tx timeout [ 175.655716][ T9345] lo speed is unknown, defaulting to 1000 [ 175.676237][ T974] lo speed is unknown, defaulting to 1000 [ 175.979418][ T9377] netlink: 'syz.0.969': attribute type 10 has an invalid length. [ 176.279727][ T9382] netlink: 'syz.4.968': attribute type 16 has an invalid length. [ 176.333281][ T9382] netlink: 'syz.4.968': attribute type 17 has an invalid length. [ 176.409659][ T9382] tipc: Resetting bearer [ 176.486497][ T9382] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 176.659184][ T9396] netlink: 'syz.0.975': attribute type 4 has an invalid length. [ 176.669030][ T9396] netlink: 'syz.0.975': attribute type 4 has an invalid length. [ 176.676930][ T9396] netlink: 'syz.0.975': attribute type 4 has an invalid length. [ 176.686335][ T9396] netlink: 'syz.0.975': attribute type 4 has an invalid length. [ 176.695020][ T9396] netlink: 'syz.0.975': attribute type 4 has an invalid length. [ 176.705981][ T9396] netlink: 'syz.0.975': attribute type 4 has an invalid length. [ 176.786800][ T9345] chnl_net:caif_netlink_parms(): no params data found [ 176.902055][ T9410] ieee802154 phy0 wpan0: encryption failed: -22 [ 176.910646][ T9404] netlink: 8 bytes leftover after parsing attributes in process `syz.0.977'. [ 176.977081][ T9345] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.989475][ T9345] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.018563][ T9345] bridge_slave_0: entered allmulticast mode [ 177.046662][ T9345] bridge_slave_0: entered promiscuous mode [ 177.062898][ T9345] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.092116][ T9345] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.099414][ T9345] bridge_slave_1: entered allmulticast mode [ 177.109565][ T9345] bridge_slave_1: entered promiscuous mode [ 177.189111][ T9345] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 177.203193][ T9345] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 177.280950][ T9412] lo speed is unknown, defaulting to 1000 [ 177.285010][ T9421] netlink: 8 bytes leftover after parsing attributes in process `syz.0.982'. [ 177.312510][ T9345] team0: Port device team_slave_0 added [ 177.324003][ T9421] netlink: 8 bytes leftover after parsing attributes in process `syz.0.982'. [ 177.343862][ T9345] team0: Port device team_slave_1 added [ 177.410288][ T9345] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 177.417571][ T9345] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 177.461001][ T9345] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 177.485655][ T9425] ip6tnl1: entered promiscuous mode [ 177.491545][ T9425] ip6tnl1: entered allmulticast mode [ 177.498346][ T9345] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 177.505548][ T9345] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 177.578881][ T9345] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 177.711569][ T5146] Bluetooth: hci4: command tx timeout [ 177.733497][ T9433] netlink: 8 bytes leftover after parsing attributes in process `syz.4.985'. [ 177.967384][ T9345] hsr_slave_0: entered promiscuous mode [ 177.986077][ T9345] hsr_slave_1: entered promiscuous mode [ 177.999621][ T9345] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 178.016209][ T9345] Cannot create hsr debugfs directory [ 178.462597][ T9444] netlink: 28 bytes leftover after parsing attributes in process `syz.4.988'. [ 178.480927][ T9444] netlink: 28 bytes leftover after parsing attributes in process `syz.4.988'. [ 178.691011][ T9463] validate_nla: 14 callbacks suppressed [ 178.691032][ T9463] netlink: 'syz.2.992': attribute type 10 has an invalid length. [ 178.765997][ T9463] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 178.803536][ T9463] team0: Port device batadv0 added [ 179.064197][ T9478] lo speed is unknown, defaulting to 1000 [ 179.201324][ T9345] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 179.211840][ T9481] netlink: 28 bytes leftover after parsing attributes in process `syz.4.996'. [ 179.244431][ T9345] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 179.263059][ T9481] netlink: 28 bytes leftover after parsing attributes in process `syz.4.996'. [ 179.272573][ T9345] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 179.287448][ T9345] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 179.323092][ T9486] netlink: 28 bytes leftover after parsing attributes in process `syz.3.997'. [ 179.384765][ T9486] netlink: 28 bytes leftover after parsing attributes in process `syz.3.997'. [ 179.434318][ T9345] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.475684][ T9345] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.497100][ T2963] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.504344][ T2963] bridge0: port 1(bridge_slave_0) entered forwarding state [ 179.564355][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.571569][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 179.791403][ T55] Bluetooth: hci4: command tx timeout [ 179.983414][ T9507] netlink: 'syz.0.1004': attribute type 10 has an invalid length. [ 180.069937][ T9345] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 180.137438][ T9345] veth0_vlan: entered promiscuous mode [ 180.249273][ T9345] veth1_vlan: entered promiscuous mode [ 180.336583][ T9345] veth0_macvtap: entered promiscuous mode [ 180.379004][ T9345] veth1_macvtap: entered promiscuous mode [ 180.415557][ T9345] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 180.457872][ T9345] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 180.486488][ T9345] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.520834][ T9345] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.531561][ T9534] SET target dimension over the limit! [ 180.554662][ T9345] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.576181][ T9345] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.838622][ T9546] Bluetooth: MGMT ver 1.23 [ 180.858539][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 180.877059][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 180.960406][ T2963] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 180.984108][ T9549] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 181.003401][ T2963] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 181.102648][ T9556] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 181.372405][ T9563] netlink: 'syz.4.1024': attribute type 1 has an invalid length. [ 181.394744][ T55] Bluetooth: hci0: command 0x0406 tx timeout [ 181.401368][ T55] Bluetooth: hci3: command 0x0405 tx timeout [ 181.409220][ T55] Bluetooth: hci1: command 0x0406 tx timeout [ 181.415517][ T5842] Bluetooth: hci2: command 0x0406 tx timeout [ 181.658814][ T9571] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 181.697490][ T9561] netlink: 'syz.0.1023': attribute type 9 has an invalid length. [ 181.742799][ T9561] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0 [ 181.776440][ T9573] can: request_module (can-proto-3) failed. [ 181.807405][ T9579] netlink: 'syz.4.1029': attribute type 10 has an invalid length. [ 182.061477][ T9586] __nla_validate_parse: 6 callbacks suppressed [ 182.061495][ T9586] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1032'. [ 182.062755][ T9588] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 182.167562][ T9593] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 182.176282][ T9593] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1035'. [ 182.178637][ T9594] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1036'. [ 182.337293][ T9604] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 182.368249][ T9602] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 182.489199][ T9609] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 182.592366][ T5880] IPVS: starting estimator thread 0... [ 182.618770][ T9611] syzkaller1: entered promiscuous mode [ 182.625353][ T9611] syzkaller1: entered allmulticast mode [ 182.649866][ T9615] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1041'. [ 182.701716][ T9613] IPVS: using max 25 ests per chain, 60000 per kthread [ 182.711993][ T9618] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1041'. [ 182.830022][ T9620] netlink: 9 bytes leftover after parsing attributes in process `syz.4.1044'. [ 182.852249][ T9620] gretap0: entered promiscuous mode [ 183.038891][ T9634] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1050'. [ 183.136131][ T9638] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 183.169434][ T9638] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1052'. [ 183.244473][ T9641] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 183.256819][ T9639] syzkaller0: entered promiscuous mode [ 183.283174][ T9639] syzkaller0: entered allmulticast mode [ 183.570500][ T76] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.711608][ T5841] Bluetooth: hci3: command 0x0405 tx timeout [ 184.921562][ T5146] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 184.941587][ T5146] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 184.954316][ T5146] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 184.964079][ T5146] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 184.980483][ T5146] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 184.988161][ T5146] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 186.055991][ T76] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.083657][ T9654] vcan1: entered allmulticast mode [ 186.093840][ T9653] lo speed is unknown, defaulting to 1000 [ 186.239049][ T76] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.271707][ T9667] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1057'. [ 186.282007][ T9667] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1057'. [ 186.291675][ T9658] lo speed is unknown, defaulting to 1000 [ 186.382486][ T76] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.586729][ T76] bridge_slave_1: left allmulticast mode [ 186.592864][ T76] bridge_slave_1: left promiscuous mode [ 186.598655][ T76] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.640374][ T76] bridge_slave_0: left allmulticast mode [ 186.649989][ T9679] xt_connbytes: Forcing CT accounting to be enabled [ 186.653927][ T76] bridge_slave_0: left promiscuous mode [ 186.667816][ T76] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.681299][ T9679] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'nat' [ 187.001710][ T5146] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 187.017461][ T5146] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 187.027546][ T5146] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 187.041786][ T5146] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 187.054400][ T5146] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 187.062078][ T5146] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 187.073518][ T5146] Bluetooth: hci4: command tx timeout [ 187.261075][ T76] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 187.272278][ T76] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 187.283513][ T76] bond0 (unregistering): Released all slaves [ 187.384273][ T9686] lo speed is unknown, defaulting to 1000 [ 187.490868][ T9692] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 187.659642][ T9696] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 187.698036][ T9696] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1065'. [ 187.764538][ T9658] chnl_net:caif_netlink_parms(): no params data found [ 188.143611][ T9658] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.168874][ T9658] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.176660][ T9658] bridge_slave_0: entered allmulticast mode [ 188.199365][ T9658] bridge_slave_0: entered promiscuous mode [ 188.226253][ T9658] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.249277][ T9658] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.269813][ T9658] bridge_slave_1: entered allmulticast mode [ 188.280602][ T9658] bridge_slave_1: entered promiscuous mode [ 188.324661][ T76] hsr_slave_0: left promiscuous mode [ 188.334105][ T76] hsr_slave_1: left promiscuous mode [ 188.343329][ T76] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 188.354542][ T76] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 188.365883][ T76] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 188.376962][ T76] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 188.423446][ T76] veth1_macvtap: left promiscuous mode [ 188.429167][ T76] veth0_macvtap: left promiscuous mode [ 188.436857][ T76] veth1_vlan: left promiscuous mode [ 188.442454][ T76] veth0_vlan: left promiscuous mode [ 188.755709][ T9715] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1068'. [ 188.936078][ T76] team0 (unregistering): Port device team_slave_1 removed [ 188.979450][ T76] team0 (unregistering): Port device team_slave_0 removed [ 189.155337][ T5146] Bluetooth: hci4: command tx timeout [ 189.161136][ T5841] Bluetooth: hci1: command tx timeout [ 189.450635][ T9715] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1068'. [ 189.500564][ T9658] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 189.549642][ T9658] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 189.765344][ T9725] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1071'. [ 189.835912][ T9658] team0: Port device team_slave_0 added [ 189.863220][ T9658] team0: Port device team_slave_1 added [ 190.037328][ T9686] chnl_net:caif_netlink_parms(): no params data found [ 190.075389][ T9658] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 190.087002][ T9658] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.114943][ T9658] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 190.199702][ T9658] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 190.210795][ T9658] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.228339][ T9749] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 190.271060][ T9658] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 190.411756][ T9742] lo speed is unknown, defaulting to 1000 [ 190.492725][ T9686] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.501701][ T9686] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.508954][ T9686] bridge_slave_0: entered allmulticast mode [ 190.521758][ T9755] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 190.532557][ T9755] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1077'. [ 190.552146][ T9686] bridge_slave_0: entered promiscuous mode [ 190.573228][ T9658] hsr_slave_0: entered promiscuous mode [ 190.579666][ T9658] hsr_slave_1: entered promiscuous mode [ 190.603387][ T9658] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 190.619094][ T9658] Cannot create hsr debugfs directory [ 190.635939][ T9686] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.645101][ T9686] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.661157][ T9686] bridge_slave_1: entered allmulticast mode [ 190.668283][ T9686] bridge_slave_1: entered promiscuous mode [ 190.693091][ T76] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 190.986517][ T76] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 191.048755][ T9686] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 191.093060][ T9773] netlink: 'syz.0.1081': attribute type 10 has an invalid length. [ 191.111293][ T76] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 191.136110][ T9686] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.173183][ T76] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 191.226447][ T9686] team0: Port device team_slave_0 added [ 191.240515][ T5146] Bluetooth: hci1: command tx timeout [ 191.240525][ T5841] Bluetooth: hci4: command tx timeout [ 191.259089][ T9686] team0: Port device team_slave_1 added [ 191.347353][ T9686] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 191.371053][ T9686] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.405191][ T9686] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 191.423346][ T9686] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 191.432070][ T9686] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.459264][ T9686] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 192.104046][ T9686] hsr_slave_0: entered promiscuous mode [ 192.111859][ T9686] hsr_slave_1: entered promiscuous mode [ 192.124476][ T9686] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 192.140809][ T9686] Cannot create hsr debugfs directory [ 192.178623][ T9799] can: request_module (can-proto-5) failed. [ 192.200830][ T9789] lo speed is unknown, defaulting to 1000 [ 192.314774][ T76] bridge_slave_1: left allmulticast mode [ 192.320475][ T76] bridge_slave_1: left promiscuous mode [ 192.340016][ T76] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.361425][ T76] bridge_slave_0: left allmulticast mode [ 192.367212][ T76] bridge_slave_0: left promiscuous mode [ 192.373038][ T76] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.655279][ T76] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 192.665190][ T76] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 192.674587][ T76] bond0 (unregistering): Released all slaves [ 192.708950][ T9783] lo speed is unknown, defaulting to 1000 [ 192.806945][ T76] tipc: Left network mode [ 192.932009][ T9809] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 193.264180][ T9814] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1090'. [ 193.273773][ T9814] openvswitch: netlink: Flow actions attr not present in new flow. [ 193.318483][ T5146] Bluetooth: hci1: command tx timeout [ 193.318798][ T5841] Bluetooth: hci4: command tx timeout [ 193.347688][ T9820] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 193.371781][ T9820] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1091'. [ 193.705961][ T76] team0: left promiscuous mode [ 193.711010][ T76] team_slave_0: left promiscuous mode [ 193.716952][ T76] team_slave_1: left promiscuous mode [ 193.756263][ T76] hsr_slave_0: left promiscuous mode [ 193.774854][ T76] hsr_slave_1: left promiscuous mode [ 193.794310][ T76] veth0_to_batadv: left allmulticast mode [ 194.307827][ T76] team0 (unregistering): Port device team_slave_1 removed [ 194.358718][ T76] team0 (unregistering): Port device team_slave_0 removed [ 194.368886][ T11] smc: removing ib device syz1 [ 194.688728][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.788646][ T9826] ip6gretap0: entered promiscuous mode [ 194.799298][ T9826] batadv_slave_1: entered promiscuous mode [ 194.843429][ T9828] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 194.861257][ T5760] lo speed is unknown, defaulting to 1000 [ 194.885222][ T5760] lo speed is unknown, defaulting to 1000 [ 195.001633][ T9830] tipc: Enabled bearer , priority 0 [ 195.127372][ T9686] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 195.203495][ T9686] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 195.274966][ T9686] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 195.353907][ T9686] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 195.391025][ T5841] Bluetooth: hci1: command tx timeout [ 195.567236][ T9658] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 195.624501][ T9658] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 195.737261][ T9658] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 195.775394][ T9658] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 195.819498][ T9829] tipc: Disabling bearer [ 195.851839][ T9852] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 196.158642][ T9863] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 196.178928][ T9863] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1104'. [ 196.227015][ T9686] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.355735][ T9686] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.362764][ T9866] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1105'. [ 196.372807][ T9866] sctp: [Deprecated]: syz.2.1105 (pid 9866) Use of struct sctp_assoc_value in delayed_ack socket option. [ 196.372807][ T9866] Use struct sctp_sack_info instead [ 196.426716][ T9658] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.478853][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.486155][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.523723][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.530917][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.588065][ T9872] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1108'. [ 196.604631][ T9658] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.624354][ T9872] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1108'. [ 196.652897][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.660034][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.720384][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.727613][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.788058][ T9875] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1109'. [ 197.224558][ T9686] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 197.275386][ T9658] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 197.377643][ T9686] veth0_vlan: entered promiscuous mode [ 197.385058][ T9894] x_tables: duplicate underflow at hook 3 [ 197.404066][ T9686] veth1_vlan: entered promiscuous mode [ 197.416352][ T9658] veth0_vlan: entered promiscuous mode [ 197.422643][ T9893] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1111'. [ 197.428680][ T9658] veth1_vlan: entered promiscuous mode [ 197.579998][ T9658] veth0_macvtap: entered promiscuous mode [ 197.638081][ T9658] veth1_macvtap: entered promiscuous mode [ 197.665753][ T9897] lo speed is unknown, defaulting to 1000 [ 197.666402][ T9686] veth0_macvtap: entered promiscuous mode [ 197.715674][ T9686] veth1_macvtap: entered promiscuous mode [ 197.745883][ T9658] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 197.779053][ T9658] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 197.794604][ T9658] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.804852][ T9658] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.814135][ T9658] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.823616][ T9658] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.876638][ T9686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 197.906975][ T9686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.921684][ T9686] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 197.932062][ T9686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 197.965263][ T9686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.992430][ T9686] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 198.064749][ T9686] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.076501][ T9686] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.085459][ T9686] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.094420][ T9686] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.112636][ T9912] lo speed is unknown, defaulting to 1000 [ 198.225463][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.235693][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.330435][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.371010][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.389459][ T2963] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.400089][ T2963] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.604758][ T2963] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.617839][ T2963] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 199.005486][ T9929] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1125'. [ 199.026439][ T9929] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1125'. [ 199.104702][ T9929] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22 [ 199.115069][ T9929] netdevsim netdevsim0: Direct firmware load for . failed with error -22 [ 199.126355][ T9929] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 199.165753][ T9932] lo speed is unknown, defaulting to 1000 [ 199.264296][ T62] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.304527][ T5146] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 199.321019][ T5146] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 199.332545][ T5146] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 199.341861][ T5146] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 199.351038][ T5146] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 199.360164][ T5146] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 199.377966][ T62] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.560367][ T62] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.685527][ T9934] lo speed is unknown, defaulting to 1000 [ 199.706193][ T62] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.014908][ T62] tipc: Resetting bearer [ 200.056227][ T5841] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 200.066972][ T5841] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 200.075377][ T5841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 200.098792][ T5841] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 200.118418][ T5841] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 200.126054][ T5841] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 200.208800][ T62] ip6gretap0 (unregistering): left promiscuous mode [ 200.620433][ T62] tipc: Disabling bearer [ 200.627435][ T62] bond0 (unregistering): Released all slaves [ 200.637144][ T62] bond1 (unregistering): Released all slaves [ 200.648332][ T62] bond2 (unregistering): Released all slaves [ 200.799017][ T62] bond3 (unregistering): (slave veth3): Releasing active interface [ 200.809849][ T62] bond3 (unregistering): Released all slaves [ 200.820438][ T62] bond4 (unregistering): Released all slaves [ 200.897523][ T9938] lo speed is unknown, defaulting to 1000 [ 200.927925][ T62] tipc: Left network mode [ 200.972836][ T62] IPVS: stopping backup sync thread 7903 ... [ 201.380296][ T9934] chnl_net:caif_netlink_parms(): no params data found [ 201.392738][ T5146] Bluetooth: hci1: command tx timeout [ 201.410160][ T9954] netlink: 124 bytes leftover after parsing attributes in process `syz.2.1129'. [ 201.446614][ T5841] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 201.465641][ T5841] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 201.485860][ T5841] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 201.501706][ T5841] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 201.509495][ T5841] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 201.518458][ T5841] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 201.640099][ T9964] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1131'. [ 201.716727][ T9966] x_tables: duplicate underflow at hook 2 [ 201.750787][ T9966] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1130'. [ 201.776130][ T62] batadv_slave_1: left promiscuous mode [ 201.783996][ T62] hsr_slave_0: left promiscuous mode [ 201.790059][ T62] hsr_slave_1: left promiscuous mode [ 201.808645][ T62] veth1_macvtap: left promiscuous mode [ 201.814496][ T62] veth0_macvtap: left promiscuous mode [ 201.897967][ T62] pimreg (unregistering): left allmulticast mode [ 201.920512][ T62] pim6reg (unregistering): left allmulticast mode [ 202.191331][ T5841] Bluetooth: hci2: command tx timeout [ 202.724878][ T9956] lo speed is unknown, defaulting to 1000 [ 202.931690][ T9938] chnl_net:caif_netlink_parms(): no params data found [ 202.949878][ T9934] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.969451][ T9934] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.977160][ T9934] bridge_slave_0: entered allmulticast mode [ 202.984532][ T9934] bridge_slave_0: entered promiscuous mode [ 203.022404][ T9984] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1136'. [ 203.035522][ T9934] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.039678][ T9984] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1136'. [ 203.043581][ T9934] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.060500][ T9934] bridge_slave_1: entered allmulticast mode [ 203.067920][ T9934] bridge_slave_1: entered promiscuous mode [ 203.201201][ T9986] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1138'. [ 203.212357][ T9934] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 203.254949][ T9934] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 203.355186][ T9934] team0: Port device team_slave_0 added [ 203.365705][ T9938] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.375777][ T9938] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.385834][ T9938] bridge_slave_0: entered allmulticast mode [ 203.403318][ T9938] bridge_slave_0: entered promiscuous mode [ 203.413528][ T9938] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.422322][ T9938] bridge0: port 2(bridge_slave_1) entered disabled state [ 203.430298][ T9938] bridge_slave_1: entered allmulticast mode [ 203.445973][ T9938] bridge_slave_1: entered promiscuous mode [ 203.462505][ T9934] team0: Port device team_slave_1 added [ 203.471040][ T5841] Bluetooth: hci1: command tx timeout [ 203.499931][ T62] IPVS: stop unused estimator thread 0... [ 203.546918][ T9934] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 203.560780][ T9934] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 203.596125][ T9934] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 203.631575][ T5841] Bluetooth: hci4: command tx timeout [ 203.657152][ T9934] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 203.664822][ T9934] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 203.691260][ T9934] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 203.707929][ T9938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 203.719934][ T9938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 203.856062][ T9938] team0: Port device team_slave_0 added [ 203.874177][ T9938] team0: Port device team_slave_1 added [ 203.910517][ T9956] chnl_net:caif_netlink_parms(): no params data found [ 203.945483][ T9938] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 203.954855][ T9938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 203.982880][ T9938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 204.016200][ T9938] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 204.035011][ T9938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 204.091655][ T9938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 204.133978][ T9934] hsr_slave_0: entered promiscuous mode [ 204.134608][T10011] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 204.150407][ T9934] hsr_slave_1: entered promiscuous mode [ 204.257532][ T62] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.271020][ T5841] Bluetooth: hci2: command tx timeout [ 204.284100][ T9938] hsr_slave_0: entered promiscuous mode [ 204.290421][ T9938] hsr_slave_1: entered promiscuous mode [ 204.297339][ T9938] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 204.307027][ T9938] Cannot create hsr debugfs directory [ 204.374347][ T62] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.454814][ T9956] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.464425][ T9956] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.472097][ T9956] bridge_slave_0: entered allmulticast mode [ 204.478766][ T9956] bridge_slave_0: entered promiscuous mode [ 204.558890][ T62] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.632813][ T9956] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.641019][ T9956] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.648418][ T9956] bridge_slave_1: entered allmulticast mode [ 204.655774][ T9956] bridge_slave_1: entered promiscuous mode [ 204.702604][ T62] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 204.747132][T10026] netlink: 188 bytes leftover after parsing attributes in process `syz.0.1148'. [ 204.816345][ T9956] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 204.932067][ T9956] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 205.083553][ T9956] team0: Port device team_slave_0 added [ 205.133413][ T9956] team0: Port device team_slave_1 added [ 205.216184][ T62] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.263142][ T9956] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 205.281260][ T9956] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 205.326649][ T9956] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 205.339882][T10046] FAULT_INJECTION: forcing a failure. [ 205.339882][T10046] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 205.357618][T10046] CPU: 0 UID: 0 PID: 10046 Comm: syz.0.1154 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0 [ 205.357643][T10046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 205.357653][T10046] Call Trace: [ 205.357669][T10046] [ 205.357677][T10046] dump_stack_lvl+0x241/0x360 [ 205.357715][T10046] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.357732][T10046] ? __pfx__printk+0x10/0x10 [ 205.357750][T10046] ? __pfx_lock_release+0x10/0x10 [ 205.357893][T10046] ? vfs_write+0x7fa/0xd10 [ 205.357918][T10046] should_fail_ex+0x40a/0x550 [ 205.357947][T10046] _copy_from_user+0x2d/0xb0 [ 205.357967][T10046] move_addr_to_kernel+0x82/0x150 [ 205.357990][T10046] __sys_connect+0xb6/0x2d0 [ 205.358014][T10046] ? __pfx___sys_connect+0x10/0x10 [ 205.358059][T10046] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 205.358085][T10046] ? do_syscall_64+0x100/0x230 [ 205.358110][T10046] __x64_sys_connect+0x7a/0x90 [ 205.358133][T10046] do_syscall_64+0xf3/0x230 [ 205.358157][T10046] ? clear_bhb_loop+0x35/0x90 [ 205.358182][T10046] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.358203][T10046] RIP: 0033:0x7fb85dd8d169 [ 205.358228][T10046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.358242][T10046] RSP: 002b:00007fb85ebf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 205.358271][T10046] RAX: ffffffffffffffda RBX: 00007fb85dfa5fa0 RCX: 00007fb85dd8d169 [ 205.358284][T10046] RDX: 000000000000006e RSI: 0000400000000180 RDI: 0000000000000003 [ 205.358294][T10046] RBP: 00007fb85ebf6090 R08: 0000000000000000 R09: 0000000000000000 [ 205.358306][T10046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 205.358319][T10046] R13: 0000000000000000 R14: 00007fb85dfa5fa0 R15: 00007ffd096000e8 [ 205.358347][T10046] [ 205.561066][ T5841] Bluetooth: hci1: command tx timeout [ 205.562001][ T62] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.591092][ T9956] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 205.598095][ T9956] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 205.624357][ T9956] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 205.644170][T10048] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 205.705823][ T9956] hsr_slave_0: entered promiscuous mode [ 205.711927][ T5841] Bluetooth: hci4: command tx timeout [ 205.718295][ T9956] hsr_slave_1: entered promiscuous mode [ 205.727190][ T9956] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 205.735118][ T9956] Cannot create hsr debugfs directory [ 205.759196][ T62] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.905849][ T62] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.145699][T10070] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1161'. [ 206.195927][ T62] bridge_slave_1: left allmulticast mode [ 206.212189][ T62] bridge_slave_1: left promiscuous mode [ 206.218436][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.250203][ T62] bridge_slave_0: left allmulticast mode [ 206.265752][ T62] bridge_slave_0: left promiscuous mode [ 206.271947][T10076] FAULT_INJECTION: forcing a failure. [ 206.271947][T10076] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 206.276592][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.285689][T10076] CPU: 0 UID: 0 PID: 10076 Comm: syz.2.1164 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0 [ 206.285715][T10076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 206.285726][T10076] Call Trace: [ 206.285732][T10076] [ 206.285739][T10076] dump_stack_lvl+0x241/0x360 [ 206.285765][T10076] ? __pfx_dump_stack_lvl+0x10/0x10 [ 206.285782][T10076] ? __pfx__printk+0x10/0x10 [ 206.285803][T10076] ? snprintf+0xda/0x120 [ 206.285826][T10076] should_fail_ex+0x40a/0x550 [ 206.285851][T10076] _copy_to_user+0x31/0xb0 [ 206.285872][T10076] simple_read_from_buffer+0xca/0x150 [ 206.285895][T10076] proc_fail_nth_read+0x1e9/0x250 [ 206.285918][T10076] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 206.285940][T10076] ? rw_verify_area+0x243/0x630 [ 206.285955][T10076] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 206.285977][T10076] vfs_read+0x1f8/0xb40 [ 206.285992][T10076] ? do_sock_setsockopt+0x3e2/0x720 [ 206.286010][T10076] ? do_sock_setsockopt+0x3e2/0x720 [ 206.286027][T10076] ? __pfx_vfs_read+0x10/0x10 [ 206.286045][T10076] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 206.286065][T10076] ? do_sock_setsockopt+0x3e2/0x720 [ 206.286085][T10076] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 206.286108][T10076] ksys_read+0x18f/0x2b0 [ 206.286125][T10076] ? __pfx_ksys_read+0x10/0x10 [ 206.286142][T10076] ? do_syscall_64+0x100/0x230 [ 206.286162][T10076] ? do_syscall_64+0xb6/0x230 [ 206.286181][T10076] do_syscall_64+0xf3/0x230 [ 206.286199][T10076] ? clear_bhb_loop+0x35/0x90 [ 206.286222][T10076] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.286241][T10076] RIP: 0033:0x7f58e898bb7c [ 206.286255][T10076] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 206.286269][T10076] RSP: 002b:00007f58e972a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 206.286286][T10076] RAX: ffffffffffffffda RBX: 00007f58e8ba5fa0 RCX: 00007f58e898bb7c [ 206.286298][T10076] RDX: 000000000000000f RSI: 00007f58e972a0a0 RDI: 0000000000000004 [ 206.286308][T10076] RBP: 00007f58e972a090 R08: 0000000000000000 R09: 0000000000000000 [ 206.286318][T10076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 206.286327][T10076] R13: 0000000000000000 R14: 00007f58e8ba5fa0 R15: 00007fff6c4048f8 [ 206.286352][T10076] [ 206.360822][ T5841] Bluetooth: hci2: command tx timeout [ 206.533945][ T62] bridge_slave_1: left allmulticast mode [ 206.539658][ T62] bridge_slave_1: left promiscuous mode [ 206.547109][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.553644][T10086] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 206.568307][ T62] bridge_slave_0: left allmulticast mode [ 206.574290][ T62] bridge_slave_0: left promiscuous mode [ 206.579999][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.216820][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 207.228806][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 207.239562][ T62] bond0 (unregistering): Released all slaves [ 207.379547][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 207.390140][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 207.400165][ T62] bond0 (unregistering): Released all slaves [ 207.417185][T10074] lo: left promiscuous mode [ 207.439504][T10074] tunl0: left promiscuous mode [ 207.472777][T10074] gre0: left promiscuous mode [ 207.497315][T10074] gretap0: left promiscuous mode [ 207.518711][T10074] erspan0: left promiscuous mode [ 207.536611][T10074] ip_vti0: left promiscuous mode [ 207.565487][T10074] ip6_vti0: left promiscuous mode [ 207.595744][T10074] sit0: left promiscuous mode [ 207.609456][T10074] ip6tnl0: left promiscuous mode [ 207.641137][ T5841] Bluetooth: hci1: command tx timeout [ 207.659784][T10074] ip6gre0: left promiscuous mode [ 207.701003][T10074] syz_tun: left promiscuous mode [ 207.719267][T10074] ip6gretap0: left promiscuous mode [ 207.732197][T10074] bridge0: port 1(vlan1) entered disabled state [ 207.757635][T10074] bridge0: left promiscuous mode [ 207.763656][T10074] vlan1: left promiscuous mode [ 207.776113][T10074] vcan0: left promiscuous mode [ 207.782628][T10074] : left promiscuous mode [ 207.790223][T10074] macvlan0: left promiscuous mode [ 207.795602][ T5841] Bluetooth: hci4: command tx timeout [ 207.808822][T10074] : left allmulticast mode [ 207.822709][T10074] team0: left promiscuous mode [ 207.827545][T10074] batadv0: left promiscuous mode [ 207.840255][T10074] dummy0: left promiscuous mode [ 207.854390][T10074] nlmon0: left promiscuous mode [ 207.860651][T10074] caif0: left promiscuous mode [ 207.874900][T10074] veth1_vlan: left allmulticast mode [ 207.881105][T10074] macvlan0: left allmulticast mode [ 207.895168][T10074] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 207.904940][T10074] geneve2: left allmulticast mode [ 207.910281][T10074] vxlan0: left promiscuous mode [ 207.915595][T10074] vxlan0: left allmulticast mode [ 207.922054][T10074] vti0: left allmulticast mode [ 207.938603][T10074] bond1: left promiscuous mode [ 207.946325][T10074] batadv1: left promiscuous mode [ 207.960837][T10074] batadv1: left allmulticast mode [ 207.980003][T10074] bond2: left promiscuous mode [ 207.991357][T10074] bond2: left allmulticast mode [ 208.076353][T10088] FAULT_INJECTION: forcing a failure. [ 208.076353][T10088] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 208.089833][T10088] CPU: 1 UID: 0 PID: 10088 Comm: syz.0.1167 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0 [ 208.089855][T10088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 208.089865][T10088] Call Trace: [ 208.089870][T10088] [ 208.089876][T10088] dump_stack_lvl+0x241/0x360 [ 208.089901][T10088] ? __pfx_dump_stack_lvl+0x10/0x10 [ 208.089918][T10088] ? __pfx__printk+0x10/0x10 [ 208.089936][T10088] ? __pfx_lock_release+0x10/0x10 [ 208.089968][T10088] should_fail_ex+0x40a/0x550 [ 208.089995][T10088] _copy_from_user+0x2d/0xb0 [ 208.090015][T10088] copy_msghdr_from_user+0xae/0x680 [ 208.090043][T10088] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 208.090062][T10088] ? __fget_files+0x2a/0x410 [ 208.090087][T10088] ? __fget_files+0x2a/0x410 [ 208.090115][T10088] __sys_sendmsg+0x209/0x350 [ 208.090138][T10088] ? __pfx___sys_sendmsg+0x10/0x10 [ 208.090167][T10088] ? do_sys_openat2+0x17a/0x1d0 [ 208.090214][T10088] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 208.090247][T10088] ? do_syscall_64+0x100/0x230 [ 208.090269][T10088] ? do_syscall_64+0xb6/0x230 [ 208.090289][T10088] do_syscall_64+0xf3/0x230 [ 208.090308][T10088] ? clear_bhb_loop+0x35/0x90 [ 208.090332][T10088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.090352][T10088] RIP: 0033:0x7fb85dd8d169 [ 208.090368][T10088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.090382][T10088] RSP: 002b:00007fb85ebf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 208.090401][T10088] RAX: ffffffffffffffda RBX: 00007fb85dfa5fa0 RCX: 00007fb85dd8d169 [ 208.090412][T10088] RDX: 000000000000c094 RSI: 0000400000000200 RDI: 0000000000000003 [ 208.090423][T10088] RBP: 00007fb85ebf6090 R08: 0000000000000000 R09: 0000000000000000 [ 208.090433][T10088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 208.090442][T10088] R13: 0000000000000000 R14: 00007fb85dfa5fa0 R15: 00007ffd096000e8 [ 208.090469][T10088] [ 208.333290][T10091] lo speed is unknown, defaulting to 1000 [ 208.388312][T10093] ------------[ cut here ]------------ [ 208.394351][T10093] RTNL: assertion failed at net/core/dev.c (1769) [ 208.403801][T10093] WARNING: CPU: 1 PID: 10093 at net/core/dev.c:1769 dev_setup_tc+0x315/0x360 [ 208.413051][T10093] Modules linked in: [ 208.417014][T10093] CPU: 1 UID: 0 PID: 10093 Comm: syz.2.1168 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0 [ 208.427935][T10093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 208.438100][T10093] RIP: 0010:dev_setup_tc+0x315/0x360 [ 208.443561][T10093] Code: cc 49 89 ee e8 dc da f7 f7 c6 05 c0 39 5d 06 01 90 48 c7 c7 a0 5e 2e 8d 48 c7 c6 80 5e 2e 8d ba e9 06 00 00 e8 3c 97 b7 f7 90 <0f> 0b 90 90 e9 66 fd ff ff 89 d1 80 e1 07 38 c1 0f 8c aa fd ff ff [ 208.463469][T10093] RSP: 0018:ffffc90003b8eed0 EFLAGS: 00010246 [ 208.469578][T10093] RAX: 587f1d6754f87800 RBX: 0000000000000000 RCX: 0000000000080000 [ 208.477665][T10093] RDX: ffffc90010d68000 RSI: 00000000000049c3 RDI: 00000000000049c4 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 208.485723][T10093] RBP: ffff8880250f8008 R08: ffffffff81818e32 R09: fffffbfff1d3a67c [ 208.493831][T10093] R10: dffffc0000000000 R11: fffffbfff1d3a67c R12: ffffc90003b8f070 [ 208.502310][T10093] R13: ffffffff8d4ab1c0 R14: ffff8880250f8008 R15: ffff8880250f8000 [ 208.510387][T10093] FS: 00007f58e67f66c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 208.519704][T10093] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 208.526428][T10093] CR2: 0000000000000000 CR3: 0000000030ed6000 CR4: 00000000003526f0 [ 208.534513][T10093] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 208.542589][T10093] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 208.550594][T10093] Call Trace: [ 208.554003][T10093] [ 208.556955][T10093] ? __warn+0x165/0x4d0 [ 208.561189][T10093] ? dev_setup_tc+0x315/0x360 [ 208.565999][T10093] ? report_bug+0x2b3/0x500 [ 208.570525][T10093] ? dev_setup_tc+0x315/0x360 [ 208.575323][T10093] ? handle_bug+0x60/0x90 [ 208.579991][T10093] ? exc_invalid_op+0x1a/0x50 [ 208.584855][T10093] ? asm_exc_invalid_op+0x1a/0x20 [ 208.590052][T10093] ? __warn_printk+0x292/0x360 [ 208.595084][T10093] ? dev_setup_tc+0x315/0x360 [ 208.599832][T10093] nf_flow_table_offload_setup+0x2ff/0x710 [ 208.605763][T10093] ? __pfx_ieee80211_netdev_setup_tc+0x10/0x10 [ 208.612105][T10093] ? __pfx_nf_flow_table_offload_setup+0x10/0x10 [ 208.618765][T10093] ? __pfx_lock_release+0x10/0x10 [ 208.623967][T10093] ? nft_pernet+0x23/0x240 [ 208.628596][T10093] ? __pfx_nf_flow_table_offload_setup+0x10/0x10 [ 208.635058][T10093] nft_register_flowtable_net_hooks+0x24c/0x570 [ 208.641452][T10093] nf_tables_newflowtable+0x19f4/0x23d0 [ 208.647948][T10093] ? __pfx_nf_tables_newflowtable+0x10/0x10 [ 208.654005][T10093] ? nfnl_pernet+0x23/0x240 [ 208.658775][T10093] ? __pfx_lock_release+0x10/0x10 [ 208.664052][T10093] ? __nla_parse+0x40/0x60 [ 208.668505][T10093] nfnetlink_rcv+0x14e3/0x2ab0 [ 208.675766][T10093] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 208.681172][T10093] ? netlink_deliver_tap+0x2e/0x1b0 [ 208.686918][T10093] ? skb_clone+0x240/0x390 [ 208.691425][T10093] ? __pfx_lock_release+0x10/0x10 [ 208.696609][T10093] ? netlink_deliver_tap+0x2e/0x1b0 [ 208.701955][T10093] netlink_unicast+0x7f6/0x990 [ 208.706773][T10093] ? __pfx_netlink_unicast+0x10/0x10 [ 208.712201][T10093] ? __virt_addr_valid+0x45f/0x530 [ 208.717358][T10093] ? __phys_addr_symbol+0x2f/0x70 [ 208.720355][ T5841] Bluetooth: hci2: command tx timeout [ 208.723020][T10093] ? __check_object_size+0x47a/0x730 [ 208.733527][T10093] netlink_sendmsg+0x8de/0xcb0 [ 208.738364][T10093] ? __pfx_netlink_sendmsg+0x10/0x10 [ 208.743758][T10093] ? futex_unqueue+0xcb/0xf0 [ 208.748383][T10093] ? aa_sock_msg_perm+0x91/0x160 [ 208.753742][T10093] ? __pfx_netlink_sendmsg+0x10/0x10 [ 208.759068][T10093] __sock_sendmsg+0x221/0x270 [ 208.763990][T10093] ____sys_sendmsg+0x53a/0x860 [ 208.768992][T10093] ? __pfx_____sys_sendmsg+0x10/0x10 [ 208.774452][T10093] __sys_sendmsg+0x269/0x350 [ 208.779092][T10093] ? __pfx___sys_sendmsg+0x10/0x10 [ 208.784546][T10093] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 208.791010][T10093] ? do_syscall_64+0x100/0x230 [ 208.795818][T10093] ? do_syscall_64+0xb6/0x230 [ 208.800541][T10093] do_syscall_64+0xf3/0x230 [ 208.805183][T10093] ? clear_bhb_loop+0x35/0x90 [ 208.810183][T10093] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.816191][T10093] RIP: 0033:0x7f58e898d169 [ 208.821004][T10093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.841861][T10093] RSP: 002b:00007f58e67f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 208.850315][T10093] RAX: ffffffffffffffda RBX: 00007f58e8ba6160 RCX: 00007f58e898d169 [ 208.858618][T10093] RDX: 0000000000000000 RSI: 0000400000000300 RDI: 000000000000000c [ 208.866717][T10093] RBP: 00007f58e8a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 208.874754][T10093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 208.882886][T10093] R13: 0000000000000000 R14: 00007f58e8ba6160 R15: 00007fff6c4048f8 [ 208.890970][T10093] [ 208.894036][T10093] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 208.901422][T10093] CPU: 1 UID: 0 PID: 10093 Comm: syz.2.1168 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0 [ 208.912224][T10093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 208.922322][T10093] Call Trace: [ 208.925628][T10093] [ 208.928569][T10093] dump_stack_lvl+0x241/0x360 [ 208.933257][T10093] ? __pfx_dump_stack_lvl+0x10/0x10 [ 208.938485][T10093] ? __pfx__printk+0x10/0x10 [ 208.943184][T10093] ? vscnprintf+0x5d/0x90 [ 208.947546][T10093] panic+0x349/0x880 [ 208.951550][T10093] ? __warn+0x174/0x4d0 [ 208.955908][T10093] ? __pfx_panic+0x10/0x10 [ 208.960510][T10093] __warn+0x344/0x4d0 [ 208.964721][T10093] ? dev_setup_tc+0x315/0x360 [ 208.969649][T10093] report_bug+0x2b3/0x500 [ 208.974215][T10093] ? dev_setup_tc+0x315/0x360 [ 208.978957][T10093] handle_bug+0x60/0x90 [ 208.983125][T10093] exc_invalid_op+0x1a/0x50 [ 208.987630][T10093] asm_exc_invalid_op+0x1a/0x20 [ 208.992500][T10093] RIP: 0010:dev_setup_tc+0x315/0x360 [ 208.997903][T10093] Code: cc 49 89 ee e8 dc da f7 f7 c6 05 c0 39 5d 06 01 90 48 c7 c7 a0 5e 2e 8d 48 c7 c6 80 5e 2e 8d ba e9 06 00 00 e8 3c 97 b7 f7 90 <0f> 0b 90 90 e9 66 fd ff ff 89 d1 80 e1 07 38 c1 0f 8c aa fd ff ff [ 209.018071][T10093] RSP: 0018:ffffc90003b8eed0 EFLAGS: 00010246 [ 209.024320][T10093] RAX: 587f1d6754f87800 RBX: 0000000000000000 RCX: 0000000000080000 [ 209.032285][T10093] RDX: ffffc90010d68000 RSI: 00000000000049c3 RDI: 00000000000049c4 [ 209.040290][T10093] RBP: ffff8880250f8008 R08: ffffffff81818e32 R09: fffffbfff1d3a67c [ 209.048307][T10093] R10: dffffc0000000000 R11: fffffbfff1d3a67c R12: ffffc90003b8f070 [ 209.056370][T10093] R13: ffffffff8d4ab1c0 R14: ffff8880250f8008 R15: ffff8880250f8000 [ 209.064440][T10093] ? __warn_printk+0x292/0x360 [ 209.069336][T10093] nf_flow_table_offload_setup+0x2ff/0x710 [ 209.075256][T10093] ? __pfx_ieee80211_netdev_setup_tc+0x10/0x10 [ 209.081530][T10093] ? __pfx_nf_flow_table_offload_setup+0x10/0x10 [ 209.087961][T10093] ? __pfx_lock_release+0x10/0x10 [ 209.093088][T10093] ? nft_pernet+0x23/0x240 [ 209.097501][T10093] ? __pfx_nf_flow_table_offload_setup+0x10/0x10 [ 209.104092][T10093] nft_register_flowtable_net_hooks+0x24c/0x570 [ 209.110368][T10093] nf_tables_newflowtable+0x19f4/0x23d0 [ 209.116569][T10093] ? __pfx_nf_tables_newflowtable+0x10/0x10 [ 209.122656][T10093] ? nfnl_pernet+0x23/0x240 [ 209.127159][T10093] ? __pfx_lock_release+0x10/0x10 [ 209.132198][T10093] ? __nla_parse+0x40/0x60 [ 209.136614][T10093] nfnetlink_rcv+0x14e3/0x2ab0 [ 209.141408][T10093] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 209.146548][T10093] ? netlink_deliver_tap+0x2e/0x1b0 [ 209.151840][T10093] ? skb_clone+0x240/0x390 [ 209.156276][T10093] ? __pfx_lock_release+0x10/0x10 [ 209.161322][T10093] ? netlink_deliver_tap+0x2e/0x1b0 [ 209.166570][T10093] netlink_unicast+0x7f6/0x990 [ 209.171356][T10093] ? __pfx_netlink_unicast+0x10/0x10 [ 209.176672][T10093] ? __virt_addr_valid+0x45f/0x530 [ 209.181797][T10093] ? __phys_addr_symbol+0x2f/0x70 [ 209.186819][T10093] ? __check_object_size+0x47a/0x730 [ 209.192112][T10093] netlink_sendmsg+0x8de/0xcb0 [ 209.196940][T10093] ? __pfx_netlink_sendmsg+0x10/0x10 [ 209.202338][T10093] ? futex_unqueue+0xcb/0xf0 [ 209.206942][T10093] ? aa_sock_msg_perm+0x91/0x160 [ 209.211907][T10093] ? __pfx_netlink_sendmsg+0x10/0x10 [ 209.217207][T10093] __sock_sendmsg+0x221/0x270 [ 209.221978][T10093] ____sys_sendmsg+0x53a/0x860 [ 209.226745][T10093] ? __pfx_____sys_sendmsg+0x10/0x10 [ 209.232304][T10093] __sys_sendmsg+0x269/0x350 [ 209.236904][T10093] ? __pfx___sys_sendmsg+0x10/0x10 [ 209.242045][T10093] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 209.248469][T10093] ? do_syscall_64+0x100/0x230 [ 209.253234][T10093] ? do_syscall_64+0xb6/0x230 [ 209.257912][T10093] do_syscall_64+0xf3/0x230 [ 209.262592][T10093] ? clear_bhb_loop+0x35/0x90 [ 209.267277][T10093] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.273170][T10093] RIP: 0033:0x7f58e898d169 [ 209.277627][T10093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.297588][T10093] RSP: 002b:00007f58e67f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 209.306095][T10093] RAX: ffffffffffffffda RBX: 00007f58e8ba6160 RCX: 00007f58e898d169 [ 209.314278][T10093] RDX: 0000000000000000 RSI: 0000400000000300 RDI: 000000000000000c [ 209.322519][T10093] RBP: 00007f58e8a0e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 209.330517][T10093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 209.338517][T10093] R13: 0000000000000000 R14: 00007f58e8ba6160 R15: 00007fff6c4048f8 [ 209.346701][T10093] [ 209.350015][T10093] Kernel Offset: disabled [ 209.354435][T10093] Rebooting in 86400 seconds..