last executing test programs: 1m19.08625909s ago: executing program 0 (id=589): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7800000000000101000000000000000000000000440002000c000280050001000000000006000340000000002c000180140003000000000000000000000000000000000014000400ff02000000000000000000000000000108000540000000000400048008000140000000000900010073797a3100000000823a6dcb81e8318edaef493f03ec00d9fd43ade3198768ba72"], 0x78}}, 0x0) 1m11.13618547s ago: executing program 0 (id=589): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7800000000000101000000000000000000000000440002000c000280050001000000000006000340000000002c000180140003000000000000000000000000000000000014000400ff02000000000000000000000000000108000540000000000400048008000140000000000900010073797a3100000000823a6dcb81e8318edaef493f03ec00d9fd43ade3198768ba72"], 0x78}}, 0x0) 53.730040487s ago: executing program 0 (id=589): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7800000000000101000000000000000000000000440002000c000280050001000000000006000340000000002c000180140003000000000000000000000000000000000014000400ff02000000000000000000000000000108000540000000000400048008000140000000000900010073797a3100000000823a6dcb81e8318edaef493f03ec00d9fd43ade3198768ba72"], 0x78}}, 0x0) 40.099714439s ago: executing program 0 (id=589): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7800000000000101000000000000000000000000440002000c000280050001000000000006000340000000002c000180140003000000000000000000000000000000000014000400ff02000000000000000000000000000108000540000000000400048008000140000000000900010073797a3100000000823a6dcb81e8318edaef493f03ec00d9fd43ade3198768ba72"], 0x78}}, 0x0) 27.130550907s ago: executing program 0 (id=589): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7800000000000101000000000000000000000000440002000c000280050001000000000006000340000000002c000180140003000000000000000000000000000000000014000400ff02000000000000000000000000000108000540000000000400048008000140000000000900010073797a3100000000823a6dcb81e8318edaef493f03ec00d9fd43ade3198768ba72"], 0x78}}, 0x0) 11.992443204s ago: executing program 0 (id=589): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7800000000000101000000000000000000000000440002000c000280050001000000000006000340000000002c000180140003000000000000000000000000000000000014000400ff02000000000000000000000000000108000540000000000400048008000140000000000900010073797a3100000000823a6dcb81e8318edaef493f03ec00d9fd43ade3198768ba72"], 0x78}}, 0x0) 2.223266108s ago: executing program 2 (id=1608): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001000e304000900000000873e44af3062cb31ed2617bf31000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002400128009000100626f6e640000000014000280050001000000000005001d0000000000"], 0x44}}, 0x0) (rerun: 32) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan1\x00'}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=0xffffffffffffffff, @ANYBLOB="010000000000000000004400000010000300", @ANYBLOB="08002600851600000a00180000"], 0x4c}}, 0x0) (async, rerun: 64) r4 = socket(0x10, 0x3, 0x0) (rerun: 64) write(r4, &(0x7f0000000000)="fc0000001a000700ab092500090007000aab0700a90100001d60369321000100ff0500000005d0000000000000039815fa2c1ec28656aaa79bb94b46fe000000bc0003000500000014000027000089fee1434f1e596534d07302ade0bbc91a3e3280772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a46d284a710af333ae4f5566f91cf190201800015b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb00d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48a99c03f080548deac270e33429fd3000175e63fb8d38a8700"/252, 0xfc) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYRES32=r0, @ANYRESHEX=r4, @ANYBLOB="080003007f000001080006", @ANYRES16=r3], 0x30}, 0x1, 0x0, 0x0, 0x4001}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xb, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x11, 0x4e}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call, @exit={0x95, 0x0, 0x48}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0xc, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x0, 0x7, &(0x7f0000000040)=ANY=[@ANYRESHEX=r3, @ANYBLOB="000000000900000018", @ANYRES32=r5, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90) (async) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0) (async) socket$inet6_sctp(0xa, 0x0, 0x84) (async) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) (async) syz_emit_ethernet(0x0, 0x0, 0x0) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0), 0x12) (async) r6 = socket$inet_tcp(0x2, 0x1, 0x0) (async, rerun: 64) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async, rerun: 64) r8 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) bind$802154_raw(r8, 0x0, 0x0) (async) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000340)={'veth1_to_bond\x00', &(0x7f0000000040)=@ethtool_per_queue_op={0x4b, 0x16, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x5]}}) (async, rerun: 64) getsockopt$sock_buf(r6, 0x1, 0x1a, 0x0, &(0x7f0000000080)) (async, rerun: 64) recvmmsg(r6, &(0x7f0000001ec0)=[{{0x0, 0x0, &(0x7f00000007c0)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x0, 0x0) (async) r9 = socket$alg(0x26, 0x5, 0x0) bind$alg(r9, &(0x7f0000000840)={0x26, 'rng\x00', 0x0, 0x0, 'stdrng\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f00000000c0)='7', 0x1) 1.883644767s ago: executing program 2 (id=1611): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x8041) r0 = socket$kcm(0x10, 0x2, 0x4) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'pimreg\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="580000001000010400"/20, @ANYRES32=r3, @ANYBLOB="0000000000800200380012800b0001006272696467650000280002800c002300fbffffffffffffff05002400000000010500240001000000060027"], 0x58}}, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f00000002c0)) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)={0x1b, 0x0, 0x0, 0x80, 0x0, r4, 0x41}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800900e4b90100626f6e64000000000c00028008001400020059475d2c4a1fbe61f3ddcfd95d113e5925b8763c802c07213c7d9ee2d148"], 0x3c}}, 0x0) r10 = socket$inet_udp(0x2, 0x2, 0x0) close(r10) r11 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r11, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, 0xe) shutdown(r11, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r11, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r11, 0x84, 0x1a, &(0x7f0000000080)={r12}, &(0x7f00000000c0)=0x18) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010005f3f770005000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x3}}, 0x0) write$binfmt_misc(r9, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r8, 0x0, r10, 0x0, 0x4ffe2, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000480)={@remote, @private, 0x0}, &(0x7f00000004c0)=0xc) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000500)={'syztnl0\x00', &(0x7f0000000540)={'syztnl1\x00', 0x0, 0x8780, 0x40, 0x4, 0x9, {{0x10, 0x4, 0x2, 0x2, 0x40, 0x66, 0x0, 0xf8, 0x4, 0x0, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@ra={0x94, 0x4}, @noop, @lsrr={0x83, 0x17, 0x83, [@loopback, @rand_addr=0x64010101, @local, @broadcast, @multicast1]}, @lsrr={0x83, 0xf, 0xa5, [@multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback]}]}}}}}) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000700)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e8000000b1285e6d6421bfaa8e1e1c20c149bd0dfae413ec4009f483776f1f0ea59a15ac34baee7fc9bc33fcd5ad895151cdf9a6d9c96bf9f02596b44fae28e5ba7edde8c5c3aac8ea3c054d1cc1b0c7d977f389ca99ffbc56e0d07572af215b011601fbf0d549c0438ad4ad269f583973930500000000000000909e697bd3d4b7574f9f3284aca6b95fc101b7280b34fb62538fd104da078b621ea6cbf4f88dce0979ecda97ad1965a6701de10a5e3d1405a1b98692a17ff638dc0ba8ddb75bfbf600"/206, @ANYRES16=r7, @ANYRES32, @ANYBLOB="d4619600e828f3e39aeb4e33d7474c2fd36c5bfbbb8ce4cedc214b5b0a2157f7f7775df9a70fdab0c4b3bb1c899300bb222db6d9bd3a0ec1adca70c3692cf02c6e8e5a954903d725bb28dfe9768f0432d06f2cbedf9275e27c7579e5957672de30e43a0884f9293ba13977128e86074de5e5a1545ca7a6529e7279bebae32fb4e38c", @ANYBLOB="290f5ca6757b0853077a0e3c44bc4d8c960b79725c22e3fd56ea7d0046ca6c0720af2ae24e87f3e1ad30849fbd018e7cc3d2ec72b0cde4c0700ba76b307768515f468d6d041a802bed086debb03e5a78f5b31d6b0bc1070211af97d1e3432a9d4391543d162a9197d2d02e41350286bad66daeb5398f54886f87ff6eaced", @ANYRES8=r1, @ANYRES32=r13, @ANYBLOB="14000200776c616e3100000000000000000000001800018014100200766c616e3000000000000000000000004c00018008000100", @ANYRES32=r14, @ANYBLOB="080003000300000008000300040000001400020073797a6b616c6c6572310000000000001400020076657468305f746f"], 0xe8}, 0x1, 0x0, 0x0, 0x4040000}, 0x4000000) socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000300)={'ip6gre0\x00', &(0x7f0000000140)={'syztnl1\x00', 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, @loopback={0x0, 0xffff8881a56043d8}}}) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x10, 0x1ff, 0x9, 0xa200, 0x402, r6, 0x9, '\x00', r14, r5, 0x2, 0x3, 0x2}, 0x48) 951.676681ms ago: executing program 1 (id=1628): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0x2}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) socket$kcm(0xa, 0x0, 0x0) r1 = socket(0x1d, 0x2, 0x6) r2 = socket$nl_route(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x1d, 0x2, 0x6) accept$alg(r3, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)}, 0x0) bind$can_j1939(r1, &(0x7f00000001c0)={0x1d, r4, 0x1, {0x0, 0x0, 0x5}, 0xff}, 0x18) sendmsg$nl_route(r2, &(0x7f0000002300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=@dellink={0x20, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x2872}}, 0x20}}, 0x0) 950.964619ms ago: executing program 2 (id=1629): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)=@ipv6_newroute={0x30, 0x18, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0xfe}, [@RTA_GATEWAY={0x14, 0x5, @loopback}]}, 0x30}}, 0x40030000000000) 875.686239ms ago: executing program 2 (id=1631): r0 = socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000280), 0x4) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0) (async) connect$inet(0xffffffffffffffff, 0x0, 0x0) (async) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='illinois\x00', 0x9) (async) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000080)=[@window, @mss, @window, @window], 0x4) (async) r3 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bond0\x00'}) (async) recvmsg$can_bcm(r3, &(0x7f00000000c0)={&(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private2}}}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000140)=""/226, 0xe2}, {&(0x7f0000000240)=""/232, 0xe8}, {&(0x7f0000000080)}, {&(0x7f0000000340)=""/77, 0x4d}, {&(0x7f00000003c0)=""/123, 0x7b}, {&(0x7f0000000480)=""/196, 0xc4}], 0x6, &(0x7f0000000600)=""/216, 0xd8}, 0x0) (async) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)=ANY=[@ANYBLOB="280000001000000000000000000000000007e30071dd656febd8ea01d573bfe0e323c44a76215fa25dfc0202c564c8f8fd6191b16728a8b0bee4", @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100767469000c0002800800040000000000"], 0x38}}, 0x0) 760.294659ms ago: executing program 3 (id=1632): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="ec0000002100390d0000000000000000ac141400000000000000000000000000e000000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c001100ff010000000000000000000000000001ffffffff000000000000000000000000ac1414aa000000000000000000000000ac141400000000000000000000000000000000000000000000000200ff010000000000000000050000000001ffffffff"], 0xec}}, 0x0) 709.110733ms ago: executing program 2 (id=1633): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100)=0x3) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000001c0)=0x2) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, 0x0, 0x0}, 0x90) r2 = socket$inet_smc(0x2b, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) socketpair$tipc(0x1e, 0x0, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x14, 0x24, 0x9, 0x0, 0x0, {0x6}}, 0x14}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000)=0x1, 0xfef2) connect$inet(r2, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x14, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00'}, 0x30) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0) r7 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cgroup.max.depth\x00', 0x2, 0x0) sendfile(r7, r7, 0x0, 0x5) close(r1) 694.981937ms ago: executing program 4 (id=1634): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000000), 0xfecc) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1) sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000100000008000100030000002c000480050003000100000005000300000000000500030000000000050003000100000005000300800000000800020002000000f145233435132df9f07f7b2a5e38e228d941a338560aed935a6d"], 0x50}}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={0x0, 0x0}, 0x20) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_rdma(0x10, 0x3, 0x14) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r5 = openat$cgroup_devices(r4, &(0x7f0000000300)='devices.deny\x00', 0x2, 0x0) write$cgroup_devices(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB='b *:4\tm\n'], 0xa) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="580000000206050000000000000000000000000014000780080011400000000005eb1400040000000500010007000000050005000a000000050004000000000009000200797a31000000697000"/88], 0x58}}, 0x0) 620.323216ms ago: executing program 3 (id=1635): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000a40)="2e9b3d003f8864f0671200000003000000000000", 0x14}, {&(0x7f0000000200)="c6", 0x1}], 0x2) 620.012288ms ago: executing program 1 (id=1636): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r1}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) unshare(0x400) close(r3) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r4 = socket$inet_udplite(0x2, 0x2, 0x88) syz_emit_ethernet(0x2a, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb08060001080006040001e97fa2e74c0a0ad1000057330377ba"], 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'macvlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x3c}}, 0x0) 550.513611ms ago: executing program 1 (id=1637): r0 = socket(0x10, 0x803, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FD_FRAMES(r1, 0x65, 0x5, &(0x7f0000000040)=0x1, 0x4) setsockopt$CAN_RAW_LOOPBACK(r1, 0x65, 0x3, &(0x7f0000000000), 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000440)={'vxcan0\x00', 0x0}) sendmsg$can_raw(r1, &(0x7f00000004c0)={&(0x7f00000000c0)={0x1d, r2, 0x3}, 0x10, &(0x7f0000000080)={&(0x7f0000000300)=@canfd={{}, 0x0, 0x0, 0x0, 0x0, "621105b0ae0282d478b6b01305946c17afcea96765fbac1cd8aabe5bd5522a79da5a1d57b5fc63998d476ac32a7e3327e8817a9a8a32956867b2ab6e543ac6e5"}, 0x48}}, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x8001000000000000, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x8, 0x3, 0x298, 0x0, 0x11, 0x148, 0x100, 0x0, 0x200, 0x2a8, 0x2a8, 0x200, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0xa0, 0x100, 0x0, {}, [@common=@addrtype={{0x30}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4, [], 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, 0x0, 0x200}}}, {{@ip={@empty, @local, 0x0, 0x0, 'gretap0\x00', 'pimreg1\x00'}, 0x0, 0x98, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2f8) 532.091608ms ago: executing program 4 (id=1638): r0 = socket$kcm(0x10, 0x7, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xf2, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000632f77fbac14fe16e000030a07080403fe80000020006558845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x3, 0x4, 0x4, 0x9, 0x0, 0x1}, 0x48) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x3, 0x4, 0x4, 0x98, 0x0, 0x1}, 0x48) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000001240)=ANY=[@ANYBLOB="44010000", @ANYRES16=0x0, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="1800f08005000700000000000500010000000000040004003800f080040009000500070000000000050006000000000005000100000000000500030000000000050001000000000005000600000000000c00f0800500070000000000b400f0809d000b0088606d1673e0ac341cf4abcd43d54e23e52bff8d42f61e8bf09c28fd6529c36b8dfaee70c3e684e95496e2256825298b0dfb6dcb9f9f432011af8136a6c7386130b75bf3dcef34c2623568a93e7fa43da4198636f6d5cb474ec4a6f50beedcecd1ee7e2bf78411a4e6392c85c96fcd7609b5e73b0eb463703dd200185a116c5b0b14fa9234de8d353e0ddc50193e60ffdf648d9d5a742c9a7a000000050006000000000008000a00000000001800f08004000b0005000100000000000500070000000000"], 0x144}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x18, 0x7, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000218100000", @ANYRES32=r1, @ANYBLOB="000000000000000018100000", @ANYRES32=r2, @ANYBLOB="000000000000000095"], &(0x7f0000000a00)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) sendmsg$inet(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000940)="5c00000014006b030231a40802000f00e5aa000017d34060bc24eab556bd05251e6182949a2756f475ce36c2d13b48df000000000000ecb8f6ec63c9f4d4938037e786a6d1bdd700e6657594f1817d9c2e8c62f943400d4febd48815", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 419.739962ms ago: executing program 4 (id=1639): r0 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000200)={@private1, 0x7fd, 0x0, 0x0, 0x9, 0xf3}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, 0x0, 0x0) (async) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, 0x0, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_LEAVE(r1, 0x10f, 0x88) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="dcfa60e72bd7fe701f522baf1520b9180000010000000d000000000000000071"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) (async) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="dcfa60e72bd7fe701f522baf1520b9180000010000000d000000000000000071"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f0000004340)={0x6, 0x14, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$PROG_LOAD(0x5, &(0x7f0000004340)={0x6, 0x14, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{}, &(0x7f00000000c0), &(0x7f0000000240)=r2}, 0x20) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{}, &(0x7f00000000c0), &(0x7f0000000240)=r2}, 0x20) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f00000002c0)={0xffffffffffffffff, 0x6, 0x0, 0x1}) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) (async) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="8c000000", @ANYRES16, @ANYBLOB="110800b87605730000002000000034930500000000000000000400002393cabaebff00000049"], 0x8c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x24, 0x14, 0x0, 0x0, 0x0, {0x2}}, 0x24}}, 0x0) socket$inet6(0xa, 0x2, 0x0) (async) r4 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r4, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4) (async) setsockopt$inet6_int(r4, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r4, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r4, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) setsockopt$inet6_int(r4, 0x29, 0x42, &(0x7f0000000100)=0x1e79, 0x4) (async) setsockopt$inet6_int(r4, 0x29, 0x42, &(0x7f0000000100)=0x1e79, 0x4) sendto$inet6(r4, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) r5 = socket(0x10, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x4, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0xac1414aa, @initdev={0xac, 0x1e, 0x0, 0x0}}, "341517c1b7df60c7"}}}}}, 0x0) bind$unix(r6, &(0x7f0000000340)=@file={0x1, './cgroup.cpu/cgroup.procs/file0\x00'}, 0x2) write(r5, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x90, 0x65, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xa}}, [@TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_flower={{0xb}, {0x40, 0x2, [@TCA_FLOWER_KEY_ARP_OP={0x5}, @TCA_FLOWER_KEY_ICMPV6_CODE={0x5}, @TCA_FLOWER_KEY_TCP_DST_MASK={0x6}, @TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK={0x14}, @TCA_FLOWER_KEY_UDP_SRC_MASK={0x6}, @TCA_FLOWER_KEY_ICMPV6_TYPE={0x5}]}}, @TCA_RATE={0x6}]}, 0x90}}, 0x0) socket(0x10, 0x803, 0x0) 419.016885ms ago: executing program 1 (id=1640): r0 = socket$packet(0x11, 0x2, 0x300) r1 = epoll_create1(0x0) epoll_pwait(r1, &(0x7f0000000200)=[{}], 0x1, 0x6e, &(0x7f00000001c0)={[0x400000000000009]}, 0x8) close(r1) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0x1, 0x4, 0x8, 0xc}, 0x48) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x0, 0x4, 0x4, 0x12}, 0x48) getsockopt$inet6_mptcp_buf(0xffffffffffffffff, 0x11c, 0x4, &(0x7f0000000500)=""/82, &(0x7f0000000580)=0x52) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SET_LIMITS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000004}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x50040080}, 0x40844) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) socket$inet6(0xa, 0x3, 0x2) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_DAT_CACHE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)={0x4c7a8ffdeee6158b, r6, 0x305, 0x0, 0x0, {0x7}, [@BATADV_ATTR_GW_MODE={0x0, 0x33, 0x2}, @BATADV_ATTR_GW_SEL_CLASS={0x0, 0x34, 0xd}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40048c4}, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f00000004c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f00000005c0)=ANY=[@ANYBLOB="a0000000", @ANYRES16=r4, @ANYBLOB="040025bd700092a59faefcdbdf25010000001c000180050002000100000008000700", @ANYRES32=r7, @ANYBLOB="060005004e210000080003000600000005000500080000000800020004000000080003000100000014000180060001000a00000005000200070000003c000680050002000200000014000400ff02000000000000000000000000000114000400fc0000000000000000000000000000010600010002000000"], 0xa0}, 0x1, 0x0, 0x0, 0x804}, 0x20004010) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x4, [@func_proto={0x0, 0x0, 0x0, 0xd, 0xa}, @enum={0x0, 0x2, 0x0, 0x6, 0x4, [{0x2}, {}]}]}, {0x0, [0x0, 0x5f]}}, &(0x7f0000000f40)=""/4089, 0x44, 0xff9, 0x8}, 0x20) sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=ANY=[@ANYBLOB="380000005400e501000000000009000030f05ec3cf1f6845b854711b07000000", @ANYRES32=r10, @ANYBLOB="20000100", @ANYRES32=r10, @ANYBLOB="00000000ffffffff00000000000000000000000086dd0000"], 0x38}}, 0x0) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0x5, &(0x7f0000000280)=@framed={{}, [@exit, @jmp={0x5, 0x1, 0x9, 0x5, 0x6, 0x0, 0x10}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r11}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r13 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r13, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r12, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0) 417.331477ms ago: executing program 3 (id=1641): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) socket$unix(0x1, 0x5, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_int(r0, 0x29, 0x0, 0x0, &(0x7f0000000080)=0x1b00) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b80000001300eb990000000000000000fc000000000000000200000000000000ac1e000100000000000000000000000000000000000000000a003000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000040000000000000000000000000000000000000000000000000340000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004e000000000000000000000000000000ff01000026ec000000000000000000000000000000a3c55f377a269b73c33a0c122bd13ab4d45a5fe855dc468af09b953c87f7f25afa119732e2ec7b17de9898aada234f61e2b298a0e8fbc1af430e44f124df2f1ae593ffbcf85dedcc0dbdfd06a53bc39fd8f4aa2415b2fe39ea25d7ac98bcc8b7a86a0d83cb493909ca75da0f745dfe66239d533ed30f7d6ee4babe34747e23ba41f481e37f3da0cf878694"], 0xb8}}, 0x0) 360.763638ms ago: executing program 4 (id=1642): socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) (async) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a0001000000ff7f0000000080000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\b\x00', @ANYRES32=r0], 0x24}}, 0x0) (async) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = socket$igmp(0x2, 0x3, 0x2) (async) unshare(0x20040600) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.time\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0xfecc) (async) mmap(&(0x7f0000000000/0x11000)=nil, 0x11000, 0x3000001, 0x13, r2, 0x0) (async) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) connect$bt_l2cap(r3, &(0x7f00000000c0)={0x1f, 0x0, @fixed}, 0xe) setsockopt$MRT_FLUSH(r1, 0x0, 0xd0, &(0x7f0000000240), 0x4) r4 = socket$l2tp6(0xa, 0x2, 0x73) (async) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x1, 0x2}, 0x4) bind$alg(r5, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000140)="ad76b6c5", 0x4) (async) r6 = accept4(r5, 0x0, 0x0, 0x0) (async) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xba1, 0x9, 0x11}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r7, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x14, &(0x7f0000001080)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000c00000085000000030000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r9}, 0x10) r10 = socket(0x10, 0x3, 0x0) (async) r11 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r10, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000000540)=@newqdisc={0x78, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x37}}}]}, 0x78}}, 0x0) sendmmsg$alg(r6, &(0x7f0000004c00)=[{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000000)="a9861869a75f66ef7d128ae4230965648a021cdf93508c9706dc1e4d9e1d4c436faf1d2786e53d4c8b827fc9174b67dab67acb28c76f6310145b3bfb0804675b44f3372615", 0x45}, {&(0x7f0000000240)="eeb9ff4efd6ce05a6ccd7c232e4442ec0660f89aeac6d45aea60e560bd9dd945dfc8e65ad2cf2e4d55fb59ee276f5e40e07f7b37b86e88c65190565d726b079d4043e88acbc549f5d3291ba8e35c906d22091ac5b87485aab22c1c9723fe9e1fdc8dd53b5e20ff5f2aa43f29cb053bba51958b69b6a5196c75f6c4c10e213afd12e617eceab1020c9c814d456046a1", 0x8f}, {&(0x7f0000001380)="5e4f1b8edaca0fbbb2d381bca66efabb97e5ec4f21ea39add4576b3f6cee354e296c63411644984be95ec4dfde61530d76d658d948193630128904e3d521b1a9d999a23d789f4946d308d88ea73ec8442421f62e", 0x54}], 0x3, &(0x7f0000001480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r6, &(0x7f0000001e80)={0x0, 0x4010, &(0x7f0000001e00)=[{&(0x7f0000004dc0)=""/118, 0xff78}], 0x1, 0x0, 0xd}, 0x0) (async) sendmmsg$inet6(r4, &(0x7f0000002c00)=[{{&(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c, 0x0}}, {{&(0x7f0000000180)={0xa, 0x0, 0x0, @private2}, 0x1c, 0x0, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000900002900b222a53efd60f004a7ba78d19723"], 0x18}}], 0x2, 0x0) 352.288586ms ago: executing program 3 (id=1643): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) (async) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) r2 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FILTER(r2, 0x65, 0x1, &(0x7f0000000100)=[{{}, {0x0, 0x0, 0x1, 0x1}}], 0x8) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x7, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@map_fd={0x18, 0x0, 0x1, 0x0, r4}, @map_fd={0x18, 0x0, 0x1, 0x0, r3}]}, &(0x7f0000000200)='syzkaller\x00', 0x6, 0xdd, &(0x7f0000000340)=""/221, 0x0, 0x0, '\x00', 0x0, 0x0, r2}, 0x90) r5 = socket$can_raw(0x1d, 0x3, 0x1) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$can_raw(r5, &(0x7f00000000c0)={0x1d, r6}, 0x10) setsockopt$CAN_RAW_FILTER(r5, 0x65, 0x1, &(0x7f00000002c0)=[{{}, {0x0, 0x0, 0x0, 0x1}}], 0x8) (async) r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY(r7, 0x0, 0x1, &(0x7f0000000140)=0x2, 0x4) syz_genetlink_get_family_id$l2tp(&(0x7f0000002100), r7) (async) bind$can_raw(r2, &(0x7f0000000240)={0x1d, r6}, 0x10) (async) bind$can_raw(r2, &(0x7f0000000040), 0x10) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) (async) listen(r1, 0x0) (async) r8 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$int_in(r8, 0x5452, &(0x7f00000000c0)=0x40) connect$inet(r8, &(0x7f0000001fc0)={0x2, 0x0, @loopback}, 0x10) (async, rerun: 32) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r8, 0x8905, &(0x7f0000000000)) (async, rerun: 32) socket$inet6_sctp(0xa, 0x1, 0x84) r9 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r9, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r9, 0x29, 0x30, &(0x7f0000000400)={0xb, {{0xa, 0x0, 0x0, @mcast2, 0xfffffffd}}, 0x0, 0x3, [{{0xa, 0x0, 0x0, @private2}}, {{0xa, 0x0, 0x2, @private2}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}]}, 0x210) (async) bind$inet6(r9, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x7d) (async) syz_emit_ethernet(0x42, &(0x7f0000000380)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0xc, 0x11, 0x0, @private1, @mcast2, {[], {0x0, 0xe22, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}}, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0xac00, 0x0) 289.797841ms ago: executing program 2 (id=1644): socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000007c0)=@raw={'raw\x00', 0x8, 0x3, 0x3a8, 0x128, 0xa, 0x148, 0x128, 0x10, 0x310, 0x2a8, 0x2a8, 0x310, 0x2a8, 0x3, 0x0, {[{{@ip={@loopback, @empty, 0x0, 0x0, 'veth0\x00', 'veth1_to_team\x00'}, 0x3c0, 0xf8, 0x128, 0x70, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'vlan0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x9}}}, @common=@unspec=@connmark={{0x30}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{}, {0x4}}}}, {{@ip={@loopback, @dev, 0x0, 0x0, 'ipvlan0\x00', 'ip_vti0\x00'}, 0x0, 0xc0, 0x1e8, 0x0, {}, [@common=@icmp={{0x28}, {0x0, "8e20"}}, @common=@inet=@set1={{0x28}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, '/usr/sbin/cupsd\x00'}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x408) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="210000000000002cb00b0916493778534f8227738401fb001b000000950000000000010000000000000000"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = socket$rxrpc(0x21, 0x2, 0x2) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="18000000000000000000000000000000790b000000000000950000000000"], &(0x7f0000000780)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe}, 0xffffff29) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r1, 0x110, 0x4, &(0x7f0000000000)=0x2000000, 0x4) socket$l2tp(0x2, 0x2, 0x73) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x8f}, [@ldst={0x6}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd96, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd56, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r3, &(0x7f0000000340)="e208001500a644b505aa3b6e07ca55eb60406f6735e83908f0cae42db396002f03b0152c35f80bf68ef5", 0x2a, 0x24000800, &(0x7f0000000440)={0xa, 0x20, 0x2003, @mcast1, 0x15}, 0x1c) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f0000000000), 0x4) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000000c00)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x2000000, 0x0, 0x0, 0x74}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x90) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000000380)={'tunl0\x00', &(0x7f00000002c0)={'sit0\x00', 0x0, 0x40, 0x10, 0x7f3, 0x7, {{0xf, 0x4, 0x1, 0x23, 0x3c, 0x65, 0x0, 0x6, 0x29, 0x0, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@cipso={0x86, 0x6, 0x1}, @lsrr={0x83, 0xf, 0x21, [@loopback, @loopback, @rand_addr=0x64010102]}, @timestamp={0x44, 0x10, 0x49, 0x0, 0xf, [0x900000, 0x2, 0xfff]}]}}}}}) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000055000100000000000000000007000000", @ANYRES32, @ANYBLOB="20000100", @ANYRES32, @ANYRES16=r2], 0x38}}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$packet(0x11, 0x0, 0x300) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000000c0)={'ip_vti0\x00', 0x0}) sendmsg$nl_route(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=ANY=[@ANYBLOB="280000001000010400"/20, @ANYRES32=r10, @ANYBLOB="000000000000000008101b007fff0000e29b03660b1baab0695be0161950d3d0957b5d51a7142817cff88d1b92c04f5e0dbf61f62131b2d1c9c7369b4235d0eee24d9cf1025a32fd925f7ab9987e11da25193d"], 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'wg2\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000400)={'vcan0\x00', 0x0}) r13 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r13, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) ioctl(r7, 0x3, &(0x7f0000000c00)="c261cd30452d13526ad016096f9996daf6e733be49b87623470ba74b661eca9e5fb75eb9ad6ad884ed13f95d444c034576777d5ec4f1c0acb616e1d28bdc011044b717f0100b9fbdba7c1ac5948661162585a09f8cb6ea66bd70b8700c779399e71ccd99") sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r5, 0x89f2, &(0x7f00000005c0)={'syztnl0\x00', &(0x7f0000000500)={'syztnl2\x00', 0x0, 0x80, 0x58, 0x1, 0x1, {{0x1b, 0x4, 0x3, 0x9, 0x6c, 0x66, 0x0, 0x7f, 0x2f, 0x0, @local, @empty, {[@timestamp={0x44, 0x1c, 0xc0, 0x0, 0x3, [0xffffffff, 0x1ff, 0x800, 0x3f, 0x800, 0x7]}, @ra={0x94, 0x4}, @ra={0x94, 0x4, 0x1}, @timestamp_prespec={0x44, 0x34, 0x30, 0x3, 0x6, [{@broadcast, 0xc0}, {@remote, 0x1}, {@private=0xa010100, 0x80000000}, {@loopback, 0x6}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x1}, {@loopback, 0x3ff}]}]}}}}}) sendmsg$ETHTOOL_MSG_PAUSE_GET(r5, &(0x7f0000000740)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000c80)=ANY=[@ANYBLOB="30010000", @ANYRES16=0x0, @ANYBLOB="000225bd7000fcdbdf25150000003800018008000100", @ANYRES32=r6, @ANYBLOB="080003000000000008000100", @ANYRES32=r10, @ANYBLOB="1f00010078bb9d6c6528914234feeff75e122664aaf473fabfbdd4343b1990cd9b0e6f46fdf2", @ANYRES32=r11, @ANYBLOB="140002007465616d5f736c6176655f31000000004c00018008000100", @ANYRES32=r12, @ANYBLOB="1400020065727370616e3000000000000000000008000100", @ANYRES32=r14, @ANYBLOB="08000100", @ANYRES32=r15, @ANYBLOB="140002007663616e30000000000000000000000008000300030000004800018014000200766574683100000000000000000000000800030002000000080003000300000008000300030000000800030000000000080003000000000008000100", @ANYRES32=0x0, @ANYBLOB="14000180080003000200000008000300010000003c000180140002006970766c616e31000000000000000000140002006261746164765f736c6176655f310000080003000100000008000100", @ANYRES32=0x0, @ANYBLOB], 0x130}, 0x1, 0x0, 0x0, 0x40004}, 0x20004004) readv(r4, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/243, 0xfffffdef}], 0x1) 152.279968ms ago: executing program 3 (id=1645): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="ec0000002100390d0000000000000000ac141400000000000000000000000000e000000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c001100ff010000000000000000000000000001ffffffff000000000000000000000000ac1414aa000000000000000000000000ac141400000000000000000000000000000000000000000000000200ff010000000000000000060000000001ffffffff"], 0xec}}, 0x0) 151.87564ms ago: executing program 4 (id=1646): socket$inet6_sctp(0xa, 0x5, 0x84) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xd, 0x0, &(0x7f0000000040)) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendto$inet6(r1, &(0x7f0000000080)="b3019c28", 0x4, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x44b, 0x70bd26, 0x8000000, {0x7a, 0x0, 0x0, 0x0, 0x0, 0x1900}, [@IFLA_WEIGHT={0x8, 0xf, 0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x94) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, &(0x7f0000000000)={0x0, @in={{0x2, 0x0, @empty}}}, 0x90) pipe(&(0x7f0000000080)) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000004600000000010000000c0002000800000000000000100007"], 0x30}}, 0x0) setsockopt$netlink_NETLINK_PKTINFO(0xffffffffffffffff, 0x10e, 0x3, &(0x7f00000004c0)=0x401, 0x4) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000200)={@ifindex, 0xffffffffffffffff, 0xf, 0x21, 0xffffffffffffffff, @prog_id}, 0x20) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f00000001c0)=0x8) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}]}, 0x34}}, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00'], 0x3}}, 0x0) splice(0xffffffffffffffff, 0x0, r5, 0x0, 0x4ffe2, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000100)) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket(0xa, 0x3, 0x3a) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x7, 0x0, &(0x7f0000000100)="e0b9547ed387db", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) socket$nl_rdma(0x10, 0x3, 0x14) 128.580802ms ago: executing program 1 (id=1647): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r1}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) unshare(0x400) close(r3) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r4 = socket$inet_udplite(0x2, 0x2, 0x88) syz_emit_ethernet(0x2a, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb08060001080006040001e97fa2e74c0a0ad1000057330377ba"], 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'macvlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x3c}}, 0x0) 116.236498ms ago: executing program 3 (id=1648): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000540)='yeah\x00', 0x5) sendmmsg$inet(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000a40)="0036d551863e1902129da79f5986e05288f50e5398660c1a29b0f45c0cc36902e0251c8d34197b357b32b161f9ad72d55a0eab976aae24ed805271b43f0ce2fea5e764494873e0d82a172b3bb54f59b458fd35039c7d81e9ab07f2fb4dad4dace0f5119b54c74a12e4569e47b69a95f92c6380af2bd003fa56f06a23bbd1c78e7756bf4fcaff0c2337", 0x89}, {&(0x7f0000000d40)}], 0x2}}], 0x1, 0x0) sendmsg$inet(r0, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000000)="14fafa37bf25f04bda99eefbbdd8d76b8136ee6cfdee25bdb2d1873ce347c7b623dd3140cfb2326fa1bf9f1dc2375eeba25df45aefdb3c49a4e7ffab4ed7181180bde98af644d11f", 0x48}, {&(0x7f0000000240)="16a6fca1943502d7ac24a672dbecde54535371af01e67576ef51", 0x1a}, {&(0x7f0000000580)="c3e361cabaa484b0c035139c64932a377f926342f6b052b6a3b273c187a5e0c26fe049092a54eb9b6be2ac2df69e6a36fad43d88851aa162b6aa0d4734e36aad318ea99586ca9f642920068473af2e996703149f0c13bcfae9beeb8d", 0x5c}, {&(0x7f0000000800)="8434335f698d91a2a3efe5291f7ebbc2424bb7ee30459376efe5541dc546f93c4ad4f9343e", 0x25}], 0x4}, 0x0) 67.413967ms ago: executing program 1 (id=1649): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r1}, 0x10) r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r2}, 0x8) unshare(0x400) close(r3) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x23, &(0x7f00000003c0)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = socket$inet_udplite(0x2, 0x2, 0x88) syz_emit_ethernet(0x2a, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb08060001080006040001e97fa2e74c0a0ad1000057330377ba25ac1414ff"], 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'macvlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x401, 0x1200, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x44}}, 0x0) 0s ago: executing program 4 (id=1651): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x12, 0x8, &(0x7f0000000c80)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7030000000000008500000040000000b70000000000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"}) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) connect$pppl2tp(r1, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x1, 0x3}}, 0x26) getsockopt$bt_BT_SECURITY(r1, 0x111, 0x2, 0x0, 0x20000000) r4 = socket$inet6(0xa, 0x80003, 0xff) setsockopt$inet6_int(r4, 0x29, 0x16, &(0x7f0000fcb000), 0x4) setsockopt$inet6_int(r4, 0x29, 0x16, &(0x7f0000000140), 0x4) pipe(&(0x7f00000001c0)) socket$unix(0x1, 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32, @ANYBLOB="24005a8020000180140003000000000002000000000001000000000004000200040001"], 0x40}}, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCADDRT(r6, 0x890b, &(0x7f0000000000)={0x4000000, {}, {0x2, 0x0, @dev}, {0x2, 0x0, @empty}, 0x2a0}) ioctl$sock_inet_SIOCDELRT(r6, 0x890c, &(0x7f0000000080)={0x0, {}, {0x2, 0x0, @multicast2}, {0x2, 0x0, @empty}, 0xab852ebbeefbd6b1}) kernel console output (not intermixed with test programs): gle 06/07/2024 [ 125.242231][ T6596] Call Trace: [ 125.245549][ T6596] [ 125.248516][ T6596] dump_stack_lvl+0x241/0x360 [ 125.253327][ T6596] ? __pfx_dump_stack_lvl+0x10/0x10 [ 125.258569][ T6596] ? __pfx__printk+0x10/0x10 [ 125.263303][ T6596] ? __pfx_lock_release+0x10/0x10 [ 125.268390][ T6596] should_fail_ex+0x3b0/0x4e0 [ 125.273217][ T6596] _copy_from_iter+0x43a/0x1960 [ 125.278124][ T6596] ? __pfx__copy_from_iter+0x10/0x10 [ 125.283473][ T6596] ? __pfx__copy_from_iter+0x10/0x10 [ 125.288795][ T6596] ? __netdev_alloc_frag_align+0x1a2/0x1f0 [ 125.294731][ T6596] ? page_copy_sane+0x154/0x260 [ 125.299597][ T6596] copy_page_from_iter+0x7a/0x100 [ 125.304650][ T6596] skb_copy_datagram_from_iter+0x2d8/0x6c0 [ 125.310485][ T6596] tun_get_user+0xec3/0x4720 [ 125.315110][ T6596] ? __pfx_tun_get_user+0x10/0x10 [ 125.320181][ T6596] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 125.325666][ T6596] ? tun_get+0x1e/0x2f0 [ 125.329834][ T6596] ? __pfx_lock_release+0x10/0x10 [ 125.334883][ T6596] ? tun_get+0x1e/0x2f0 [ 125.339054][ T6596] ? tun_get+0x27d/0x2f0 [ 125.343315][ T6596] tun_chr_write_iter+0x113/0x1f0 [ 125.348356][ T6596] do_iter_readv_writev+0x5a4/0x800 [ 125.353576][ T6596] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 125.359310][ T6596] ? bpf_lsm_file_permission+0x9/0x10 [ 125.364697][ T6596] ? security_file_permission+0x7f/0xa0 [ 125.370260][ T6596] ? rw_verify_area+0x1d2/0x6b0 [ 125.375135][ T6596] vfs_writev+0x37c/0xbb0 [ 125.379507][ T6596] ? __pfx_lock_acquire+0x10/0x10 [ 125.384638][ T6596] ? __pfx_vfs_writev+0x10/0x10 [ 125.389520][ T6596] ? vfs_write+0x7c4/0xc90 [ 125.393961][ T6596] ? __fget_files+0x29/0x470 [ 125.398666][ T6596] do_writev+0x1b1/0x350 [ 125.403136][ T6596] ? __pfx_do_writev+0x10/0x10 [ 125.407923][ T6596] ? do_syscall_64+0x100/0x230 [ 125.412705][ T6596] ? do_syscall_64+0xb6/0x230 [ 125.417407][ T6596] do_syscall_64+0xf3/0x230 [ 125.421923][ T6596] ? clear_bhb_loop+0x35/0x90 [ 125.426613][ T6596] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 125.432524][ T6596] RIP: 0033:0x7faa77175bd9 [ 125.436948][ T6596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 125.456670][ T6596] RSP: 002b:00007faa77fbf048 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 125.465116][ T6596] RAX: ffffffffffffffda RBX: 00007faa77303f60 RCX: 00007faa77175bd9 [ 125.473136][ T6596] RDX: 0000000000000002 RSI: 00000000200002c0 RDI: 0000000000000003 [ 125.481323][ T6596] RBP: 00007faa77fbf0a0 R08: 0000000000000000 R09: 0000000000000000 [ 125.489322][ T6596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 125.497398][ T6596] R13: 000000000000000b R14: 00007faa77303f60 R15: 00007ffc3c756728 [ 125.505413][ T6596] [ 125.622468][ T6600] __nla_validate_parse: 4 callbacks suppressed [ 125.622489][ T6600] netlink: 4 bytes leftover after parsing attributes in process `syz.2.479'. [ 125.698573][ T6563] lo: left promiscuous mode [ 126.242685][ T6631] netlink: 20 bytes leftover after parsing attributes in process `syz.0.487'. [ 126.400463][ T6633] netlink: 1 bytes leftover after parsing attributes in process `syz.3.485'. [ 126.484456][ T6631] netlink: 48 bytes leftover after parsing attributes in process `syz.0.487'. [ 126.920524][ T6655] netlink: 4 bytes leftover after parsing attributes in process `syz.0.493'. [ 127.065801][ T6668] lo: entered promiscuous mode [ 127.286509][ T6677] netlink: 8 bytes leftover after parsing attributes in process `syz.4.503'. [ 127.818152][ T6706] netlink: 4 bytes leftover after parsing attributes in process `syz.3.511'. [ 127.965262][ T6659] lo: left promiscuous mode [ 128.233736][ T6721] Dead loop on virtual device ipvlan1, fix it urgently! [ 128.258353][ T6724] netlink: 8 bytes leftover after parsing attributes in process `syz.3.520'. [ 128.441950][ T6726] netlink: 'syz.4.521': attribute type 3 has an invalid length. [ 128.481602][ T6726] netlink: 8 bytes leftover after parsing attributes in process `syz.4.521'. [ 128.797258][ T6721] syz.1.514 (6721) used greatest stack depth: 6008 bytes left [ 128.872800][ T6748] netlink: 4 bytes leftover after parsing attributes in process `syz.4.527'. [ 129.430091][ T6781] FAULT_INJECTION: forcing a failure. [ 129.430091][ T6781] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 129.445130][ T6781] CPU: 0 PID: 6781 Comm: syz.1.540 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0 [ 129.455176][ T6781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 129.465275][ T6781] Call Trace: [ 129.468595][ T6781] [ 129.471552][ T6781] dump_stack_lvl+0x241/0x360 [ 129.476288][ T6781] ? __pfx_dump_stack_lvl+0x10/0x10 [ 129.481533][ T6781] ? __pfx__printk+0x10/0x10 [ 129.486185][ T6781] ? __pfx_lock_release+0x10/0x10 [ 129.491337][ T6781] should_fail_ex+0x3b0/0x4e0 [ 129.496047][ T6781] _copy_from_iter+0x1f6/0x1960 [ 129.500922][ T6781] ? __virt_addr_valid+0x183/0x520 [ 129.506151][ T6781] ? __pfx_lock_release+0x10/0x10 [ 129.511194][ T6781] ? __alloc_skb+0x28f/0x440 [ 129.515800][ T6781] ? __pfx__copy_from_iter+0x10/0x10 [ 129.521103][ T6781] ? __virt_addr_valid+0x183/0x520 [ 129.526226][ T6781] ? __virt_addr_valid+0x183/0x520 [ 129.531348][ T6781] ? __virt_addr_valid+0x44e/0x520 [ 129.536472][ T6781] ? __check_object_size+0x49c/0x900 [ 129.541806][ T6781] netlink_sendmsg+0x73d/0xcb0 [ 129.546604][ T6781] ? __pfx_netlink_sendmsg+0x10/0x10 [ 129.551998][ T6781] ? __import_iovec+0x536/0x820 [ 129.556869][ T6781] ? aa_sock_msg_perm+0x91/0x160 [ 129.561830][ T6781] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 129.567143][ T6781] ? security_socket_sendmsg+0x87/0xb0 [ 129.572635][ T6781] ? __pfx_netlink_sendmsg+0x10/0x10 [ 129.577959][ T6781] __sock_sendmsg+0x221/0x270 [ 129.582674][ T6781] ____sys_sendmsg+0x525/0x7d0 [ 129.587476][ T6781] ? __pfx_____sys_sendmsg+0x10/0x10 [ 129.592810][ T6781] __sys_sendmsg+0x2b0/0x3a0 [ 129.597421][ T6781] ? __pfx___sys_sendmsg+0x10/0x10 [ 129.602574][ T6781] ? vfs_write+0x7c4/0xc90 [ 129.607097][ T6781] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 129.613459][ T6781] ? do_syscall_64+0x100/0x230 [ 129.618243][ T6781] ? do_syscall_64+0xb6/0x230 [ 129.622939][ T6781] do_syscall_64+0xf3/0x230 [ 129.627459][ T6781] ? clear_bhb_loop+0x35/0x90 [ 129.632172][ T6781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.638093][ T6781] RIP: 0033:0x7f2386d75bd9 [ 129.642525][ T6781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.662246][ T6781] RSP: 002b:00007f2387bc3048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 129.670677][ T6781] RAX: ffffffffffffffda RBX: 00007f2386f03f60 RCX: 00007f2386d75bd9 [ 129.678663][ T6781] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 129.686657][ T6781] RBP: 00007f2387bc30a0 R08: 0000000000000000 R09: 0000000000000000 [ 129.694640][ T6781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 129.702620][ T6781] R13: 000000000000000b R14: 00007f2386f03f60 R15: 00007fffa7ba0258 [ 129.710640][ T6781] [ 130.033668][ T6797] Dead loop on virtual device ipvlan1, fix it urgently! [ 130.407276][ T6815] FAULT_INJECTION: forcing a failure. [ 130.407276][ T6815] name failslab, interval 1, probability 0, space 0, times 0 [ 130.425003][ T6815] CPU: 0 PID: 6815 Comm: syz.0.553 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0 [ 130.435058][ T6815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 130.445294][ T6815] Call Trace: [ 130.448609][ T6815] [ 130.451672][ T6815] dump_stack_lvl+0x241/0x360 [ 130.456496][ T6815] ? __pfx_dump_stack_lvl+0x10/0x10 [ 130.461733][ T6815] ? __pfx__printk+0x10/0x10 [ 130.466347][ T6815] ? ref_tracker_alloc+0x332/0x490 [ 130.471514][ T6815] should_fail_ex+0x3b0/0x4e0 [ 130.476210][ T6815] ? skb_clone+0x20c/0x390 [ 130.480639][ T6815] should_failslab+0x9/0x20 [ 130.485165][ T6815] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 130.490594][ T6815] skb_clone+0x20c/0x390 [ 130.494882][ T6815] __netlink_deliver_tap+0x3cc/0x7c0 [ 130.500204][ T6815] ? netlink_deliver_tap+0x2e/0x1b0 [ 130.505438][ T6815] netlink_deliver_tap+0x19d/0x1b0 [ 130.510596][ T6815] netlink_unicast+0x7be/0x990 [ 130.515380][ T6815] ? __pfx_netlink_unicast+0x10/0x10 [ 130.520789][ T6815] ? __virt_addr_valid+0x183/0x520 [ 130.525932][ T6815] ? __check_object_size+0x49c/0x900 [ 130.531245][ T6815] ? bpf_lsm_netlink_send+0x9/0x10 [ 130.536390][ T6815] netlink_sendmsg+0x8e4/0xcb0 [ 130.541199][ T6815] ? __pfx_netlink_sendmsg+0x10/0x10 [ 130.546613][ T6815] ? __import_iovec+0x536/0x820 [ 130.551504][ T6815] ? aa_sock_msg_perm+0x91/0x160 [ 130.556494][ T6815] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 130.561818][ T6815] ? security_socket_sendmsg+0x87/0xb0 [ 130.567408][ T6815] ? __pfx_netlink_sendmsg+0x10/0x10 [ 130.572716][ T6815] __sock_sendmsg+0x221/0x270 [ 130.577420][ T6815] ____sys_sendmsg+0x525/0x7d0 [ 130.582219][ T6815] ? __pfx_____sys_sendmsg+0x10/0x10 [ 130.587545][ T6815] __sys_sendmsg+0x2b0/0x3a0 [ 130.592156][ T6815] ? __pfx___sys_sendmsg+0x10/0x10 [ 130.597299][ T6815] ? vfs_write+0x7c4/0xc90 [ 130.601772][ T6815] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 130.608146][ T6815] ? do_syscall_64+0x100/0x230 [ 130.612945][ T6815] ? do_syscall_64+0xb6/0x230 [ 130.617907][ T6815] do_syscall_64+0xf3/0x230 [ 130.622432][ T6815] ? clear_bhb_loop+0x35/0x90 [ 130.627139][ T6815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.633045][ T6815] RIP: 0033:0x7ff29d175bd9 [ 130.637474][ T6815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.657090][ T6815] RSP: 002b:00007ff29def5048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 130.665517][ T6815] RAX: ffffffffffffffda RBX: 00007ff29d303f60 RCX: 00007ff29d175bd9 [ 130.673498][ T6815] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 130.681562][ T6815] RBP: 00007ff29def50a0 R08: 0000000000000000 R09: 0000000000000000 [ 130.689544][ T6815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 130.697520][ T6815] R13: 000000000000000b R14: 00007ff29d303f60 R15: 00007ffc9db5c5a8 [ 130.705530][ T6815] [ 130.783097][ T6817] __nla_validate_parse: 4 callbacks suppressed [ 130.783119][ T6817] netlink: 24 bytes leftover after parsing attributes in process `syz.4.555'. [ 130.913885][ T6797] syz.1.547 (6797) used greatest stack depth: 5816 bytes left [ 131.063291][ T6832] netlink: 8 bytes leftover after parsing attributes in process `syz.0.561'. [ 131.196029][ T6834] sctp: [Deprecated]: syz.2.562 (pid 6834) Use of struct sctp_assoc_value in delayed_ack socket option. [ 131.196029][ T6834] Use struct sctp_sack_info instead [ 131.354670][ T5189] IPVS: starting estimator thread 0... [ 131.462971][ T6845] netlink: 4 bytes leftover after parsing attributes in process `syz.3.565'. [ 131.473471][ T6843] IPVS: using max 17 ests per chain, 40800 per kthread [ 131.492357][ T6848] FAULT_INJECTION: forcing a failure. [ 131.492357][ T6848] name failslab, interval 1, probability 0, space 0, times 0 [ 131.505478][ T6848] CPU: 1 PID: 6848 Comm: syz.2.567 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0 [ 131.515579][ T6848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 131.525682][ T6848] Call Trace: [ 131.528972][ T6848] [ 131.531915][ T6848] dump_stack_lvl+0x241/0x360 [ 131.536607][ T6848] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.541817][ T6848] ? __pfx__printk+0x10/0x10 [ 131.546443][ T6848] should_fail_ex+0x3b0/0x4e0 [ 131.551287][ T6848] ? skb_clone+0x20c/0x390 [ 131.555818][ T6848] should_failslab+0x9/0x20 [ 131.560337][ T6848] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 131.565735][ T6848] skb_clone+0x20c/0x390 [ 131.569994][ T6848] ? dev_queue_xmit_nit+0x220/0xc10 [ 131.575208][ T6848] dev_queue_xmit_nit+0x419/0xc10 [ 131.580250][ T6848] ? dev_queue_xmit_nit+0x2b/0xc10 [ 131.585558][ T6848] ? validate_xmit_skb+0x9f9/0x1120 [ 131.590788][ T6848] dev_hard_start_xmit+0x15f/0x7e0 [ 131.595941][ T6848] ? __pfx_validate_xmit_skb+0x10/0x10 [ 131.601440][ T6848] __dev_queue_xmit+0x1b63/0x3e90 [ 131.606572][ T6848] ? kasan_save_track+0x51/0x80 [ 131.611449][ T6848] ? do_syscall_64+0xf3/0x230 [ 131.616142][ T6848] ? __dev_queue_xmit+0x2da/0x3e90 [ 131.621274][ T6848] ? __pfx___dev_queue_xmit+0x10/0x10 [ 131.626689][ T6848] ? __copy_skb_header+0x437/0x5b0 [ 131.631842][ T6848] ? __asan_memcpy+0x40/0x70 [ 131.636477][ T6848] ? __copy_skb_header+0x437/0x5b0 [ 131.641623][ T6848] ? __skb_clone+0x454/0x6c0 [ 131.646259][ T6848] ? skb_clone+0x240/0x390 [ 131.650709][ T6848] __netlink_deliver_tap+0x54d/0x7c0 [ 131.656023][ T6848] ? netlink_deliver_tap+0x2e/0x1b0 [ 131.661245][ T6848] netlink_deliver_tap+0x19d/0x1b0 [ 131.666394][ T6848] netlink_unicast+0x7be/0x990 [ 131.671181][ T6848] ? __pfx_netlink_unicast+0x10/0x10 [ 131.676494][ T6848] ? __virt_addr_valid+0x183/0x520 [ 131.681628][ T6848] ? __check_object_size+0x49c/0x900 [ 131.687039][ T6848] ? bpf_lsm_netlink_send+0x9/0x10 [ 131.692179][ T6848] netlink_sendmsg+0x8e4/0xcb0 [ 131.696980][ T6848] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.702821][ T6848] ? __import_iovec+0x536/0x820 [ 131.707679][ T6848] ? aa_sock_msg_perm+0x91/0x160 [ 131.712641][ T6848] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 131.717932][ T6848] ? security_socket_sendmsg+0x87/0xb0 [ 131.723441][ T6848] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.728851][ T6848] __sock_sendmsg+0x221/0x270 [ 131.733551][ T6848] ____sys_sendmsg+0x525/0x7d0 [ 131.738339][ T6848] ? __pfx_____sys_sendmsg+0x10/0x10 [ 131.743668][ T6848] __sys_sendmsg+0x2b0/0x3a0 [ 131.748274][ T6848] ? __pfx___sys_sendmsg+0x10/0x10 [ 131.753419][ T6848] ? vfs_write+0x7c4/0xc90 [ 131.757898][ T6848] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 131.764238][ T6848] ? do_syscall_64+0x100/0x230 [ 131.769012][ T6848] ? do_syscall_64+0xb6/0x230 [ 131.773700][ T6848] do_syscall_64+0xf3/0x230 [ 131.778300][ T6848] ? clear_bhb_loop+0x35/0x90 [ 131.782992][ T6848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.788898][ T6848] RIP: 0033:0x7fd50cf75bd9 [ 131.793408][ T6848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.813107][ T6848] RSP: 002b:00007fd50ddee048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 131.821538][ T6848] RAX: ffffffffffffffda RBX: 00007fd50d103f60 RCX: 00007fd50cf75bd9 [ 131.829526][ T6848] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 131.837596][ T6848] RBP: 00007fd50ddee0a0 R08: 0000000000000000 R09: 0000000000000000 [ 131.845579][ T6848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 131.853565][ T6848] R13: 000000000000000b R14: 00007fd50d103f60 R15: 00007ffc4945f988 [ 131.861558][ T6848] [ 132.114608][ T6860] netlink: 4 bytes leftover after parsing attributes in process `syz.4.569'. [ 133.020174][ T6899] Cannot find add_set index 0 as target [ 133.163278][ T2865] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.193362][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.199835][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.262444][ T2865] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.409618][ T2865] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.563671][ T2865] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.709868][ T53] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 133.720205][ T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 133.729864][ T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 133.743118][ T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 133.751248][ T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 133.759593][ T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 133.900320][ T6929] bridge0: port 3(vlan2) entered blocking state [ 133.917601][ T6929] bridge0: port 3(vlan2) entered disabled state [ 133.924587][ T6929] vlan2: entered allmulticast mode [ 133.932816][ T6929] vlan2: left allmulticast mode [ 134.073074][ T6935] netlink: 8 bytes leftover after parsing attributes in process `syz.3.601'. [ 134.093162][ T6935] netlink: 4 bytes leftover after parsing attributes in process `syz.3.601'. [ 134.112118][ T6935] netlink: 4 bytes leftover after parsing attributes in process `syz.3.601'. [ 134.129455][ T6935] netlink: 4 bytes leftover after parsing attributes in process `syz.3.601'. [ 134.152013][ T6935] netlink: 4 bytes leftover after parsing attributes in process `syz.3.601'. [ 134.206040][ T6920] caif0 speed is unknown, defaulting to 1000 [ 134.216825][ T2865] bridge_slave_1: left allmulticast mode [ 134.240288][ T2865] bridge_slave_1: left promiscuous mode [ 134.257965][ T2865] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.314748][ T2865] bridge_slave_0: left allmulticast mode [ 134.342309][ T2865] bridge_slave_0: left promiscuous mode [ 134.358530][ T2865] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.546057][ T6959] netlink: 4 bytes leftover after parsing attributes in process `syz.4.611'. [ 134.887186][ T2865] bridge0 (unregistering): left allmulticast mode [ 134.918734][ T2865] team0: Port device macvlan2 removed [ 135.102332][ T2865] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 135.127553][ T2865] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 135.143576][ T2865] bond0 (unregistering): Released all slaves [ 135.163295][ T2865] bond1 (unregistering): Released all slaves [ 135.178036][ T2865] bond2 (unregistering): Released all slaves [ 135.462746][ T6971] netlink: 'syz.1.614': attribute type 8 has an invalid length. [ 135.709515][ T6983] netlink: 'syz.3.617': attribute type 3 has an invalid length. [ 135.822287][ T53] Bluetooth: hci3: command tx timeout [ 136.508648][ T7016] __nla_validate_parse: 3 callbacks suppressed [ 136.508671][ T7016] netlink: 20 bytes leftover after parsing attributes in process `syz.3.629'. [ 136.620847][ T6920] chnl_net:caif_netlink_parms(): no params data found [ 136.664224][ T7019] ɶƣ0GC¦: entered promiscuous mode [ 136.720574][ T2865] hsr_slave_0: left promiscuous mode [ 136.730815][ T2865] hsr_slave_1: left promiscuous mode [ 136.749841][ T2865] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 136.760340][ T2865] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 136.769077][ T2865] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 136.783730][ T2865] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 136.822880][ T2865] veth1_macvtap: left promiscuous mode [ 136.828968][ T2865] veth0_macvtap: left promiscuous mode [ 136.841281][ T2865] veth1_vlan: left promiscuous mode [ 136.848609][ T2865] @ÿ: left promiscuous mode [ 137.384118][ T2865] team0 (unregistering): Port device team_slave_1 removed [ 137.423728][ T2865] team0 (unregistering): Port device team_slave_0 removed [ 137.902086][ T53] Bluetooth: hci3: command tx timeout [ 138.067263][ T6920] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.085809][ T7053] FAULT_INJECTION: forcing a failure. [ 138.085809][ T7053] name failslab, interval 1, probability 0, space 0, times 0 [ 138.100130][ T6920] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.107980][ T6920] bridge_slave_0: entered allmulticast mode [ 138.117446][ T6920] bridge_slave_0: entered promiscuous mode [ 138.123853][ T7053] CPU: 1 PID: 7053 Comm: syz.2.638 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0 [ 138.133961][ T7053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 138.144150][ T7053] Call Trace: [ 138.147455][ T7053] [ 138.150416][ T7053] dump_stack_lvl+0x241/0x360 [ 138.155138][ T7053] ? __pfx_dump_stack_lvl+0x10/0x10 [ 138.160378][ T7053] ? __pfx__printk+0x10/0x10 [ 138.161707][ T6920] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.164997][ T7053] ? ref_tracker_alloc+0x332/0x490 [ 138.165062][ T7053] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 138.165102][ T7053] should_fail_ex+0x3b0/0x4e0 [ 138.165147][ T7053] ? skb_clone+0x20c/0x390 [ 138.165181][ T7053] should_failslab+0x9/0x20 [ 138.165214][ T7053] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 138.187423][ T6920] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.187497][ T7053] skb_clone+0x20c/0x390 [ 138.192384][ T6920] bridge_slave_1: entered allmulticast mode [ 138.196403][ T7053] __netlink_deliver_tap+0x3cc/0x7c0 [ 138.196450][ T7053] ? netlink_deliver_tap+0x2e/0x1b0 [ 138.210787][ T6920] bridge_slave_1: entered promiscuous mode [ 138.213147][ T7053] netlink_deliver_tap+0x19d/0x1b0 [ 138.213184][ T7053] netlink_sendskb+0x68/0x140 [ 138.213211][ T7053] netlink_unicast+0x39d/0x990 [ 138.213246][ T7053] ? __pfx_netlink_unicast+0x10/0x10 [ 138.255303][ T7053] ovs_ct_limit_cmd_set+0x970/0xaf0 [ 138.260524][ T7053] ? __nla_parse+0x40/0x60 [ 138.264956][ T7053] ? genl_family_rcv_msg_attrs_parse+0x21b/0x290 [ 138.271316][ T7053] genl_rcv_msg+0xb14/0xec0 [ 138.275839][ T7053] ? mark_lock+0x9a/0x350 [ 138.280199][ T7053] ? __pfx_genl_rcv_msg+0x10/0x10 [ 138.285291][ T7053] ? __pfx_lock_acquire+0x10/0x10 [ 138.290326][ T7053] ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10 [ 138.296066][ T7053] ? __pfx___might_resched+0x10/0x10 [ 138.301375][ T7053] netlink_rcv_skb+0x1e3/0x430 [ 138.306158][ T7053] ? __pfx_genl_rcv_msg+0x10/0x10 [ 138.311204][ T7053] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 138.316517][ T7053] ? __netlink_deliver_tap+0x77e/0x7c0 [ 138.322001][ T7053] genl_rcv+0x28/0x40 [ 138.326005][ T7053] netlink_unicast+0x7f0/0x990 [ 138.330782][ T7053] ? __pfx_netlink_unicast+0x10/0x10 [ 138.336075][ T7053] ? __virt_addr_valid+0x183/0x520 [ 138.341294][ T7053] ? __check_object_size+0x49c/0x900 [ 138.346686][ T7053] ? bpf_lsm_netlink_send+0x9/0x10 [ 138.351823][ T7053] netlink_sendmsg+0x8e4/0xcb0 [ 138.356702][ T7053] ? __pfx_netlink_sendmsg+0x10/0x10 [ 138.362000][ T7053] ? __import_iovec+0x536/0x820 [ 138.366858][ T7053] ? aa_sock_msg_perm+0x91/0x160 [ 138.371816][ T7053] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 138.377120][ T7053] ? security_socket_sendmsg+0x87/0xb0 [ 138.382598][ T7053] ? __pfx_netlink_sendmsg+0x10/0x10 [ 138.387898][ T7053] __sock_sendmsg+0x221/0x270 [ 138.392593][ T7053] ____sys_sendmsg+0x525/0x7d0 [ 138.397379][ T7053] ? __pfx_____sys_sendmsg+0x10/0x10 [ 138.402714][ T7053] __sys_sendmsg+0x2b0/0x3a0 [ 138.407322][ T7053] ? __pfx___sys_sendmsg+0x10/0x10 [ 138.412448][ T7053] ? vfs_write+0x7c4/0xc90 [ 138.416959][ T7053] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 138.423308][ T7053] ? do_syscall_64+0x100/0x230 [ 138.428126][ T7053] ? do_syscall_64+0xb6/0x230 [ 138.432831][ T7053] do_syscall_64+0xf3/0x230 [ 138.437368][ T7053] ? clear_bhb_loop+0x35/0x90 [ 138.442074][ T7053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.448072][ T7053] RIP: 0033:0x7fd50cf75bd9 [ 138.452502][ T7053] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 138.472223][ T7053] RSP: 002b:00007fd50ddee048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 138.480736][ T7053] RAX: ffffffffffffffda RBX: 00007fd50d103f60 RCX: 00007fd50cf75bd9 [ 138.488721][ T7053] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 138.496906][ T7053] RBP: 00007fd50ddee0a0 R08: 0000000000000000 R09: 0000000000000000 [ 138.504888][ T7053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 138.512873][ T7053] R13: 000000000000000b R14: 00007fd50d103f60 R15: 00007ffc4945f988 [ 138.520867][ T7053] [ 138.816008][ T6920] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 138.864073][ T6920] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 139.013768][ T6920] team0: Port device team_slave_0 added [ 139.106111][ T6920] team0: Port device team_slave_1 added [ 139.272541][ T6920] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 139.287601][ T6920] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.369938][ T6920] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 139.443003][ T6920] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 139.472257][ T6920] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.528737][ T6920] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 139.604451][ T7102] FAULT_INJECTION: forcing a failure. [ 139.604451][ T7102] name failslab, interval 1, probability 0, space 0, times 0 [ 139.617638][ T7102] CPU: 0 PID: 7102 Comm: syz.3.652 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0 [ 139.627660][ T7102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 139.637762][ T7102] Call Trace: [ 139.641061][ T7102] [ 139.644024][ T7102] dump_stack_lvl+0x241/0x360 [ 139.648734][ T7102] ? __pfx_dump_stack_lvl+0x10/0x10 [ 139.653961][ T7102] ? __pfx__printk+0x10/0x10 [ 139.658636][ T7102] should_fail_ex+0x3b0/0x4e0 [ 139.663345][ T7102] ? skb_clone+0x20c/0x390 [ 139.667802][ T7102] should_failslab+0x9/0x20 [ 139.672338][ T7102] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 139.677746][ T7102] skb_clone+0x20c/0x390 [ 139.682035][ T7102] ? dev_queue_xmit_nit+0x220/0xc10 [ 139.687254][ T7102] dev_queue_xmit_nit+0x419/0xc10 [ 139.692298][ T7102] ? dev_queue_xmit_nit+0x2b/0xc10 [ 139.697448][ T7102] ? validate_xmit_skb+0x9f9/0x1120 [ 139.702679][ T7102] dev_hard_start_xmit+0x15f/0x7e0 [ 139.707812][ T7102] ? __pfx_validate_xmit_skb+0x10/0x10 [ 139.713302][ T7102] __dev_queue_xmit+0x1b63/0x3e90 [ 139.718355][ T7102] ? genl_rcv_msg+0xb14/0xec0 [ 139.723051][ T7102] ? netlink_unicast+0x7f0/0x990 [ 139.727999][ T7102] ? ____sys_sendmsg+0x525/0x7d0 [ 139.732951][ T7102] ? __dev_queue_xmit+0x2da/0x3e90 [ 139.738081][ T7102] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.744173][ T7102] ? __pfx___dev_queue_xmit+0x10/0x10 [ 139.749577][ T7102] ? __copy_skb_header+0x437/0x5b0 [ 139.754709][ T7102] ? __asan_memcpy+0x40/0x70 [ 139.759316][ T7102] ? __copy_skb_header+0x437/0x5b0 [ 139.764452][ T7102] ? __skb_clone+0x454/0x6c0 [ 139.769066][ T7102] ? skb_clone+0x240/0x390 [ 139.773503][ T7102] __netlink_deliver_tap+0x54d/0x7c0 [ 139.778906][ T7102] ? netlink_deliver_tap+0x2e/0x1b0 [ 139.784207][ T7102] netlink_deliver_tap+0x19d/0x1b0 [ 139.789416][ T7102] netlink_sendskb+0x68/0x140 [ 139.794208][ T7102] netlink_unicast+0x39d/0x990 [ 139.799005][ T7102] ? __pfx_netlink_unicast+0x10/0x10 [ 139.804308][ T7102] ovs_ct_limit_cmd_set+0x970/0xaf0 [ 139.809522][ T7102] ? __nla_parse+0x40/0x60 [ 139.813959][ T7102] ? genl_family_rcv_msg_attrs_parse+0x21b/0x290 [ 139.820415][ T7102] genl_rcv_msg+0xb14/0xec0 [ 139.825036][ T7102] ? mark_lock+0x9a/0x350 [ 139.829391][ T7102] ? __pfx_genl_rcv_msg+0x10/0x10 [ 139.834458][ T7102] ? __pfx_lock_acquire+0x10/0x10 [ 139.839489][ T7102] ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10 [ 139.845231][ T7102] ? __pfx___might_resched+0x10/0x10 [ 139.850538][ T7102] netlink_rcv_skb+0x1e3/0x430 [ 139.855318][ T7102] ? __pfx_genl_rcv_msg+0x10/0x10 [ 139.860359][ T7102] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 139.865668][ T7102] ? __netlink_deliver_tap+0x77e/0x7c0 [ 139.871147][ T7102] genl_rcv+0x28/0x40 [ 139.875154][ T7102] netlink_unicast+0x7f0/0x990 [ 139.879952][ T7102] ? __pfx_netlink_unicast+0x10/0x10 [ 139.885241][ T7102] ? __virt_addr_valid+0x183/0x520 [ 139.890369][ T7102] ? __check_object_size+0x49c/0x900 [ 139.895669][ T7102] ? bpf_lsm_netlink_send+0x9/0x10 [ 139.900799][ T7102] netlink_sendmsg+0x8e4/0xcb0 [ 139.905677][ T7102] ? __pfx_netlink_sendmsg+0x10/0x10 [ 139.910988][ T7102] ? __import_iovec+0x536/0x820 [ 139.915859][ T7102] ? aa_sock_msg_perm+0x91/0x160 [ 139.920831][ T7102] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 139.926127][ T7102] ? security_socket_sendmsg+0x87/0xb0 [ 139.931687][ T7102] ? __pfx_netlink_sendmsg+0x10/0x10 [ 139.936983][ T7102] __sock_sendmsg+0x221/0x270 [ 139.941673][ T7102] ____sys_sendmsg+0x525/0x7d0 [ 139.946465][ T7102] ? __pfx_____sys_sendmsg+0x10/0x10 [ 139.951783][ T7102] __sys_sendmsg+0x2b0/0x3a0 [ 139.956396][ T7102] ? __pfx___sys_sendmsg+0x10/0x10 [ 139.961542][ T7102] ? vfs_write+0x7c4/0xc90 [ 139.966018][ T7102] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 139.972361][ T7102] ? do_syscall_64+0x100/0x230 [ 139.977140][ T7102] ? do_syscall_64+0xb6/0x230 [ 139.981837][ T7102] do_syscall_64+0xf3/0x230 [ 139.986352][ T7102] ? clear_bhb_loop+0x35/0x90 [ 139.991131][ T7102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.997039][ T7102] RIP: 0033:0x7ff024b75bd9 [ 140.001459][ T7102] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.021077][ T7102] RSP: 002b:00007ff025a0f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 140.029519][ T7102] RAX: ffffffffffffffda RBX: 00007ff024d03f60 RCX: 00007ff024b75bd9 [ 140.037513][ T7102] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 140.045611][ T7102] RBP: 00007ff025a0f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 140.053590][ T7102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 140.061567][ T7102] R13: 000000000000000b R14: 00007ff024d03f60 R15: 00007ffe39547838 [ 140.069574][ T7102] [ 140.109410][ T53] Bluetooth: hci3: command tx timeout [ 140.196906][ T6920] hsr_slave_0: entered promiscuous mode [ 140.211019][ T6920] hsr_slave_1: entered promiscuous mode [ 140.659791][ T7130] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT [ 140.887116][ T7144] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 140.920110][ T7144] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 140.968493][ T7150] pim6reg: entered allmulticast mode [ 140.999063][ T7142] netlink: 52 bytes leftover after parsing attributes in process `syz.4.667'. [ 141.011916][ T7144] netlink: 'syz.3.668': attribute type 4 has an invalid length. [ 141.115505][ T7162] Bluetooth: MGMT ver 1.22 [ 141.370377][ T6920] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 141.389623][ T6920] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 141.410272][ T6920] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 141.439463][ T6920] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 141.659044][ T6920] 8021q: adding VLAN 0 to HW filter on device bond0 [ 141.720049][ T6920] 8021q: adding VLAN 0 to HW filter on device team0 [ 141.747299][ T7174] netlink: 'syz.1.679': attribute type 2 has an invalid length. [ 141.770854][ T5151] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.778119][ T5151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 141.782428][ T7174] netlink: 28 bytes leftover after parsing attributes in process `syz.1.679'. [ 141.805131][ T5151] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.812372][ T5151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 141.846900][ T7181] netlink: 8 bytes leftover after parsing attributes in process `syz.3.681'. [ 141.883426][ T7181] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 141.928200][ T7182] netlink: 36 bytes leftover after parsing attributes in process `syz.1.679'. [ 142.143930][ T5113] Bluetooth: hci3: command tx timeout [ 142.149796][ T7196] netlink: 40 bytes leftover after parsing attributes in process `syz.2.682'. [ 142.600057][ T6920] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 142.748461][ T6920] veth0_vlan: entered promiscuous mode [ 142.789451][ T6920] veth1_vlan: entered promiscuous mode [ 142.889937][ T6920] veth0_macvtap: entered promiscuous mode [ 142.906867][ T6920] veth1_macvtap: entered promiscuous mode [ 142.934402][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.961868][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.971747][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.999222][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.009577][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 143.020538][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.037414][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 143.049433][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.067986][ T6920] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 143.098872][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.118017][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.128496][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.141993][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.164889][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.186759][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.207924][ T6920] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.220901][ T6920] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.238735][ T6920] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 143.284888][ T6920] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.316333][ T6920] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.317100][ T7247] FAULT_INJECTION: forcing a failure. [ 143.317100][ T7247] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 143.335685][ T6920] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.342322][ T7247] CPU: 1 PID: 7247 Comm: syz.2.701 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0 [ 143.357266][ T7247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 143.366388][ T6920] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.367328][ T7247] Call Trace: [ 143.367341][ T7247] [ 143.382300][ T7247] dump_stack_lvl+0x241/0x360 [ 143.387085][ T7247] ? __pfx_dump_stack_lvl+0x10/0x10 [ 143.392297][ T7247] ? __pfx__printk+0x10/0x10 [ 143.396913][ T7247] ? snprintf+0xda/0x120 [ 143.401175][ T7247] should_fail_ex+0x3b0/0x4e0 [ 143.405881][ T7247] _copy_to_user+0x2f/0xb0 [ 143.410310][ T7247] simple_read_from_buffer+0xca/0x150 [ 143.415708][ T7247] proc_fail_nth_read+0x1e9/0x250 [ 143.420748][ T7247] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 143.426318][ T7247] ? rw_verify_area+0x520/0x6b0 [ 143.431187][ T7247] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 143.436749][ T7247] vfs_read+0x204/0xbc0 [ 143.440917][ T7247] ? __pfx_lock_release+0x10/0x10 [ 143.445956][ T7247] ? __pfx_vfs_read+0x10/0x10 [ 143.450644][ T7247] ? __fget_files+0x29/0x470 [ 143.455252][ T7247] ? __fget_files+0x3f6/0x470 [ 143.459954][ T7247] ksys_read+0x1a0/0x2c0 [ 143.464214][ T7247] ? __pfx_ksys_read+0x10/0x10 [ 143.469013][ T7247] ? do_syscall_64+0x100/0x230 [ 143.473800][ T7247] ? do_syscall_64+0xb6/0x230 [ 143.478508][ T7247] do_syscall_64+0xf3/0x230 [ 143.483027][ T7247] ? clear_bhb_loop+0x35/0x90 [ 143.487726][ T7247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.493632][ T7247] RIP: 0033:0x7fd50cf746bc [ 143.498074][ T7247] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 143.517701][ T7247] RSP: 002b:00007fd50ddee040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 143.526130][ T7247] RAX: ffffffffffffffda RBX: 00007fd50d103f60 RCX: 00007fd50cf746bc [ 143.534121][ T7247] RDX: 000000000000000f RSI: 00007fd50ddee0b0 RDI: 0000000000000004 [ 143.542098][ T7247] RBP: 00007fd50ddee0a0 R08: 0000000000000000 R09: 0000000000000000 [ 143.550072][ T7247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 143.558048][ T7247] R13: 000000000000000b R14: 00007fd50d103f60 R15: 00007ffc4945f988 [ 143.566046][ T7247] [ 143.791340][ T7251] x_tables: ip6_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT/POSTROUTING [ 143.936336][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.965291][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 144.026623][ T7254] netlink: 12 bytes leftover after parsing attributes in process `syz.3.705'. [ 144.061521][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 144.080178][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 144.224049][ T7264] netlink: 12 bytes leftover after parsing attributes in process `syz.2.707'. [ 144.226738][ T5113] Bluetooth: hci3: command 0x0405 tx timeout [ 144.389243][ T7262] netlink: 44 bytes leftover after parsing attributes in process `syz.2.707'. [ 144.425913][ T7262] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 144.595099][ T7270] netlink: 8 bytes leftover after parsing attributes in process `syz.2.709'. [ 144.823270][ T7277] tipc: MTU too low for tipc bearer [ 144.844825][ T7277] netlink: 52 bytes leftover after parsing attributes in process `syz.2.712'. [ 144.885419][ T7277] netlink: 'syz.2.712': attribute type 10 has an invalid length. [ 144.973172][ T7277] team0: Failed to send options change via netlink (err -105) [ 144.980895][ T7277] team0: Port device netdevsim0 added [ 145.000694][ T7289] netlink: 'syz.2.712': attribute type 1 has an invalid length. [ 145.022039][ T7289] netlink: 616 bytes leftover after parsing attributes in process `syz.2.712'. [ 145.033392][ T7290] xt_l2tp: invalid flags combination: 0 [ 145.052001][ T7287] xt_l2tp: invalid flags combination: 0 [ 145.071195][ T7277] netlink: 'syz.2.712': attribute type 10 has an invalid length. [ 145.087131][ T7277] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 145.137794][ T7277] team0: Failed to send options change via netlink (err -105) [ 145.150312][ T7277] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 145.183096][ T7277] team0: Port device netdevsim0 removed [ 145.205574][ T7277] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 145.216391][ T7277] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 145.228558][ T7277] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 145.239976][ T7301] netlink: 'syz.3.722': attribute type 2 has an invalid length. [ 146.649931][ T1092] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.852255][ T7370] netlink: 'syz.4.749': attribute type 2 has an invalid length. [ 146.902097][ T7374] macvlan3: entered allmulticast mode [ 146.922637][ T7374] mac80211_hwsim hwsim8 wlan0: entered promiscuous mode [ 146.953458][ T7374] mac80211_hwsim hwsim8 wlan0: entered allmulticast mode [ 147.000965][ T7374] team0: Port device macvlan3 added [ 147.072134][ T7382] __nla_validate_parse: 3 callbacks suppressed [ 147.072158][ T7382] netlink: 8 bytes leftover after parsing attributes in process `syz.3.752'. [ 147.335323][ T5113] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 147.345612][ T5113] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 147.360185][ T5113] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 147.370921][ T5113] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 147.380957][ T5113] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 147.397184][ T5113] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 147.405633][ T7404] netlink: 32 bytes leftover after parsing attributes in process `syz.2.758'. [ 147.433926][ T7404] netlink: 7 bytes leftover after parsing attributes in process `syz.2.758'. [ 147.476002][ T1092] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.519929][ T7400] caif0 speed is unknown, defaulting to 1000 [ 147.561060][ T1092] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.657074][ T1092] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 147.838499][ T7400] chnl_net:caif_netlink_parms(): no params data found [ 147.869943][ T1092] bridge_slave_1: left allmulticast mode [ 147.875922][ T1092] bridge_slave_1: left promiscuous mode [ 147.881731][ T1092] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.895644][ T1092] bridge_slave_0: left allmulticast mode [ 147.901327][ T1092] bridge_slave_0: left promiscuous mode [ 147.915707][ T1092] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.265102][ T1092] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 148.279479][ T1092] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 148.291329][ T1092] bond0 (unregistering): Released all slaves [ 148.408927][ T7400] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.422384][ T7400] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.429681][ T7400] bridge_slave_0: entered allmulticast mode [ 148.439658][ T7400] bridge_slave_0: entered promiscuous mode [ 148.478917][ T7400] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.487330][ T7400] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.495357][ T7400] bridge_slave_1: entered allmulticast mode [ 148.503019][ T7400] bridge_slave_1: entered promiscuous mode [ 148.590255][ T7400] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 148.605397][ T7400] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 148.668321][ T7400] team0: Port device team_slave_0 added [ 148.690549][ T7400] team0: Port device team_slave_1 added [ 148.829262][ T7400] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 148.836972][ T7400] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.867965][ T7400] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 148.890230][ T1092] hsr_slave_0: left promiscuous mode [ 148.896645][ T1092] hsr_slave_1: left promiscuous mode [ 148.907436][ T1092] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 148.915289][ T1092] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 148.923405][ T1092] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 148.931269][ T1092] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 148.956570][ T1092] veth1_macvtap: left promiscuous mode [ 148.962297][ T1092] veth0_macvtap: left promiscuous mode [ 148.967904][ T1092] veth1_vlan: left promiscuous mode [ 148.974493][ T1092] veth0_vlan: left promiscuous mode [ 149.198022][ C1] Dead loop on virtual device ipvlan1, fix it urgently! [ 149.477010][ T1092] team0 (unregistering): Port device team_slave_1 removed [ 149.503564][ T5113] Bluetooth: hci3: command tx timeout [ 149.526614][ T1092] team0 (unregistering): Port device team_slave_0 removed [ 149.940230][ T7400] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 149.948853][ T7400] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 149.976971][ T7400] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 150.043196][ T7400] hsr_slave_0: entered promiscuous mode [ 150.049910][ T7400] hsr_slave_1: entered promiscuous mode [ 150.489440][ T7400] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 150.500664][ T7400] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 150.513094][ T7400] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 150.525185][ T7400] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 150.622556][ T7400] 8021q: adding VLAN 0 to HW filter on device bond0 [ 150.648910][ T7400] 8021q: adding VLAN 0 to HW filter on device team0 [ 150.665024][ T784] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.672244][ T784] bridge0: port 1(bridge_slave_0) entered forwarding state [ 150.689579][ T784] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.696857][ T784] bridge0: port 2(bridge_slave_1) entered forwarding state [ 150.897242][ T7400] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 150.949136][ T7400] veth0_vlan: entered promiscuous mode [ 150.965064][ T7400] veth1_vlan: entered promiscuous mode [ 151.004524][ T7400] veth0_macvtap: entered promiscuous mode [ 151.021050][ T7400] veth1_macvtap: entered promiscuous mode [ 151.042935][ T7400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 151.053514][ T7400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.063979][ T7400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 151.075059][ T7400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.087160][ T7400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 151.097744][ T7400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.113397][ T7400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 151.123922][ T7400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.135443][ T7400] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 151.151705][ T7400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 151.162408][ T7400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.172614][ T7400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 151.186477][ T7400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.197232][ T7400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 151.207862][ T7400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.219340][ T7400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 151.231072][ T7400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 151.243821][ T7400] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 151.258471][ T7400] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.268114][ T7400] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.276905][ T7400] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.288640][ T7400] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.370589][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 151.389038][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 151.419995][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 151.429441][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 152.581248][ T7427] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 152.589428][ T7427] IPv6: NLM_F_CREATE should be set when creating new route [ 152.678357][ T7423] vlan2: entered promiscuous mode [ 152.690250][ T7423] vlan2: entered allmulticast mode [ 153.013885][ T7446] netlink: 8 bytes leftover after parsing attributes in process `syz.1.770'. [ 153.278976][ T7462] netlink: 'syz.1.777': attribute type 4 has an invalid length. [ 153.354433][ T7467] netlink: 32 bytes leftover after parsing attributes in process `syz.2.778'. [ 153.371564][ T7466] netlink: 'syz.1.777': attribute type 4 has an invalid length. [ 153.386303][ T7471] netlink: 12 bytes leftover after parsing attributes in process `syz.2.778'. [ 153.402719][ T7467] IPVS: rr: TCP 172.20.20.170:0 - no destination available [ 153.458421][ T7471] netlink: 4 bytes leftover after parsing attributes in process `syz.2.778'. [ 153.477431][ T7471] netlink: 24 bytes leftover after parsing attributes in process `syz.2.778'. [ 153.486691][ T7462] netlink: 'syz.1.777': attribute type 4 has an invalid length. [ 154.058641][ T7496] geneve2: entered promiscuous mode [ 154.083737][ T7496] geneve2: entered allmulticast mode [ 154.823887][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.081234][ T7529] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 155.124921][ T53] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 155.136263][ T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 155.145426][ T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 155.157045][ T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 155.172631][ T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 155.206686][ T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 155.400380][ T7534] caif0 speed is unknown, defaulting to 1000 [ 155.600638][ T7551] netlink: 'syz.4.809': attribute type 1 has an invalid length. [ 155.636219][ T7551] netlink: 112860 bytes leftover after parsing attributes in process `syz.4.809'. [ 155.775451][ T7556] netlink: 8 bytes leftover after parsing attributes in process `syz.2.810'. [ 155.984993][ T7562] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 155.992324][ T7562] IPv6: NLM_F_CREATE should be set when creating new route [ 156.535694][ T7588] netlink: 16 bytes leftover after parsing attributes in process `syz.1.819'. [ 156.641553][ T7589] netlink: 8 bytes leftover after parsing attributes in process `syz.4.822'. [ 156.676788][ T7534] chnl_net:caif_netlink_parms(): no params data found [ 156.697643][ T7588] netlink: 16 bytes leftover after parsing attributes in process `syz.1.819'. [ 156.810257][ T7594] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 156.841568][ T7595] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 156.894110][ T7597] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 156.974721][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.059866][ T7599] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 157.250197][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.271225][ T5113] Bluetooth: hci3: command tx timeout [ 157.380509][ T7534] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.394242][ T7534] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.402142][ T7534] bridge_slave_0: entered allmulticast mode [ 157.423545][ T7534] bridge_slave_0: entered promiscuous mode [ 157.438857][ T7534] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.452171][ T7534] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.459655][ T7534] bridge_slave_1: entered allmulticast mode [ 157.468275][ T7534] bridge_slave_1: entered promiscuous mode [ 157.566478][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.805868][ T7534] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 157.878397][ T7534] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 158.049524][ T7534] team0: Port device team_slave_0 added [ 158.156548][ T7534] team0: Port device team_slave_1 added [ 158.371221][ T7534] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 158.387494][ T7534] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 158.419315][ T7534] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 158.595635][ T7534] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 158.613326][ T7534] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 158.653651][ T7534] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 158.745200][ T7635] FAULT_INJECTION: forcing a failure. [ 158.745200][ T7635] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 158.771944][ T7635] CPU: 1 PID: 7635 Comm: syz.4.837 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0 [ 158.781998][ T7635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 158.792185][ T7635] Call Trace: [ 158.795485][ T7635] [ 158.798424][ T7635] dump_stack_lvl+0x241/0x360 [ 158.803126][ T7635] ? __pfx_dump_stack_lvl+0x10/0x10 [ 158.808334][ T7635] ? __pfx__printk+0x10/0x10 [ 158.812946][ T7635] ? __pfx_lock_release+0x10/0x10 [ 158.818010][ T7635] should_fail_ex+0x3b0/0x4e0 [ 158.822804][ T7635] _copy_from_user+0x2f/0xe0 [ 158.827427][ T7635] br_ioctl_stub+0x184/0xb00 [ 158.832126][ T7635] ? __mutex_lock+0x527/0xd70 [ 158.836818][ T7635] ? __pfx_br_ioctl_stub+0x10/0x10 [ 158.841947][ T7635] ? sock_ioctl+0x5c6/0x8e0 [ 158.846459][ T7635] ? __pfx___mutex_lock+0x10/0x10 [ 158.851544][ T7635] ? __pfx_br_ioctl_stub+0x10/0x10 [ 158.856668][ T7635] sock_ioctl+0x5ee/0x8e0 [ 158.861014][ T7635] ? __pfx_sock_ioctl+0x10/0x10 [ 158.865885][ T7635] ? __fget_files+0x29/0x470 [ 158.870675][ T7635] ? __fget_files+0x3f6/0x470 [ 158.875372][ T7635] ? __fget_files+0x29/0x470 [ 158.880016][ T7635] ? bpf_lsm_file_ioctl+0x9/0x10 [ 158.884972][ T7635] ? security_file_ioctl+0x87/0xb0 [ 158.890109][ T7635] ? __pfx_sock_ioctl+0x10/0x10 [ 158.894976][ T7635] __se_sys_ioctl+0xfc/0x170 [ 158.899604][ T7635] do_syscall_64+0xf3/0x230 [ 158.904123][ T7635] ? clear_bhb_loop+0x35/0x90 [ 158.908817][ T7635] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.914730][ T7635] RIP: 0033:0x7faa77175bd9 [ 158.919161][ T7635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.938890][ T7635] RSP: 002b:00007faa77fbf048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 158.947334][ T7635] RAX: ffffffffffffffda RBX: 00007faa77303f60 RCX: 00007faa77175bd9 [ 158.955326][ T7635] RDX: 0000000020000040 RSI: 00000000000089a1 RDI: 0000000000000007 [ 158.963310][ T7635] RBP: 00007faa77fbf0a0 R08: 0000000000000000 R09: 0000000000000000 [ 158.971294][ T7635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 158.979279][ T7635] R13: 000000000000000b R14: 00007faa77303f60 R15: 00007ffc3c756728 [ 158.987459][ T7635] [ 159.060436][ T11] bridge_slave_1: left allmulticast mode [ 159.071994][ T11] bridge_slave_1: left promiscuous mode [ 159.078936][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.113565][ T11] bridge_slave_0: left allmulticast mode [ 159.119274][ T11] bridge_slave_0: left promiscuous mode [ 159.143307][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.343901][ T5113] Bluetooth: hci3: command tx timeout [ 159.358682][ T7646] netlink: 'syz.4.840': attribute type 3 has an invalid length. [ 159.368471][ T7646] netlink: 'syz.4.840': attribute type 3 has an invalid length. [ 159.838103][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 159.858923][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 159.880466][ T11] bond0 (unregistering): Released all slaves [ 159.922299][ T7637] __nla_validate_parse: 2 callbacks suppressed [ 159.922321][ T7637] netlink: 72 bytes leftover after parsing attributes in process `syz.1.838'. [ 160.167374][ T7534] hsr_slave_0: entered promiscuous mode [ 160.224595][ T7534] hsr_slave_1: entered promiscuous mode [ 160.246089][ T7534] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 160.258318][ T7534] Cannot create hsr debugfs directory [ 160.468263][ T7668] netlink: 8 bytes leftover after parsing attributes in process `syz.2.849'. [ 160.810455][ T7674] trusted_key: syz.4.851 sent an empty control message without MSG_MORE. [ 160.838085][ T7680] netlink: 'syz.3.852': attribute type 10 has an invalid length. [ 160.874782][ T7680] team0: Port device netdevsim0 added [ 160.913698][ T7677] netlink: 'syz.3.852': attribute type 10 has an invalid length. [ 160.963600][ T7677] team0: Port device netdevsim0 removed [ 160.990424][ T7677] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 161.328826][ T11] hsr_slave_0: left promiscuous mode [ 161.361710][ T11] hsr_slave_1: left promiscuous mode [ 161.383776][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 161.391272][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 161.415548][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 161.421974][ T5113] Bluetooth: hci3: command tx timeout [ 161.453218][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 161.517020][ T11] veth1_macvtap: left promiscuous mode [ 161.540481][ T7700] netlink: 256 bytes leftover after parsing attributes in process `syz.1.857'. [ 161.543228][ T11] veth0_macvtap: left promiscuous mode [ 161.567946][ T11] veth1_vlan: left promiscuous mode [ 161.573595][ T11] veth0_vlan: left promiscuous mode [ 162.197246][ T11] team0 (unregistering): Port device team_slave_1 removed [ 162.254893][ T11] team0 (unregistering): Port device team_slave_0 removed [ 162.721240][ T7700] netlink: 24 bytes leftover after parsing attributes in process `syz.1.857'. [ 162.825548][ T7707] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 162.907338][ T7711] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 163.502383][ T5113] Bluetooth: hci3: command tx timeout [ 163.622842][ T7534] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 163.642369][ T7534] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 163.676343][ T7534] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 163.714635][ T7748] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 163.722140][ T7534] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 163.950889][ T7750] netlink: 'syz.2.876': attribute type 4 has an invalid length. [ 164.207301][ T7534] 8021q: adding VLAN 0 to HW filter on device bond0 [ 164.264726][ T7534] 8021q: adding VLAN 0 to HW filter on device team0 [ 164.301504][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.308768][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 164.355551][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.362885][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 164.481387][ T7766] ieee802154 phy0 wpan0: encryption failed: -90 [ 164.496295][ T7775] FAULT_INJECTION: forcing a failure. [ 164.496295][ T7775] name failslab, interval 1, probability 0, space 0, times 0 [ 164.542780][ T7775] CPU: 1 PID: 7775 Comm: syz.2.886 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0 [ 164.552845][ T7775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 164.562939][ T7775] Call Trace: [ 164.566242][ T7775] [ 164.569181][ T7775] dump_stack_lvl+0x241/0x360 [ 164.573910][ T7775] ? __pfx_dump_stack_lvl+0x10/0x10 [ 164.579166][ T7775] ? __pfx__printk+0x10/0x10 [ 164.583825][ T7775] should_fail_ex+0x3b0/0x4e0 [ 164.588586][ T7775] ? __alloc_skb+0x1c3/0x440 [ 164.593226][ T7775] should_failslab+0x9/0x20 [ 164.597870][ T7775] kmem_cache_alloc_node_noprof+0x71/0x320 [ 164.603741][ T7775] __alloc_skb+0x1c3/0x440 [ 164.608203][ T7775] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 164.614579][ T7775] ? __pfx___alloc_skb+0x10/0x10 [ 164.619579][ T7775] ? __pfx_lockdep_hardirqs_on+0x10/0x10 [ 164.625279][ T7775] inet_netconf_notify_devconf+0x15a/0x220 [ 164.631135][ T7775] inetdev_event+0x839/0x15c0 [ 164.635847][ T7775] ? __pfx_inetdev_event+0x10/0x10 [ 164.640981][ T7775] ? cfg802154_netdev_notifier_call+0xde/0x8f0 [ 164.647167][ T7775] notifier_call_chain+0x19f/0x3e0 [ 164.652347][ T7775] unregister_netdevice_many_notify+0xdc8/0x1d20 [ 164.658714][ T7775] ? mark_lock+0x9a/0x350 [ 164.663072][ T7775] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 164.669857][ T7775] ? call_rcu+0x738/0xa70 [ 164.674200][ T7775] ? lockdep_hardirqs_on+0x99/0x150 [ 164.679439][ T7775] unregister_netdevice_queue+0x303/0x370 [ 164.685181][ T7775] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 164.691442][ T7775] ? br_dev_delete+0xda/0x100 [ 164.696136][ T7775] br_del_bridge+0xb8/0xf0 [ 164.700567][ T7775] br_ioctl_stub+0x48d/0xb00 [ 164.705184][ T7775] ? __pfx_br_ioctl_stub+0x10/0x10 [ 164.710307][ T7775] ? sock_ioctl+0x5c6/0x8e0 [ 164.714988][ T7775] ? __pfx___mutex_lock+0x10/0x10 [ 164.720096][ T7775] ? __pfx_br_ioctl_stub+0x10/0x10 [ 164.725246][ T7775] sock_ioctl+0x5ee/0x8e0 [ 164.729598][ T7775] ? __pfx_sock_ioctl+0x10/0x10 [ 164.734461][ T7775] ? __fget_files+0x29/0x470 [ 164.739071][ T7775] ? __fget_files+0x3f6/0x470 [ 164.743775][ T7775] ? __fget_files+0x29/0x470 [ 164.748400][ T7775] ? bpf_lsm_file_ioctl+0x9/0x10 [ 164.753480][ T7775] ? security_file_ioctl+0x87/0xb0 [ 164.758704][ T7775] ? __pfx_sock_ioctl+0x10/0x10 [ 164.763568][ T7775] __se_sys_ioctl+0xfc/0x170 [ 164.768265][ T7775] do_syscall_64+0xf3/0x230 [ 164.772780][ T7775] ? clear_bhb_loop+0x35/0x90 [ 164.777471][ T7775] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.783377][ T7775] RIP: 0033:0x7fd50cf75bd9 [ 164.787803][ T7775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.807539][ T7775] RSP: 002b:00007fd50ddee048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 164.816009][ T7775] RAX: ffffffffffffffda RBX: 00007fd50d103f60 RCX: 00007fd50cf75bd9 [ 164.824081][ T7775] RDX: 0000000020000040 RSI: 00000000000089a1 RDI: 0000000000000007 [ 164.832063][ T7775] RBP: 00007fd50ddee0a0 R08: 0000000000000000 R09: 0000000000000000 [ 164.840061][ T7775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 164.848053][ T7775] R13: 000000000000000b R14: 00007fd50d103f60 R15: 00007ffc4945f988 [ 164.856064][ T7775] [ 165.294081][ T7794] netlink: 12 bytes leftover after parsing attributes in process `syz.1.893'. [ 165.410494][ T7794] netlink: 12 bytes leftover after parsing attributes in process `syz.1.893'. [ 165.726345][ T7794] syzkaller0: entered promiscuous mode [ 165.737636][ T7794] syzkaller0: entered allmulticast mode [ 166.222944][ T7823] netlink: 4 bytes leftover after parsing attributes in process `syz.2.900'. [ 168.737748][ C0] vcan0: j1939_tp_rxtimer: 0xffff888029462400: rx timeout, send abort [ 168.951947][ T7813] netlink: 4 bytes leftover after parsing attributes in process `syz.4.899'. [ 169.056824][ T7534] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 169.098497][ T7825] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 169.146871][ T7825] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 169.226376][ T7534] veth0_vlan: entered promiscuous mode [ 169.246884][ C0] vcan0 (unregistered): j1939_tp_rxtimer: 0xffff888029462400: abort rx timeout. Force session deactivation [ 169.249186][ T7534] veth1_vlan: entered promiscuous mode [ 169.385674][ T7534] veth0_macvtap: entered promiscuous mode [ 169.419282][ T7534] veth1_macvtap: entered promiscuous mode [ 169.478510][ T7534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.499237][ T7534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.499333][ T7843] netlink: 264 bytes leftover after parsing attributes in process `syz.4.908'. [ 169.515421][ T7534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.543851][ T7534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.558786][ T7534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.574329][ T7534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.596117][ T7534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.615108][ T7534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.638750][ T7534] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 169.648178][ T7848] netlink: 8 bytes leftover after parsing attributes in process `syz.2.910'. [ 169.695547][ T7534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.721064][ T7534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.744704][ T7534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.769389][ T7534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.792187][ T7534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.808224][ T7534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.821666][ T7534] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.834398][ T7534] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.867656][ T7534] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 169.898804][ T7534] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.922938][ T7534] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.931707][ T7534] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.952279][ T7534] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 170.244496][ T2865] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 170.275814][ T2865] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 170.356799][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 170.371209][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 170.658675][ T7891] netlink: 8 bytes leftover after parsing attributes in process `syz.4.923'. [ 170.814024][ T7896] netlink: 48 bytes leftover after parsing attributes in process `syz.4.926'. [ 171.235667][ T7916] netlink: 8 bytes leftover after parsing attributes in process `syz.3.936'. [ 171.544749][ T7937] netlink: 8 bytes leftover after parsing attributes in process `syz.3.943'. [ 171.570182][ T7938] netlink: 8 bytes leftover after parsing attributes in process `syz.3.943'. [ 172.037233][ T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 172.600987][ T7958] netlink: 8 bytes leftover after parsing attributes in process `syz.2.951'. [ 172.867373][ T7973] netlink: 'syz.2.957': attribute type 1 has an invalid length. [ 172.885868][ T7973] netlink: 'syz.2.957': attribute type 1 has an invalid length. [ 172.907100][ T7973] netlink: 'syz.2.957': attribute type 1 has an invalid length. [ 172.927266][ T7973] netlink: 'syz.2.957': attribute type 1 has an invalid length. [ 172.952293][ T7973] netlink: 'syz.2.957': attribute type 1 has an invalid length. [ 172.976262][ T7973] netlink: 'syz.2.957': attribute type 1 has an invalid length. [ 173.001907][ T7973] netlink: 'syz.2.957': attribute type 1 has an invalid length. [ 173.040196][ T7973] netlink: 'syz.2.957': attribute type 1 has an invalid length. [ 173.070218][ T53] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 173.071423][ T7973] netlink: 'syz.2.957': attribute type 1 has an invalid length. [ 173.088348][ T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 173.100883][ T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 173.114615][ T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 173.127710][ T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 173.136419][ T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 173.247943][ T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.271499][ T7981] bridge0: port 1(macsec0) entered blocking state [ 173.278752][ T7981] bridge0: port 1(macsec0) entered disabled state [ 173.285739][ T7981] macsec0: entered allmulticast mode [ 173.291186][ T7981] veth1_macvtap: entered allmulticast mode [ 173.306553][ T7981] macsec0: entered promiscuous mode [ 173.315124][ T7981] bridge0: port 1(macsec0) entered blocking state [ 173.323148][ T7981] bridge0: port 1(macsec0) entered forwarding state [ 173.336667][ T7975] netlink: 'syz.3.958': attribute type 10 has an invalid length. [ 173.397156][ T7975] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 173.460860][ T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.527896][ T7986] caif0 speed is unknown, defaulting to 1000 [ 173.598270][ T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.706574][ T8003] netlink: 4 bytes leftover after parsing attributes in process `syz.2.962'. [ 174.037470][ T35] bridge_slave_1: left allmulticast mode [ 174.053743][ T35] bridge_slave_1: left promiscuous mode [ 174.059594][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.087633][ T35] bridge_slave_0: left allmulticast mode [ 174.099033][ T35] bridge_slave_0: left promiscuous mode [ 174.106363][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.356943][ T8031] xt_TCPMSS: Only works on TCP SYN packets [ 174.691239][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 174.705263][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 174.716665][ T35] bond0 (unregistering): Released all slaves [ 174.841448][ T8042] netlink: 48 bytes leftover after parsing attributes in process `syz.4.973'. [ 175.182367][ T5113] Bluetooth: hci3: command tx timeout [ 175.411488][ T7986] chnl_net:caif_netlink_parms(): no params data found [ 175.571256][ T8074] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 175.643168][ T8077] netlink: 4 bytes leftover after parsing attributes in process `syz.4.985'. [ 175.838882][ T8087] netlink: 28 bytes leftover after parsing attributes in process `syz.3.987'. [ 175.872962][ T8077] netlink: 32 bytes leftover after parsing attributes in process `syz.4.985'. [ 175.931352][ T35] hsr_slave_0: left promiscuous mode [ 175.949670][ T35] hsr_slave_1: left promiscuous mode [ 176.004445][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 176.014599][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 176.037576][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 176.045276][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 176.082937][ T35] veth1_macvtap: left promiscuous mode [ 176.088665][ T35] veth0_macvtap: left promiscuous mode [ 176.094553][ T35] veth1_vlan: left promiscuous mode [ 176.100115][ T35] veth0_vlan: left promiscuous mode [ 176.674034][ T35] team0 (unregistering): Port device team_slave_1 removed [ 176.723489][ T35] team0 (unregistering): Port device team_slave_0 removed [ 177.180776][ T8095] netlink: 8 bytes leftover after parsing attributes in process `syz.3.990'. [ 177.262866][ T5113] Bluetooth: hci3: command tx timeout [ 177.317996][ T7986] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.340300][ T7986] bridge0: port 1(bridge_slave_0) entered disabled state [ 177.359640][ T7986] bridge_slave_0: entered allmulticast mode [ 177.396595][ T7986] bridge_slave_0: entered promiscuous mode [ 177.429859][ T7986] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.451115][ T7986] bridge0: port 2(bridge_slave_1) entered disabled state [ 177.459526][ T7986] bridge_slave_1: entered allmulticast mode [ 177.472466][ T7986] bridge_slave_1: entered promiscuous mode [ 177.488453][ T8112] sctp: [Deprecated]: syz.3.996 (pid 8112) Use of struct sctp_assoc_value in delayed_ack socket option. [ 177.488453][ T8112] Use struct sctp_sack_info instead [ 177.551317][ T8119] sctp: [Deprecated]: syz.3.996 (pid 8119) Use of struct sctp_assoc_value in delayed_ack socket option. [ 177.551317][ T8119] Use struct sctp_sack_info instead [ 177.618654][ T7986] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 177.655032][ T7986] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 177.699872][ T8112] netlink: 24 bytes leftover after parsing attributes in process `syz.3.996'. [ 177.709637][ T8125] sctp: [Deprecated]: syz.2.998 (pid 8125) Use of struct sctp_assoc_value in delayed_ack socket option. [ 177.709637][ T8125] Use struct sctp_sack_info instead [ 177.785796][ T7986] team0: Port device team_slave_0 added [ 177.815221][ T7986] team0: Port device team_slave_1 added [ 177.921629][ T8131] bond0: option arp_all_targets: invalid value (3) [ 177.944439][ T7986] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 177.971908][ T7986] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 178.032753][ T7986] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 178.085311][ T7986] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 178.098834][ T7986] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 178.154918][ T7986] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 178.435034][ T7986] hsr_slave_0: entered promiscuous mode [ 178.449575][ T7986] hsr_slave_1: entered promiscuous mode [ 178.517189][ T8159] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1014'. [ 178.795379][ T8173] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1019'. [ 178.918453][ T8175] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1021'. [ 179.219820][ T8189] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1024'. [ 179.242185][ T8189] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 179.251066][ T8189] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 179.265966][ T8189] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 179.276262][ T8189] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 179.344502][ T5113] Bluetooth: hci3: command tx timeout [ 179.386118][ T8185] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1024'. [ 179.418925][ T8197] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1029'. [ 179.469380][ T8197] vlan2: entered promiscuous mode [ 179.480301][ T8197] batadv0: entered promiscuous mode [ 179.492461][ T8197] vlan2: entered allmulticast mode [ 179.498025][ T8197] batadv0: entered allmulticast mode [ 179.508189][ T8197] batadv0: left allmulticast mode [ 179.515308][ T8197] batadv0: left promiscuous mode [ 179.548130][ T8206] validate_nla: 1 callbacks suppressed [ 179.548154][ T8206] netlink: 'syz.3.1031': attribute type 29 has an invalid length. [ 179.590253][ T8205] netlink: 'syz.3.1031': attribute type 1 has an invalid length. [ 179.646852][ T8206] netlink: 'syz.3.1031': attribute type 29 has an invalid length. [ 180.169222][ T7986] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 180.201353][ T8230] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 180.219357][ T8234] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 180.232771][ T7986] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 180.338755][ T7986] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 180.361550][ T7986] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 180.738882][ T7986] 8021q: adding VLAN 0 to HW filter on device bond0 [ 180.827994][ T7986] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.855350][ T5150] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.862618][ T5150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.910537][ T5153] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.917874][ T5153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.961188][ T8258] __nla_validate_parse: 2 callbacks suppressed [ 180.961211][ T8258] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1049'. [ 181.002062][ T8258] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1049'. [ 181.130471][ T8265] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 181.333797][ T8267] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.341030][ T8267] bridge0: port 1(bridge_slave_0) entered forwarding state [ 181.425321][ T5113] Bluetooth: hci3: command tx timeout [ 181.447211][ T8268] pim6reg1: entered promiscuous mode [ 181.453259][ T8268] pim6reg1: entered allmulticast mode [ 181.487352][ T8286] netlink: 5 bytes leftover after parsing attributes in process `syz.4.1059'. [ 181.524683][ T8286] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 181.752511][ T7986] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 182.018944][ T7986] veth0_vlan: entered promiscuous mode [ 182.068788][ T7986] veth1_vlan: entered promiscuous mode [ 182.081348][ T8308] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1066'. [ 182.110992][ T8312] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1066'. [ 182.168596][ T7986] veth0_macvtap: entered promiscuous mode [ 182.204173][ T7986] veth1_macvtap: entered promiscuous mode [ 182.252924][ T8317] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 182.262971][ T7986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 182.278876][ T7986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.290666][ T7986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 182.305138][ T7986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.317077][ T7986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 182.328113][ T7986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.342193][ T7986] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 182.365515][ T7986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 182.383095][ T7986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.394188][ T7986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 182.405177][ T7986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.415977][ T7986] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 182.429528][ T7986] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.442458][ T7986] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 182.471200][ T8319] netlink: 'syz.3.1069': attribute type 15 has an invalid length. [ 182.481312][ T7986] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 182.496572][ T7986] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 182.507398][ T7986] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 182.522180][ T7986] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 182.834101][ T3990] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 182.855621][ T3990] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 182.903718][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 182.951113][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 183.043794][ T8343] sctp: [Deprecated]: syz.1.1079 (pid 8343) Use of struct sctp_assoc_value in delayed_ack socket option. [ 183.043794][ T8343] Use struct sctp_sack_info instead [ 183.250848][ T8345] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1078'. [ 183.264575][ T8345] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1078'. [ 183.363019][ T8352] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 183.469024][ T8361] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1085'. [ 183.549939][ T8362] netlink: 'syz.2.1085': attribute type 1 has an invalid length. [ 183.568305][ T8362] netlink: 9396 bytes leftover after parsing attributes in process `syz.2.1085'. [ 183.636762][ T8370] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1089'. [ 184.134224][ T8395] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 185.657237][ T51] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.578529][ T51] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.760786][ T51] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.801599][ T8497] __nla_validate_parse: 10 callbacks suppressed [ 186.801623][ T8497] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1133'. [ 186.823064][ T53] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 186.829415][ T8501] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1136'. [ 186.833929][ T8497] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1133'. [ 186.858813][ T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 186.870300][ T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 186.886429][ T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 186.896497][ T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 186.904795][ T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 186.920986][ T8501] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1136'. [ 187.025315][ T51] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.093507][ T8513] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1136'. [ 187.179650][ T8509] netlink: 5 bytes leftover after parsing attributes in process `syz.3.1137'. [ 187.309168][ T8503] caif0 speed is unknown, defaulting to 1000 [ 187.345231][ T51] bridge_slave_1: left allmulticast mode [ 187.382267][ T51] bridge_slave_1: left promiscuous mode [ 187.388392][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.445030][ T51] bridge_slave_0: left allmulticast mode [ 187.450843][ T51] bridge_slave_0: left promiscuous mode [ 187.474265][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.503597][ T8523] xt_TCPMSS: Only works on TCP SYN packets [ 188.131949][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 188.148060][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 188.159608][ T51] bond0 (unregistering): Released all slaves [ 188.736094][ T8563] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 188.946292][ T5113] Bluetooth: hci3: command tx timeout [ 188.966619][ T8563] caif0 speed is unknown, defaulting to 1000 [ 189.248424][ T8503] chnl_net:caif_netlink_parms(): no params data found [ 189.456733][ T51] hsr_slave_0: left promiscuous mode [ 189.485636][ T51] hsr_slave_1: left promiscuous mode [ 189.521186][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 189.528858][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 189.546933][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 189.558905][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 189.612142][ T51] veth1_macvtap: left promiscuous mode [ 189.617760][ T51] veth0_macvtap: left promiscuous mode [ 189.633705][ T51] veth1_vlan: left promiscuous mode [ 189.639560][ T51] veth0_vlan: left promiscuous mode [ 190.179911][ T51] team0 (unregistering): Port device team_slave_1 removed [ 190.236522][ T51] team0 (unregistering): Port device team_slave_0 removed [ 190.895071][ T8599] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1163'. [ 191.021940][ T5113] Bluetooth: hci3: command tx timeout [ 191.145992][ T8503] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.168636][ T8503] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.192049][ T8503] bridge_slave_0: entered allmulticast mode [ 191.199753][ T8503] bridge_slave_0: entered promiscuous mode [ 191.226674][ T8503] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.234497][ T8503] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.241716][ T8503] bridge_slave_1: entered allmulticast mode [ 191.250019][ T8503] bridge_slave_1: entered promiscuous mode [ 191.261729][ T8619] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 191.621681][ T8503] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 191.623201][ T8633] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20002 [ 191.668170][ T8503] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.841306][ T8503] team0: Port device team_slave_0 added [ 191.859720][ T8503] team0: Port device team_slave_1 added [ 192.017162][ T8503] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 192.029757][ T8650] netlink: 105120 bytes leftover after parsing attributes in process `syz.4.1179'. [ 192.030327][ T8503] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.119881][ T8503] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 192.160092][ T8503] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 192.197242][ T8503] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.249870][ T8503] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 192.275148][ T8658] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 192.380947][ T8503] hsr_slave_0: entered promiscuous mode [ 192.388056][ T8503] hsr_slave_1: entered promiscuous mode [ 192.400629][ T8663] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 192.502328][ T8663] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 192.532070][ T8666] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1186'. [ 193.103997][ T5113] Bluetooth: hci3: command tx timeout [ 193.324383][ T8503] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 193.345822][ T8503] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 193.367861][ T8503] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 193.385793][ T8503] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 193.614810][ T8503] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.688586][ T8503] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.729989][ T8681] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 193.803961][ T5153] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.811201][ T5153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.879325][ T5153] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.886594][ T5153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.020243][ T8716] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1204'. [ 194.140491][ T8721] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1204'. [ 194.551246][ T8503] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.632591][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.641103][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.741578][ T8503] veth0_vlan: entered promiscuous mode [ 194.793420][ T8503] veth1_vlan: entered promiscuous mode [ 194.946881][ T8503] veth0_macvtap: entered promiscuous mode [ 194.982318][ T8503] veth1_macvtap: entered promiscuous mode [ 195.035913][ T8503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 195.062511][ T8503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.098812][ T8503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 195.122002][ T8503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.142360][ T8503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 195.157887][ T8503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.176234][ T8503] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 195.182773][ T5113] Bluetooth: hci3: command tx timeout [ 195.260898][ T8758] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1218'. [ 195.279399][ T8762] sch_tbf: burst 0 is lower than device veth1_to_bridge mtu (1514) ! [ 195.334836][ T8503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 195.367327][ T8503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.378481][ T8503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 195.393169][ T8503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.405680][ T8503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 195.419355][ T8503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.434772][ T8503] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 195.456789][ T8503] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.470575][ T8503] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.480334][ T8503] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.491283][ T8503] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.697995][ T8782] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 195.719900][ T8780] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 195.892078][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 195.903882][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.002001][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.010051][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.053529][ T8795] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1230'. [ 196.756230][ T8836] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 197.081518][ T8855] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 197.320209][ T8865] caif0 speed is unknown, defaulting to 1000 [ 197.600800][ T8877] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1261'. [ 197.846530][ T8889] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 198.111071][ T8905] ip6t_srh: unknown srh match flags 5294 [ 198.203840][ T8902] syzkaller0: entered promiscuous mode [ 198.209694][ T8902] syzkaller0: entered allmulticast mode [ 198.859401][ T2820] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.545666][ T8934] batadv0: entered promiscuous mode [ 199.909696][ T2820] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.005974][ T8955] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1291'. [ 200.027406][ T5099] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 200.037777][ T5099] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 200.052251][ T5099] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 200.082050][ T5099] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 200.097890][ T5099] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 200.105589][ T5099] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 200.204603][ T2820] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.209331][ T8971] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1298'. [ 200.247601][ T8973] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1298'. [ 200.371482][ T8976] FAULT_INJECTION: forcing a failure. [ 200.371482][ T8976] name failslab, interval 1, probability 0, space 0, times 0 [ 200.394647][ T8976] CPU: 0 PID: 8976 Comm: syz.3.1297 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0 [ 200.404772][ T8976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 200.414847][ T8976] Call Trace: [ 200.418136][ T8976] [ 200.421076][ T8976] dump_stack_lvl+0x241/0x360 [ 200.425791][ T8976] ? __pfx_dump_stack_lvl+0x10/0x10 [ 200.431002][ T8976] ? __pfx__printk+0x10/0x10 [ 200.435885][ T8976] ? __pfx___might_resched+0x10/0x10 [ 200.441183][ T8976] ? up_write+0x1a9/0x590 [ 200.445534][ T8976] ? do_raw_spin_unlock+0x13c/0x8b0 [ 200.450961][ T8976] should_fail_ex+0x3b0/0x4e0 [ 200.455696][ T8976] ? kobject_uevent_env+0x28b/0x8e0 [ 200.460925][ T8976] should_failslab+0x9/0x20 [ 200.465461][ T8976] kmalloc_trace_noprof+0x6c/0x2c0 [ 200.470720][ T8976] kobject_uevent_env+0x28b/0x8e0 [ 200.475770][ T8976] ? sysfs_remove_group+0x242/0x2c0 [ 200.481191][ T8976] __kobject_del+0xd3/0x310 [ 200.485716][ T8976] ? kobject_put+0x23d/0x480 [ 200.490341][ T8976] kobject_put+0x245/0x480 [ 200.494790][ T8976] net_rx_queue_update_kobjects+0x52b/0x5b0 [ 200.500727][ T8976] netdev_unregister_kobject+0x104/0x250 [ 200.506385][ T8976] unregister_netdevice_many_notify+0x17d3/0x1d20 [ 200.512850][ T8976] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 200.519635][ T8976] ? call_rcu+0x738/0xa70 [ 200.523980][ T8976] ? lockdep_hardirqs_on+0x99/0x150 [ 200.529223][ T8976] unregister_netdevice_queue+0x303/0x370 [ 200.534984][ T8976] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 200.541332][ T8976] ? br_dev_delete+0xda/0x100 [ 200.546029][ T8976] br_del_bridge+0xb8/0xf0 [ 200.550462][ T8976] br_ioctl_stub+0x48d/0xb00 [ 200.555077][ T8976] ? __mutex_lock+0x527/0xd70 [ 200.559771][ T8976] ? __pfx_br_ioctl_stub+0x10/0x10 [ 200.564899][ T8976] ? sock_ioctl+0x5c6/0x8e0 [ 200.569411][ T8976] ? __pfx___mutex_lock+0x10/0x10 [ 200.574465][ T8976] ? __pfx_br_ioctl_stub+0x10/0x10 [ 200.579606][ T8976] sock_ioctl+0x5ee/0x8e0 [ 200.583948][ T8976] ? __pfx_sock_ioctl+0x10/0x10 [ 200.588806][ T8976] ? __fget_files+0x29/0x470 [ 200.593417][ T8976] ? __fget_files+0x3f6/0x470 [ 200.598284][ T8976] ? __fget_files+0x29/0x470 [ 200.602898][ T8976] ? bpf_lsm_file_ioctl+0x9/0x10 [ 200.607849][ T8976] ? security_file_ioctl+0x87/0xb0 [ 200.612974][ T8976] ? __pfx_sock_ioctl+0x10/0x10 [ 200.617863][ T8976] __se_sys_ioctl+0xfc/0x170 [ 200.622489][ T8976] do_syscall_64+0xf3/0x230 [ 200.627019][ T8976] ? clear_bhb_loop+0x35/0x90 [ 200.631822][ T8976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.637757][ T8976] RIP: 0033:0x7ff024b75bd9 [ 200.642198][ T8976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 200.661842][ T8976] RSP: 002b:00007ff0259ee048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 200.670275][ T8976] RAX: ffffffffffffffda RBX: 00007ff024d04038 RCX: 00007ff024b75bd9 [ 200.678350][ T8976] RDX: 0000000020000040 RSI: 00000000000089a1 RDI: 0000000000000007 [ 200.686336][ T8976] RBP: 00007ff0259ee0a0 R08: 0000000000000000 R09: 0000000000000000 [ 200.694328][ T8976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 200.702307][ T8976] R13: 000000000000006e R14: 00007ff024d04038 R15: 00007ffe39547838 [ 200.710304][ T8976] [ 200.860716][ T2820] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.890777][ T8954] caif0 speed is unknown, defaulting to 1000 [ 201.163892][ T2820] bridge_slave_1: left allmulticast mode [ 201.182489][ T2820] bridge_slave_1: left promiscuous mode [ 201.188566][ T2820] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.246294][ T2820] bridge_slave_0: left allmulticast mode [ 201.261212][ T2820] bridge_slave_0: left promiscuous mode [ 201.277597][ T2820] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.789343][ T2820] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 201.801418][ T2820] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 201.816329][ T2820] bond0 (unregistering): Released all slaves [ 201.822599][ T5102] Bluetooth: hci2: command 0x0406 tx timeout [ 201.822788][ T5102] Bluetooth: hci1: command 0x0406 tx timeout [ 201.832129][ T5102] Bluetooth: hci0: command 0x0406 tx timeout [ 202.146652][ T5108] Bluetooth: hci3: command tx timeout [ 202.337718][ T9032] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1317'. [ 202.466116][ T9039] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 202.649031][ T9045] FAULT_INJECTION: forcing a failure. [ 202.649031][ T9045] name failslab, interval 1, probability 0, space 0, times 0 [ 202.671753][ T9045] CPU: 1 PID: 9045 Comm: syz.2.1321 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0 [ 202.681892][ T9045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 202.692091][ T9045] Call Trace: [ 202.695402][ T9045] [ 202.698354][ T9045] dump_stack_lvl+0x241/0x360 [ 202.703056][ T9045] ? __pfx_dump_stack_lvl+0x10/0x10 [ 202.708271][ T9045] ? __pfx__printk+0x10/0x10 [ 202.712886][ T9045] ? __pfx___might_resched+0x10/0x10 [ 202.718197][ T9045] should_fail_ex+0x3b0/0x4e0 [ 202.722900][ T9045] ? kobject_get_path+0xb8/0x230 [ 202.728023][ T9045] should_failslab+0x9/0x20 [ 202.732561][ T9045] __kmalloc_noprof+0xd8/0x400 [ 202.737370][ T9045] kobject_get_path+0xb8/0x230 [ 202.742351][ T9045] kobject_uevent_env+0x2a5/0x8e0 [ 202.747388][ T9045] ? sysfs_remove_group+0x242/0x2c0 [ 202.752812][ T9045] __kobject_del+0xd3/0x310 [ 202.757322][ T9045] ? kobject_put+0x23d/0x480 [ 202.761925][ T9045] kobject_put+0x245/0x480 [ 202.766356][ T9045] net_rx_queue_update_kobjects+0x52b/0x5b0 [ 202.772361][ T9045] netdev_unregister_kobject+0x104/0x250 [ 202.778017][ T9045] unregister_netdevice_many_notify+0x17d3/0x1d20 [ 202.784477][ T9045] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 202.791269][ T9045] ? call_rcu+0x738/0xa70 [ 202.795639][ T9045] ? lockdep_hardirqs_on+0x99/0x150 [ 202.800886][ T9045] unregister_netdevice_queue+0x303/0x370 [ 202.806631][ T9045] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 202.812931][ T9045] ? br_dev_delete+0xda/0x100 [ 202.817654][ T9045] br_del_bridge+0xb8/0xf0 [ 202.822091][ T9045] br_ioctl_stub+0x48d/0xb00 [ 202.826706][ T9045] ? __pfx_br_ioctl_stub+0x10/0x10 [ 202.831839][ T9045] ? sock_ioctl+0x5c6/0x8e0 [ 202.836369][ T9045] ? __pfx___mutex_lock+0x10/0x10 [ 202.841452][ T9045] ? __pfx_br_ioctl_stub+0x10/0x10 [ 202.846585][ T9045] sock_ioctl+0x5ee/0x8e0 [ 202.850929][ T9045] ? __pfx_sock_ioctl+0x10/0x10 [ 202.855796][ T9045] ? __fget_files+0x29/0x470 [ 202.860411][ T9045] ? __fget_files+0x3f6/0x470 [ 202.865103][ T9045] ? __fget_files+0x29/0x470 [ 202.869713][ T9045] ? bpf_lsm_file_ioctl+0x9/0x10 [ 202.874666][ T9045] ? security_file_ioctl+0x87/0xb0 [ 202.879992][ T9045] ? __pfx_sock_ioctl+0x10/0x10 [ 202.884865][ T9045] __se_sys_ioctl+0xfc/0x170 [ 202.889475][ T9045] do_syscall_64+0xf3/0x230 [ 202.893995][ T9045] ? clear_bhb_loop+0x35/0x90 [ 202.898690][ T9045] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 202.904594][ T9045] RIP: 0033:0x7fd50cf75bd9 [ 202.909018][ T9045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 202.928748][ T9045] RSP: 002b:00007fd50ddee048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 202.937200][ T9045] RAX: ffffffffffffffda RBX: 00007fd50d103f60 RCX: 00007fd50cf75bd9 [ 202.945193][ T9045] RDX: 0000000020000040 RSI: 00000000000089a1 RDI: 0000000000000007 [ 202.953383][ T9045] RBP: 00007fd50ddee0a0 R08: 0000000000000000 R09: 0000000000000000 [ 202.961460][ T9045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 202.969532][ T9045] R13: 000000000000000b R14: 00007fd50d103f60 R15: 00007ffc4945f988 [ 202.977532][ T9045] [ 203.237665][ T2820] hsr_slave_0: left promiscuous mode [ 203.259480][ T9063] xt_CT: You must specify a L4 protocol and not use inversions on it [ 203.286976][ T2820] hsr_slave_1: left promiscuous mode [ 203.316639][ T2820] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 203.337064][ T2820] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 203.355850][ T2820] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 203.372531][ T2820] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 203.409668][ T2820] veth1_macvtap: left promiscuous mode [ 203.422861][ T2820] veth0_macvtap: left promiscuous mode [ 203.429442][ T2820] veth1_vlan: left promiscuous mode [ 203.441080][ T2820] veth0_vlan: left promiscuous mode [ 203.992065][ T2820] team0 (unregistering): Port device team_slave_1 removed [ 204.037545][ T2820] team0 (unregistering): Port device team_slave_0 removed [ 204.222060][ T5108] Bluetooth: hci3: command tx timeout [ 204.960926][ T8954] chnl_net:caif_netlink_parms(): no params data found [ 205.119937][ T9099] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1338'. [ 205.134158][ T9097] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1337'. [ 205.579981][ T9114] xt_CT: You must specify a L4 protocol and not use inversions on it [ 205.629465][ T9129] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 205.659640][ T8954] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.672182][ T8954] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.680534][ T8954] bridge_slave_0: entered allmulticast mode [ 205.688924][ T8954] bridge_slave_0: entered promiscuous mode [ 205.745424][ T9127] FAULT_INJECTION: forcing a failure. [ 205.745424][ T9127] name failslab, interval 1, probability 0, space 0, times 0 [ 205.768424][ T9127] CPU: 0 PID: 9127 Comm: syz.3.1346 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0 [ 205.778576][ T9127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 205.788675][ T9127] Call Trace: [ 205.791986][ T9127] [ 205.794965][ T9127] dump_stack_lvl+0x241/0x360 [ 205.799681][ T9127] ? __pfx_dump_stack_lvl+0x10/0x10 [ 205.804914][ T9127] ? __pfx__printk+0x10/0x10 [ 205.809549][ T9127] ? br_del_bridge+0xb8/0xf0 [ 205.814180][ T9127] ? vsnprintf+0x948/0x1da0 [ 205.818815][ T9127] should_fail_ex+0x3b0/0x4e0 [ 205.823537][ T9127] ? __alloc_skb+0x1c3/0x440 [ 205.828180][ T9127] should_failslab+0x9/0x20 [ 205.832742][ T9127] kmem_cache_alloc_node_noprof+0x71/0x320 [ 205.838611][ T9127] __alloc_skb+0x1c3/0x440 [ 205.843080][ T9127] ? __pfx___alloc_skb+0x10/0x10 [ 205.848078][ T9127] alloc_uevent_skb+0x74/0x230 [ 205.852887][ T9127] ? __pfx_rx_queue_namespace+0x10/0x10 [ 205.858469][ T9127] kobject_uevent_net_broadcast+0x182/0x580 [ 205.864432][ T9127] kobject_uevent_env+0x57d/0x8e0 [ 205.869524][ T9127] __kobject_del+0xd3/0x310 [ 205.874075][ T9127] ? kobject_put+0x23d/0x480 [ 205.878714][ T9127] kobject_put+0x245/0x480 [ 205.883184][ T9127] net_rx_queue_update_kobjects+0x52b/0x5b0 [ 205.889130][ T9127] netdev_unregister_kobject+0x104/0x250 [ 205.894816][ T9127] unregister_netdevice_many_notify+0x17d3/0x1d20 [ 205.901301][ T9127] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 205.908124][ T9127] ? call_rcu+0x738/0xa70 [ 205.912507][ T9127] ? lockdep_hardirqs_on+0x99/0x150 [ 205.917789][ T9127] unregister_netdevice_queue+0x303/0x370 [ 205.923567][ T9127] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 205.929871][ T9127] ? br_dev_delete+0xda/0x100 [ 205.934608][ T9127] br_del_bridge+0xb8/0xf0 [ 205.940018][ T9127] br_ioctl_stub+0x48d/0xb00 [ 205.944655][ T9127] ? __pfx_br_ioctl_stub+0x10/0x10 [ 205.949808][ T9127] ? sock_ioctl+0x5c6/0x8e0 [ 205.954353][ T9127] ? __pfx___mutex_lock+0x10/0x10 [ 205.959444][ T9127] ? __pfx_br_ioctl_stub+0x10/0x10 [ 205.964598][ T9127] sock_ioctl+0x5ee/0x8e0 [ 205.968973][ T9127] ? __pfx_sock_ioctl+0x10/0x10 [ 205.973947][ T9127] ? __fget_files+0x29/0x470 [ 205.978581][ T9127] ? __fget_files+0x3f6/0x470 [ 205.983368][ T9127] ? __fget_files+0x29/0x470 [ 205.988014][ T9127] ? bpf_lsm_file_ioctl+0x9/0x10 [ 205.992988][ T9127] ? security_file_ioctl+0x87/0xb0 [ 205.998139][ T9127] ? __pfx_sock_ioctl+0x10/0x10 [ 206.003035][ T9127] __se_sys_ioctl+0xfc/0x170 [ 206.007664][ T9127] do_syscall_64+0xf3/0x230 [ 206.012202][ T9127] ? clear_bhb_loop+0x35/0x90 [ 206.016923][ T9127] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.022860][ T9127] RIP: 0033:0x7ff024b75bd9 [ 206.027309][ T9127] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 206.046964][ T9127] RSP: 002b:00007ff025a0f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 206.055424][ T9127] RAX: ffffffffffffffda RBX: 00007ff024d03f60 RCX: 00007ff024b75bd9 [ 206.063432][ T9127] RDX: 0000000020000040 RSI: 00000000000089a1 RDI: 0000000000000007 [ 206.071453][ T9127] RBP: 00007ff025a0f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 206.079640][ T9127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 206.087743][ T9127] R13: 000000000000000b R14: 00007ff024d03f60 R15: 00007ffe39547838 [ 206.095780][ T9127] [ 206.147699][ T8954] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.157557][ T8954] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.183270][ T8954] bridge_slave_1: entered allmulticast mode [ 206.191197][ T8954] bridge_slave_1: entered promiscuous mode [ 206.270089][ T8954] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.302270][ T5108] Bluetooth: hci3: command tx timeout [ 206.303109][ T8954] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 206.515350][ T8954] team0: Port device team_slave_0 added [ 206.577636][ T8954] team0: Port device team_slave_1 added [ 206.674060][ T8954] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 206.691404][ T8954] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.734658][ T8954] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 206.788052][ T8954] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 206.801864][ T8954] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.843517][ T8954] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 206.855164][ T9160] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1358'. [ 206.882741][ T9150] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.077791][ T8954] hsr_slave_0: entered promiscuous mode [ 207.123719][ T8954] hsr_slave_1: entered promiscuous mode [ 207.181364][ T9169] xt_CT: You must specify a L4 protocol and not use inversions on it [ 207.892560][ T9200] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 207.952103][ T9206] netlink: 180 bytes leftover after parsing attributes in process `syz.2.1373'. [ 207.998282][ T9209] netlink: 'syz.4.1376': attribute type 11 has an invalid length. [ 208.040724][ T9213] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1378'. [ 208.069833][ T9206] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 208.277044][ T9217] xt_CT: You must specify a L4 protocol and not use inversions on it [ 208.326927][ T8954] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 208.383292][ T5108] Bluetooth: hci3: command tx timeout [ 208.404468][ T8954] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 208.436816][ T8954] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 208.477126][ T8954] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 208.776871][ T9242] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 208.908843][ T8954] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.981275][ T8954] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.008178][ T5106] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.015485][ T5106] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.043699][ T5106] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.050982][ T5106] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.318015][ T9270] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1399'. [ 209.554665][ T8954] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.891705][ T8954] veth0_vlan: entered promiscuous mode [ 209.924760][ T8954] veth1_vlan: entered promiscuous mode [ 210.037115][ T8954] veth0_macvtap: entered promiscuous mode [ 210.099739][ T8954] veth1_macvtap: entered promiscuous mode [ 210.171396][ T8954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.207332][ T8954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.230473][ T8954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.247179][ T8954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.258260][ T8954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 210.270602][ T8954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.283415][ T8954] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 210.292238][ T9315] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1416'. [ 210.328070][ T8954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 210.342377][ T8954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.360994][ T8954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 210.379237][ T8954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.389873][ T8954] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 210.401424][ T8954] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 210.414894][ T8954] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 210.543798][ T8954] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.582775][ T8954] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.591737][ T8954] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.601671][ T8954] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.934815][ T2865] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 210.960584][ T9344] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 210.963273][ T2865] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 211.068234][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 211.095296][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 211.153048][ T9359] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1432'. [ 211.167124][ T9360] syzkaller1: entered promiscuous mode [ 211.176371][ T9360] syzkaller1: entered allmulticast mode [ 211.209393][ T9360] ip6_vti0: Master is either lo or non-ether device [ 212.086438][ T9409] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1444'. [ 212.367992][ T9418] netlink: 'syz.1.1448': attribute type 1 has an invalid length. [ 212.376184][ T9418] netlink: 161700 bytes leftover after parsing attributes in process `syz.1.1448'. [ 212.418720][ T9426] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1451'. [ 213.087615][ T9462] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1468'. [ 213.160232][ T9466] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1469'. [ 213.189477][ T9466] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1469'. [ 213.222996][ T9466] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1469'. [ 213.249949][ T9466] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1469'. [ 213.807785][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.408450][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.501140][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.604897][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.047722][ T11] bridge_slave_1: left allmulticast mode [ 215.073237][ T11] bridge_slave_1: left promiscuous mode [ 215.080261][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.164669][ T11] bridge_slave_0: left allmulticast mode [ 215.170385][ T11] bridge_slave_0: left promiscuous mode [ 215.182954][ T5113] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 215.194428][ T5113] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 215.202990][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.212044][ T5113] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 215.223243][ T5113] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 215.231572][ T5113] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 215.239205][ T5113] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 215.760913][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 215.777882][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 215.789605][ T11] bond0 (unregistering): Released all slaves [ 215.831910][ T9553] __nla_validate_parse: 30 callbacks suppressed [ 215.831931][ T9553] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1496'. [ 215.877862][ T9553] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1496'. [ 215.978181][ T9568] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 216.039148][ T9538] caif0 speed is unknown, defaulting to 1000 [ 216.045696][ T9570] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1502'. [ 216.838974][ T11] hsr_slave_0: left promiscuous mode [ 216.910461][ T11] hsr_slave_1: left promiscuous mode [ 216.926140][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 216.940603][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 216.963388][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 216.970841][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 217.019034][ T11] veth1_macvtap: left promiscuous mode [ 217.037840][ T11] veth0_macvtap: left promiscuous mode [ 217.048852][ T11] veth1_vlan: left promiscuous mode [ 217.065401][ T11] veth0_vlan: left promiscuous mode [ 217.342029][ T5113] Bluetooth: hci3: command tx timeout [ 217.423305][ T9621] netlink: 'syz.3.1519': attribute type 28 has an invalid length. [ 217.697005][ T11] team0 (unregistering): Port device team_slave_1 removed [ 217.742504][ T11] team0 (unregistering): Port device team_slave_0 removed [ 218.177180][ T9608] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1517'. [ 218.186934][ T9619] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1519'. [ 218.407365][ T9629] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1522'. [ 218.588925][ T9636] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1525'. [ 218.613023][ T9538] chnl_net:caif_netlink_parms(): no params data found [ 218.861998][ T9646] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1530'. [ 218.880807][ T9646] unsupported nlmsg_type 40 [ 218.891404][ T9654] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1533'. [ 218.910175][ T9651] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1531'. [ 218.994265][ T9538] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.014260][ T9538] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.032103][ T9538] bridge_slave_0: entered allmulticast mode [ 219.043943][ T9538] bridge_slave_0: entered promiscuous mode [ 219.085727][ T9657] ipvlan2: entered allmulticast mode [ 219.165478][ T9538] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.188550][ T9538] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.213141][ T9538] bridge_slave_1: entered allmulticast mode [ 219.231111][ T9538] bridge_slave_1: entered promiscuous mode [ 219.370793][ T9538] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.422858][ T5113] Bluetooth: hci3: command tx timeout [ 219.477001][ T9538] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.523021][ T9689] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 219.697746][ T9538] team0: Port device team_slave_0 added [ 219.708141][ T9538] team0: Port device team_slave_1 added [ 219.781467][ T9538] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 219.807730][ T9538] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.860285][ T9538] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 219.871269][ T9717] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 219.930993][ T9538] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 219.954521][ T9538] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 220.019020][ T9538] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 220.169890][ T9538] hsr_slave_0: entered promiscuous mode [ 220.181466][ T9538] hsr_slave_1: entered promiscuous mode [ 220.214419][ T9734] delete_channel: no stack [ 220.791011][ T9755] netlink: 'syz.1.1567': attribute type 1 has an invalid length. [ 221.194854][ T9538] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 221.236352][ T9538] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 221.262159][ T9538] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 221.291138][ T9538] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 221.482358][ T9792] netlink: 'syz.4.1580': attribute type 8 has an invalid length. [ 221.502469][ T5113] Bluetooth: hci3: command tx timeout [ 221.605752][ T9538] 8021q: adding VLAN 0 to HW filter on device bond0 [ 221.615101][ T9799] __nla_validate_parse: 7 callbacks suppressed [ 221.615121][ T9799] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1582'. [ 221.751498][ T9538] 8021q: adding VLAN 0 to HW filter on device team0 [ 221.815741][ T5151] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.822968][ T5151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.864687][ T5151] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.871946][ T5151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.896541][ T9814] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 222.268412][ T9538] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 222.388533][ T9538] veth0_vlan: entered promiscuous mode [ 222.439444][ T9538] veth1_vlan: entered promiscuous mode [ 222.537685][ T9538] veth0_macvtap: entered promiscuous mode [ 222.555223][ T9538] veth1_macvtap: entered promiscuous mode [ 222.591648][ T9538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.608905][ T9538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.628699][ T9538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.640555][ T9538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.656067][ T9538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 222.669742][ T9538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.702672][ T9538] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 222.770878][ T9538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.799655][ T9538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.819413][ T9538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.830772][ T9538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.845620][ T9538] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 222.868768][ T9538] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 222.910319][ T9538] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 222.929371][ T9842] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1597'. [ 222.957953][ T9538] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.981004][ T9538] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.992395][ T9538] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.001742][ T9538] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.299535][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 223.319181][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 223.355895][ T9864] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1607'. [ 223.465552][ T9869] netlink: 'syz.2.1608': attribute type 3 has an invalid length. [ 223.587779][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 223.592021][ T5113] Bluetooth: hci3: command tx timeout [ 223.649779][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 223.956965][ T9897] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1614'. [ 223.983922][ T9897] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 224.029458][ T9906] x_tables: duplicate underflow at hook 1 [ 224.055688][ T9905] netlink: 'syz.4.1616': attribute type 1 has an invalid length. [ 224.405936][ T9923] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1624'. [ 225.254083][ T9976] vlan2: entered allmulticast mode [ 225.307631][ T9985] Cannot find del_set index 4 as target [ 225.354474][ T9985] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1644'. [ 225.752010][ T2820] ================================================================== [ 225.760122][ T2820] BUG: KASAN: slab-use-after-free in l2tp_session_delete+0x28/0x9e0 [ 225.768119][ T2820] Write of size 8 at addr ffff88801cfa6808 by task kworker/u8:7/2820 [ 225.776188][ T2820] [ 225.778523][ T2820] CPU: 0 PID: 2820 Comm: kworker/u8:7 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0 [ 225.788767][ T2820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 225.798857][ T2820] Workqueue: l2tp l2tp_tunnel_del_work [ 225.804343][ T2820] Call Trace: [ 225.807640][ T2820] [ 225.810693][ T2820] dump_stack_lvl+0x241/0x360 [ 225.815393][ T2820] ? __pfx_dump_stack_lvl+0x10/0x10 [ 225.820618][ T2820] ? __pfx__printk+0x10/0x10 [ 225.825245][ T2820] ? _printk+0xd5/0x120 [ 225.829427][ T2820] ? __virt_addr_valid+0x183/0x520 [ 225.834573][ T2820] ? __virt_addr_valid+0x183/0x520 [ 225.839705][ T2820] print_report+0x169/0x550 [ 225.844224][ T2820] ? __virt_addr_valid+0x183/0x520 [ 225.849349][ T2820] ? __virt_addr_valid+0x183/0x520 [ 225.854473][ T2820] ? __virt_addr_valid+0x44e/0x520 [ 225.859610][ T2820] ? __phys_addr+0xba/0x170 [ 225.864127][ T2820] ? l2tp_session_delete+0x28/0x9e0 [ 225.869435][ T2820] kasan_report+0x143/0x180 [ 225.873968][ T2820] ? l2tp_session_delete+0x28/0x9e0 [ 225.879195][ T2820] kasan_check_range+0x282/0x290 [ 225.884152][ T2820] l2tp_session_delete+0x28/0x9e0 [ 225.889186][ T2820] ? l2tp_tunnel_del_work+0x1d3/0x330 [ 225.894581][ T2820] l2tp_tunnel_del_work+0x1cb/0x330 [ 225.899788][ T2820] ? process_scheduled_works+0x945/0x1830 [ 225.905538][ T2820] process_scheduled_works+0xa2c/0x1830 [ 225.911102][ T2820] ? __pfx_process_scheduled_works+0x10/0x10 [ 225.917097][ T2820] ? assign_work+0x364/0x3d0 [ 225.921692][ T2820] worker_thread+0x86d/0xd50 [ 225.926388][ T2820] ? __kthread_parkme+0x169/0x1d0 [ 225.931425][ T2820] ? __pfx_worker_thread+0x10/0x10 [ 225.936551][ T2820] kthread+0x2f0/0x390 [ 225.940631][ T2820] ? __pfx_worker_thread+0x10/0x10 [ 225.945752][ T2820] ? __pfx_kthread+0x10/0x10 [ 225.950348][ T2820] ret_from_fork+0x4b/0x80 [ 225.954773][ T2820] ? __pfx_kthread+0x10/0x10 [ 225.959368][ T2820] ret_from_fork_asm+0x1a/0x30 [ 225.964151][ T2820] [ 225.967166][ T2820] [ 225.969483][ T2820] Allocated by task 10001: [ 225.973899][ T2820] kasan_save_track+0x3f/0x80 [ 225.978578][ T2820] __kasan_kmalloc+0x98/0xb0 [ 225.983173][ T2820] __kmalloc_noprof+0x1f9/0x400 [ 225.988032][ T2820] l2tp_session_create+0x3b/0xc20 [ 225.993059][ T2820] pppol2tp_connect+0xca3/0x17a0 [ 225.997999][ T2820] __sys_connect+0x2df/0x310 [ 226.002591][ T2820] __x64_sys_connect+0x7a/0x90 [ 226.007360][ T2820] do_syscall_64+0xf3/0x230 [ 226.011861][ T2820] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.017753][ T2820] [ 226.020073][ T2820] Freed by task 16: [ 226.023875][ T2820] kasan_save_track+0x3f/0x80 [ 226.028560][ T2820] kasan_save_free_info+0x40/0x50 [ 226.033603][ T2820] poison_slab_object+0xe0/0x150 [ 226.038548][ T2820] __kasan_slab_free+0x37/0x60 [ 226.043327][ T2820] kfree+0x149/0x360 [ 226.047235][ T2820] __sk_destruct+0x58/0x5f0 [ 226.051748][ T2820] rcu_core+0xafd/0x1830 [ 226.056007][ T2820] handle_softirqs+0x2c4/0x970 [ 226.061045][ T2820] run_ksoftirqd+0xca/0x130 [ 226.065645][ T2820] smpboot_thread_fn+0x544/0xa30 [ 226.070587][ T2820] kthread+0x2f0/0x390 [ 226.074748][ T2820] ret_from_fork+0x4b/0x80 [ 226.079174][ T2820] ret_from_fork_asm+0x1a/0x30 [ 226.083949][ T2820] [ 226.086279][ T2820] Last potentially related work creation: [ 226.091990][ T2820] kasan_save_stack+0x3f/0x60 [ 226.096672][ T2820] __kasan_record_aux_stack+0xac/0xc0 [ 226.102062][ T2820] call_rcu+0x167/0xa70 [ 226.106234][ T2820] pppol2tp_release+0x24b/0x350 [ 226.111098][ T2820] sock_close+0xbc/0x240 [ 226.115347][ T2820] __fput+0x24a/0x8a0 [ 226.119339][ T2820] task_work_run+0x24f/0x310 [ 226.123945][ T2820] syscall_exit_to_user_mode+0x168/0x360 [ 226.129591][ T2820] do_syscall_64+0x100/0x230 [ 226.134185][ T2820] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.140090][ T2820] [ 226.142420][ T2820] The buggy address belongs to the object at ffff88801cfa6800 [ 226.142420][ T2820] which belongs to the cache kmalloc-1k of size 1024 [ 226.156488][ T2820] The buggy address is located 8 bytes inside of [ 226.156488][ T2820] freed 1024-byte region [ffff88801cfa6800, ffff88801cfa6c00) [ 226.170290][ T2820] [ 226.172626][ T2820] The buggy address belongs to the physical page: [ 226.179043][ T2820] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1cfa0 [ 226.187806][ T2820] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 226.196311][ T2820] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 226.203952][ T2820] page_type: 0xffffefff(slab) [ 226.208631][ T2820] raw: 00fff00000000040 ffff888015041dc0 dead000000000100 dead000000000122 [ 226.217219][ T2820] raw: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 226.225808][ T2820] head: 00fff00000000040 ffff888015041dc0 dead000000000100 dead000000000122 [ 226.234485][ T2820] head: 0000000000000000 0000000000100010 00000001ffffefff 0000000000000000 [ 226.243161][ T2820] head: 00fff00000000003 ffffea000073e801 ffffffffffffffff 0000000000000000 [ 226.251835][ T2820] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 226.260523][ T2820] page dumped because: kasan: bad access detected [ 226.267120][ T2820] page_owner tracks the page as allocated [ 226.272832][ T2820] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 1092, tgid 1092 (kworker/u8:5), ts 87284559456, free_ts 87085376608 [ 226.293599][ T2820] post_alloc_hook+0x1f3/0x230 [ 226.298395][ T2820] get_page_from_freelist+0x2e4c/0x2f10 [ 226.303965][ T2820] __alloc_pages_noprof+0x256/0x6c0 [ 226.309185][ T2820] alloc_slab_page+0x5f/0x120 [ 226.313959][ T2820] allocate_slab+0x5a/0x2f0 [ 226.318471][ T2820] ___slab_alloc+0xcd1/0x14b0 [ 226.323151][ T2820] __slab_alloc+0x58/0xa0 [ 226.327498][ T2820] __kmalloc_noprof+0x257/0x400 [ 226.332371][ T2820] ieee802_11_parse_elems_full+0xdb/0x2880 [ 226.338194][ T2820] ieee80211_ibss_rx_queued_mgmt+0x4c8/0x2d70 [ 226.344274][ T2820] ieee80211_iface_work+0x8a5/0xf20 [ 226.349498][ T2820] cfg80211_wiphy_work+0x2db/0x490 [ 226.354627][ T2820] process_scheduled_works+0xa2c/0x1830 [ 226.360251][ T2820] worker_thread+0x86d/0xd50 [ 226.364858][ T2820] kthread+0x2f0/0x390 [ 226.368940][ T2820] ret_from_fork+0x4b/0x80 [ 226.373375][ T2820] page last free pid 5244 tgid 5244 stack trace: [ 226.379707][ T2820] free_unref_page+0xd22/0xea0 [ 226.384491][ T2820] __put_partials+0xeb/0x130 [ 226.389087][ T2820] put_cpu_partial+0x17c/0x250 [ 226.393858][ T2820] __slab_free+0x2ea/0x3d0 [ 226.398277][ T2820] qlist_free_all+0x9e/0x140 [ 226.402874][ T2820] kasan_quarantine_reduce+0x14f/0x170 [ 226.408339][ T2820] __kasan_slab_alloc+0x23/0x80 [ 226.413192][ T2820] kmem_cache_alloc_noprof+0x135/0x2a0 [ 226.418757][ T2820] getname_flags+0xbd/0x4f0 [ 226.423270][ T2820] vfs_fstatat+0x11c/0x190 [ 226.427694][ T2820] __x64_sys_newfstatat+0x125/0x1b0 [ 226.432893][ T2820] do_syscall_64+0xf3/0x230 [ 226.438931][ T2820] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.445440][ T2820] [ 226.447762][ T2820] Memory state around the buggy address: [ 226.453393][ T2820] ffff88801cfa6700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 226.461451][ T2820] ffff88801cfa6780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 226.469512][ T2820] >ffff88801cfa6800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 226.477574][ T2820] ^ [ 226.481906][ T2820] ffff88801cfa6880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 226.489964][ T2820] ffff88801cfa6900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 226.498018][ T2820] ================================================================== [ 226.588737][ T2820] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 226.595993][ T2820] CPU: 1 PID: 2820 Comm: kworker/u8:7 Not tainted 6.10.0-rc6-syzkaller-01258-g2f5e6395714d #0 [ 226.606267][ T2820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 226.616543][ T2820] Workqueue: l2tp l2tp_tunnel_del_work [ 226.622062][ T2820] Call Trace: [ 226.625391][ T2820] [ 226.628341][ T2820] dump_stack_lvl+0x241/0x360 [ 226.633056][ T2820] ? __pfx_dump_stack_lvl+0x10/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 226.638300][ T2820] ? __pfx__printk+0x10/0x10 [ 226.642960][ T2820] ? preempt_schedule+0xe1/0xf0 [ 226.647855][ T2820] ? vscnprintf+0x5d/0x90 [ 226.652219][ T2820] panic+0x349/0x860 [ 226.656149][ T2820] ? check_panic_on_warn+0x21/0xb0 [ 226.661337][ T2820] ? __pfx_panic+0x10/0x10 [ 226.665810][ T2820] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 226.671829][ T2820] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 226.678289][ T2820] ? print_report+0x502/0x550 [ 226.683005][ T2820] check_panic_on_warn+0x86/0xb0 [ 226.688078][ T2820] ? l2tp_session_delete+0x28/0x9e0 [ 226.693309][ T2820] end_report+0x77/0x160 [ 226.697590][ T2820] kasan_report+0x154/0x180 [ 226.702134][ T2820] ? l2tp_session_delete+0x28/0x9e0 [ 226.707464][ T2820] kasan_check_range+0x282/0x290 [ 226.712440][ T2820] l2tp_session_delete+0x28/0x9e0 [ 226.717497][ T2820] ? l2tp_tunnel_del_work+0x1d3/0x330 [ 226.722903][ T2820] l2tp_tunnel_del_work+0x1cb/0x330 [ 226.728139][ T2820] ? process_scheduled_works+0x945/0x1830 [ 226.733903][ T2820] process_scheduled_works+0xa2c/0x1830 [ 226.739507][ T2820] ? __pfx_process_scheduled_works+0x10/0x10 [ 226.745537][ T2820] ? assign_work+0x364/0x3d0 [ 226.750160][ T2820] worker_thread+0x86d/0xd50 [ 226.754799][ T2820] ? __kthread_parkme+0x169/0x1d0 [ 226.759852][ T2820] ? __pfx_worker_thread+0x10/0x10 [ 226.764994][ T2820] kthread+0x2f0/0x390 [ 226.769095][ T2820] ? __pfx_worker_thread+0x10/0x10 [ 226.774234][ T2820] ? __pfx_kthread+0x10/0x10 [ 226.778867][ T2820] ret_from_fork+0x4b/0x80 [ 226.783314][ T2820] ? __pfx_kthread+0x10/0x10 [ 226.787953][ T2820] ret_from_fork_asm+0x1a/0x30 [ 226.792776][ T2820] [ 226.796122][ T2820] Kernel Offset: disabled [ 226.800483][ T2820] Rebooting in 86400 seconds..