last executing test programs: 1m36.70740686s ago: executing program 2 (id=1044): sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x403, 0x4, 0x25ffdbfe}, 0x20}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb080045"], 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c6572"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0x140}], 0x1) 1m21.130112513s ago: executing program 2 (id=1044): sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x403, 0x4, 0x25ffdbfe}, 0x20}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb080045"], 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c6572"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0x140}], 0x1) 1m9.88211817s ago: executing program 2 (id=1044): sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x403, 0x4, 0x25ffdbfe}, 0x20}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb080045"], 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c6572"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0x140}], 0x1) 56.118971298s ago: executing program 1 (id=2847): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r0, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000e00)=ANY=[@ANYBLOB="200000000c14010028bd7000fddbdf25080001000000000008003d00030c8100"], 0x20}, 0x1, 0x0, 0x2000000, 0x8010}, 0x400c000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, 0x0, 0x0) 55.994887248s ago: executing program 1 (id=2849): r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = socket$kcm(0x2, 0x5, 0x84) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000005f000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$inet_smc(0x2b, 0x1, 0x0) (async) socket$inet_smc(0x2b, 0x1, 0x0) (async) r2 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x14, 0x601, 0x0, 0x0, {0x2b, 0xfa}}, 0x14}}, 0x0) (async) r3 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7800, 0x80, 0xfffffffc, 0xdc67}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000240)={'syztnl0\x00', r4, 0x29, 0x0, 0x6, 0x7f, 0x5, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast1, 0x0, 0x40, 0x6, 0x41}}) (async) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000340)={'syztnl1\x00', &(0x7f00000000c0)={'ip6tnl0\x00', r4, 0x0, 0x0, 0x40, 0x0, 0x57, @dev={0xfe, 0x80, '\x00', 0x8}, @private1, 0x700, 0x700, 0xfffffffc, 0x1}}) (async) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x40201, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201}) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r7, &(0x7f00000047c0), &(0x7f0000004880)=@udp=r6}, 0x20) (async) recvmmsg(r6, &(0x7f00000032c0)=[{{0x0, 0x0, 0x0}, 0xfffffa4e}], 0x1, 0x2102, 0x0) r8 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) (async) write$tun(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec97000fc811"], 0xffe) (async) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r9) sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)={0x14, r10, 0x72b}, 0x14}}, 0x0) (async) connect$can_bcm(r3, &(0x7f00000000c0), 0x10) (async) setsockopt$sock_attach_bpf(r1, 0x84, 0x10, &(0x7f0000000000), 0xc) (async) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) (async) connect$can_bcm(r0, &(0x7f0000000000), 0x10) (async) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000480)=""/123, 0x7b}], 0x1) (async) sendmsg$can_bcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="05000000030800"/16, @ANYRES64=0x0, @ANYRES64=0x2710], 0x80}}, 0x0) 48.206993054s ago: executing program 2 (id=1044): sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x403, 0x4, 0x25ffdbfe}, 0x20}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb080045"], 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c6572"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0x140}], 0x1) 43.140427066s ago: executing program 1 (id=2849): r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = socket$kcm(0x2, 0x5, 0x84) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000005f000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$inet_smc(0x2b, 0x1, 0x0) (async) socket$inet_smc(0x2b, 0x1, 0x0) (async) r2 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x14, 0x601, 0x0, 0x0, {0x2b, 0xfa}}, 0x14}}, 0x0) (async) r3 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7800, 0x80, 0xfffffffc, 0xdc67}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000240)={'syztnl0\x00', r4, 0x29, 0x0, 0x6, 0x7f, 0x5, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast1, 0x0, 0x40, 0x6, 0x41}}) (async) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000340)={'syztnl1\x00', &(0x7f00000000c0)={'ip6tnl0\x00', r4, 0x0, 0x0, 0x40, 0x0, 0x57, @dev={0xfe, 0x80, '\x00', 0x8}, @private1, 0x700, 0x700, 0xfffffffc, 0x1}}) (async) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x40201, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201}) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r7, &(0x7f00000047c0), &(0x7f0000004880)=@udp=r6}, 0x20) (async) recvmmsg(r6, &(0x7f00000032c0)=[{{0x0, 0x0, 0x0}, 0xfffffa4e}], 0x1, 0x2102, 0x0) r8 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) (async) write$tun(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec97000fc811"], 0xffe) (async) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r9) sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)={0x14, r10, 0x72b}, 0x14}}, 0x0) (async) connect$can_bcm(r3, &(0x7f00000000c0), 0x10) (async) setsockopt$sock_attach_bpf(r1, 0x84, 0x10, &(0x7f0000000000), 0xc) (async) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) (async) connect$can_bcm(r0, &(0x7f0000000000), 0x10) (async) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000480)=""/123, 0x7b}], 0x1) (async) sendmsg$can_bcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="05000000030800"/16, @ANYRES64=0x0, @ANYRES64=0x2710], 0x80}}, 0x0) 32.649772706s ago: executing program 2 (id=1044): sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x403, 0x4, 0x25ffdbfe}, 0x20}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb080045"], 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c6572"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0x140}], 0x1) 30.51362513s ago: executing program 1 (id=2849): r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = socket$kcm(0x2, 0x5, 0x84) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000005f000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$inet_smc(0x2b, 0x1, 0x0) (async) socket$inet_smc(0x2b, 0x1, 0x0) (async) r2 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x14, 0x601, 0x0, 0x0, {0x2b, 0xfa}}, 0x14}}, 0x0) (async) r3 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7800, 0x80, 0xfffffffc, 0xdc67}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000240)={'syztnl0\x00', r4, 0x29, 0x0, 0x6, 0x7f, 0x5, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast1, 0x0, 0x40, 0x6, 0x41}}) (async) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000340)={'syztnl1\x00', &(0x7f00000000c0)={'ip6tnl0\x00', r4, 0x0, 0x0, 0x40, 0x0, 0x57, @dev={0xfe, 0x80, '\x00', 0x8}, @private1, 0x700, 0x700, 0xfffffffc, 0x1}}) (async) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x40201, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201}) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r7, &(0x7f00000047c0), &(0x7f0000004880)=@udp=r6}, 0x20) (async) recvmmsg(r6, &(0x7f00000032c0)=[{{0x0, 0x0, 0x0}, 0xfffffa4e}], 0x1, 0x2102, 0x0) r8 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) (async) write$tun(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec97000fc811"], 0xffe) (async) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r9) sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)={0x14, r10, 0x72b}, 0x14}}, 0x0) (async) connect$can_bcm(r3, &(0x7f00000000c0), 0x10) (async) setsockopt$sock_attach_bpf(r1, 0x84, 0x10, &(0x7f0000000000), 0xc) (async) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) (async) connect$can_bcm(r0, &(0x7f0000000000), 0x10) (async) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000480)=""/123, 0x7b}], 0x1) (async) sendmsg$can_bcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="05000000030800"/16, @ANYRES64=0x0, @ANYRES64=0x2710], 0x80}}, 0x0) 15.337339649s ago: executing program 1 (id=2849): r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = socket$kcm(0x2, 0x5, 0x84) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000005f000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$inet_smc(0x2b, 0x1, 0x0) (async) socket$inet_smc(0x2b, 0x1, 0x0) (async) r2 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x14, 0x601, 0x0, 0x0, {0x2b, 0xfa}}, 0x14}}, 0x0) (async) r3 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7800, 0x80, 0xfffffffc, 0xdc67}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000240)={'syztnl0\x00', r4, 0x29, 0x0, 0x6, 0x7f, 0x5, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast1, 0x0, 0x40, 0x6, 0x41}}) (async) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000340)={'syztnl1\x00', &(0x7f00000000c0)={'ip6tnl0\x00', r4, 0x0, 0x0, 0x40, 0x0, 0x57, @dev={0xfe, 0x80, '\x00', 0x8}, @private1, 0x700, 0x700, 0xfffffffc, 0x1}}) (async) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x40201, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201}) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r7, &(0x7f00000047c0), &(0x7f0000004880)=@udp=r6}, 0x20) (async) recvmmsg(r6, &(0x7f00000032c0)=[{{0x0, 0x0, 0x0}, 0xfffffa4e}], 0x1, 0x2102, 0x0) r8 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) (async) write$tun(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec97000fc811"], 0xffe) (async) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r9) sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)={0x14, r10, 0x72b}, 0x14}}, 0x0) (async) connect$can_bcm(r3, &(0x7f00000000c0), 0x10) (async) setsockopt$sock_attach_bpf(r1, 0x84, 0x10, &(0x7f0000000000), 0xc) (async) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) (async) connect$can_bcm(r0, &(0x7f0000000000), 0x10) (async) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000480)=""/123, 0x7b}], 0x1) (async) sendmsg$can_bcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="05000000030800"/16, @ANYRES64=0x0, @ANYRES64=0x2710], 0x80}}, 0x0) 14.523313609s ago: executing program 2 (id=1044): sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x403, 0x4, 0x25ffdbfe}, 0x20}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb080045"], 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c6572"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0x140}], 0x1) 2.617575386s ago: executing program 4 (id=3182): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x48, r1, 0x5, 0x3f000000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_BG_SCAN_PERIOD={0x6}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, {0x17, {0x65, 0x8, 0xe, 0xf}}}]}, 0x48}}, 0x0) 2.441235886s ago: executing program 4 (id=3185): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x1c, r1, 0x303, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008054}, 0x2004c0c0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) 2.346851825s ago: executing program 3 (id=3187): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_STOP_AP(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)={0x1c, r1, 0x1, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) 2.252759871s ago: executing program 4 (id=3189): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700fc00000000000000000000000000000008000a00", @ANYRES32=r6], 0x54}}, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000001000250800170000000000000a000000", @ANYRES32=r9, @ANYBLOB="01"], 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c000000110001002dbd7000fbdbdf2500000000", @ANYRES32=r6, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 2.067067565s ago: executing program 3 (id=3190): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000080)) setsockopt$MRT_FLUSH(r1, 0x0, 0xd4, &(0x7f0000000380)=0xe, 0x4) 1.924330663s ago: executing program 0 (id=3192): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000080)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0xc050) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x8000) recvmsg(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000400)=""/172, 0xac}], 0x1}, 0x0) 1.784533783s ago: executing program 3 (id=3193): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x200002, 0x30}, 0xc) sendmsg$inet6(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000380)='d', 0x1}], 0x1}, 0x8000) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000140)={0x0, 0x1, 0x20}, 0xc) sendmsg$inet6(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000180)='\"', 0x1}], 0x1}, 0x40000) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000240)=',', 0x34000}], 0x1) 1.668604054s ago: executing program 0 (id=3194): getsockname$packet(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, 0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x8ef, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) r1 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, &(0x7f0000000540)=ANY=[@ANYRES32=r0]) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r1, 0x800442d2, &(0x7f0000000440)={0x2, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @link_local}]}) r2 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x1}, @TCA_TAPRIO_ATTR_SCHED_BASE_TIME={0xc, 0x3, 0x280000000000000}]}}]}, 0xa4}}, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x20008050) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000004700)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r7, {}, {}, {0x8, 0x5}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x8881}, 0x0) 1.403952098s ago: executing program 4 (id=3195): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$MRT_DEL_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd3, &(0x7f0000000140)={@rand_addr=0x64010102, @loopback, 0xffffffffffffffff, "e26d8a4096e73272f9040645f7234b563ad3efff15992fb1d06d1f7dc4aa0050", 0xfffffff2, 0x4, 0x2}, 0x3c) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001bae9ee14d4284d73c826d8bce62cb84c8b765cbac71c46bc4718"], 0x398}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc010) 1.152656381s ago: executing program 4 (id=3196): socket$packet(0x11, 0x3, 0x300) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) sendto$packet(r0, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb1000000080086dd4803", 0x10000, 0x0, &(0x7f0000000140), 0x14) 1.055482074s ago: executing program 0 (id=3197): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'bridge_slave_1\x00', &(0x7f0000000ac0)=@ethtool_sset_info={0x37, 0xf5b1, 0x11d}}) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0xfd82) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) 951.019562ms ago: executing program 4 (id=3198): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x20000000}, 0x20) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x40010040) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000200)={0x8001}, 0x8) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = socket$kcm(0x2c, 0x3, 0x0) setsockopt$sock_attach_bpf(r4, 0x11b, 0x2, &(0x7f0000000900)=r2, 0x4) 814.053507ms ago: executing program 0 (id=3199): r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f0000001080)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}, {{&(0x7f0000000640)={0x2, 0x4e23, @rand_addr=0x64010102}, 0x10, 0x0}}], 0x2, 0x4040080) 743.838235ms ago: executing program 3 (id=3200): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) 444.581766ms ago: executing program 3 (id=3201): r0 = socket$kcm(0x2a, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000180)={&(0x7f00000000c0)=@in6={0xa, 0x4e21, 0x0, @mcast1, 0x5}, 0x80, 0x0}, 0x0) 429.155974ms ago: executing program 0 (id=3202): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_KEY(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x1c, r1, 0x1, 0x3, 0x0, {{0xa}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x48881}, 0x40) 186.928115ms ago: executing program 3 (id=3203): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x5c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x1}, @IFLA_VLAN_EGRESS_QOS={0x10, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xb7, 0x5}}]}]}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x5c}, 0x1, 0x0, 0x0, 0x600}, 0x0) 601.211µs ago: executing program 0 (id=3204): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000010c0)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000001080)={r2}, 0xc) 0s ago: executing program 1 (id=2849): r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = socket$kcm(0x2, 0x5, 0x84) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000005f000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$inet_smc(0x2b, 0x1, 0x0) (async) socket$inet_smc(0x2b, 0x1, 0x0) (async) r2 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x14, 0x601, 0x0, 0x0, {0x2b, 0xfa}}, 0x14}}, 0x0) (async) r3 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7800, 0x80, 0xfffffffc, 0xdc67}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000240)={'syztnl0\x00', r4, 0x29, 0x0, 0x6, 0x7f, 0x5, @ipv4={'\x00', '\xff\xff', @multicast1}, @mcast1, 0x0, 0x40, 0x6, 0x41}}) (async) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000340)={'syztnl1\x00', &(0x7f00000000c0)={'ip6tnl0\x00', r4, 0x0, 0x0, 0x40, 0x0, 0x57, @dev={0xfe, 0x80, '\x00', 0x8}, @private1, 0x700, 0x700, 0xfffffffc, 0x1}}) (async) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x40201, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201}) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r7, &(0x7f00000047c0), &(0x7f0000004880)=@udp=r6}, 0x20) (async) recvmmsg(r6, &(0x7f00000032c0)=[{{0x0, 0x0, 0x0}, 0xfffffa4e}], 0x1, 0x2102, 0x0) r8 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) (async) write$tun(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec97000fc811"], 0xffe) (async) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r9) sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)={0x14, r10, 0x72b}, 0x14}}, 0x0) (async) connect$can_bcm(r3, &(0x7f00000000c0), 0x10) (async) setsockopt$sock_attach_bpf(r1, 0x84, 0x10, &(0x7f0000000000), 0xc) (async) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) (async) connect$can_bcm(r0, &(0x7f0000000000), 0x10) (async) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000480)=""/123, 0x7b}], 0x1) (async) sendmsg$can_bcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="05000000030800"/16, @ANYRES64=0x0, @ANYRES64=0x2710], 0x80}}, 0x0) kernel console output (not intermixed with test programs): 62'. [ 333.397608][T13999] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2562'. [ 333.565436][T13737] veth0_vlan: entered promiscuous mode [ 333.643131][T13737] veth1_vlan: entered promiscuous mode [ 333.834789][T13737] veth0_macvtap: entered promiscuous mode [ 333.879978][T13737] veth1_macvtap: entered promiscuous mode [ 333.979212][T13737] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 334.049927][T13737] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 334.092953][T13737] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.147237][T13737] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.166428][T13737] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.191366][T13737] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.221024][T14030] netlink: 'syz.1.2571': attribute type 10 has an invalid length. [ 334.312558][T14030] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2571'. [ 334.424403][T14026] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.585507][T14030] team0: Failed to send port change of device geneve0 via netlink (err -105) [ 334.613810][T14030] team0: Failed to send options change via netlink (err -105) [ 334.647597][T14030] team0: Port device geneve0 added [ 334.840186][T14026] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.870119][T14046] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2576'. [ 335.101348][T14026] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.326174][T14026] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.432487][ T3977] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 335.460959][ T3977] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 335.572397][T14066] netlink: 188 bytes leftover after parsing attributes in process `syz.0.2583'. [ 335.585823][T11185] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 335.596730][T11185] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 335.666012][T14026] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.733923][T14026] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.773039][T14073] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2587'. [ 335.800077][T14026] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.883458][T14026] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.659153][ T134] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.944322][ T134] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.151618][ T134] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.274970][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 337.292081][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 337.301344][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 337.312308][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 337.324881][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 337.345280][ T134] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.636331][ T134] bridge_slave_1: left allmulticast mode [ 337.643077][ T134] bridge_slave_1: left promiscuous mode [ 337.649676][ T134] bridge0: port 2(bridge_slave_1) entered disabled state [ 337.660686][ T134] bridge_slave_0: left allmulticast mode [ 337.666612][ T134] bridge_slave_0: left promiscuous mode [ 337.673842][ T134] bridge0: port 1(bridge_slave_0) entered disabled state [ 338.099889][ T134] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 338.112780][ T134] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 338.123781][ T134] bond0 (unregistering): Released all slaves [ 338.393629][T14106] chnl_net:caif_netlink_parms(): no params data found [ 338.444259][ T134] hsr_slave_0: left promiscuous mode [ 338.451297][ T134] hsr_slave_1: left promiscuous mode [ 338.459434][ T134] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 338.467036][ T134] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 338.475450][ T134] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 338.484112][ T134] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 338.510431][ T134] veth1_macvtap: left promiscuous mode [ 338.516051][ T134] veth0_macvtap: left promiscuous mode [ 338.521938][ T134] veth1_vlan: left promiscuous mode [ 338.527324][ T134] veth0_vlan: left promiscuous mode [ 338.715983][T14115] netlink: 'syz.1.2599': attribute type 1 has an invalid length. [ 339.023861][T14126] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate. [ 339.065655][T14132] __nla_validate_parse: 3 callbacks suppressed [ 339.065677][T14132] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2599'. [ 339.353613][ T5845] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 339.363823][ T5845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 339.379069][ T5845] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 339.403870][ T5845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 339.426358][ T5845] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 339.442285][ T5845] Bluetooth: hci2: command tx timeout [ 339.616321][ T134] team0 (unregistering): Port device team_slave_1 removed [ 339.665407][ T134] team0 (unregistering): Port device team_slave_0 removed [ 340.186033][T14113] FAULT_INJECTION: forcing a failure. [ 340.186033][T14113] name failslab, interval 1, probability 0, space 0, times 0 [ 340.207658][T14113] CPU: 0 UID: 0 PID: 14113 Comm: syz.0.2598 Not tainted 6.15.0-syzkaller-07819-g919d763d6094 #0 PREEMPT(full) [ 340.207691][T14113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 340.207704][T14113] Call Trace: [ 340.207713][T14113] [ 340.207722][T14113] dump_stack_lvl+0x189/0x250 [ 340.207760][T14113] ? __pfx____ratelimit+0x10/0x10 [ 340.207794][T14113] ? __pfx_dump_stack_lvl+0x10/0x10 [ 340.207827][T14113] ? __pfx__printk+0x10/0x10 [ 340.207857][T14113] ? __pfx___might_resched+0x10/0x10 [ 340.207895][T14113] should_fail_ex+0x414/0x560 [ 340.207928][T14113] should_failslab+0xa8/0x100 [ 340.207962][T14113] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 340.207994][T14113] ? __alloc_skb+0x112/0x2d0 [ 340.208031][T14113] __alloc_skb+0x112/0x2d0 [ 340.208069][T14113] nl80211_send_ap_stopped+0xbb/0x540 [ 340.208103][T14113] ? __pfx_nl80211_send_ap_stopped+0x10/0x10 [ 340.208147][T14113] ___cfg80211_stop_ap+0x4f0/0x990 [ 340.208181][T14113] cfg80211_stop_ap+0x12e/0x210 [ 340.208209][T14113] cfg80211_change_iface+0x534/0xef0 [ 340.208256][T14113] nl80211_set_interface+0x773/0xaa0 [ 340.208293][T14113] ? __pfx_nl80211_set_interface+0x10/0x10 [ 340.208324][T14113] ? nl80211_pre_doit+0x4fb/0x930 [ 340.208355][T14113] genl_family_rcv_msg_doit+0x215/0x300 [ 340.208389][T14113] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 340.208429][T14113] ? bpf_lsm_capable+0x9/0x20 [ 340.208459][T14113] ? security_capable+0x7e/0x2e0 [ 340.208510][T14113] genl_rcv_msg+0x60e/0x790 [ 340.208545][T14113] ? __pfx_genl_rcv_msg+0x10/0x10 [ 340.208569][T14113] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 340.208591][T14113] ? __pfx_nl80211_set_interface+0x10/0x10 [ 340.208614][T14113] ? __pfx_nl80211_post_doit+0x10/0x10 [ 340.208656][T14113] netlink_rcv_skb+0x205/0x470 [ 340.208690][T14113] ? __pfx_genl_rcv_msg+0x10/0x10 [ 340.208718][T14113] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 340.208772][T14113] ? down_read+0x1ad/0x2e0 [ 340.208810][T14113] genl_rcv+0x28/0x40 [ 340.208832][T14113] netlink_unicast+0x758/0x8d0 [ 340.208876][T14113] netlink_sendmsg+0x805/0xb30 [ 340.208908][T14113] ? __pfx_netlink_sendmsg+0x10/0x10 [ 340.208933][T14113] ? aa_sock_msg_perm+0x94/0x160 [ 340.208963][T14113] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 340.208987][T14113] ? __pfx_netlink_sendmsg+0x10/0x10 [ 340.209008][T14113] __sock_sendmsg+0x21c/0x270 [ 340.209040][T14113] ____sys_sendmsg+0x505/0x830 [ 340.209068][T14113] ? __pfx_____sys_sendmsg+0x10/0x10 [ 340.209101][T14113] ? import_iovec+0x74/0xa0 [ 340.209127][T14113] ___sys_sendmsg+0x21f/0x2a0 [ 340.209152][T14113] ? __pfx____sys_sendmsg+0x10/0x10 [ 340.209217][T14113] ? __fget_files+0x2a/0x420 [ 340.209248][T14113] ? __fget_files+0x3a0/0x420 [ 340.209292][T14113] __x64_sys_sendmsg+0x19b/0x260 [ 340.209318][T14113] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 340.209352][T14113] ? __pfx_ksys_write+0x10/0x10 [ 340.209377][T14113] ? rcu_is_watching+0x15/0xb0 [ 340.209414][T14113] ? do_syscall_64+0xbe/0x3b0 [ 340.209446][T14113] do_syscall_64+0xfa/0x3b0 [ 340.209472][T14113] ? lockdep_hardirqs_on+0x9c/0x150 [ 340.209498][T14113] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.209519][T14113] ? clear_bhb_loop+0x60/0xb0 [ 340.209545][T14113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.209567][T14113] RIP: 0033:0x7feced38e929 [ 340.209586][T14113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 340.209605][T14113] RSP: 002b:00007feceb1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 340.209628][T14113] RAX: ffffffffffffffda RBX: 00007feced5b5fa0 RCX: 00007feced38e929 [ 340.209644][T14113] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000004 [ 340.209657][T14113] RBP: 00007feceb1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 340.209671][T14113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 340.209683][T14113] R13: 0000000000000000 R14: 00007feced5b5fa0 R15: 00007ffd663fa308 [ 340.209718][T14113] [ 340.655015][T14115] 8021q: adding VLAN 0 to HW filter on device bond2 [ 340.697221][T14122] bond2: (slave veth0_to_bond): making interface the new active one [ 340.706632][T14122] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 340.716761][T14135] !: renamed from dummy0 [ 340.746881][T14143] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2603'. [ 341.105443][T14153] wg2: entered promiscuous mode [ 341.111312][T14153] wg2: entered allmulticast mode [ 341.150631][T14106] bridge0: port 1(bridge_slave_0) entered blocking state [ 341.158758][T14106] bridge0: port 1(bridge_slave_0) entered disabled state [ 341.175524][T14106] bridge_slave_0: entered allmulticast mode [ 341.195336][T14106] bridge_slave_0: entered promiscuous mode [ 341.268574][T14106] bridge0: port 2(bridge_slave_1) entered blocking state [ 341.276564][T14106] bridge0: port 2(bridge_slave_1) entered disabled state [ 341.305663][T14106] bridge_slave_1: entered allmulticast mode [ 341.318084][T14106] bridge_slave_1: entered promiscuous mode [ 341.427719][T14163] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2611'. [ 341.439972][T14169] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2610'. [ 341.527392][ T5829] Bluetooth: hci2: command tx timeout [ 341.527956][ T5845] Bluetooth: hci4: command tx timeout [ 341.578355][T14106] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 341.674853][T14106] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 341.883129][T14106] team0: Port device team_slave_0 added [ 341.908465][T14106] team0: Port device team_slave_1 added [ 342.178795][T14106] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 342.186294][T14106] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 342.268798][T14106] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 342.314763][T14106] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 342.323535][T14106] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 342.349666][T14106] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 342.887025][T14106] hsr_slave_0: entered promiscuous mode [ 342.908971][T14106] hsr_slave_1: entered promiscuous mode [ 343.000724][T14204] x_tables: duplicate underflow at hook 1 [ 343.254508][T14137] chnl_net:caif_netlink_parms(): no params data found [ 343.313233][T14207] sctp: [Deprecated]: syz.3.2622 (pid 14207) Use of int in max_burst socket option deprecated. [ 343.313233][T14207] Use struct sctp_assoc_value instead [ 343.600012][ T5829] Bluetooth: hci2: command tx timeout [ 343.605917][ T5829] Bluetooth: hci4: command tx timeout [ 343.714053][T14219] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 343.726857][T14221] netlink: 260 bytes leftover after parsing attributes in process `syz.0.2623'. [ 343.740198][T14219] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 343.750942][T14219] gretap1: entered promiscuous mode [ 343.756221][T14219] gretap1: entered allmulticast mode [ 343.765589][T14216] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2623'. [ 343.793594][T14137] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.801138][T14137] bridge0: port 1(bridge_slave_0) entered disabled state [ 343.838161][T14137] bridge_slave_0: entered allmulticast mode [ 343.846892][T14137] bridge_slave_0: entered promiscuous mode [ 343.980086][T14137] bridge0: port 2(bridge_slave_1) entered blocking state [ 343.987294][T14137] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.998139][T14137] bridge_slave_1: entered allmulticast mode [ 344.006478][T14137] bridge_slave_1: entered promiscuous mode [ 344.128900][T14137] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 344.191193][T14137] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 344.338431][T14236] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2630'. [ 344.789001][T14137] team0: Port device team_slave_0 added [ 344.820566][T14137] team0: Port device team_slave_1 added [ 345.052664][T14137] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 345.069429][T14137] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 345.114881][T14137] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 345.122492][T14250] netlink: 'syz.3.2635': attribute type 10 has an invalid length. [ 345.133354][T14137] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 345.167620][T14137] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 345.193948][T14137] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 345.404372][T14106] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 345.435295][T14106] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 345.528496][T14137] hsr_slave_0: entered promiscuous mode [ 345.543482][T14137] hsr_slave_1: entered promiscuous mode [ 345.553027][T14137] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 345.561683][T14137] Cannot create hsr debugfs directory [ 345.575125][T14260] batadv1: entered allmulticast mode [ 345.588745][T14106] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 345.627854][T14106] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 345.679116][ T5845] Bluetooth: hci2: command tx timeout [ 345.685060][ T5829] Bluetooth: hci4: command tx timeout [ 346.695568][T14106] 8021q: adding VLAN 0 to HW filter on device bond0 [ 346.829974][T14106] 8021q: adding VLAN 0 to HW filter on device team0 [ 346.976749][ T6187] bridge0: port 1(bridge_slave_0) entered blocking state [ 346.984568][ T6187] bridge0: port 1(bridge_slave_0) entered forwarding state [ 347.055606][ T6187] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.063413][ T6187] bridge0: port 2(bridge_slave_1) entered forwarding state [ 347.221347][T14137] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 347.252124][T14137] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 347.284104][T14137] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 347.347805][T14137] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 347.730052][T14307] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2652'. [ 347.764591][ T5829] Bluetooth: hci4: command tx timeout [ 347.830790][T14137] 8021q: adding VLAN 0 to HW filter on device bond0 [ 347.979730][T14137] 8021q: adding VLAN 0 to HW filter on device team0 [ 348.029753][ T6187] bridge0: port 1(bridge_slave_0) entered blocking state [ 348.037549][ T6187] bridge0: port 1(bridge_slave_0) entered forwarding state [ 348.068259][ T2981] bridge0: port 2(bridge_slave_1) entered blocking state [ 348.076022][ T2981] bridge0: port 2(bridge_slave_1) entered forwarding state [ 348.291798][T14319] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 348.302562][T14326] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2659'. [ 348.340210][T14106] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 348.353650][T14326] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2659'. [ 348.526283][T14333] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 348.588856][T14335] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 349.320525][T14106] veth0_vlan: entered promiscuous mode [ 349.378456][T14106] veth1_vlan: entered promiscuous mode [ 349.469630][T14137] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 349.592309][T14106] veth0_macvtap: entered promiscuous mode [ 349.623643][T14106] veth1_macvtap: entered promiscuous mode [ 349.740789][T14106] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 349.794597][T14106] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 349.851751][T14106] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.933142][T14106] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.978284][T14106] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.987073][T14106] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.070663][T14373] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2667'. [ 350.098526][T14373] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2667'. [ 350.210897][T14137] veth0_vlan: entered promiscuous mode [ 350.291993][T14137] veth1_vlan: entered promiscuous mode [ 350.426982][ T3977] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 350.469888][ T3977] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 350.512458][T14137] veth0_macvtap: entered promiscuous mode [ 350.570571][T14137] veth1_macvtap: entered promiscuous mode [ 350.673132][ T3977] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 350.699998][ T3977] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 350.747111][T14137] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 350.810670][T14137] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 350.904646][T14137] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.930197][T14137] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.955931][T14137] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.980720][T14137] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.028074][T14397] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2674'. [ 351.244606][T14403] netlink: 'syz.1.2675': attribute type 1 has an invalid length. [ 351.253220][ T2981] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 351.277126][T14403] netlink: 'syz.1.2675': attribute type 1 has an invalid length. [ 351.301420][T14403] netlink: 'syz.1.2675': attribute type 1 has an invalid length. [ 351.312773][T14403] netlink: 'syz.1.2675': attribute type 2 has an invalid length. [ 351.316885][ T2981] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 351.335774][T14403] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2675'. [ 351.475850][ T2981] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 351.523618][ T2981] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 351.865284][T14413] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2678'. [ 352.057215][T14426] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2682'. [ 352.106835][T11193] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 352.250138][T14426] hsr_slave_1 (unregistering): left promiscuous mode [ 352.394938][T11193] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 352.509043][T11193] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 352.823736][T11193] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.062528][T11193] bridge_slave_1: left allmulticast mode [ 353.072591][T11193] bridge_slave_1: left promiscuous mode [ 353.081012][T11193] bridge0: port 2(bridge_slave_1) entered disabled state [ 353.091883][T11193] bridge_slave_0: left allmulticast mode [ 353.098004][T11193] bridge_slave_0: left promiscuous mode [ 353.103806][T11193] bridge0: port 1(bridge_slave_0) entered disabled state [ 353.542907][T11193] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 353.554771][T11193] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 353.566476][T11193] bond0 (unregistering): Released all slaves [ 353.844926][T11193] hsr_slave_0: left promiscuous mode [ 353.851507][T11193] hsr_slave_1: left promiscuous mode [ 353.858685][T11193] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 353.866477][T11193] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 353.876931][T11193] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 353.884901][T11193] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 353.913117][T11193] veth1_macvtap: left promiscuous mode [ 353.918823][T11193] veth0_macvtap: left promiscuous mode [ 353.924521][T11193] veth1_vlan: left promiscuous mode [ 353.930348][T11193] veth0_vlan: left promiscuous mode [ 354.882898][ T5845] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 354.903651][ T5845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 354.911898][ T5845] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 354.927610][ T5845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 354.936205][ T5845] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 355.195623][T11193] team0 (unregistering): Port device team_slave_1 removed [ 355.294314][T11193] team0 (unregistering): Port device team_slave_0 removed [ 356.292011][T14462] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 356.408011][T14466] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 356.415583][T14466] IPv6: NLM_F_CREATE should be set when creating new route [ 356.422937][T14466] IPv6: NLM_F_CREATE should be set when creating new route [ 356.430246][T14466] IPv6: NLM_F_CREATE should be set when creating new route [ 356.528136][T14472] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 356.966716][T14488] netlink: 'syz.1.2693': attribute type 2 has an invalid length. [ 357.039561][ T5829] Bluetooth: hci4: command tx timeout [ 357.131008][T14496] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2699'. [ 357.206956][T14496] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check. [ 357.276298][T14456] chnl_net:caif_netlink_parms(): no params data found [ 357.900388][T14525] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 357.953595][T14525] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 358.008333][T14529] netlink: 788 bytes leftover after parsing attributes in process `syz.4.2706'. [ 358.065462][T14456] bridge0: port 1(bridge_slave_0) entered blocking state [ 358.075245][T14531] netlink: 136 bytes leftover after parsing attributes in process `syz.1.2707'. [ 358.091576][T14456] bridge0: port 1(bridge_slave_0) entered disabled state [ 358.105316][T14531] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 358.120498][T14456] bridge_slave_0: entered allmulticast mode [ 358.142128][T14456] bridge_slave_0: entered promiscuous mode [ 358.223942][T14456] bridge0: port 2(bridge_slave_1) entered blocking state [ 358.245204][T14456] bridge0: port 2(bridge_slave_1) entered disabled state [ 358.261431][T14456] bridge_slave_1: entered allmulticast mode [ 358.275227][T14456] bridge_slave_1: entered promiscuous mode [ 358.314466][T14541] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2708'. [ 358.364694][T14539] netlink: 116 bytes leftover after parsing attributes in process `syz.3.2708'. [ 358.416465][T14456] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 358.477394][T14456] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 358.726142][T14456] team0: Port device team_slave_0 added [ 358.742361][T14560] nbd: must specify at least one socket [ 358.761670][T14456] team0: Port device team_slave_1 added [ 358.882905][T14456] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 358.897491][T14456] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 358.918692][T14567] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2719'. [ 358.966327][T14456] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 358.986703][T14456] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 359.041483][T14456] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 359.128590][ T5829] Bluetooth: hci4: command tx timeout [ 359.134664][T14456] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 359.240843][T14456] hsr_slave_0: entered promiscuous mode [ 359.248980][T14456] hsr_slave_1: entered promiscuous mode [ 359.256311][T14456] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 359.262681][T14574] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2719'. [ 359.266123][T14456] Cannot create hsr debugfs directory [ 359.284250][T14569] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.2719'. [ 359.380513][T14584] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2724'. [ 359.942454][T14601] netlink: 'syz.0.2730': attribute type 7 has an invalid length. [ 359.972712][T14601] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2730'. [ 360.361322][T14456] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 360.386489][T14456] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 360.405902][T14456] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 360.424711][T14456] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 360.566764][T14456] 8021q: adding VLAN 0 to HW filter on device bond0 [ 360.610366][T14456] 8021q: adding VLAN 0 to HW filter on device team0 [ 360.633162][ T3977] bridge0: port 1(bridge_slave_0) entered blocking state [ 360.640442][ T3977] bridge0: port 1(bridge_slave_0) entered forwarding state [ 360.666826][ T134] bridge0: port 2(bridge_slave_1) entered blocking state [ 360.674156][ T134] bridge0: port 2(bridge_slave_1) entered forwarding state [ 360.963091][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 360.987449][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 361.197687][ T5829] Bluetooth: hci4: command tx timeout [ 361.449922][T14456] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 361.575954][T14456] veth0_vlan: entered promiscuous mode [ 361.649017][T14456] veth1_vlan: entered promiscuous mode [ 361.762369][T14456] veth0_macvtap: entered promiscuous mode [ 361.806582][T14456] veth1_macvtap: entered promiscuous mode [ 361.832994][T14456] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 361.863017][T14456] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 361.903509][T14456] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 361.922248][T14456] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 361.936062][T14456] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 361.952411][T14456] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 362.123026][ T3977] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 362.156040][ T3977] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 362.233465][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 362.246369][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 362.817231][T14694] __nla_validate_parse: 1 callbacks suppressed [ 362.817273][T14694] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2757'. [ 363.501522][ T49] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.964974][ T49] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.050095][ T5845] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 364.059594][ T5845] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 364.067544][ T5845] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 364.079729][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 364.087615][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 364.323809][ T49] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.352585][T14715] chnl_net:caif_netlink_parms(): no params data found [ 364.457130][ T49] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.513633][T14715] bridge0: port 1(bridge_slave_0) entered blocking state [ 364.520984][T14715] bridge0: port 1(bridge_slave_0) entered disabled state [ 364.534713][T14715] bridge_slave_0: entered allmulticast mode [ 364.545141][T14715] bridge_slave_0: entered promiscuous mode [ 364.565403][T14715] bridge0: port 2(bridge_slave_1) entered blocking state [ 364.578063][T14715] bridge0: port 2(bridge_slave_1) entered disabled state [ 364.585371][T14715] bridge_slave_1: entered allmulticast mode [ 364.594013][T14715] bridge_slave_1: entered promiscuous mode [ 364.693643][T14715] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 364.715965][T14715] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 364.822993][T14715] team0: Port device team_slave_0 added [ 364.831604][ T49] bridge_slave_1: left allmulticast mode [ 364.841964][ T49] bridge_slave_1: left promiscuous mode [ 364.848243][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 364.864910][ T49] bridge_slave_0: left allmulticast mode [ 364.870973][ T49] bridge_slave_0: left promiscuous mode [ 364.876812][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 365.285602][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 365.300765][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 365.314881][ T49] bond0 (unregistering): Released all slaves [ 365.335176][T14715] team0: Port device team_slave_1 added [ 365.407323][T14715] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 365.415382][T14715] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 365.444213][T14715] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 365.500272][T14715] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 365.507277][T14715] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 365.536602][T14715] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 365.769949][T14727] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 365.796542][T14730] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 365.947629][ T49] hsr_slave_0: left promiscuous mode [ 365.959344][ T49] hsr_slave_1: left promiscuous mode [ 365.965520][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 366.009756][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 366.047163][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 366.079807][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 366.140193][T14738] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2771'. [ 366.158484][ T5829] Bluetooth: hci0: command tx timeout [ 366.456864][ T49] veth1_macvtap: left promiscuous mode [ 366.518149][ T49] veth0_macvtap: left promiscuous mode [ 366.524426][ T49] veth1_vlan: left promiscuous mode [ 366.577311][ T49] veth0_vlan: left promiscuous mode [ 366.599654][T14746] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2774'. [ 366.772989][ T5845] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 366.784964][ T5845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 366.793015][ T5845] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 366.819160][ T5845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 366.828633][ T5845] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 367.391341][ T49] team0 (unregistering): Port device team_slave_1 removed [ 367.454968][ T49] team0 (unregistering): Port device team_slave_0 removed [ 368.097128][T14715] hsr_slave_0: entered promiscuous mode [ 368.113807][T14715] hsr_slave_1: entered promiscuous mode [ 368.138505][T14715] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 368.146132][T14715] Cannot create hsr debugfs directory [ 368.238353][ T5829] Bluetooth: hci0: command tx timeout [ 368.250693][T14754] IPv6: sit1: Disabled Multicast RS [ 368.340019][T14757] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2777'. [ 368.442704][T14757] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2777'. [ 368.683093][T14769] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2778'. [ 368.888001][ T5829] Bluetooth: hci4: command tx timeout [ 368.952930][T14780] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.2783'. [ 369.134526][T14784] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2786'. [ 369.257284][T14789] netlink: 'syz.4.2787': attribute type 12 has an invalid length. [ 369.305334][T14787] IPVS: lblc: UDP 224.0.0.2:0 - no destination available [ 369.327734][ T5929] IPVS: starting estimator thread 0... [ 369.448576][T14796] IPVS: using max 24 ests per chain, 57600 per kthread [ 369.520248][T14789] (unnamed net_device) (uninitialized): option primary_reselect: invalid value (255) [ 369.968841][T14812] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2790'. [ 370.321992][ T5829] Bluetooth: hci0: command tx timeout [ 370.506293][T14826] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2798'. [ 370.673861][T14830] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2799'. [ 370.778982][ T49] bond1 (unregistering): Released all slaves [ 370.800098][ T49] bond2 (unregistering): Released all slaves [ 370.819398][ T49] bond3 (unregistering): Released all slaves [ 370.854162][T14806] ipvlan0: entered promiscuous mode [ 370.862166][T14806] ipvlan0: entered allmulticast mode [ 370.867655][T14806] veth0_vlan: entered allmulticast mode [ 370.932476][T14749] chnl_net:caif_netlink_parms(): no params data found [ 370.958026][ T5829] Bluetooth: hci4: command tx timeout [ 371.165194][ T49] tipc: Disabling bearer [ 371.183012][ T49] tipc: Left network mode [ 371.291589][T14715] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 371.375206][T14715] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 371.460342][T14715] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 371.527127][T14715] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 371.705337][T14749] bridge0: port 1(bridge_slave_0) entered blocking state [ 371.726415][T14865] netlink: 'syz.4.2807': attribute type 1 has an invalid length. [ 371.735023][T14749] bridge0: port 1(bridge_slave_0) entered disabled state [ 371.749794][T14865] netlink: 'syz.4.2807': attribute type 2 has an invalid length. [ 371.760487][T14749] bridge_slave_0: entered allmulticast mode [ 371.769920][T14749] bridge_slave_0: entered promiscuous mode [ 371.798763][T14749] bridge0: port 2(bridge_slave_1) entered blocking state [ 371.805969][T14749] bridge0: port 2(bridge_slave_1) entered disabled state [ 371.832351][T14749] bridge_slave_1: entered allmulticast mode [ 371.840264][T14867] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2808'. [ 371.852051][T14749] bridge_slave_1: entered promiscuous mode [ 372.036599][T14749] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 372.148526][T14749] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 372.186619][T14876] RDS: rds_bind could not find a transport for ::ffff:100.1.1.2, load rds_tcp or rds_rdma? [ 372.398629][ T5829] Bluetooth: hci0: command tx timeout [ 372.423687][T14749] team0: Port device team_slave_0 added [ 372.453953][T14749] team0: Port device team_slave_1 added [ 372.626590][T14890] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2817'. [ 372.684180][T14887] ip6_vti0: entered promiscuous mode [ 372.698429][T14749] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 372.714369][T14749] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 372.751964][T14749] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 372.843671][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 372.857104][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 373.050138][ T5829] Bluetooth: hci4: command tx timeout [ 373.325537][ T49] team0 (unregistering): Port device team_slave_1 removed [ 373.381168][ T49] team0 (unregistering): Port device team_slave_0 removed [ 373.915336][T14888] ip6_vti0: left promiscuous mode [ 373.929289][T14749] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 373.939206][T14749] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 374.025785][T14749] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 374.312623][T14749] hsr_slave_0: entered promiscuous mode [ 374.326984][T14749] hsr_slave_1: entered promiscuous mode [ 374.340912][T14749] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 374.352670][T14749] Cannot create hsr debugfs directory [ 374.364639][T14920] __nla_validate_parse: 4 callbacks suppressed [ 374.364658][T14920] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2827'. [ 374.521205][T14922] netlink: 'syz.0.2828': attribute type 29 has an invalid length. [ 374.653501][T14925] syzkaller0: entered promiscuous mode [ 374.659264][T14925] syzkaller0: entered allmulticast mode [ 374.672253][T14925] PF_CAN: dropped non conform CAN FD skbuff: dev type 280, len 65487 [ 374.740539][T14715] 8021q: adding VLAN 0 to HW filter on device bond0 [ 374.990891][T14715] 8021q: adding VLAN 0 to HW filter on device team0 [ 375.102988][T11185] bridge0: port 1(bridge_slave_0) entered blocking state [ 375.110262][T11185] bridge0: port 1(bridge_slave_0) entered forwarding state [ 375.125406][ T5829] Bluetooth: hci4: command tx timeout [ 375.208371][ T2981] bridge0: port 2(bridge_slave_1) entered blocking state [ 375.216157][ T2981] bridge0: port 2(bridge_slave_1) entered forwarding state [ 375.272719][T14946] FAULT_INJECTION: forcing a failure. [ 375.272719][T14946] name failslab, interval 1, probability 0, space 0, times 0 [ 375.285725][T14946] CPU: 1 UID: 0 PID: 14946 Comm: syz.1.2835 Not tainted 6.15.0-syzkaller-07819-g919d763d6094 #0 PREEMPT(full) [ 375.285755][T14946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 375.285772][T14946] Call Trace: [ 375.285781][T14946] [ 375.285790][T14946] dump_stack_lvl+0x189/0x250 [ 375.285829][T14946] ? __pfx____ratelimit+0x10/0x10 [ 375.285858][T14946] ? __pfx_dump_stack_lvl+0x10/0x10 [ 375.285891][T14946] ? __pfx__printk+0x10/0x10 [ 375.285918][T14946] ? __kernel_text_address+0xd/0x40 [ 375.285956][T14946] should_fail_ex+0x414/0x560 [ 375.285991][T14946] should_failslab+0xa8/0x100 [ 375.286026][T14946] kmem_cache_alloc_noprof+0x73/0x3c0 [ 375.286056][T14946] ? skb_clone+0x212/0x3a0 [ 375.286078][T14946] ? __pfx_skb_network_protocol+0x10/0x10 [ 375.286105][T14946] skb_clone+0x212/0x3a0 [ 375.286127][T14946] ? dev_queue_xmit_nit+0x25a/0xcc0 [ 375.286163][T14946] dev_queue_xmit_nit+0x416/0xcc0 [ 375.286198][T14946] ? dev_queue_xmit_nit+0x2d/0xcc0 [ 375.286251][T14946] dev_hard_start_xmit+0x1be/0x830 [ 375.286296][T14946] __dev_queue_xmit+0x1adf/0x3a70 [ 375.286334][T14946] ? __dev_queue_xmit+0x27e/0x3a70 [ 375.286369][T14946] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 375.286397][T14946] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 375.286433][T14946] ? __pfx___dev_queue_xmit+0x10/0x10 [ 375.286457][T14946] ? __copy_skb_header+0xa7/0x550 [ 375.286481][T14946] ? __asan_memcpy+0x40/0x70 [ 375.286505][T14946] ? __pskb_copy_fclone+0x9b5/0xfb0 [ 375.286533][T14946] ? __asan_memcpy+0x40/0x70 [ 375.286579][T14946] ? hsr_addr_subst_dest+0x307/0xac0 [ 375.286628][T14946] hsr_forward_skb+0x158b/0x2860 [ 375.286668][T14946] ? hsr_forward_skb+0x9e/0x2860 [ 375.286696][T14946] ? __pfx_hsr_forward_skb+0x10/0x10 [ 375.286719][T14946] ? do_raw_spin_lock+0x121/0x290 [ 375.286745][T14946] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 375.286768][T14946] ? dev_queue_xmit_nit+0xb68/0xcc0 [ 375.286805][T14946] ? hsr_dev_xmit+0x19a/0x220 [ 375.286828][T14946] hsr_dev_xmit+0x1a5/0x220 [ 375.286853][T14946] dev_hard_start_xmit+0x2d7/0x830 [ 375.286896][T14946] __dev_queue_xmit+0x1adf/0x3a70 [ 375.286935][T14946] ? __dev_queue_xmit+0x27e/0x3a70 [ 375.286978][T14946] ? __pfx___dev_queue_xmit+0x10/0x10 [ 375.287000][T14946] ? _copy_from_iter+0x24c/0x16f0 [ 375.287036][T14946] ? sock_alloc_send_pskb+0x875/0x990 [ 375.287071][T14946] ? packet_parse_headers+0x7ff/0xb60 [ 375.287099][T14946] ? packet_parse_headers+0x8b8/0xb60 [ 375.287148][T14946] ? skb_copy_datagram_from_iter+0x60c/0x720 [ 375.287179][T14946] ? packet_xmit+0x68/0x330 [ 375.287210][T14946] packet_sendmsg+0x41b7/0x53f0 [ 375.287254][T14946] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 375.287304][T14946] ? __pfx___might_resched+0x10/0x10 [ 375.287335][T14946] ? __lock_acquire+0xab9/0xd20 [ 375.287381][T14946] ? __pfx_packet_sendmsg+0x10/0x10 [ 375.287406][T14946] ? aa_sk_perm+0x81e/0x950 [ 375.287438][T14946] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 375.287472][T14946] ? __fget_files+0x2a/0x420 [ 375.287506][T14946] ? aa_sock_msg_perm+0x94/0x160 [ 375.287536][T14946] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 375.287562][T14946] ? __pfx_packet_sendmsg+0x10/0x10 [ 375.287585][T14946] __sock_sendmsg+0x21c/0x270 [ 375.287617][T14946] __sys_sendto+0x3bd/0x520 [ 375.287654][T14946] ? __pfx___sys_sendto+0x10/0x10 [ 375.287682][T14946] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 375.287727][T14946] ? __fget_files+0x3a0/0x420 [ 375.287773][T14946] ? ksys_write+0x22a/0x250 [ 375.287810][T14946] ? __pfx_ksys_write+0x10/0x10 [ 375.287846][T14946] __x64_sys_sendto+0xde/0x100 [ 375.287883][T14946] do_syscall_64+0xfa/0x3b0 [ 375.287909][T14946] ? lockdep_hardirqs_on+0x9c/0x150 [ 375.287933][T14946] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.287954][T14946] ? clear_bhb_loop+0x60/0xb0 [ 375.287980][T14946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.288007][T14946] RIP: 0033:0x7f939b18e929 [ 375.288027][T14946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 375.288047][T14946] RSP: 002b:00007f939c01d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 375.288070][T14946] RAX: ffffffffffffffda RBX: 00007f939b3b5fa0 RCX: 00007f939b18e929 [ 375.288087][T14946] RDX: 0000000000000015 RSI: 0000200000000180 RDI: 0000000000000003 [ 375.288102][T14946] RBP: 00007f939c01d090 R08: 0000000000000000 R09: 0000000000000000 [ 375.288115][T14946] R10: 0000000000040000 R11: 0000000000000246 R12: 0000000000000001 [ 375.288128][T14946] R13: 0000000000000000 R14: 00007f939b3b5fa0 R15: 00007ffd9b22b1c8 [ 375.288165][T14946] [ 375.917130][T14715] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 375.929033][T14715] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 375.973193][T14954] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2839'. [ 376.159591][T14961] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2840'. [ 376.179063][T14749] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 376.216736][T14749] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 376.255790][T14749] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 376.296244][T14749] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 376.373458][ T49] IPVS: stop unused estimator thread 0... [ 376.681454][T14749] 8021q: adding VLAN 0 to HW filter on device bond0 [ 376.759933][T14749] 8021q: adding VLAN 0 to HW filter on device team0 [ 376.785131][T11193] bridge0: port 1(bridge_slave_0) entered blocking state [ 376.792387][T11193] bridge0: port 1(bridge_slave_0) entered forwarding state [ 376.805129][T11193] bridge0: port 2(bridge_slave_1) entered blocking state [ 376.812428][T11193] bridge0: port 2(bridge_slave_1) entered forwarding state [ 376.896043][T14715] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 377.112626][ T2981] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.265473][ T2981] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.355368][T14715] veth0_vlan: entered promiscuous mode [ 377.370003][ T2981] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.426343][T14715] veth1_vlan: entered promiscuous mode [ 377.456360][ T2981] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.601080][T14715] veth0_macvtap: entered promiscuous mode [ 377.685451][T14715] veth1_macvtap: entered promiscuous mode [ 377.738843][T14992] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2851'. [ 377.824266][T14715] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 377.940214][T14715] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 378.016219][T14715] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.052652][T14715] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.080953][T14715] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.097633][T14715] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.212928][ T2981] gretap0: left allmulticast mode [ 378.239161][ T2981] gretap0: left promiscuous mode [ 378.244411][ T2981] bridge0: port 3(gretap0) entered disabled state [ 378.266585][ T2981] bridge_slave_1: left allmulticast mode [ 378.278175][ T2981] bridge_slave_1: left promiscuous mode [ 378.284065][ T2981] bridge0: port 2(bridge_slave_1) entered disabled state [ 378.309907][ T2981] bridge_slave_0: left allmulticast mode [ 378.318436][ T2981] bridge_slave_0: left promiscuous mode [ 378.337610][ T2981] bridge0: port 1(bridge_slave_0) entered disabled state [ 378.521861][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 378.536839][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 378.552216][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 378.562532][ T5845] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 378.571995][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 378.726045][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.851762][ T2981] team0: Port device geneve0 removed [ 378.884802][ T2981] team0: Port device bridge0 removed [ 379.096162][ T2981] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 379.112707][ T2981] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 379.126215][ T2981] bond0 (unregistering): Released all slaves [ 379.146782][ T2981] bond1 (unregistering): Released all slaves [ 379.280647][ T2981] bond2 (unregistering): (slave veth0_to_bond): Releasing active interface [ 379.291670][ T2981] bond2 (unregistering): Released all slaves [ 379.310525][ T2981] bond3 (unregistering): Released all slaves [ 379.329655][T14749] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 379.346514][T15000] (unnamed net_device) (uninitialized): up delay (5) is not a multiple of miimon (4), value rounded to 4 ms [ 379.365824][T15000] workqueue: Failed to create a rescuer kthread for wq "bond8": -EINTR [ 379.405865][T15004] tc_dump_action: action bad kind [ 379.772874][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 379.785772][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 379.905333][T14749] veth0_vlan: entered promiscuous mode [ 380.062926][T14749] veth1_vlan: entered promiscuous mode [ 380.138753][ T134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 380.147133][ T134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 380.186604][T15008] chnl_net:caif_netlink_parms(): no params data found [ 380.354369][T15036] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2862'. [ 380.526960][T15042] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.645938][T14749] veth0_macvtap: entered promiscuous mode [ 380.652752][ T5845] Bluetooth: hci3: command tx timeout [ 380.691061][T15042] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.726157][T15008] bridge0: port 1(bridge_slave_0) entered blocking state [ 380.737065][T15008] bridge0: port 1(bridge_slave_0) entered disabled state [ 380.752236][T15008] bridge_slave_0: entered allmulticast mode [ 380.766305][T15008] bridge_slave_0: entered promiscuous mode [ 380.799699][T15008] bridge0: port 2(bridge_slave_1) entered blocking state [ 380.807012][T15008] bridge0: port 2(bridge_slave_1) entered disabled state [ 380.815542][T15008] bridge_slave_1: entered allmulticast mode [ 380.832598][T15008] bridge_slave_1: entered promiscuous mode [ 380.858968][T14749] veth1_macvtap: entered promiscuous mode [ 380.944040][T15042] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.956930][T15050] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2866'. [ 381.006685][ T2981] : left promiscuous mode [ 381.070612][T15042] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.220922][T15050] hsr_slave_1 (unregistering): left promiscuous mode [ 381.314357][T15008] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 381.397827][T15008] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 381.573840][T15008] team0: Port device team_slave_0 added [ 381.595476][T14749] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 381.628153][T15008] team0: Port device team_slave_1 added [ 381.687981][T15042] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 381.728639][T15042] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 381.795236][T14749] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 381.831634][T15008] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 381.838753][T15008] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 381.866552][T15008] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 381.894078][T15067] netlink: 64985 bytes leftover after parsing attributes in process `syz.0.2871'. [ 381.924299][T15042] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 381.957109][T15042] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 381.972042][T15008] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 381.983071][T15008] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 382.020206][T15008] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 382.046047][T14749] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.059414][T14749] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.069374][T14749] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.078703][T14749] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 382.313512][T15008] hsr_slave_0: entered promiscuous mode [ 382.321048][T15008] hsr_slave_1: entered promiscuous mode [ 382.327452][T15008] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 382.335188][T15008] Cannot create hsr debugfs directory [ 382.530192][T15074] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2875'. [ 382.717700][ T5845] Bluetooth: hci3: command tx timeout [ 383.091341][T11193] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 383.134865][T11193] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 383.173075][ T2981] hsr_slave_0: left promiscuous mode [ 383.242238][ T2981] veth1_vlan: left promiscuous mode [ 383.256459][ T2981] veth0_vlan: left promiscuous mode [ 383.703625][ T2981] team0 (unregistering): Port device team_slave_1 removed [ 383.749960][ T2981] team0 (unregistering): Port device team_slave_0 removed [ 384.280699][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 384.303380][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 384.343783][T15111] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2887'. [ 384.357000][T15112] openvswitch: netlink: Key type 16144 is out of range max 32 [ 384.445694][T15111] hsr_slave_0: left promiscuous mode [ 384.691165][ T2981] IPVS: stop unused estimator thread 0... [ 384.807626][ T5845] Bluetooth: hci3: command tx timeout [ 384.940834][ T3977] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.211638][T15126] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2892'. [ 385.229190][T15126] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2892'. [ 385.301429][ T3977] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.332058][T15008] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 385.346297][T15008] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 385.356823][T15008] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 385.373178][T15008] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 385.402745][ T3977] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.496692][T15008] 8021q: adding VLAN 0 to HW filter on device bond0 [ 385.522436][T15008] 8021q: adding VLAN 0 to HW filter on device team0 [ 385.536650][ T2981] bridge0: port 1(bridge_slave_0) entered blocking state [ 385.543907][ T2981] bridge0: port 1(bridge_slave_0) entered forwarding state [ 385.587278][ T3977] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.614160][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 385.621377][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 385.781889][ T3977] bridge_slave_1: left allmulticast mode [ 385.797461][ T3977] bridge_slave_1: left promiscuous mode [ 385.803391][ T3977] bridge0: port 2(bridge_slave_1) entered disabled state [ 385.818205][ T3977] bridge_slave_0: left allmulticast mode [ 385.824429][ T3977] bridge_slave_0: left promiscuous mode [ 385.838228][ T3977] bridge0: port 1(bridge_slave_0) entered disabled state [ 386.200162][ T3977] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 386.214993][ T3977] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 386.226479][ T3977] bond0 (unregistering): Released all slaves [ 386.391102][T15008] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 386.486799][T15008] veth0_vlan: entered promiscuous mode [ 386.500522][T15008] veth1_vlan: entered promiscuous mode [ 386.535228][ T3977] hsr_slave_0: left promiscuous mode [ 386.543805][ T3977] hsr_slave_1: left promiscuous mode [ 386.551519][ T3977] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 386.560079][ T3977] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 386.572435][ T3977] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 386.580094][ T3977] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 386.603566][ T3977] veth1_macvtap: left promiscuous mode [ 386.609379][ T3977] veth0_macvtap: left promiscuous mode [ 386.615003][ T3977] veth1_vlan: left promiscuous mode [ 386.620448][ T3977] veth0_vlan: left promiscuous mode [ 386.882237][ T5845] Bluetooth: hci3: command tx timeout [ 387.294746][ T3977] team0 (unregistering): Port device team_slave_1 removed [ 387.347035][ T3977] team0 (unregistering): Port device team_slave_0 removed [ 387.502729][ T5829] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 387.514119][ T5829] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 387.523000][ T5829] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 387.542230][ T5829] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 387.559503][ T5829] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 388.051629][T15008] veth0_macvtap: entered promiscuous mode [ 388.103128][T15008] veth1_macvtap: entered promiscuous mode [ 388.166938][T15008] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 388.181240][T15157] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2898'. [ 388.323810][T15008] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 388.366163][T15008] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.381936][T15008] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.391126][T15008] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.407644][T15008] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 388.491858][T15169] netlink: 'syz.0.2902': attribute type 29 has an invalid length. [ 388.762733][T15180] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2904'. [ 388.778290][T15180] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2904'. [ 388.822225][T15180] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2904'. [ 388.866558][T15186] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2906'. [ 388.949632][T11185] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 388.959041][T11185] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 389.094407][T15149] chnl_net:caif_netlink_parms(): no params data found [ 389.112495][ T3977] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 389.122617][ T3977] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 389.535799][T15149] bridge0: port 1(bridge_slave_0) entered blocking state [ 389.546345][T15149] bridge0: port 1(bridge_slave_0) entered disabled state [ 389.554592][T15149] bridge_slave_0: entered allmulticast mode [ 389.565227][T15149] bridge_slave_0: entered promiscuous mode [ 389.624533][T15149] bridge0: port 2(bridge_slave_1) entered blocking state [ 389.632129][T15149] bridge0: port 2(bridge_slave_1) entered disabled state [ 389.641058][T15149] bridge_slave_1: entered allmulticast mode [ 389.651039][T15149] bridge_slave_1: entered promiscuous mode [ 389.688364][ T5845] Bluetooth: hci4: command tx timeout [ 389.693194][T15213] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 389.721968][T15149] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 389.735089][T15149] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 389.863174][T15149] team0: Port device team_slave_0 added [ 389.882940][T15149] team0: Port device team_slave_1 added [ 389.992194][ T6187] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.020078][T15228] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2918'. [ 390.073368][T15228] gtp0: entered allmulticast mode [ 390.146196][ T6187] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.187330][T15149] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 390.196483][T15149] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 390.233440][T15149] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 390.296783][ T6187] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.368317][T15149] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 390.375338][T15149] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 390.414039][T15231] IPv6: NLM_F_CREATE should be specified when creating new route [ 390.456899][T15149] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 390.593050][ T6187] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.738772][T15149] hsr_slave_0: entered promiscuous mode [ 390.756662][T15149] hsr_slave_1: entered promiscuous mode [ 390.832407][T15244] openvswitch: netlink: Message has 199 unknown bytes. [ 390.861184][T15244] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 391.075336][ T5829] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 391.085062][ T5829] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 391.095587][ T5829] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 391.116848][ T5829] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 391.133937][ T5829] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 391.261461][T15259] netlink: 'syz.4.2926': attribute type 29 has an invalid length. [ 391.279199][T15257] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2925'. [ 391.500722][T15261] bridge0: port 2(bridge_slave_1) entered disabled state [ 391.508633][T15261] bridge0: port 1(bridge_slave_0) entered disabled state [ 391.767247][ T5829] Bluetooth: hci4: command tx timeout [ 391.823987][ T6187] bridge_slave_1: left allmulticast mode [ 391.836356][T15277] IPv6: NLM_F_CREATE should be specified when creating new route [ 391.854058][ T6187] bridge_slave_1: left promiscuous mode [ 391.875419][ T6187] bridge0: port 2(bridge_slave_1) entered disabled state [ 391.954903][ T6187] bridge_slave_0: left allmulticast mode [ 391.983056][ T6187] bridge_slave_0: left promiscuous mode [ 392.015888][ T6187] bridge0: port 1(bridge_slave_0) entered disabled state [ 392.240726][T15290] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 392.662958][T15304] netlink: 'syz.4.2938': attribute type 1 has an invalid length. [ 392.809115][ T6187] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 392.822524][ T6187] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 392.833328][ T6187] bond0 (unregistering): Released all slaves [ 392.886214][T15298] netlink: 'syz.0.2936': attribute type 1 has an invalid length. [ 392.948602][T15304] 8021q: adding VLAN 0 to HW filter on device bond1 [ 392.986657][T15306] bond1: (slave veth0_to_bond): making interface the new active one [ 392.997154][T15306] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 393.171713][T15311] Bluetooth: MGMT ver 1.23 [ 393.210115][ T5829] Bluetooth: hci3: command tx timeout [ 393.250911][T15311] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2939'. [ 393.363381][T15323] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2942'. [ 393.539795][T15254] chnl_net:caif_netlink_parms(): no params data found [ 393.578081][T15329] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2945'. [ 393.603711][ T6187] hsr_slave_0: left promiscuous mode [ 393.620368][ T6187] hsr_slave_1: left promiscuous mode [ 393.626602][ T6187] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 393.643304][ T6187] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 393.651945][ T6187] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 393.665616][ T6187] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 393.678553][T15329] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 393.712022][ T6187] veth1_macvtap: left promiscuous mode [ 393.718281][ T6187] veth0_macvtap: left promiscuous mode [ 393.724079][ T6187] veth1_vlan: left promiscuous mode [ 393.730360][ T6187] veth0_vlan: left promiscuous mode [ 393.837931][ T5829] Bluetooth: hci4: command tx timeout [ 393.954888][T15340] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2948'. [ 394.388028][ T6187] team0 (unregistering): Port device team_slave_1 removed [ 394.455510][ T6187] team0 (unregistering): Port device team_slave_0 removed [ 395.137762][T15342] netlink: 'syz.3.2949': attribute type 2 has an invalid length. [ 395.278017][ T5829] Bluetooth: hci3: command tx timeout [ 395.403241][T15357] netlink: 'syz.3.2955': attribute type 8 has an invalid length. [ 395.414159][T15254] bridge0: port 1(bridge_slave_0) entered blocking state [ 395.444544][T15254] bridge0: port 1(bridge_slave_0) entered disabled state [ 395.467695][T15254] bridge_slave_0: entered allmulticast mode [ 395.486389][T15254] bridge_slave_0: entered promiscuous mode [ 395.516629][T15254] bridge0: port 2(bridge_slave_1) entered blocking state [ 395.533629][T15254] bridge0: port 2(bridge_slave_1) entered disabled state [ 395.542214][T15254] bridge_slave_1: entered allmulticast mode [ 395.563912][T15254] bridge_slave_1: entered promiscuous mode [ 395.572392][T15366] netlink: 'syz.0.2956': attribute type 11 has an invalid length. [ 395.580780][T15366] netlink: 'syz.0.2956': attribute type 11 has an invalid length. [ 395.591673][T15366] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2956'. [ 395.745199][T15149] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 395.788944][T15149] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 395.859494][T15149] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 395.892298][T15149] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 395.917805][ T5829] Bluetooth: hci4: command tx timeout [ 395.940890][T15254] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 395.963282][T15254] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 395.991868][T15377] netlink: 'syz.0.2960': attribute type 1 has an invalid length. [ 396.019055][T15377] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 396.104696][T15386] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 396.142667][T15386] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2964'. [ 396.214307][T15254] team0: Port device team_slave_0 added [ 396.236834][T15254] team0: Port device team_slave_1 added [ 396.304365][T15254] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 396.311639][T15254] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 396.338422][T15254] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 396.364474][T15254] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 396.395618][T15254] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 396.440428][T15254] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 396.559073][T15254] hsr_slave_0: entered promiscuous mode [ 396.566060][T15254] hsr_slave_1: entered promiscuous mode [ 396.573004][T15254] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 396.580927][T15254] Cannot create hsr debugfs directory [ 396.675160][T15149] 8021q: adding VLAN 0 to HW filter on device bond0 [ 396.822121][T15411] IPVS: set_ctl: invalid protocol: 47 10.1.1.1:20002 [ 396.830408][T15412] netlink: 'syz.3.2973': attribute type 1 has an invalid length. [ 396.847877][T15412] netlink: 'syz.3.2973': attribute type 1 has an invalid length. [ 396.962043][T15149] 8021q: adding VLAN 0 to HW filter on device team0 [ 397.003654][T11185] bridge0: port 1(bridge_slave_0) entered blocking state [ 397.010929][T11185] bridge0: port 1(bridge_slave_0) entered forwarding state [ 397.084190][ T2981] bridge0: port 2(bridge_slave_1) entered blocking state [ 397.091430][ T2981] bridge0: port 2(bridge_slave_1) entered forwarding state [ 397.202511][T15149] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 397.358010][ T5829] Bluetooth: hci3: command tx timeout [ 397.575475][T15429] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2978'. [ 397.586926][T15429] netlink: 10 bytes leftover after parsing attributes in process `syz.4.2978'. [ 397.650650][T15429] netlink: 'syz.4.2978': attribute type 1 has an invalid length. [ 397.745644][T15429] bond2: entered promiscuous mode [ 397.753876][T15429] 8021q: adding VLAN 0 to HW filter on device bond2 [ 397.792515][T15436] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2980'. [ 397.810603][T15436] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2980'. [ 397.859885][T15431] 8021q: adding VLAN 0 to HW filter on device bond2 [ 397.867103][T15431] bond2: (slave wireguard0): The slave device specified does not support setting the MAC address [ 397.878281][T15431] bond2: (slave wireguard0): Setting fail_over_mac to active for active-backup mode [ 397.900589][T15431] bond2: (slave wireguard0): making interface the new active one [ 397.937896][T15431] wireguard0: entered promiscuous mode [ 397.945616][T15431] bond2: (slave wireguard0): Enslaving as an active interface with an up link [ 397.970692][T15254] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 398.029700][T15254] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 398.283223][T15254] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 398.360592][T15254] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 398.483266][T15149] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 398.593366][T15456] netlink: 'syz.4.2986': attribute type 29 has an invalid length. [ 398.681884][T15149] veth0_vlan: entered promiscuous mode [ 398.816050][T15149] veth1_vlan: entered promiscuous mode [ 398.955903][T15149] veth0_macvtap: entered promiscuous mode [ 398.987341][T15149] veth1_macvtap: entered promiscuous mode [ 399.054731][T15254] 8021q: adding VLAN 0 to HW filter on device bond0 [ 399.096210][T15149] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 399.105751][T15468] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2989'. [ 399.182864][T15149] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 399.219385][T15471] Bluetooth: MGMT ver 1.23 [ 399.234088][T15149] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.243565][T15149] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.253211][T15149] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.262598][T15149] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.324127][T15254] 8021q: adding VLAN 0 to HW filter on device team0 [ 399.359029][T11193] bridge0: port 1(bridge_slave_0) entered blocking state [ 399.366259][T11193] bridge0: port 1(bridge_slave_0) entered forwarding state [ 399.423835][T11193] bridge0: port 2(bridge_slave_1) entered blocking state [ 399.431146][T11193] bridge0: port 2(bridge_slave_1) entered forwarding state [ 399.448222][ T5829] Bluetooth: hci3: command tx timeout [ 399.570405][T15254] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 399.606416][T15254] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 399.721375][T11193] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 399.755087][T11193] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 399.835682][ T6187] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 399.854460][ T6187] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 400.127267][T15254] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 400.221552][T15492] netlink: 'syz.4.2997': attribute type 29 has an invalid length. [ 400.320965][T15254] veth0_vlan: entered promiscuous mode [ 400.361209][T15254] veth1_vlan: entered promiscuous mode [ 400.724513][T15509] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3000'. [ 400.754651][T15509] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3000'. [ 400.791512][ T3977] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 400.933140][ T3977] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 400.983531][T15254] veth0_macvtap: entered promiscuous mode [ 400.993744][T15254] veth1_macvtap: entered promiscuous mode [ 401.016549][T15254] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 401.042844][T15254] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 401.066512][ T3977] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.093725][T15254] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 401.102843][T15254] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 401.112890][T15254] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 401.122360][T15254] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 401.252304][ T3977] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.275025][ T134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 401.289614][ T134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 401.331225][ T134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 401.340872][ T134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 401.506151][ T3977] bridge_slave_1: left allmulticast mode [ 401.518070][ T3977] bridge_slave_1: left promiscuous mode [ 401.523842][ T3977] bridge0: port 2(bridge_slave_1) entered disabled state [ 401.536829][ T3977] bridge_slave_0: left allmulticast mode [ 401.542821][ T3977] bridge_slave_0: left promiscuous mode [ 401.552494][ T3977] bridge0: port 1(bridge_slave_0) entered disabled state [ 401.895645][ T3977] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 401.906864][ T3977] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 401.917292][ T3977] bond0 (unregistering): Released all slaves [ 402.179961][ T3977] hsr_slave_0: left promiscuous mode [ 402.190320][ T3977] hsr_slave_1: left promiscuous mode [ 402.196496][ T3977] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 402.204235][ T3977] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 402.220662][ T3977] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 402.228301][ T3977] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 402.286403][ T3977] veth1_macvtap: left promiscuous mode [ 402.292461][ T3977] veth0_macvtap: left promiscuous mode [ 402.303697][ T3977] veth1_vlan: left promiscuous mode [ 402.310176][ T3977] veth0_vlan: left promiscuous mode [ 402.628841][T15517] ieee802154 phy0 wpan0: encryption failed: -22 [ 402.930191][T15529] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3007'. [ 403.371818][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 403.381464][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 403.392520][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 403.403495][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 403.411710][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 403.449192][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 403.459256][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 403.474852][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 403.491984][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 403.501113][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 403.661907][ T3977] team0 (unregistering): Port device team_slave_1 removed [ 403.716024][ T3977] team0 (unregistering): Port device team_slave_0 removed [ 404.155743][T15539] netlink: 'syz.3.3010': attribute type 29 has an invalid length. [ 404.352292][T15546] IPv6: NLM_F_CREATE should be specified when creating new route [ 404.814933][T15563] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3018'. [ 404.919971][ T3977] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.971769][T15535] chnl_net:caif_netlink_parms(): no params data found [ 405.064480][ T3977] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.083477][T15573] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3022'. [ 405.116928][T15576] netlink: 'syz.4.3021': attribute type 21 has an invalid length. [ 405.126251][T15536] chnl_net:caif_netlink_parms(): no params data found [ 405.246729][T15573] hsr_slave_1 (unregistering): left promiscuous mode [ 405.271511][T15576] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3021'. [ 405.306995][T15581] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3024'. [ 405.460771][ T3977] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.498312][T15585] netlink: 'syz.4.3025': attribute type 29 has an invalid length. [ 405.519647][ T5829] Bluetooth: hci4: command tx timeout [ 405.585669][ T3977] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.607772][ T5829] Bluetooth: hci3: command tx timeout [ 405.765855][T15603] netlink: 220 bytes leftover after parsing attributes in process `syz.0.3032'. [ 405.802916][T15536] bridge0: port 1(bridge_slave_0) entered blocking state [ 405.824570][T15536] bridge0: port 1(bridge_slave_0) entered disabled state [ 405.848371][T15536] bridge_slave_0: entered allmulticast mode [ 405.857108][T15536] bridge_slave_0: entered promiscuous mode [ 405.894814][T15536] bridge0: port 2(bridge_slave_1) entered blocking state [ 405.918840][T15536] bridge0: port 2(bridge_slave_1) entered disabled state [ 405.931342][T15613] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3033'. [ 405.942385][T15536] bridge_slave_1: entered allmulticast mode [ 405.962242][T15536] bridge_slave_1: entered promiscuous mode [ 406.035626][T15535] bridge0: port 1(bridge_slave_0) entered blocking state [ 406.045423][T15535] bridge0: port 1(bridge_slave_0) entered disabled state [ 406.061543][T15535] bridge_slave_0: entered allmulticast mode [ 406.074909][T15535] bridge_slave_0: entered promiscuous mode [ 406.215736][T15535] bridge0: port 2(bridge_slave_1) entered blocking state [ 406.237993][T15535] bridge0: port 2(bridge_slave_1) entered disabled state [ 406.256032][T15535] bridge_slave_1: entered allmulticast mode [ 406.266610][T15535] bridge_slave_1: entered promiscuous mode [ 406.339008][T15536] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 406.462257][T15536] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 406.547173][T15535] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 406.667852][T15535] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 406.708478][T15536] team0: Port device team_slave_0 added [ 406.841253][T15536] team0: Port device team_slave_1 added [ 406.974656][ T3977] bridge_slave_1: left allmulticast mode [ 406.996015][ T3977] bridge_slave_1: left promiscuous mode [ 407.017684][ T3977] bridge0: port 2(bridge_slave_1) entered disabled state [ 407.039463][ T3977] bridge_slave_0: left allmulticast mode [ 407.051916][ T3977] bridge_slave_0: left promiscuous mode [ 407.060039][ T3977] bridge0: port 1(bridge_slave_0) entered disabled state [ 407.560096][ T3977] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 407.575381][ T3977] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 407.586336][ T3977] bond0 (unregistering): Released all slaves [ 407.597923][ T5829] Bluetooth: hci4: command tx timeout [ 407.610565][T15650] netem: change failed [ 407.621509][T15535] team0: Port device team_slave_0 added [ 407.634261][T15647] pim6reg527: entered allmulticast mode [ 407.642604][T15536] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 407.657634][T15536] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 407.684351][ T5829] Bluetooth: hci3: command tx timeout [ 407.698405][T15536] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 407.799502][T15535] team0: Port device team_slave_1 added [ 407.823451][T15536] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 407.853546][T15536] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 407.888455][T15536] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 408.061501][T15535] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 408.090157][T15535] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 408.131044][T15674] netlink: 'syz.3.3051': attribute type 13 has an invalid length. [ 408.144118][T15535] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 408.189603][T15674] lo: entered promiscuous mode [ 408.194533][T15674] lo: entered allmulticast mode [ 408.204852][T15674] tunl0: entered promiscuous mode [ 408.210477][T15674] tunl0: entered allmulticast mode [ 408.225693][T15674] gre0: entered promiscuous mode [ 408.231616][T15674] gre0: entered allmulticast mode [ 408.249960][T15674] gretap0: entered promiscuous mode [ 408.255209][T15674] gretap0: entered allmulticast mode [ 408.265034][T15674] gretap0: refused to change device tx_queue_len [ 408.272934][T15674] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 408.328736][T15535] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 408.335825][T15535] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 408.364013][T15535] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 408.436525][T15536] hsr_slave_0: entered promiscuous mode [ 408.450041][T15536] hsr_slave_1: entered promiscuous mode [ 408.460036][T15681] netlink: 'syz.0.3053': attribute type 29 has an invalid length. [ 408.485122][T15683] bridge_slave_0: left allmulticast mode [ 408.491725][T15683] bridge_slave_0: left promiscuous mode [ 408.501251][T15683] bridge0: port 1(bridge_slave_0) entered disabled state [ 408.513554][T15683] bridge_slave_1: left allmulticast mode [ 408.521278][T15683] bridge_slave_1: left promiscuous mode [ 408.527119][T15683] bridge0: port 2(bridge_slave_1) entered disabled state [ 408.547306][T15683] bond0: (slave bond_slave_0): Releasing backup interface [ 408.570419][T15683] bond0: (slave bond_slave_1): Releasing backup interface [ 408.598270][T15683] team0: Port device team_slave_0 removed [ 408.623080][T15683] team0: Port device team_slave_1 removed [ 408.630292][T15683] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 408.650099][T15683] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 408.665669][T15683] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 408.673986][T15683] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 408.730631][ T3977] hsr_slave_0: left promiscuous mode [ 408.737104][ T3977] hsr_slave_1: left promiscuous mode [ 408.746448][T15692] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3057'. [ 408.757122][ T3977] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 408.764777][ T3977] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 408.785654][ T3977] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 408.802305][ T3977] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 408.865825][ T3977] veth1_macvtap: left promiscuous mode [ 408.873181][ T3977] veth0_macvtap: left promiscuous mode [ 408.881076][ T3977] veth1_vlan: left promiscuous mode [ 408.886545][ T3977] veth0_vlan: left promiscuous mode [ 409.074538][T15700] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3059'. [ 409.375620][ T3977] team0 (unregistering): Port device team_slave_1 removed [ 409.441807][ T3977] team0 (unregistering): Port device team_slave_0 removed [ 409.687906][ T5829] Bluetooth: hci4: command tx timeout [ 409.767782][ T5829] Bluetooth: hci3: command tx timeout [ 410.245959][T15535] hsr_slave_0: entered promiscuous mode [ 410.276278][T15535] hsr_slave_1: entered promiscuous mode [ 410.294949][T15716] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3062'. [ 410.300813][T15535] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 410.321177][T15535] Cannot create hsr debugfs directory [ 410.515437][T15723] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3065'. [ 410.595593][T15714] syzkaller0: entered promiscuous mode [ 410.601899][T15714] syzkaller0: entered allmulticast mode [ 411.769857][ T5829] Bluetooth: hci4: command tx timeout [ 411.851726][ T5829] Bluetooth: hci3: command tx timeout [ 412.206427][T15728] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 412.406565][ T24] IPVS: starting estimator thread 0... [ 412.416038][T15737] netlink: 'syz.4.3069': attribute type 21 has an invalid length. [ 412.424437][T15737] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3069'. [ 412.470766][T15742] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3069'. [ 412.484912][T15737] netlink: 3 bytes leftover after parsing attributes in process `syz.4.3069'. [ 412.528079][T15739] IPVS: using max 23 ests per chain, 55200 per kthread [ 412.904798][T15763] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3075'. [ 413.214065][T15536] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 413.298251][T15536] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 413.319462][T15536] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 413.348934][T15776] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3081'. [ 413.363538][T15536] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 414.066594][T15536] 8021q: adding VLAN 0 to HW filter on device bond0 [ 414.112816][T15535] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 414.147296][T15536] 8021q: adding VLAN 0 to HW filter on device team0 [ 414.155550][T15535] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 414.185596][T15796] FAULT_INJECTION: forcing a failure. [ 414.185596][T15796] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 414.207877][T15796] CPU: 1 UID: 0 PID: 15796 Comm: syz.3.3088 Not tainted 6.15.0-syzkaller-07819-g919d763d6094 #0 PREEMPT(full) [ 414.207910][T15796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 414.207924][T15796] Call Trace: [ 414.207932][T15796] [ 414.207942][T15796] dump_stack_lvl+0x189/0x250 [ 414.207980][T15796] ? __pfx____ratelimit+0x10/0x10 [ 414.208007][T15796] ? __pfx_dump_stack_lvl+0x10/0x10 [ 414.208048][T15796] ? __pfx__printk+0x10/0x10 [ 414.208071][T15796] ? __might_fault+0xb0/0x130 [ 414.208115][T15796] should_fail_ex+0x414/0x560 [ 414.208147][T15796] _copy_from_user+0x2d/0xb0 [ 414.208171][T15796] ___sys_recvmsg+0x12e/0x510 [ 414.208200][T15796] ? __pfx____sys_recvmsg+0x10/0x10 [ 414.208251][T15796] ? __fget_files+0x3a0/0x420 [ 414.208293][T15796] do_recvmmsg+0x307/0x770 [ 414.208326][T15796] ? __pfx_do_recvmmsg+0x10/0x10 [ 414.208363][T15796] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 414.208411][T15796] __x64_sys_recvmmsg+0x190/0x240 [ 414.208437][T15796] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 414.208458][T15796] ? rcu_is_watching+0x15/0xb0 [ 414.208495][T15796] ? do_syscall_64+0xbe/0x3b0 [ 414.208527][T15796] do_syscall_64+0xfa/0x3b0 [ 414.208552][T15796] ? lockdep_hardirqs_on+0x9c/0x150 [ 414.208577][T15796] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.208598][T15796] ? clear_bhb_loop+0x60/0xb0 [ 414.208624][T15796] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 414.208645][T15796] RIP: 0033:0x7f6b5778e929 [ 414.208664][T15796] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 414.208682][T15796] RSP: 002b:00007f6b5852c038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 414.208704][T15796] RAX: ffffffffffffffda RBX: 00007f6b579b5fa0 RCX: 00007f6b5778e929 [ 414.208720][T15796] RDX: 0000000000000002 RSI: 0000200000001f00 RDI: 0000000000000005 [ 414.208733][T15796] RBP: 00007f6b5852c090 R08: 0000000000000000 R09: 0000000000000000 [ 414.208746][T15796] R10: 0000000000002060 R11: 0000000000000246 R12: 0000000000000001 [ 414.208758][T15796] R13: 0000000000000000 R14: 00007f6b579b5fa0 R15: 00007ffe8a7d6388 [ 414.208791][T15796] [ 414.209785][T15535] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 414.430346][T15802] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3090'. [ 414.461631][T15804] netlink: 'syz.3.3091': attribute type 21 has an invalid length. [ 414.473849][T15535] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 414.481416][T15804] netlink: 128 bytes leftover after parsing attributes in process `syz.3.3091'. [ 414.533299][T15804] netlink: 'syz.3.3091': attribute type 5 has an invalid length. [ 414.542900][T15804] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3091'. [ 414.565550][ T3977] bridge0: port 1(bridge_slave_0) entered blocking state [ 414.572766][ T3977] bridge0: port 1(bridge_slave_0) entered forwarding state [ 414.611895][T11193] bridge0: port 2(bridge_slave_1) entered blocking state [ 414.619153][T11193] bridge0: port 2(bridge_slave_1) entered forwarding state [ 414.683126][T15809] netlink: 'syz.4.3093': attribute type 29 has an invalid length. [ 414.835530][T15535] 8021q: adding VLAN 0 to HW filter on device bond0 [ 414.881832][T15535] 8021q: adding VLAN 0 to HW filter on device team0 [ 414.926117][ T6187] bridge0: port 1(bridge_slave_0) entered blocking state [ 414.933426][ T6187] bridge0: port 1(bridge_slave_0) entered forwarding state [ 414.952295][ T6187] bridge0: port 2(bridge_slave_1) entered blocking state [ 414.959547][ T6187] bridge0: port 2(bridge_slave_1) entered forwarding state [ 415.176694][T15536] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 415.257033][T15536] veth0_vlan: entered promiscuous mode [ 415.288552][T15536] veth1_vlan: entered promiscuous mode [ 415.369549][T15535] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 415.378143][T15536] veth0_macvtap: entered promiscuous mode [ 415.392616][T15536] veth1_macvtap: entered promiscuous mode [ 415.457172][T15536] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 415.479204][T15536] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 415.516679][T15536] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.535998][T15536] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.556328][T15536] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.558949][T15828] netlink: 'syz.0.3097': attribute type 21 has an invalid length. [ 415.566177][T15536] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 415.580986][T15828] netlink: 128 bytes leftover after parsing attributes in process `syz.0.3097'. [ 415.885018][T15828] netlink: 'syz.0.3097': attribute type 5 has an invalid length. [ 415.899912][T15828] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3097'. [ 416.026021][T15535] veth0_vlan: entered promiscuous mode [ 416.134985][T15535] veth1_vlan: entered promiscuous mode [ 416.234473][ T134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 416.267059][ T134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 416.283442][T15840] FAULT_INJECTION: forcing a failure. [ 416.283442][T15840] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 416.366071][T15840] CPU: 1 UID: 0 PID: 15840 Comm: syz.3.3101 Not tainted 6.15.0-syzkaller-07819-g919d763d6094 #0 PREEMPT(full) [ 416.366112][T15840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 416.366125][T15840] Call Trace: [ 416.366133][T15840] [ 416.366143][T15840] dump_stack_lvl+0x189/0x250 [ 416.366181][T15840] ? __pfx____ratelimit+0x10/0x10 [ 416.366208][T15840] ? __pfx_dump_stack_lvl+0x10/0x10 [ 416.366241][T15840] ? __pfx__printk+0x10/0x10 [ 416.366264][T15840] ? __might_fault+0xb0/0x130 [ 416.366307][T15840] should_fail_ex+0x414/0x560 [ 416.366340][T15840] _copy_to_iter+0x3f5/0x16f0 [ 416.366386][T15840] ? __pfx__copy_to_iter+0x10/0x10 [ 416.366417][T15840] ? __pfx___might_resched+0x10/0x10 [ 416.366464][T15840] rng_recvmsg+0x1ba/0x260 [ 416.366498][T15840] ? __pfx_rng_recvmsg+0x10/0x10 [ 416.366541][T15840] ? aa_sock_msg_perm+0x94/0x160 [ 416.366570][T15840] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 416.366594][T15840] ? security_socket_recvmsg+0x7e/0x2e0 [ 416.366628][T15840] ? __pfx_rng_recvmsg+0x10/0x10 [ 416.366658][T15840] sock_recvmsg+0x22c/0x270 [ 416.366691][T15840] ____sys_recvmsg+0x1c9/0x460 [ 416.366724][T15840] ? __pfx_____sys_recvmsg+0x10/0x10 [ 416.366764][T15840] ? import_iovec+0x74/0xa0 [ 416.366790][T15840] ___sys_recvmsg+0x1b5/0x510 [ 416.366819][T15840] ? __pfx____sys_recvmsg+0x10/0x10 [ 416.366871][T15840] ? __fget_files+0x3a0/0x420 [ 416.366915][T15840] do_recvmmsg+0x307/0x770 [ 416.366948][T15840] ? __pfx_do_recvmmsg+0x10/0x10 [ 416.366985][T15840] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 416.367035][T15840] __x64_sys_recvmmsg+0x190/0x240 [ 416.367062][T15840] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 416.367082][T15840] ? rcu_is_watching+0x15/0xb0 [ 416.367127][T15840] ? do_syscall_64+0xbe/0x3b0 [ 416.367158][T15840] do_syscall_64+0xfa/0x3b0 [ 416.367183][T15840] ? lockdep_hardirqs_on+0x9c/0x150 [ 416.367209][T15840] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.367231][T15840] ? clear_bhb_loop+0x60/0xb0 [ 416.367257][T15840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.367278][T15840] RIP: 0033:0x7f6b5778e929 [ 416.367297][T15840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 416.367317][T15840] RSP: 002b:00007f6b5852c038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 416.367340][T15840] RAX: ffffffffffffffda RBX: 00007f6b579b5fa0 RCX: 00007f6b5778e929 [ 416.367355][T15840] RDX: 0000000000000002 RSI: 0000200000001f00 RDI: 0000000000000005 [ 416.367368][T15840] RBP: 00007f6b5852c090 R08: 0000000000000000 R09: 0000000000000000 [ 416.367385][T15840] R10: 0000000000002060 R11: 0000000000000246 R12: 0000000000000001 [ 416.367397][T15840] R13: 0000000000000000 R14: 00007f6b579b5fa0 R15: 00007ffe8a7d6388 [ 416.367430][T15840] [ 416.672659][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 416.684594][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 416.727411][T15535] veth0_macvtap: entered promiscuous mode [ 416.773144][T15535] veth1_macvtap: entered promiscuous mode [ 416.869107][T15535] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 416.883464][T15535] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 416.894519][T15535] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 416.905395][T15535] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 416.915505][T15535] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 416.924362][T15535] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 416.983168][T15854] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3105'. [ 417.310637][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 417.349832][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 417.425280][T11193] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 417.450730][T15861] netlink: 'syz.3.3108': attribute type 1 has an invalid length. [ 417.454890][T11193] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 417.458995][T15861] netlink: 232 bytes leftover after parsing attributes in process `syz.3.3108'. [ 417.493799][T15861] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3108'. [ 417.787633][T15873] netlink: 'syz.4.3110': attribute type 21 has an invalid length. [ 417.796774][T15873] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3110'. [ 417.870352][ T49] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.912864][T15873] netlink: 'syz.4.3110': attribute type 5 has an invalid length. [ 417.922594][T15873] netlink: 3 bytes leftover after parsing attributes in process `syz.4.3110'. [ 418.517201][ T49] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.684464][ T49] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.835240][ T49] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.892808][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 418.902334][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 418.913411][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 418.923239][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 418.931448][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 419.023543][ T49] bridge_slave_1: left allmulticast mode [ 419.030494][ T49] bridge_slave_1: left promiscuous mode [ 419.036374][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 419.049550][ T49] bridge_slave_0: left allmulticast mode [ 419.055230][ T49] bridge_slave_0: left promiscuous mode [ 419.061273][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 419.381720][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 419.393555][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 419.404878][ T49] bond0 (unregistering): Released all slaves [ 419.651497][T15885] chnl_net:caif_netlink_parms(): no params data found [ 419.695306][ T49] hsr_slave_0: left promiscuous mode [ 419.703488][ T49] hsr_slave_1: left promiscuous mode [ 419.716057][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 419.723679][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 419.735086][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 419.743467][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 419.768146][ T49] veth1_macvtap: left promiscuous mode [ 419.773712][ T49] veth0_macvtap: left promiscuous mode [ 419.779594][ T49] veth1_vlan: left promiscuous mode [ 419.784891][ T49] veth0_vlan: left promiscuous mode [ 420.248653][ T49] team0 (unregistering): Port device team_slave_1 removed [ 420.297254][ T49] team0 (unregistering): Port device team_slave_0 removed [ 420.661827][T15899] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3115'. [ 420.967938][ T51] Bluetooth: hci3: command tx timeout [ 421.085092][ T5829] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 421.095798][ T5829] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 421.113293][ T5829] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 421.125144][ T5829] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 421.147797][ T5829] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 421.269221][T15885] bridge0: port 1(bridge_slave_0) entered blocking state [ 421.276558][T15885] bridge0: port 1(bridge_slave_0) entered disabled state [ 421.284292][T15885] bridge_slave_0: entered allmulticast mode [ 421.294254][T15885] bridge_slave_0: entered promiscuous mode [ 421.315476][T15885] bridge0: port 2(bridge_slave_1) entered blocking state [ 421.331564][T15885] bridge0: port 2(bridge_slave_1) entered disabled state [ 421.339728][T15885] bridge_slave_1: entered allmulticast mode [ 421.348316][T15885] bridge_slave_1: entered promiscuous mode [ 421.403530][T15885] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 421.419309][T15885] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 421.556215][T15885] team0: Port device team_slave_0 added [ 421.576243][T15885] team0: Port device team_slave_1 added [ 421.688527][T15885] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 421.700918][T15885] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 421.728128][T15885] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 421.766192][T15885] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 421.777539][T15885] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 421.847585][T15885] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 422.043377][T15885] hsr_slave_0: entered promiscuous mode [ 422.145720][T15885] hsr_slave_1: entered promiscuous mode [ 422.168057][T15932] netlink: 'syz.4.3127': attribute type 21 has an invalid length. [ 422.213416][T15932] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3127'. [ 422.293178][ T49] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.354682][T15935] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3128'. [ 422.372527][T15932] netlink: 'syz.4.3127': attribute type 5 has an invalid length. [ 422.388025][T15932] netlink: 3 bytes leftover after parsing attributes in process `syz.4.3127'. [ 422.474937][ T49] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.564240][ T49] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.715865][ T49] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.775968][T15949] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3131'. [ 422.786738][T15907] chnl_net:caif_netlink_parms(): no params data found [ 423.045533][ T5829] Bluetooth: hci3: command tx timeout [ 423.209163][ T5829] Bluetooth: hci4: command tx timeout [ 423.273463][ T49] bridge_slave_1: left allmulticast mode [ 423.280759][ T49] bridge_slave_1: left promiscuous mode [ 423.286862][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 423.303423][ T49] bridge_slave_0: left allmulticast mode [ 423.317696][ T49] bridge_slave_0: left promiscuous mode [ 423.326764][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 423.890471][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 423.902361][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 423.913152][ T49] bond0 (unregistering): Released all slaves [ 423.935390][T15907] bridge0: port 1(bridge_slave_0) entered blocking state [ 423.944255][T15907] bridge0: port 1(bridge_slave_0) entered disabled state [ 423.954675][T15907] bridge_slave_0: entered allmulticast mode [ 423.962828][T15907] bridge_slave_0: entered promiscuous mode [ 424.104614][T15907] bridge0: port 2(bridge_slave_1) entered blocking state [ 424.123036][T15907] bridge0: port 2(bridge_slave_1) entered disabled state [ 424.142593][T15907] bridge_slave_1: entered allmulticast mode [ 424.156815][T15907] bridge_slave_1: entered promiscuous mode [ 424.303111][T15998] syzkaller1: entered promiscuous mode [ 424.343733][T15998] syzkaller1: entered allmulticast mode [ 424.352823][T16000] netlink: 'syz.3.3144': attribute type 21 has an invalid length. [ 424.361064][T16000] netlink: 128 bytes leftover after parsing attributes in process `syz.3.3144'. [ 424.394054][T15907] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 424.552714][T16000] netlink: 'syz.3.3144': attribute type 5 has an invalid length. [ 424.567519][T16000] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3144'. [ 424.586445][T15907] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 424.690191][T15907] team0: Port device team_slave_0 added [ 424.721809][ T49] hsr_slave_0: left promiscuous mode [ 424.730801][ T49] hsr_slave_1: left promiscuous mode [ 424.736788][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 424.745815][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 424.754528][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 424.762591][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 424.784657][ T49] veth1_macvtap: left promiscuous mode [ 424.790847][ T49] veth0_macvtap: left promiscuous mode [ 424.796528][ T49] veth1_vlan: left promiscuous mode [ 424.802336][ T49] veth0_vlan: left promiscuous mode [ 425.118024][ T51] Bluetooth: hci3: command tx timeout [ 425.281666][ T51] Bluetooth: hci4: command tx timeout [ 425.405228][ T49] team0 (unregistering): Port device team_slave_1 removed [ 425.499786][ T49] team0 (unregistering): Port device team_slave_0 removed [ 425.767143][ C1] vxcan1: j1939_tp_rxtimer: 0xffff888033125800: rx timeout, send abort [ 425.777135][ C1] vxcan1: j1939_xtp_rx_abort_one: 0xffff888033125800: 0x0ff02: (3) A timeout occurred and this is the connection abort to close the session. [ 426.166745][T15907] team0: Port device team_slave_1 added [ 426.288584][T15907] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 426.295908][T15907] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 426.366401][T15907] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 426.427594][T15907] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 426.434910][T15907] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 426.471186][T15907] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 426.694567][T15907] hsr_slave_0: entered promiscuous mode [ 426.720083][T15907] hsr_slave_1: entered promiscuous mode [ 426.738941][T15907] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 426.743203][T16034] netlink: 'syz.0.3155': attribute type 21 has an invalid length. [ 426.746550][T15907] Cannot create hsr debugfs directory [ 426.778967][T16036] xt_hashlimit: size too large, truncated to 1048576 [ 426.814375][T16034] netlink: 'syz.0.3155': attribute type 6 has an invalid length. [ 426.825399][T16034] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3155'. [ 426.909641][T16038] block nbd2: server does not support multiple connections per device. [ 426.938855][T16038] block nbd2: shutting down sockets [ 426.999585][T15885] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 427.129355][T15885] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 427.145152][T16044] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.3159'. [ 427.164279][T15885] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 427.197675][ T51] Bluetooth: hci3: command tx timeout [ 427.221289][T15885] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 427.357906][ T51] Bluetooth: hci4: command 0x040f tx timeout [ 427.726924][T15885] 8021q: adding VLAN 0 to HW filter on device bond0 [ 427.761091][T15885] 8021q: adding VLAN 0 to HW filter on device team0 [ 427.799951][T11193] bridge0: port 1(bridge_slave_0) entered blocking state [ 427.807176][T11193] bridge0: port 1(bridge_slave_0) entered forwarding state [ 427.817331][T11193] bridge0: port 2(bridge_slave_1) entered blocking state [ 427.824568][T11193] bridge0: port 2(bridge_slave_1) entered forwarding state [ 427.941156][T16073] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3172'. [ 428.118466][T15907] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 428.153937][T15907] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 428.181695][T15907] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 428.211185][T15907] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 428.258326][T15885] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 428.325476][T16081] syzkaller0: entered promiscuous mode [ 428.335834][T16081] syzkaller0: entered allmulticast mode [ 429.450514][ T5829] Bluetooth: hci4: command 0x040f tx timeout [ 430.007127][T16084] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 430.009908][T16086] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3176'. [ 430.182185][T15885] veth0_vlan: entered promiscuous mode [ 430.194196][T16090] vlan0: entered promiscuous mode [ 430.217178][T15907] 8021q: adding VLAN 0 to HW filter on device bond0 [ 430.301482][T15885] veth1_vlan: entered promiscuous mode [ 430.358858][T15907] 8021q: adding VLAN 0 to HW filter on device team0 [ 430.386026][ T6187] bridge0: port 1(bridge_slave_0) entered blocking state [ 430.393240][ T6187] bridge0: port 1(bridge_slave_0) entered forwarding state [ 430.464621][ T6187] bridge0: port 2(bridge_slave_1) entered blocking state [ 430.471975][ T6187] bridge0: port 2(bridge_slave_1) entered forwarding state [ 430.555971][T16102] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3184'. [ 430.557167][T15885] veth0_macvtap: entered promiscuous mode [ 430.620996][T15885] veth1_macvtap: entered promiscuous mode [ 430.726232][T15907] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 430.811223][T15885] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 430.851983][T15885] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 430.889264][T15885] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 430.922664][T16116] netlink: 'syz.4.3189': attribute type 1 has an invalid length. [ 430.928004][T15885] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 430.958998][T15885] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 430.977831][T15885] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.128925][T16119] bond3: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 431.207708][T16119] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3189'. [ 431.218868][T11193] bond3: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 431.252294][T16116] 8021q: adding VLAN 0 to HW filter on device bond3 [ 431.447582][T16119] bond3 (unregistering): (slave ip6gretap1): Removing an active aggregator [ 431.458082][T16119] bond3 (unregistering): (slave ip6gretap1): Releasing backup interface [ 431.472861][T16119] bond3 (unregistering): Released all slaves [ 431.517878][ T5829] Bluetooth: hci4: command 0x040f tx timeout [ 431.547278][T16136] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3194'. [ 431.881525][T15907] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 431.905222][ T134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 431.920372][ T134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 432.009697][T11193] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 432.031180][T11193] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 432.108450][T15907] veth0_vlan: entered promiscuous mode [ 432.125438][T16148] syz.4.3198: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 432.132643][T15907] veth1_vlan: entered promiscuous mode [ 432.153012][T16148] CPU: 0 UID: 0 PID: 16148 Comm: syz.4.3198 Not tainted 6.15.0-syzkaller-07819-g919d763d6094 #0 PREEMPT(full) [ 432.153045][T16148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 432.153061][T16148] Call Trace: [ 432.153071][T16148] [ 432.153082][T16148] dump_stack_lvl+0x189/0x250 [ 432.153127][T16148] ? __pfx_dump_stack_lvl+0x10/0x10 [ 432.153161][T16148] ? __pfx__printk+0x10/0x10 [ 432.153185][T16148] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 432.153220][T16148] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 432.153257][T16148] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 432.153294][T16148] warn_alloc+0x214/0x310 [ 432.153316][T16148] ? stack_depot_save_flags+0x40/0x900 [ 432.153348][T16148] ? __pfx_warn_alloc+0x10/0x10 [ 432.153371][T16148] ? kasan_save_track+0x4f/0x80 [ 432.153399][T16148] ? xskq_create+0x56/0x170 [ 432.153421][T16148] ? xsk_init_queue+0xb0/0x110 [ 432.153442][T16148] ? xsk_setsockopt+0x4de/0x710 [ 432.153464][T16148] ? do_sock_setsockopt+0x25a/0x3e0 [ 432.153496][T16148] ? __x64_sys_setsockopt+0x18b/0x220 [ 432.153529][T16148] ? do_syscall_64+0xfa/0x3b0 [ 432.153554][T16148] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.153587][T16148] __vmalloc_node_range_noprof+0x125/0x1340 [ 432.153657][T16148] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 432.153700][T16148] ? __kasan_kmalloc+0x93/0xb0 [ 432.153734][T16148] vmalloc_user_noprof+0xad/0xf0 [ 432.153757][T16148] ? xskq_create+0xbf/0x170 [ 432.153784][T16148] xskq_create+0xbf/0x170 [ 432.153813][T16148] xsk_init_queue+0xb0/0x110 [ 432.153842][T16148] xsk_setsockopt+0x4de/0x710 [ 432.153870][T16148] ? __pfx_xsk_setsockopt+0x10/0x10 [ 432.153909][T16148] ? aa_sock_opt_perm+0x74/0x110 [ 432.153940][T16148] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 432.153967][T16148] ? __pfx_xsk_setsockopt+0x10/0x10 [ 432.153993][T16148] do_sock_setsockopt+0x25a/0x3e0 [ 432.154031][T16148] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 432.154076][T16148] ? __fget_files+0x2a/0x420 [ 432.154119][T16148] __x64_sys_setsockopt+0x18b/0x220 [ 432.154161][T16148] do_syscall_64+0xfa/0x3b0 [ 432.154187][T16148] ? lockdep_hardirqs_on+0x9c/0x150 [ 432.154214][T16148] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.154236][T16148] ? clear_bhb_loop+0x60/0xb0 [ 432.154264][T16148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.154285][T16148] RIP: 0033:0x7f8207d8e929 [ 432.154305][T16148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 432.154324][T16148] RSP: 002b:00007f8205bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 432.154348][T16148] RAX: ffffffffffffffda RBX: 00007f8207fb5fa0 RCX: 00007f8207d8e929 [ 432.154364][T16148] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000006 [ 432.154378][T16148] RBP: 00007f8207e10b39 R08: 0000000000000004 R09: 0000000000000000 [ 432.154393][T16148] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000 [ 432.154407][T16148] R13: 0000000000000000 R14: 00007f8207fb5fa0 R15: 00007ffdb4c45538 [ 432.154443][T16148] [ 432.154466][T16148] Mem-Info: [ 432.488129][T16148] active_anon:4155 inactive_anon:0 isolated_anon:0 [ 432.488129][T16148] active_file:1814 inactive_file:40039 isolated_file:0 [ 432.488129][T16148] unevictable:768 dirty:348 writeback:0 [ 432.488129][T16148] slab_reclaimable:11492 slab_unreclaimable:115922 [ 432.488129][T16148] mapped:29435 shmem:1373 pagetables:687 [ 432.488129][T16148] sec_pagetables:0 bounce:0 [ 432.488129][T16148] kernel_misc_reclaimable:0 [ 432.488129][T16148] free:1325005 free_pcp:251 free_cma:0 [ 432.536465][T15907] veth0_macvtap: entered promiscuous mode [ 432.564095][T15907] veth1_macvtap: entered promiscuous mode [ 432.618089][T16148] Node 0 active_anon:16620kB inactive_anon:0kB active_file:7256kB inactive_file:159952kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:117740kB dirty:1388kB writeback:0kB shmem:3956kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11544kB pagetables:2348kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 432.651523][T15907] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 432.692758][T16148] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 432.699554][T15907] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 432.751729][T16148] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 432.779871][T16148] lowmem_reserve[]: 0 2501 2503 2503 2503 [ 432.785979][T16148] Node 0 DMA32 free:1363168kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB active_anon:16676kB inactive_anon:0kB active_file:7256kB inactive_file:158112kB unevictable:1536kB writepending:1384kB present:3129332kB managed:2561256kB mlocked:0kB bounce:0kB free_pcp:1180kB local_pcp:692kB free_cma:0kB [ 432.825023][T16148] lowmem_reserve[]: 0 0 1 1 1 [ 432.849885][T16148] Node 0 Normal free:4kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1840kB unevictable:0kB writepending:4kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:8kB free_cma:0kB [ 432.887074][T16148] lowmem_reserve[]: 0 0 0 0 0 [ 432.893549][T16148] Node 1 Normal free:3921588kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 432.922858][T16158] vlan2: entered allmulticast mode [ 432.922884][T16158] bond0: entered allmulticast mode [ 432.939721][T16148] lowmem_reserve[]: 0 0 0 0 0 [ 432.944552][T16148] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 432.959615][T16148] Node 0 DMA32: 229*4kB (UME) 315*8kB (UME) 215*16kB (UME) 152*32kB (UME) 71*64kB (UME) 40*128kB (UM) 21*256kB (UME) 4*512kB (ME) 25*1024kB (UME) 11*2048kB (UM) 314*4096kB (UM) = 1363100kB [ 432.981126][T16148] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 432.994660][T16148] Node 1 Normal: 187*4kB (UME) 51*8kB (UME) 33*16kB (UME) 203*32kB (UME) 103*64kB (UME) 32*128kB (UME) 19*256kB (UME) 13*512kB (UME) 2*1024kB (ME) 3*2048kB (UE) 948*4096kB (M) = 3921588kB [ 433.044429][T16148] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 433.070461][T15907] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 433.086822][T15907] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 433.087537][T16148] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 433.096406][T15907] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 433.123170][T15907] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 433.147595][T16148] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 433.172770][T16148] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 433.208423][T16148] 43224 total pagecache pages [ 433.213194][T16148] 0 pages in swap cache [ 433.237485][T16148] Free swap = 124996kB [ 433.241734][T16148] Total swap = 124996kB [ 433.245936][T16148] 2097051 pages RAM [ 433.260983][ T2981] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.279689][T16148] 0 pages HighMem/MovableOnly [ 433.284445][T16148] 424631 pages reserved [ 433.294960][T16148] 0 pages cma reserved [ 433.386385][ T2981] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.496289][ T2981] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.528234][T11185] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 433.536124][T11185] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 433.573218][ T2981] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.604680][T11185] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 433.612655][T11185] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 433.695051][T15907] ------------[ cut here ]------------ [ 433.701334][T15907] refcount_t: underflow; use-after-free. [ 433.707972][T15907] WARNING: CPU: 0 PID: 15907 at lib/refcount.c:28 refcount_warn_saturate+0x11a/0x1d0 [ 433.717977][T15907] Modules linked in: [ 433.723077][T15907] CPU: 0 UID: 0 PID: 15907 Comm: syz-executor Not tainted 6.15.0-syzkaller-07819-g919d763d6094 #0 PREEMPT(full) [ 433.735623][T15907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 433.745749][T15907] RIP: 0010:refcount_warn_saturate+0x11a/0x1d0 [ 433.752269][T15907] Code: 80 19 e2 8b e8 17 5f c4 fc 90 0f 0b 90 90 eb d7 e8 ab 72 00 fd c6 05 48 23 cb 0a 01 90 48 c7 c7 e0 19 e2 8b e8 f7 5e c4 fc 90 <0f> 0b 90 90 eb b7 e8 8b 72 00 fd c6 05 25 23 cb 0a 01 90 48 c7 c7 [ 433.773353][T15907] RSP: 0018:ffffc900043cf7b8 EFLAGS: 00010246 [ 433.780306][T15907] RAX: 34cb95b8754a3000 RBX: 0000000000000003 RCX: ffff88802f558000 [ 433.788385][T15907] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 433.796373][T15907] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004 [ 433.804409][T15907] R10: dffffc0000000000 R11: fffffbfff1bfa66c R12: ffff888021771800 [ 433.812825][T15907] R13: ffff888046d7d460 R14: ffff888046d7d478 R15: dffffc0000000000 [ 433.821033][T15907] FS: 0000000000000000(0000) GS:ffff888125c66000(0000) knlGS:0000000000000000 [ 433.830141][T15907] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 433.836792][T15907] CR2: 00007ffc616accd4 CR3: 000000003287c000 CR4: 00000000003526f0 [ 433.845294][T15907] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 433.853706][T15907] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 433.861796][T15907] Call Trace: [ 433.865109][T15907] [ 433.868467][T15907] klist_dec_and_del+0x3c7/0x3d0 [ 433.873847][T15907] klist_remove+0x1bd/0x340 [ 433.878865][T15907] ? __pfx_klist_children_put+0x10/0x10 [ 433.884465][T15907] ? __pfx_klist_remove+0x10/0x10 [ 433.889594][T15907] ? __pfx_kobject_move+0x10/0x10 [ 433.894678][T15907] ? get_device_parent+0x366/0x3a0 [ 433.900085][T15907] device_move+0x193/0x700 [ 433.904533][T15907] hci_conn_del_sysfs+0xb8/0x170 [ 433.909579][T15907] hci_conn_del+0x8ff/0xcb0 [ 433.914137][T15907] hci_conn_hash_flush+0x191/0x230 [ 433.920100][T15907] hci_dev_close_sync+0xaef/0x1330 [ 433.925257][T15907] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 433.931432][T15907] ? up_write+0x1c4/0x420 [ 433.935798][T15907] hci_unregister_dev+0x206/0x500 [ 433.940907][T15907] vhci_release+0x80/0xd0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 433.945284][T15907] ? __pfx_vhci_release+0x10/0x10 [ 433.950403][T15907] __fput+0x44c/0xa70 [ 433.954434][T15907] task_work_run+0x1d1/0x260 [ 433.959468][T15907] ? __pfx_task_work_run+0x10/0x10 [ 433.964630][T15907] ? kmem_cache_free+0x18f/0x400 [ 433.969672][T15907] do_exit+0x8d1/0x2550 [ 433.973908][T15907] ? do_raw_spin_lock+0x121/0x290 [ 433.979531][T15907] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 433.984962][T15907] ? __pfx_do_exit+0x10/0x10 [ 433.990409][T15907] ? _raw_spin_unlock_irq+0x23/0x50 [ 433.995679][T15907] ? lockdep_hardirqs_on+0x9c/0x150 [ 434.002576][T15907] do_group_exit+0x21c/0x2d0 [ 434.007249][T15907] __x64_sys_exit_group+0x3f/0x40 [ 434.012429][T15907] x64_sys_call+0x21ba/0x21c0 [ 434.017161][T15907] do_syscall_64+0xfa/0x3b0 [ 434.022162][T15907] ? lockdep_hardirqs_on+0x9c/0x150 [ 434.027471][T15907] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.033613][T15907] ? clear_bhb_loop+0x60/0xb0 [ 434.038394][T15907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.044339][T15907] RIP: 0033:0x7f074d98e929 [ 434.049200][T15907] Code: Unable to access opcode bytes at 0x7f074d98e8ff. [ 434.056265][T15907] RSP: 002b:00007ffcee66bc48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 434.064902][T15907] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f074d98e929 [ 434.073827][T15907] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 434.083365][T15907] RBP: 00007f074d9ee8f0 R08: 00007ffcee6699e7 R09: 0000000000000003 [ 434.092062][T15907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 434.100170][T15907] R13: 0000000000000003 R14: 00000000ffffffff R15: 00007ffcee66be00 [ 434.109061][T15907] [ 434.112147][T15907] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 434.119470][T15907] CPU: 0 UID: 0 PID: 15907 Comm: syz-executor Not tainted 6.15.0-syzkaller-07819-g919d763d6094 #0 PREEMPT(full) [ 434.131411][T15907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 434.141497][T15907] Call Trace: [ 434.144797][T15907] [ 434.147837][T15907] dump_stack_lvl+0x99/0x250 [ 434.152460][T15907] ? __asan_memcpy+0x40/0x70 [ 434.157079][T15907] ? __pfx_dump_stack_lvl+0x10/0x10 [ 434.162310][T15907] ? __pfx__printk+0x10/0x10 [ 434.166936][T15907] panic+0x2db/0x790 [ 434.170871][T15907] ? __pfx_panic+0x10/0x10 [ 434.175336][T15907] __warn+0x31b/0x4b0 [ 434.179348][T15907] ? refcount_warn_saturate+0x11a/0x1d0 [ 434.184927][T15907] ? refcount_warn_saturate+0x11a/0x1d0 [ 434.190590][T15907] report_bug+0x2be/0x4f0 [ 434.194945][T15907] ? refcount_warn_saturate+0x11a/0x1d0 [ 434.200524][T15907] ? refcount_warn_saturate+0x11a/0x1d0 [ 434.206109][T15907] ? refcount_warn_saturate+0x11c/0x1d0 [ 434.211710][T15907] handle_bug+0x84/0x160 [ 434.215999][T15907] exc_invalid_op+0x1a/0x50 [ 434.220545][T15907] asm_exc_invalid_op+0x1a/0x20 [ 434.225425][T15907] RIP: 0010:refcount_warn_saturate+0x11a/0x1d0 [ 434.231604][T15907] Code: 80 19 e2 8b e8 17 5f c4 fc 90 0f 0b 90 90 eb d7 e8 ab 72 00 fd c6 05 48 23 cb 0a 01 90 48 c7 c7 e0 19 e2 8b e8 f7 5e c4 fc 90 <0f> 0b 90 90 eb b7 e8 8b 72 00 fd c6 05 25 23 cb 0a 01 90 48 c7 c7 [ 434.251247][T15907] RSP: 0018:ffffc900043cf7b8 EFLAGS: 00010246 [ 434.257434][T15907] RAX: 34cb95b8754a3000 RBX: 0000000000000003 RCX: ffff88802f558000 [ 434.265518][T15907] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 434.273548][T15907] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004 [ 434.281541][T15907] R10: dffffc0000000000 R11: fffffbfff1bfa66c R12: ffff888021771800 [ 434.289544][T15907] R13: ffff888046d7d460 R14: ffff888046d7d478 R15: dffffc0000000000 [ 434.297563][T15907] ? refcount_warn_saturate+0x119/0x1d0 [ 434.303137][T15907] klist_dec_and_del+0x3c7/0x3d0 [ 434.308113][T15907] klist_remove+0x1bd/0x340 [ 434.312642][T15907] ? __pfx_klist_children_put+0x10/0x10 [ 434.318271][T15907] ? __pfx_klist_remove+0x10/0x10 [ 434.323333][T15907] ? __pfx_kobject_move+0x10/0x10 [ 434.328391][T15907] ? get_device_parent+0x366/0x3a0 [ 434.333530][T15907] device_move+0x193/0x700 [ 434.338072][T15907] hci_conn_del_sysfs+0xb8/0x170 [ 434.343036][T15907] hci_conn_del+0x8ff/0xcb0 [ 434.347581][T15907] hci_conn_hash_flush+0x191/0x230 [ 434.352738][T15907] hci_dev_close_sync+0xaef/0x1330 [ 434.358010][T15907] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 434.363700][T15907] ? up_write+0x1c4/0x420 [ 434.368145][T15907] hci_unregister_dev+0x206/0x500 [ 434.373216][T15907] vhci_release+0x80/0xd0 [ 434.378099][T15907] ? __pfx_vhci_release+0x10/0x10 [ 434.383153][T15907] __fput+0x44c/0xa70 [ 434.387173][T15907] task_work_run+0x1d1/0x260 [ 434.391797][T15907] ? __pfx_task_work_run+0x10/0x10 [ 434.396935][T15907] ? kmem_cache_free+0x18f/0x400 [ 434.401910][T15907] do_exit+0x8d1/0x2550 [ 434.406180][T15907] ? do_raw_spin_lock+0x121/0x290 [ 434.411232][T15907] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 434.416629][T15907] ? __pfx_do_exit+0x10/0x10 [ 434.421267][T15907] ? _raw_spin_unlock_irq+0x23/0x50 [ 434.426518][T15907] ? lockdep_hardirqs_on+0x9c/0x150 [ 434.431753][T15907] do_group_exit+0x21c/0x2d0 [ 434.436377][T15907] __x64_sys_exit_group+0x3f/0x40 [ 434.441509][T15907] x64_sys_call+0x21ba/0x21c0 [ 434.446223][T15907] do_syscall_64+0xfa/0x3b0 [ 434.450769][T15907] ? lockdep_hardirqs_on+0x9c/0x150 [ 434.456008][T15907] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.462101][T15907] ? clear_bhb_loop+0x60/0xb0 [ 434.466804][T15907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.472835][T15907] RIP: 0033:0x7f074d98e929 [ 434.477361][T15907] Code: Unable to access opcode bytes at 0x7f074d98e8ff. [ 434.484401][T15907] RSP: 002b:00007ffcee66bc48 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 434.492844][T15907] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f074d98e929 [ 434.500945][T15907] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 434.508949][T15907] RBP: 00007f074d9ee8f0 R08: 00007ffcee6699e7 R09: 0000000000000003 [ 434.516953][T15907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 434.524949][T15907] R13: 0000000000000003 R14: 00000000ffffffff R15: 00007ffcee66be00 [ 434.532964][T15907] [ 434.536405][T15907] Kernel Offset: disabled [ 434.540765][T15907] Rebooting in 86400 seconds..