last executing test programs: 1m20.757957366s ago: executing program 3 (id=315): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'ip_vti0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x40}}, 0x0) syz_80211_inject_frame(0x0, 0x0, 0x48) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(0x0, 0x0, 0x1e) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$packet(0x11, 0x0, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)={0x20, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x7fff}]}]}, 0x20}, 0x1, 0x0, 0xc00000000000000}, 0x0) 1m18.199332777s ago: executing program 4 (id=650): syz_emit_ethernet(0x46, &(0x7f00000003c0)={@local, @random='\x00 \x00\x00\x00\b', @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@ssrr={0x89, 0x7, 0xb1, [@dev]}, @cipso={0x86, 0x6}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000745f0020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x1c, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7}, {}, {}, [@ldst, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}, @btf_id={0x18, 0x1, 0x3, 0x0, 0xd7}, @map_val={0x18, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) epoll_create(0x8) socket$caif_stream(0x25, 0x1, 0x0) socket$isdn_base(0x22, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$ax25(0x3, 0x3, 0x0) socket$igmp6(0xa, 0x3, 0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x10, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010003b15000000060000000000004888", @ANYRES32=0x0, @ANYBLOB="d530d995212cf95a2000128008000100687372001400028008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES64=r1], 0x40}}, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r3, 0x0) socket$nl_audit(0x10, 0x3, 0x9) 1m4.559286009s ago: executing program 3 (id=315): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'ip_vti0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x40}}, 0x0) syz_80211_inject_frame(0x0, 0x0, 0x48) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(0x0, 0x0, 0x1e) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$packet(0x11, 0x0, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)={0x20, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x7fff}]}]}, 0x20}, 0x1, 0x0, 0xc00000000000000}, 0x0) 1m3.056976197s ago: executing program 4 (id=650): syz_emit_ethernet(0x46, &(0x7f00000003c0)={@local, @random='\x00 \x00\x00\x00\b', @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@ssrr={0x89, 0x7, 0xb1, [@dev]}, @cipso={0x86, 0x6}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000745f0020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x1c, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7}, {}, {}, [@ldst, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}, @btf_id={0x18, 0x1, 0x3, 0x0, 0xd7}, @map_val={0x18, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) epoll_create(0x8) socket$caif_stream(0x25, 0x1, 0x0) socket$isdn_base(0x22, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$ax25(0x3, 0x3, 0x0) socket$igmp6(0xa, 0x3, 0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x10, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010003b15000000060000000000004888", @ANYRES32=0x0, @ANYBLOB="d530d995212cf95a2000128008000100687372001400028008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES64=r1], 0x40}}, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r3, 0x0) socket$nl_audit(0x10, 0x3, 0x9) 50.201402005s ago: executing program 3 (id=315): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'ip_vti0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x40}}, 0x0) syz_80211_inject_frame(0x0, 0x0, 0x48) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(0x0, 0x0, 0x1e) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$packet(0x11, 0x0, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)={0x20, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x7fff}]}]}, 0x20}, 0x1, 0x0, 0xc00000000000000}, 0x0) 48.945995488s ago: executing program 4 (id=650): syz_emit_ethernet(0x46, &(0x7f00000003c0)={@local, @random='\x00 \x00\x00\x00\b', @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@ssrr={0x89, 0x7, 0xb1, [@dev]}, @cipso={0x86, 0x6}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000745f0020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x1c, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7}, {}, {}, [@ldst, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}, @btf_id={0x18, 0x1, 0x3, 0x0, 0xd7}, @map_val={0x18, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) epoll_create(0x8) socket$caif_stream(0x25, 0x1, 0x0) socket$isdn_base(0x22, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$ax25(0x3, 0x3, 0x0) socket$igmp6(0xa, 0x3, 0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x10, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010003b15000000060000000000004888", @ANYRES32=0x0, @ANYBLOB="d530d995212cf95a2000128008000100687372001400028008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES64=r1], 0x40}}, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r3, 0x0) socket$nl_audit(0x10, 0x3, 0x9) 34.768876201s ago: executing program 3 (id=315): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'ip_vti0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x40}}, 0x0) syz_80211_inject_frame(0x0, 0x0, 0x48) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(0x0, 0x0, 0x1e) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$packet(0x11, 0x0, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)={0x20, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x7fff}]}]}, 0x20}, 0x1, 0x0, 0xc00000000000000}, 0x0) 33.107428508s ago: executing program 4 (id=650): syz_emit_ethernet(0x46, &(0x7f00000003c0)={@local, @random='\x00 \x00\x00\x00\b', @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@ssrr={0x89, 0x7, 0xb1, [@dev]}, @cipso={0x86, 0x6}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000745f0020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x1c, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7}, {}, {}, [@ldst, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}, @btf_id={0x18, 0x1, 0x3, 0x0, 0xd7}, @map_val={0x18, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) epoll_create(0x8) socket$caif_stream(0x25, 0x1, 0x0) socket$isdn_base(0x22, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$ax25(0x3, 0x3, 0x0) socket$igmp6(0xa, 0x3, 0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x10, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010003b15000000060000000000004888", @ANYRES32=0x0, @ANYBLOB="d530d995212cf95a2000128008000100687372001400028008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES64=r1], 0x40}}, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r3, 0x0) socket$nl_audit(0x10, 0x3, 0x9) 20.830694441s ago: executing program 3 (id=315): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'ip_vti0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x40}}, 0x0) syz_80211_inject_frame(0x0, 0x0, 0x48) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(0x0, 0x0, 0x1e) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$packet(0x11, 0x0, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)={0x20, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x7fff}]}]}, 0x20}, 0x1, 0x0, 0xc00000000000000}, 0x0) 20.121858777s ago: executing program 4 (id=650): syz_emit_ethernet(0x46, &(0x7f00000003c0)={@local, @random='\x00 \x00\x00\x00\b', @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@ssrr={0x89, 0x7, 0xb1, [@dev]}, @cipso={0x86, 0x6}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000745f0020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x1c, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7}, {}, {}, [@ldst, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}, @btf_id={0x18, 0x1, 0x3, 0x0, 0xd7}, @map_val={0x18, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) epoll_create(0x8) socket$caif_stream(0x25, 0x1, 0x0) socket$isdn_base(0x22, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$ax25(0x3, 0x3, 0x0) socket$igmp6(0xa, 0x3, 0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x10, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010003b15000000060000000000004888", @ANYRES32=0x0, @ANYBLOB="d530d995212cf95a2000128008000100687372001400028008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES64=r1], 0x40}}, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r3, 0x0) socket$nl_audit(0x10, 0x3, 0x9) 8.789492278s ago: executing program 3 (id=315): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'ip_vti0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x40}}, 0x0) syz_80211_inject_frame(0x0, 0x0, 0x48) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(0x0, 0x0, 0x1e) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$packet(0x11, 0x0, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)={0x20, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x7fff}]}]}, 0x20}, 0x1, 0x0, 0xc00000000000000}, 0x0) 5.40609771s ago: executing program 4 (id=650): syz_emit_ethernet(0x46, &(0x7f00000003c0)={@local, @random='\x00 \x00\x00\x00\b', @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@ssrr={0x89, 0x7, 0xb1, [@dev]}, @cipso={0x86, 0x6}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000745f0020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x1c, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7}, {}, {}, [@ldst, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}, @btf_id={0x18, 0x1, 0x3, 0x0, 0xd7}, @map_val={0x18, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) epoll_create(0x8) socket$caif_stream(0x25, 0x1, 0x0) socket$isdn_base(0x22, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$ax25(0x3, 0x3, 0x0) socket$igmp6(0xa, 0x3, 0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x10, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010003b15000000060000000000004888", @ANYRES32=0x0, @ANYBLOB="d530d995212cf95a2000128008000100687372001400028008000200", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES64=r1], 0x40}}, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r3, 0x0) socket$nl_audit(0x10, 0x3, 0x9) 1.333892886s ago: executing program 2 (id=2455): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.throttle.io_service_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r2, &(0x7f0000000180), 0x40010) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc, 0x8}}) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r3, &(0x7f0000001640), 0x0, 0x34000, 0x0) sendmsg$ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\x00\x00'], 0x14}}, 0x0) unshare(0x6c000680) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000c40)="c10e020022003505d25a806f8c6394f90435fc60040011000a740100053582c137153e37024801", 0x27}], 0x1}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB="0c0100001100100026bd7000fbdbdf2507000000", @ANYRES32=0x0, @ANYBLOB="000000005a02000008000d004000000014003500626174616476300000b7efdad19ef0790000000000000008000d000000000008000400ff030000b8003480140035007663616e30000000000000000000000014003500626f6e545f336c6153655f310000000014003500726f73653000000000000000000000001400350076657468746f5f7465616d0000677265746170300000000000000000001400350076657468315f746f5f626174616476231400350072696d3672656700000000000000000000000000001400350070696d72656730000000000000000000080000"], 0x10c}, 0x1, 0x0, 0x0, 0x8c44}, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000005c0)=@bpf_tracing={0x1a, 0x16, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000002000000000000000500000018110000", @ANYBLOB="b7030000000000008500000083000000bf0900feffffffffffffff0000000000950000000000000085200000010000001853000003000000000000000000000015543000fcffffff850000003800000018190000bd29e07b07d0ebe11770c5f83e38614335a6ff81d97e7ead6ef441f81eb43c193f561784", @ANYRES32, @ANYBLOB="0000000000000000bf91000000000000b7020000020000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x98, &(0x7f0000000900)=""/152, 0x41000, 0x13, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000a80)={0x2, 0x9, 0x7, 0x2}, 0x10, 0x20d69, r2, 0x6, &(0x7f0000000b40)=[r1, 0xffffffffffffffff, r1, r1, 0xffffffffffffffff, r0, r2], &(0x7f0000000b80)=[{0x2, 0x3, 0x1, 0x6}, {0x0, 0x1, 0x6, 0x4}, {0x3, 0x3, 0x2, 0xc}, {0x4, 0x2, 0x6, 0xb}, {0x1, 0x1, 0x3, 0x3}, {0x3, 0x5, 0x3, 0x2}], 0x10, 0x9}, 0x90) r4 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x4000}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socket$alg(0x26, 0x5, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020400000000000000000000000000000300060000000e0002000000e0000009000000000000000002000100000000000000000000000000030005000000000002000000e0000001000000000000"], 0x50}}, 0x0) r6 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x48f, &(0x7f0000000000)={0x3b, @multicast1, 0x4e24, 0x1, 'lblcr\x00', 0x28, 0x80000000}, 0x2c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={0x0}, 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private0}, @in={0x2, 0x0, @remote}], 0x2c) writev(0xffffffffffffffff, &(0x7f0000000300), 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x6, &(0x7f0000002ec0)={0x0, {{0x29, 0x4e24, 0x1, @private2={0xfc, 0x2, '\x00', 0xfd}}}}, 0x88) socket$inet(0x2, 0x1, 0x0) 864.16132ms ago: executing program 1 (id=2460): r0 = socket$inet6(0xa, 0x80002, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000a00)={&(0x7f0000000040)={0x2, 0x0, @dev}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000280)="ef831dc56dc3a0a4079fdc66", 0xc}], 0x1}, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0) 832.086889ms ago: executing program 2 (id=2461): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0xfffffffffffffff0}]}, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x51}, 0x90) r0 = socket$inet6(0xa, 0x40000080806, 0x1) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) listen(r0, 0x20000005) accept4(r0, 0x0, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x4) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) unshare(0x20000400) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000000)={0x0, 0x747, 0x0, 0x3}, 0xc) connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) sendmmsg$inet(r1, &(0x7f00000057c0)=[{{&(0x7f0000000280)={0x2, 0x810, @multicast1}, 0x10, 0x0}}, {{&(0x7f0000002d80)={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000003ec0)=[{&(0x7f0000000740)="46798883787253b0caa0c08bd60674662bf97a9cffc1100362360ba9303d93c27f101f990c7b50713d1006a9e41f5cc2a90be150b4d0b41b1c5a69a05468c6d4ae6747c83fc0aedea2564c5b5c4fc3162d2bae0edbb0d3efe08b9885f57dc43a44dc61aa9b64367bc6631f07f66747766c26b5cfb027a8560364e8095180549d5432a608ac7d166e87031969429ef9367ebcca57ab533019cde8d045ca1f69ebecb93b0e1e0acc7ccedc7ac65b0e14d8454d3efed95d9151f25a540b96bcb659a9593afc38b66fb362f548264a544f9cc4ac74c98a48c40800000084cb59240261f5c62f2719ba14f2d6e537f0556b793ff9c067020b9041b3c5aa5a606e381219f2762b9ab55277a9d8764f2d8ef10334bd4211e41431faa8a58cd122bd53b3b43340d9d2545642e386fb3f966b7364c2b842ae336fedfc941f479e024d5f795ead5c559abbfe4e5a8aaabf140dfb7231a4d5c8de7bf97b31b0c5a1453fde4b4b4014455adb248c86bde77671be3ea6f72d74e7f129699b512b117f917fedcdfe21bfc25b94a3ea217514d5208d48203bd0797297db3bfd391853a787b76f2ea0f13492e71671ac9a48c66002b853bb4d7fdeba5b972ea301ff7f00008197e0648e9fdb575940c69571f096bfae5ae18c60f3d2041e4bcbd4ccb1af229f7fc4b1a5c1006e340af6cdaf7b876b60da879edcdee201c5882b0b42cce4a0744a1f21b494e66f2b6e64368c1e78a1d6e61e1fa3f5a568f8fa11a522828ad2e4ab7350c563a275f86d26dfabbdbe931b72d7c0cced8160ecd888ed7c4220612b979bf3239c273c1f1b501396adf2e66084d88df29083c66bedc7c70dfa0b338fd742ecb9284e3a312cc41cf23c9ca7baa10a44c6dd13066bde87c2916618b40581beb716c78062429ba7ab58d4f69eee4196d9df7173920fb0c0458a16683de762f788", 0x2a1}]}}], 0x40000b2, 0x0) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_WANTLQI(r2, 0x0, 0x3, 0x0, 0x0) r3 = socket(0x10, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, 0x0, 0x0) write(r3, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r4, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000140)={'wlan0\x00'}) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f00000000c0)={'netdevsim0\x00', &(0x7f0000000240)=@ethtool_gstrings={0x26, 0x7}}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x132, 0xffffffffffffffff, 0x0) 688.037316ms ago: executing program 0 (id=2463): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=@newtaction={0x14, 0x30, 0xffff}, 0x14}}, 0x44081) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) ioctl$AUTOFS_IOC_EXPIRE(r0, 0x810c9365, &(0x7f0000000340)={{0xfffffffa, 0x3}, 0x100, './file0\x00'}) socket$kcm(0x10, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = socket(0x10, 0x3, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000e8ffffff00000000000000008500000036000000850000000700000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r3, 0x27, 0x0, 0x0, 0x0, 0x0, 0x23, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140100001f0005040000000000000000060000400c0001"], 0x114}], 0x1}, 0x0) socket$nl_crypto(0x10, 0x3, 0x15) connect$pppl2tp(0xffffffffffffffff, &(0x7f00000001c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x32) sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="e80000001000010000000000068a1f2e2047f1d5ad9b15a911cc00720000647262675f70725f736861353132"], 0xe8}, 0x1, 0x0, 0x0, 0x48000}, 0x4001) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {0xfff3, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x0, 0x0, 0x7}}]}}]}, 0x44}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000540)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0x8}, {0xffff, 0xffff}, {0x0, 0x8}}, [@qdisc_kind_options=@q_multiq={{}, {0x0, 0x2, {0x60eb, 0x1}}}]}, 0xa4}}, 0x0) 628.679515ms ago: executing program 1 (id=2464): mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="d800000018008111e00212ba0d8105040a020000030f000b067c55a1bc000900b80006990300000005001500080001400200000901ac040000d67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1ca9ecbee5de6ccd40dd6e4edef3d839da9ee307f27260e970300000000000000000000000033410000000000008dc5fb510162183a360cb879a908cc6da4d7d2fd82d1c7", 0xd8}], 0x1}, 0x0) (async) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x70) (async) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'geneve1\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@bridge_setlink={0x0, 0x13, 0x4, 0x70bd2c, 0x25dfdbff, {0x7, 0x0, 0x0, r4, 0x2000c, 0x200}, [@IFLA_MAP={0x0, 0xe, {0xb, 0x8001, 0x1000, 0xfff9, 0xfe, 0xae}}, @IFLA_AF_SPEC={0x0, 0x1a, 0x0, 0x1, [@AF_MPLS, @AF_BRIDGE, @AF_BRIDGE, @AF_INET6={0x0, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x0, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}]}, @IFLA_PROTO_DOWN, @IFLA_PORT_SELF={0x0, 0x19, 0x0, 0x1, [@IFLA_PORT_PROFILE={0x0, 0x2, '\'\x00'}, @IFLA_PORT_VF={0x0, 0x1, 0x1}, @IFLA_PORT_REQUEST={0x0, 0x6, 0x6}, @IFLA_PORT_REQUEST={0x0, 0x6, 0xfc}, @IFLA_PORT_PROFILE={0x0, 0x2, 'batadv_slave_0\x00'}]}]}, 0x3c}}, 0x10) (async) sendmsg$rds(r1, &(0x7f0000002800)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000002a00)=[@fadd={0x58, 0x114, 0x6, {{}, &(0x7f0000001280), 0x0}}], 0x58}, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00'}) (async) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_IGNORE_DF={0x5, 0x13, 0x1}, @IFLA_GRE_PMTUDISC={0x5}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x48}}, 0x0) 524.322193ms ago: executing program 0 (id=2465): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) writev(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x0, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f00000007c0)={0x0, 0x34000, &(0x7f0000000380)={&(0x7f0000000500)={0x20, r1, 0x301, 0x0, 0x0, {0x1c}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}}, 0x0) socket$kcm(0x10, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) write$cgroup_devices(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYBLOB='c 4:'], 0x8) socket$inet_udp(0x2, 0x2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) syz_genetlink_get_family_id$ethtool(&(0x7f0000002380), 0xffffffffffffffff) getpid() r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x2012, r2, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crct10dif-generic\x00'}, 0x58) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'bond0\x00'}) sendmsg$NL80211_CMD_TESTMODE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000280)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af8295", 0x13c}], 0x16}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8b18, &(0x7f0000000000)={'wlan1\x00'}) 519.539268ms ago: executing program 2 (id=2466): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) socket$netlink(0x10, 0x3, 0x0) socket$inet(0x2, 0x0, 0x0) socket$inet(0x2, 0x4000000805, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(crct10dif-generic)\x00'}, 0x58) socket$alg(0x26, 0x5, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0x0, 0x1}, 0x6) socket$kcm(0x10, 0x0, 0x10) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r2) sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)={0x90, r3, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0x6c, 0x8, 0x0, 0x1, [{0x4}, {0x4}, {0x4}, {0x34, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x24}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xaf}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x50c8c0f5}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x57bd3aa9}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x587eb3a1}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5d4764ea}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5dbf6b69}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x58}]}]}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x90}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x900000001) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r4, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, r4, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0x40305839, &(0x7f0000000000)=ANY=[@ANYBLOB]) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000480)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={0x0}}, 0x4051) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r5, &(0x7f0000000000)={0x1f, @none}, 0x8) socket$inet6(0xa, 0x1, 0x4) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x13, &(0x7f0000000140)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r6}, {}, {0x85, 0x0, 0x0, 0x7}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r7, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 434.106969ms ago: executing program 1 (id=2467): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x12, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x2e}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 327.260115ms ago: executing program 1 (id=2468): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000700)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x49}, {0x0, [0x2e, 0xd671b0445ea01809]}}, 0x0, 0x1c, 0xfffffffffffffc8d}, 0x20) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r1, 0x29, 0x19, &(0x7f0000000400)=0xa4, 0x4) syz_emit_ethernet(0x6e, &(0x7f00000002c0)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "828bf7", 0x38, 0x3a, 0x0, @private2, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x3a, 0x0, @private1, @loopback, [], "1e520b4c951ee12e"}}}}}}}, 0x0) recvfrom(r1, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x3c, r4, 0x1, 0x0, 0x0, {0x36}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x73}}]}, 0x3c}}, 0x0) sendmsg$DEVLINK_CMD_GET(r2, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="24010000", @ANYRES16=r4, @ANYBLOB="00042abd7000fcdbdf2501000000080001007063690011000200303030303a30303a31302e3000000000080001007063690011000200303030303a30303a31302e3000000000080001007063690011000200303030303a30303a31302e3000000000080001007063690011000200303030303a30303a31302e30000000000e0001006e657464657673696d0000000f0002006e657464657673000e0001006e657464657673696d0000000f0002006e657464657673696d3000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x124}, 0x1, 0x0, 0x0, 0x4040881}, 0x40000) write$binfmt_elf64(r0, &(0x7f0000000180)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x6, 0x5, 0x0, 0x3, 0x0, 0x3e, 0xffff, 0x360, 0xffffffffffffff8b, 0x172, 0x8b72, 0x800, 0x38, 0x1, 0x1fb, 0x15}, [], "e43ca3d5a3aa3847f2e08e69fd9d8bd65a840f170ad9df9662720b022e4701e233992f0c8591f80d3880773da9bffe9d01554f08c125b7323e27ceb54fdd743a3433093212d71192bf03991b3e10552201b1430cd0cde0033f6d207a95d45bf292b855e1bd0ae1272342306ed43a724b8af59acaa2962d2d9985f3f6891133c9fdc303270bcc63e3c4380cf193b3e6e4d29af2e76e00"/163, ['\x00', '\x00']}, 0x2e3) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r8, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r9, @ANYBLOB="010000000000ffdbdf25230000000c00018008000100", @ANYRES32=r7], 0x20}}, 0x0) sendmsg$ETHTOOL_MSG_RINGS_SET(r5, &(0x7f0000000640)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f00000005c0)={0x80, r9, 0x300, 0x70bd25, 0x25dfdbfd, {}, [@ETHTOOL_A_RINGS_HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}]}, @ETHTOOL_A_RINGS_TX={0x8}]}, 0x80}, 0x1, 0x0, 0x0, 0x4880}, 0x20000000) 295.558084ms ago: executing program 0 (id=2469): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffff80}, [@printk={@lli, {0x3, 0x3, 0x3, 0xa, 0x1, 0xfe00}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xca}}]}, &(0x7f0000000040)='syzkaller\x00', 0x1, 0xfe7, &(0x7f0000001e00)=""/4071}, 0x90) 194.100644ms ago: executing program 0 (id=2470): sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), r0) sendmsg$IEEE802154_LIST_IFACE(r1, &(0x7f00000004c0)={0x0, 0x3, &(0x7f0000000480)={&(0x7f0000000440)={0x14, r2, 0x301, 0x0, 0x24}, 0x14}}, 0x0) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 192.849963ms ago: executing program 2 (id=2471): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000140)={0x0, 0xfc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x4, 0x6, 0x201, 0xf0, 0x2000000, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0xd00}, 0x0) 151.375427ms ago: executing program 1 (id=2472): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c000000160001c100000000000f00000a000000", @ANYRES32=0x0, @ANYBLOB="140006"], 0x2c}}, 0x0) 120.106962ms ago: executing program 2 (id=2473): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) epoll_create(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000040)=0x20, 0x4) sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0xcf88, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000000)='\t', 0xfdef, 0x0, 0x0, 0x0) 54.176936ms ago: executing program 0 (id=2474): r0 = socket$inet6(0xa, 0x80002, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000a00)={&(0x7f0000000040)={0x2, 0x0, @dev}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000280)="ef831dc56dc3a0a4079fdc66", 0xc}], 0x1}, 0x0) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x0) 53.710979ms ago: executing program 1 (id=2475): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=@newtaction={0x14, 0x30, 0xffff}, 0x14}}, 0x44081) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) ioctl$AUTOFS_IOC_EXPIRE(r0, 0x810c9365, &(0x7f0000000340)={{0xfffffffa, 0x3}, 0x100, './file0\x00'}) socket$kcm(0x10, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = socket(0x10, 0x3, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000e8ffffff00000000000000008500000036000000850000000700000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r3, 0x27, 0x0, 0x0, 0x0, 0x0, 0x23, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140100001f0005040000000000000000060000400c0001"], 0x114}], 0x1}, 0x0) socket$nl_crypto(0x10, 0x3, 0x15) connect$pppl2tp(0xffffffffffffffff, &(0x7f00000001c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x32) sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="e80000001000010000000000068a1f2e2047f1d5ad9b15a911cc00720000647262675f70725f736861353132"], 0xe8}, 0x1, 0x0, 0x0, 0x48000}, 0x4001) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {0xfff3, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x0, 0x0, 0x7}}]}}]}, 0x44}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000540)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0x8}, {0xffff, 0xffff}, {0x0, 0x8}}, [@qdisc_kind_options=@q_multiq={{}, {0x0, 0x2, {0x60eb, 0x1}}}]}, 0xa4}}, 0x0) 229.695µs ago: executing program 0 (id=2476): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000002140)={'wg2\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000002300)=@ipv6_newnexthop={0x40, 0x68, 0x1, 0xe0, 0x0, {}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x7}, @NHA_OIF={0x8, 0x5, r1}, @NHA_ENCAP={0x18, 0x8, 0x0, 0x1, @SEG6_IPTUNNEL_SRH={0xfffffffffffffe62, 0x1, {{0x0, {0x0, 0x0, 0x4, 0x10000000000001ba}}}}}]}, 0x40}}, 0x0) 0s ago: executing program 2 (id=2477): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x38}, 0x1, 0x0, 0x0, 0x4c050}, 0x0) sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100}, 0x5, &(0x7f0000000040)={&(0x7f0000000840)=ANY=[@ANYRESOCT=r0], 0x450}, 0x1, 0x0, 0x0, 0x40000}, 0x1) epoll_create1(0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0) close(r3) socket$packet(0x11, 0x2, 0x300) accept$packet(r2, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, 0x0) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={0x0}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) socket$nl_rdma(0x10, 0x3, 0x14) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x90) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000"/20, @ANYRES32=0x0, @ANYBLOB="0000000000400000100012800800010068"], 0x30}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000040000000160a01010000000000000000010000000900010073797a30000000000900020073797a3000000000140003800800024000000000080001400000000040000000160a01010000000000000000010000000900020073797a30001c00000900010073797a3000000000140003"], 0xc8}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r5}, 0x10) r7 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r7, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$kcm(r7, &(0x7f0000000000)={&(0x7f0000000880)=@l2tp6={0xa, 0x1100, 0x0, @mcast1, 0x5}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000780)="f4000900062b2f25fe80000000000000dc8b850f238466cc00007a000000ad6e911b51818462b400", 0x28}], 0x1}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000c80), 0x0, 0x0) kernel console output (not intermixed with test programs): port 1(bridge_slave_0) entered blocking state [ 275.956343][ T5139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 275.964965][T12188] CPU: 0 PID: 12188 Comm: syz.1.1893 Not tainted 6.10.0-rc6-syzkaller-00165-g0ec986ed7bab #0 [ 275.975524][T12188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 275.985674][T12188] Call Trace: [ 275.989036][T12188] [ 275.991959][T12188] dump_stack_lvl+0x241/0x360 [ 275.996664][T12188] ? __pfx_dump_stack_lvl+0x10/0x10 [ 276.001859][T12188] ? __pfx__printk+0x10/0x10 [ 276.006449][T12188] ? __pfx_lock_release+0x10/0x10 [ 276.011492][T12188] should_fail_ex+0x3b0/0x4e0 [ 276.016177][T12188] _copy_from_user+0x2f/0xe0 [ 276.020768][T12188] copy_msghdr_from_user+0xae/0x680 [ 276.025966][T12188] ? __pfx___might_resched+0x10/0x10 [ 276.031255][T12188] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 276.037080][T12188] ? __might_fault+0xaa/0x120 [ 276.041766][T12188] do_recvmmsg+0x40f/0xae0 [ 276.046185][T12188] ? __pfx_lock_release+0x10/0x10 [ 276.051211][T12188] ? __pfx_do_recvmmsg+0x10/0x10 [ 276.056166][T12188] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 276.062057][T12188] ? ksys_write+0x23e/0x2c0 [ 276.066556][T12188] ? __pfx_lock_release+0x10/0x10 [ 276.071579][T12188] ? vfs_write+0x7c4/0xc90 [ 276.075998][T12188] ? __mutex_unlock_slowpath+0x21d/0x750 [ 276.081638][T12188] ? __fget_files+0x3f6/0x470 [ 276.086413][T12188] __x64_sys_recvmmsg+0x199/0x250 [ 276.091448][T12188] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 276.096996][T12188] ? do_syscall_64+0x100/0x230 [ 276.101852][T12188] ? do_syscall_64+0xb6/0x230 [ 276.106528][T12188] do_syscall_64+0xf3/0x230 [ 276.111031][T12188] ? clear_bhb_loop+0x35/0x90 [ 276.115725][T12188] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.121707][T12188] RIP: 0033:0x7f239a775bd9 [ 276.126118][T12188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 276.145729][T12188] RSP: 002b:00007f239b510048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 276.154144][T12188] RAX: ffffffffffffffda RBX: 00007f239a903f60 RCX: 00007f239a775bd9 [ 276.162220][T12188] RDX: 0400000000000284 RSI: 0000000020000040 RDI: 0000000000000003 [ 276.170362][T12188] RBP: 00007f239b5100a0 R08: 0000000000000000 R09: 0000000000000000 [ 276.178332][T12188] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001 [ 276.186304][T12188] R13: 000000000000000b R14: 00007f239a903f60 R15: 00007ffc2a038b08 [ 276.194290][T12188] [ 276.248126][ T786] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.255348][ T786] bridge0: port 2(bridge_slave_1) entered forwarding state [ 276.381003][T11875] veth0_macvtap: entered promiscuous mode [ 276.418109][T11875] veth1_macvtap: entered promiscuous mode [ 276.468023][T12198] netlink: 'syz.2.1895': attribute type 1 has an invalid length. [ 276.484228][T11875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.518782][T11875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.547782][T11875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.572449][T11875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.584576][T11875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.601012][T11875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.615529][T11875] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 276.649207][ T5094] Bluetooth: hci4: command tx timeout [ 276.682065][T11875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 276.721611][T11875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.754051][T11875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 276.779709][T11875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.797269][T11875] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 276.809760][T12217] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 276.817078][T11875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.834263][T11875] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 276.861799][T12223] netlink: 'syz.0.1901': attribute type 4 has an invalid length. [ 276.890697][T11875] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.900870][T11875] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.909644][T11875] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.918338][T11875] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.945762][T11924] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 277.087757][ T2884] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.114278][ T2884] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 277.172551][ T2474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.181950][ T2474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 277.385777][T12237] IPVS: set_ctl: invalid protocol: 50 10.1.1.1:20001 [ 277.463627][T11924] veth0_vlan: entered promiscuous mode [ 277.486996][T11924] veth1_vlan: entered promiscuous mode [ 277.602841][T11924] veth0_macvtap: entered promiscuous mode [ 277.615840][T12248] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1908'. [ 277.630321][T11924] veth1_macvtap: entered promiscuous mode [ 277.673684][T11924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.697311][T11924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.707832][T11924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.726188][T11924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.736203][T11924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.754343][T11924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.776314][T11924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 277.796461][T11924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.816472][T11924] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 277.826278][T12250] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1909'. [ 277.840216][T12259] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1912'. [ 277.864694][T11924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.897593][T11924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.911474][T11924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.919685][T12264] netlink: 209840 bytes leftover after parsing attributes in process `syz.1.1913'. [ 277.922394][T11924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 277.954237][T12264] netlink: get zone limit has 8 unknown bytes [ 277.954733][T11924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 277.998060][T11924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 278.016574][T11924] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 278.035257][T11924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 278.050362][T11924] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 278.076264][T11924] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.088126][T11924] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.099848][T11924] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.109226][T11924] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 278.125300][T12273] tipc: Enabling of bearer rejected, failed to enable media [ 278.223966][T12271] syzkaller0: entered promiscuous mode [ 278.237587][T12271] syzkaller0: entered allmulticast mode [ 278.844037][T12306] ieee802154 phy0 wpan0: encryption failed: -22 [ 279.958599][T12308] macvlan2: entered promiscuous mode [ 279.963967][T12308] macvlan2: entered allmulticast mode [ 279.976049][T12308] bridge0: entered promiscuous mode [ 279.984906][T12308] bridge0: entered allmulticast mode [ 280.005659][T12308] team0: Port device macvlan2 added [ 280.135193][ T2474] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 280.142003][T12317] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1934'. [ 280.148518][ T2474] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 280.254203][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 280.270067][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 280.469296][ T2474] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.208246][ T2474] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.283669][ T2474] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.363392][ T2474] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.491512][ T2474] bridge_slave_1: left allmulticast mode [ 281.498015][ T2474] bridge_slave_1: left promiscuous mode [ 281.504029][ T2474] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.512839][ T2474] bridge_slave_0: left allmulticast mode [ 281.519061][ T2474] bridge_slave_0: left promiscuous mode [ 281.524761][ T2474] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.001996][ T2474] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 282.015374][ T2474] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 282.027857][ T2474] bond0 (unregistering): Released all slaves [ 282.091608][ T5102] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 282.102539][ T5102] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 282.113255][ T5102] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 282.131199][ T5102] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 282.147552][ T5102] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 282.155584][ T5102] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 282.349254][ T2474] hsr_slave_0: left promiscuous mode [ 282.355416][ T2474] hsr_slave_1: left promiscuous mode [ 282.366469][ T2474] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 282.375999][ T2474] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 282.385183][ T2474] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 282.392763][ T2474] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 282.414645][ T2474] veth1_macvtap: left promiscuous mode [ 282.420258][ T2474] veth0_macvtap: left promiscuous mode [ 282.425819][ T2474] veth1_vlan: left promiscuous mode [ 282.431213][ T2474] veth0_vlan: left promiscuous mode [ 282.849283][ T2474] team0 (unregistering): Port device team_slave_1 removed [ 282.891836][ T2474] team0 (unregistering): Port device team_slave_0 removed [ 283.127228][T12345] netlink: 240 bytes leftover after parsing attributes in process `syz.1.1945'. [ 283.346282][ T5102] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 283.357857][ T5102] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 283.377511][ T5102] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 283.389817][ T5102] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 283.397670][ T5102] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 283.407528][ T5102] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 283.856085][T12330] chnl_net:caif_netlink_parms(): no params data found [ 283.881521][T12363] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1950'. [ 283.927260][T12366] netlink: 'syz.0.1950': attribute type 15 has an invalid length. [ 284.133697][T12383] bridge0: port 3(team0) entered disabled state [ 284.249405][ T5094] Bluetooth: hci0: command tx timeout [ 284.290219][T12394] netlink: 'syz.1.1958': attribute type 1 has an invalid length. [ 284.298100][T12394] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1958'. [ 284.320149][T12402] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1960'. [ 284.332289][T12397] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1960'. [ 284.341919][T12330] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.355343][T12330] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.364423][T12330] bridge_slave_0: entered allmulticast mode [ 284.376410][T12330] bridge_slave_0: entered promiscuous mode [ 284.383974][T12400] netlink: 'syz.0.1961': attribute type 10 has an invalid length. [ 284.392298][T12400] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1961'. [ 284.407660][T12394] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1958'. [ 284.431486][T12330] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.439162][T12330] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.446405][T12330] bridge_slave_1: entered allmulticast mode [ 284.454056][T12330] bridge_slave_1: entered promiscuous mode [ 284.512642][T12398] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1958'. [ 284.563721][T12407] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1962'. [ 284.645296][T12330] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 284.675553][T12330] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 284.868111][T12330] team0: Port device team_slave_0 added [ 284.900430][T12330] team0: Port device team_slave_1 added [ 284.970878][ T2884] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 285.023455][T12354] chnl_net:caif_netlink_parms(): no params data found [ 285.116777][ T2884] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 285.166709][T12330] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 285.180082][T12330] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.215881][T12330] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 285.227767][T12441] netlink: 'syz.2.1972': attribute type 27 has an invalid length. [ 285.289930][ T2884] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 285.311105][T12448] vlan2: entered promiscuous mode [ 285.334509][T12330] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 285.344634][T12330] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.387713][T12330] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 285.449404][ T5094] Bluetooth: hci4: command tx timeout [ 285.473478][ T2884] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 285.687626][T12330] hsr_slave_0: entered promiscuous mode [ 285.708918][T12330] hsr_slave_1: entered promiscuous mode [ 285.735659][T12330] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 285.743386][T12330] Cannot create hsr debugfs directory [ 285.782720][T12354] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.799110][T12354] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.807160][T12354] bridge_slave_0: entered allmulticast mode [ 285.816556][T12354] bridge_slave_0: entered promiscuous mode [ 285.858000][T12354] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.878664][T12354] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.886807][T12354] bridge_slave_1: entered allmulticast mode [ 285.916485][T12354] bridge_slave_1: entered promiscuous mode [ 286.011396][T12485] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1988'. [ 286.022566][T12485] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1988'. [ 286.035755][T12354] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 286.064493][T12485] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1988'. [ 286.098289][T12354] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 286.156137][T12490] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1990'. [ 286.165704][T12490] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1990'. [ 286.291924][T12354] team0: Port device team_slave_0 added [ 286.329937][ T5094] Bluetooth: hci0: command tx timeout [ 286.377659][T12354] team0: Port device team_slave_1 added [ 286.439911][ T2884] bridge_slave_1: left allmulticast mode [ 286.455862][ T2884] bridge_slave_1: left promiscuous mode [ 286.473418][ T2884] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.502414][ T2884] bridge_slave_0: left allmulticast mode [ 286.508127][ T2884] bridge_slave_0: left promiscuous mode [ 286.534457][ T2884] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.927591][ T2884] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 286.939707][ T2884] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 286.954556][ T2884] bond0 (unregistering): Released all slaves [ 287.020415][T12509] macsec1: entered promiscuous mode [ 287.062786][T12513] tc_dump_action: action bad kind [ 287.084779][T12514] gtp0: entered promiscuous mode [ 287.107151][T12354] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 287.125995][T12354] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 287.155231][T12354] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 287.272400][T12354] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 287.279667][T12354] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 287.317554][T12354] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 287.363856][T12529] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2006'. [ 287.387839][T12531] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2007'. [ 287.503072][T12354] hsr_slave_0: entered promiscuous mode [ 287.528349][T12354] hsr_slave_1: entered promiscuous mode [ 287.534343][ T5094] Bluetooth: hci4: command tx timeout [ 287.558184][T12354] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 287.575387][T12354] Cannot create hsr debugfs directory [ 287.732632][ T2884] hsr_slave_0: left promiscuous mode [ 287.746706][ T2884] hsr_slave_1: left promiscuous mode [ 287.757666][ T2884] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 287.769453][ T2884] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 287.787564][ T2884] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 287.795238][ T2884] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 287.828234][ T2884] veth1_macvtap: left promiscuous mode [ 287.837102][ T2884] veth0_macvtap: left promiscuous mode [ 287.846206][ T2884] veth1_vlan: left promiscuous mode [ 287.851829][ T2884] veth0_vlan: left promiscuous mode [ 288.282073][ T2884] team0 (unregistering): Port device team_slave_1 removed [ 288.323317][ T2884] team0 (unregistering): Port device team_slave_0 removed [ 288.408707][ T5094] Bluetooth: hci0: command tx timeout [ 288.779619][T12557] netlink: 'syz.1.2017': attribute type 4 has an invalid length. [ 288.787604][T12557] netlink: 17 bytes leftover after parsing attributes in process `syz.1.2017'. [ 288.847580][T12560] netlink: 'syz.2.2018': attribute type 1 has an invalid length. [ 289.119050][T12569] netlink: 168 bytes leftover after parsing attributes in process `syz.1.2022'. [ 289.171518][T12330] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 289.199689][T12574] IPVS: set_ctl: invalid protocol: 136 172.30.0.2:20004 [ 289.347128][T12330] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 289.372839][T12330] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 289.413196][T12330] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 289.434028][T12580] netlink: 'syz.1.2024': attribute type 10 has an invalid length. [ 289.467073][T12580] team0: Device ip6gre0 is of different type [ 289.618560][ T5094] Bluetooth: hci4: command tx timeout [ 290.038223][T12330] 8021q: adding VLAN 0 to HW filter on device bond0 [ 290.156962][T12330] 8021q: adding VLAN 0 to HW filter on device team0 [ 290.355774][T12354] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 290.396102][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.403618][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 290.441406][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.448608][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 290.477969][T12592] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.488671][ T5094] Bluetooth: hci0: command tx timeout [ 290.502648][T12354] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 290.565669][T12354] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 290.603859][T12354] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 290.825712][T12603] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2031'. [ 290.964440][T12354] 8021q: adding VLAN 0 to HW filter on device bond0 [ 291.013856][T12354] 8021q: adding VLAN 0 to HW filter on device team0 [ 291.041417][ T786] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.048666][ T786] bridge0: port 1(bridge_slave_0) entered forwarding state [ 291.118263][ T786] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.125512][ T786] bridge0: port 2(bridge_slave_1) entered forwarding state [ 291.234604][T12624] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2038'. [ 291.314821][T12330] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 291.427557][T12330] veth0_vlan: entered promiscuous mode [ 291.457139][T12330] veth1_vlan: entered promiscuous mode [ 291.529530][T12330] veth0_macvtap: entered promiscuous mode [ 291.555035][T12330] veth1_macvtap: entered promiscuous mode [ 291.619555][T12330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 291.632200][T12330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.642406][T12330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 291.643281][T12635] FAULT_INJECTION: forcing a failure. [ 291.643281][T12635] name failslab, interval 1, probability 0, space 0, times 0 [ 291.653429][T12330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.678582][T12330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 291.690493][T12330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.702531][ T5094] Bluetooth: hci4: command tx timeout [ 291.707012][T12330] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 291.722364][T12635] CPU: 1 PID: 12635 Comm: syz.1.2041 Not tainted 6.10.0-rc6-syzkaller-00165-g0ec986ed7bab #0 [ 291.732584][T12635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 291.742661][T12635] Call Trace: [ 291.745949][T12635] [ 291.748903][T12635] dump_stack_lvl+0x241/0x360 [ 291.753608][T12635] ? __pfx_dump_stack_lvl+0x10/0x10 [ 291.758824][T12635] ? __pfx__printk+0x10/0x10 [ 291.763457][T12635] should_fail_ex+0x3b0/0x4e0 [ 291.768176][T12635] ? __alloc_skb+0x1c3/0x440 [ 291.772796][T12635] should_failslab+0x9/0x20 [ 291.777327][T12635] kmem_cache_alloc_node_noprof+0x71/0x320 [ 291.783175][T12635] __alloc_skb+0x1c3/0x440 [ 291.787618][T12635] ? __pfx___alloc_skb+0x10/0x10 [ 291.792574][T12635] ? __lock_acquire+0x1346/0x1fd0 [ 291.797623][T12635] alloc_skb_with_frags+0xc3/0x770 [ 291.802768][T12635] sock_alloc_send_pskb+0x91a/0xa60 [ 291.808036][T12635] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 291.813781][T12635] ? validate_chain+0x11e/0x5900 [ 291.818737][T12635] ? validate_chain+0x11e/0x5900 [ 291.823866][T12635] ? dev_get_by_index+0x23/0x2d0 [ 291.828827][T12635] packet_sendmsg+0x3ace/0x6150 [ 291.833744][T12635] ? __pfx___might_resched+0x10/0x10 [ 291.839074][T12635] ? aa_sk_perm+0x967/0xab0 [ 291.843602][T12635] ? __pfx_packet_sendmsg+0x10/0x10 [ 291.848838][T12635] ? __import_iovec+0x361/0x820 [ 291.853716][T12635] ? aa_sock_msg_perm+0x91/0x160 [ 291.858673][T12635] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 291.863971][T12635] ? security_socket_sendmsg+0x87/0xb0 [ 291.869445][T12635] ? __pfx_packet_sendmsg+0x10/0x10 [ 291.874674][T12635] __sock_sendmsg+0x221/0x270 [ 291.879390][T12635] ____sys_sendmsg+0x525/0x7d0 [ 291.884192][T12635] ? __pfx_____sys_sendmsg+0x10/0x10 [ 291.889515][T12635] __sys_sendmsg+0x2b0/0x3a0 [ 291.894133][T12635] ? __pfx___sys_sendmsg+0x10/0x10 [ 291.899278][T12635] ? vfs_write+0x7c4/0xc90 [ 291.903759][T12635] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 291.910211][T12635] ? do_syscall_64+0x100/0x230 [ 291.915016][T12635] ? do_syscall_64+0xb6/0x230 [ 291.919754][T12635] do_syscall_64+0xf3/0x230 [ 291.924295][T12635] ? clear_bhb_loop+0x35/0x90 [ 291.929008][T12635] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.935025][T12635] RIP: 0033:0x7f239a775bd9 [ 291.939470][T12635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.959116][T12635] RSP: 002b:00007f239b510048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 291.967570][T12635] RAX: ffffffffffffffda RBX: 00007f239a903f60 RCX: 00007f239a775bd9 [ 291.975656][T12635] RDX: 0000000000000000 RSI: 0000000020000640 RDI: 0000000000000003 [ 291.983829][T12635] RBP: 00007f239b5100a0 R08: 0000000000000000 R09: 0000000000000000 [ 291.991834][T12635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 291.999859][T12635] R13: 000000000000000b R14: 00007f239a903f60 R15: 00007ffc2a038b08 [ 292.008050][T12635] [ 292.019399][T12330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 292.030609][T12330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 292.040906][T12330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 292.051996][T12330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 292.064345][T12330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 292.075079][T12330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 292.090755][T12330] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 292.136413][T12330] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.149264][T12330] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.158016][T12330] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.184919][T12330] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.237859][T12354] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 292.447259][ T2884] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 292.466494][ T2884] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 292.480766][T12652] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2046'. [ 292.533551][T12652] veth3: entered allmulticast mode [ 292.634453][ T2905] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 292.667120][ T2905] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 292.735706][T12667] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2049'. [ 292.800293][T12669] netlink: 'syz.2.2050': attribute type 1 has an invalid length. [ 292.819285][T12354] veth0_vlan: entered promiscuous mode [ 292.835888][T12354] veth1_vlan: entered promiscuous mode [ 292.970437][T12354] veth0_macvtap: entered promiscuous mode [ 293.000418][T12354] veth1_macvtap: entered promiscuous mode [ 293.020537][T12354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.032606][T12354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.043419][T12354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.055786][T12354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.067513][T12354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.078213][T12354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.098635][T12354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.109609][T12354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.135344][T12354] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 293.175636][T12354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 293.198232][T12354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.208187][T12354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 293.220212][T12354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.230775][T12354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 293.243148][T12354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.264338][T12354] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 293.288631][T12354] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.310261][T12354] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 293.334662][T12354] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.350725][T12354] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.360883][T12354] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.371445][T12354] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.385607][T12687] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2058'. [ 293.525979][ T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 293.550128][ T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 293.614814][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 293.630624][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 293.815254][T12694] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2062'. [ 293.969482][T12708] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2066'. [ 294.069977][T12711] can: request_module (can-proto-0) failed. [ 294.084402][T12715] netlink: 'syz.1.2067': attribute type 3 has an invalid length. [ 294.095450][T12711] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2068'. [ 294.119121][T12715] netlink: 'syz.1.2067': attribute type 1 has an invalid length. [ 294.143593][T12715] netlink: 199800 bytes leftover after parsing attributes in process `syz.1.2067'. [ 294.295688][T12725] netlink: 'syz.2.2072': attribute type 10 has an invalid length. [ 294.304160][T12725] netlink: 212848 bytes leftover after parsing attributes in process `syz.2.2072'. [ 294.322796][T12725] netlink: 'syz.2.2072': attribute type 3 has an invalid length. [ 294.331023][T12725] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.2072'. [ 294.740824][T12752] x_tables: duplicate underflow at hook 1 [ 294.755006][ T2884] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.029378][T12758] netlink: 'syz.1.2083': attribute type 12 has an invalid length. [ 296.131151][ T2884] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.220676][ T2884] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.251351][ T5102] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 296.261191][ T5102] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 296.270808][ T5102] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 296.285021][ T5102] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 296.294678][ T5102] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 296.295813][ T2884] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.306828][ T5102] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 296.484722][ T2884] bridge_slave_1: left allmulticast mode [ 296.491060][ T2884] bridge_slave_1: left promiscuous mode [ 296.497648][ T2884] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.506883][ T2884] bridge_slave_0: left allmulticast mode [ 296.515654][ T2884] bridge_slave_0: left promiscuous mode [ 296.521902][ T2884] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.840837][ T2884] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 296.853313][ T2884] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 296.864889][ T2884] bond0 (unregistering): Released all slaves [ 296.904888][T12763] chnl_net:caif_netlink_parms(): no params data found [ 297.012774][T12763] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.020605][T12763] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.030395][T12763] bridge_slave_0: entered allmulticast mode [ 297.037216][T12763] bridge_slave_0: entered promiscuous mode [ 297.045490][T12763] bridge0: port 2(bridge_slave_1) entered blocking state [ 297.058674][T12763] bridge0: port 2(bridge_slave_1) entered disabled state [ 297.065885][T12763] bridge_slave_1: entered allmulticast mode [ 297.077118][T12763] bridge_slave_1: entered promiscuous mode [ 297.141149][T12763] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 297.154519][T12763] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 297.277302][ T2884] hsr_slave_0: left promiscuous mode [ 297.295563][ T2884] hsr_slave_1: left promiscuous mode [ 297.321084][ T2884] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 297.339285][ T2884] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 297.358093][ T2884] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 297.379102][ T2884] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 297.412501][ T2884] veth1_macvtap: left promiscuous mode [ 297.418239][ T2884] veth0_macvtap: left promiscuous mode [ 297.426235][ T2884] veth1_vlan: left promiscuous mode [ 297.431795][ T2884] veth0_vlan: left promiscuous mode [ 297.540580][ T5102] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 297.551473][ T5102] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 297.562847][ T5102] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 297.575814][ T5102] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 297.584646][ T5102] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 297.592767][ T5102] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 297.997996][ T2884] team0 (unregistering): Port device team_slave_1 removed [ 298.044214][ T2884] team0 (unregistering): Port device team_slave_0 removed [ 298.423597][ T5094] Bluetooth: hci0: command tx timeout [ 298.546018][T12786] __nla_validate_parse: 5 callbacks suppressed [ 298.546037][T12786] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2089'. [ 298.577065][T12796] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 298.642357][T12763] team0: Port device team_slave_0 added [ 298.674039][T12763] team0: Port device team_slave_1 added [ 298.690135][T12802] x_tables: duplicate underflow at hook 1 [ 298.735812][T12800] bridge_slave_1: left allmulticast mode [ 298.741685][T12800] bridge_slave_1: left promiscuous mode [ 298.747500][T12800] bridge0: port 2(bridge_slave_1) entered disabled state [ 298.795489][T12763] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 298.806170][T12763] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 298.835501][T12763] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 298.878077][T12763] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 298.907406][T12763] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 298.962002][T12763] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 299.159774][T12763] hsr_slave_0: entered promiscuous mode [ 299.167260][T12817] netlink: 'syz.0.2097': attribute type 20 has an invalid length. [ 299.187426][T12763] hsr_slave_1: entered promiscuous mode [ 299.194029][T12763] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 299.195713][T12819] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2096'. [ 299.208514][T12763] Cannot create hsr debugfs directory [ 299.595154][ T2884] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 299.609537][ T5094] Bluetooth: hci4: command tx timeout [ 299.841637][ T2884] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 299.864999][T12842] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2108'. [ 299.956029][ T2884] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.047218][ T2884] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.135724][T12787] chnl_net:caif_netlink_parms(): no params data found [ 300.476052][ T5102] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 300.486981][ T5102] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 300.499283][ T5092] Bluetooth: hci0: command tx timeout [ 300.525816][ T5102] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 300.558081][ T5102] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 300.566436][ T5102] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 300.574121][ T5102] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 300.590086][T12864] FAULT_INJECTION: forcing a failure. [ 300.590086][T12864] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 300.615487][T12864] CPU: 0 PID: 12864 Comm: syz.2.2115 Not tainted 6.10.0-rc6-syzkaller-00165-g0ec986ed7bab #0 [ 300.625684][T12864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 300.635734][T12864] Call Trace: [ 300.639011][T12864] [ 300.641934][T12864] dump_stack_lvl+0x241/0x360 [ 300.646622][T12864] ? __pfx_dump_stack_lvl+0x10/0x10 [ 300.651820][T12864] ? __pfx__printk+0x10/0x10 [ 300.656409][T12864] ? snprintf+0xda/0x120 [ 300.660653][T12864] should_fail_ex+0x3b0/0x4e0 [ 300.665330][T12864] _copy_to_user+0x2f/0xb0 [ 300.669739][T12864] simple_read_from_buffer+0xca/0x150 [ 300.675106][T12864] proc_fail_nth_read+0x1e9/0x250 [ 300.680124][T12864] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 300.685664][T12864] ? rw_verify_area+0x520/0x6b0 [ 300.690509][T12864] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 300.696045][T12864] vfs_read+0x204/0xbc0 [ 300.700213][T12864] ? __pfx_lock_release+0x10/0x10 [ 300.705263][T12864] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 300.710825][T12864] ? __pfx_vfs_read+0x10/0x10 [ 300.715508][T12864] ? __fget_files+0x29/0x470 [ 300.720105][T12864] ? __fget_files+0x3f6/0x470 [ 300.724786][T12864] ksys_read+0x1a0/0x2c0 [ 300.729029][T12864] ? __pfx_ksys_read+0x10/0x10 [ 300.733786][T12864] ? do_syscall_64+0x100/0x230 [ 300.738551][T12864] ? do_syscall_64+0xb6/0x230 [ 300.743230][T12864] do_syscall_64+0xf3/0x230 [ 300.747730][T12864] ? clear_bhb_loop+0x35/0x90 [ 300.752407][T12864] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.758389][T12864] RIP: 0033:0x7f48bbf746bc [ 300.762804][T12864] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 300.782406][T12864] RSP: 002b:00007f48bcdac040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 300.790819][T12864] RAX: ffffffffffffffda RBX: 00007f48bc103f60 RCX: 00007f48bbf746bc [ 300.798795][T12864] RDX: 000000000000000f RSI: 00007f48bcdac0b0 RDI: 0000000000000004 [ 300.806779][T12864] RBP: 00007f48bcdac0a0 R08: 0000000000000000 R09: 0000000000000000 [ 300.814836][T12864] R10: 000000000000fdef R11: 0000000000000246 R12: 0000000000000001 [ 300.822810][T12864] R13: 000000000000004d R14: 00007f48bc103f60 R15: 00007ffce929a678 [ 300.830799][T12864] [ 300.873799][T12787] bridge0: port 1(bridge_slave_0) entered blocking state [ 300.881314][T12787] bridge0: port 1(bridge_slave_0) entered disabled state [ 300.889253][T12787] bridge_slave_0: entered allmulticast mode [ 300.896788][T12787] bridge_slave_0: entered promiscuous mode [ 300.948783][T12787] bridge0: port 2(bridge_slave_1) entered blocking state [ 300.966901][T12787] bridge0: port 2(bridge_slave_1) entered disabled state [ 300.977660][T12787] bridge_slave_1: entered allmulticast mode [ 300.993774][T12787] bridge_slave_1: entered promiscuous mode [ 301.094691][T12787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 301.123576][T12787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 301.161199][T12876] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2118'. [ 301.193572][ T2884] bridge_slave_1: left allmulticast mode [ 301.204229][ T2884] bridge_slave_1: left promiscuous mode [ 301.211290][ T2884] bridge0: port 2(bridge_slave_1) entered disabled state [ 301.228405][ T2884] bridge_slave_0: left allmulticast mode [ 301.234386][ T2884] bridge_slave_0: left promiscuous mode [ 301.242909][T12873] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2117'. [ 301.252491][ T2884] bridge0: port 1(bridge_slave_0) entered disabled state [ 301.259910][T12873] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2117'. [ 301.612361][ T2884] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 301.623794][ T2884] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 301.636602][ T2884] bond0 (unregistering): Released all slaves [ 301.688957][ T5102] Bluetooth: hci4: command tx timeout [ 301.781051][T12787] team0: Port device team_slave_0 added [ 301.908044][T12787] team0: Port device team_slave_1 added [ 301.961040][T12763] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 301.977522][T12763] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 302.023982][T12787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 302.032594][T12787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 302.061907][T12787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 302.076619][T12763] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 302.122006][T12787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 302.139617][T12787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 302.190816][T12787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 302.207174][T12763] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 302.364968][ T2884] hsr_slave_0: left promiscuous mode [ 302.378748][ T2884] hsr_slave_1: left promiscuous mode [ 302.387909][ T2884] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 302.396416][ T2884] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 302.408387][ T2884] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 302.418010][ T2884] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 302.439287][ T2884] veth1_macvtap: left promiscuous mode [ 302.444854][ T2884] veth0_macvtap: left promiscuous mode [ 302.450763][ T2884] veth1_vlan: left promiscuous mode [ 302.456854][ T2884] veth0_vlan: left promiscuous mode [ 302.571525][ T5102] Bluetooth: hci0: command tx timeout [ 302.649048][ T5102] Bluetooth: hci2: command tx timeout [ 302.955907][ T2884] team0 (unregistering): Port device team_slave_1 removed [ 303.002628][ T2884] team0 (unregistering): Port device team_slave_0 removed [ 303.395438][T12787] hsr_slave_0: entered promiscuous mode [ 303.406458][T12787] hsr_slave_1: entered promiscuous mode [ 303.416523][T12787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 303.429610][T12787] Cannot create hsr debugfs directory [ 303.533904][T12860] chnl_net:caif_netlink_parms(): no params data found [ 303.768624][ T5102] Bluetooth: hci4: command tx timeout [ 303.914938][T12913] bridge0: port 1(bridge_slave_0) entered blocking state [ 303.922378][T12913] bridge0: port 1(bridge_slave_0) entered forwarding state [ 303.932135][T12913] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 304.054581][T12921] netlink: 'syz.0.2130': attribute type 1 has an invalid length. [ 304.065509][T12921] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2130'. [ 304.115288][T12921] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2130'. [ 304.133209][T12921] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 304.154108][T12921] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 304.189674][T12860] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.197146][T12860] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.206309][T12860] bridge_slave_0: entered allmulticast mode [ 304.214293][T12860] bridge_slave_0: entered promiscuous mode [ 304.226174][T12860] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.238400][T12860] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.248023][T12860] bridge_slave_1: entered allmulticast mode [ 304.255692][T12860] bridge_slave_1: entered promiscuous mode [ 304.364810][T12860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 304.390291][T12860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 304.522502][ T2884] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 304.542399][ T2884] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.570597][T12930] netlink: 'syz.0.2133': attribute type 8 has an invalid length. [ 304.595951][T12860] team0: Port device team_slave_0 added [ 304.620936][T12860] team0: Port device team_slave_1 added [ 304.651589][ T5102] Bluetooth: hci0: command tx timeout [ 304.705707][ T2884] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 304.716333][ T2884] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.728700][ T5102] Bluetooth: hci2: command tx timeout [ 304.775175][T12763] 8021q: adding VLAN 0 to HW filter on device bond0 [ 304.796052][T12860] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 304.804578][T12860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 304.840944][T12860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 304.858393][T12940] netlink: 'syz.2.2137': attribute type 12 has an invalid length. [ 304.877938][T12940] netlink: 'syz.2.2137': attribute type 11 has an invalid length. [ 304.891869][ T2884] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 304.895779][T12940] netlink: 190580 bytes leftover after parsing attributes in process `syz.2.2137'. [ 304.902538][ T2884] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.953537][T12860] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 304.961844][T12860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 304.988849][T12860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 305.025721][ T2884] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 305.037477][ T2884] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.112658][T12763] 8021q: adding VLAN 0 to HW filter on device team0 [ 305.136134][T12787] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 305.181607][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 305.188818][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 305.205744][T12787] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 305.216694][T12787] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 305.240848][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 305.247985][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 305.277182][T12787] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 305.296474][T12860] hsr_slave_0: entered promiscuous mode [ 305.306952][T12860] hsr_slave_1: entered promiscuous mode [ 305.313589][T12860] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 305.321860][T12860] Cannot create hsr debugfs directory [ 305.377697][ T2884] bridge_slave_1: left allmulticast mode [ 305.391230][ T2884] bridge_slave_1: left promiscuous mode [ 305.403793][ T2884] bridge0: port 2(bridge_slave_1) entered disabled state [ 305.414373][ T2884] bridge_slave_0: left allmulticast mode [ 305.423568][ T2884] bridge_slave_0: left promiscuous mode [ 305.431089][ T2884] bridge0: port 1(bridge_slave_0) entered disabled state [ 305.750644][ T2884] team0: Port device macvlan2 removed [ 305.849277][ T5094] Bluetooth: hci4: command tx timeout [ 305.901407][ T2884] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 305.916695][ T2884] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 305.928345][ T2884] bond0 (unregistering): Released all slaves [ 306.092518][T12952] netlink: 'syz.0.2140': attribute type 1 has an invalid length. [ 306.111247][T12952] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2140'. [ 306.167207][T12952] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2140'. [ 306.205402][T12952] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 306.221417][T12952] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 306.443603][T12966] netlink: 'syz.0.2145': attribute type 1 has an invalid length. [ 306.462183][T12966] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2145'. [ 306.558053][T12966] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2145'. [ 306.578324][T12966] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 306.598279][T12966] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 306.732213][ T2884] hsr_slave_0: left promiscuous mode [ 306.754552][ T2884] hsr_slave_1: left promiscuous mode [ 306.767007][ T2884] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 306.776058][ T2884] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 306.788533][ T2884] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 306.797728][ T2884] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 306.809277][ T5094] Bluetooth: hci2: command tx timeout [ 306.827647][ T2884] veth0_macvtap: left promiscuous mode [ 306.833464][ T2884] veth1_vlan: left promiscuous mode [ 306.840035][ T2884] veth0_vlan: left promiscuous mode [ 307.299126][ T2884] team0 (unregistering): Port device team_slave_1 removed [ 307.338735][ T2884] team0 (unregistering): Port device team_slave_0 removed [ 307.775411][T12992] netlink: 'syz.2.2153': attribute type 1 has an invalid length. [ 307.785056][T12992] netlink: 92 bytes leftover after parsing attributes in process `syz.2.2153'. [ 307.807386][T12992] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2153'. [ 307.808286][T12763] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 307.819262][T12992] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 307.856777][T12992] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 307.905686][T12787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 307.980661][T12787] 8021q: adding VLAN 0 to HW filter on device team0 [ 308.049812][ T5091] bridge0: port 1(bridge_slave_0) entered blocking state [ 308.057081][ T5091] bridge0: port 1(bridge_slave_0) entered forwarding state [ 308.075137][ T5091] bridge0: port 2(bridge_slave_1) entered blocking state [ 308.082447][ T5091] bridge0: port 2(bridge_slave_1) entered forwarding state [ 308.221199][T12860] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 308.283027][T13004] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2159'. [ 308.320295][T12860] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 308.340133][T12860] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 308.351891][T12763] veth0_vlan: entered promiscuous mode [ 308.359645][T12860] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 308.383636][T13004] bond2: (slave bridge7): Enslaving as an active interface with an up link [ 308.405341][T12763] veth1_vlan: entered promiscuous mode [ 308.414990][T13009] bridge0: port 4(bond2) entered blocking state [ 308.423046][T13009] bridge0: port 4(bond2) entered disabled state [ 308.430331][T13009] bond2: entered allmulticast mode [ 308.435472][T13009] bridge7: entered allmulticast mode [ 308.445715][T13009] bond2: entered promiscuous mode [ 308.451640][T13009] bridge7: entered promiscuous mode [ 308.593843][T12763] veth0_macvtap: entered promiscuous mode [ 308.613819][T12763] veth1_macvtap: entered promiscuous mode [ 308.709276][T12763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 308.723225][T12763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 308.735775][T12763] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 308.782893][T12763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 308.797584][T12763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 308.814466][T12763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 308.824996][T12763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 308.837050][T12763] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 308.873859][T12763] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.885634][T12763] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.896455][ T5094] Bluetooth: hci2: command tx timeout [ 308.903221][T12763] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.912850][T12763] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.948104][T12787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 309.000288][T12860] 8021q: adding VLAN 0 to HW filter on device bond0 [ 309.113773][T12860] 8021q: adding VLAN 0 to HW filter on device team0 [ 309.123276][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 309.167461][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 309.215938][ T786] bridge0: port 1(bridge_slave_0) entered blocking state [ 309.223214][ T786] bridge0: port 1(bridge_slave_0) entered forwarding state [ 309.236495][ T786] bridge0: port 2(bridge_slave_1) entered blocking state [ 309.243746][ T786] bridge0: port 2(bridge_slave_1) entered forwarding state [ 309.253163][T13031] IPVS: length: 4096 != 24 [ 309.305728][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 309.316039][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 309.608327][T12787] veth0_vlan: entered promiscuous mode [ 309.658032][T12787] veth1_vlan: entered promiscuous mode [ 309.763534][T12787] veth0_macvtap: entered promiscuous mode [ 309.787922][T12787] veth1_macvtap: entered promiscuous mode [ 309.806034][T13051] netlink: 'syz.0.2172': attribute type 10 has an invalid length. [ 309.835448][T13051] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 309.877210][T12787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 309.888083][T12787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.906515][T12787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 309.918161][T12787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.931073][T12787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 309.956823][T12787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 309.971411][T13056] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xf [ 309.976609][T12787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.993194][T12787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 310.004624][T12787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.014655][T12787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 310.026645][T12787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.039426][T12787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 310.056803][T12860] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 310.073915][T12787] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.084830][T12787] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.095553][T12787] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.106637][T12787] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.123751][T13058] netlink: 'syz.0.2175': attribute type 9 has an invalid length. [ 310.204999][ T35] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 310.366879][ T2905] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 310.371082][T12860] veth0_vlan: entered promiscuous mode [ 310.383234][ T2905] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 310.424279][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 310.427335][T12860] veth1_vlan: entered promiscuous mode [ 310.439700][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 310.503626][ T35] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 310.621714][T12860] veth0_macvtap: entered promiscuous mode [ 310.636093][T12860] veth1_macvtap: entered promiscuous mode [ 310.655689][T12860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 310.667142][T12860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.677526][T12860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 310.688310][T12860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.698777][T12860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 310.709366][T12860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.720868][T12860] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 310.736638][T12860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 310.748344][T12860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.759582][T12860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 310.770234][T12860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.780883][T12860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 310.791652][T12860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.801730][T12860] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 310.813747][T12860] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.824886][T12860] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 310.837766][T12860] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.847562][T12860] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.857499][T12860] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.867871][T12860] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.943007][ T35] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 310.990395][ T2905] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 311.004008][ T2905] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 311.036845][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 311.044903][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 311.152695][ T35] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 311.352078][ T35] bridge_slave_1: left allmulticast mode [ 311.358696][ T35] bridge_slave_1: left promiscuous mode [ 311.365695][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 311.375727][ T35] bridge_slave_0: left allmulticast mode [ 311.381839][ T35] bridge_slave_0: left promiscuous mode [ 311.387549][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 311.782037][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 311.859944][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 311.899762][ T35] bond0 (unregistering): Released all slaves [ 311.945718][T13069] bond_slave_0: entered promiscuous mode [ 311.951551][T13069] bond_slave_1: entered promiscuous mode [ 311.985733][T13064] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2177'. [ 312.014293][T13065] netlink: 'syz.1.2112': attribute type 1 has an invalid length. [ 312.074468][T13064] bond_slave_0: left promiscuous mode [ 312.080463][T13064] bond_slave_1: left promiscuous mode [ 312.175845][ T5102] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 312.186316][ T5102] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 312.194883][ T5102] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 312.203705][ T5102] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 312.218017][ T5102] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 312.235546][ T5102] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 312.346092][ T35] hsr_slave_0: left promiscuous mode [ 312.352594][ T35] hsr_slave_1: left promiscuous mode [ 312.361568][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 312.369871][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 312.377848][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 312.385989][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 312.407671][ T35] veth1_macvtap: left promiscuous mode [ 312.414921][ T35] veth0_macvtap: left promiscuous mode [ 312.420846][ T35] veth1_vlan: left promiscuous mode [ 312.426149][ T35] veth0_vlan: left promiscuous mode [ 312.892921][ T35] team0 (unregistering): Port device team_slave_1 removed [ 312.936121][ T35] team0 (unregistering): Port device team_slave_0 removed [ 313.279044][T13081] netlink: 'syz.0.2181': attribute type 10 has an invalid length. [ 313.300050][T13081] netlink: 212848 bytes leftover after parsing attributes in process `syz.0.2181'. [ 313.381998][T13087] netlink: 'syz.0.2181': attribute type 3 has an invalid length. [ 313.406353][T13087] netlink: 130984 bytes leftover after parsing attributes in process `syz.0.2181'. [ 313.526366][ T5102] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 313.554339][ T5102] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 313.567312][ T5102] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 313.587517][ T5102] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 313.609746][ T5102] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 313.625248][ T5102] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 314.112089][T13070] chnl_net:caif_netlink_parms(): no params data found [ 314.316472][T13070] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.334588][ T5094] Bluetooth: hci0: command tx timeout [ 314.347394][T13070] bridge0: port 1(bridge_slave_0) entered disabled state [ 314.359006][T13070] bridge_slave_0: entered allmulticast mode [ 314.372829][T13070] bridge_slave_0: entered promiscuous mode [ 314.432420][T13070] bridge0: port 2(bridge_slave_1) entered blocking state [ 314.443771][T13070] bridge0: port 2(bridge_slave_1) entered disabled state [ 314.451155][T13070] bridge_slave_1: entered allmulticast mode [ 314.459502][T13070] bridge_slave_1: entered promiscuous mode [ 314.576195][ T35] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.629908][T13123] dccp_invalid_packet: P.type (CLOSEREQ) not Data || [Data]Ack, while P.X == 0 [ 314.664573][T13070] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 314.695518][ T35] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.733960][T13070] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 314.761832][T13090] chnl_net:caif_netlink_parms(): no params data found [ 314.792846][ T35] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.893691][ T35] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.951834][T13070] team0: Port device team_slave_0 added [ 315.005102][T13070] team0: Port device team_slave_1 added [ 315.034440][T13090] bridge0: port 1(bridge_slave_0) entered blocking state [ 315.042001][T13090] bridge0: port 1(bridge_slave_0) entered disabled state [ 315.052572][T13090] bridge_slave_0: entered allmulticast mode [ 315.060697][T13090] bridge_slave_0: entered promiscuous mode [ 315.126965][T13090] bridge0: port 2(bridge_slave_1) entered blocking state [ 315.135007][T13090] bridge0: port 2(bridge_slave_1) entered disabled state [ 315.142676][T13090] bridge_slave_1: entered allmulticast mode [ 315.151093][T13090] bridge_slave_1: entered promiscuous mode [ 315.182903][T13070] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 315.197537][T13070] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 315.224246][T13070] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 315.238580][T13070] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 315.246066][T13070] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 315.273323][T13070] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 315.332551][T13090] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 315.445881][T13090] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 315.455698][ T35] bridge_slave_1: left allmulticast mode [ 315.465645][ T35] bridge_slave_1: left promiscuous mode [ 315.471863][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 315.484434][ T35] bridge_slave_0: left allmulticast mode [ 315.490542][ T35] bridge_slave_0: left promiscuous mode [ 315.496280][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 315.691911][ T5094] Bluetooth: hci4: command tx timeout [ 315.846929][T13164] nbd: must specify at least one socket [ 315.972994][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 315.984362][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 315.996343][ T35] bond0 (unregistering): Released all slaves [ 316.025324][T13070] hsr_slave_0: entered promiscuous mode [ 316.032711][T13070] hsr_slave_1: entered promiscuous mode [ 316.054656][T13070] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 316.063033][T13070] Cannot create hsr debugfs directory [ 316.109721][T13158] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2198'. [ 316.199114][T13090] team0: Port device team_slave_0 added [ 316.293351][T13170] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2203'. [ 316.325230][T13090] team0: Port device team_slave_1 added [ 316.410760][ T5094] Bluetooth: hci0: command tx timeout [ 316.537474][T13186] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 316.649516][T13195] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2214'. [ 316.678679][T13090] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 316.686053][T13090] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 316.719816][T13090] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 316.737585][T13090] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 316.747191][T13090] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 316.757577][T13200] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2216'. [ 316.780627][T13090] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 316.807072][T13193] netlink: 'syz.2.2212': attribute type 4 has an invalid length. [ 316.844527][T13190] netlink: 'syz.2.2212': attribute type 4 has an invalid length. [ 316.873133][ T35] hsr_slave_0: left promiscuous mode [ 316.882620][ T35] hsr_slave_1: left promiscuous mode [ 316.893128][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 316.900869][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 316.918008][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 316.926114][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 316.954082][ T35] veth1_macvtap: left promiscuous mode [ 316.959807][ T35] veth0_macvtap: left promiscuous mode [ 316.965385][ T35] veth1_vlan: left promiscuous mode [ 316.971140][ T35] veth0_vlan: left promiscuous mode [ 317.423241][ T35] team0 (unregistering): Port device team_slave_1 removed [ 317.462987][ T35] team0 (unregistering): Port device team_slave_0 removed [ 317.531597][ T1248] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.769082][ T5094] Bluetooth: hci4: command tx timeout [ 317.800293][T13212] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2220'. [ 317.847041][T13212] sctp: [Deprecated]: syz.1.2220 (pid 13212) Use of int in maxseg socket option. [ 317.847041][T13212] Use struct sctp_assoc_value instead [ 318.104526][T13090] hsr_slave_0: entered promiscuous mode [ 318.114068][T13090] hsr_slave_1: entered promiscuous mode [ 318.134923][T13090] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 318.150697][T13090] Cannot create hsr debugfs directory [ 318.154489][T13218] netlink: 'syz.1.2222': attribute type 8 has an invalid length. [ 318.166483][T13218] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2222'. [ 318.168966][T13214] netlink: 256 bytes leftover after parsing attributes in process `syz.2.2221'. [ 318.295606][T13221] Cannot find add_set index 0 as target [ 318.376381][T13225] netlink: 'syz.0.2226': attribute type 1 has an invalid length. [ 318.441968][T13228] netlink: 'syz.2.2228': attribute type 1 has an invalid length. [ 318.454490][T13228] netlink: 92 bytes leftover after parsing attributes in process `syz.2.2228'. [ 318.488735][ T5094] Bluetooth: hci0: command tx timeout [ 318.556546][T13233] netlink: 'syz.2.2230': attribute type 1 has an invalid length. [ 318.564986][T13233] netlink: 'syz.2.2230': attribute type 1 has an invalid length. [ 318.594526][T13231] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2229'. [ 318.782919][T13070] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 318.826386][T13070] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 318.875303][T13070] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 318.901735][T13070] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 318.951531][T13245] veth1_macvtap: left promiscuous mode [ 319.019902][T13247] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2237'. [ 319.081027][T13254] netlink: 'syz.0.2240': attribute type 1 has an invalid length. [ 319.107483][T13254] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2240'. [ 319.354824][T13273] FAULT_INJECTION: forcing a failure. [ 319.354824][T13273] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 319.370560][T13273] CPU: 1 PID: 13273 Comm: syz.2.2247 Not tainted 6.10.0-rc6-syzkaller-00165-g0ec986ed7bab #0 [ 319.380747][T13273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 319.390787][T13273] Call Trace: [ 319.394068][T13273] [ 319.396991][T13273] dump_stack_lvl+0x241/0x360 [ 319.401678][T13273] ? __pfx_dump_stack_lvl+0x10/0x10 [ 319.406898][T13273] ? __pfx__printk+0x10/0x10 [ 319.411483][T13273] ? bpf_cgroup_storage_free+0x8f/0xb0 [ 319.416934][T13273] ? __pfx_lock_release+0x10/0x10 [ 319.421962][T13273] ? bpf_test_run+0x840/0x910 [ 319.427372][T13273] should_fail_ex+0x3b0/0x4e0 [ 319.432251][T13273] _copy_to_user+0x2f/0xb0 [ 319.436769][T13273] bpf_test_finish+0x293/0x8b0 [ 319.441550][T13273] ? __pfx_bpf_test_finish+0x10/0x10 [ 319.446836][T13273] ? convert___skb_to_skb+0x41/0x620 [ 319.452116][T13273] ? convert_skb_to___skb+0x2d3/0x510 [ 319.457502][T13273] bpf_prog_test_run_skb+0xd06/0x13a0 [ 319.462874][T13273] ? __pfx_lock_release+0x10/0x10 [ 319.467901][T13273] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 319.473723][T13273] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 319.479548][T13273] bpf_prog_test_run+0x33a/0x3b0 [ 319.484491][T13273] __sys_bpf+0x48d/0x810 [ 319.488764][T13273] ? __pfx___sys_bpf+0x10/0x10 [ 319.493535][T13273] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 319.499511][T13273] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 319.505836][T13273] ? do_syscall_64+0x100/0x230 [ 319.510605][T13273] __x64_sys_bpf+0x7c/0x90 [ 319.515019][T13273] do_syscall_64+0xf3/0x230 [ 319.519540][T13273] ? clear_bhb_loop+0x35/0x90 [ 319.524240][T13273] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.530150][T13273] RIP: 0033:0x7f48bbf75bd9 [ 319.534579][T13273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 319.554196][T13273] RSP: 002b:00007f48bcdac048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 319.562615][T13273] RAX: ffffffffffffffda RBX: 00007f48bc103f60 RCX: 00007f48bbf75bd9 [ 319.570681][T13273] RDX: 000000000000004c RSI: 0000000020000240 RDI: 000000000000000a [ 319.578666][T13273] RBP: 00007f48bcdac0a0 R08: 0000000000000000 R09: 0000000000000000 [ 319.586659][T13273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 319.594724][T13273] R13: 000000000000004d R14: 00007f48bc103f60 R15: 00007ffce929a678 [ 319.602714][T13273] [ 319.657232][T13278] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2249'. [ 319.684213][T13070] 8021q: adding VLAN 0 to HW filter on device bond0 [ 319.699530][T13090] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 319.713209][T13090] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 319.739429][T13090] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 319.754618][T13281] netlink: 'syz.1.2249': attribute type 10 has an invalid length. [ 319.837664][T13281] team0: Device veth1_vlan failed to register rx_handler [ 319.852374][ T5094] Bluetooth: hci4: command tx timeout [ 319.877941][T13090] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 319.925457][T13070] 8021q: adding VLAN 0 to HW filter on device team0 [ 319.969945][T13292] netlink: 'syz.0.2255': attribute type 1 has an invalid length. [ 319.978090][T13292] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2255'. [ 320.001074][ T5138] bridge0: port 1(bridge_slave_0) entered blocking state [ 320.008240][ T5138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 320.021672][ T5138] bridge0: port 2(bridge_slave_1) entered blocking state [ 320.028874][ T5138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 320.063665][T13294] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2256'. [ 320.076568][T13295] xt_ecn: cannot match TCP bits for non-tcp packets [ 320.198200][T13090] 8021q: adding VLAN 0 to HW filter on device bond0 [ 320.237895][T13090] 8021q: adding VLAN 0 to HW filter on device team0 [ 320.263726][ T5138] bridge0: port 1(bridge_slave_0) entered blocking state [ 320.270965][ T5138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 320.311824][ T5138] bridge0: port 2(bridge_slave_1) entered blocking state [ 320.319042][ T5138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 320.487382][T13281] syz.1.2249 (13281) used greatest stack depth: 17488 bytes left [ 320.545013][T13070] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 320.568574][ T5094] Bluetooth: hci0: command tx timeout [ 320.693909][T13070] veth0_vlan: entered promiscuous mode [ 320.718140][T13090] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 320.751622][T13070] veth1_vlan: entered promiscuous mode [ 320.831082][T13070] veth0_macvtap: entered promiscuous mode [ 320.855371][T13070] veth1_macvtap: entered promiscuous mode [ 320.905361][T13070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 320.924153][T13070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.935665][T13070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 320.953915][T13070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 320.965818][T13070] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 321.019976][T13070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 321.053498][T13070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 321.079599][T13070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 321.102836][T13070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 321.115707][T13070] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 321.135182][T13070] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 321.147429][T13070] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 321.241507][T13070] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.292001][T13070] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.309266][T13070] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.318760][T13070] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.421360][T13362] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 321.511831][T13090] veth0_vlan: entered promiscuous mode [ 321.567943][T13090] veth1_vlan: entered promiscuous mode [ 321.651379][T13368] veth1_macvtap: left promiscuous mode [ 321.684062][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 321.709236][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 321.764057][T13370] tipc: Started in network mode [ 321.769610][T13370] tipc: Node identity ac1414aa, cluster identity 4711 [ 321.777335][T13370] tipc: Enabled bearer , priority 10 [ 321.797132][T13370] tipc: Disabling bearer [ 321.797492][ T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 321.815778][T13090] veth0_macvtap: entered promiscuous mode [ 321.833620][ T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 321.865059][T13090] veth1_macvtap: entered promiscuous mode [ 321.928010][T13090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 321.940106][ T5094] Bluetooth: hci4: command tx timeout [ 321.952898][T13090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 321.963298][T13090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 321.977685][T13090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 321.988663][T13090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 321.999754][T13090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.014005][T13090] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 322.105846][T13090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 322.143791][T13090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.164011][T13090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 322.185399][T13090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.196306][T13090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 322.211266][T13090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.222440][T13090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 322.233750][T13090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.245137][T13090] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 322.258783][T13090] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.267523][T13090] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.277138][T13090] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.286468][T13090] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.416489][T13398] ipt_REJECT: TCP_RESET invalid for non-tcp [ 322.485018][T13398] nbd: couldn't find device at index -1 [ 322.492950][ T2905] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 322.512594][ T2905] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 322.551553][T13404] validate_nla: 4 callbacks suppressed [ 322.551571][T13404] netlink: 'syz.1.2292': attribute type 1 has an invalid length. [ 322.565497][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 322.580014][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 322.844645][T13414] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT [ 322.870526][T13414] __nla_validate_parse: 7 callbacks suppressed [ 322.870545][T13414] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2297'. [ 322.922237][T13414] vlan0: entered promiscuous mode [ 323.336409][T13438] netlink: 'syz.1.2304': attribute type 1 has an invalid length. [ 323.358781][T13438] netlink: 92 bytes leftover after parsing attributes in process `syz.1.2304'. [ 323.583287][T13449] netlink: 'syz.2.2312': attribute type 3 has an invalid length. [ 323.591337][T13449] netlink: 1328 bytes leftover after parsing attributes in process `syz.2.2312'. [ 323.895732][T13466] dccp_invalid_packet: P.Data Offset(132) too large [ 324.195622][ T62] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.787366][T13482] netlink: 'syz.0.2319': attribute type 1 has an invalid length. [ 324.805681][T13482] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2319'. [ 325.020036][ T5102] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 325.029790][ T5102] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 325.038704][ T5102] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 325.050881][ T5102] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 325.059408][ T5102] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 325.066908][ T5102] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 325.247005][T13490] chnl_net:caif_netlink_parms(): no params data found [ 325.317019][T13490] bridge0: port 1(bridge_slave_0) entered blocking state [ 325.324222][T13490] bridge0: port 1(bridge_slave_0) entered disabled state [ 325.331533][T13490] bridge_slave_0: entered allmulticast mode [ 325.338382][T13490] bridge_slave_0: entered promiscuous mode [ 325.346929][T13490] bridge0: port 2(bridge_slave_1) entered blocking state [ 325.354612][T13490] bridge0: port 2(bridge_slave_1) entered disabled state [ 325.362036][T13490] bridge_slave_1: entered allmulticast mode [ 325.369180][T13490] bridge_slave_1: entered promiscuous mode [ 325.401694][T13490] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 325.415098][T13490] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 325.457952][ T62] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.486680][T13490] team0: Port device team_slave_0 added [ 325.497569][T13490] team0: Port device team_slave_1 added [ 325.532475][ T62] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.557023][T13490] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 325.564148][T13490] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 325.590574][T13490] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 325.605005][T13490] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 325.614703][T13490] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 325.641313][T13490] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 325.676748][ T62] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.721374][T13490] hsr_slave_0: entered promiscuous mode [ 325.727808][T13490] hsr_slave_1: entered promiscuous mode [ 325.735412][T13490] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 325.743266][T13490] Cannot create hsr debugfs directory [ 325.884003][ T62] bridge_slave_1: left allmulticast mode [ 325.890009][ T62] bridge_slave_1: left promiscuous mode [ 325.895681][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 325.905969][ T62] bridge_slave_0: left allmulticast mode [ 325.912423][ T62] bridge_slave_0: left promiscuous mode [ 325.918106][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 326.390553][T13512] Unsupported ieee802154 address type: 0 [ 326.399136][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 326.420509][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 326.435329][ T5094] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 326.446072][ T62] bond0 (unregistering): Released all slaves [ 326.446139][ T5094] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 326.462419][ T5094] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 326.473323][ T5094] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 326.485292][ T5094] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 326.500849][ T5094] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 326.598178][T13512] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2324'. [ 326.652998][T13518] netlink: 340 bytes leftover after parsing attributes in process `syz.1.2325'. [ 326.718196][T13521] netlink: 'syz.2.2327': attribute type 1 has an invalid length. [ 326.726886][T13521] netlink: 92 bytes leftover after parsing attributes in process `syz.2.2327'. [ 326.751207][T13518] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2325'. [ 326.777635][T13522] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2325'. [ 326.793388][T13522] ipvlan2: entered allmulticast mode [ 326.799129][T13522] veth0_vlan: entered allmulticast mode [ 327.095738][T13535] netlink: 'syz.1.2332': attribute type 1 has an invalid length. [ 327.104015][ T62] hsr_slave_0: left promiscuous mode [ 327.109866][T13535] netlink: 92 bytes leftover after parsing attributes in process `syz.1.2332'. [ 327.125752][ T62] hsr_slave_1: left promiscuous mode [ 327.135227][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 327.138687][ T5102] Bluetooth: hci0: command tx timeout [ 327.143335][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 327.157711][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 327.178839][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 327.224382][ T62] veth1_macvtap: left promiscuous mode [ 327.238643][ T62] veth0_macvtap: left promiscuous mode [ 327.244306][ T62] veth1_vlan: left promiscuous mode [ 327.253431][ T62] veth0_vlan: left promiscuous mode [ 327.825473][ T62] team0 (unregistering): Port device team_slave_1 removed [ 327.868391][ T62] team0 (unregistering): Port device team_slave_0 removed [ 328.329259][T13551] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2335'. [ 328.362646][T13551] openvswitch: netlink: VXLAN extension message has 1 unknown bytes. [ 328.397005][T13551] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2335'. [ 328.454682][T13490] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 328.498696][T13555] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2337'. [ 328.555086][T13490] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 328.571782][ T5102] Bluetooth: hci4: command tx timeout [ 328.593126][T13513] chnl_net:caif_netlink_parms(): no params data found [ 328.619449][T13563] FAULT_INJECTION: forcing a failure. [ 328.619449][T13563] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 328.665476][T13568] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2342'. [ 328.675802][T13563] CPU: 0 PID: 13563 Comm: syz.1.2340 Not tainted 6.10.0-rc6-syzkaller-00165-g0ec986ed7bab #0 [ 328.685996][T13563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 328.696072][T13563] Call Trace: [ 328.699381][T13563] [ 328.701013][T13490] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 328.702311][T13563] dump_stack_lvl+0x241/0x360 [ 328.713718][T13563] ? __pfx_dump_stack_lvl+0x10/0x10 [ 328.718934][T13563] ? __pfx__printk+0x10/0x10 [ 328.723553][T13563] ? __pfx_lock_release+0x10/0x10 [ 328.728608][T13563] should_fail_ex+0x3b0/0x4e0 [ 328.733319][T13563] _copy_from_iter+0x1f6/0x1960 [ 328.738201][T13563] ? __virt_addr_valid+0x183/0x520 [ 328.743339][T13563] ? __pfx_lock_release+0x10/0x10 [ 328.748402][T13563] ? __alloc_skb+0x28f/0x440 [ 328.753011][T13563] ? __pfx__copy_from_iter+0x10/0x10 [ 328.758324][T13563] ? __virt_addr_valid+0x183/0x520 [ 328.763467][T13563] ? __virt_addr_valid+0x183/0x520 [ 328.768692][T13563] ? __virt_addr_valid+0x44e/0x520 [ 328.773835][T13563] ? __check_object_size+0x49c/0x900 [ 328.779154][T13563] netlink_sendmsg+0x743/0xcb0 [ 328.783958][T13563] ? __pfx_netlink_sendmsg+0x10/0x10 [ 328.789277][T13563] ? __import_iovec+0x536/0x820 [ 328.794152][T13563] ? aa_sock_msg_perm+0x91/0x160 [ 328.799128][T13563] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 328.804430][T13563] ? security_socket_sendmsg+0x87/0xb0 [ 328.809916][T13563] ? __pfx_netlink_sendmsg+0x10/0x10 [ 328.815397][T13563] __sock_sendmsg+0x221/0x270 [ 328.820108][T13563] ____sys_sendmsg+0x525/0x7d0 [ 328.824894][T13563] ? __pfx_____sys_sendmsg+0x10/0x10 [ 328.830197][T13563] __sys_sendmsg+0x2b0/0x3a0 [ 328.834798][T13563] ? __pfx___sys_sendmsg+0x10/0x10 [ 328.839905][T13563] ? vfs_write+0x7c4/0xc90 [ 328.844353][T13563] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 328.850684][T13563] ? do_syscall_64+0x100/0x230 [ 328.855494][T13563] ? do_syscall_64+0xb6/0x230 [ 328.860183][T13563] do_syscall_64+0xf3/0x230 [ 328.864703][T13563] ? clear_bhb_loop+0x35/0x90 [ 328.869384][T13563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.875301][T13563] RIP: 0033:0x7ff137b75bd9 [ 328.879736][T13563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 328.899367][T13563] RSP: 002b:00007ff13891e048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 328.907799][T13563] RAX: ffffffffffffffda RBX: 00007ff137d03f60 RCX: 00007ff137b75bd9 [ 328.915766][T13563] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000004 [ 328.923733][T13563] RBP: 00007ff13891e0a0 R08: 0000000000000000 R09: 0000000000000000 [ 328.931708][T13563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 328.939696][T13563] R13: 000000000000000b R14: 00007ff137d03f60 R15: 00007ffef0cc1d98 [ 328.947687][T13563] [ 328.967264][T13490] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 329.079254][T13578] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2344'. [ 329.201600][T13588] netlink: 'syz.1.2347': attribute type 1 has an invalid length. [ 329.209787][T13588] netlink: 92 bytes leftover after parsing attributes in process `syz.1.2347'. [ 329.218791][ T5102] Bluetooth: hci0: command tx timeout [ 329.232380][T13513] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.240358][T13513] bridge0: port 1(bridge_slave_0) entered disabled state [ 329.247592][T13513] bridge_slave_0: entered allmulticast mode [ 329.256502][T13513] bridge_slave_0: entered promiscuous mode [ 329.270437][T13513] bridge0: port 2(bridge_slave_1) entered blocking state [ 329.280297][T13513] bridge0: port 2(bridge_slave_1) entered disabled state [ 329.288932][T13513] bridge_slave_1: entered allmulticast mode [ 329.296528][T13513] bridge_slave_1: entered promiscuous mode [ 329.371630][T13513] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 329.411557][T13513] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 329.471995][T13598] bridge0: port 1(bridge_slave_0) entered disabled state [ 329.556690][T13513] team0: Port device team_slave_0 added [ 329.675106][ T62] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.740090][T13513] team0: Port device team_slave_1 added [ 329.815157][T13513] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 329.829766][T13513] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 329.856729][T13513] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 329.896292][T13615] netlink: 'syz.0.2359': attribute type 1 has an invalid length. [ 329.938762][T13615] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2359'. [ 329.953551][ T62] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.982080][T13513] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 329.991115][T13513] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 330.029566][T13513] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 330.053440][T13617] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 330.071124][T13623] dccp_invalid_packet: P.Data Offset(4) too small [ 330.123335][ T62] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.280916][T13629] IPv6: Can't replace route, no match found [ 330.378289][ T62] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.406101][T13631] netlink: 'syz.0.2367': attribute type 5 has an invalid length. [ 330.422652][T13628] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2365'. [ 330.485156][T13513] hsr_slave_0: entered promiscuous mode [ 330.496658][T13513] hsr_slave_1: entered promiscuous mode [ 330.503595][T13513] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 330.512966][T13513] Cannot create hsr debugfs directory [ 330.527996][T13490] 8021q: adding VLAN 0 to HW filter on device bond0 [ 330.651663][ T5102] Bluetooth: hci4: command tx timeout [ 330.660296][T13490] 8021q: adding VLAN 0 to HW filter on device team0 [ 330.719197][ T5141] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.726381][ T5141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 330.743389][ T5141] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.750591][ T5141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 330.806165][T13646] netlink: 'syz.1.2370': attribute type 1 has an invalid length. [ 330.824133][T13646] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2370'. [ 330.837748][T13646] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2370'. [ 330.853800][T13645] netlink: 'syz.1.2370': attribute type 1 has an invalid length. [ 330.960850][ T62] bridge_slave_1: left allmulticast mode [ 330.966807][ T62] bridge_slave_1: left promiscuous mode [ 330.972836][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 330.991813][ T62] bridge_slave_0: left allmulticast mode [ 330.997615][ T62] bridge_slave_0: left promiscuous mode [ 331.007655][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.289324][ T5102] Bluetooth: hci0: command tx timeout [ 331.396212][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 331.408058][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 331.427163][ T62] bond0 (unregistering): Released all slaves [ 331.444975][T13490] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 331.481442][T13651] netlink: 'syz.1.2372': attribute type 1 has an invalid length. [ 331.525867][T13652] bond2: (slave gre1): The slave device specified does not support setting the MAC address [ 331.548302][T13652] bond2: (slave gre1): Setting fail_over_mac to active for active-backup mode [ 331.561613][T13652] bond2: (slave gre1): making interface the new active one [ 331.571409][T13652] bond2: (slave gre1): Enslaving as an active interface with an up link [ 331.605769][T13657] netlink: 'syz.0.2374': attribute type 1 has an invalid length. [ 331.845266][T13676] FAULT_INJECTION: forcing a failure. [ 331.845266][T13676] name failslab, interval 1, probability 0, space 0, times 0 [ 331.866758][T13676] CPU: 1 PID: 13676 Comm: syz.0.2377 Not tainted 6.10.0-rc6-syzkaller-00165-g0ec986ed7bab #0 [ 331.876968][T13676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 331.887050][T13676] Call Trace: [ 331.890356][T13676] [ 331.893304][T13676] dump_stack_lvl+0x241/0x360 [ 331.898018][T13676] ? __pfx_dump_stack_lvl+0x10/0x10 [ 331.903240][T13676] ? __pfx__printk+0x10/0x10 [ 331.907874][T13676] ? ref_tracker_alloc+0x332/0x490 [ 331.913011][T13676] should_fail_ex+0x3b0/0x4e0 [ 331.917734][T13676] ? skb_clone+0x20c/0x390 [ 331.922213][T13676] should_failslab+0x9/0x20 [ 331.926764][T13676] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 331.932210][T13676] skb_clone+0x20c/0x390 [ 331.936518][T13676] __netlink_deliver_tap+0x3cc/0x7c0 [ 331.941860][T13676] ? netlink_deliver_tap+0x2e/0x1b0 [ 331.947095][T13676] netlink_deliver_tap+0x19d/0x1b0 [ 331.952247][T13676] netlink_unicast+0x7b8/0x980 [ 331.957052][T13676] ? __pfx_netlink_unicast+0x10/0x10 [ 331.962363][T13676] ? __virt_addr_valid+0x183/0x520 [ 331.967642][T13676] ? __check_object_size+0x49c/0x900 [ 331.972935][T13676] ? bpf_lsm_netlink_send+0x9/0x10 [ 331.978050][T13676] netlink_sendmsg+0x8db/0xcb0 [ 331.982824][T13676] ? __pfx_netlink_sendmsg+0x10/0x10 [ 331.988107][T13676] ? __mutex_trylock_common+0x183/0x2e0 [ 331.993750][T13676] ? aa_sock_msg_perm+0x91/0x160 [ 331.998686][T13676] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 332.004048][T13676] ? security_socket_sendmsg+0x87/0xb0 [ 332.009501][T13676] ? __pfx_netlink_sendmsg+0x10/0x10 [ 332.014779][T13676] __sock_sendmsg+0x221/0x270 [ 332.019477][T13676] sock_sendmsg+0x134/0x200 [ 332.023980][T13676] ? __pfx_sock_sendmsg+0x10/0x10 [ 332.029107][T13676] ? iov_iter_bvec+0x4e/0x180 [ 332.033778][T13676] splice_to_socket+0xa13/0x10b0 [ 332.038736][T13676] ? __pfx_lock_release+0x10/0x10 [ 332.043763][T13676] ? __pfx_splice_to_socket+0x10/0x10 [ 332.049142][T13676] ? __lock_acquire+0x1346/0x1fd0 [ 332.054178][T13676] ? bpf_lsm_file_permission+0x9/0x10 [ 332.059551][T13676] ? security_file_permission+0x7f/0xa0 [ 332.065119][T13676] ? rw_verify_area+0x1d2/0x6b0 [ 332.069997][T13676] ? __pfx_splice_to_socket+0x10/0x10 [ 332.075398][T13676] do_splice+0xd77/0x1900 [ 332.079774][T13676] ? __pfx_lock_release+0x10/0x10 [ 332.084786][T13676] ? vfs_write+0x7c4/0xc90 [ 332.089198][T13676] ? __mutex_unlock_slowpath+0x21d/0x750 [ 332.094836][T13676] ? pipe_clear_nowait+0x196/0x220 [ 332.099956][T13676] ? __pfx_do_splice+0x10/0x10 [ 332.104727][T13676] __se_sys_splice+0x331/0x4a0 [ 332.109513][T13676] ? __pfx___se_sys_splice+0x10/0x10 [ 332.114802][T13676] ? do_syscall_64+0x100/0x230 [ 332.119579][T13676] ? __x64_sys_splice+0x21/0xf0 [ 332.124446][T13676] do_syscall_64+0xf3/0x230 [ 332.129035][T13676] ? clear_bhb_loop+0x35/0x90 [ 332.133720][T13676] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.139610][T13676] RIP: 0033:0x7fe1fdb75bd9 [ 332.144016][T13676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 332.163621][T13676] RSP: 002b:00007fe1fe957048 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 332.172553][T13676] RAX: ffffffffffffffda RBX: 00007fe1fdd04038 RCX: 00007fe1fdb75bd9 [ 332.180520][T13676] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 332.188489][T13676] RBP: 00007fe1fe9570a0 R08: 00000000000008f8 R09: 0000000000000000 [ 332.196468][T13676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 332.204443][T13676] R13: 000000000000006e R14: 00007fe1fdd04038 R15: 00007fff9daf1a58 [ 332.212430][T13676] [ 332.290965][T13490] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 332.351236][ T62] hsr_slave_0: left promiscuous mode [ 332.357739][ T62] hsr_slave_1: left promiscuous mode [ 332.366148][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 332.374266][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 332.382722][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 332.390948][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 332.423508][ T62] veth1_macvtap: left promiscuous mode [ 332.429251][ T62] veth0_macvtap: left promiscuous mode [ 332.434932][ T62] veth1_vlan: left promiscuous mode [ 332.443526][ T62] veth0_vlan: left promiscuous mode [ 332.584418][T13686] xt_recent: Unsupported userspace flags (00000042) [ 332.735071][ T5102] Bluetooth: hci4: command tx timeout [ 333.157593][ T62] team0 (unregistering): Port device team_slave_1 removed [ 333.222369][ T62] team0 (unregistering): Port device team_slave_0 removed [ 333.379134][ T5102] Bluetooth: hci0: command tx timeout [ 333.995740][T13490] veth0_vlan: entered promiscuous mode [ 334.110472][T13490] veth1_vlan: entered promiscuous mode [ 334.196520][T13513] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 334.250412][T13513] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 334.276268][T13513] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 334.297178][T13513] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 334.374080][T13490] veth0_macvtap: entered promiscuous mode [ 334.413965][T13490] veth1_macvtap: entered promiscuous mode [ 334.476729][T13490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 334.488970][T13490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.516111][T13490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 334.539620][T13490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.555612][T13490] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 334.606836][T13490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 334.638505][T13490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.648374][T13490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 334.698010][T13490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.731346][T13490] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 334.753829][T13490] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.785082][T13490] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 334.818234][T13490] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.827540][ T5102] Bluetooth: hci4: command tx timeout [ 334.845948][T13490] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.854948][T13490] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.863917][T13490] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.964123][T13747] caif0: Master is either lo or non-ether device [ 335.052346][T13513] 8021q: adding VLAN 0 to HW filter on device bond0 [ 335.073657][T13513] 8021q: adding VLAN 0 to HW filter on device team0 [ 335.112747][ T5091] bridge0: port 1(bridge_slave_0) entered blocking state [ 335.119978][ T5091] bridge0: port 1(bridge_slave_0) entered forwarding state [ 335.148081][T13757] netlink: 'syz.0.2406': attribute type 10 has an invalid length. [ 335.186435][ T5091] bridge0: port 2(bridge_slave_1) entered blocking state [ 335.193670][ T5091] bridge0: port 2(bridge_slave_1) entered forwarding state [ 335.224481][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 335.257773][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 335.380347][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 335.388212][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 335.741834][T13513] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 335.832223][T13792] __nla_validate_parse: 8 callbacks suppressed [ 335.832242][T13792] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2416'. [ 335.896004][T13792] Cannot find add_set index 0 as target [ 336.066239][T13513] veth0_vlan: entered promiscuous mode [ 336.096670][T13513] veth1_vlan: entered promiscuous mode [ 336.229143][ T2859] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.297173][T13810] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2422'. [ 336.315529][T13810] openvswitch: netlink: Tunnel attr 1191 out of range max 16 [ 336.320316][T13513] veth0_macvtap: entered promiscuous mode [ 336.395609][ T2859] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.422824][T13513] veth1_macvtap: entered promiscuous mode [ 336.457497][T13513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 336.469733][T13513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.485552][T13513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 336.496970][T13513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.507427][T13513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 336.518349][T13513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.531906][T13513] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 336.548095][T13513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 336.559711][T13513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.571044][T13513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 336.581640][T13513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.591601][T13513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 336.602715][T13513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.612701][T13513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 336.623349][T13513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 336.634668][T13513] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 336.655936][T13513] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.665023][T13513] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.674388][T13513] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.683478][T13513] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 336.711597][ T2859] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.823096][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 336.834134][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 336.903629][ T2905] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 336.912217][ T2905] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 337.004512][ T2859] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.164350][ T2859] bridge_slave_1: left allmulticast mode [ 337.172442][ T2859] bridge_slave_1: left promiscuous mode [ 337.178173][ T2859] bridge0: port 2(bridge_slave_1) entered disabled state [ 337.188065][ T2859] bridge_slave_0: left allmulticast mode [ 337.195272][ T2859] bridge_slave_0: left promiscuous mode [ 337.202334][ T2859] bridge0: port 1(bridge_slave_0) entered disabled state [ 337.508232][ T2859] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 337.523677][ T2859] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 337.535720][ T2859] bond0 (unregistering): Released all slaves [ 337.867166][ T2859] hsr_slave_0: left promiscuous mode [ 337.874276][ T2859] hsr_slave_1: left promiscuous mode [ 337.880525][ T2859] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 337.888154][ T2859] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 337.897396][ T2859] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 337.905290][ T2859] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 337.925296][ T2859] veth1_macvtap: left promiscuous mode [ 337.931834][ T2859] veth0_macvtap: left promiscuous mode [ 337.937569][ T2859] veth1_vlan: left promiscuous mode [ 337.943290][ T2859] veth0_vlan: left promiscuous mode [ 338.391780][ T5092] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 338.406107][ T5092] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 338.437810][ T5092] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 338.456079][ T5092] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 338.469888][ T5092] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 338.477646][ T5092] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 338.574096][ T2859] team0 (unregistering): Port device team_slave_1 removed [ 338.617601][ T2859] team0 (unregistering): Port device team_slave_0 removed [ 339.123716][T13824] vlan0: entered promiscuous mode [ 339.285853][T13838] veth0_vlan: entered allmulticast mode [ 339.552663][T13827] chnl_net:caif_netlink_parms(): no params data found [ 339.687203][T13854] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2433'. [ 339.735078][T13854] openvswitch: netlink: Tunnel attr 1191 out of range max 16 [ 339.775011][T13827] bridge0: port 1(bridge_slave_0) entered blocking state [ 339.782937][T13827] bridge0: port 1(bridge_slave_0) entered disabled state [ 339.790479][T13827] bridge_slave_0: entered allmulticast mode [ 339.797295][T13827] bridge_slave_0: entered promiscuous mode [ 339.806617][T13827] bridge0: port 2(bridge_slave_1) entered blocking state [ 339.814378][T13827] bridge0: port 2(bridge_slave_1) entered disabled state [ 339.821746][T13827] bridge_slave_1: entered allmulticast mode [ 339.833987][T13827] bridge_slave_1: entered promiscuous mode [ 339.867542][T13827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 339.893323][T13827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 339.965715][ T2859] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 339.987914][T13827] team0: Port device team_slave_0 added [ 339.995776][T13827] team0: Port device team_slave_1 added [ 340.022330][T13827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 340.029573][T13827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 340.055945][T13827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 340.083547][ T2859] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 340.100219][T13827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 340.107327][ T5094] Bluetooth: hci3: command 0x0406 tx timeout [ 340.108927][T13827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 340.140095][T13827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 340.190986][T13827] hsr_slave_0: entered promiscuous mode [ 340.197580][T13827] hsr_slave_1: entered promiscuous mode [ 340.204623][T13827] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 340.212242][T13827] Cannot create hsr debugfs directory [ 340.232728][ T2859] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 340.306521][ T2859] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 340.451204][ T2859] bridge_slave_1: left allmulticast mode [ 340.456900][ T2859] bridge_slave_1: left promiscuous mode [ 340.463172][ T2859] bridge0: port 2(bridge_slave_1) entered disabled state [ 340.472841][ T2859] bridge_slave_0: left allmulticast mode [ 340.478892][ T2859] bridge_slave_0: left promiscuous mode [ 340.484669][ T2859] bridge0: port 1(bridge_slave_0) entered disabled state [ 340.574597][ T5102] Bluetooth: hci0: command tx timeout [ 340.816128][ T2859] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 340.827585][ T2859] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 340.839544][ T2859] bond0 (unregistering): Released all slaves [ 341.029433][T13827] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 341.039003][T13827] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 341.061720][T13827] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 341.100659][T13827] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 341.146767][ T2859] hsr_slave_0: left promiscuous mode [ 341.152869][ T2859] hsr_slave_1: left promiscuous mode [ 341.167010][ T2859] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 341.174484][ T2859] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 341.183264][ T2859] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 341.195570][ T2859] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 341.222741][ T2859] veth1_macvtap: left promiscuous mode [ 341.228280][ T2859] veth0_macvtap: left promiscuous mode [ 341.234308][ T2859] veth1_vlan: left promiscuous mode [ 341.239772][ T2859] veth0_vlan: left promiscuous mode [ 341.754306][ T5094] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 341.765771][ T5094] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 341.778112][ T5094] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 341.798935][ T5094] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 341.814336][ T5094] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 341.822793][ T5094] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 342.085577][ T2859] team0 (unregistering): Port device team_slave_1 removed [ 342.130669][ T2859] team0 (unregistering): Port device team_slave_0 removed [ 342.653576][ T5102] Bluetooth: hci0: command tx timeout [ 342.995141][T13827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 343.012089][T13904] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2446'. [ 343.046405][T13904] openvswitch: netlink: Tunnel attr 1191 out of range max 16 [ 343.063747][T13827] 8021q: adding VLAN 0 to HW filter on device team0 [ 343.092797][ T5145] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.100041][ T5145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 343.116234][T13876] chnl_net:caif_netlink_parms(): no params data found [ 343.193029][T13916] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2448'. [ 343.219865][ T5145] bridge0: port 2(bridge_slave_1) entered blocking state [ 343.227109][ T5145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 343.240999][T13916] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2448'. [ 343.304903][T13920] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2448'. [ 343.331162][T13922] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2451'. [ 343.365290][T13922] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 343.418058][T13876] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.425482][T13876] bridge0: port 1(bridge_slave_0) entered disabled state [ 343.434584][T13876] bridge_slave_0: entered allmulticast mode [ 343.442162][T13876] bridge_slave_0: entered promiscuous mode [ 343.461525][T13876] bridge0: port 2(bridge_slave_1) entered blocking state [ 343.471482][T13876] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.479550][T13876] bridge_slave_1: entered allmulticast mode [ 343.487308][T13876] bridge_slave_1: entered promiscuous mode [ 343.607145][T13876] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 343.625164][T13934] netlink: 'syz.0.2454': attribute type 3 has an invalid length. [ 343.641216][T13934] netlink: 'syz.0.2454': attribute type 4 has an invalid length. [ 343.649507][T13934] netlink: 'syz.0.2454': attribute type 7 has an invalid length. [ 343.657358][T13934] netlink: 'syz.0.2454': attribute type 8 has an invalid length. [ 343.668177][T13876] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 343.668690][T13934] netlink: 'syz.0.2454': attribute type 7 has an invalid length. [ 343.690029][T13934] netlink: 198200 bytes leftover after parsing attributes in process `syz.0.2454'. [ 343.779224][T13876] team0: Port device team_slave_0 added [ 343.801756][T13876] team0: Port device team_slave_1 added [ 343.849449][ T5102] Bluetooth: hci4: command tx timeout [ 343.861970][T13876] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 343.875140][T13876] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 343.904809][T13876] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 343.944776][T13876] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 343.955080][T13876] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 343.982850][T13876] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 344.263989][T13960] netlink: 'syz.0.2463': attribute type 1 has an invalid length. [ 344.273304][T13876] hsr_slave_0: entered promiscuous mode [ 344.281838][T13876] hsr_slave_1: entered promiscuous mode [ 344.288335][T13960] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2463'. [ 344.307139][T13876] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 344.326157][T13876] Cannot create hsr debugfs directory [ 344.368356][T13963] atomic_op ffff888024af4198 conn xmit_atomic 0000000000000000 [ 344.416328][T13827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 344.826363][T13827] veth0_vlan: entered promiscuous mode [ 344.911544][T13827] veth1_vlan: entered promiscuous mode [ 344.961291][T13996] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2477'. [ 344.964326][T13992] netlink: 'syz.1.2475': attribute type 1 has an invalid length. [ 344.986054][T13996] [ 344.988433][T13996] ====================================================== [ 344.995495][T13996] WARNING: possible circular locking dependency detected [ 345.002502][T13996] 6.10.0-rc6-syzkaller-00165-g0ec986ed7bab #0 Not tainted [ 345.009598][T13996] ------------------------------------------------------ [ 345.016604][T13996] syz.2.2477/13996 is trying to acquire lock: [ 345.022655][T13996] ffff8880211c7a18 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2){+...}-{2:2}, at: __dev_queue_xmit+0x22f5/0x3d30 [ 345.035015][T13996] [ 345.035015][T13996] but task is already holding lock: [ 345.042374][T13996] ffff88802a0ac0d8 (&qdisc_xmit_lock_key#3){+.-.}-{2:2}, at: sch_direct_xmit+0x1c4/0x5f0 [ 345.052228][T13996] [ 345.052228][T13996] which lock already depends on the new lock. [ 345.052228][T13996] [ 345.062626][T13996] [ 345.062626][T13996] the existing dependency chain (in reverse order) is: [ 345.071630][T13996] [ 345.071630][T13996] -> #1 (&qdisc_xmit_lock_key#3){+.-.}-{2:2}: [ 345.079891][T13996] lock_acquire+0x1ed/0x550 [ 345.084920][T13996] _raw_spin_lock+0x2e/0x40 [ 345.089938][T13996] sch_direct_xmit+0x1c4/0x5f0 [ 345.095220][T13996] __dev_queue_xmit+0x1a24/0x3d30 [ 345.100759][T13996] ip6_finish_output2+0xff8/0x1670 [ 345.106390][T13996] ip6_finish_output+0x41e/0x810 [ 345.111848][T13996] NF_HOOK+0x9e/0x430 [ 345.116343][T13996] mld_sendpack+0x838/0xda0 [ 345.121352][T13996] mld_ifc_work+0x7d6/0xd90 [ 345.126369][T13996] process_scheduled_works+0xa2c/0x1830 [ 345.132516][T13996] worker_thread+0x86d/0xd50 [ 345.137617][T13996] kthread+0x2f0/0x390 [ 345.142216][T13996] ret_from_fork+0x4b/0x80 [ 345.147145][T13996] ret_from_fork_asm+0x1a/0x30 [ 345.152425][T13996] [ 345.152425][T13996] -> #0 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2){+...}-{2:2}: [ 345.162763][T13996] validate_chain+0x18e0/0x5900 [ 345.168131][T13996] __lock_acquire+0x1346/0x1fd0 [ 345.173489][T13996] lock_acquire+0x1ed/0x550 [ 345.178501][T13996] _raw_spin_lock+0x2e/0x40 [ 345.183517][T13996] __dev_queue_xmit+0x22f5/0x3d30 [ 345.189054][T13996] ip6_finish_output2+0xff8/0x1670 [ 345.194679][T13996] ip6_finish_output+0x41e/0x810 [ 345.200135][T13996] ndisc_send_skb+0xab0/0x1380 [ 345.205412][T13996] ndisc_solicit+0x493/0x6a0 [ 345.210517][T13996] __neigh_event_send+0xec8/0x15a0 [ 345.216143][T13996] neigh_resolve_output+0x1b5/0x740 [ 345.221862][T13996] ip6_finish_output2+0xff8/0x1670 [ 345.227495][T13996] ip6_finish_output+0x41e/0x810 [ 345.232952][T13996] ip6_send_skb+0x112/0x230 [ 345.237966][T13996] icmp6_send+0x15fc/0x2070 [ 345.243327][T13996] ip6_link_failure+0x3c/0x4f0 [ 345.248605][T13996] ip_tunnel_xmit+0x164f/0x2940 [ 345.254063][T13996] __gre_xmit+0x1cf/0x260 [ 345.258911][T13996] erspan_xmit+0xaba/0x1310 [ 345.263944][T13996] dev_hard_start_xmit+0x27a/0x7e0 [ 345.269574][T13996] sch_direct_xmit+0x2b6/0x5f0 [ 345.274850][T13996] __qdisc_run+0xbfd/0x2170 [ 345.279865][T13996] __dev_queue_xmit+0x14f0/0x3d30 [ 345.285491][T13996] ip6_finish_output2+0xfc0/0x1670 [ 345.291112][T13996] ip6_finish_output+0x41e/0x810 [ 345.296569][T13996] rawv6_send_hdrinc+0xb79/0x1610 [ 345.302190][T13996] rawv6_sendmsg+0x1962/0x23c0 [ 345.307464][T13996] __sock_sendmsg+0x1a6/0x270 [ 345.312652][T13996] ____sys_sendmsg+0x525/0x7d0 [ 345.317926][T13996] __sys_sendmsg+0x2b0/0x3a0 [ 345.323026][T13996] do_syscall_64+0xf3/0x230 [ 345.328039][T13996] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.334445][T13996] [ 345.334445][T13996] other info that might help us debug this: [ 345.334445][T13996] [ 345.344701][T13996] Possible unsafe locking scenario: [ 345.344701][T13996] [ 345.352144][T13996] CPU0 CPU1 [ 345.357506][T13996] ---- ---- [ 345.362857][T13996] lock(&qdisc_xmit_lock_key#3); [ 345.367889][T13996] lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2); [ 345.377537][T13996] lock(&qdisc_xmit_lock_key#3); [ 345.385094][T13996] lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2); [ 345.392205][T13996] [ 345.392205][T13996] *** DEADLOCK *** [ 345.392205][T13996] [ 345.400336][T13996] 10 locks held by syz.2.2477/13996: [ 345.405965][T13996] #0: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: rawv6_send_hdrinc+0x9df/0x1610 [ 345.415711][T13996] #1: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: ip6_finish_output2+0x712/0x1670 [ 345.425542][T13996] #2: ffffffff8e333f80 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x2d2/0x3d30 [ 345.435469][T13996] #3: ffff88802a0ac0d8 (&qdisc_xmit_lock_key#3){+.-.}-{2:2}, at: sch_direct_xmit+0x1c4/0x5f0 [ 345.445760][T13996] #4: ffff88802a5c01d8 (k-slock-AF_INET6){+.-.}-{2:2}, at: icmp6_send+0xc45/0x2070 [ 345.455195][T13996] #5: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: icmp6_send+0xba4/0x2070 [ 345.464345][T13996] #6: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: ip6_finish_output2+0x712/0x1670 [ 345.474186][T13996] #7: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: ndisc_send_skb+0x572/0x1380 [ 345.486205][T13996] #8: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: ip6_finish_output2+0x712/0x1670 [ 345.496049][T13996] #9: ffffffff8e333f80 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x2d2/0x3d30 [ 345.506509][T13996] [ 345.506509][T13996] stack backtrace: [ 345.512393][T13996] CPU: 0 PID: 13996 Comm: syz.2.2477 Not tainted 6.10.0-rc6-syzkaller-00165-g0ec986ed7bab #0 [ 345.522620][T13996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 345.532663][T13996] Call Trace: [ 345.535932][T13996] [ 345.538860][T13996] dump_stack_lvl+0x241/0x360 [ 345.543628][T13996] ? __pfx_dump_stack_lvl+0x10/0x10 [ 345.548827][T13996] ? print_circular_bug+0x130/0x1a0 [ 345.554023][T13996] check_noncircular+0x36a/0x4a0 [ 345.558959][T13996] ? __pfx_check_noncircular+0x10/0x10 [ 345.564416][T13996] ? __bfs+0x368/0x6f0 [ 345.568498][T13996] ? __pfx_usage_skip+0x10/0x10 [ 345.573372][T13996] validate_chain+0x18e0/0x5900 [ 345.578232][T13996] ? __pfx_validate_chain+0x10/0x10 [ 345.583424][T13996] ? __pfx_validate_chain+0x10/0x10 [ 345.588623][T13996] ? register_lock_class+0x102/0x980 [ 345.593901][T13996] ? __pfx_register_lock_class+0x10/0x10 [ 345.599534][T13996] ? mark_lock+0x9a/0x350 [ 345.603859][T13996] __lock_acquire+0x1346/0x1fd0 [ 345.608712][T13996] lock_acquire+0x1ed/0x550 [ 345.613209][T13996] ? __dev_queue_xmit+0x22f5/0x3d30 [ 345.618408][T13996] ? __pfx_lock_acquire+0x10/0x10 [ 345.623429][T13996] ? __pfx_lock_acquire+0x10/0x10 [ 345.628444][T13996] ? rcu_lockdep_current_cpu_online+0x37/0x120 [ 345.634591][T13996] ? rcu_read_lock_bh_held+0x7e/0x120 [ 345.639957][T13996] ? __pfx_rcu_read_lock_bh_held+0x10/0x10 [ 345.645759][T13996] _raw_spin_lock+0x2e/0x40 [ 345.650291][T13996] ? __dev_queue_xmit+0x22f5/0x3d30 [ 345.655486][T13996] __dev_queue_xmit+0x22f5/0x3d30 [ 345.660522][T13996] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 345.666938][T13996] ? read_seqbegin+0x157/0x2b0 [ 345.671716][T13996] ? __dev_queue_xmit+0x2d2/0x3d30 [ 345.676880][T13996] ? read_seqbegin+0x208/0x2b0 [ 345.681655][T13996] ? __pfx___dev_queue_xmit+0x10/0x10 [ 345.687026][T13996] ? neigh_resolve_output+0x2e5/0x740 [ 345.692405][T13996] ? eth_header+0x11c/0x1f0 [ 345.696902][T13996] ? __asan_memcpy+0x40/0x70 [ 345.701520][T13996] ? eth_header+0x11c/0x1f0 [ 345.706015][T13996] ? __pfx_eth_header+0x10/0x10 [ 345.710852][T13996] ? neigh_resolve_output+0x61f/0x740 [ 345.716225][T13996] ip6_finish_output2+0xff8/0x1670 [ 345.721329][T13996] ? ip6_finish_output2+0x712/0x1670 [ 345.726606][T13996] ? nf_hook+0x9e/0x450 [ 345.730755][T13996] ? __pfx_ip6_finish_output2+0x10/0x10 [ 345.736298][T13996] ? ip6_mtu+0x81/0x3f0 [ 345.740461][T13996] ip6_finish_output+0x41e/0x810 [ 345.745398][T13996] ndisc_send_skb+0xab0/0x1380 [ 345.750153][T13996] ? ndisc_send_skb+0x572/0x1380 [ 345.755079][T13996] ? skb_clone+0x121/0x390 [ 345.759495][T13996] ? __pfx_ndisc_send_skb+0x10/0x10 [ 345.764687][T13996] ? __pfx_dst_output+0x10/0x10 [ 345.769539][T13996] ? __asan_memcpy+0x40/0x70 [ 345.774126][T13996] ? __pfx_ndisc_ns_create+0x10/0x10 [ 345.779408][T13996] ndisc_solicit+0x493/0x6a0 [ 345.783998][T13996] ? __pfx_ndisc_solicit+0x10/0x10 [ 345.789220][T13996] ? __skb_clone+0x454/0x6c0 [ 345.794114][T13996] ? __pfx_ndisc_solicit+0x10/0x10 [ 345.799242][T13996] __neigh_event_send+0xec8/0x15a0 [ 345.804395][T13996] neigh_resolve_output+0x1b5/0x740 [ 345.809681][T13996] ? __ipv6_neigh_lookup_noref+0x533/0x730 [ 345.815529][T13996] ip6_finish_output2+0xff8/0x1670 [ 345.820657][T13996] ? ip6_finish_output2+0x712/0x1670 [ 345.825947][T13996] ? nf_hook+0x9e/0x450 [ 345.830185][T13996] ? __pfx_ip6_finish_output2+0x10/0x10 [ 345.835902][T13996] ? ip6_mtu+0x81/0x3f0 [ 345.840062][T13996] ip6_finish_output+0x41e/0x810 [ 345.845028][T13996] ip6_send_skb+0x112/0x230 [ 345.849547][T13996] ? icmp6_send+0xba4/0x2070 [ 345.854151][T13996] icmp6_send+0x15fc/0x2070 [ 345.858657][T13996] ? icmp6_send+0xba4/0x2070 [ 345.863245][T13996] ? __pfx_icmp6_send+0x10/0x10 [ 345.868089][T13996] ? inet6_set_link_af+0xc30/0xc80 [ 345.873202][T13996] ? __pfx_lock_release+0x10/0x10 [ 345.878230][T13996] ? ip6_neigh_lookup+0x44b/0x580 [ 345.883258][T13996] ? __pfx_ip6_neigh_lookup+0x10/0x10 [ 345.888733][T13996] ? do_syscall_64+0xf3/0x230 [ 345.893537][T13996] ip6_link_failure+0x3c/0x4f0 [ 345.898314][T13996] ? dst_link_failure+0x107/0x160 [ 345.903346][T13996] ip_tunnel_xmit+0x164f/0x2940 [ 345.908207][T13996] ? __pfx_ip_tunnel_xmit+0x10/0x10 [ 345.913402][T13996] ? gre_build_header+0x341/0xb30 [ 345.918425][T13996] ? skb_release_data+0x2b5/0x880 [ 345.924230][T13996] ? __pfx_gre_build_header+0x10/0x10 [ 345.929684][T13996] ? pskb_expand_head+0xc89/0x1390 [ 345.934823][T13996] __gre_xmit+0x1cf/0x260 [ 345.939239][T13996] ? __pfx___gre_xmit+0x10/0x10 [ 345.944260][T13996] ? erspan_build_header+0x174/0x360 [ 345.949670][T13996] erspan_xmit+0xaba/0x1310 [ 345.954450][T13996] ? __pfx_erspan_xmit+0x10/0x10 [ 345.959380][T13996] ? dev_queue_xmit_nit+0x2b/0xc10 [ 345.964570][T13996] dev_hard_start_xmit+0x27a/0x7e0 [ 345.969689][T13996] sch_direct_xmit+0x2b6/0x5f0 [ 345.974456][T13996] ? qdisc_tree_reduce_backlog+0x84/0x5f0 [ 345.980350][T13996] ? __pfx_sch_direct_xmit+0x10/0x10 [ 345.985725][T13996] __qdisc_run+0xbfd/0x2170 [ 345.990222][T13996] ? qdisc_tree_reduce_backlog+0x84/0x5f0 [ 345.995947][T13996] ? pfifo_tail_enqueue+0x2d2/0x410 [ 346.001238][T13996] __dev_queue_xmit+0x14f0/0x3d30 [ 346.006303][T13996] ? __dev_queue_xmit+0x2d2/0x3d30 [ 346.011410][T13996] ? __pfx___dev_queue_xmit+0x10/0x10 [ 346.016780][T13996] ? __pfx_lock_acquire+0x10/0x10 [ 346.021808][T13996] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 346.027778][T13996] ? __ipv6_neigh_lookup_noref+0x59f/0x730 [ 346.033583][T13996] ? ip6_finish_output2+0xdb4/0x1670 [ 346.038863][T13996] ip6_finish_output2+0xfc0/0x1670 [ 346.043967][T13996] ? ip6_finish_output2+0x712/0x1670 [ 346.049350][T13996] ? __pfx_ip6_finish_output2+0x10/0x10 [ 346.054991][T13996] ? ip6_mtu+0x81/0x3f0 [ 346.059244][T13996] ip6_finish_output+0x41e/0x810 [ 346.064366][T13996] ? rawv6_send_hdrinc+0x9df/0x1610 [ 346.069557][T13996] rawv6_send_hdrinc+0xb79/0x1610 [ 346.074669][T13996] ? __pfx_rawv6_send_hdrinc+0x10/0x10 [ 346.080120][T13996] ? ip6_dst_lookup_flow+0x13e/0x180 [ 346.085436][T13996] ? __pfx_dst_output+0x10/0x10 [ 346.090277][T13996] ? __pfx_ip6_dst_lookup_flow+0x10/0x10 [ 346.095899][T13996] ? aa_label_sk_perm+0x4f0/0x6d0 [ 346.100917][T13996] ? rawv6_sendmsg+0xef9/0x23c0 [ 346.105756][T13996] rawv6_sendmsg+0x1962/0x23c0 [ 346.110517][T13996] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 346.115621][T13996] ? aa_sk_perm+0x967/0xab0 [ 346.120123][T13996] ? inet_sendmsg+0x330/0x390 [ 346.124786][T13996] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 346.130068][T13996] ? security_socket_sendmsg+0x87/0xb0 [ 346.135529][T13996] __sock_sendmsg+0x1a6/0x270 [ 346.140214][T13996] ____sys_sendmsg+0x525/0x7d0 [ 346.145002][T13996] ? __pfx_____sys_sendmsg+0x10/0x10 [ 346.150286][T13996] __sys_sendmsg+0x2b0/0x3a0 [ 346.154924][T13996] ? __pfx___sys_sendmsg+0x10/0x10 [ 346.160037][T13996] ? rawv6_setsockopt+0x432/0x740 [ 346.165068][T13996] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 346.171387][T13996] ? do_syscall_64+0x100/0x230 [ 346.176151][T13996] ? do_syscall_64+0xb6/0x230 [ 346.180907][T13996] do_syscall_64+0xf3/0x230 [ 346.185424][T13996] ? clear_bhb_loop+0x35/0x90 [ 346.190115][T13996] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.196020][T13996] RIP: 0033:0x7f48bbf75bd9 [ 346.200431][T13996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 346.220204][T13996] RSP: 002b:00007f48bcdac048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 346.228729][T13996] RAX: ffffffffffffffda RBX: 00007f48bc103f60 RCX: 00007f48bbf75bd9 [ 346.238127][T13996] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 000000000000000a [ 346.246991][T13996] RBP: 00007f48bbfe4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 346.255866][T13996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 346.265291][T13996] R13: 000000000000004d R14: 00007f48bc103f60 R15: 00007ffce929a678 [ 346.276198][T13996] [ 346.288292][T13992] netlink: 92 bytes leftover after parsing attributes in process `syz.1.2475'. [ 346.289691][T13995] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2476'. [ 346.325238][ T5102] Bluetooth: hci4: command tx timeout [ 346.807136][ T2884] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 346.874353][ T2884] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 346.925339][ T2884] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 346.992722][ T2884] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 347.072810][ T2884] batadv0: left allmulticast mode [ 347.078151][ T2884] batadv0: left promiscuous mode [ 347.084601][ T2884] bridge0: port 4(batadv0) entered disabled state [ 347.092615][ T2884] team0: left allmulticast mode [ 347.097497][ T2884] team_slave_0: left allmulticast mode [ 347.103597][ T2884] team_slave_1: left allmulticast mode [ 347.109251][ T2884] team0: left promiscuous mode [ 347.114030][ T2884] team_slave_0: left promiscuous mode [ 347.119730][ T2884] team_slave_1: left promiscuous mode [ 347.125303][ T2884] bridge0: port 3(team0) entered disabled state [ 347.132808][ T2884] bridge_slave_0: left allmulticast mode [ 347.138626][ T2884] bridge_slave_0: left promiscuous mode [ 347.144390][ T2884] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.153362][ T2884] gretap1: left allmulticast mode [ 347.158745][ T2884] gretap1: left promiscuous mode [ 347.163822][ T2884] bridge1: port 1(gretap1) entered disabled state [ 347.474562][ T2884] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 347.484956][ T2884] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 347.494929][ T2884] bond0 (unregistering): Released all slaves [ 347.552771][ T2884] tipc: Left network mode [ 348.023811][ T2884] hsr_slave_0: left promiscuous mode [ 348.029726][ T2884] hsr_slave_1: left promiscuous mode [ 348.035529][ T2884] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 348.043030][ T2884] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 348.051440][ T2884] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 348.058946][ T2884] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 348.067559][ T2884] veth0_macvtap: left promiscuous mode [ 348.073341][ T2884] veth1_vlan: left promiscuous mode [ 348.260419][ T2884] team0 (unregistering): Port device team_slave_1 removed [ 348.289844][ T2884] team0 (unregistering): Port device team_slave_0 removed [ 349.033275][ T2884] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.073370][ T2884] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.123771][ T2884] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.173349][ T2884] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.250091][ T2884] bridge_slave_1: left allmulticast mode [ 349.255913][ T2884] bridge_slave_1: left promiscuous mode [ 349.263048][ T2884] bridge0: port 2(bridge_slave_1) entered disabled state [ 349.271693][ T2884] bridge_slave_0: left allmulticast mode [ 349.277346][ T2884] bridge_slave_0: left promiscuous mode [ 349.283328][ T2884] bridge0: port 1(bridge_slave_0) entered disabled state [ 349.292502][ T2884] bridge_slave_1: left allmulticast mode [ 349.298169][ T2884] bridge_slave_1: left promiscuous mode [ 349.304017][ T2884] bridge0: port 2(bridge_slave_1) entered disabled state [ 349.313113][ T2884] bridge_slave_0: left allmulticast mode [ 349.318846][ T2884] bridge_slave_0: left promiscuous mode [ 349.324489][ T2884] bridge0: port 1(bridge_slave_0) entered disabled state [ 349.333865][ T2884] bridge_slave_1: left allmulticast mode [ 349.339972][ T2884] bridge_slave_1: left promiscuous mode [ 349.345743][ T2884] bridge0: port 2(bridge_slave_1) entered disabled state [ 349.355218][ T2884] bridge_slave_0: left allmulticast mode [ 349.361548][ T2884] bridge_slave_0: left promiscuous mode [ 349.367396][ T2884] bridge0: port 1(bridge_slave_0) entered disabled state [ 349.491507][ T2884] bond2 (unregistering): (slave gre1): Releasing backup interface [ 349.735340][ T2884] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 349.745446][ T2884] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 349.755472][ T2884] bond0 (unregistering): Released all slaves [ 349.768233][ T2884] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 349.780116][ T2884] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 349.790876][ T2884] bond0 (unregistering): Released all slaves [ 349.801026][ T2884] bond1 (unregistering): Released all slaves [ 349.811223][ T2884] bond2 (unregistering): Released all slaves [ 349.821512][ T2884] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 349.832565][ T2884] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 349.842349][ T2884] bond0 (unregistering): Released all slaves [ 349.915216][ T2884] tipc: Left network mode [ 350.086482][ T2884] hsr_slave_0: left promiscuous mode [ 350.092764][ T2884] hsr_slave_1: left promiscuous mode [ 350.099341][ T2884] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 350.107049][ T2884] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 350.118109][ T2884] hsr_slave_0: left promiscuous mode [ 350.124398][ T2884] hsr_slave_1: left promiscuous mode [ 350.132070][ T2884] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 350.140011][ T2884] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 350.147636][ T2884] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 350.155364][ T2884] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 350.165652][ T2884] hsr_slave_0: left promiscuous mode [ 350.171800][ T2884] hsr_slave_1: left promiscuous mode [ 350.178028][ T2884] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 350.186300][ T2884] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 350.196789][ T2884] veth1_vlan: left promiscuous mode [ 350.202554][ T2884] veth0_vlan: left promiscuous mode [ 350.208145][ T2884] veth0_macvtap: left promiscuous mode [ 350.214015][ T2884] veth0_vlan: left promiscuous mode [ 350.385749][ T2884] team0 (unregistering): Port device team_slave_1 removed [ 350.407321][ T2884] team0 (unregistering): Port device team_slave_0 removed [ 350.649760][ T2884] team0 (unregistering): Port device team_slave_1 removed [ 350.681936][ T2884] team0 (unregistering): Port device team_slave_0 removed [ 350.869752][ T2884] team0 (unregistering): Port device team_slave_1 removed [ 350.891208][ T2884] team0 (unregistering): Port device team_slave_0 removed