last executing test programs: 1m36.420642647s ago: executing program 4 (id=5845): r0 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0xfffffff7}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000800)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, &(0x7f0000000e80)=[{&(0x7f0000000100)="8000102e7577", 0x6}], 0x1, &(0x7f0000000140)=ANY=[], 0x28}}], 0x1, 0x0) 1m22.135139624s ago: executing program 4 (id=5845): r0 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0xfffffff7}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000800)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, &(0x7f0000000e80)=[{&(0x7f0000000100)="8000102e7577", 0x6}], 0x1, &(0x7f0000000140)=ANY=[], 0x28}}], 0x1, 0x0) 1m5.114330767s ago: executing program 4 (id=5845): r0 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0xfffffff7}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000800)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, &(0x7f0000000e80)=[{&(0x7f0000000100)="8000102e7577", 0x6}], 0x1, &(0x7f0000000140)=ANY=[], 0x28}}], 0x1, 0x0) 49.019680261s ago: executing program 4 (id=5845): r0 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0xfffffff7}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000800)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, &(0x7f0000000e80)=[{&(0x7f0000000100)="8000102e7577", 0x6}], 0x1, &(0x7f0000000140)=ANY=[], 0x28}}], 0x1, 0x0) 35.271106037s ago: executing program 4 (id=5845): r0 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0xfffffff7}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000800)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, &(0x7f0000000e80)=[{&(0x7f0000000100)="8000102e7577", 0x6}], 0x1, &(0x7f0000000140)=ANY=[], 0x28}}], 0x1, 0x0) 13.773403013s ago: executing program 4 (id=5845): r0 = socket$inet6(0xa, 0x2, 0x3a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0xfffffff7}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000800)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, &(0x7f0000000e80)=[{&(0x7f0000000100)="8000102e7577", 0x6}], 0x1, &(0x7f0000000140)=ANY=[], 0x28}}], 0x1, 0x0) 3.481392857s ago: executing program 3 (id=6903): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@mpls_delroute={0x1c, 0x18, 0x9, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe}}, 0x1c}, 0x1, 0x0, 0xd00000000000000}, 0x0) 3.339747382s ago: executing program 3 (id=6907): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x80) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) bind$can_raw(r2, &(0x7f0000000240)={0x1d, r3}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv6_delroute={0x28, 0x19, 0x1, 0x0, 0x0, {}, [@RTA_MULTIPATH={0xc, 0x1e}]}, 0x28}}, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', r3}, 0x90) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r5}, 0x10) r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r6}, 0x8) close(r7) socket(0x28, 0x5, 0x0) r8 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r8, &(0x7f0000000040)={0x1f, @none}, 0x8) listen(r8, 0x0) socket$xdp(0x2c, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r10}, 0x10) ppoll(&(0x7f0000000500)=[{r9}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r0}, 0x10) bpf$BPF_LINK_UPDATE(0xf, &(0x7f0000000600)={r7, r0}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001280)={r7, 0x0, 0x69, 0x1000, &(0x7f00000000c0)="e758e1fb916009003a15566da6e22999d7523219f47870d65c0ffc3759bf81deb78946189dec76d565b7aeabef6227595921df71a7e07668d3a4d9cac94e3fb9cc19d68a9b13ed7c6f4a5f90dba70b348df0ed17830054e34f1b0e90470ee63ccded4e90cf4fd7ab5e", &(0x7f0000000280)=""/4096, 0xff, 0x0, 0x11, 0x8f, &(0x7f0000000040)="47321306755d2986989c6e9c4cdcdc79cb", &(0x7f0000000140)="45cb640fa30c61c9c9c079618f13300126ac72a946357d0c5ec20eec9043ef32bf47b2c961e408cf40dcc705dbfba8e35667e7d7f472f42d9c952c991c22ceb3a1fa5651e853095efa906e939993864be0c53f3703289b388595d7feaf3ffa95c0f51ecc6d6dfed14633c6b2005d4f56830d5d9dfedadf7bebc9c18be63b9c8c4f7b34feac52643caf94da55555ebc", 0x3, 0x0, 0x7}, 0x50) r11 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newtaction={0x5c, 0x30, 0x800, 0x0, 0x4, {}, [{0x48, 0x1, [@m_ife={0x44, 0x1d, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_IFE_METALST={0xc, 0x6, [@IFE_META_TCINDEX={0x6, 0x5, @val=0x200}]}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_TCINDEX={0x6, 0x2}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}}, 0x0) 2.577746257s ago: executing program 0 (id=6916): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x801, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8}]}], {0x14}}, 0x64}, 0x1, 0x0, 0x600000000000000}, 0x0) 2.493239313s ago: executing program 0 (id=6917): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'vlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="d400000010000d04000000000000740000000000", @ANYRES32=r2, @ANYBLOB="0000fdffffff0000b400128009000100766c616e00000000a40002"], 0xd4}}, 0x0) 2.397642748s ago: executing program 2 (id=6918): r0 = socket$inet6_dccp(0xa, 0x6, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x4c0, 0xf0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x3f0, 0xffffffff, 0xffffffff, 0x3f0, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xd0, 0xf0, 0x60030000, {0x0, 0xff000000}, [@inet=@rpfilter={{0x28}, {0x4}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x298, 0x300, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0xfffffffd, 0x4, 0x0, 'syz0\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x8, 0xfffa, 0x6, 0x9, 'pptp\x00', 'syz1\x00', {0x7}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520) socket$inet6_dccp(0xa, 0x6, 0x0) (async) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x4c0, 0xf0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x3f0, 0xffffffff, 0xffffffff, 0x3f0, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xd0, 0xf0, 0x60030000, {0x0, 0xff000000}, [@inet=@rpfilter={{0x28}, {0x4}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x298, 0x300, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0xfffffffd, 0x4, 0x0, 'syz0\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x8, 0xfffa, 0x6, 0x9, 'pptp\x00', 'syz1\x00', {0x7}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520) (async) 2.27005428s ago: executing program 3 (id=6919): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x12, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000001200000000000a20000000000a03000000000000000000010000000900010073797a300000000058000000030a0102000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c08000140000000020800014000000030080002400000000308000140000000120800034000000000080003400000000a"], 0x122}}, 0x0) 2.26876255s ago: executing program 0 (id=6920): r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000003cc0), 0xffffffffffffffff) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="1200000007"], 0xd) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_RATE_GET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010028bd7000000000004a0000000f00a8007365636f6e646e616d6500000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x44}}, 0x200048d0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000006b40)={'gre0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x300, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @remote}}}}) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f00000001c0)='illinois\x00', 0x9) r6 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet6_IPV6_PKTINFO(r6, 0x84, 0x8, 0x0, 0x0) r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x18, 0xf, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7060000004000008500000008000000bc09100020000000350901000009000095000000000000003f9800000000000056080000000000008500000000000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) connect$inet(r5, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r9, 0x0) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0xf, 0xa, 0x8, 0x180, 0xffffffffffffffff, 0x1, '\x00', r4, r9, 0x5, 0x5, 0x800004, 0x5}, 0x48) r11 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000180)={0x1f, 0x0, @fixed}, &(0x7f0000000300)=0xe, 0x0) bind$bt_l2cap(r11, &(0x7f00000003c0)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x6, 0x2}, 0xe) r12 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x19, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r8, @ANYBLOB="0000000000000000b705000008000000850000006a00000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r12, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="76389e147583ddd0569ba56a888e", 0x0, 0xe00, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x4c) r13 = socket(0xf, 0xa, 0x2) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r13, 0x110, 0x3) 2.261370791s ago: executing program 2 (id=6921): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYRESOCT=r0], 0xb8}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x1e, 0x0, 0x6, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c000000000901010000000000000000000004000c0004800800014000000003240002000c000280050001002f000000140002800800011c0000000008000200ffffffff0c00048008000140000004000900010073797a31000000003c1ee6cc7a53e817e6a439abb6c4d08c9a69feffd1ea8e7cba76af4c884fee75153d4b3b0f85a5b5a06a1af6c8b54a1149c9ac82798ac4712722fd137932566e9d5793321870a0e4e009e34187f3b30d9fc02bdcb45edd26b30cd2897c96555e1c1a11e2aab0ffc3040d36e31cccce76b56bb27a78da3a64dfad6bf6fb9a06adf94a9c96a8a6e2710fbb"], 0x5c}}, 0x0) r5 = socket(0x15, 0x5, 0x0) getsockopt(0xffffffffffffffff, 0x200000000114, 0x271e, &(0x7f0000000580)=""/102393, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r7 = socket$l2tp6(0xa, 0x2, 0x73) recvfrom$l2tp6(r7, &(0x7f00000002c0)=""/52, 0x34, 0x40000001, &(0x7f0000000300), 0x20) r8 = accept$alg(r6, 0x0, 0x0) sendmsg$alg(r8, &(0x7f0000001840)={0x0, 0x0, 0x0, 0x0, &(0x7f00000017c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x7e}], 0x30}, 0x0) sendmmsg$alg(r8, &(0x7f0000004580)=[{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000001640)="553e12df315719c9cddfbe1f03774b1d49d6fc51d5b185", 0x17}, {&(0x7f0000001680)="33caaff65bbb49384ba3fa03220c730c8531786e424bfa1ee6d344e5ca70fa4e68f9ad2bd7a154c3da71f3d9548c", 0x2e}, {&(0x7f0000001700)="7082b8d45f4cc86d0267eabd24340e1911fe3ceeb757ca4a090897a00b8d106a8ceb5beaa118a5652769ec67e809e68ca18f0241349dc53502", 0x39}], 0x3}], 0x1, 0x0) recvmsg(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002540)=[{&(0x7f0000000240)=""/117, 0x75}, {&(0x7f0000000100)=""/98, 0x62}], 0x2}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x6c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x2002}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x14, 0x4, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0xc, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @empty}]}]}, 0x6c}}, 0x0) r9 = socket(0x1, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r9, 0x5452, &(0x7f0000000000)={'syztnl1\x00', 0x0}) recvmsg(r9, &(0x7f0000000880)={0x0, 0x0, 0x0}, 0x0) sendmmsg$unix(r9, &(0x7f0000002100)=[{{&(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0) ioctl$FS_IOC_FSGETXATTR(r5, 0x801c581f, &(0x7f0000000200)={0x1f, 0x8, 0x715, 0x9}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000580)={r3, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) sendmsg$kcm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x84) recvmsg$kcm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000500)=""/4096, 0x1000}], 0x1}, 0x0) 2.129030725s ago: executing program 3 (id=6922): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x3c1, 0x3, 0x358, 0x0, 0xc8, 0x8, 0x0, 0x5803, 0x288, 0x2e8, 0x2e8, 0x288, 0x2e8, 0x3, 0x0, {[{{@ipv6={@remote, @mcast1, [], [], 'vlan0\x00', 'geneve1\x00'}, 0x0, 0xf8, 0x128, 0x0, {0x600, 0x2000000000000}, [@inet=@rpfilter={{0x28}}, @common=@inet=@socket1={{0x28}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@ipv6={@private1, @mcast1, [], [], 'veth1_macvtap\x00', 'tunl0\x00'}, 0x0, 0xf8, 0x160, 0x0, {}, [@common=@ipv6header={{0x28}, {0x0, 0xb0}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3b8) 1.99790199s ago: executing program 3 (id=6923): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000015c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x80, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x54, 0x3, 0x0, 0x1, [{0x50, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4c, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x45, 0x1, "a6117a78b9e48d6dd9ad86fc2c54547cbee98c24f4b972c82722771febf3e388f9b3907852ee4adbd95ca25deb487ac3d49d3716931979f6bbf2b8cdcc0bc37f27"}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x104}}, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000080)=0x474c, 0x4) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x2d, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r4 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_INIT(r4, 0x29, 0xc8, &(0x7f0000000000), 0x4) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r6 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r5, &(0x7f0000000ac0)=ANY=[@ANYBLOB="022786dd02002800030030000000600000060100040081e949b938a9bc3b0000000000007d01ff02"], 0xfdef) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x48, 0x10, 0x44b, 0x0, 0x0, {0x7a, 0x0, 0x0, r9}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_SPOOFCHK={0xc}]}]}]}, 0x48}}, 0x0) r10 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="340000001c000100000000000000000007000000", @ANYRES32=r3, @ANYBLOB="8000a6000a000200aaaaaaaaaabb00000b000e80050001"], 0x34}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r11, 0x1, 0x1a, &(0x7f00000001c0)={0x2, &(0x7f0000000040)=[{0x2}, {0x6}]}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x4, &(0x7f0000000780)=ANY=[], &(0x7f00000007c0)='GPL\x00', 0x5617}, 0x90) 1.940801003s ago: executing program 0 (id=6924): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c0001"], 0xdc}}, 0x0) (fail_nth: 5) 1.438112777s ago: executing program 0 (id=6926): r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)={0x3c, r0, 0x1, 0x34000, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r1}}]}, 0x3c}}, 0x0) 1.395661865s ago: executing program 0 (id=6927): unshare(0x8040480) r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)={0x3c, r0, 0x1, 0x50, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r1}}]}, 0x3c}}, 0x0) 1.281917463s ago: executing program 2 (id=6929): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0xfffffffffffffe83) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r1, 0x5421, 0x1000000000000) r2 = syz_genetlink_get_family_id$smc(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$SMC_PNETID_ADD(r1, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x54, r2, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'veth0_to_bond\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth0_to_hsr\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x44}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='contention_end\x00', r4}, 0x10) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)={0x2c, 0x0, 0x2, 0x0, 0x0, 0x0, {}, [@CTA_EXPECT_MASTER={0x10, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_EXPECT_MASK={0x4}, @CTA_EXPECT_TUPLE={0x4}]}, 0x2c}}, 0x0) r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="d824000028000100020000080000000008"], 0x24d8}], 0x1}, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={@cgroup=r3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000001e00)={'wlan0\x00', 0x0}) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_DEL_KEY(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002000)={&(0x7f00000000c0)={0x2c, r6, 0x1, 0x0, 0x0, {{0xa}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_KEY={0x10, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x4}, @NL80211_KEY_DEFAULT={0x4}]}]}, 0x2c}}, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@can_newroute={0x24, 0x18, 0x1, 0x0, 0x0, {}, [@CGW_SRC_IF={0x8}, @CGW_DST_IF={0x10}]}, 0x24}}, 0x0) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x60, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0xf0}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x60}}, 0x0) 1.19795953s ago: executing program 1 (id=6931): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f8483d0000005e140602000000000e000a0010008847028000001294", 0x2e}], 0x1}, 0x0) 1.197684833s ago: executing program 3 (id=6932): r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff) unshare(0x62040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) unshare(0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)={0x140, r0, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r1}}]}, 0x3c}}, 0x0) 1.117565304s ago: executing program 2 (id=6933): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newlink={0x48, 0x10, 0x601, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_FLAGS={0x6}]}}}, @IFLA_ADDRESS={0xa, 0x1, @remote}]}, 0x48}}, 0x0) 933.84465ms ago: executing program 1 (id=6934): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@ipv4_newnexthop={0x18, 0x68, 0x1, 0x0, 0x0, {0x2, 0x2}}, 0x18}}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=ANY=[@ANYBLOB="480000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b0001006d61637365630000180002800c0004000300000100c280000500030010"], 0x48}}, 0x0) 921.98696ms ago: executing program 2 (id=6935): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000095", @ANYRESDEC=r0, @ANYRES16=r0, @ANYRESDEC=r0, @ANYRES16=r0, @ANYRESHEX=r0], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x266, 0x8, 0x0, 0xffffffffffffffff, 0xfffffff8}, 0xffffff07) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000008500", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='ext4_allocate_inode\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_queued_recursive\x00', 0x26e1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000340), &(0x7f00000003c0)=0x14) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x3) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f000000e0c0), 0x10010) openat$cgroup_subtree(r3, &(0x7f0000000400), 0x2, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000240)=@ccm_128={{0x304}, "cdedbe27d7c9678a", "ed86a155b66f481507086fe637736e4c", "a2dc23ff", "842546172794808f"}, 0x28) sendfile(r0, r4, &(0x7f0000000100)=0x10, 0x10001) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4800000010003b1500"/20, @ANYRES32=0x0, @ANYBLOB="2000000000000000280012801400010000000000", @ANYRES32=0x0, @ANYBLOB="0120020000000000"], 0x56}}, 0x0) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000480)=0x1302, 0x4) setsockopt$sock_int(r6, 0x1, 0x29, &(0x7f0000000000)=0x1, 0x4) r7 = socket$kcm(0x2, 0x0, 0x0) sendmsg$inet(r7, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x4e24}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000380)}], 0x1, &(0x7f0000007880)=ANY=[@ANYBLOB="110000000000000000400300010009000000bd00000000001c00000000000000000f00fd08000000", @ANYBLOB="ac1414bbe0000001000000001c0000000000000000078f0208000000", @ANYRES32=0x0, @ANYBLOB="a00500000000000000000000240000000000000000000000070000009408000044100000000000000000000000000000000000001100000000000000000110000100"/76], 0x98}, 0x83c2) bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) recvmmsg(r6, &(0x7f0000000cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000003880)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-ssse3\x00'}, 0x58) r9 = accept4(r8, 0x0, 0x0, 0x0) sendmsg$inet_sctp(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000000c0)='WA', 0x2}, {&(0x7f0000000100)="f6ce03038de8a2cd0163d0120bc63bef8e7e2148f8d0f48ba26289f2de3f01bb2264e6c2f397c5c516cd19c89c109b252da4eceb8ef81bf7b32e4ba213b11a7231899787ce225d006ffaece3eb6b70ed580fbcda74fe04bb8f4fbba8f46a75a5e4b834e8774d", 0x66}, {&(0x7f0000000180)="157f1ccd2a8a37eaeef29e159e24bc316162273ed8f654b5885ee0ba9f4a9884b855fdb581eb0878b2247512c0336f5e07dda59e99ff56919b84bb68b7faceb20ee31f86f120c8edc423", 0x4a}], 0x3}, 0x0) 881.149867ms ago: executing program 1 (id=6936): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000f0000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a306e14f2d3c5d886be0000002120000000020a01030000000000000000070000000900010073797a30"], 0xa4}}, 0x0) 643.051871ms ago: executing program 1 (id=6937): accept$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, &(0x7f0000000040)=0x10) r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) r1 = socket$packet(0x11, 0x2, 0x300) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x0, 0x10, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000002100000000000000e3ff17110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901"], 0x0}, 0x90) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x4c, 0x0, "01deaba05ccc4fa00711be66bd584ecd190428efc9e569f4b222158b227692cebc00924f2deea371bafa061b8f2959b4b696b22e4881f40a0d8f4c2fdea78893bc2c160df3e41db4153cfd9221d01c79"}, 0xd8) setsockopt$inet6_tcp_int(r2, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) unshare(0x400) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000400000009500000000000000"], 0x0}, 0x90) r3 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000002c0)={'erspan0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=ANY=[@ANYRESOCT=r3], 0x50}}, 0x4000) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000600)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc00d, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_MCAST_JOIN_GROUP(r8, 0x29, 0x22, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x88) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_SCAN(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="010700000000000000002000000008000300", @ANYRES32=r10], 0x1c}}, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x40000000000011a, 0x0, 0x0) shutdown(r1, 0x0) 394.367121ms ago: executing program 1 (id=6938): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2e6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00ee0000850000000d000000b70000000000000095000000000000002c3f2cc2b7956244cef7baf48e6d2885a09a87507ebfc75b5b0f4e4309ebcdac5f7a860c000c9c781f6410457253e89ad528d985636a86ec0f68f59cd1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81078545c146a0857153b7b8f00034debae58a4ab415b0d7ff0575cc272cd3d7e8d974927676468ff2d86e0ffac94792ed9cf6b40b3cf252a47c05af3a70d57cc3e067d1867b54d24e20000000000000020009ebf84d3b042d6e4e4e29d8b33fbdd02e86a6432cd080e3b57239f0127473e6ba922aff649609d40b47ec331ccba3ce8f530ffff19a6471bf5abc742d9cbcfb964b13831034694a6aad84cf08a6c7b2235dc99de9aa3e6b77c7a2877261ed32da90864987f30926c9013eec3b86836ae50447aa5a79f40c235000000453302712c3d8fc4e2b61adb0695e800000000d4f4e91f0000002c33df871a8e782339bc424d1bafe5725c8a404724f8a4f1cda7997b65954f74097579b91da309b887af2485c2d9ab09b506000000000000000bf7b2ff4602aec1eea200000064881c5630521a08e051374cf05c921a06fb78183e7e68de9dc8d95e0e5b365d10e1004dae58b3b5b89709b0ff47b200000000004000cbefd9a6bb70f60eb9c01dd2fc79b85e4d961498f3a80131d21d85618ba2189f45d011ef1da5c6d57bb8fd387ccea9c3899a914e47e82f040000009de2323f927355408f87264797d3fa970949793b94329d580500d1f91c0d22587e05a61e3d8576ca168e88d7a9af95b04a37c27bfffab9abbb31fa8c0080258cfa6d3f166e695f3c56490aeef464d9965d70a50f1282619344f223548e75fa39643adac1322c87ca253ff2fb1882760d6feab16bacdf83c11816dbe959ebc5ec479c8319f73e2249eab0486b110702a481d3b51976a52303056e800b4ae5acc2df636a65eb1d672bf2000000cda8462cc9b16624998be65683321e970000000009b8e20762c1bf4a3eb6769f2b23e842bacd9c685edea0ffa3e975424f8ede49e61a4de808a38ba3512d64dc71867df4eee3f1ff791cf7c9862f98b45852e4b2f78721b978addf2f2a29a387c6f0576b36038f819286eea99a6a434811cf2a117d775fe986a49fb82cf5f15972d55185ab18f1045384501adabb20f7b0e15ff47f1744e2341b59034959a1289ba6e243668e671d305707e3de7652bfc5b60c76deff43a1d6fd6a4180ab723735abbeffe7f2ec3a0bb86f9eddfc0f3d1d503d7a540f64000000000000fbb4c256409e54daefbb107c381fa729ff5fe607d93430da178d685d7730f5e129438a5214f722096d2986334c25e454474f92e65828b018174a9f4738b8c71fbdead06ab95e02f9a847182766964976b1fccdb9f35721e43e33883cf16ed1343fb7429eb395123b0a4262b7023c22039b9002589a379ed4c6267965af78b861bd335312538cec97966b8973d4e299d9802264d06e40ae118e1d242d1128dcedeb44030df12ef68ffce8d141e8960ef790fb0078215d65f96eb55db8cbcb060000000d988374e45451a694ffe38a1d03912b31c98d42e1a1bda1290de1a499a5d6849914c1788a7aca37177cc34102f44fec5c5e0abae01c439a1b0311e074e81ae9993b5b3459553ecece78d4c1541c70f5d81e0725d5b273755c0000000000000000aa4234e282182952a76233d18e7d49638aeb04e7a9e9e7eafb7c255372795d2d192a0a33cab0f5bf2e93e0544fcdf2df2bc6ce96e5a7d72fcdb0a11993d54d97a23754ac828674dbb93c0ad345715be4a13678b01edf76d8a9236558fea2c88cce004505ab45d8f5f88aa887bbce5c18970428516f6099bdbb2cd7a2356397f1a0a23e662e2a6c4834400cbaa41c3c574ea68da5ec1ae49f968bbe0e0bf9878516f553639f5b4828e92019b61f5874be1c7cdd9482df50bc24a8a1fa10d291390eb84e26a2e8dbeaa45604b05a116c1210a7540bf81005044273f5a8ffc538db289350eb248e483bd8920efcf30a798c2b636243e0a37262ca47dfeefa1ce69b4475d7d714ba0c636e6ae9f710411d30ef424aeaabe057c7df6ff8f767bcd9012e1047c686f5ccb76ab3a5df53cbc22ba7ea8f6a8edc19d6c1be841503850803bc2c2d5e0e34270a7f1cca0c6c53a8e5f891f7a793a70da62d6d88fbb90d220acc687931b42d6be83ab870da3c0a567f5e65ec0457f4ad2a4ec0b671b36388afd5520a8483a4b11f7d02a41b315f0f9e59f47668d68a74838d6976e12fd45200014041dffacbf60892ec8bd7560686f137a806d3dfaba900b47cac62f828342fff009adb5b2251461a1b9d6ba625b8fe04e69a1a4be2696f24bb68f486e172932e03000000000000005942e1b9d6dc28ab8e19e1111dd893e8d5bc5642faf21eef40d6e7de3ef62c4bc5ff17e7aeb2841098f0cf74f845d1cc9ec4eee79c290fb0ba939b13707004e2e9cc0d350538c1c8c6bb9a38c6ac5ca07df32601240ea3f160d3a7b83ecd0509ce9eba0c7bf7843799b1b56a234f9eaab8a3f14f1472bb6aaeb8ac9ee4055f05558ab31f339f6a4caf2ee2fd01f34dca330000000000000000000000000000000000000000000000000000000000000000000000000095e6f945ba9a941cef5e70b8c152321e24b5b29bcf374dcf5a29a35d76e6e2bf8df95462690a4fc9ec8129e92b6ebb4b40a992a75d3c5954d0bfc87db24d856359079b29b3c374d081c300b2cfaa596d24e800ef8e2201f2fb7a9946f89f9f31f7cbd6f7fd7f8898c70b5c65f2e28f22e983892c383882809f557affbda5e1850d66a4a1ee73b2084681f880a754acddcdafe3ceeeebc0b5f2fedfe7d198e3067f3dbac9441a9ab8409cbbb7e15b9ae3944097de34de2001c8533a3766e6e4c4c4702ccb932a27a3962814cd6aa8fc684beeaa3932efae9052be8eec1e95f6ad8d41dd34829504ba4b66e27154cb6e34aa13450522df1723130b6fe347c93f00e40e293c98d849a33f773c743728992f40faccd5c23130a1c6bfd6fc661bca1598137ddd1090ded672f5a48a40cab3f640c8241a364cbdd3f188eec7da7bccafbd5bf28a46f0eecc6b550471b06a5a411c0e0b19e15a461e7c6833ba936e214b013f2819ec6572a43b5cd32b11d7e4f8dcf8f7820a17b7b2ee6178a03351dd31091e46bfd82a3979b9cad109fd6217cd52aa81bdabd50826a474bd16b8f7e6aed12a305366599f5f029a7b24558c02750500002f1c19d16a6f391906000000cc03bbfb8c698ecc137d96711100e01031aa74fad86b99eebf0527552a9331e646c424b14ffbb815622bfd2f635855bed1b164d0a56bd104be069854111c5b26ec3c652b5f0a6b9676dae987ec23456ba05a4dfb15321ef6b76e7e547a688c67ab531cfc86784c9f940d9fb0464a72ce635e14b80dc5c1c64e8f58c570e7afd83ee77f157c146aa747b728969aeb4aba1d8f9de1b3fb8ab6ea50e884c2ea98e6400bf0c5ae2887cd1da0e57ccfdf5eca2b455247efcc13102846c0a85f20c80007c0ce6efce627b95b8ad3003385de97101678fb2163ecea6e70a77a6fbc089e31a5ccece932229b8f79faa6863d6857c3d9a9710f938ad16eeb8342278f1c1cbc226498028234d21466892983378fe64acbb44f694cd78e43c74aa75505cb1c91b189f8f89f233a05f5cd4e173a373178557843dd705268f74a9e5429945503195aefd6706e587f7ee8375fa559c3ad195d3795df1a8364cd13acc3256ee4634c73eeb6954d0fcf09ab84df0b8900e0c6fea2cc0e7c207b8942fafd70530a0fc4622ecf132d1d5bdc9ffc79f0549b82df521817651d5fead5128205b92ccdccc69407ab556217af277af999dbd456dfc43dd061b6c91485dcc208cf0b3d0bf851de413f5de5ec015e296914afab6411109355e027ce04990d9aae251b9deb11b7db45b9f15b7b55d8fdbedd9e6cf891205694f02be8b9ea8ecd41308a0e1b93ae3435bfa88b440b1f701b4d0fc49c82193f27f8023b630ea97edbf3bf421a0a1a2b4ac7bb30bcd1cdd172c0df37408fd6827bb03e8742fc1c7a2be0d1299928c5f79e846a8dc7ca648d960a759e6711b69776896a9656d59af6d44bff348229fa84034faf8421a22c4b4c17a3d24a4aeee0d0850371feefd77cc4eef51c2b417c8c7458ddd7dd9d1a863bf0a9e1a30a19020490038017a5c7e474c83302a2b59654d49a11c6736ac63e8eb383760fc2b5c976dacf3dda7191c757f28e44f6a5f95db7055f7ed983f5665210f20a494fabb0dbcd335700000000000000000000000000000086666201251aa4f139d0485ffcf89f01639fd1579a3802f720a0215c720a97071f5065a23642a5826fdbca444b00e2e5835185d5d5b2796eb0fe32cf3b0633f58ecc7648c3c6efe82f93a3008052416512eea30ea9472e0b456a652883c0907323cf03be193ad0438cdef7a98a1671a1918df310dc4bfd61c3db3c22673884dca370558936b85737e14819ab1c57b348a8ff16d36364a20fe846d11d045de81f069bac8425b31c5d08b433562ffb318c1285011f9b78b2401989384311101e452f54661ecdb251ab9eefc8e400191f0f0f8c679b0000000000000000000000b41b0ae67d9351c49e1ff285d05a3cc39a5b0cd20afe0a00086650f8fad20c0e1e7131836c85b2cbacd41593928207312189fdd66abc45a139f0c9dbcc58237cec5bd56ffe0c6de23254a7951a298501ca04ab30b5723df6dd01d0b1a87c197b83b286374ba9a9dd1bd09ea1b71b24a1f527bf59d9633e3d15ed3757acc494f464482e49884c13780cc392bfe67b5d91e5b513daea48cac7645db35f07ba41aa187f65c5344717d7a0ee353a7e36b14fdce5898a613cef224d3addb3d2de74cef73f7520dc8cc8ffaa62cbd25e691ef4c45fdd25675b32c129a8464f08c4da9c08713b54416f3b56a04086dab1d196884e062287ad4758e883d2f99833d8aaf0c56718f6b0434740900faf4ab824662a719bf370fd0b2de04c1455ec14908ce5cbec79466f2f2cc337c53437d626254e00000000000000000000000000000000c34646f8ae68c095e7298300feab8a3dfe2c43fc971385b13b4f3b61ddbf5044ff572defcc67930f0e715774e1e970751534398faf79350255cfa9021378f10c2043e7ecd5649c9720530da7ea227b792f31cb5d688b5f1eba9ff5f85c97b35e00ecf76282912b483e31c76e303e527e98a9ca14f718d495ad45db16c4500011de506f0ca35f7ea96ed1831e3c1219f985b26cb8a70e7c8efcb287984871e0fed3f1985cf63f00289292b378188ad0dfae12c265b88961a9223b48cf7055d641595e0cb926d63c1f8a207f48bd482290b79867285c2155e655e017bca6cbba43f9b49042fb2fb390c436b3306e8a0800000090d159004da838a50235b91f5273c1fe083067ce1e2d8011c9e2b6d3ea69dfc3712e5ce440432fbd29ffd004000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001580)={0x2a, 0x2f, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@call={0x85, 0x0, 0x0, 0x72}, @cb_func={0x18, 0x5, 0x4, 0x0, 0x5}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8000}}, @alu={0x7, 0x1, 0x3, 0x5, 0x1, 0xffffffffffffffd1, 0x10}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x3}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x1, 0x1000, &(0x7f0000000500)=""/4096, 0x40f00, 0x40, '\x00', 0x0, 0x6, 0xffffffffffffffff, 0x8, &(0x7f0000000040)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000080)={0x2, 0xb, 0x3, 0x10000}, 0x10, 0x0, 0xffffffffffffffff, 0x4, &(0x7f0000001500)=[0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1], &(0x7f0000001540)=[{0x3, 0x5, 0xa, 0x5}, {0x5, 0x1, 0x10, 0xc}, {0x5, 0x3, 0x3, 0x7}, {0x0, 0x2, 0x10, 0x7}], 0x10, 0xb3d}, 0x90) r0 = socket$packet(0x11, 0x3, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x90) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000008c0)=r1, 0x4) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='memory.swap.current\x00', 0x0, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000140)={r0, 0x7, 0x5, 0x1}) r2 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000680)=@newqdisc={0xac, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x7c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x10000}]}]}, @TCA_TAPRIO_ATTR_TXTIME_DELAY={0x8}]}}]}, 0xac}}, 0x0) socket$packet(0x11, 0x3, 0x300) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@func_proto={0x2, 0x0, 0x0, 0x13, 0x2}]}, {0x0, [0x0, 0x61, 0x61, 0x30]}}, 0x0, 0x2a}, 0x20) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r6}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_int(r7, &(0x7f0000000080)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0) write$cgroup_int(r8, &(0x7f00000000c0), 0x12) socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r10 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x7c, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_FRAME={0x60, 0x33, @beacon={{{}, {}, @broadcast, @device_a, @from_mac=@device_b}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ap_ssid}, @void, @void, @void, @void, @void, @void, @val={0x2a, 0x1, {0x0, 0x0, 0x1}}, @void, @val={0x2d, 0x1a, {0x80, 0x1, 0x6, 0x0, {0x9, 0x4, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x300, 0x20, 0x2}}, @val={0x72, 0x6}, @val={0x71, 0x7, {0x1, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, @void}}]}, 0x7c}}, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 50.87327ms ago: executing program 1 (id=6939): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="b80000000001010400000000000000000a0000053c0001802c0001"], 0xb8}}, 0x0) 0s ago: executing program 2 (id=6940): socket$kcm(0x10, 0x0, 0x10) socket(0x0, 0x0, 0x3ff) r0 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000680)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000700000200000008000300", @ANYRES32=r3, @ANYBLOB="0c00990000000200000000000800a000940900000800260094090000"], 0x48}}, 0x0) kernel console output (not intermixed with test programs): val: invalid value (18446744073709551614) [ 503.286910][T21542] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647 [ 503.454783][T21548] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 503.494363][T21552] bond0: entered promiscuous mode [ 503.502510][T21552] bond_slave_0: entered promiscuous mode [ 503.508837][T21552] bond_slave_1: entered promiscuous mode [ 503.514905][T21552] batadv_slave_0: entered promiscuous mode [ 503.522478][T21552] bond0: left promiscuous mode [ 503.527870][T21552] bond_slave_0: left promiscuous mode [ 503.533496][T21552] bond_slave_1: left promiscuous mode [ 503.539435][T21552] batadv_slave_0: left promiscuous mode [ 503.611215][T21555] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 504.175736][T21569] openvswitch: netlink: Message has -2 unknown bytes. [ 504.206788][ T5199] IPVS: starting estimator thread 0... [ 504.221825][T21575] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 504.308142][T21577] IPVS: using max 17 ests per chain, 40800 per kthread [ 504.411806][T21586] netlink: 'syz.4.5636': attribute type 3 has an invalid length. [ 504.532156][T21586] mac80211_hwsim hwsim38 wlan0: entered promiscuous mode [ 504.599962][T21586] mac80211_hwsim hwsim38 wlan0: left promiscuous mode [ 504.723448][T21599] netlink: 'syz.1.5641': attribute type 2 has an invalid length. [ 504.750854][T21599] netlink: 'syz.1.5641': attribute type 2 has an invalid length. [ 504.780961][T21599] netlink: 'syz.1.5641': attribute type 2 has an invalid length. [ 504.806418][T21599] netlink: 'syz.1.5641': attribute type 2 has an invalid length. [ 504.826254][T21599] netlink: 'syz.1.5641': attribute type 2 has an invalid length. [ 504.845801][T21601] __nla_validate_parse: 8 callbacks suppressed [ 504.845822][T21601] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5642'. [ 504.866096][T21599] netlink: 'syz.1.5641': attribute type 2 has an invalid length. [ 504.900358][T21599] netlink: 'syz.1.5641': attribute type 2 has an invalid length. [ 504.918490][T21599] netlink: 'syz.1.5641': attribute type 2 has an invalid length. [ 505.478466][T21627] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5653'. [ 505.510033][T21627] vlan4: entered promiscuous mode [ 505.515143][T21627] macvlan0: entered promiscuous mode [ 505.566214][T21627] macvlan0: left promiscuous mode [ 505.665075][T21633] netlink: 156 bytes leftover after parsing attributes in process `syz.1.5655'. [ 505.693716][T21637] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5657'. [ 505.900922][T21649] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5659'. [ 505.966867][T21651] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5661'. [ 506.027468][T21651] Bluetooth: MGMT ver 1.22 [ 506.083654][T21657] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5664'. [ 506.156166][T21659] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5665'. [ 506.337795][T21670] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5671'. [ 506.364864][T21667] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5669'. [ 507.344226][ T5143] IPVS: starting estimator thread 0... [ 507.353815][T21723] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 507.476485][T21728] IPVS: using max 18 ests per chain, 43200 per kthread [ 507.614955][T21730] openvswitch: netlink: Tunnel attr 0 has unexpected len 1 expected 8 [ 507.946422][T21759] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 508.709111][T21801] ipvlan4: entered promiscuous mode [ 508.734569][T21801] ipvlan4: entered allmulticast mode [ 508.751182][T21801] 8021q: adding VLAN 0 to HW filter on device ipvlan4 [ 509.934498][T21861] xfrm0: left promiscuous mode [ 510.065715][T21873] __nla_validate_parse: 15 callbacks suppressed [ 510.065738][T21873] netlink: 64138 bytes leftover after parsing attributes in process `syz.3.5738'. [ 510.124803][T21861] team0: Port device vlan2 removed [ 510.174884][T21873] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 510.317473][T21883] smc: net device lo applied user defined pnetid SYZ2 [ 510.343855][T21883] smc: net device lo erased user defined pnetid SYZ2 [ 510.776624][T21906] syz_tun (unregistering): left allmulticast mode [ 510.859753][T21914] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5756'. [ 510.893332][T21919] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5755'. [ 511.145573][T21934] pimreg12: entered allmulticast mode [ 511.196923][T21934] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 511.260183][T21934] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5762'. [ 511.302927][T21934] xfrm0: entered promiscuous mode [ 511.312943][T21945] x_tables: duplicate underflow at hook 1 [ 511.332861][T21934] xfrm0: entered allmulticast mode [ 511.405732][T21932] pimreg12: left allmulticast mode [ 511.520959][T21953] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5770'. [ 511.721782][T21970] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 511.876607][T21979] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5779'. [ 511.905508][T21982] validate_nla: 61 callbacks suppressed [ 511.905532][T21982] netlink: 'syz.1.5782': attribute type 29 has an invalid length. [ 511.926310][T21980] x_tables: duplicate entry at hook 2 [ 512.215979][T22001] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5785'. [ 512.331332][T22003] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 512.338811][T22003] IPv6: NLM_F_CREATE should be set when creating new route [ 512.346176][T22003] IPv6: NLM_F_CREATE should be set when creating new route [ 512.365421][T22006] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5791'. [ 512.454508][T22008] Cannot find set identified by id 0 to match [ 512.555814][T22010] IPVS: set_ctl: invalid protocol: 33 100.1.1.2:20004 [ 512.579078][T22010] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5793'. [ 512.786917][T22019] sctp: [Deprecated]: syz.4.5797 (pid 22019) Use of int in maxseg socket option. [ 512.786917][T22019] Use struct sctp_assoc_value instead [ 513.151877][T22031] netlink: 'syz.1.5802': attribute type 4 has an invalid length. [ 513.189491][T22036] netlink: 4768 bytes leftover after parsing attributes in process `syz.2.5803'. [ 513.756969][T21997] netlink: 'syz.0.5788': attribute type 4 has an invalid length. [ 513.838167][T22061] netlink: 'syz.4.5811': attribute type 10 has an invalid length. [ 513.930645][T22063] netlink: 'syz.4.5811': attribute type 10 has an invalid length. [ 513.959756][T22063] team0: entered promiscuous mode [ 513.977384][T22063] team_slave_0: entered promiscuous mode [ 513.990541][T22063] team_slave_1: entered promiscuous mode [ 514.006213][T22063] dummy0: entered promiscuous mode [ 514.017653][T22063] bond0: entered promiscuous mode [ 514.029597][T22063] bond_slave_0: entered promiscuous mode [ 514.041464][T22063] bond_slave_1: entered promiscuous mode [ 514.055148][T22063] bond1: entered promiscuous mode [ 514.072169][T22063] 8021q: adding VLAN 0 to HW filter on device team0 [ 514.080672][T22063] bridge0: port 2(team0) entered blocking state [ 514.088522][T22063] bridge0: port 2(team0) entered disabled state [ 514.097756][T22063] team0: entered allmulticast mode [ 514.103023][T22063] team_slave_0: entered allmulticast mode [ 514.111850][T22063] team_slave_1: entered allmulticast mode [ 514.133775][T22063] vlan2: entered allmulticast mode [ 514.139124][T22063] batadv0: entered allmulticast mode [ 514.154629][T22063] dummy0: entered allmulticast mode [ 514.160009][T22063] bond0: entered allmulticast mode [ 514.165154][T22063] bond_slave_0: entered allmulticast mode [ 514.171566][T22063] bond_slave_1: entered allmulticast mode [ 514.183806][T22063] bond1: entered allmulticast mode [ 514.198297][T22063] bridge0: port 2(team0) entered blocking state [ 514.204779][T22063] bridge0: port 2(team0) entered forwarding state [ 514.400133][T16356] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 514.409870][T16356] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 514.493361][T22083] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 515.533511][T22126] __nla_validate_parse: 6 callbacks suppressed [ 515.533536][T22126] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5831'. [ 515.587675][T22129] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5833'. [ 515.611714][T22129] netlink: 108 bytes leftover after parsing attributes in process `syz.2.5833'. [ 515.662561][T22135] x_tables: ip_tables: ah match: only valid for protocol 51 [ 515.934865][T22149] tipc: Started in network mode [ 515.955286][T22149] tipc: Node identity fe8000000000000000000000000000aa, cluster identity 4711 [ 515.994621][T22149] tipc: Enabled bearer , priority 10 [ 516.289123][T22163] Cannot find del_set index 0 as target [ 516.594162][T22173] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5852'. [ 516.690593][T22177] netlink: 'syz.1.5854': attribute type 4 has an invalid length. [ 516.706408][ T5107] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 516.724286][ T5107] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 516.733852][ T5107] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 516.741778][T22177] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 516.758575][ T5107] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 516.775598][ T5107] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 516.783701][ T5107] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 516.977521][ T5199] tipc: Node number set to 4269801642 [ 517.016461][T22194] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 517.043652][T22194] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5860'. [ 517.073833][T22194] bridge_slave_1: left allmulticast mode [ 517.093813][T22194] bridge_slave_1: left promiscuous mode [ 517.104281][T22194] bridge0: port 2(bridge_slave_1) entered disabled state [ 517.482067][T22207] netlink: 112 bytes leftover after parsing attributes in process `syz.0.5862'. [ 517.642607][T22214] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5865'. [ 517.962472][T22178] chnl_net:caif_netlink_parms(): no params data found [ 518.364004][T22178] bridge0: port 1(bridge_slave_0) entered blocking state [ 518.380405][T22178] bridge0: port 1(bridge_slave_0) entered disabled state [ 518.397886][T22178] bridge_slave_0: entered allmulticast mode [ 518.414833][T22178] bridge_slave_0: entered promiscuous mode [ 518.436580][T22178] bridge0: port 2(bridge_slave_1) entered blocking state [ 518.454472][T22178] bridge0: port 2(bridge_slave_1) entered disabled state [ 518.464943][T22178] bridge_slave_1: entered allmulticast mode [ 518.483783][T22178] bridge_slave_1: entered promiscuous mode [ 518.611978][T22178] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 518.641359][T22178] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 518.663972][T22244] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5875'. [ 518.740663][T22251] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5878'. [ 518.848521][ T5103] Bluetooth: hci0: command tx timeout [ 518.897864][T22178] team0: Port device team_slave_0 added [ 518.953695][T22178] team0: Port device team_slave_1 added [ 519.233544][T22178] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 519.265440][T22178] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 519.338940][T22178] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 520.906669][ T5103] Bluetooth: hci0: command tx timeout [ 521.588273][T22178] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 521.595591][T22178] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 521.643936][T22178] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 521.742461][T22291] netlink: 'syz.1.5889': attribute type 1 has an invalid length. [ 521.799422][T22297] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5891'. [ 521.827299][T22178] hsr_slave_0: entered promiscuous mode [ 521.844966][T22178] hsr_slave_1: entered promiscuous mode [ 521.875785][T22178] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 521.883423][T22178] Cannot create hsr debugfs directory [ 521.904756][T22290] xt_CT: No such helper "snmp_trap" [ 522.625625][T22178] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 522.627701][T22328] netlink: 'syz.1.5904': attribute type 1 has an invalid length. [ 522.672100][T22328] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5904'. [ 522.683742][T22328] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5904'. [ 522.769537][T22334] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5906'. [ 522.840499][T22178] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 522.986799][ T5103] Bluetooth: hci0: command tx timeout [ 523.068935][T22178] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 523.124248][T22346] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5911'. [ 523.253206][T22178] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 523.425646][T22359] netlink: 'syz.2.5916': attribute type 21 has an invalid length. [ 523.433552][T22359] netlink: 'syz.2.5916': attribute type 20 has an invalid length. [ 523.493107][T22364] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 20000 - 0 [ 523.500798][T22363] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 523.510863][T22364] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 20000 - 0 [ 523.542081][T22364] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 20000 - 0 [ 523.564887][T22364] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 20000 - 0 [ 523.614136][T22364] netdevsim netdevsim0 eth0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 523.626975][T22364] netdevsim netdevsim0 eth1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 523.647983][T22364] netdevsim netdevsim0 eth2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 523.661838][T22364] netdevsim netdevsim0 eth3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 523.671900][T22364] geneve2: entered promiscuous mode [ 523.685941][T22364] geneve2: entered allmulticast mode [ 523.720733][T22366] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5918'. [ 523.912800][T22375] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5921'. [ 523.950126][T22380] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5923'. [ 523.978003][T22178] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 524.039528][T22380] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5923'. [ 524.050812][T22178] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 524.081827][T22178] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 524.137953][T22178] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 524.279368][T22390] netlink: 'syz.2.5927': attribute type 10 has an invalid length. [ 524.478698][T22404] FAULT_INJECTION: forcing a failure. [ 524.478698][T22404] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 524.504794][T22404] CPU: 0 PID: 22404 Comm: syz.1.5930 Not tainted 6.10.0-rc7-syzkaller-01603-g80ab5445da62 #0 [ 524.515165][T22404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 524.525353][T22404] Call Trace: [ 524.528679][T22404] [ 524.531657][T22404] dump_stack_lvl+0x241/0x360 [ 524.536394][T22404] ? __pfx_dump_stack_lvl+0x10/0x10 [ 524.541668][T22404] ? __pfx__printk+0x10/0x10 [ 524.546322][T22404] ? __pfx_lock_release+0x10/0x10 [ 524.551416][T22404] should_fail_ex+0x3b0/0x4e0 [ 524.556179][T22404] _copy_from_user+0x2f/0xe0 [ 524.560834][T22404] copy_msghdr_from_user+0xae/0x680 [ 524.566114][T22404] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 524.572091][T22404] __sys_sendmsg+0x23d/0x3a0 [ 524.576749][T22404] ? __pfx___sys_sendmsg+0x10/0x10 [ 524.581912][T22404] ? vfs_write+0x7c4/0xc90 [ 524.586484][T22404] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 524.592893][T22404] ? do_syscall_64+0x100/0x230 [ 524.597738][T22404] ? do_syscall_64+0xb6/0x230 [ 524.602480][T22404] do_syscall_64+0xf3/0x230 [ 524.607042][T22404] ? clear_bhb_loop+0x35/0x90 [ 524.611868][T22404] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 524.617828][T22404] RIP: 0033:0x7f8df6b75bd9 [ 524.619162][T22178] 8021q: adding VLAN 0 to HW filter on device bond0 [ 524.622262][T22404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 524.622286][T22404] RSP: 002b:00007f8df65ff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 524.657040][T22404] RAX: ffffffffffffffda RBX: 00007f8df6d03f60 RCX: 00007f8df6b75bd9 [ 524.664431][T22178] 8021q: adding VLAN 0 to HW filter on device team0 [ 524.665031][T22404] RDX: 0000000000000000 RSI: 0000000020000840 RDI: 0000000000000004 [ 524.665053][T22404] RBP: 00007f8df65ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 524.665069][T22404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 524.684586][ T6250] bridge0: port 1(bridge_slave_0) entered blocking state [ 524.687691][T22404] R13: 000000000000004d R14: 00007f8df6d03f60 R15: 00007ffe205de5e8 [ 524.687732][T22404] [ 524.714335][ T6250] bridge0: port 1(bridge_slave_0) entered forwarding state [ 524.849896][ T6245] bridge0: port 2(bridge_slave_1) entered blocking state [ 524.857265][ T6245] bridge0: port 2(bridge_slave_1) entered forwarding state [ 524.894653][T22415] netlink: 52 bytes leftover after parsing attributes in process `syz.2.5935'. [ 525.065302][ T5103] Bluetooth: hci0: command tx timeout [ 525.578740][T22178] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 525.734664][T22454] bridge0: port 1(bridge_slave_0) entered disabled state [ 526.272681][T22178] veth0_vlan: entered promiscuous mode [ 526.294797][ C1] vxcan1: j1939_xtp_rx_abort_one: 0xffff88805b6d8000: 0x00000: (8) Duplicate sequence number (and software is not able to recover) [ 526.308444][ C1] vxcan1: j1939_xtp_rx_abort_one: 0xffff88805b6d8800: 0x00000: (8) Duplicate sequence number (and software is not able to recover) [ 526.322317][ C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff88805b6d8400: 0x00000: (8) Duplicate sequence number (and software is not able to recover) [ 526.343879][T22178] veth1_vlan: entered promiscuous mode [ 526.626778][T22178] veth0_macvtap: entered promiscuous mode [ 526.661414][T22178] veth1_macvtap: entered promiscuous mode [ 526.790535][T22178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 526.815728][T22178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.835938][T22178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 526.847150][T22178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.882513][T22178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 526.911208][T22178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 526.932683][T22500] netlink: 'syz.0.5967': attribute type 1 has an invalid length. [ 526.934120][T22178] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 526.986567][T22178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 527.009155][T22178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.025261][T22178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 527.040670][T22178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.055719][T22178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 527.083206][T22178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.108175][T22178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 527.135638][T22178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.151631][T22178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 527.175602][T22178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.195538][T22178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 527.215757][T22178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.248974][T22178] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 527.263270][T22178] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 527.278105][T22178] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 527.319829][T22178] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 527.330226][T22178] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 527.343219][T22178] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 527.365953][T22178] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 527.715063][T22524] __nla_validate_parse: 7 callbacks suppressed [ 527.715086][T22524] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5973'. [ 527.814004][T22526] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5974'. [ 527.835411][ T9715] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 527.843316][ T9715] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 528.039694][T22529] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5976'. [ 528.054061][T22534] netlink: 136 bytes leftover after parsing attributes in process `syz.0.5975'. [ 528.110725][T16358] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 528.123237][T16358] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 528.220663][T22537] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5977'. [ 528.613936][T22543] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5980'. [ 528.642356][T22545] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5981'. [ 528.696287][T22543] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5980'. [ 528.806276][T22554] netlink: 'syz.3.5984': attribute type 4 has an invalid length. [ 528.820157][T22553] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5985'. [ 528.985798][T22559] netlink: 136 bytes leftover after parsing attributes in process `syz.2.5988'. [ 529.212471][ T9718] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 529.269526][T22568] FAULT_INJECTION: forcing a failure. [ 529.269526][T22568] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 529.318181][T22568] CPU: 0 PID: 22568 Comm: syz.1.5991 Not tainted 6.10.0-rc7-syzkaller-01603-g80ab5445da62 #0 [ 529.328420][T22568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 529.338699][T22568] Call Trace: [ 529.342016][T22568] [ 529.344983][T22568] dump_stack_lvl+0x241/0x360 [ 529.349718][T22568] ? __pfx_dump_stack_lvl+0x10/0x10 [ 529.354969][T22568] ? __pfx__printk+0x10/0x10 [ 529.359621][T22568] ? snprintf+0xda/0x120 [ 529.363913][T22568] should_fail_ex+0x3b0/0x4e0 [ 529.368655][T22568] _copy_to_user+0x2f/0xb0 [ 529.373127][T22568] simple_read_from_buffer+0xca/0x150 [ 529.378556][T22568] proc_fail_nth_read+0x1e9/0x250 [ 529.383632][T22568] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 529.389226][T22568] ? rw_verify_area+0x520/0x6b0 [ 529.394130][T22568] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 529.399731][T22568] vfs_read+0x204/0xbc0 [ 529.403939][T22568] ? __pfx_lock_release+0x10/0x10 [ 529.409093][T22568] ? __pfx_vfs_read+0x10/0x10 [ 529.413797][T22568] ? __fget_files+0x29/0x470 [ 529.418408][T22568] ? __fget_files+0x3f6/0x470 [ 529.423114][T22568] ksys_read+0x1a0/0x2c0 [ 529.427383][T22568] ? __pfx_ksys_read+0x10/0x10 [ 529.432185][T22568] ? do_syscall_64+0x100/0x230 [ 529.436987][T22568] ? do_syscall_64+0xb6/0x230 [ 529.441682][T22568] do_syscall_64+0xf3/0x230 [ 529.446200][T22568] ? clear_bhb_loop+0x35/0x90 [ 529.450896][T22568] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 529.456803][T22568] RIP: 0033:0x7f8df6b746bc [ 529.461225][T22568] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 529.480851][T22568] RSP: 002b:00007f8df65ff040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 529.489286][T22568] RAX: ffffffffffffffda RBX: 00007f8df6d03f60 RCX: 00007f8df6b746bc [ 529.497270][T22568] RDX: 000000000000000f RSI: 00007f8df65ff0b0 RDI: 0000000000000004 [ 529.505258][T22568] RBP: 00007f8df65ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 529.513247][T22568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 529.521231][T22568] R13: 000000000000004d R14: 00007f8df6d03f60 R15: 00007ffe205de5e8 [ 529.529229][T22568] [ 529.605046][T22573] sch_tbf: burst 549 is lower than device veth1_to_bridge mtu (1514) ! [ 529.636522][T22577] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 529.730378][T22577] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 529.864832][ T9718] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 529.897741][ T5107] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 529.908682][ T5107] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 529.920515][ T5107] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 529.931951][ T5107] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 529.941346][ T5107] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 529.951060][ T5107] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 529.984191][T22577] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 530.189673][ T9718] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.414443][ T9718] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.831819][T22625] netlink: 'syz.2.6007': attribute type 10 has an invalid length. [ 530.954485][ T9718] bridge_slave_1: left allmulticast mode [ 530.961933][ T9718] bridge_slave_1: left promiscuous mode [ 530.978639][ T9718] bridge0: port 2(bridge_slave_1) entered disabled state [ 531.009734][T22634] netlink: 'syz.0.6011': attribute type 7 has an invalid length. [ 531.010212][ T9718] bridge_slave_0: left allmulticast mode [ 531.028651][T22634] netlink: 'syz.0.6011': attribute type 8 has an invalid length. [ 531.057306][ T9718] bridge_slave_0: left promiscuous mode [ 531.063263][ T9718] bridge0: port 1(bridge_slave_0) entered disabled state [ 531.764141][ T9718] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 531.780394][ T9718] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 531.792881][ T9718] bond0 (unregistering): Released all slaves [ 531.817044][T22643] (unnamed net_device) (uninitialized): option lp_interval: invalid value (18446744073709551614) [ 531.828117][T22643] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647 [ 531.845906][T22588] chnl_net:caif_netlink_parms(): no params data found [ 532.033075][ T5107] Bluetooth: hci0: command tx timeout [ 532.249952][T22663] netlink: 'syz.1.6022': attribute type 4 has an invalid length. [ 532.366424][T22674] netlink: 'syz.1.6022': attribute type 4 has an invalid length. [ 532.482719][T22588] bridge0: port 1(bridge_slave_0) entered blocking state [ 532.499464][T22588] bridge0: port 1(bridge_slave_0) entered disabled state [ 532.513779][T22588] bridge_slave_0: entered allmulticast mode [ 532.523728][T22588] bridge_slave_0: entered promiscuous mode [ 532.678772][T22588] bridge0: port 2(bridge_slave_1) entered blocking state [ 532.711949][T22588] bridge0: port 2(bridge_slave_1) entered disabled state [ 532.729859][T22588] bridge_slave_1: entered allmulticast mode [ 532.753469][T22588] bridge_slave_1: entered promiscuous mode [ 533.368342][T22700] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 533.394261][T22588] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 533.450157][ T9718] hsr_slave_0: left promiscuous mode [ 533.480737][ T9718] hsr_slave_1: left promiscuous mode [ 533.511120][ T9718] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 533.520625][T22711] __nla_validate_parse: 6 callbacks suppressed [ 533.520646][T22711] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6036'. [ 533.540785][ T9718] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 533.567212][ T9718] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 533.574793][ T9718] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 533.673631][ T9718] veth1_macvtap: left promiscuous mode [ 533.683826][ T9718] veth0_macvtap: left promiscuous mode [ 533.683928][T22719] Cannot find add_set index 0 as target [ 533.689589][ T9718] veth1_vlan: left promiscuous mode [ 533.689734][ T9718] veth0_vlan: left promiscuous mode [ 534.111128][ T5107] Bluetooth: hci0: command tx timeout [ 534.642968][ T9718] team0 (unregistering): Port device team_slave_1 removed [ 534.714734][ T9718] team0 (unregistering): Port device team_slave_0 removed [ 535.294394][T22588] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 535.331515][T22715] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6039'. [ 535.360906][T22723] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6039'. [ 535.586503][T22739] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6046'. [ 535.589387][T22588] team0: Port device team_slave_0 added [ 535.638415][T22588] team0: Port device team_slave_1 added [ 535.675809][T22743] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6046'. [ 535.719394][T22743] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check. [ 535.785569][T22739] netlink: 68 bytes leftover after parsing attributes in process `syz.1.6046'. [ 536.017012][T22588] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 536.035644][T22588] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 536.089203][T22588] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 536.126354][T22763] netlink: 84 bytes leftover after parsing attributes in process `syz.3.6054'. [ 536.151541][T22588] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 536.165276][T22588] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 536.186463][ T5107] Bluetooth: hci0: command tx timeout [ 536.220767][T22588] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 536.234194][T22768] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6056'. [ 536.246710][T22768] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6056'. [ 536.272852][T22769] Bluetooth: MGMT ver 1.22 [ 536.372760][T22588] hsr_slave_0: entered promiscuous mode [ 536.402458][T22588] hsr_slave_1: entered promiscuous mode [ 536.423581][T22588] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 536.438628][T22588] Cannot create hsr debugfs directory [ 536.454416][T22775] netlink: 'syz.1.6058': attribute type 1 has an invalid length. [ 537.485137][T22806] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6067'. [ 537.592886][T22588] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 537.653740][T22588] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 537.696397][T22588] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 537.711662][T22588] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 538.060030][T22825] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 538.267878][ T5107] Bluetooth: hci0: command tx timeout [ 538.355503][T22588] 8021q: adding VLAN 0 to HW filter on device bond0 [ 538.421570][T22588] 8021q: adding VLAN 0 to HW filter on device team0 [ 538.473096][ T6245] bridge0: port 1(bridge_slave_0) entered blocking state [ 538.480392][ T6245] bridge0: port 1(bridge_slave_0) entered forwarding state [ 538.517713][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 538.525036][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 538.659851][T22588] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 538.745972][T22860] __nla_validate_parse: 2 callbacks suppressed [ 538.745997][T22860] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6081'. [ 538.866026][T22858] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6083'. [ 539.093144][T22872] netlink: 'syz.3.6085': attribute type 1 has an invalid length. [ 539.103731][T22872] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6085'. [ 539.390340][T22588] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 539.628633][T22888] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6089'. [ 540.099697][T22588] veth0_vlan: entered promiscuous mode [ 540.101713][T22910] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6096'. [ 540.159389][T22588] veth1_vlan: entered promiscuous mode [ 540.292705][T22588] veth0_macvtap: entered promiscuous mode [ 540.318446][T22588] veth1_macvtap: entered promiscuous mode [ 540.374979][T22588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 540.429513][T22588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 540.451745][T22588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 540.475310][T22588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 540.490393][T22588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 540.507318][T22588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 540.520676][T22588] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 540.579294][T22588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 540.605329][T22588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 540.625314][T22588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 540.645638][T22588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 540.662078][T22588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 540.675471][T22588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 540.689850][T22588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 540.700798][T22588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 540.710923][T22588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 540.722263][T22588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 540.732625][T22588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 540.744749][T22588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 540.762386][T22588] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 540.773947][T22588] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 540.808875][T22588] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 540.858930][T22588] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 540.884059][T22588] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 540.911622][T22933] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048) [ 540.919786][T22588] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 540.936579][T22588] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 540.938801][T22935] netlink: 892 bytes leftover after parsing attributes in process `syz.0.6106'. [ 541.206487][T22941] nlmon0: entered promiscuous mode [ 541.212406][T22941] vlan2: entered promiscuous mode [ 541.221482][T22941] nlmon0: left promiscuous mode [ 541.436972][ T9715] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 541.457327][ T9715] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 541.548611][ T9705] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 541.567739][ T9705] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 541.572801][T22954] netlink: 140 bytes leftover after parsing attributes in process `syz.0.6112'. [ 541.720280][T22953] delete_channel: no stack [ 541.993605][T22969] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6119'. [ 542.028414][T22972] netlink: 892 bytes leftover after parsing attributes in process `syz.3.6120'. [ 542.203473][T22980] netlink: 216 bytes leftover after parsing attributes in process `syz.3.6124'. [ 543.225046][T23018] netlink: 'syz.0.6139': attribute type 2 has an invalid length. [ 543.474435][T16356] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 543.685673][T23036] vlan0: entered promiscuous mode [ 543.690838][T23036] ip6gretap0: entered promiscuous mode [ 543.810634][T23049] __nla_validate_parse: 5 callbacks suppressed [ 543.810655][T23049] netlink: 892 bytes leftover after parsing attributes in process `syz.1.6147'. [ 544.068131][T16356] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 544.232955][T23068] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 544.244879][T23068] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 544.264002][T23068] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 544.273602][T23068] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 544.283002][T23068] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 544.290706][T23068] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 544.338406][T16356] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 544.392786][T23073] netlink: 203452 bytes leftover after parsing attributes in process `syz.3.6155'. [ 544.515460][T23073] netlink: 'syz.3.6155': attribute type 2 has an invalid length. [ 544.532144][T23073] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6155'. [ 544.719210][T16356] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 544.794929][T23075] vlan2: entered promiscuous mode [ 545.064541][T16356] bridge_slave_1: left allmulticast mode [ 545.075728][T16356] bridge_slave_1: left promiscuous mode [ 545.082018][T16356] bridge0: port 2(bridge_slave_1) entered disabled state [ 545.107735][T16356] bridge_slave_0: left allmulticast mode [ 545.125388][T16356] bridge_slave_0: left promiscuous mode [ 545.131371][T16356] bridge0: port 1(bridge_slave_0) entered disabled state [ 545.166562][T23095] netlink: 892 bytes leftover after parsing attributes in process `syz.1.6162'. [ 545.236802][T23101] netlink: 'syz.2.6164': attribute type 7 has an invalid length. [ 545.252770][T23101] netlink: 'syz.2.6164': attribute type 8 has an invalid length. [ 545.363654][T23106] netlink: 180 bytes leftover after parsing attributes in process `syz.2.6165'. [ 545.847995][T16356] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 545.869281][T16356] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 545.884009][T16356] bond0 (unregistering): Released all slaves [ 545.899502][T23090] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 546.077837][T23113] netlink: 'syz.3.6168': attribute type 12 has an invalid length. [ 546.095578][T23113] netlink: 'syz.3.6168': attribute type 1 has an invalid length. [ 546.103890][T23113] bridge0: port 1(bridge_slave_0) entered forwarding state [ 546.262221][T23120] sch_tbf: burst 549 is lower than device veth1_to_bridge mtu (1514) ! [ 546.304728][T23126] (unnamed net_device) (uninitialized): option lp_interval: invalid value (18446744073709551614) [ 546.317811][T23126] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647 [ 546.345996][T23068] Bluetooth: hci0: command tx timeout [ 548.427471][T23068] Bluetooth: hci0: command tx timeout [ 549.292268][T23138] netlink: 76 bytes leftover after parsing attributes in process `syz.3.6176'. [ 549.529651][T23147] bond0: Unable to set down delay as MII monitoring is disabled [ 549.730114][T23151] xt_CT: No such helper "snmp_trap" [ 549.736184][T23150] xt_CT: No such helper "snmp_trap" [ 549.926013][T16356] hsr_slave_0: left promiscuous mode [ 549.975842][T16356] hsr_slave_1: left promiscuous mode [ 549.992717][T16356] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 550.005745][T16356] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 550.024486][T16356] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 550.032651][T23172] netlink: 'syz.2.6187': attribute type 2 has an invalid length. [ 550.040365][T16356] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 550.057603][T23172] netlink: 244 bytes leftover after parsing attributes in process `syz.2.6187'. [ 550.130789][T16356] veth1_macvtap: left promiscuous mode [ 550.143717][T16356] veth0_macvtap: left promiscuous mode [ 550.152232][T16356] veth1_vlan: left promiscuous mode [ 550.158112][T16356] veth0_vlan: left promiscuous mode [ 550.510342][T23068] Bluetooth: hci0: command tx timeout [ 550.883612][T16356] team0 (unregistering): Port device team_slave_1 removed [ 550.945142][T16356] team0 (unregistering): Port device team_slave_0 removed [ 551.534505][T23167] sch_tbf: burst 549 is lower than device veth1_to_bridge mtu (1514) ! [ 551.585932][T23175] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6188'. [ 551.618451][T23178] bridge0: entered promiscuous mode [ 551.669906][T23178] bridge0: left promiscuous mode [ 551.738993][T23184] netlink: 'syz.0.6190': attribute type 1 has an invalid length. [ 551.911533][T23067] chnl_net:caif_netlink_parms(): no params data found [ 552.214438][T23206] netlink: 36 bytes leftover after parsing attributes in process `syz.2.6198'. [ 552.363068][T23213] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6201'. [ 552.394261][T23067] bridge0: port 1(bridge_slave_0) entered blocking state [ 552.412461][T23067] bridge0: port 1(bridge_slave_0) entered disabled state [ 552.445430][T23067] bridge_slave_0: entered allmulticast mode [ 552.453109][T23067] bridge_slave_0: entered promiscuous mode [ 552.585703][T23068] Bluetooth: hci0: command tx timeout [ 552.626033][T23214] netlink: 164 bytes leftover after parsing attributes in process `syz.0.6201'. [ 552.691943][T23067] bridge0: port 2(bridge_slave_1) entered blocking state [ 552.717536][T23067] bridge0: port 2(bridge_slave_1) entered disabled state [ 552.743526][T23067] bridge_slave_1: entered allmulticast mode [ 552.753884][T23067] bridge_slave_1: entered promiscuous mode [ 552.811564][T23067] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 552.847771][T23067] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 552.873072][T23226] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 552.880478][T23226] IPv6: NLM_F_CREATE should be set when creating new route [ 552.887848][T23226] IPv6: NLM_F_CREATE should be set when creating new route [ 553.120532][T23067] team0: Port device team_slave_0 added [ 553.144838][T23067] team0: Port device team_slave_1 added [ 553.278888][T23067] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 553.295438][T23067] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 553.355463][T23067] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 553.380178][T23245] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6209'. [ 553.405644][T23245] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6209'. [ 553.438587][T23067] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 553.459482][T23067] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 553.523653][T23249] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6213'. [ 553.544471][T23067] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 553.696085][T23067] hsr_slave_0: entered promiscuous mode [ 553.717957][T23067] hsr_slave_1: entered promiscuous mode [ 553.726771][T23067] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 553.734407][T23067] Cannot create hsr debugfs directory [ 554.185111][T23271] netlink: 'syz.3.6222': attribute type 21 has an invalid length. [ 554.441821][T23271] netlink: 'syz.3.6222': attribute type 20 has an invalid length. [ 554.946518][T23294] tun0: tun_chr_ioctl cmd 35108 [ 555.223133][T23067] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 555.254982][T23309] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 555.280667][T23067] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 555.319248][T23313] netlink: 60 bytes leftover after parsing attributes in process `syz.3.6237'. [ 555.340656][T23313] netlink: 'syz.3.6237': attribute type 3 has an invalid length. [ 555.342185][T23067] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 555.351112][T23313] netlink: 'syz.3.6237': attribute type 1 has an invalid length. [ 555.375581][T23313] netlink: 181400 bytes leftover after parsing attributes in process `syz.3.6237'. [ 555.397187][T23067] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 555.442485][T23318] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6239'. [ 555.541002][T23313] can: request_module (can-proto-0) failed. [ 555.892910][T23067] 8021q: adding VLAN 0 to HW filter on device bond0 [ 555.957974][T23332] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6241'. [ 555.972679][T23334] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6242'. [ 555.997061][T23067] 8021q: adding VLAN 0 to HW filter on device team0 [ 556.048673][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 556.055982][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 556.068280][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 556.075671][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 556.189287][T23341] netlink: 'syz.2.6244': attribute type 2 has an invalid length. [ 556.215418][T23341] netlink: 'syz.2.6244': attribute type 1 has an invalid length. [ 556.223344][T23341] netlink: 181400 bytes leftover after parsing attributes in process `syz.2.6244'. [ 556.252270][T23067] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 556.473187][T23348] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6246'. [ 556.712589][T23356] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6247'. [ 556.948989][T23067] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 556.958212][T23371] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6251'. [ 557.045686][T23376] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6254'. [ 557.844749][T23067] veth0_vlan: entered promiscuous mode [ 557.889061][T23067] veth1_vlan: entered promiscuous mode [ 558.026248][T23067] veth0_macvtap: entered promiscuous mode [ 558.070411][T23067] veth1_macvtap: entered promiscuous mode [ 558.172772][T23067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 558.201664][T23067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.235568][T23067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 558.259286][T23067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.282332][T23067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 558.307489][T23067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.331760][T23067] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 558.367532][T23067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.397304][T23067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.419642][T23067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.472662][T23067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.515672][T23067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.526441][T23067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.536920][T23067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.552194][T23067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.578501][T23067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.602248][T23067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.645274][T23067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.662946][T23067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.685645][T23067] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 558.710975][T23067] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 558.737788][T23067] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 558.783268][T23067] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.828019][T23067] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.865700][T23067] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 558.875312][T23067] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 559.297585][T16356] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 559.315980][T16356] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 559.383353][T23455] bond0: entered promiscuous mode [ 559.416845][T23463] netlink: 'syz.1.6278': attribute type 1 has an invalid length. [ 559.418327][T23455] bond_slave_0: entered promiscuous mode [ 559.485685][T23455] bond_slave_1: entered promiscuous mode [ 559.506477][T23455] batadv_slave_0: entered promiscuous mode [ 559.652986][T23461] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 559.672580][T16356] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 559.707178][T16356] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 560.073437][T23479] netlink: 'syz.3.6284': attribute type 32 has an invalid length. [ 560.367665][T23496] __nla_validate_parse: 4 callbacks suppressed [ 560.367689][T23496] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6289'. [ 560.591743][T15294] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 560.927815][T15294] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.031644][T15294] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.237896][T15294] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 561.292623][T23518] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6295'. [ 561.294123][T23519] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6291'. [ 561.352327][T23515] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6293'. [ 561.506052][T23524] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6296'. [ 561.531140][T23524] netlink: 'syz.3.6296': attribute type 15 has an invalid length. [ 561.616960][T23524] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 256 - 0 [ 561.626851][T23524] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 256 - 0 [ 561.636509][T23524] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 256 - 0 [ 561.645862][T23524] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 256 - 0 [ 561.659864][T23524] vxlan0: entered promiscuous mode [ 561.834379][ T5107] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 561.847880][T23538] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6301'. [ 561.858783][ T5107] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 561.869819][ T5107] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 561.876095][T15294] bridge_slave_1: left allmulticast mode [ 561.884911][T15294] bridge_slave_1: left promiscuous mode [ 561.903523][ T5107] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 561.911635][T15294] bridge0: port 2(bridge_slave_1) entered disabled state [ 561.921686][T23540] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6302'. [ 561.935892][ T5107] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 561.946295][ T5107] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 561.946366][T15294] bridge_slave_0: left allmulticast mode [ 562.025835][T15294] bridge_slave_0: left promiscuous mode [ 562.049329][T15294] bridge0: port 1(bridge_slave_0) entered disabled state [ 562.766051][T15294] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 562.788048][T15294] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 562.803741][T15294] bond0 (unregistering): Released all slaves [ 562.832947][T23548] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6304'. [ 562.927989][T23553] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6304'. [ 563.174172][T23564] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 563.223571][T23564] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 563.698654][T23588] netlink: 'syz.0.6320': attribute type 4 has an invalid length. [ 563.930723][T23599] sch_tbf: burst 549 is lower than device veth1_to_bridge mtu (1514) ! [ 564.029049][T23068] Bluetooth: hci0: command tx timeout [ 564.435582][T15294] hsr_slave_0: left promiscuous mode [ 564.467614][T15294] hsr_slave_1: left promiscuous mode [ 564.490568][T15294] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 564.505602][T15294] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 564.536770][T15294] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 564.544291][T15294] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 564.620932][T15294] veth1_macvtap: left promiscuous mode [ 564.636253][T15294] veth0_macvtap: left promiscuous mode [ 564.653624][T15294] veth1_vlan: left promiscuous mode [ 564.690656][T15294] veth0_vlan: left promiscuous mode [ 565.144560][T23625] netlink: 'syz.3.6331': attribute type 3 has an invalid length. [ 565.502959][T15294] team0 (unregistering): Port device team_slave_1 removed [ 565.554978][T15294] team0 (unregistering): Port device team_slave_0 removed [ 566.110578][T23068] Bluetooth: hci0: command tx timeout [ 566.153978][T23610] batman_adv: batadv0: Adding interface: vlan0 [ 566.165571][T23610] batman_adv: batadv0: The MTU of interface vlan0 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 566.193583][T23610] batman_adv: batadv0: Interface activated: vlan0 [ 566.272471][T23585] infiniband syz1: set active [ 566.499696][T23631] bridge4: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 566.908830][T23657] netlink: 'syz.3.6341': attribute type 7 has an invalid length. [ 566.950588][T23657] netlink: 'syz.3.6341': attribute type 8 has an invalid length. [ 567.057388][T23535] chnl_net:caif_netlink_parms(): no params data found [ 567.278354][T23664] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 567.285747][T23664] IPv6: NLM_F_CREATE should be set when creating new route [ 567.447401][T23535] bridge0: port 1(bridge_slave_0) entered blocking state [ 567.454703][T23535] bridge0: port 1(bridge_slave_0) entered disabled state [ 567.463311][T23535] bridge_slave_0: entered allmulticast mode [ 567.494226][ T29] audit: type=1107 audit(1720794367.989:4): pid=23687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='C"o1}DVT<MMrD 4"tCQI9!>/' [ 567.497673][T23535] bridge_slave_0: entered promiscuous mode [ 567.556797][T23691] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6346'. [ 567.569368][T23535] bridge0: port 2(bridge_slave_1) entered blocking state [ 567.602870][T23535] bridge0: port 2(bridge_slave_1) entered disabled state [ 567.627284][T23535] bridge_slave_1: entered allmulticast mode [ 567.650374][T23694] netlink: 76 bytes leftover after parsing attributes in process `syz.3.6350'. [ 567.656232][T23535] bridge_slave_1: entered promiscuous mode [ 567.685958][T23694] netlink: 76 bytes leftover after parsing attributes in process `syz.3.6350'. [ 567.716025][T23694] netlink: 76 bytes leftover after parsing attributes in process `syz.3.6350'. [ 567.769350][T23535] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 567.793714][T23535] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 567.931105][T23535] team0: Port device team_slave_0 added [ 567.962327][T23535] team0: Port device team_slave_1 added [ 568.053518][T23535] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 568.077963][T23535] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 568.119686][T23535] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 568.147663][T23535] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 568.158615][T23535] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 568.168778][T23705] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6354'. [ 568.190460][T23535] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 568.194891][T23068] Bluetooth: hci0: command tx timeout [ 568.234774][T23705] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6354'. [ 568.462633][T23535] hsr_slave_0: entered promiscuous mode [ 568.514778][T23535] hsr_slave_1: entered promiscuous mode [ 568.532467][T23535] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 568.550972][T23535] Cannot create hsr debugfs directory [ 568.727945][T23733] xt_CT: You must specify a L4 protocol and not use inversions on it [ 568.975845][T23740] x_tables: ip6_tables: icmp6 match: only valid for protocol 58 [ 568.998778][ T9705] tipc: Subscription rejected, illegal request [ 569.001723][T23746] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6372'. [ 569.018156][T23745] netlink: 180 bytes leftover after parsing attributes in process `syz.2.6370'. [ 569.062931][T23748] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 0, id = 0 [ 569.074211][T23745] IPVS: stopping backup sync thread 23748 ... [ 569.130067][T23751] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6370'. [ 569.304334][T23758] Cannot find add_set index 0 as target [ 569.676859][T23773] netlink: 'syz.2.6379': attribute type 2 has an invalid length. [ 569.726493][T23775] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6380'. [ 569.764198][T23775] block nbd0: not configured, cannot reconfigure [ 569.783715][T23535] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 569.834181][T23535] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 569.879732][T23535] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 570.015663][T23535] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 570.265479][T23068] Bluetooth: hci0: command tx timeout [ 570.314757][T23535] 8021q: adding VLAN 0 to HW filter on device bond0 [ 570.438090][T23535] 8021q: adding VLAN 0 to HW filter on device team0 [ 570.469345][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 570.476702][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 570.536748][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 570.544004][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 570.577687][T23815] team0: entered promiscuous mode [ 570.585711][T23815] team_slave_0: entered promiscuous mode [ 570.591638][T23815] team_slave_1: entered promiscuous mode [ 570.621468][T23815] team_slave_0: entered allmulticast mode [ 570.668491][T23815] team0: Port device team_slave_0 removed [ 570.725716][T23814] team0: left promiscuous mode [ 570.730566][T23814] team_slave_1: left promiscuous mode [ 570.751253][T23826] tipc: Invalid UDP bearer configuration [ 570.751324][T23826] tipc: Enabling of bearer rejected, failed to enable media [ 570.852868][T23535] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 571.338388][T23535] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 571.737364][T23878] (unnamed net_device) (uninitialized): option lacp_rate: invalid value (128) [ 572.118460][T23894] No such timeout policy "syz0" [ 572.127770][T23535] veth0_vlan: entered promiscuous mode [ 572.166484][T23894] Bluetooth: MGMT ver 1.22 [ 572.180321][T23535] veth1_vlan: entered promiscuous mode [ 572.303318][T23898] xt_CT: You must specify a L4 protocol and not use inversions on it [ 572.330890][T23535] veth0_macvtap: entered promiscuous mode [ 572.376009][T23535] veth1_macvtap: entered promiscuous mode [ 572.464220][T23535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 572.494970][T23535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 572.535783][T23535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 572.567492][T23535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 572.598189][T23535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 572.625005][T23535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 572.657757][T23535] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 572.683714][T23535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 572.711181][T23535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 572.743159][T23535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 572.775593][T23535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 572.783102][T23907] __nla_validate_parse: 6 callbacks suppressed [ 572.783128][T23907] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6424'. [ 572.795622][T23535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 572.828754][T23909] netlink: 105108 bytes leftover after parsing attributes in process `syz.3.6425'. [ 572.830905][T23535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 572.859550][T23909] netlink: 'syz.3.6425': attribute type 1 has an invalid length. [ 572.862780][T23535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 572.887348][T23909] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6425'. [ 572.891856][T23535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 572.917561][T23535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 572.940615][T23535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 572.963044][T23535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 572.991530][T23535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 573.019999][T23535] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 573.055422][T23535] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 573.088045][T23535] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 573.112809][T23535] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 573.138301][T23535] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 573.160816][T23535] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 573.169955][T23535] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 573.404803][T23925] xt_CT: You must specify a L4 protocol and not use inversions on it [ 573.692655][T16358] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 573.723670][T16358] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 573.986917][T16358] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 574.015855][T16358] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 574.050106][T23947] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6438'. [ 574.209725][T23953] netlink: 88 bytes leftover after parsing attributes in process `syz.3.6441'. [ 574.426583][T23959] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6444'. [ 574.448735][T23960] netlink: 'syz.2.6443': attribute type 21 has an invalid length. [ 574.465725][T23960] netlink: 'syz.2.6443': attribute type 20 has an invalid length. [ 574.967109][T23980] netlink: 1260 bytes leftover after parsing attributes in process `syz.3.6452'. [ 575.180720][T23979] FAULT_INJECTION: forcing a failure. [ 575.180720][T23979] name failslab, interval 1, probability 0, space 0, times 0 [ 575.193641][T23979] CPU: 0 PID: 23979 Comm: syz.2.6451 Not tainted 6.10.0-rc7-syzkaller-01603-g80ab5445da62 #0 [ 575.203928][T23979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 575.214025][T23979] Call Trace: [ 575.217341][T23979] [ 575.220316][T23979] dump_stack_lvl+0x241/0x360 [ 575.225048][T23979] ? __pfx_dump_stack_lvl+0x10/0x10 [ 575.230477][T23979] ? __pfx__printk+0x10/0x10 [ 575.235115][T23979] ? pskb_expand_head+0xc89/0x1390 [ 575.240283][T23979] should_fail_ex+0x3b0/0x4e0 [ 575.245014][T23979] ? skb_clone+0x20c/0x390 [ 575.249468][T23979] should_failslab+0x9/0x20 [ 575.254012][T23979] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 575.259441][T23979] skb_clone+0x20c/0x390 [ 575.263731][T23979] bpf_clone_redirect+0xab/0x3d0 [ 575.268714][T23979] bpf_prog_da1e0ee5f8d5c8f5+0x5d/0x62 [ 575.274206][T23979] ? preempt_schedule+0xe1/0xf0 [ 575.274479][T23988] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6450'. [ 575.279173][T23979] ? preempt_schedule_common+0x84/0xd0 [ 575.279212][T23979] ? preempt_schedule+0xe1/0xf0 [ 575.279248][T23979] ? bpf_test_run+0x370/0xa90 [ 575.279276][T23979] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 575.279304][T23979] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 575.279343][T23979] ? bpf_test_run+0x370/0xa90 [ 575.279372][T23979] ? __pfx___cant_migrate+0x10/0x10 [ 575.279398][T23979] ? bpf_test_run+0x370/0xa90 [ 575.279425][T23979] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 575.279453][T23979] ? bpf_test_timer_continue+0x11a/0x350 [ 575.279490][T23979] bpf_test_run+0x4f0/0xa90 [ 575.279516][T23979] ? do_syscall_64+0xf3/0x230 [ 575.279543][T23979] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.279579][T23979] ? bpf_test_run+0x370/0xa90 [ 575.279623][T23979] ? __pfx_bpf_test_run+0x10/0x10 [ 575.279664][T23979] ? eth_type_trans+0x3d1/0x7a0 [ 575.279713][T23979] ? __pfx_eth_type_trans+0x10/0x10 [ 575.279752][T23979] ? bpf_prog_test_run_skb+0x820/0x1820 [ 575.279780][T23979] ? convert___skb_to_skb+0x41/0x620 [ 575.279814][T23979] bpf_prog_test_run_skb+0xc97/0x1820 [ 575.279877][T23979] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 575.279913][T23979] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 575.404678][T23979] bpf_prog_test_run+0x33a/0x3b0 [ 575.409727][T23979] __sys_bpf+0x48d/0x810 [ 575.414022][T23979] ? __pfx___sys_bpf+0x10/0x10 [ 575.418825][T23979] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 575.424842][T23979] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 575.431188][T23979] ? do_syscall_64+0x100/0x230 [ 575.435971][T23979] __x64_sys_bpf+0x7c/0x90 [ 575.440405][T23979] do_syscall_64+0xf3/0x230 [ 575.444921][T23979] ? clear_bhb_loop+0x35/0x90 [ 575.449619][T23979] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 575.455529][T23979] RIP: 0033:0x7fd924f75bd9 [ 575.459959][T23979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 575.479583][T23979] RSP: 002b:00007fd925d30048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 575.488022][T23979] RAX: ffffffffffffffda RBX: 00007fd925103f60 RCX: 00007fd924f75bd9 [ 575.496015][T23979] RDX: 0000000000000028 RSI: 00000000200000c0 RDI: 000000000000000a [ 575.504002][T23979] RBP: 00007fd925d300a0 R08: 0000000000000000 R09: 0000000000000000 [ 575.511988][T23979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 575.520060][T23979] R13: 000000000000000b R14: 00007fd925103f60 R15: 00007fffc3016eb8 [ 575.528247][T23979] [ 575.726131][T23992] netlink: 'syz.3.6455': attribute type 3 has an invalid length. [ 575.733963][T23992] netlink: 130984 bytes leftover after parsing attributes in process `syz.3.6455'. [ 575.774893][T23996] openvswitch: netlink: Flow actions attr not present in new flow. [ 575.880620][T23998] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6458'. [ 576.583822][ T9707] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 576.636783][T24041] netlink: 'syz.2.6473': attribute type 33 has an invalid length. [ 576.649651][T24041] batadv0: entered promiscuous mode [ 576.655120][T24041] batadv0: entered allmulticast mode [ 576.662957][T24041] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 576.977753][ T9707] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 577.039846][ T9707] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 577.100370][ T9707] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 577.199532][ T9707] bridge_slave_1: left allmulticast mode [ 577.205782][ T9707] bridge_slave_1: left promiscuous mode [ 577.211552][ T9707] bridge0: port 2(bridge_slave_1) entered disabled state [ 577.221859][ T9707] bridge_slave_0: left allmulticast mode [ 577.228585][ T9707] bridge_slave_0: left promiscuous mode [ 577.234371][ T9707] bridge0: port 1(bridge_slave_0) entered disabled state [ 577.754083][T24063] openvswitch: netlink: VXLAN extension message has 13 unknown bytes. [ 577.882203][ T5107] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 577.905352][ T5107] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 577.918405][ T5107] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 577.930968][ T5107] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 577.949575][ T5107] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 577.964221][ T5107] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 578.240270][ T9707] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 578.253440][ T9707] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 578.268599][ T9707] bond0 (unregistering): Released all slaves [ 578.300473][T24056] netlink: 'syz.2.6479': attribute type 5 has an invalid length. [ 578.365378][T24071] __nla_validate_parse: 5 callbacks suppressed [ 578.365404][T24071] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6485'. [ 578.403922][T24078] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6487'. [ 578.648167][T24089] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 578.906778][T24096] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6495'. [ 578.963518][T24101] netlink: 'syz.3.6497': attribute type 32 has an invalid length. [ 579.156518][T24105] netlink: 'syz.1.6500': attribute type 3 has an invalid length. [ 579.180173][T24105] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.6500'. [ 579.201843][T24109] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6501'. [ 579.256871][T24114] SET target dimension over the limit! [ 579.513510][T24119] netlink: 316 bytes leftover after parsing attributes in process `syz.2.6504'. [ 579.540807][T24119] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check. [ 579.576885][T24123] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6506'. [ 579.607107][T24125] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6505'. [ 579.728337][ T9707] hsr_slave_0: left promiscuous mode [ 579.738454][ T9707] hsr_slave_1: left promiscuous mode [ 579.771085][ T9707] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 579.789282][ T9707] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 579.817808][ T9707] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 579.833708][ T9707] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 579.902717][ T9707] veth1_macvtap: left promiscuous mode [ 579.909783][ T9707] veth0_macvtap: left promiscuous mode [ 579.915903][ T9707] veth1_vlan: left promiscuous mode [ 579.921492][ T9707] veth0_vlan: left promiscuous mode [ 580.027345][ T5107] Bluetooth: hci0: command tx timeout [ 580.664268][ T9707] team0 (unregistering): Port device team_slave_1 removed [ 580.728501][ T9707] team0 (unregistering): Port device team_slave_0 removed [ 581.396364][T24142] netlink: 92 bytes leftover after parsing attributes in process `syz.2.6513'. [ 581.512422][T24148] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6516'. [ 581.531173][T24066] chnl_net:caif_netlink_parms(): no params data found [ 581.586495][T24150] openvswitch: netlink: ct_state flags 0000ee00 unsupported [ 581.758732][T24164] lo: Caught tx_queue_len zero misconfig [ 581.978419][T24066] bridge0: port 1(bridge_slave_0) entered blocking state [ 582.001220][T24066] bridge0: port 1(bridge_slave_0) entered disabled state [ 582.021404][T24066] bridge_slave_0: entered allmulticast mode [ 582.040487][T24066] bridge_slave_0: entered promiscuous mode [ 582.066043][T24172] netlink: 'syz.0.6523': attribute type 4 has an invalid length. [ 582.111298][ T5107] Bluetooth: hci0: command tx timeout [ 582.112631][T24066] bridge0: port 2(bridge_slave_1) entered blocking state [ 582.164592][T24066] bridge0: port 2(bridge_slave_1) entered disabled state [ 582.196451][T24066] bridge_slave_1: entered allmulticast mode [ 582.205575][T24066] bridge_slave_1: entered promiscuous mode [ 582.330776][T24066] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 582.366049][T24066] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 582.497990][T24066] team0: Port device team_slave_0 added [ 582.570228][T24066] team0: Port device team_slave_1 added [ 582.712685][T24066] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 582.720052][T24066] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 582.757145][T24066] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 582.773046][T24066] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 582.782707][T24066] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 582.860717][T24066] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 583.006442][T24066] hsr_slave_0: entered promiscuous mode [ 583.013663][T24066] hsr_slave_1: entered promiscuous mode [ 583.021041][T24066] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 583.030510][T24066] Cannot create hsr debugfs directory [ 583.194954][T24214] netlink: 'syz.1.6539': attribute type 26 has an invalid length. [ 583.272024][T24215] tun0: tun_chr_ioctl cmd 1074812117 [ 583.322257][T24222] netlink: 'syz.3.6542': attribute type 13 has an invalid length. [ 583.332188][T24222] netlink: 'syz.3.6542': attribute type 58 has an invalid length. [ 583.528422][T24232] netlink: 'syz.0.6545': attribute type 10 has an invalid length. [ 583.644508][T24237] __nla_validate_parse: 5 callbacks suppressed [ 583.644533][T24237] netlink: 104 bytes leftover after parsing attributes in process `syz.1.6548'. [ 583.688614][T24237] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6548'. [ 583.714511][T24237] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6548'. [ 583.801277][T24243] netlink: 'syz.3.6550': attribute type 10 has an invalid length. [ 583.809844][T24245] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6549'. [ 583.810943][T24243] netlink: 132 bytes leftover after parsing attributes in process `syz.3.6550'. [ 584.090690][T24253] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6553'. [ 584.126729][T24253] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6553'. [ 584.148358][T24066] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 584.158252][T24250] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6552'. [ 584.172576][T24066] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 584.185626][ T5107] Bluetooth: hci0: command tx timeout [ 584.193482][T24066] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 584.207019][T24066] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 584.362937][T24066] 8021q: adding VLAN 0 to HW filter on device bond0 [ 584.418580][T24066] 8021q: adding VLAN 0 to HW filter on device team0 [ 584.438085][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 584.445341][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 584.468562][T24261] netlink: 'syz.1.6556': attribute type 4 has an invalid length. [ 584.517455][T24261] netlink: 'syz.1.6556': attribute type 4 has an invalid length. [ 584.551762][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 584.559035][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 584.586619][T24261] tipc: Enabling of bearer rejected, failed to enable media [ 584.634329][T24066] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 584.646246][T24066] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 584.864314][T24276] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6560'. [ 585.509367][T24296] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6565'. [ 585.557270][T24066] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 585.880525][T24313] Cannot find add_set index 0 as target [ 586.027513][T24321] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 586.075930][T24325] block nbd0: not configured, cannot reconfigure [ 586.275802][ T5107] Bluetooth: hci0: command tx timeout [ 586.312186][T24335] netlink: 'syz.2.6582': attribute type 5 has an invalid length. [ 586.740198][T24341] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:15) already exists on: vlan0 [ 586.753925][T24341] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 586.764457][T24341] ip6gretap0: entered promiscuous mode [ 586.795490][T24341] batadv_slave_0: entered promiscuous mode [ 586.803929][T24341] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 586.812193][T24341] Cannot create hsr debugfs directory [ 586.818853][T24343] netlink: 'syz.3.6586': attribute type 15 has an invalid length. [ 586.833902][T24066] veth0_vlan: entered promiscuous mode [ 586.892502][T24066] veth1_vlan: entered promiscuous mode [ 587.046751][T24066] veth0_macvtap: entered promiscuous mode [ 587.078642][T24066] veth1_macvtap: entered promiscuous mode [ 587.158273][T24066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 587.189243][T24066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.214235][T24066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 587.256547][T24066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.275239][T24066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 587.296228][T24066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.320120][T24066] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 587.369659][T24066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 587.387593][T24359] xt_recent: Unsupported userspace flags (00000042) [ 587.401509][T24066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.425302][T24066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 587.469984][T24066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.525259][T24066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 587.547132][T24066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.565231][T24066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 587.596430][T24066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.635765][T24066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 587.655638][T24066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.685439][T24066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 587.717383][T24066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.737755][T24066] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 587.761231][T24066] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 587.787792][T24066] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 587.824540][T24066] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.869321][T24066] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.885589][T24066] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.905514][T24066] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 588.188285][T24347] netlink: 'syz.0.6587': attribute type 4 has an invalid length. [ 588.442594][T24386] syzkaller1: entered promiscuous mode [ 588.448306][T24386] syzkaller1: entered allmulticast mode [ 588.592617][ T9718] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 588.615362][ T9718] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 588.801000][T24408] __nla_validate_parse: 9 callbacks suppressed [ 588.801024][T24408] netlink: 104 bytes leftover after parsing attributes in process `syz.1.6605'. [ 588.853227][T24409] netlink: 14601 bytes leftover after parsing attributes in process `syz.2.6606'. [ 588.969277][T16358] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 589.019245][T16358] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 589.167212][T24419] netlink: 'syz.3.6610': attribute type 1 has an invalid length. [ 589.248917][T24422] netlink: 72 bytes leftover after parsing attributes in process `syz.1.6614'. [ 589.353897][T24424] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6615'. [ 589.488538][T24427] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6615'. [ 590.312788][ T9718] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.599516][ T9718] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.700257][ T9718] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.773894][ T9718] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 590.884050][ T9718] bridge_slave_1: left allmulticast mode [ 590.890148][ T9718] bridge_slave_1: left promiscuous mode [ 590.896999][ T9718] bridge0: port 2(bridge_slave_1) entered disabled state [ 590.907756][ T9718] bridge_slave_0: left allmulticast mode [ 590.913465][ T9718] bridge_slave_0: left promiscuous mode [ 590.919377][ T9718] bridge0: port 1(bridge_slave_0) entered disabled state [ 591.719824][T23068] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 591.731204][ T9718] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 591.732343][T23068] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 591.755334][T23068] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 591.782177][T23068] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 591.795033][ T9718] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 591.795078][T23068] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 591.822327][T23068] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 591.832783][ T9718] bond0 (unregistering): Released all slaves [ 591.876794][T24489] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6636'. [ 591.916568][T24496] syzkaller1: entered promiscuous mode [ 591.943955][T24496] syzkaller1: entered allmulticast mode [ 592.012040][T24506] netlink: 'syz.2.6640': attribute type 8 has an invalid length. [ 592.045033][T24507] netlink: 'syz.2.6640': attribute type 8 has an invalid length. [ 592.089726][T24512] FAULT_INJECTION: forcing a failure. [ 592.089726][T24512] name failslab, interval 1, probability 0, space 0, times 0 [ 592.102665][T24512] CPU: 1 PID: 24512 Comm: syz.3.6642 Not tainted 6.10.0-rc7-syzkaller-01603-g80ab5445da62 #0 [ 592.112879][T24512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 592.122966][T24512] Call Trace: [ 592.126258][T24512] [ 592.129204][T24512] dump_stack_lvl+0x241/0x360 [ 592.133914][T24512] ? __pfx_dump_stack_lvl+0x10/0x10 [ 592.139135][T24512] ? __pfx__printk+0x10/0x10 [ 592.143765][T24512] ? pskb_expand_head+0xc89/0x1390 [ 592.148898][T24512] should_fail_ex+0x3b0/0x4e0 [ 592.153620][T24512] ? skb_clone+0x20c/0x390 [ 592.158069][T24512] should_failslab+0x9/0x20 [ 592.162610][T24512] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 592.168006][T24512] skb_clone+0x20c/0x390 [ 592.172355][T24512] bpf_clone_redirect+0xab/0x3d0 [ 592.177579][T24512] bpf_prog_da1e0ee5f8d5c8f5+0x5d/0x62 [ 592.183067][T24512] ? mark_lock_irq+0x4a0/0xc20 [ 592.187957][T24512] ? timekeeping_get_ns+0x5c/0x420 [ 592.193104][T24512] ? bpf_test_run+0x370/0xa90 [ 592.197805][T24512] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 592.203536][T24512] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 592.209892][T24512] ? ktime_get+0x3c/0xb0 [ 592.214211][T24512] ? bpf_test_run+0x370/0xa90 [ 592.218922][T24512] ? __pfx___cant_migrate+0x10/0x10 [ 592.224138][T24512] ? bpf_test_run+0x370/0xa90 [ 592.228832][T24512] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 592.234768][T24512] ? bpf_test_timer_continue+0x11a/0x350 [ 592.240427][T24512] bpf_test_run+0x4f0/0xa90 [ 592.245059][T24512] ? do_syscall_64+0xf3/0x230 [ 592.249767][T24512] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.255863][T24512] ? bpf_test_run+0x370/0xa90 [ 592.260569][T24512] ? __pfx_bpf_test_run+0x10/0x10 [ 592.265616][T24512] ? eth_type_trans+0x3d1/0x7a0 [ 592.270502][T24512] ? __pfx_eth_type_trans+0x10/0x10 [ 592.275726][T24512] ? bpf_prog_test_run_skb+0x820/0x1820 [ 592.281376][T24512] ? convert___skb_to_skb+0x41/0x620 [ 592.286943][T24512] bpf_prog_test_run_skb+0xc97/0x1820 [ 592.292349][T24512] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 592.298177][T24512] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 592.304003][T24512] bpf_prog_test_run+0x33a/0x3b0 [ 592.308955][T24512] __sys_bpf+0x48d/0x810 [ 592.313223][T24512] ? __pfx___sys_bpf+0x10/0x10 [ 592.318046][T24512] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 592.324042][T24512] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 592.330382][T24512] ? do_syscall_64+0x100/0x230 [ 592.335171][T24512] __x64_sys_bpf+0x7c/0x90 [ 592.339611][T24512] do_syscall_64+0xf3/0x230 [ 592.344161][T24512] ? clear_bhb_loop+0x35/0x90 [ 592.348887][T24512] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.354807][T24512] RIP: 0033:0x7f778d575bd9 [ 592.359236][T24512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 592.378868][T24512] RSP: 002b:00007f778e2ce048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 592.387299][T24512] RAX: ffffffffffffffda RBX: 00007f778d703f60 RCX: 00007f778d575bd9 [ 592.395284][T24512] RDX: 0000000000000028 RSI: 00000000200000c0 RDI: 000000000000000a [ 592.403266][T24512] RBP: 00007f778e2ce0a0 R08: 0000000000000000 R09: 0000000000000000 [ 592.411262][T24512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 592.419240][T24512] R13: 000000000000000b R14: 00007f778d703f60 R15: 00007fff1dfce6a8 [ 592.427238][T24512] [ 592.946249][T24531] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6648'. [ 592.947500][T24525] vlan1: entered promiscuous mode [ 593.233993][T24541] netlink: 'syz.0.6651': attribute type 3 has an invalid length. [ 593.266421][T24541] netlink: 792 bytes leftover after parsing attributes in process `syz.0.6651'. [ 593.486354][T24549] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6656'. [ 593.548111][T24556] netlink: 24 bytes leftover after parsing attributes in process `syz.1.6656'. [ 593.664818][ T9718] hsr_slave_0: left promiscuous mode [ 593.685470][T24561] netlink: 'syz.2.6659': attribute type 11 has an invalid length. [ 593.697059][ T9718] hsr_slave_1: left promiscuous mode [ 593.727353][ T9718] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 593.740110][ T9718] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 593.763664][ T9718] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 593.771655][ T9718] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 593.829161][ T9718] veth1_macvtap: left promiscuous mode [ 593.835188][ T9718] veth0_macvtap: left promiscuous mode [ 593.843699][ T9718] veth1_vlan: left promiscuous mode [ 593.851755][ T9718] veth0_vlan: left promiscuous mode [ 593.875710][ T5107] Bluetooth: hci0: command tx timeout [ 594.769818][ T9718] team0 (unregistering): Port device team_slave_1 removed [ 594.834591][ T9718] team0 (unregistering): Port device team_slave_0 removed [ 595.637428][T24586] netlink: 'syz.0.6666': attribute type 32 has an invalid length. [ 595.641912][T24585] netlink: 'syz.1.6668': attribute type 3 has an invalid length. [ 595.664913][T24585] netlink: 792 bytes leftover after parsing attributes in process `syz.1.6668'. [ 595.716547][T24589] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6667'. [ 595.731262][T24589] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6667'. [ 595.767351][T24589] netlink: 'syz.2.6667': attribute type 4 has an invalid length. [ 595.795347][T24500] chnl_net:caif_netlink_parms(): no params data found [ 595.853208][T24592] Cannot find set identified by id 0 to match [ 595.945582][ T5107] Bluetooth: hci0: command tx timeout [ 596.096601][T24605] mac80211_hwsim hwsim52 wlan0: entered promiscuous mode [ 596.129091][T24605] macvlan0: entered allmulticast mode [ 596.154953][T24605] mac80211_hwsim hwsim52 wlan0: entered allmulticast mode [ 596.191680][T24605] mac80211_hwsim hwsim52 wlan0: left promiscuous mode [ 596.291730][T24500] bridge0: port 1(bridge_slave_0) entered blocking state [ 596.320617][T24500] bridge0: port 1(bridge_slave_0) entered disabled state [ 596.330331][T24617] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 596.340813][T24500] bridge_slave_0: entered allmulticast mode [ 596.342628][T24500] bridge_slave_0: entered promiscuous mode [ 596.390065][T24500] bridge0: port 2(bridge_slave_1) entered blocking state [ 596.409630][T24500] bridge0: port 2(bridge_slave_1) entered disabled state [ 596.430086][T24500] bridge_slave_1: entered allmulticast mode [ 596.439955][T24500] bridge_slave_1: entered promiscuous mode [ 596.636617][T24500] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 596.683706][T24500] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 596.824221][T24500] team0: Port device team_slave_0 added [ 596.855905][ T9718] macvlan0: left allmulticast mode [ 596.869047][ T9718] macvlan0: left promiscuous mode [ 596.915680][ T9718] bridge0: port 2(macvlan0) entered disabled state [ 596.933327][ T9718] hsr0: left allmulticast mode [ 596.945664][ T9718] hsr_slave_0: left allmulticast mode [ 596.955275][ T9718] hsr_slave_1: left allmulticast mode [ 596.960738][ T9718] hsr0: left promiscuous mode [ 596.977381][ T9718] bridge0: port 1(hsr0) entered disabled state [ 597.118892][T24648] netlink: 'syz.2.6691': attribute type 72 has an invalid length. [ 597.135832][T24648] netlink: 'syz.2.6691': attribute type 8 has an invalid length. [ 597.490437][ T9718] ip6gretap0 (unregistering): left promiscuous mode [ 598.026444][ T5107] Bluetooth: hci0: command tx timeout [ 598.272673][ T9718] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 598.281895][ T9718] bond_slave_0: left allmulticast mode [ 598.291280][ T9718] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 598.302993][ T9718] bond_slave_1: left allmulticast mode [ 598.310790][ T9718] bond0 (unregistering): Released all slaves [ 598.328137][ T9718] bond1 (unregistering): Released all slaves [ 598.343857][ T9718] bond2 (unregistering): Released all slaves [ 598.358891][ T9718] bond3 (unregistering): Released all slaves [ 598.384465][ T9718] bond4 (unregistering): Released all slaves [ 598.402994][T24500] team0: Port device team_slave_1 added [ 598.686087][ T9718] : left promiscuous mode [ 598.696268][T24675] netlink: 68 bytes leftover after parsing attributes in process `syz.3.6698'. [ 598.818267][T24500] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 598.833882][T24500] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 598.862439][T24681] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6700'. [ 598.883661][T24500] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 598.896084][T24681] openvswitch: netlink: Flow actions attr not present in new flow. [ 598.905657][T24680] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6699'. [ 598.918591][T24500] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 598.932515][T24500] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 598.936123][T24680] netlink: 56 bytes leftover after parsing attributes in process `syz.3.6699'. [ 598.983130][T24500] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 598.998543][T24680] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6699'. [ 599.016067][T24683] netlink: 'syz.0.6700': attribute type 11 has an invalid length. [ 599.032756][T24683] netlink: 178412 bytes leftover after parsing attributes in process `syz.0.6700'. [ 599.042663][ T9718] ɶƣ0GCTw: left promiscuous mode [ 599.122936][ T9718] ɶƣ0GC: left promiscuous mode [ 599.199658][T24688] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6702'. [ 599.228244][T24688] vlan2: entered promiscuous mode [ 599.233368][T24688] vlan2: entered allmulticast mode [ 599.262629][T24690] netlink: 'syz.3.6703': attribute type 72 has an invalid length. [ 599.278312][T24690] netlink: 'syz.3.6703': attribute type 8 has an invalid length. [ 599.373272][ T9718] tipc: Left network mode [ 599.404024][T24500] hsr_slave_0: entered promiscuous mode [ 599.430693][T24500] hsr_slave_1: entered promiscuous mode [ 599.454002][T24500] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 599.484916][T24500] Cannot create hsr debugfs directory [ 599.518284][T24697] bond0: entered promiscuous mode [ 599.525777][T24697] bond_slave_0: entered promiscuous mode [ 599.531707][T24697] bond_slave_1: entered promiscuous mode [ 599.561305][T24697] bond0: left promiscuous mode [ 599.572989][T24697] bond_slave_0: left promiscuous mode [ 599.583007][T24697] bond_slave_1: left promiscuous mode [ 599.761369][T24708] hsr0: entered promiscuous mode [ 599.775914][T24708] macsec1: entered promiscuous mode [ 599.788549][T24708] macsec1: entered allmulticast mode [ 599.804612][T24708] hsr0: entered allmulticast mode [ 599.812415][T24708] hsr_slave_0: entered allmulticast mode [ 599.825413][T24708] hsr_slave_1: entered allmulticast mode [ 599.830456][T24712] x_tables: duplicate underflow at hook 3 [ 599.842590][T24708] hsr0: left allmulticast mode [ 599.851603][T24708] hsr_slave_0: left allmulticast mode [ 599.866883][T24708] hsr_slave_1: left allmulticast mode [ 600.106618][ T5107] Bluetooth: hci0: command tx timeout [ 600.182641][T24723] netlink: 'syz.0.6716': attribute type 10 has an invalid length. [ 600.365904][T24729] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes. [ 600.454606][T24732] block nbd0: not configured, cannot reconfigure [ 600.951076][T24751] __nla_validate_parse: 4 callbacks suppressed [ 600.951098][T24751] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6726'. [ 601.191782][T24761] netlink: 'syz.3.6728': attribute type 11 has an invalid length. [ 601.201772][T24761] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6728'. [ 601.255615][T24756] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6728'. [ 601.267212][T24756] netlink: 2 bytes leftover after parsing attributes in process `syz.3.6728'. [ 601.284200][T24761] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6728'. [ 601.316271][T24761] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 601.323883][T24761] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 602.392904][T24773] netlink: 'syz.1.6735': attribute type 33 has an invalid length. [ 602.543439][ T9718] batadv_slave_0: left promiscuous mode [ 602.579070][T24783] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 602.601713][T24784] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 602.606605][ T9718] hsr_slave_0: left promiscuous mode [ 602.640297][ T9718] hsr_slave_1: left promiscuous mode [ 602.652118][ T9718] batman_adv: batadv0: Removing interface: team0 [ 602.660508][ T9718] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 602.668473][ T9718] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 602.678759][ T9718] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 602.686598][ T9718] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 602.700938][ T9718] dummy0: left promiscuous mode [ 602.707598][ T9718] veth0_macvtap: left promiscuous mode [ 602.718573][T24788] netlink: 'syz.1.6740': attribute type 1 has an invalid length. [ 602.734280][T24788] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6740'. [ 603.279427][ T9718] team0 (unregistering): Port device team_slave_1 removed [ 603.352580][ T9718] team0 (unregistering): Port device team_slave_0 removed [ 604.071852][T24791] netlink: 'syz.1.6741': attribute type 13 has an invalid length. [ 604.090317][T24791] netlink: 'syz.1.6741': attribute type 58 has an invalid length. [ 604.125650][T24791] netlink: 152 bytes leftover after parsing attributes in process `syz.1.6741'. [ 604.149445][T24500] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 604.280676][T24500] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 604.329307][T24500] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 604.425884][T24500] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 604.599227][T24809] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6746'. [ 604.701591][ T9718] IPVS: stop unused estimator thread 0... [ 604.908449][T24500] 8021q: adding VLAN 0 to HW filter on device bond0 [ 605.007658][T24500] 8021q: adding VLAN 0 to HW filter on device team0 [ 605.056254][T20107] bridge0: port 1(bridge_slave_0) entered blocking state [ 605.063450][T20107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 605.135788][T20107] bridge0: port 2(bridge_slave_1) entered blocking state [ 605.143032][T20107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 605.166690][T24823] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6751'. [ 605.863725][T24854] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6760'. [ 605.908639][T24500] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 606.101647][T24864] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6761'. [ 606.216676][T24870] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6763'. [ 609.275645][T24898] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6768'. [ 609.407734][T24500] veth0_vlan: entered promiscuous mode [ 609.503658][T24500] veth1_vlan: entered promiscuous mode [ 609.604239][T24500] veth0_macvtap: entered promiscuous mode [ 609.632186][T24500] veth1_macvtap: entered promiscuous mode [ 609.693822][T24500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.716452][T24500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.738857][T24500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 609.756459][T24500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.777570][T24500] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 609.805380][T24500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 609.831217][T24500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.857424][T24500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 609.887559][T24500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.911007][T24500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 609.932345][T24500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.936621][T24918] netlink: 32 bytes leftover after parsing attributes in process `syz.2.6776'. [ 609.951564][T24500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 609.951596][T24500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.951619][T24500] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 609.951637][T24500] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 609.959923][T24500] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 610.049133][T24916] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6775'. [ 610.073732][T24500] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.103600][T24500] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.128945][T24500] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.146870][T24500] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.457022][T16358] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 610.474305][T16358] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 610.579677][ T9705] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 610.596814][ T9705] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 610.697875][T24937] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6781'. [ 611.133252][T24954] netlink: 4768 bytes leftover after parsing attributes in process `syz.3.6785'. [ 611.647079][T24977] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6794'. [ 611.701332][T24979] netlink: 'syz.0.6795': attribute type 26 has an invalid length. [ 611.783281][T24981] netlink: 48 bytes leftover after parsing attributes in process `syz.1.6796'. [ 611.824068][T24981] netlink: 48 bytes leftover after parsing attributes in process `syz.1.6796'. [ 611.878322][T24983] IPVS: lblc: SCTP 127.0.0.1:0 - no destination available [ 611.883712][T24981] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6796'. [ 612.096485][T16356] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 612.596151][T16356] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 612.691423][T16356] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 612.891214][T16356] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.101827][T24997] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6803'. [ 613.177903][T25001] netlink: 24 bytes leftover after parsing attributes in process `syz.3.6805'. [ 613.245586][T16356] bridge_slave_1: left allmulticast mode [ 613.273209][T16356] bridge_slave_1: left promiscuous mode [ 613.283983][T16356] bridge0: port 2(bridge_slave_1) entered disabled state [ 613.310286][T16356] bridge_slave_0: left allmulticast mode [ 613.320655][T16356] bridge_slave_0: left promiscuous mode [ 613.338824][T16356] bridge0: port 1(bridge_slave_0) entered disabled state [ 613.364137][T23068] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 613.381943][T23068] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 613.393661][T23068] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 613.408053][T23068] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 613.419026][T23068] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 613.427065][T23068] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 613.552490][T25024] IPVS: lblc: SCTP 127.0.0.1:0 - no destination available [ 614.175021][T16356] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 614.198746][T16356] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 614.219444][T16356] bond0 (unregistering): Released all slaves [ 614.261360][T25022] netlink: 48 bytes leftover after parsing attributes in process `syz.1.6810'. [ 614.279281][T25022] netlink: 48 bytes leftover after parsing attributes in process `syz.1.6810'. [ 614.291186][T25022] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6810'. [ 615.378504][T25074] IPVS: sh: SCTP 127.0.0.1:0 - no destination available [ 615.419322][T16356] hsr_slave_0: left promiscuous mode [ 615.435291][T16356] hsr_slave_1: left promiscuous mode [ 615.459881][T16356] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 615.466084][ T5107] Bluetooth: hci0: command tx timeout [ 615.483743][T16356] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 615.508920][T16356] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 615.516696][T16356] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 615.553273][T16356] veth1_macvtap: left promiscuous mode [ 615.559028][T16356] veth0_macvtap: left promiscuous mode [ 615.564748][T16356] veth1_vlan: left promiscuous mode [ 615.570637][T16356] veth0_vlan: left promiscuous mode [ 615.988000][T25085] IPVS: lblc: SCTP 127.0.0.1:0 - no destination available [ 616.939343][T16356] team0 (unregistering): Port device team_slave_1 removed [ 617.001975][T16356] team0 (unregistering): Port device team_slave_0 removed [ 617.552049][ T5107] Bluetooth: hci0: command tx timeout [ 617.652842][T25073] __nla_validate_parse: 8 callbacks suppressed [ 617.652866][T25073] netlink: 132 bytes leftover after parsing attributes in process `syz.2.6828'. [ 617.682276][T25012] chnl_net:caif_netlink_parms(): no params data found [ 617.699942][T25084] netlink: 48 bytes leftover after parsing attributes in process `syz.1.6833'. [ 617.725592][T25084] netlink: 48 bytes leftover after parsing attributes in process `syz.1.6833'. [ 617.762688][T25084] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6833'. [ 617.789336][T25091] netlink: 'syz.0.6836': attribute type 15 has an invalid length. [ 617.845633][T25096] netlink: 36 bytes leftover after parsing attributes in process `syz.3.6838'. [ 618.184017][T25115] netlink: 60 bytes leftover after parsing attributes in process `syz.2.6844'. [ 618.206017][T25012] bridge0: port 1(bridge_slave_0) entered blocking state [ 618.213318][T25012] bridge0: port 1(bridge_slave_0) entered disabled state [ 618.234224][T25012] bridge_slave_0: entered allmulticast mode [ 618.266118][T25012] bridge_slave_0: entered promiscuous mode [ 618.307050][T25012] bridge0: port 2(bridge_slave_1) entered blocking state [ 618.314269][T25012] bridge0: port 2(bridge_slave_1) entered disabled state [ 618.353346][T25012] bridge_slave_1: entered allmulticast mode [ 618.382809][T25012] bridge_slave_1: entered promiscuous mode [ 618.403490][T25113] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6842'. [ 618.546681][T25012] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 618.579619][T25012] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 618.718195][T25012] team0: Port device team_slave_0 added [ 618.732010][T25137] netlink: 48 bytes leftover after parsing attributes in process `syz.2.6851'. [ 618.741939][T25137] netlink: 48 bytes leftover after parsing attributes in process `syz.2.6851'. [ 618.751220][T25137] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6851'. [ 618.763784][T25012] team0: Port device team_slave_1 added [ 618.904305][T25012] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 618.918976][T25145] netlink: 'syz.0.6853': attribute type 3 has an invalid length. [ 618.932058][T25012] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 618.966410][T25012] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 618.991073][T25012] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 619.003095][T25012] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 619.045647][T25012] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 619.118613][T25012] hsr_slave_0: entered promiscuous mode [ 619.126568][T25012] hsr_slave_1: entered promiscuous mode [ 619.220476][T25162] openvswitch: netlink: Flow actions attr not present in new flow. [ 619.494482][T25171] IPVS: sh: SCTP 127.0.0.1:0 - no destination available [ 619.625849][ T5107] Bluetooth: hci0: command tx timeout [ 620.515910][T25012] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 620.529177][T25012] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 620.566830][T25012] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 620.599925][T25012] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 620.636567][T25222] netlink: 'syz.1.6883': attribute type 5 has an invalid length. [ 620.688213][T25223] No such timeout policy "syz0" [ 620.757984][T25226] netlink: 'syz.1.6885': attribute type 1 has an invalid length. [ 620.877918][T25012] 8021q: adding VLAN 0 to HW filter on device bond0 [ 620.952984][T25012] 8021q: adding VLAN 0 to HW filter on device team0 [ 621.008314][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 621.015565][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 621.034947][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 621.042266][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 621.101891][T25242] netlink: 'syz.1.6891': attribute type 29 has an invalid length. [ 621.181459][T25012] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 621.501300][T25260] xt_CT: You must specify a L4 protocol and not use inversions on it [ 621.589748][T25012] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 621.706718][ T5107] Bluetooth: hci0: command tx timeout [ 621.864418][T25275] tun0: tun_chr_ioctl cmd 1074025673 [ 621.880416][T25278] tun0: tun_chr_ioctl cmd 1074812117 [ 622.128080][T25292] netlink: 'syz.1.6906': attribute type 32 has an invalid length. [ 622.210552][T25012] veth0_vlan: entered promiscuous mode [ 622.240960][T25296] netlink: 'syz.3.6907': attribute type 30 has an invalid length. [ 622.254303][T25012] veth1_vlan: entered promiscuous mode [ 622.391421][T25012] veth0_macvtap: entered promiscuous mode [ 622.451742][T25012] veth1_macvtap: entered promiscuous mode [ 622.562483][T25312] x_tables: duplicate entry at hook 1 [ 622.570167][T25012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 622.586951][T25012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 622.603263][T25012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 622.626309][T25012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 622.647172][T25012] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 622.692175][T25012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 622.720800][T25012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 622.738493][T25012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 622.755690][T25012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 622.775390][T25012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 622.803068][T25012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 622.823514][T25012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 622.849492][T25012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 622.870374][T25012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 622.895220][T25012] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 622.915517][T25012] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 622.923989][T25316] __nla_validate_parse: 13 callbacks suppressed [ 622.924012][T25316] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6913'. [ 622.982352][T25012] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 623.005369][T25012] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 623.014451][T25012] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 623.026401][T25012] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 623.050029][T25333] netlink: 160 bytes leftover after parsing attributes in process `syz.0.6917'. [ 623.077986][T25335] xt_recent: hitcount (4294967293) is larger than allowed maximum (65535) [ 623.090818][T25336] xt_recent: hitcount (4294967293) is larger than allowed maximum (65535) [ 623.285656][T25342] netlink: 'syz.2.6921': attribute type 2 has an invalid length. [ 623.293471][T25342] netlink: 'syz.2.6921': attribute type 2 has an invalid length. [ 623.296081][T25339] Bluetooth: MGMT ver 1.22 [ 623.320762][T15294] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 623.334473][T25339] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes [ 623.342897][T15294] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 623.421179][ T9705] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 623.444379][ T9705] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 623.582080][T25348] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 623.604700][T25351] FAULT_INJECTION: forcing a failure. [ 623.604700][T25351] name failslab, interval 1, probability 0, space 0, times 0 [ 623.639800][T25351] CPU: 1 PID: 25351 Comm: syz.0.6924 Not tainted 6.10.0-rc7-syzkaller-01603-g80ab5445da62 #0 [ 623.650025][T25351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 623.660097][T25351] Call Trace: [ 623.663408][T25351] [ 623.666384][T25351] dump_stack_lvl+0x241/0x360 [ 623.671120][T25351] ? __pfx_dump_stack_lvl+0x10/0x10 [ 623.676364][T25351] ? __pfx__printk+0x10/0x10 [ 623.681035][T25351] ? ref_tracker_alloc+0x332/0x490 [ 623.686164][T25351] should_fail_ex+0x3b0/0x4e0 [ 623.690868][T25351] ? skb_clone+0x20c/0x390 [ 623.695327][T25351] should_failslab+0x9/0x20 [ 623.699873][T25351] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 623.705305][T25351] skb_clone+0x20c/0x390 [ 623.709608][T25351] __netlink_deliver_tap+0x3cc/0x7c0 [ 623.714987][T25351] ? netlink_deliver_tap+0x2e/0x1b0 [ 623.720737][T25351] netlink_deliver_tap+0x19d/0x1b0 [ 623.726129][T25351] netlink_unicast+0x7be/0x990 [ 623.731037][T25351] ? __pfx_netlink_unicast+0x10/0x10 [ 623.736366][T25351] ? __virt_addr_valid+0x183/0x530 [ 623.741515][T25351] ? __check_object_size+0x49c/0x900 [ 623.746896][T25351] ? bpf_lsm_netlink_send+0x9/0x10 [ 623.752156][T25351] netlink_sendmsg+0x8e4/0xcb0 [ 623.757091][T25351] ? __pfx_netlink_sendmsg+0x10/0x10 [ 623.762423][T25351] ? __import_iovec+0x536/0x820 [ 623.767324][T25351] ? aa_sock_msg_perm+0x91/0x160 [ 623.772285][T25351] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 623.777645][T25351] ? security_socket_sendmsg+0x87/0xb0 [ 623.783211][T25351] ? __pfx_netlink_sendmsg+0x10/0x10 [ 623.788524][T25351] __sock_sendmsg+0x221/0x270 [ 623.793222][T25351] ____sys_sendmsg+0x525/0x7d0 [ 623.798110][T25351] ? __pfx_____sys_sendmsg+0x10/0x10 [ 623.803455][T25351] __sys_sendmsg+0x2b0/0x3a0 [ 623.808077][T25351] ? __pfx___sys_sendmsg+0x10/0x10 [ 623.813209][T25351] ? vfs_write+0x7c4/0xc90 [ 623.817725][T25351] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 623.824113][T25351] ? do_syscall_64+0x100/0x230 [ 623.828939][T25351] ? do_syscall_64+0xb6/0x230 [ 623.833643][T25351] do_syscall_64+0xf3/0x230 [ 623.838161][T25351] ? clear_bhb_loop+0x35/0x90 [ 623.842861][T25351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.848791][T25351] RIP: 0033:0x7f83d8775bd9 [ 623.853241][T25351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 623.873067][T25351] RSP: 002b:00007f83d9460048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 623.881497][T25351] RAX: ffffffffffffffda RBX: 00007f83d8903f60 RCX: 00007f83d8775bd9 [ 623.889509][T25351] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 623.897512][T25351] RBP: 00007f83d94600a0 R08: 0000000000000000 R09: 0000000000000000 [ 623.905625][T25351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 623.913635][T25351] R13: 000000000000004d R14: 00007f83d8903f60 R15: 00007ffe3c704648 [ 623.921639][T25351] [ 624.219994][T25365] netlink: 'syz.2.6929': attribute type 1 has an invalid length. [ 624.229763][T25365] netlink: 9388 bytes leftover after parsing attributes in process `syz.2.6929'. [ 624.252818][T25365] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6929'. [ 624.282096][T25368] netlink: 'syz.1.6931': attribute type 10 has an invalid length. [ 624.629058][T25378] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6936'. [ 624.718032][T25379] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6935'. [ 624.858810][ T9707] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 624.931827][ T5103] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 624.944111][ T5103] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 624.953685][ T5103] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 624.968650][ T5103] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 624.979610][ T5103] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 624.994826][ T5103] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 625.070129][ T9707] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.239256][ T9707] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.342570][ T9707] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.469275][T25394] netlink: 104 bytes leftover after parsing attributes in process `syz.1.6939'. [ 625.517056][T25394] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6939'. [ 625.557370][T25394] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6939'. [ 625.590523][T25400] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6940'. [ 625.714130][ T9707] ================================================================== [ 625.722353][ T9707] BUG: KFENCE: use-after-free read in xfrmi_exit_batch_rtnl+0x9e/0x2e0 [ 625.722353][ T9707] [ 625.732907][ T9707] Use-after-free read at 0xffff88823bd98cc8 (in kfence-#203): [ 625.740439][ T9707] xfrmi_exit_batch_rtnl+0x9e/0x2e0 [ 625.745774][ T9707] cleanup_net+0x709/0xcc0 [ 625.750239][ T9707] process_scheduled_works+0xa2c/0x1830 [ 625.755909][ T9707] worker_thread+0x86d/0xd50 [ 625.760556][ T9707] kthread+0x2f0/0x390 [ 625.764655][ T9707] ret_from_fork+0x4b/0x80 [ 625.769105][ T9707] ret_from_fork_asm+0x1a/0x30 [ 625.774005][ T9707] [ 625.776448][ T9707] kfence-#203: 0xffff88823bd98000-0xffff88823bd980b7, size=184, cache=rtable [ 625.776448][ T9707] [ 625.787489][ T9707] allocated by task 0 on cpu 1 at 618.745684s: [ 625.794012][ T9707] dst_alloc+0x12b/0x190 [ 625.798267][ T9707] ip_route_output_key_hash_rcu+0x13cc/0x2390 [ 625.804343][ T9707] ip_route_output_key_hash+0x193/0x2b0 [ 625.809898][ T9707] ip_route_output_flow+0x29/0x140 [ 625.815020][ T9707] tipc_udp_xmit+0x225/0xa10 [ 625.819618][ T9707] tipc_bearer_xmit_skb+0x2f5/0x460 [ 625.824830][ T9707] tipc_disc_timeout+0x5ee/0x760 [ 625.829784][ T9707] call_timer_fn+0x18e/0x650 [ 625.834395][ T9707] __run_timer_base+0x66a/0x8e0 [ 625.839346][ T9707] run_timer_softirq+0xb7/0x170 [ 625.844290][ T9707] handle_softirqs+0x2c4/0x970 [ 625.849064][ T9707] __irq_exit_rcu+0xf4/0x1c0 [ 625.853664][ T9707] irq_exit_rcu+0x9/0x30 [ 625.857910][ T9707] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 625.863579][ T9707] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 625.869570][ T9707] acpi_safe_halt+0x21/0x30 [ 625.874085][ T9707] acpi_idle_enter+0xe4/0x140 [ 625.878771][ T9707] cpuidle_enter_state+0x112/0x480 [ 625.884003][ T9707] cpuidle_enter+0x5d/0xa0 [ 625.888439][ T9707] do_idle+0x375/0x5d0 [ 625.892515][ T9707] cpu_startup_entry+0x42/0x60 [ 625.897284][ T9707] __pfx_ap_starting+0x0/0x10 [ 625.902143][ T9707] common_startup_64+0x13e/0x147 [ 625.907087][ T9707] [ 625.909411][ T9707] freed by task 24 on cpu 1 at 625.036544s: [ 625.915319][ T9707] dst_destroy+0x2ac/0x460 [ 625.919834][ T9707] rcu_core+0xafd/0x1830 [ 625.924081][ T9707] handle_softirqs+0x2c4/0x970 [ 625.928849][ T9707] run_ksoftirqd+0xca/0x130 [ 625.933443][ T9707] smpboot_thread_fn+0x544/0xa30 [ 625.938388][ T9707] kthread+0x2f0/0x390 [ 625.942489][ T9707] ret_from_fork+0x4b/0x80 [ 625.946912][ T9707] ret_from_fork_asm+0x1a/0x30 [ 625.951684][ T9707] [ 625.954009][ T9707] CPU: 1 PID: 9707 Comm: kworker/u8:17 Not tainted 6.10.0-rc7-syzkaller-01603-g80ab5445da62 #0 [ 625.964339][ T9707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 625.974423][ T9707] Workqueue: netns cleanup_net [ 625.979211][ T9707] RIP: 0010:xfrmi_exit_batch_rtnl+0x9e/0x2e0 [ 625.985207][ T9707] Code: 02 00 00 48 89 2c 24 48 89 5c 24 08 48 8d bb 58 ff ff ff 8b 35 43 13 8a 05 e8 ae c6 ff ff 49 89 c4 45 31 ff 4b 8d 1c fc eb 0c <48> 8b 7d 00 4c 89 ee e8 a6 38 35 ff e8 31 c7 64 01 89 c5 31 ff 89 [ 626.004822][ T9707] RSP: 0018:ffffc90009a1fa78 EFLAGS: 00010246 [ 626.010901][ T9707] RAX: 1ffff110477b3199 RBX: ffff88823bd98cc0 RCX: ffff88806a2d3c00 [ 626.018877][ T9707] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 626.026855][ T9707] RBP: ffff88823bd98cc8 R08: ffffffff895f1486 R09: 1ffffffff1f5c5c5 [ 626.034838][ T9707] R10: dffffc0000000000 R11: fffffbfff1f5c5c6 R12: ffff88801dd4a000 [ 626.042813][ T9707] R13: ffffc90009a1fb40 R14: dffffc0000000000 R15: 00000000000000c3 [ 626.050814][ T9707] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 626.059752][ T9707] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 626.066340][ T9707] CR2: ffff88823bd98cc8 CR3: 000000004e4ea000 CR4: 00000000003506f0 [ 626.074424][ T9707] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 626.082398][ T9707] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 626.090392][ T9707] Call Trace: [ 626.093675][ T9707] [ 626.096610][ T9707] ? kfence_report_error+0x8aa/0xd10 [ 626.101933][ T9707] ? mark_lock+0x9a/0x350 [ 626.106383][ T9707] ? __pfx_kfence_report_error+0x10/0x10 [ 626.112125][ T9707] ? xfrmi_exit_batch_rtnl+0x9e/0x2e0 [ 626.117615][ T9707] ? cleanup_net+0x709/0xcc0 [ 626.122225][ T9707] ? process_scheduled_works+0xa2c/0x1830 [ 626.127950][ T9707] ? worker_thread+0x86d/0xd50 [ 626.132739][ T9707] ? kthread+0x2f0/0x390 [ 626.137105][ T9707] ? ret_from_fork+0x4b/0x80 [ 626.141726][ T9707] ? ret_from_fork_asm+0x1a/0x30 [ 626.146709][ T9707] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 626.152181][ T9707] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 626.158087][ T9707] ? search_extable+0xb3/0x100 [ 626.162864][ T9707] ? __pfx_search_extable+0x10/0x10 [ 626.168079][ T9707] ? kfence_handle_page_fault+0x3e0/0x4a0 [ 626.173935][ T9707] ? search_bpf_extables+0x26/0x3f0 [ 626.179267][ T9707] ? page_fault_oops+0x1a0/0xcc0 [ 626.184215][ T9707] ? mark_lock+0x9a/0x350 [ 626.188566][ T9707] ? __lock_acquire+0x1346/0x1fd0 [ 626.193684][ T9707] ? __pfx_page_fault_oops+0x10/0x10 [ 626.198987][ T9707] ? is_prefetch+0x4ed/0x780 [ 626.203674][ T9707] ? mark_lock+0x9a/0x350 [ 626.208020][ T9707] ? __pfx_is_prefetch+0x10/0x10 [ 626.212968][ T9707] ? __lock_acquire+0x1346/0x1fd0 [ 626.218007][ T9707] ? __bad_area_nosemaphore+0x118/0x770 [ 626.223565][ T9707] ? __pfx___bad_area_nosemaphore+0x10/0x10 [ 626.229483][ T9707] ? spurious_kernel_fault+0x11e/0x5d0 [ 626.234955][ T9707] ? exc_page_fault+0x5c8/0x8c0 [ 626.239817][ T9707] ? asm_exc_page_fault+0x26/0x30 [ 626.244855][ T9707] ? lockdep_rtnl_is_held+0x26/0x40 [ 626.250073][ T9707] ? xfrmi_exit_batch_rtnl+0x9e/0x2e0 [ 626.255493][ T9707] ? xfrmi_exit_batch_rtnl+0x147/0x2e0 [ 626.260969][ T9707] ? __pfx_xfrmi_exit_batch_rtnl+0x10/0x10 [ 626.266789][ T9707] cleanup_net+0x709/0xcc0 [ 626.271224][ T9707] ? __pfx_cleanup_net+0x10/0x10 [ 626.276182][ T9707] ? process_scheduled_works+0x945/0x1830 [ 626.281912][ T9707] process_scheduled_works+0xa2c/0x1830 [ 626.287565][ T9707] ? __pfx_process_scheduled_works+0x10/0x10 [ 626.293593][ T9707] ? assign_work+0x364/0x3d0 [ 626.298210][ T9707] worker_thread+0x86d/0xd50 [ 626.302830][ T9707] ? __kthread_parkme+0x169/0x1d0 [ 626.307885][ T9707] ? __pfx_worker_thread+0x10/0x10 [ 626.313098][ T9707] kthread+0x2f0/0x390 [ 626.317181][ T9707] ? __pfx_worker_thread+0x10/0x10 [ 626.322496][ T9707] ? __pfx_kthread+0x10/0x10 [ 626.327129][ T9707] ret_from_fork+0x4b/0x80 [ 626.331574][ T9707] ? __pfx_kthread+0x10/0x10 [ 626.336184][ T9707] ret_from_fork_asm+0x1a/0x30 [ 626.341144][ T9707] [ 626.344177][ T9707] ================================================================== [ 626.352327][ T9707] Kernel panic - not syncing: KFENCE: panic_on_warn set ... [ 626.360389][ T9707] CPU: 1 PID: 9707 Comm: kworker/u8:17 Not tainted 6.10.0-rc7-syzkaller-01603-g80ab5445da62 #0 [ 626.370756][ T9707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 626.380823][ T9707] Workqueue: netns cleanup_net [ 626.385612][ T9707] Call Trace: [ 626.388899][ T9707] [ 626.391839][ T9707] dump_stack_lvl+0x241/0x360 [ 626.396535][ T9707] ? __pfx_dump_stack_lvl+0x10/0x10 [ 626.401745][ T9707] ? __pfx__printk+0x10/0x10 [ 626.406353][ T9707] ? vprintk_emit+0x631/0x770 [ 626.411052][ T9707] ? vscnprintf+0x5d/0x90 [ 626.415401][ T9707] panic+0x349/0x860 [ 626.419494][ T9707] ? check_panic_on_warn+0x21/0xb0 [ 626.424630][ T9707] ? __pfx_panic+0x10/0x10 [ 626.429058][ T9707] ? _printk+0xd5/0x120 [ 626.433232][ T9707] ? __pfx__printk+0x10/0x10 [ 626.437933][ T9707] check_panic_on_warn+0x86/0xb0 [ 626.442889][ T9707] kfence_report_error+0x998/0xd10 [ 626.448020][ T9707] ? mark_lock+0x9a/0x350 [ 626.452462][ T9707] ? __pfx_kfence_report_error+0x10/0x10 [ 626.458116][ T9707] ? xfrmi_exit_batch_rtnl+0x9e/0x2e0 [ 626.463681][ T9707] ? cleanup_net+0x709/0xcc0 [ 626.468287][ T9707] ? process_scheduled_works+0xa2c/0x1830 [ 626.474018][ T9707] ? worker_thread+0x86d/0xd50 [ 626.478793][ T9707] ? kthread+0x2f0/0x390 [ 626.483052][ T9707] ? ret_from_fork+0x4b/0x80 [ 626.487659][ T9707] ? ret_from_fork_asm+0x1a/0x30 [ 626.492654][ T9707] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 626.498332][ T9707] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 626.504242][ T9707] ? search_extable+0xb3/0x100 [ 626.509033][ T9707] ? __pfx_search_extable+0x10/0x10 [ 626.514267][ T9707] kfence_handle_page_fault+0x3e0/0x4a0 [ 626.519925][ T9707] ? search_bpf_extables+0x26/0x3f0 [ 626.525156][ T9707] page_fault_oops+0x1a0/0xcc0 [ 626.530035][ T9707] ? mark_lock+0x9a/0x350 [ 626.534381][ T9707] ? __lock_acquire+0x1346/0x1fd0 [ 626.539531][ T9707] ? __pfx_page_fault_oops+0x10/0x10 [ 626.544854][ T9707] ? is_prefetch+0x4ed/0x780 [ 626.549459][ T9707] ? mark_lock+0x9a/0x350 [ 626.553808][ T9707] ? __pfx_is_prefetch+0x10/0x10 [ 626.558765][ T9707] ? __lock_acquire+0x1346/0x1fd0 [ 626.563899][ T9707] __bad_area_nosemaphore+0x118/0x770 [ 626.569303][ T9707] ? __pfx___bad_area_nosemaphore+0x10/0x10 [ 626.575221][ T9707] ? spurious_kernel_fault+0x11e/0x5d0 [ 626.580724][ T9707] exc_page_fault+0x5c8/0x8c0 [ 626.585546][ T9707] asm_exc_page_fault+0x26/0x30 [ 626.590433][ T9707] RIP: 0010:xfrmi_exit_batch_rtnl+0x9e/0x2e0 [ 626.596437][ T9707] Code: 02 00 00 48 89 2c 24 48 89 5c 24 08 48 8d bb 58 ff ff ff 8b 35 43 13 8a 05 e8 ae c6 ff ff 49 89 c4 45 31 ff 4b 8d 1c fc eb 0c <48> 8b 7d 00 4c 89 ee e8 a6 38 35 ff e8 31 c7 64 01 89 c5 31 ff 89 [ 626.616147][ T9707] RSP: 0018:ffffc90009a1fa78 EFLAGS: 00010246 [ 626.622231][ T9707] RAX: 1ffff110477b3199 RBX: ffff88823bd98cc0 RCX: ffff88806a2d3c00 [ 626.630213][ T9707] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 626.638372][ T9707] RBP: ffff88823bd98cc8 R08: ffffffff895f1486 R09: 1ffffffff1f5c5c5 [ 626.646390][ T9707] R10: dffffc0000000000 R11: fffffbfff1f5c5c6 R12: ffff88801dd4a000 [ 626.654381][ T9707] R13: ffffc90009a1fb40 R14: dffffc0000000000 R15: 00000000000000c3 [ 626.662393][ T9707] ? lockdep_rtnl_is_held+0x26/0x40 [ 626.667648][ T9707] ? xfrmi_exit_batch_rtnl+0x147/0x2e0 [ 626.673139][ T9707] ? __pfx_xfrmi_exit_batch_rtnl+0x10/0x10 [ 626.678965][ T9707] cleanup_net+0x709/0xcc0 [ 626.683463][ T9707] ? __pfx_cleanup_net+0x10/0x10 [ 626.688439][ T9707] ? process_scheduled_works+0x945/0x1830 [ 626.694197][ T9707] process_scheduled_works+0xa2c/0x1830 [ 626.699954][ T9707] ? __pfx_process_scheduled_works+0x10/0x10 [ 626.705968][ T9707] ? assign_work+0x364/0x3d0 [ 626.710592][ T9707] worker_thread+0x86d/0xd50 [ 626.715229][ T9707] ? __kthread_parkme+0x169/0x1d0 [ 626.720285][ T9707] ? __pfx_worker_thread+0x10/0x10 [ 626.725417][ T9707] kthread+0x2f0/0x390 [ 626.729501][ T9707] ? __pfx_worker_thread+0x10/0x10 [ 626.734620][ T9707] ? __pfx_kthread+0x10/0x10 [ 626.739228][ T9707] ret_from_fork+0x4b/0x80 [ 626.743660][ T9707] ? __pfx_kthread+0x10/0x10 [ 626.748266][ T9707] ret_from_fork_asm+0x1a/0x30 [ 626.753063][ T9707] [ 626.756376][ T9707] Kernel Offset: disabled [ 626.761296][ T9707] Rebooting in 86400 seconds..