last executing test programs: 1m5.059805628s ago: executing program 1 (id=4386): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x20, 0x52, 0x1, 0x0, 0x0, {0xa}, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0xfffffffe}]}, 0x20}}, 0x40010) 51.756612809s ago: executing program 1 (id=4386): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x20, 0x52, 0x1, 0x0, 0x0, {0xa}, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0xfffffffe}]}, 0x20}}, 0x40010) 38.867096583s ago: executing program 1 (id=4386): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x20, 0x52, 0x1, 0x0, 0x0, {0xa}, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0xfffffffe}]}, 0x20}}, 0x40010) 23.056597362s ago: executing program 1 (id=4386): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x20, 0x52, 0x1, 0x0, 0x0, {0xa}, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0xfffffffe}]}, 0x20}}, 0x40010) 9.861548811s ago: executing program 1 (id=4386): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x20, 0x52, 0x1, 0x0, 0x0, {0xa}, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0xfffffffe}]}, 0x20}}, 0x40010) 7.900663161s ago: executing program 1 (id=4386): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x20, 0x52, 0x1, 0x0, 0x0, {0xa}, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0xfffffffe}]}, 0x20}}, 0x40010) 1.34514237s ago: executing program 3 (id=5039): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newqdisc={0x48, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x788b1fda, 0x2}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x44080) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffe0, 0xa}, {0x1, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x55}, 0x4000) 1.230526901s ago: executing program 2 (id=5040): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0xfdef) 1.182620012s ago: executing program 0 (id=5041): socket$inet_udp(0x2, 0x2, 0x0) socket(0x10, 0x2, 0x0) pipe(&(0x7f0000000080)) socket$netlink(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$l2tp6(0xa, 0x2, 0x73) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x801, 0x84) socket$igmp(0x2, 0x3, 0x2) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0xb) socket$inet6_udplite(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000080)) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) socket$pppoe(0x18, 0x1, 0x0) pipe(&(0x7f0000000040)) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 1.013737505s ago: executing program 3 (id=5042): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x3, 0xc, &(0x7f0000000e00)=ANY=[@ANYBLOB="180200000000000000000000000000008500000011000000180100002020692500000000002020207b1af8ff00000000bfa110000000000007010000f8ffffffb702000008000000b703000000000000850000007b00000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x90) sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000002140)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0x10, 0xf}, {}, {0x7, 0x3}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd2c, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0x10, 0xffe0}, {}, {0x7, 0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x20048150) 999.877665ms ago: executing program 0 (id=5043): ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000100)={0x1d, r0, 0x0, {}, 0xfd}, 0x18) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, r0, 0x0, {0x0, 0xf0, 0x2}, 0xfe}, 0x18) sendmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)="434a9c5c0c00000000", 0x9}}, 0x0) sendmsg$can_j1939(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000340)={0x1d, 0x0, 0x1, {0x2, 0xff, 0x1}, 0x10aa1f9860d58852}, 0x18, &(0x7f0000000700)={0x0}}, 0x1) 817.398038ms ago: executing program 0 (id=5044): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 764.897299ms ago: executing program 2 (id=5045): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000001c00)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x1832b, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4) setsockopt$inet6_int(r0, 0x29, 0x4d, &(0x7f0000000180)=0x8, 0x4) r1 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x2409c8c1, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r1, &(0x7f0000001400)="0d0ad7c36d6617110e434332d6ac582208222cfb7c37ce1148f448455bc37f5f70c92774dcb201629979039d7c8943b207e5bdf9ab8eed9ace110469c51f4f211dd9fad815eb5b273ac04e1edc679bcdf0a0d24482de5454be9003cb80714a95e136bb704ee58e707d1e69b3c3a1c2c37f9c0402e14abdeb32086a49aff25e5c0f0131d59b4783316b9fa2c71c51ce76942d5f519145c9e3bf0d4182b4a62970b2ce81d35a7afc8384b387b8e21f2051d90d92323a710cabe5275d335b64453e759251a140de480541d8dd7662a14296a59eba99b95bfdf5b22992c323865b471d13ad79867e2692fd4eece299a81e2b33336b6801f51c2ae8d73e4df90c9bd70cd535b72cbdf67754acdc44b3780450308d9c5527c3314eb7b2cc38b61e96403a30a8ba0c8a357aa04d3c62bc51bcf55cf214f44a909b29c30c18c3a43c86472612086664a80f2aa8490e58352732acb96eb46deab42895d1957a6029ad86e7a5ced6bde89c158aaee721954beeebe5973059007f7dd5459029af6d3f1d73d35f07d19b7cedfc80d1d7ef37f8b113f564afd0f093202929fef43e788619ca522c7f679dd2f27949d879b4dab46581a0e054b4ed1db37e43f528748b56ec5a54b7af198d4ae551046f7814fe3a5cbc1cc7cb6655fc198939b049f3c02443148c588e34d6ebef81096b4e48f468016d2bde0828664c0874d71e2d88b3bc04079d4a504255a83c3f07a4f1c3e5a4c66f55f36e51e344392487c8299d8d1bfb568780c0d57df48990cb5d6b35c3f7445f80312186d8598faf61072d4eefc961fb5a7e72b971c8f94a8346effd27362cee8d72a98b55e317de280d2d63ee83ca7140b7913122d402c536d914c8510c81d08f0ad1c952f5b7ad5e7ef72d7c58cb4d5bafbea535b381df6ebe94c62cf782cf7ab81c017c296a88ca91d641b45748d230cf5e87e5dbee4764ea4d131ae022e6bbf3ffc3ea7b3f264737d9db44354bfffa63d79bc403d3ac23fb615edc382d18b0daf1bbb2fbd708d1830ddac1c3f098b8cb1ef9a0019d804bf5d953110f12f3b9a8b9b7e0c61cb5d34116add1fc9a92721ffa5fdc83e1488cf88aa6e56ad2dd55e0aadd827cc7b4e7242f01241f49e905e5e7451092c28c3f6560a6a0002e5d91fc253a5a8fd8f27e42f4f02f5849418b7d93df9b0c568022acaff410e797e88d2f8eeadbba66e423335b843df734d203fa62a861b712da8f33d5ea721767871aa2cd53e659e505507de9a54d7e6fa3c20bbfb28cd6dd2b314dabbb59e9ce15c0a94ec3b3efc54eaaa27bd7576a687dcaf58dc182662539943014a02e76dc89f48c9f83cc7199038418f965ad3dc866098b89cabcac8691b0f51ffb71902337e49293309c4480a8f1b32411cc1b55a0ec0fe2c2572fe9d488a25bfc12ba74048e1d7beee93321c7aa49ea17cb9728dc46e5272154b3b995feacbacb8885621b335274af4df9365f8c8121ff323b572d320c8fc46acd6218b9579d43005e7b0506ccb14d9a0dac4cc6efaf5366c44342eaea8b5a11457f5afbea913ce4975ab67e6a85bc46e714ca5741da38a7cceb9e85d77fd03f83f7a5ecc7241e69e2bda327f769b48ba5f13662585c72778d12bd0e9a62a3d0dbe376d1aee81e6845c2cf23f42c458ae5668c8d387bf9ab224bc9703f1c08347be810d2f19278fe8d97560b3c9f1816667d0461a25e778eb1404dcaac1ed0a6a0745f3a5d2dc1b6babf98f5135d531cb26334ef2fec4c78c95b7193935139664fc65f17b047eb3dc39e251ba52ce33f8099719f1a789db1690347355e7b02d4c522692b9597fd31abb90f973ae4eb0bd0d900cdd887ff01d4845d7f0aee39b220a65a5aeee0fd386054070723c841c042d5339cc6325f07f0f733d124c6524f388ef7419f42c06278b8fceaa3a16b202dfb539b129762397e29cdd679ca6240272fa0c3e2e8c0a27aaa407f30b4024d0638dfca1bc9483db3ccc2882742e10f5a", 0x585, 0x6d91fb6102dc910c, 0x0, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 716.802299ms ago: executing program 3 (id=5046): sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="140100002d0001000000000000000000030100800c0000000000000000000000140001000000000000000000000000000000000150bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94"], 0x114}], 0x1}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0, 0xffffffffffffff8a}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff0000056842bb002552d215f6", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e00000018000280140011"], 0x48}}, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) 637.515081ms ago: executing program 0 (id=5047): r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0xfd, 0x0}}]}, &(0x7f0000000180)=0x10) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000002c0)={r3, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x304, 0x0, 0x2c}, 0x9c) 577.780681ms ago: executing program 0 (id=5048): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='GPL\x00'}, 0x94) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x9007}, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2686dd4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 557.558891ms ago: executing program 3 (id=5049): sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x2a, 0x2, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000006c0)=@newtfilter={0x114, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xfffa}, {}, {0x1c}}, [@filter_kind_options=@f_flower={{0xb}, {0xe4, 0x2, [@TCA_FLOWER_ACT={0xe0, 0x3, [@m_connmark={0xdc, 0x1, 0x0, 0x0, {{0xd}, {0xac, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xe, 0x9, 0x5, 0x2, 0xfffffffd}, 0x81}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x7, 0xd0f0, 0x2, 0x7, 0x4}, 0x3}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xd, 0x401, 0x3, 0x4541}}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0xfffffff8, 0x2, 0x5, 0xb1}, 0xc392}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x5, 0x4, 0x20000000, 0x7e4, 0xde0}, 0x6}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x10, 0x8001, 0xffffffffffffffff, 0xffffffff}, 0xfff0}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x114}}, 0x24000000) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 526.017962ms ago: executing program 2 (id=5050): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000140)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0200", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x35, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, &(0x7f0000000040)=0x8, 0x4) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, 0x0, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) syz_emit_ethernet(0x56, &(0x7f0000000300)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "560400", 0x20, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x2, 0x200, 0x0, 0x4, {[@timestamp={0x8, 0xa, 0xffffff22, 0x12e81565}]}}}}}}}}, 0x0) 428.522193ms ago: executing program 2 (id=5051): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffe0, 0xa}, {0x1, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x55}, 0x4000) 333.037885ms ago: executing program 3 (id=5052): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xfffa, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x84}]}}]}, 0x44}}, 0x24004000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c40)=@delchain={0x15c, 0x65, 0x20, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_RATE={0x6, 0x5, {0x8, 0x81}}, @filter_kind_options=@f_bpf={{0x8}, {0x118, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_FD={0x8}, @TCA_BPF_ACT={0xf4, 0x1, [@m_connmark={0x34, 0x15, 0x0, 0x0, {{0xd}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_ct={0xbc, 0x17, 0x0, 0x0, {{0x7}, {0x4c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xef, 0x8a, 0x0, 0xc69, 0x80000000}}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @initdev={0xac, 0x1e, 0x0, 0x0}}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e22}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e20}, @TCA_CT_ZONE={0x6, 0x4, 0x9}, @TCA_CT_ZONE={0x6, 0x4, 0x8}, @TCA_CT_ACTION={0x6, 0x3, 0x2b}]}, {0x49, 0x6, "0c667158e5bd4f4c7258693ff73b6255ca1d4908fac16f226d18c88d5659578dff7cbcb14a7b44cbd8f6c32df97313956ada98a747f5cd439ea1206ab16a73d8612af63b6c"}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}, @TCA_BPF_FLAGS_GEN={0x8}, @TCA_BPF_FD={0x8}]}}, @TCA_RATE={0x6, 0x5, {0x6, 0x4}}]}, 0x15c}, 0x1, 0x0, 0x0, 0x80}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 295.261446ms ago: executing program 2 (id=5053): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0xfdef) 189.859887ms ago: executing program 3 (id=5054): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x3, 0xc, &(0x7f0000000e00)=ANY=[@ANYBLOB="180200000000000000000000000000008500000011000000180100002020692500000000002020207b1af8ff00000000bfa110000000000007010000f8ffffffb702000008000000b703000000000000850000007b00000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x90) sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000002140)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0x10, 0xf}, {}, {0x7, 0x3}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd2c, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0x10, 0xffe0}, {}, {0x7, 0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x20048150) 151.998558ms ago: executing program 0 (id=5055): r0 = socket$netlink(0x10, 0x3, 0x4) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000080)=0x10) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000000)="480000001400190d09004beafd0d36020a8429000b4e230f00000000a2bc5603ca00000f7f89004e002050da742dac0000000101ff05020003000200000000000100000000005839", 0x48}], 0x1) syz_genetlink_get_family_id$l2tp(&(0x7f0000000180), r0) 0s ago: executing program 2 (id=5056): r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r0, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @null}, 0x1c) connect$rose(r0, &(0x7f00000000c0)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, 0x5, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @null]}, 0x40) kernel console output (not intermixed with test programs): ables:0kB all_unreclaimable? no [ 534.987216][T15482] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 535.009692][T15487] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 535.038543][T15487] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 535.046742][T15487] Node 0 DMA32 free:1520472kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:26944kB inactive_anon:0kB active_file:5328kB inactive_file:158668kB unevictable:1536kB writepending:664kB present:3129332kB managed:2589668kB mlocked:0kB bounce:0kB free_pcp:8376kB local_pcp:1012kB free_cma:0kB [ 535.077693][T15487] lowmem_reserve[]: 0 0 1 1 1 [ 535.082614][T15487] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 535.116455][T15487] lowmem_reserve[]: 0 0 0 0 0 [ 535.125821][T15500] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3105'. [ 535.136093][T15487] Node 1 Normal free:3898712kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:16988kB local_pcp:7188kB free_cma:0kB [ 535.193948][T15487] lowmem_reserve[]: 0 0 0 0 0 [ 535.198769][T15487] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 535.216260][T15487] Node 0 DMA32: 1344*4kB (UE) 1061*8kB (UME) 635*16kB (UME) 844*32kB (UME) 164*64kB (UME) 128*128kB (UME) 65*256kB (UME) 29*512kB (UME) 10*1024kB (UME) 2*2048kB (UM) 341*4096kB (UM) = 1520472kB [ 535.243852][T15487] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB [ 535.266204][T15487] Node 1 Normal: 170*4kB (UM) 64*8kB (UME) 39*16kB (UME) 72*32kB (UME) 19*64kB (UM) 5*128kB (UME) 2*256kB (ME) 0*512kB 1*1024kB (E) 2*2048kB (UE) 949*4096kB (M) = 3898712kB [ 535.306262][T15487] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 535.320342][T15487] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 535.334175][T15487] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 535.344400][T15487] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 535.346979][T15504] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3106'. [ 535.369868][T15487] 42702 total pagecache pages [ 535.376205][T15487] 0 pages in swap cache [ 535.435101][T15487] Free swap = 124996kB [ 535.449102][T15487] Total swap = 124996kB [ 535.476660][T15487] 2097051 pages RAM [ 535.498337][T15487] 0 pages HighMem/MovableOnly [ 535.525337][T15487] 416120 pages reserved [ 535.529589][T15487] 0 pages cma reserved [ 535.889382][T15524] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3115'. [ 536.360792][T15536] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3120'. [ 536.704007][T15543] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3123'. [ 537.071547][ T5780] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 537.125957][T15534] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 537.363410][T15567] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3133'. [ 537.878067][T15582] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 538.352620][T15597] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3145'. [ 538.658749][T15609] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3153'. [ 539.215107][T15627] __nla_validate_parse: 2 callbacks suppressed [ 539.215123][T15627] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3160'. [ 539.567461][T15638] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3164'. [ 539.940448][ T5780] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 539.962991][T15610] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 541.387618][T15698] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3187'. [ 541.971877][T15712] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3192'. [ 542.231748][T15722] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3197'. [ 542.348904][T15728] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3199'. [ 542.492729][T15737] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3203'. [ 543.136165][T15768] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3215'. [ 543.318429][T15776] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3221'. [ 543.343967][T15776] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3221'. [ 544.228164][T15822] __nla_validate_parse: 1 callbacks suppressed [ 544.228182][T15822] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3242'. [ 544.408245][T15828] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3246'. [ 544.796308][T15845] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3252'. [ 544.834729][T15850] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3255'. [ 544.855109][T15850] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3255'. [ 544.891050][T15850] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3255'. [ 544.927519][T15850] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3255'. [ 544.989812][T15850] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3255'. [ 545.008987][T15850] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3255'. [ 545.042741][T15850] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3255'. [ 548.756013][T16015] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 549.987168][T16044] __nla_validate_parse: 82 callbacks suppressed [ 549.987186][T16044] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3334'. [ 550.102119][T16047] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3335'. [ 550.619047][T16066] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3342'. [ 550.665536][T16066] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3342'. [ 550.956994][T16077] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3346'. [ 551.342300][T16095] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3354'. [ 552.077346][T16122] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3365'. [ 552.105378][T16124] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3366'. [ 552.667986][T16143] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3375'. [ 552.713912][T16144] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 553.074930][T16157] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3380'. [ 553.988168][T16182] warn_alloc: 3 callbacks suppressed [ 553.988185][T16182] syz.0.3390: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 554.069570][T16182] CPU: 1 PID: 16182 Comm: syz.0.3390 Not tainted 6.6.94-syzkaller #0 [ 554.077738][T16182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 554.087821][T16182] Call Trace: [ 554.091119][T16182] [ 554.094065][T16182] dump_stack_lvl+0x16c/0x230 [ 554.098814][T16182] ? show_regs_print_info+0x20/0x20 [ 554.104041][T16182] ? load_image+0x3b0/0x3b0 [ 554.108574][T16182] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 554.115018][T16182] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 554.121551][T16182] warn_alloc+0x210/0x300 [ 554.125906][T16182] ? stack_trace_save+0x9c/0xe0 [ 554.130780][T16182] ? zone_watermark_ok_safe+0x230/0x230 [ 554.136367][T16182] ? kasan_set_track+0x5f/0x70 [ 554.141152][T16182] ? kasan_set_track+0x4e/0x70 [ 554.145968][T16182] ? __kasan_kmalloc+0x8f/0xa0 [ 554.150758][T16182] ? xsk_init_queue+0xb0/0x110 [ 554.155545][T16182] ? xsk_setsockopt+0x43c/0x6f0 [ 554.160425][T16182] ? do_sock_setsockopt+0x254/0x3e0 [ 554.165660][T16182] ? __x64_sys_setsockopt+0x1be/0x250 [ 554.171066][T16182] __vmalloc_node_range+0x126/0x1320 [ 554.176413][T16182] ? free_vm_area+0x50/0x50 [ 554.180993][T16182] vmalloc_user+0x74/0x80 [ 554.185392][T16182] ? xskq_create+0xbf/0x170 [ 554.189920][T16182] xskq_create+0xbf/0x170 [ 554.194458][T16182] xsk_init_queue+0xb0/0x110 [ 554.199084][T16182] xsk_setsockopt+0x43c/0x6f0 [ 554.203786][T16182] ? xsk_poll+0x670/0x670 [ 554.208167][T16182] ? aa_sock_opt_perm+0x74/0x100 [ 554.213333][T16182] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 554.218960][T16182] ? security_socket_setsockopt+0x7e/0xa0 [ 554.224736][T16182] ? xsk_poll+0x670/0x670 [ 554.229224][T16182] do_sock_setsockopt+0x254/0x3e0 [ 554.234391][T16182] ? __ia32_sys_recv+0xb0/0xb0 [ 554.239230][T16182] ? __fdget+0x180/0x210 [ 554.243707][T16182] __x64_sys_setsockopt+0x1be/0x250 [ 554.249119][T16182] do_syscall_64+0x55/0xb0 [ 554.253631][T16182] ? clear_bhb_loop+0x40/0x90 [ 554.258446][T16182] ? clear_bhb_loop+0x40/0x90 [ 554.263322][T16182] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 554.269250][T16182] RIP: 0033:0x7f3b7598e929 [ 554.273687][T16182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 554.293329][T16182] RSP: 002b:00007f3b7681a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 554.301776][T16182] RAX: ffffffffffffffda RBX: 00007f3b75bb6080 RCX: 00007f3b7598e929 [ 554.309768][T16182] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000008 [ 554.317759][T16182] RBP: 00007f3b75a10b39 R08: 0000000000000004 R09: 0000000000000000 [ 554.325747][T16182] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 554.333747][T16182] R13: 0000000000000000 R14: 00007f3b75bb6080 R15: 00007ffcc3ab6788 [ 554.341753][T16182] [ 554.355768][T16182] Mem-Info: [ 554.358982][T16182] active_anon:4645 inactive_anon:0 isolated_anon:0 [ 554.358982][T16182] active_file:1364 inactive_file:40053 isolated_file:0 [ 554.358982][T16182] unevictable:768 dirty:104 writeback:0 [ 554.358982][T16182] slab_reclaimable:11684 slab_unreclaimable:103639 [ 554.358982][T16182] mapped:24253 shmem:1364 pagetables:492 [ 554.358982][T16182] sec_pagetables:0 bounce:0 [ 554.358982][T16182] kernel_misc_reclaimable:0 [ 554.358982][T16182] free:1355878 free_pcp:11315 free_cma:0 [ 554.482517][T16182] Node 0 active_anon:18680kB inactive_anon:0kB active_file:5456kB inactive_file:160012kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:97012kB dirty:416kB writeback:0kB shmem:3920kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11468kB pagetables:2068kB sec_pagetables:0kB all_unreclaimable? no [ 554.537598][T16182] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 554.569668][T16182] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 554.617503][T16182] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 554.642756][T16182] Node 0 DMA32 free:1509420kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:19736kB inactive_anon:0kB active_file:5456kB inactive_file:158700kB unevictable:1536kB writepending:416kB present:3129332kB managed:2589668kB mlocked:0kB bounce:0kB free_pcp:27192kB local_pcp:8908kB free_cma:0kB [ 554.721644][T16182] lowmem_reserve[]: 0 0 1 1 1 [ 554.740867][T16182] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 554.750992][ T5780] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 554.776822][T16182] lowmem_reserve[]: 0 0 0 0 0 [ 554.781846][T16182] Node 1 Normal free:3898712kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:16988kB local_pcp:9800kB free_cma:0kB [ 554.831372][T16182] lowmem_reserve[]: 0 0 0 0 0 [ 554.869882][T16182] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 554.933406][T16182] Node 0 DMA32: 1057*4kB (UM) 956*8kB (UME) 313*16kB (UME) 872*32kB (UM) 184*64kB (UM) 135*128kB (UM) 67*256kB (UME) 29*512kB (UME) 10*1024kB (UME) 2*2048kB (UM) 339*4096kB (M) = 1508724kB [ 554.986210][T16182] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB [ 555.000709][T16182] Node 1 Normal: 170*4kB (UM) 64*8kB (UME) 39*16kB (UME) 72*32kB (UME) 19*64kB (UM) 5*128kB (UME) 2*256kB (ME) 0*512kB 1*1024kB (E) 2*2048kB (UE) 949*4096kB (M) = 3898712kB [ 555.018966][T16182] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 555.029063][T16182] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 555.038786][T16182] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 555.048710][T16182] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 555.058364][T16182] 45592 total pagecache pages [ 555.063178][T16182] 0 pages in swap cache [ 555.067370][T16182] Free swap = 124996kB [ 555.071689][T16182] Total swap = 124996kB [ 555.075889][T16182] 2097051 pages RAM [ 555.079740][T16182] 0 pages HighMem/MovableOnly [ 555.084541][T16182] 416120 pages reserved [ 555.088741][T16182] 0 pages cma reserved [ 555.094012][T16179] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 555.312514][T16205] __nla_validate_parse: 1 callbacks suppressed [ 555.312532][T16205] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3400'. [ 556.186305][T16237] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3414'. [ 556.818916][T16253] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 557.021551][T16265] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3425'. [ 557.700626][T16289] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3436'. [ 557.793325][T16292] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3438'. [ 558.900431][ T5780] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 558.908687][T16284] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 560.265978][T16306] Bluetooth: hci3: command 0x0406 tx timeout [ 560.312313][T16352] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 560.709813][T16393] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3481'. [ 561.297055][T16419] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3494'. [ 561.788508][T16442] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3504'. [ 561.832949][T16444] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3505'. [ 562.340567][ T5780] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 562.348791][T16403] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 562.383707][T16464] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3514'. [ 562.958469][T16495] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 562.978435][T16497] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3527'. [ 563.059053][T16499] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3528'. [ 563.308867][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.315346][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.519086][T16521] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3537'. [ 563.889213][T16538] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3546'. [ 563.905972][T16538] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3546'. [ 564.057924][T16544] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 564.980484][ T5780] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 564.988298][T16522] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 565.110094][T16563] vxcan0: entered allmulticast mode [ 565.272899][T16560] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 565.561360][T16581] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 565.767498][T16590] warn_alloc: 6 callbacks suppressed [ 565.767517][T16590] syz.2.3566: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 565.836185][T16590] CPU: 0 PID: 16590 Comm: syz.2.3566 Not tainted 6.6.94-syzkaller #0 [ 565.844347][T16590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 565.854438][T16590] Call Trace: [ 565.857763][T16590] [ 565.860826][T16590] dump_stack_lvl+0x16c/0x230 [ 565.865572][T16590] ? show_regs_print_info+0x20/0x20 [ 565.870850][T16590] ? load_image+0x3b0/0x3b0 [ 565.875419][T16590] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 565.881900][T16590] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 565.888463][T16590] warn_alloc+0x210/0x300 [ 565.892857][T16590] ? stack_trace_save+0x9c/0xe0 [ 565.897778][T16590] ? zone_watermark_ok_safe+0x230/0x230 [ 565.903393][T16590] ? kasan_set_track+0x5f/0x70 [ 565.908221][T16590] ? kasan_set_track+0x4e/0x70 [ 565.913042][T16590] ? __kasan_kmalloc+0x8f/0xa0 [ 565.917842][T16590] ? xsk_init_queue+0xb0/0x110 [ 565.922723][T16590] ? xsk_setsockopt+0x43c/0x6f0 [ 565.927592][T16590] ? do_sock_setsockopt+0x254/0x3e0 [ 565.932816][T16590] ? __x64_sys_setsockopt+0x1be/0x250 [ 565.938209][T16590] __vmalloc_node_range+0x126/0x1320 [ 565.943557][T16590] ? free_vm_area+0x50/0x50 [ 565.948104][T16590] vmalloc_user+0x74/0x80 [ 565.952463][T16590] ? xskq_create+0xbf/0x170 [ 565.956990][T16590] xskq_create+0xbf/0x170 [ 565.961355][T16590] xsk_init_queue+0xb0/0x110 [ 565.965993][T16590] xsk_setsockopt+0x43c/0x6f0 [ 565.970735][T16590] ? xsk_poll+0x670/0x670 [ 565.975093][T16590] ? aa_sock_opt_perm+0x74/0x100 [ 565.980064][T16590] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 565.985660][T16590] ? security_socket_setsockopt+0x7e/0xa0 [ 565.991449][T16590] ? xsk_poll+0x670/0x670 [ 565.995819][T16590] do_sock_setsockopt+0x254/0x3e0 [ 566.000867][T16590] ? __ia32_sys_recv+0xb0/0xb0 [ 566.005671][T16590] ? __fdget+0x180/0x210 [ 566.009987][T16590] __x64_sys_setsockopt+0x1be/0x250 [ 566.015264][T16590] do_syscall_64+0x55/0xb0 [ 566.019728][T16590] ? clear_bhb_loop+0x40/0x90 [ 566.024432][T16590] ? clear_bhb_loop+0x40/0x90 [ 566.029135][T16590] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 566.035084][T16590] RIP: 0033:0x7f152698e929 [ 566.039526][T16590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 566.059175][T16590] RSP: 002b:00007f1527777038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 566.067627][T16590] RAX: ffffffffffffffda RBX: 00007f1526bb6080 RCX: 00007f152698e929 [ 566.075623][T16590] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000008 [ 566.083616][T16590] RBP: 00007f1526a10b39 R08: 0000000000000004 R09: 0000000000000000 [ 566.091608][T16590] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 566.099609][T16590] R13: 0000000000000000 R14: 00007f1526bb6080 R15: 00007ffc84b5e888 [ 566.107627][T16590] [ 566.126838][T16590] Mem-Info: [ 566.130034][T16590] active_anon:4706 inactive_anon:0 isolated_anon:0 [ 566.130034][T16590] active_file:1364 inactive_file:40057 isolated_file:0 [ 566.130034][T16590] unevictable:768 dirty:55 writeback:0 [ 566.130034][T16590] slab_reclaimable:11599 slab_unreclaimable:103288 [ 566.130034][T16590] mapped:24279 shmem:1386 pagetables:528 [ 566.130034][T16590] sec_pagetables:0 bounce:0 [ 566.130034][T16590] kernel_misc_reclaimable:0 [ 566.130034][T16590] free:1358729 free_pcp:7974 free_cma:0 [ 566.140587][T16587] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 566.176347][T16590] Node 0 active_anon:18824kB inactive_anon:0kB active_file:5456kB inactive_file:160028kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:97116kB dirty:220kB writeback:0kB shmem:4008kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11604kB pagetables:2112kB sec_pagetables:0kB all_unreclaimable? no [ 566.176415][T16590] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 566.254550][T16590] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 566.292537][T16590] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 566.298363][T16590] Node 0 DMA32 free:1520376kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:18836kB inactive_anon:0kB active_file:5456kB inactive_file:158716kB unevictable:1536kB writepending:232kB present:3129332kB managed:2589668kB mlocked:0kB bounce:0kB free_pcp:14760kB local_pcp:14572kB free_cma:0kB [ 566.333556][T16590] lowmem_reserve[]: 0 0 1 1 1 [ 566.339082][T16590] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 566.377743][T16590] lowmem_reserve[]: 0 0 0 0 0 [ 566.382942][T16590] Node 1 Normal free:3898712kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:17020kB local_pcp:7188kB free_cma:0kB [ 566.416946][T16590] lowmem_reserve[]: 0 0 0 0 0 [ 566.423556][T16590] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 566.441118][T16590] Node 0 DMA32: 1264*4kB (UME) 793*8kB (UME) 457*16kB (UME) 963*32kB (UME) 206*64kB (UME) 142*128kB (UM) 69*256kB (UME) 29*512kB (UME) 10*1024kB (UME) 2*2048kB (UM) 340*4096kB (UM) = 1520376kB [ 566.467353][T16590] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB [ 566.502922][T16590] Node 1 Normal: 170*4kB (UM) 64*8kB (UME) 39*16kB (UME) 72*32kB (UME) 19*64kB (UM) 5*128kB (UME) 2*256kB (ME) 0*512kB 1*1024kB (E) 2*2048kB (UE) 949*4096kB (M) = 3898712kB [ 566.549769][T16590] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 566.559900][T16590] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 566.577869][T16590] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 566.589163][T16590] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 566.603967][T16590] 42746 total pagecache pages [ 566.620848][T16590] 0 pages in swap cache [ 566.625072][T16590] Free swap = 124996kB [ 566.629233][T16590] Total swap = 124996kB [ 566.650620][T16590] 2097051 pages RAM [ 566.654510][T16590] 0 pages HighMem/MovableOnly [ 566.659225][T16590] 416120 pages reserved [ 566.681246][T16590] 0 pages cma reserved [ 567.016385][T16614] __nla_validate_parse: 4 callbacks suppressed [ 567.016406][T16614] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3577'. [ 567.174024][T16624] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3578'. [ 567.340251][T16627] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 567.410992][T16607] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3573'. [ 568.261547][ T5780] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 568.278675][T16600] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 568.324853][T16646] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3587'. [ 568.410920][T16635] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 568.559847][T16658] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3589'. [ 568.655197][T16662] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 569.046419][T16653] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3590'. [ 569.055853][T16653] vxcan0: entered allmulticast mode [ 569.264851][T16679] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 569.287386][T16682] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3599'. [ 569.384784][T16684] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3600'. [ 569.603797][T16697] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3602'. [ 570.033202][T16711] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3609'. [ 570.311423][T16715] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 571.300674][ T5780] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 571.308630][T16707] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 571.726708][T16760] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 572.283678][T16778] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 572.295110][T16780] __nla_validate_parse: 6 callbacks suppressed [ 572.295127][T16780] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3632'. [ 572.889970][T16804] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 573.154349][T16797] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3640'. [ 573.549043][T16816] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3645'. [ 574.113944][T16833] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 574.330753][T16828] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3651'. [ 574.340404][ T5780] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 574.351141][T16802] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 574.462471][T16840] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3655'. [ 575.170111][T16859] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 575.625817][ T5088] Bluetooth: hci2: command 0x0406 tx timeout [ 577.228115][ T5780] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 579.096973][T16885] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3673'. [ 579.138449][T16886] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3673'. [ 579.170491][T16887] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3674'. [ 579.269112][T16895] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 579.426694][T16899] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 580.740619][ T5088] Bluetooth: hci4: command 0x0406 tx timeout [ 581.460448][T16306] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 581.948914][T16926] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 582.047950][T16929] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3690'. [ 583.346796][T16938] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 583.714151][T16945] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 583.811706][T16951] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3699'. [ 585.780406][T16306] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 585.799409][T16974] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 587.553469][T16965] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3704'. [ 587.563171][T16965] vxcan0: left allmulticast mode [ 587.710228][T16987] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 588.354213][T17000] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 590.420552][T16306] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 590.442955][T17027] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 592.157298][T17018] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3724'. [ 592.190490][T17018] vxcan0: left allmulticast mode [ 592.254420][T17034] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 593.014998][T17051] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 593.954802][T17075] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 595.066144][T16306] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 595.075440][T17073] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 597.153516][T17090] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3752'. [ 597.783952][T17108] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3759'. [ 598.038460][T17116] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 598.323733][T17103] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 600.340623][T16306] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 602.014308][T17146] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3774'. [ 602.103054][T17152] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3773'. [ 602.188134][T17155] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 606.049887][T17186] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3785'. [ 606.462483][T17196] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 610.384258][T17230] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3803'. [ 610.979743][T17252] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3809'. [ 611.010812][T17252] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3809'. [ 614.547256][T17263] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3813'. [ 615.453109][T17305] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3826'. [ 615.636558][T17311] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3829'. [ 615.685278][T17311] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3829'. [ 616.447973][T17336] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3840'. [ 616.493862][T17323] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3835'. [ 617.014331][T17357] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3849'. [ 617.199425][T17361] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3851'. [ 617.692988][T17381] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3860'. [ 617.870683][T17367] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3854'. [ 619.731292][T17448] __nla_validate_parse: 5 callbacks suppressed [ 619.731313][T17448] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3890'. [ 620.063450][T17464] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3898'. [ 620.536792][T17481] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3906'. [ 620.918963][T17496] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3912'. [ 621.613560][T17520] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3923'. [ 621.628014][T17525] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3920'. [ 622.091964][T17542] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3931'. [ 622.306522][T17551] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3935'. [ 622.576780][T17555] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3937'. [ 623.352100][T17582] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3946'. [ 624.082200][T17605] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 624.749510][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.756078][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.867476][T17634] __nla_validate_parse: 81 callbacks suppressed [ 624.867495][T17634] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3964'. [ 625.209230][T17643] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3968'. [ 625.585546][T17654] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3973'. [ 625.672662][T17657] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3974'. [ 625.690980][T17657] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3974'. [ 625.895382][T17663] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3977'. [ 626.100646][T16306] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 626.114600][T17636] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 626.248353][T17675] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3983'. [ 626.375121][T17682] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3985'. [ 626.397328][T17682] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3985'. [ 626.513895][T17686] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3987'. [ 626.753272][T17695] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 628.830594][T16306] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 628.837591][T17724] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 629.475309][T17783] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 629.968647][T17809] __nla_validate_parse: 15 callbacks suppressed [ 629.968665][T17809] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4036'. [ 629.995741][T17809] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4036'. [ 630.271385][T17806] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4035'. [ 630.612419][T17826] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4041'. [ 630.654384][T17827] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4043'. [ 630.775259][T17831] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4045'. [ 630.787188][T17831] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4045'. [ 631.184010][T17840] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4049'. [ 631.550489][T16306] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 631.557417][T17817] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 631.720604][T17855] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4053'. [ 631.737021][T17854] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4054'. [ 632.209244][T17869] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 634.260574][T16306] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 634.267589][T17895] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 635.072296][T17952] __nla_validate_parse: 13 callbacks suppressed [ 635.072315][T17952] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4093'. [ 635.083510][T17950] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 635.429487][T17970] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4102'. [ 635.440878][T17970] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4102'. [ 635.784906][T17982] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4106'. [ 635.945863][T17973] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4103'. [ 636.296048][T17994] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4112'. [ 636.307858][T17994] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4112'. [ 636.498353][T18004] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4115'. [ 637.037961][T18011] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4119'. [ 637.140841][T16306] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 637.148711][T17978] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 637.250459][T18024] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4124'. [ 637.655316][T18041] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 639.700727][ T5780] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 639.709626][T18069] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 640.318259][T18136] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 640.571549][T18143] __nla_validate_parse: 12 callbacks suppressed [ 640.571568][T18143] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4174'. [ 641.055693][T18129] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4168'. [ 641.389861][T18169] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4184'. [ 641.955465][T18184] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4191'. [ 641.985637][T18189] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4193'. [ 642.421233][ T5780] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 642.449742][T18160] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 642.731391][T18212] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4203'. [ 643.070749][T18226] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 643.227211][T18235] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4214'. [ 643.722074][T18263] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4226'. [ 644.010970][T18277] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 644.251810][T18286] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4236'. [ 644.770908][T18305] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4245'. [ 645.042208][T18320] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 645.141662][ T5780] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 645.169697][T18257] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 645.806947][T18345] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 645.835101][T18347] __nla_validate_parse: 2 callbacks suppressed [ 645.835122][T18347] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4265'. [ 645.856614][T18347] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4265'. [ 645.996635][T18352] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4267'. [ 646.015866][T18352] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4267'. [ 646.179053][T18363] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 646.368249][T18373] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4276'. [ 646.378254][T18373] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4276'. [ 646.965835][T18397] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4285'. [ 646.975746][T18397] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4285'. [ 647.531467][T18422] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4295'. [ 647.546899][T18422] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4295'. [ 647.860657][ T5780] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 647.869752][T18377] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 648.439824][T18454] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 649.577044][T18502] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 650.501284][ T5780] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 650.509152][T18479] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 650.819188][T18547] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 651.002261][T18553] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 651.176078][T18562] __nla_validate_parse: 10 callbacks suppressed [ 651.176097][T18562] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4360'. [ 651.201358][T18562] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4360'. [ 651.746386][T18589] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4371'. [ 651.765529][T18589] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4371'. [ 651.800505][T18591] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4373'. [ 651.814392][T18591] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4373'. [ 652.354657][T18613] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4384'. [ 652.364850][T18613] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4384'. [ 652.537084][T13036] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 652.660220][T13036] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 652.789320][T13036] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 652.895520][T13036] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 653.060660][ T5780] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 653.071403][T18575] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 653.281523][T13036] tipc: Left network mode [ 653.319141][T16306] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 653.332507][T16306] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 653.374464][T16306] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 653.398548][T16306] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 653.411162][T16306] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 653.418632][T16306] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 653.824322][T18650] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4395'. [ 653.907193][T18643] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4395'. [ 654.119533][T18662] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 654.689882][T18684] dummy0: entered allmulticast mode [ 654.983000][T18629] chnl_net:caif_netlink_parms(): no params data found [ 655.332048][T13036] hsr_slave_0: left promiscuous mode [ 655.375653][T13036] hsr_slave_1: left promiscuous mode [ 655.398739][T13036] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 655.431811][T13036] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 655.456801][T13036] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 655.482918][T13036] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 655.511409][T13036] bridge_slave_1: left allmulticast mode [ 655.517439][T13036] bridge_slave_1: left promiscuous mode [ 655.530518][T13036] bridge0: port 2(bridge_slave_1) entered disabled state [ 655.548945][ T5780] Bluetooth: hci1: command tx timeout [ 655.578663][T13036] bridge_slave_0: left allmulticast mode [ 655.588331][T13036] bridge_slave_0: left promiscuous mode [ 655.614500][T13036] bridge0: port 1(bridge_slave_0) entered disabled state [ 655.931942][T13036] veth1_macvtap: left promiscuous mode [ 655.937598][T13036] veth0_macvtap: left promiscuous mode [ 655.963174][T13036] veth1_vlan: left promiscuous mode [ 655.968602][T13036] veth0_vlan: left promiscuous mode [ 656.180446][T16306] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 656.189707][T18693] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 657.313217][T13036] team0 (unregistering): Port device team_slave_1 removed [ 657.399698][T13036] team0 (unregistering): Port device team_slave_0 removed [ 657.478530][T13036] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 657.547781][T13036] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 657.640517][T16306] Bluetooth: hci1: command tx timeout [ 658.329564][T13036] bond0 (unregistering): Released all slaves [ 658.519265][T18738] __nla_validate_parse: 3 callbacks suppressed [ 658.519285][T18738] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4418'. [ 658.545171][T18739] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4418'. [ 658.556060][T18629] bridge0: port 1(bridge_slave_0) entered blocking state [ 658.586487][T18629] bridge0: port 1(bridge_slave_0) entered disabled state [ 658.616822][T18629] bridge_slave_0: entered allmulticast mode [ 658.657092][T18629] bridge_slave_0: entered promiscuous mode [ 658.689586][T18629] bridge0: port 2(bridge_slave_1) entered blocking state [ 658.711382][T18629] bridge0: port 2(bridge_slave_1) entered disabled state [ 658.739261][T18629] bridge_slave_1: entered allmulticast mode [ 658.748485][T18629] bridge_slave_1: entered promiscuous mode [ 658.871218][T18749] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 658.923576][T18629] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 658.963968][T18629] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 659.607274][T18629] team0: Port device team_slave_0 added [ 659.648170][T18777] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4429'. [ 659.664506][T18778] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4429'. [ 659.701106][ T5780] Bluetooth: hci1: command tx timeout [ 659.754383][T18629] team0: Port device team_slave_1 added [ 659.932688][T18629] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 659.955464][T18629] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 660.020879][T18629] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 660.049418][T18629] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 660.076312][T18629] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 660.103844][T18629] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 660.129906][T13036] IPVS: stop unused estimator thread 0... [ 660.244413][T18629] hsr_slave_0: entered promiscuous mode [ 660.269796][T18629] hsr_slave_1: entered promiscuous mode [ 660.285293][T18629] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 660.300374][T18629] Cannot create hsr debugfs directory [ 660.900415][T16306] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 661.171677][T18795] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 661.350837][T18824] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4439'. [ 661.389756][T18826] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4439'. [ 661.782036][T16306] Bluetooth: hci1: command tx timeout [ 662.257683][T18629] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 662.593398][T18629] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 662.658704][T18629] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 662.676338][T18629] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 662.760969][T18879] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4450'. [ 662.773489][T18879] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4450'. [ 662.895310][T18629] 8021q: adding VLAN 0 to HW filter on device bond0 [ 662.946918][T18629] 8021q: adding VLAN 0 to HW filter on device team0 [ 662.983136][T13024] bridge0: port 1(bridge_slave_0) entered blocking state [ 662.990402][T13024] bridge0: port 1(bridge_slave_0) entered forwarding state [ 663.030132][T13024] bridge0: port 2(bridge_slave_1) entered blocking state [ 663.037417][T13024] bridge0: port 2(bridge_slave_1) entered forwarding state [ 663.075658][T18863] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 663.632935][T18909] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4459'. [ 663.718076][T18629] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 663.861761][T18629] veth0_vlan: entered promiscuous mode [ 663.898614][T18629] veth1_vlan: entered promiscuous mode [ 664.005061][T18629] veth0_macvtap: entered promiscuous mode [ 664.034633][T18629] veth1_macvtap: entered promiscuous mode [ 664.067335][T18629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 664.089800][T18629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 664.106212][T18629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 664.117461][T18629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 664.132704][T18629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 664.145726][T18629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 664.166452][T18629] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 664.223647][T18629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 664.239823][T18629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 664.251927][T18629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 664.265834][T18629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 664.276113][T18629] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 664.287177][T18629] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 664.301887][T18629] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 664.322615][T18629] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 664.341722][T18629] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 664.352006][T18629] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 664.380409][T18629] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 664.645253][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 664.678477][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 664.803351][T13018] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 664.824766][T13018] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 665.141420][T16306] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 665.261064][T18955] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4470'. [ 665.393946][T18927] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 665.545937][T18965] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 666.570067][T18999] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4481'. [ 667.297248][T19033] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 667.767810][T13018] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.199527][T19054] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4493'. [ 668.236722][T19054] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4493'. [ 668.630822][T13018] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.818359][T13018] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.866989][ T5780] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 668.879198][ T5780] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 668.890824][ T5780] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 668.902496][ T5780] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 668.920436][ T5780] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 668.931188][ T5780] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 669.298606][T13018] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 669.419431][T19089] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 669.725574][T19097] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4506'. [ 669.854321][T19097] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4506'. [ 670.138069][T19074] chnl_net:caif_netlink_parms(): no params data found [ 670.533692][T19127] netlink: 10 bytes leftover after parsing attributes in process `syz.2.4512'. [ 670.980513][ T5780] Bluetooth: hci1: command tx timeout [ 671.036052][T19139] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4515'. [ 671.104348][T19141] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 671.138162][T19143] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4515'. [ 671.218033][T19074] bridge0: port 1(bridge_slave_0) entered blocking state [ 671.226216][T19074] bridge0: port 1(bridge_slave_0) entered disabled state [ 671.234182][T19074] bridge_slave_0: entered allmulticast mode [ 671.247982][T19074] bridge_slave_0: entered promiscuous mode [ 671.257223][T19074] bridge0: port 2(bridge_slave_1) entered blocking state [ 671.264801][T19074] bridge0: port 2(bridge_slave_1) entered disabled state [ 671.273524][T19074] bridge_slave_1: entered allmulticast mode [ 671.280999][T19074] bridge_slave_1: entered promiscuous mode [ 671.356428][T19074] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 671.369730][T19074] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 671.454454][T19074] team0: Port device team_slave_0 added [ 671.504843][T19074] team0: Port device team_slave_1 added [ 671.617053][T13018] hsr_slave_0: left promiscuous mode [ 671.634738][T13018] hsr_slave_1: left promiscuous mode [ 671.644087][T13018] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 671.652200][T13018] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 671.661303][T13018] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 671.668921][T13018] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 671.677720][T13018] bridge_slave_1: left allmulticast mode [ 671.683988][T13018] bridge_slave_1: left promiscuous mode [ 671.700812][T13018] bridge0: port 2(bridge_slave_1) entered disabled state [ 671.712326][T13018] bridge_slave_0: left allmulticast mode [ 671.718450][T13018] bridge_slave_0: left promiscuous mode [ 671.725226][T13018] bridge0: port 1(bridge_slave_0) entered disabled state [ 671.793536][T13018] veth1_macvtap: left promiscuous mode [ 671.799194][T13018] veth0_macvtap: left promiscuous mode [ 671.820570][T13018] veth1_vlan: left promiscuous mode [ 671.826017][T13018] veth0_vlan: left promiscuous mode [ 673.065000][ T5780] Bluetooth: hci1: command tx timeout [ 673.365448][T13018] team0 (unregistering): Port device team_slave_1 removed [ 673.437837][T13018] team0 (unregistering): Port device team_slave_0 removed [ 673.505577][T13018] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 673.570055][T13018] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 674.351065][T13018] bond0 (unregistering): Released all slaves [ 674.464144][T19074] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 674.471430][T19074] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 674.498432][T19074] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 674.513380][T19074] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 674.520494][T19074] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 674.548479][T19074] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 674.613474][T19188] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4526'. [ 674.623783][T19189] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4526'. [ 674.782250][T19074] hsr_slave_0: entered promiscuous mode [ 674.813620][T19074] hsr_slave_1: entered promiscuous mode [ 674.837607][T19074] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 674.860551][T19074] Cannot create hsr debugfs directory [ 675.141078][ T5780] Bluetooth: hci1: command tx timeout [ 675.766087][T19220] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4536'. [ 675.791761][T19220] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4536'. [ 676.465018][T19246] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4544'. [ 676.616419][T19074] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 677.000026][T19074] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 677.059226][T19074] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 677.084567][T19074] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 677.168965][T19258] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4549'. [ 677.197760][T19258] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4549'. [ 677.220547][ T5780] Bluetooth: hci1: command tx timeout [ 677.425330][T19074] 8021q: adding VLAN 0 to HW filter on device bond0 [ 677.497012][T19074] 8021q: adding VLAN 0 to HW filter on device team0 [ 677.558724][T13018] bridge0: port 1(bridge_slave_0) entered blocking state [ 677.565983][T13018] bridge0: port 1(bridge_slave_0) entered forwarding state [ 677.633382][T13018] bridge0: port 2(bridge_slave_1) entered blocking state [ 677.640731][T13018] bridge0: port 2(bridge_slave_1) entered forwarding state [ 677.787585][T19074] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 678.363173][T19074] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 678.455393][T19305] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4561'. [ 678.520607][T19305] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4561'. [ 678.559568][T19074] veth0_vlan: entered promiscuous mode [ 678.596417][T19074] veth1_vlan: entered promiscuous mode [ 678.709135][T19074] veth0_macvtap: entered promiscuous mode [ 678.744050][T19074] veth1_macvtap: entered promiscuous mode [ 678.816652][T19074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 678.844989][T19074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.870392][T19074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 678.905241][T19074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.931958][T19074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 678.950734][T19074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 678.978670][T19074] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 679.027807][T19074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 679.057413][T19074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.090793][T19074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 679.115994][T19074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.136346][T19074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 679.167017][T19074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 679.189103][T19074] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 679.231365][T19074] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.264842][T19074] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.274406][T19074] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.291895][T19074] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 679.518974][T13036] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 679.529123][T13036] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 679.624008][T13032] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 679.644833][T13032] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 679.906708][T19356] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4575'. [ 679.932052][T19356] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4575'. [ 680.862391][T19395] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4586'. [ 680.873070][T19395] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4586'. [ 681.968714][T19438] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4595'. [ 681.999655][T19438] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4595'. [ 682.475704][T13034] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 683.043168][T13034] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 683.098921][T16306] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 683.116517][T16306] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 683.126487][T16306] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 683.136157][T16306] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 683.166717][T16306] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 683.176310][T16306] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 683.198299][T13034] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 683.299915][T13034] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 683.332300][T19473] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4608'. [ 683.359987][T19473] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4608'. [ 683.828389][T19470] chnl_net:caif_netlink_parms(): no params data found [ 684.625552][T19515] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4618'. [ 684.640159][T19520] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4618'. [ 684.659962][T19470] bridge0: port 1(bridge_slave_0) entered blocking state [ 684.688072][T19470] bridge0: port 1(bridge_slave_0) entered disabled state [ 684.706027][T19470] bridge_slave_0: entered allmulticast mode [ 684.721858][T19470] bridge_slave_0: entered promiscuous mode [ 684.801587][T19470] bridge0: port 2(bridge_slave_1) entered blocking state [ 684.814597][T19470] bridge0: port 2(bridge_slave_1) entered disabled state [ 684.834977][T19470] bridge_slave_1: entered allmulticast mode [ 684.844869][T19470] bridge_slave_1: entered promiscuous mode [ 685.153092][T19470] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 685.232593][T19470] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 685.301497][ T5780] Bluetooth: hci1: command tx timeout [ 685.343725][T19470] team0: Port device team_slave_0 added [ 685.690891][T19470] team0: Port device team_slave_1 added [ 685.768583][T19551] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4628'. [ 685.810997][T19553] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4628'. [ 686.196421][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.208238][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.249114][T19470] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 686.268987][T19470] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 686.301606][T19470] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 686.472014][T19470] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 686.497953][T19470] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 686.542559][T19470] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 687.035294][T19470] hsr_slave_0: entered promiscuous mode [ 687.045008][T19470] hsr_slave_1: entered promiscuous mode [ 687.052436][T19470] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 687.063797][T19470] Cannot create hsr debugfs directory [ 687.127986][T13034] hsr_slave_0: left promiscuous mode [ 687.137612][T13034] hsr_slave_1: left promiscuous mode [ 687.144892][T13034] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 687.153299][T13034] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 687.161292][T13034] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 687.168857][T13034] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 687.178126][T13034] bridge_slave_1: left allmulticast mode [ 687.184048][T13034] bridge_slave_1: left promiscuous mode [ 687.189844][T13034] bridge0: port 2(bridge_slave_1) entered disabled state [ 687.200074][T13034] bridge_slave_0: left allmulticast mode [ 687.206109][T13034] bridge_slave_0: left promiscuous mode [ 687.212386][T13034] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.245772][T13034] veth1_macvtap: left promiscuous mode [ 687.251689][T13034] veth0_macvtap: left promiscuous mode [ 687.257513][T13034] veth1_vlan: left promiscuous mode [ 687.263285][T13034] veth0_vlan: left promiscuous mode [ 687.380476][ T5780] Bluetooth: hci1: command tx timeout [ 688.173537][T13034] team0 (unregistering): Port device team_slave_1 removed [ 688.241415][T13034] team0 (unregistering): Port device team_slave_0 removed [ 688.311508][T13034] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 688.379249][T13034] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 689.186036][T13034] bond0 (unregistering): Released all slaves [ 689.325991][T19603] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4640'. [ 689.336893][T19604] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4640'. [ 689.461005][ T5780] Bluetooth: hci1: command tx timeout [ 689.538824][T19613] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4645'. [ 690.390630][T19642] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4651'. [ 690.410710][T19642] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4651'. [ 690.823851][T19470] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 690.845634][T19470] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 690.866016][T19470] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 690.891345][T19470] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 691.221868][T19470] 8021q: adding VLAN 0 to HW filter on device bond0 [ 691.279141][T19470] 8021q: adding VLAN 0 to HW filter on device team0 [ 691.320783][T13036] bridge0: port 1(bridge_slave_0) entered blocking state [ 691.328032][T13036] bridge0: port 1(bridge_slave_0) entered forwarding state [ 691.377729][T13024] bridge0: port 2(bridge_slave_1) entered blocking state [ 691.385001][T13024] bridge0: port 2(bridge_slave_1) entered forwarding state [ 691.541223][ T5780] Bluetooth: hci1: command tx timeout [ 691.651465][T19681] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4662'. [ 691.686313][T19681] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4662'. [ 692.132139][T19470] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 692.232250][T19470] veth0_vlan: entered promiscuous mode [ 692.269711][T19470] veth1_vlan: entered promiscuous mode [ 692.345855][T19470] veth0_macvtap: entered promiscuous mode [ 692.368871][T19470] veth1_macvtap: entered promiscuous mode [ 692.422963][T19470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 692.445901][T19470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.466614][T19470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 692.483435][T19470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.493798][T19470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 692.513288][T19470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.527070][T19470] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 692.544974][T19470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 692.555890][T19470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.566013][T19470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 692.593666][T19470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.613982][T19470] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 692.670482][T19470] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 692.705326][T19470] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 692.749890][T19470] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 692.789499][T19470] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 692.810364][T19470] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 692.826786][T19470] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 693.108054][T13024] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 693.136491][T13024] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 693.264510][T13030] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 693.295244][T13030] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 693.307426][T19737] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4676'. [ 693.332358][T19737] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4676'. [ 694.202365][T19776] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4688'. [ 694.881952][T19808] __nla_validate_parse: 1 callbacks suppressed [ 694.881968][T19808] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4698'. [ 694.921436][T19808] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4698'. [ 695.496572][T13024] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 696.237126][T19844] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4710'. [ 696.254337][T19844] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4710'. [ 696.716281][T13024] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 696.756715][T16306] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 696.769116][T16306] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 696.779709][T16306] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 696.789543][T16306] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 696.822613][T16306] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 696.831344][T16306] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 696.932553][T13024] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 697.035903][T13024] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 697.311064][T19877] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4722'. [ 697.374740][T19877] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4722'. [ 697.394066][T19861] chnl_net:caif_netlink_parms(): no params data found [ 697.732951][T19861] bridge0: port 1(bridge_slave_0) entered blocking state [ 697.751370][T19861] bridge0: port 1(bridge_slave_0) entered disabled state [ 697.758698][T19861] bridge_slave_0: entered allmulticast mode [ 697.784602][T19861] bridge_slave_0: entered promiscuous mode [ 697.877252][T19861] bridge0: port 2(bridge_slave_1) entered blocking state [ 697.885702][T19861] bridge0: port 2(bridge_slave_1) entered disabled state [ 697.893845][T19861] bridge_slave_1: entered allmulticast mode [ 697.905503][T19861] bridge_slave_1: entered promiscuous mode [ 698.197494][T19861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 698.226349][T19861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 698.518751][T19861] team0: Port device team_slave_0 added [ 698.592203][T19861] team0: Port device team_slave_1 added [ 698.598531][T19925] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4731'. [ 698.672196][T19920] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4731'. [ 698.765060][T19861] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 698.772450][T19861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 698.816482][T19861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 698.843514][T19861] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 698.858618][T19861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 698.895198][T19861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 698.904747][T16306] Bluetooth: hci1: command tx timeout [ 699.090671][T19861] hsr_slave_0: entered promiscuous mode [ 699.113183][T19861] hsr_slave_1: entered promiscuous mode [ 699.121597][T19861] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 699.141837][T19861] Cannot create hsr debugfs directory [ 699.532267][T13024] hsr_slave_0: left promiscuous mode [ 699.553304][T13024] hsr_slave_1: left promiscuous mode [ 699.571302][T13024] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 699.578983][T13024] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 699.617158][T13024] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 699.640535][T13024] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 699.651509][T13024] bridge_slave_1: left allmulticast mode [ 699.657253][T13024] bridge_slave_1: left promiscuous mode [ 699.681304][T13024] bridge0: port 2(bridge_slave_1) entered disabled state [ 699.714334][T13024] bridge_slave_0: left allmulticast mode [ 699.720065][T13024] bridge_slave_0: left promiscuous mode [ 699.740652][T13024] bridge0: port 1(bridge_slave_0) entered disabled state [ 699.799084][T13024] veth1_macvtap: left promiscuous mode [ 699.810443][T13024] veth0_macvtap: left promiscuous mode [ 699.816186][T13024] veth1_vlan: left promiscuous mode [ 699.830816][T13024] veth0_vlan: left promiscuous mode [ 700.855006][T13024] team0 (unregistering): Port device team_slave_1 removed [ 700.923480][T13024] team0 (unregistering): Port device team_slave_0 removed [ 700.980651][T16306] Bluetooth: hci1: command tx timeout [ 700.989744][T13024] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 701.057504][T13024] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 701.914275][T13024] bond0 (unregistering): Released all slaves [ 702.075602][T19962] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4741'. [ 702.091118][T19964] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4741'. [ 702.809050][T19996] warn_alloc: 1 callbacks suppressed [ 702.809070][T19996] syz.2.4749: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 702.864596][T19996] CPU: 0 PID: 19996 Comm: syz.2.4749 Not tainted 6.6.94-syzkaller #0 [ 702.872863][T19996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 702.882973][T19996] Call Trace: [ 702.886305][T19996] [ 702.889292][T19996] dump_stack_lvl+0x16c/0x230 [ 702.894075][T19996] ? show_regs_print_info+0x20/0x20 [ 702.899362][T19996] ? load_image+0x3b0/0x3b0 [ 702.903936][T19996] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 702.910425][T19996] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 702.917040][T19996] warn_alloc+0x210/0x300 [ 702.921438][T19996] ? stack_trace_save+0x9c/0xe0 [ 702.926450][T19996] ? zone_watermark_ok_safe+0x230/0x230 [ 702.932078][T19996] ? kasan_set_track+0x5f/0x70 [ 702.936908][T19996] ? kasan_set_track+0x4e/0x70 [ 702.941739][T19996] ? __kasan_kmalloc+0x8f/0xa0 [ 702.946570][T19996] ? xsk_init_queue+0xb0/0x110 [ 702.951397][T19996] ? xsk_setsockopt+0x43c/0x6f0 [ 702.956299][T19996] ? do_sock_setsockopt+0x254/0x3e0 [ 702.961559][T19996] ? __x64_sys_setsockopt+0x1be/0x250 [ 702.966996][T19996] __vmalloc_node_range+0x126/0x1320 [ 702.972389][T19996] ? free_vm_area+0x50/0x50 [ 702.976979][T19996] vmalloc_user+0x74/0x80 [ 702.981377][T19996] ? xskq_create+0xbf/0x170 [ 702.985941][T19996] xskq_create+0xbf/0x170 [ 702.990337][T19996] xsk_init_queue+0xb0/0x110 [ 702.994997][T19996] xsk_setsockopt+0x43c/0x6f0 [ 702.999745][T19996] ? xsk_poll+0x670/0x670 [ 703.004147][T19996] ? aa_sock_opt_perm+0x74/0x100 [ 703.009156][T19996] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 703.014770][T19996] ? security_socket_setsockopt+0x7e/0xa0 [ 703.020554][T19996] ? xsk_poll+0x670/0x670 [ 703.024949][T19996] do_sock_setsockopt+0x254/0x3e0 [ 703.030044][T19996] ? __ia32_sys_recv+0xb0/0xb0 [ 703.034880][T19996] ? __fdget+0x180/0x210 [ 703.039195][T19996] __x64_sys_setsockopt+0x1be/0x250 [ 703.044461][T19996] do_syscall_64+0x55/0xb0 [ 703.048948][T19996] ? clear_bhb_loop+0x40/0x90 [ 703.053680][T19996] ? clear_bhb_loop+0x40/0x90 [ 703.058426][T19996] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 703.060485][T16306] Bluetooth: hci1: command tx timeout [ 703.064361][T19996] RIP: 0033:0x7f152698e929 [ 703.064387][T19996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 703.064407][T19996] RSP: 002b:00007f1527798038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 703.064431][T19996] RAX: ffffffffffffffda RBX: 00007f1526bb5fa0 RCX: 00007f152698e929 [ 703.064448][T19996] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000007 [ 703.064463][T19996] RBP: 00007f1526a10b39 R08: 0000000000000004 R09: 0000000000000000 [ 703.064475][T19996] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 703.064489][T19996] R13: 0000000000000000 R14: 00007f1526bb5fa0 R15: 00007ffc84b5e888 [ 703.064530][T19996] [ 703.158122][T19996] Mem-Info: [ 703.161692][T19996] active_anon:4861 inactive_anon:0 isolated_anon:0 [ 703.161692][T19996] active_file:1381 inactive_file:40116 isolated_file:0 [ 703.161692][T19996] unevictable:768 dirty:29 writeback:0 [ 703.161692][T19996] slab_reclaimable:11231 slab_unreclaimable:102215 [ 703.161692][T19996] mapped:25274 shmem:1372 pagetables:572 [ 703.161692][T19996] sec_pagetables:0 bounce:0 [ 703.161692][T19996] kernel_misc_reclaimable:0 [ 703.161692][T19996] free:1360627 free_pcp:8714 free_cma:0 [ 703.207717][T19996] Node 0 active_anon:19444kB inactive_anon:0kB active_file:5524kB inactive_file:160264kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:101096kB dirty:116kB writeback:0kB shmem:3952kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11328kB pagetables:2288kB sec_pagetables:0kB all_unreclaimable? no [ 703.240643][T19996] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 703.271854][T19996] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 703.302174][T19996] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 703.304015][T19999] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 703.308154][T19996] Node 0 DMA32 free:1528416kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:19396kB inactive_anon:0kB active_file:5524kB inactive_file:158952kB unevictable:1536kB writepending:112kB present:3129332kB managed:2589668kB mlocked:0kB bounce:0kB free_pcp:18000kB local_pcp:13008kB free_cma:0kB [ 703.350032][T19996] lowmem_reserve[]: 0 0 1 1 1 [ 703.355045][T19996] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:4kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 703.388456][T19996] lowmem_reserve[]: 0 0 0 0 0 [ 703.416539][T19996] Node 1 Normal free:3898712kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:17084kB local_pcp:7252kB free_cma:0kB [ 703.453894][T19996] lowmem_reserve[]: 0 0 0 0 0 [ 703.458739][T19996] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 703.518156][T19996] Node 0 DMA32: 334*4kB (ME) 671*8kB (ME) 495*16kB (UME) 720*32kB (UME) 359*64kB (UME) 235*128kB (UME) 74*256kB (UME) 33*512kB (UME) 11*1024kB (UME) 3*2048kB (UM) 338*4096kB (UM) = 1528416kB [ 703.554757][T19996] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB [ 703.567951][T19996] Node 1 Normal: 170*4kB (UM) 64*8kB (UME) 39*16kB (UME) 72*32kB (UME) 19*64kB (UM) 5*128kB (UME) 2*256kB (ME) 0*512kB 1*1024kB (E) 2*2048kB (UE) 949*4096kB (M) = 3898712kB [ 703.593624][T19996] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 703.606304][T19996] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 703.619240][T19996] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 703.634346][T19996] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 703.682413][T19996] 42825 total pagecache pages [ 703.687179][T19996] 0 pages in swap cache [ 703.731626][T19996] Free swap = 124996kB [ 703.736072][T19996] Total swap = 124996kB [ 703.764450][T19996] 2097051 pages RAM [ 703.768354][T19996] 0 pages HighMem/MovableOnly [ 703.788421][T19996] 416120 pages reserved [ 703.796548][T20017] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4751'. [ 703.805635][T19996] 0 pages cma reserved [ 703.823542][T20017] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4751'. [ 703.894142][T19861] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 703.915081][T19861] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 703.962168][T19861] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 704.014278][T19861] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 704.297866][T19861] 8021q: adding VLAN 0 to HW filter on device bond0 [ 704.359309][T19861] 8021q: adding VLAN 0 to HW filter on device team0 [ 704.408447][T13032] bridge0: port 1(bridge_slave_0) entered blocking state [ 704.415770][T13032] bridge0: port 1(bridge_slave_0) entered forwarding state [ 704.463310][T13024] bridge0: port 2(bridge_slave_1) entered blocking state [ 704.470588][T13024] bridge0: port 2(bridge_slave_1) entered forwarding state [ 704.614972][T19861] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 704.736905][T20058] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4762'. [ 704.747568][T20058] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4762'. [ 705.033180][T19861] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 705.145302][T19861] veth0_vlan: entered promiscuous mode [ 705.172737][T19861] veth1_vlan: entered promiscuous mode [ 705.221231][ T5780] Bluetooth: hci1: command tx timeout [ 705.256113][T19861] veth0_macvtap: entered promiscuous mode [ 705.282887][T19861] veth1_macvtap: entered promiscuous mode [ 705.354622][T19861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 705.375732][T19861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 705.380683][T16306] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 705.388308][T19861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 705.407866][T19861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 705.418398][T19861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 705.445434][T19861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 705.462535][T19861] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 705.472816][T20049] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 705.473834][T19861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 705.489484][T19861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 705.502073][T19861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 705.513643][T19861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 705.524287][T19861] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 705.536009][T19861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 705.548414][T19861] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 705.623287][T19861] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 705.655205][T19861] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 705.670409][T19861] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 705.707805][T19861] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 705.941857][T20096] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4771'. [ 705.958333][T20096] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4771'. [ 706.090971][T13018] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 706.098931][T13018] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 706.227769][T13032] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 706.243908][T13032] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 706.613780][T20113] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 706.917685][T20134] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4782'. [ 706.931903][T20134] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4782'. [ 707.517557][T20162] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4792'. [ 707.527923][T20162] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4792'. [ 708.385832][ T48] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 708.434575][T20200] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4802'. [ 708.457897][T20198] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4802'. [ 708.660565][T16306] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 708.668003][T20153] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 709.631304][ T5780] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 709.657395][ T5780] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 709.671114][ T5780] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 709.672386][T20225] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4812'. [ 709.694714][ T5780] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 709.705452][ T5780] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 709.709978][T20225] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4812'. [ 709.730662][ T5780] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 709.824208][ T48] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 709.947574][ T48] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 709.991584][T20227] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 710.041918][ T48] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 710.527190][T20220] chnl_net:caif_netlink_parms(): no params data found [ 711.189183][T20220] bridge0: port 1(bridge_slave_0) entered blocking state [ 711.206925][T20220] bridge0: port 1(bridge_slave_0) entered disabled state [ 711.218887][T20220] bridge_slave_0: entered allmulticast mode [ 711.236135][T20220] bridge_slave_0: entered promiscuous mode [ 711.259932][T20220] bridge0: port 2(bridge_slave_1) entered blocking state [ 711.268544][T20220] bridge0: port 2(bridge_slave_1) entered disabled state [ 711.276313][T20220] bridge_slave_1: entered allmulticast mode [ 711.284802][T20220] bridge_slave_1: entered promiscuous mode [ 711.297451][T20268] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4822'. [ 711.368803][T20275] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4822'. [ 711.512106][T20220] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 711.564777][T20220] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 711.793107][T20220] team0: Port device team_slave_0 added [ 711.799774][ T5780] Bluetooth: hci1: command tx timeout [ 711.854209][T20220] team0: Port device team_slave_1 added [ 712.016447][T20220] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 712.020558][T16306] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 712.023972][T20220] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 712.061537][T20220] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 712.083437][T20272] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 712.123720][T20220] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 712.144639][T20220] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 712.175392][T20220] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 712.370597][T20220] hsr_slave_0: entered promiscuous mode [ 712.392629][T20220] hsr_slave_1: entered promiscuous mode [ 712.409215][T20220] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 712.427213][T20220] Cannot create hsr debugfs directory [ 712.459746][ T48] hsr_slave_0: left promiscuous mode [ 712.471124][ T48] hsr_slave_1: left promiscuous mode [ 712.499633][ T48] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 712.515153][ T48] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 712.523672][ T48] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 712.535924][ T48] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 712.551240][ T48] bridge_slave_1: left allmulticast mode [ 712.562867][ T48] bridge_slave_1: left promiscuous mode [ 712.569124][ T48] bridge0: port 2(bridge_slave_1) entered disabled state [ 712.594389][ T48] bridge_slave_0: left allmulticast mode [ 712.607104][ T48] bridge_slave_0: left promiscuous mode [ 712.618358][ T48] bridge0: port 1(bridge_slave_0) entered disabled state [ 712.695905][ T48] veth1_macvtap: left promiscuous mode [ 712.707325][ T48] veth0_macvtap: left promiscuous mode [ 712.720866][ T48] veth1_vlan: left promiscuous mode [ 712.733556][ T48] veth0_vlan: left promiscuous mode [ 713.707072][ T48] team0 (unregistering): Port device team_slave_1 removed [ 713.780082][ T48] team0 (unregistering): Port device team_slave_0 removed [ 713.844544][ T48] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 713.869699][T16306] Bluetooth: hci1: command tx timeout [ 713.919885][ T48] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 714.690043][ T48] bond0 (unregistering): Released all slaves [ 714.803493][T20322] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4834'. [ 714.816663][T20327] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4834'. [ 715.275646][T20341] warn_alloc: 5 callbacks suppressed [ 715.275664][T20341] syz.2.4840: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 715.332446][T20341] CPU: 0 PID: 20341 Comm: syz.2.4840 Not tainted 6.6.94-syzkaller #0 [ 715.340612][T20341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 715.350728][T20341] Call Trace: [ 715.354070][T20341] [ 715.357069][T20341] dump_stack_lvl+0x16c/0x230 [ 715.361912][T20341] ? show_regs_print_info+0x20/0x20 [ 715.367177][T20341] ? load_image+0x3b0/0x3b0 [ 715.371750][T20341] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 715.378235][T20341] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 715.384817][T20341] warn_alloc+0x210/0x300 [ 715.389220][T20341] ? stack_trace_save+0x9c/0xe0 [ 715.394144][T20341] ? zone_watermark_ok_safe+0x230/0x230 [ 715.399762][T20341] ? kasan_set_track+0x5f/0x70 [ 715.404692][T20341] ? kasan_set_track+0x4e/0x70 [ 715.409514][T20341] ? __kasan_kmalloc+0x8f/0xa0 [ 715.414340][T20341] ? xsk_init_queue+0xb0/0x110 [ 715.419165][T20341] ? xsk_setsockopt+0x43c/0x6f0 [ 715.424080][T20341] ? do_sock_setsockopt+0x254/0x3e0 [ 715.429368][T20341] ? __x64_sys_setsockopt+0x1be/0x250 [ 715.434853][T20341] __vmalloc_node_range+0x126/0x1320 [ 715.440245][T20341] ? free_vm_area+0x50/0x50 [ 715.444854][T20341] vmalloc_user+0x74/0x80 [ 715.449256][T20341] ? xskq_create+0xbf/0x170 [ 715.453832][T20341] xskq_create+0xbf/0x170 [ 715.458237][T20341] xsk_init_queue+0xb0/0x110 [ 715.462907][T20341] xsk_setsockopt+0x43c/0x6f0 [ 715.467662][T20341] ? xsk_poll+0x670/0x670 [ 715.472067][T20341] ? aa_sock_opt_perm+0x74/0x100 [ 715.477088][T20341] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 715.482713][T20341] ? security_socket_setsockopt+0x7e/0xa0 [ 715.488513][T20341] ? xsk_poll+0x670/0x670 [ 715.492958][T20341] do_sock_setsockopt+0x254/0x3e0 [ 715.498060][T20341] ? __ia32_sys_recv+0xb0/0xb0 [ 715.502909][T20341] ? __fdget+0x180/0x210 [ 715.507228][T20341] __x64_sys_setsockopt+0x1be/0x250 [ 715.512507][T20341] do_syscall_64+0x55/0xb0 [ 715.516993][T20341] ? clear_bhb_loop+0x40/0x90 [ 715.521825][T20341] ? clear_bhb_loop+0x40/0x90 [ 715.526573][T20341] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 715.532553][T20341] RIP: 0033:0x7f152698e929 [ 715.537027][T20341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 715.556693][T20341] RSP: 002b:00007f1527798038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 715.565175][T20341] RAX: ffffffffffffffda RBX: 00007f1526bb5fa0 RCX: 00007f152698e929 [ 715.573202][T20341] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000007 [ 715.581231][T20341] RBP: 00007f1526a10b39 R08: 0000000000000004 R09: 0000000000000000 [ 715.589264][T20341] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 715.597297][T20341] R13: 0000000000000000 R14: 00007f1526bb5fa0 R15: 00007ffc84b5e888 [ 715.605348][T20341] [ 715.679851][T20341] Mem-Info: [ 715.683234][T20341] active_anon:5036 inactive_anon:0 isolated_anon:0 [ 715.683234][T20341] active_file:1381 inactive_file:40122 isolated_file:0 [ 715.683234][T20341] unevictable:768 dirty:38 writeback:0 [ 715.683234][T20341] slab_reclaimable:11265 slab_unreclaimable:101874 [ 715.683234][T20341] mapped:24304 shmem:1372 pagetables:557 [ 715.683234][T20341] sec_pagetables:0 bounce:0 [ 715.683234][T20341] kernel_misc_reclaimable:0 [ 715.683234][T20341] free:1362325 free_pcp:5433 free_cma:0 [ 715.729874][T20341] Node 0 active_anon:20244kB inactive_anon:0kB active_file:5524kB inactive_file:160288kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:97316kB dirty:152kB writeback:0kB shmem:3952kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11476kB pagetables:2328kB sec_pagetables:0kB all_unreclaimable? no [ 715.786088][T20341] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 715.821475][T20341] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 715.850182][T20341] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 715.859178][T20341] Node 0 DMA32 free:1535592kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:20100kB inactive_anon:0kB active_file:5524kB inactive_file:158976kB unevictable:1536kB writepending:148kB present:3129332kB managed:2589668kB mlocked:0kB bounce:0kB free_pcp:5384kB local_pcp:1012kB free_cma:0kB [ 715.899098][T20341] lowmem_reserve[]: 0 0 1 1 1 [ 715.909757][T20341] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1312kB unevictable:0kB writepending:4kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 715.940338][ T5780] Bluetooth: hci1: command tx timeout [ 715.954492][T20341] lowmem_reserve[]: 0 0 0 0 0 [ 715.963066][T20341] Node 1 Normal free:3898712kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:17084kB local_pcp:9832kB free_cma:0kB [ 716.017077][T20341] lowmem_reserve[]: 0 0 0 0 0 [ 716.025320][T20341] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 716.056264][T20341] Node 0 DMA32: 846*4kB (UME) 652*8kB (UME) 383*16kB (UME) 649*32kB (UME) 374*64kB (UME) 238*128kB (UME) 74*256kB (UME) 33*512kB (UME) 11*1024kB (UME) 7*2048kB (UM) 338*4096kB (UM) = 1535784kB [ 716.077281][T20341] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB [ 716.134406][T20341] Node 1 Normal: 170*4kB (UM) 64*8kB (UME) 39*16kB (UME) 72*32kB (UME) 19*64kB (UM) 5*128kB (UME) 2*256kB (ME) 0*512kB 1*1024kB (E) 2*2048kB (UE) 949*4096kB (M) = 3898712kB [ 716.156182][T20341] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 716.230531][T20346] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 716.247290][T20341] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 716.304835][T20341] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 716.336430][T20341] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 716.346378][T20341] 42831 total pagecache pages [ 716.359259][T20341] 0 pages in swap cache [ 716.364155][T20341] Free swap = 124996kB [ 716.368530][T20341] Total swap = 124996kB [ 716.378121][T20341] 2097051 pages RAM [ 716.400482][T20341] 0 pages HighMem/MovableOnly [ 716.405869][T20341] 416120 pages reserved [ 716.410110][T20341] 0 pages cma reserved [ 716.441604][T20370] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4845'. [ 716.471037][T20370] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4845'. [ 716.857258][T20220] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 716.912199][T20220] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 716.948535][T20220] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 716.969912][T20220] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 716.995909][T20390] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 717.227196][T20400] syzkaller0: entered promiscuous mode [ 717.245014][T20400] syzkaller0: entered allmulticast mode [ 717.278265][T20220] 8021q: adding VLAN 0 to HW filter on device bond0 [ 717.317994][T20408] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4856'. [ 718.029187][ T5780] Bluetooth: hci1: command tx timeout [ 718.236765][ C0] vcan0: j1939_tp_rxtimer: 0xffff888024e2b400: rx timeout, send abort [ 718.247290][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888024e2b400: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 718.260653][T16306] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 720.576477][T20408] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4856'. [ 720.606875][T20220] 8021q: adding VLAN 0 to HW filter on device team0 [ 720.682527][T13036] bridge0: port 1(bridge_slave_0) entered blocking state [ 720.689714][T13036] bridge0: port 1(bridge_slave_0) entered forwarding state [ 720.736428][T13030] bridge0: port 2(bridge_slave_1) entered blocking state [ 720.743696][T13030] bridge0: port 2(bridge_slave_1) entered forwarding state [ 720.917078][T20220] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 721.236099][T20443] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4864'. [ 721.401221][T20451] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4866'. [ 721.423301][T20451] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4866'. [ 721.564550][T20220] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 721.739794][T20220] veth0_vlan: entered promiscuous mode [ 721.770482][T20220] veth1_vlan: entered promiscuous mode [ 721.858663][T20471] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 721.899330][T20220] veth0_macvtap: entered promiscuous mode [ 721.963719][T20220] veth1_macvtap: entered promiscuous mode [ 722.043381][T20220] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.070404][T20220] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.100439][T20220] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.125117][T20220] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.135569][T20220] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 722.146339][T20220] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.159057][T20220] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 722.198867][T20220] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 722.230682][T20220] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.250312][T20220] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 722.276005][T20220] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.303354][T20220] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 722.311933][T20486] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 722.322772][T20220] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 722.335082][T20220] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 722.359162][T20220] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.369841][T20220] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.385796][T20220] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.395343][T20220] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.567277][T13024] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 722.594490][T13024] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 722.648814][T13024] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 722.666788][T13024] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 723.554853][ C0] vcan0: j1939_tp_rxtimer: 0xffff888026d44400: rx timeout, send abort [ 723.563375][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888026d44400: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 723.565967][T20532] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 724.172157][ T48] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 725.263989][T20555] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 725.417705][ T48] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 725.447535][T20564] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 725.531393][ T5088] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 725.553254][ T5088] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 725.562639][ T5088] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 725.580130][ T5088] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 725.584279][ T48] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 725.605473][ T5088] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 725.615906][ T5088] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 725.697769][ T48] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 726.244792][T20565] chnl_net:caif_netlink_parms(): no params data found [ 726.627613][T20565] bridge0: port 1(bridge_slave_0) entered blocking state [ 726.647265][T20565] bridge0: port 1(bridge_slave_0) entered disabled state [ 726.678443][T20565] bridge_slave_0: entered allmulticast mode [ 726.693970][ C0] vcan0: j1939_tp_rxtimer: 0xffff888025a63800: rx timeout, send abort [ 726.702810][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888025a63800: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 726.711232][T20565] bridge_slave_0: entered promiscuous mode [ 726.811029][T20565] bridge0: port 2(bridge_slave_1) entered blocking state [ 726.818281][T20565] bridge0: port 2(bridge_slave_1) entered disabled state [ 726.840607][T20565] bridge_slave_1: entered allmulticast mode [ 726.860589][T20565] bridge_slave_1: entered promiscuous mode [ 726.906818][T20606] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4907'. [ 727.033559][T20565] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 727.086766][T20565] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 727.301175][T16306] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 727.308171][T20580] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 727.393223][T20565] team0: Port device team_slave_0 added [ 727.406587][T20565] team0: Port device team_slave_1 added [ 727.616855][T20565] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 727.630081][T20565] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 727.677525][T20565] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 727.701621][T16306] Bluetooth: hci1: command tx timeout [ 727.771380][ T48] hsr_slave_0: left promiscuous mode [ 727.781661][T20636] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 727.809401][ T48] hsr_slave_1: left promiscuous mode [ 727.816068][ T48] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 727.843732][ T48] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 727.868789][ T48] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 727.880162][ T48] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 727.894163][ T48] bridge_slave_1: left allmulticast mode [ 727.903080][ T48] bridge_slave_1: left promiscuous mode [ 727.909197][ T48] bridge0: port 2(bridge_slave_1) entered disabled state [ 727.927006][ T48] bridge_slave_0: left allmulticast mode [ 727.935332][ T48] bridge_slave_0: left promiscuous mode [ 727.950110][ T48] bridge0: port 1(bridge_slave_0) entered disabled state [ 728.009242][ T48] veth1_macvtap: left promiscuous mode [ 728.015110][ T48] veth0_macvtap: left promiscuous mode [ 728.021718][ T48] veth1_vlan: left promiscuous mode [ 728.027153][ T48] veth0_vlan: left promiscuous mode [ 729.031319][ C1] vcan0: j1939_tp_rxtimer: 0xffff888060223800: rx timeout, send abort [ 729.039991][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888060223800: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session. [ 729.124428][ T48] team0 (unregistering): Port device team_slave_1 removed [ 729.269528][ T48] team0 (unregistering): Port device team_slave_0 removed [ 729.343925][ T48] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 729.361607][T20671] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 729.437950][ T48] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 729.783071][ T5088] Bluetooth: hci1: command tx timeout [ 730.248543][ T48] bond0 (unregistering): Released all slaves [ 730.375522][T20565] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 730.388480][T20565] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 730.429671][T20565] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 730.594495][T20565] hsr_slave_0: entered promiscuous mode [ 730.602585][T20565] hsr_slave_1: entered promiscuous mode [ 730.626877][T20565] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 730.639313][T20565] Cannot create hsr debugfs directory [ 730.831383][T20690] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 731.381374][T16306] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 731.860695][ T5088] Bluetooth: hci1: command tx timeout [ 732.080900][T20565] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 732.094679][T20565] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 732.107643][T20565] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 732.119123][T20565] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 732.126410][T20704] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 732.343932][T20739] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 732.409104][T20565] 8021q: adding VLAN 0 to HW filter on device bond0 [ 732.472285][T20565] 8021q: adding VLAN 0 to HW filter on device team0 [ 732.513242][T13036] bridge0: port 1(bridge_slave_0) entered blocking state [ 732.520530][T13036] bridge0: port 1(bridge_slave_0) entered forwarding state [ 732.569348][T13036] bridge0: port 2(bridge_slave_1) entered blocking state [ 732.576643][T13036] bridge0: port 2(bridge_slave_1) entered forwarding state [ 733.285479][T20565] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 733.452138][T20565] veth0_vlan: entered promiscuous mode [ 733.499496][T20565] veth1_vlan: entered promiscuous mode [ 733.609067][T20565] veth0_macvtap: entered promiscuous mode [ 733.643781][T20565] veth1_macvtap: entered promiscuous mode [ 733.717454][T20565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 733.750818][T20565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.771338][T20565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 733.801882][T20565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.817690][T20565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 733.829374][T20565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.843813][T20565] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 733.893715][T20785] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4956'. [ 733.916548][T20565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 733.940454][ T5088] Bluetooth: hci1: command tx timeout [ 733.960337][T20565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.974649][T20565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 733.985514][T20565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 733.996975][T20565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 734.008175][T20565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 734.023725][T20565] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 734.036141][T20783] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4956'. [ 734.077951][T20565] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 734.101910][T20565] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 734.125875][T20565] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 734.150758][T20565] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 734.181547][T16306] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 734.197101][T20765] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 734.416199][T13030] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 734.441485][T13030] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 734.533257][T13032] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 734.559544][T13032] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 735.542494][T20842] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 736.233626][T20873] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4982'. [ 736.249634][T20873] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4982'. [ 737.427082][T13036] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 737.620649][T16306] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 737.633601][T20875] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 738.264721][T13036] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 738.411441][T13036] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 738.587064][T13036] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 739.107348][ T5088] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 739.120785][ T5088] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 739.132533][ T5088] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 739.152545][ T5088] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 739.174326][ T5088] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 739.182656][ T5088] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 739.200028][T20931] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 739.306564][T20935] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 740.272643][T13036] hsr_slave_0: left promiscuous mode [ 740.278756][T13036] hsr_slave_1: left promiscuous mode [ 740.286131][T13036] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 740.295982][T13036] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 740.303979][T13036] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 740.311512][T13036] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 740.319675][T13036] bridge_slave_1: left allmulticast mode [ 740.325553][T13036] bridge_slave_1: left promiscuous mode [ 740.331412][T13036] bridge0: port 2(bridge_slave_1) entered disabled state [ 740.343928][T13036] bridge_slave_0: left allmulticast mode [ 740.349624][T13036] bridge_slave_0: left promiscuous mode [ 740.355589][T13036] bridge0: port 1(bridge_slave_0) entered disabled state [ 740.385898][T13036] veth1_macvtap: left promiscuous mode [ 740.392461][T13036] veth0_macvtap: left promiscuous mode [ 740.398118][T13036] veth1_vlan: left promiscuous mode [ 740.403626][T13036] veth0_vlan: left promiscuous mode [ 741.062457][ T5780] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 741.075761][ T5780] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 741.085121][ T5780] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 741.126369][ T5780] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 741.139854][ T5780] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 741.147926][ T5780] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 741.485853][ T5088] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 741.497885][T13036] team0 (unregistering): Port device team_slave_1 removed [ 741.569544][T13036] team0 (unregistering): Port device team_slave_0 removed [ 741.637475][T13036] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 741.703118][T13036] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 742.526079][T13036] bond0 (unregistering): Released all slaves [ 742.618781][T20943] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 743.098516][T20951] chnl_net:caif_netlink_parms(): no params data found [ 743.221063][ T5088] Bluetooth: hci1: command tx timeout [ 743.284507][T20951] bridge0: port 1(bridge_slave_0) entered blocking state [ 743.299456][T20951] bridge0: port 1(bridge_slave_0) entered disabled state [ 743.308149][T20951] bridge_slave_0: entered allmulticast mode [ 743.318959][T20951] bridge_slave_0: entered promiscuous mode [ 743.333556][T20951] bridge0: port 2(bridge_slave_1) entered blocking state [ 743.341801][T20951] bridge0: port 2(bridge_slave_1) entered disabled state [ 743.351366][T20951] bridge_slave_1: entered allmulticast mode [ 743.359082][T20951] bridge_slave_1: entered promiscuous mode [ 743.418133][T20951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 743.436889][T20977] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 743.441586][T20951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 743.546699][T20951] team0: Port device team_slave_0 added [ 743.568391][T20951] team0: Port device team_slave_1 added [ 743.628560][T20951] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 743.637976][T20951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 743.669996][T20951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 743.691766][T20951] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 743.699091][T20951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 743.735044][T20951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 743.849904][T20951] hsr_slave_0: entered promiscuous mode [ 743.863366][T20951] hsr_slave_1: entered promiscuous mode [ 743.876676][T20951] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 743.887379][T20951] Cannot create hsr debugfs directory [ 744.640612][T21004] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 744.656024][T21004] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 744.681214][T20951] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 744.700513][T20951] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 744.737869][T20951] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 744.780479][T20951] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 745.009098][T20951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 745.055181][T20951] 8021q: adding VLAN 0 to HW filter on device team0 [ 745.107518][T13036] bridge0: port 1(bridge_slave_0) entered blocking state [ 745.114906][T13036] bridge0: port 1(bridge_slave_0) entered forwarding state [ 745.125607][T13036] bridge0: port 2(bridge_slave_1) entered blocking state [ 745.133474][T13036] bridge0: port 2(bridge_slave_1) entered forwarding state [ 745.173698][T10077] hid-generic 0005:0C45:0004.0001: item fetching failed at offset 0/1 [ 745.194672][T10077] hid-generic: probe of 0005:0C45:0004.0001 failed with error -22 [ 745.300734][ T5780] Bluetooth: hci1: command tx timeout [ 745.460373][ T5088] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 745.631320][T20951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 745.751869][T20951] veth0_vlan: entered promiscuous mode [ 745.778971][T20951] veth1_vlan: entered promiscuous mode [ 745.865088][T20951] veth0_macvtap: entered promiscuous mode [ 745.879271][T21050] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5038'. [ 745.895930][T20951] veth1_macvtap: entered promiscuous mode [ 745.904921][T21050] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5038'. [ 745.987711][T20951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 745.998596][T20951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 746.008488][T20951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 746.029319][T20951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 746.039623][T20951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 746.056452][T20951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 746.076030][T20951] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 746.099315][T20951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 746.136428][T20951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 746.147041][T20951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 746.170443][T20951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 746.190351][T20951] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 746.201030][T20951] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 746.217729][T20951] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 746.257456][T20951] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 746.268590][T20951] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 746.281422][T20951] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 746.290287][T20951] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 746.487469][T13036] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 746.507074][T13036] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 746.594449][T13030] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 746.617766][T13030] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 747.196163][T21088] ================================================================== [ 747.204601][T21088] BUG: KASAN: slab-use-after-free in rose_get_neigh+0x391/0x990 [ 747.212844][T21088] Read of size 1 at addr ffff8880600f6030 by task syz.2.5056/21088 [ 747.220883][T21088] [ 747.223243][T21088] CPU: 1 PID: 21088 Comm: syz.2.5056 Not tainted 6.6.94-syzkaller #0 [ 747.231350][T21088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 747.241421][T21088] Call Trace: [ 747.244710][T21088] [ 747.247658][T21088] dump_stack_lvl+0x16c/0x230 [ 747.252391][T21088] ? __lock_acquire+0x7c80/0x7c80 [ 747.257541][T21088] ? show_regs_print_info+0x20/0x20 [ 747.262842][T21088] ? load_image+0x3b0/0x3b0 [ 747.267402][T21088] ? __virt_addr_valid+0x469/0x540 [ 747.272537][T21088] print_report+0xac/0x230 [ 747.277029][T21088] ? rose_get_neigh+0x391/0x990 [ 747.281900][T21088] kasan_report+0x117/0x150 [ 747.286422][T21088] ? rose_get_neigh+0x391/0x990 [ 747.291296][T21088] rose_get_neigh+0x391/0x990 [ 747.296038][T21088] rose_connect+0x417/0x10a0 [ 747.300676][T21088] ? aa_sk_perm+0x7fc/0x930 [ 747.305227][T21088] ? rose_bind+0x7c0/0x7c0 [ 747.309706][T21088] ? aa_af_perm+0x290/0x2b0 [ 747.314256][T21088] ? tomoyo_socket_connect_permission+0x164/0x290 [ 747.320715][T21088] ? __might_fault+0xaa/0x120 [ 747.325413][T21088] ? bpf_lsm_socket_connect+0x9/0x10 [ 747.330807][T21088] ? security_socket_connect+0x80/0xa0 [ 747.336300][T21088] ? rose_bind+0x7c0/0x7c0 [ 747.340760][T21088] __sys_connect+0x397/0x420 [ 747.345389][T21088] ? __sys_connect_file+0x180/0x180 [ 747.350631][T21088] __x64_sys_connect+0x7a/0x90 [ 747.355439][T21088] do_syscall_64+0x55/0xb0 [ 747.359910][T21088] ? clear_bhb_loop+0x40/0x90 [ 747.364649][T21088] ? clear_bhb_loop+0x40/0x90 [ 747.369452][T21088] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 747.375421][T21088] RIP: 0033:0x7f152698e929 [ 747.379855][T21088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 747.399497][T21088] RSP: 002b:00007f1527798038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 747.408039][T21088] RAX: ffffffffffffffda RBX: 00007f1526bb5fa0 RCX: 00007f152698e929 [ 747.416059][T21088] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000004 [ 747.424088][T21088] RBP: 00007f1526a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 747.432079][T21088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 747.440071][T21088] R13: 0000000000000000 R14: 00007f1526bb5fa0 R15: 00007ffc84b5e888 [ 747.448161][T21088] [ 747.451208][T21088] [ 747.453558][T21088] Allocated by task 20565: [ 747.458011][T21088] kasan_set_track+0x4e/0x70 [ 747.462645][T21088] __kasan_kmalloc+0x8f/0xa0 [ 747.467254][T21088] __ipv6_dev_mc_inc+0x413/0xac0 [ 747.472212][T21088] ipv6_add_dev+0xd75/0x11f0 [ 747.476819][T21088] addrconf_notify+0x67b/0x1010 [ 747.481677][T21088] notifier_call_chain+0x197/0x390 [ 747.486802][T21088] register_netdevice+0x160c/0x1ae0 [ 747.492037][T21088] veth_newlink+0x7bb/0xc30 [ 747.496554][T21088] rtnl_newlink+0x14d0/0x2020 [ 747.501253][T21088] rtnetlink_rcv_msg+0x7c7/0xf10 [ 747.506235][T21088] netlink_rcv_skb+0x216/0x480 [ 747.511039][T21088] netlink_unicast+0x750/0x8c0 [ 747.515824][T21088] netlink_sendmsg+0x8c1/0xbe0 [ 747.520605][T21088] __sys_sendto+0x46a/0x620 [ 747.525119][T21088] __x64_sys_sendto+0xde/0xf0 [ 747.529824][T21088] do_syscall_64+0x55/0xb0 [ 747.534286][T21088] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 747.540215][T21088] [ 747.542555][T21088] Freed by task 23: [ 747.546364][T21088] kasan_set_track+0x4e/0x70 [ 747.550990][T21088] kasan_save_free_info+0x2e/0x50 [ 747.556065][T21088] ____kasan_slab_free+0x126/0x1e0 [ 747.561232][T21088] slab_free_freelist_hook+0x130/0x1b0 [ 747.566710][T21088] kmem_cache_free_bulk+0x347/0x460 [ 747.571924][T21088] kvfree_rcu_bulk+0x1eb/0x470 [ 747.576711][T21088] kfree_rcu_monitor+0x7e7/0xf50 [ 747.581662][T21088] process_scheduled_works+0xa45/0x15b0 [ 747.587235][T21088] worker_thread+0xa55/0xfc0 [ 747.591850][T21088] kthread+0x2fa/0x390 [ 747.595935][T21088] ret_from_fork+0x48/0x80 [ 747.600461][T21088] ret_from_fork_asm+0x11/0x20 [ 747.605274][T21088] [ 747.607731][T21088] Last potentially related work creation: [ 747.613469][T21088] kasan_save_stack+0x3e/0x60 [ 747.618164][T21088] __kasan_record_aux_stack+0xaf/0xc0 [ 747.623560][T21088] kvfree_call_rcu+0xee/0x780 [ 747.628255][T21088] __ipv6_dev_mc_dec+0x2cc/0x330 [ 747.633217][T21088] ipv6_mc_destroy_dev+0x338/0x590 [ 747.638352][T21088] addrconf_ifdown+0x139f/0x1880 [ 747.643314][T21088] addrconf_notify+0x6c6/0x1010 [ 747.648179][T21088] notifier_call_chain+0x197/0x390 [ 747.653337][T21088] unregister_netdevice_many_notify+0xf36/0x1810 [ 747.659725][T21088] default_device_exit_batch+0x9cb/0xa60 [ 747.665412][T21088] cleanup_net+0x77f/0xb90 [ 747.669951][T21088] process_scheduled_works+0xa45/0x15b0 [ 747.675536][T21088] worker_thread+0xa55/0xfc0 [ 747.680147][T21088] kthread+0x2fa/0x390 [ 747.684231][T21088] ret_from_fork+0x48/0x80 [ 747.688665][T21088] ret_from_fork_asm+0x11/0x20 [ 747.693443][T21088] [ 747.695772][T21088] Second to last potentially related work creation: [ 747.702383][T21088] kasan_save_stack+0x3e/0x60 [ 747.707109][T21088] __kasan_record_aux_stack+0xaf/0xc0 [ 747.712529][T21088] kvfree_call_rcu+0xee/0x780 [ 747.717230][T21088] __ipv6_dev_mc_dec+0x2cc/0x330 [ 747.722215][T21088] ipv6_mc_destroy_dev+0x338/0x590 [ 747.727352][T21088] addrconf_ifdown+0x139f/0x1880 [ 747.732342][T21088] addrconf_notify+0x6c6/0x1010 [ 747.737207][T21088] notifier_call_chain+0x197/0x390 [ 747.742334][T21088] unregister_netdevice_many_notify+0xf36/0x1810 [ 747.748682][T21088] unregister_netdevice_queue+0x324/0x360 [ 747.754428][T21088] __tun_detach+0xd45/0x1500 [ 747.759068][T21088] tun_chr_close+0x10d/0x1c0 [ 747.763694][T21088] __fput+0x234/0x970 [ 747.767689][T21088] task_work_run+0x1ce/0x250 [ 747.772292][T21088] exit_to_user_mode_loop+0xe6/0x110 [ 747.777597][T21088] exit_to_user_mode_prepare+0xb1/0x140 [ 747.783251][T21088] syscall_exit_to_user_mode+0x1a/0x50 [ 747.788739][T21088] do_syscall_64+0x61/0xb0 [ 747.793177][T21088] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 747.799094][T21088] [ 747.801455][T21088] The buggy address belongs to the object at ffff8880600f6000 [ 747.801455][T21088] which belongs to the cache kmalloc-512 of size 512 [ 747.815543][T21088] The buggy address is located 48 bytes inside of [ 747.815543][T21088] freed 512-byte region [ffff8880600f6000, ffff8880600f6200) [ 747.829263][T21088] [ 747.831603][T21088] The buggy address belongs to the physical page: [ 747.838041][T21088] page:ffffea0001803d00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x600f4 [ 747.848211][T21088] head:ffffea0001803d00 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 747.857161][T21088] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 747.865153][T21088] page_type: 0xffffffff() [ 747.869499][T21088] raw: 00fff00000000840 ffff888017841c80 dead000000000100 dead000000000122 [ 747.878106][T21088] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 747.886746][T21088] page dumped because: kasan: bad access detected [ 747.893193][T21088] page_owner tracks the page as allocated [ 747.898999][T21088] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5777, tgid 5777 (syz-executor), ts 88601907385, free_ts 27463876271 [ 747.920478][T21088] post_alloc_hook+0x1cd/0x210 [ 747.925278][T21088] get_page_from_freelist+0x195c/0x19f0 [ 747.930974][T21088] __alloc_pages+0x1e3/0x460 [ 747.935589][T21088] alloc_slab_page+0x5d/0x170 [ 747.940375][T21088] new_slab+0x87/0x2e0 [ 747.944486][T21088] ___slab_alloc+0xc6d/0x12f0 [ 747.949179][T21088] __kmem_cache_alloc_node+0x1a2/0x260 [ 747.954665][T21088] __kmalloc+0xa4/0x240 [ 747.958856][T21088] fib6_info_alloc+0x32/0xe0 [ 747.963470][T21088] ip6_route_info_create+0x44f/0x1200 [ 747.968892][T21088] addrconf_f6i_alloc+0x1c6/0x400 [ 747.973960][T21088] ipv6_add_addr+0x576/0x1090 [ 747.978666][T21088] addrconf_add_linklocal+0x289/0x6b0 [ 747.984093][T21088] addrconf_addr_gen+0x4ac/0x5a0 [ 747.989136][T21088] addrconf_init_auto_addrs+0x719/0xb40 [ 747.994702][T21088] addrconf_notify+0xb62/0x1010 [ 747.999616][T21088] page last free stack trace: [ 748.004312][T21088] free_unref_page_prepare+0x7ce/0x8e0 [ 748.009829][T21088] free_unref_page+0x32/0x2e0 [ 748.014534][T21088] free_contig_range+0xa1/0x160 [ 748.019425][T21088] destroy_args+0x87/0x770 [ 748.023928][T21088] debug_vm_pgtable+0x3cc/0x410 [ 748.028861][T21088] do_one_initcall+0x1fd/0x750 [ 748.033677][T21088] do_initcall_level+0x137/0x1f0 [ 748.038652][T21088] do_initcalls+0x69/0xd0 [ 748.043022][T21088] kernel_init_freeable+0x3d2/0x570 [ 748.043652][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 748.048253][T21088] kernel_init+0x1d/0x1c0 [ 748.058895][T21088] ret_from_fork+0x48/0x80 [ 748.060345][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.063424][T21088] ret_from_fork_asm+0x11/0x20 [ 748.074484][T21088] [ 748.076854][T21088] Memory state around the buggy address: [ 748.082490][T21088] ffff8880600f5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 748.090563][T21088] ffff8880600f5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 748.098633][T21088] >ffff8880600f6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 748.106706][T21088] ^ [ 748.112347][T21088] ffff8880600f6080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 748.120425][T21088] ffff8880600f6100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 748.128532][T21088] ================================================================== [ 748.136750][T21088] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 748.144110][T21088] CPU: 1 PID: 21088 Comm: syz.2.5056 Not tainted 6.6.94-syzkaller #0 [ 748.152226][T21088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 748.162330][T21088] Call Trace: [ 748.165645][T21088] [ 748.168612][T21088] dump_stack_lvl+0x16c/0x230 [ 748.173348][T21088] ? show_regs_print_info+0x20/0x20 [ 748.178609][T21088] ? load_image+0x3b0/0x3b0 [ 748.183178][T21088] panic+0x2c0/0x710 [ 748.187130][T21088] ? bpf_jit_dump+0xd0/0xd0 [ 748.191693][T21088] ? _raw_spin_unlock_irqrestore+0xa9/0x110 [ 748.197667][T21088] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 748.203711][T21088] ? _raw_spin_unlock+0x40/0x40 [ 748.208620][T21088] ? print_memory_metadata+0x314/0x400 [ 748.214139][T21088] ? rose_get_neigh+0x391/0x990 [ 748.219041][T21088] check_panic_on_warn+0x84/0xa0 [ 748.224035][T21088] ? rose_get_neigh+0x391/0x990 [ 748.228943][T21088] end_report+0x6f/0x140 [ 748.233255][T21088] kasan_report+0x128/0x150 [ 748.237824][T21088] ? rose_get_neigh+0x391/0x990 [ 748.242747][T21088] rose_get_neigh+0x391/0x990 [ 748.247486][T21088] rose_connect+0x417/0x10a0 [ 748.252138][T21088] ? aa_sk_perm+0x7fc/0x930 [ 748.256680][T21088] ? rose_bind+0x7c0/0x7c0 [ 748.261141][T21088] ? aa_af_perm+0x290/0x2b0 [ 748.265690][T21088] ? tomoyo_socket_connect_permission+0x164/0x290 [ 748.272246][T21088] ? __might_fault+0xaa/0x120 [ 748.277026][T21088] ? bpf_lsm_socket_connect+0x9/0x10 [ 748.282372][T21088] ? security_socket_connect+0x80/0xa0 [ 748.287884][T21088] ? rose_bind+0x7c0/0x7c0 [ 748.292427][T21088] __sys_connect+0x397/0x420 [ 748.297065][T21088] ? __sys_connect_file+0x180/0x180 [ 748.302319][T21088] __x64_sys_connect+0x7a/0x90 [ 748.307129][T21088] do_syscall_64+0x55/0xb0 [ 748.311606][T21088] ? clear_bhb_loop+0x40/0x90 [ 748.316331][T21088] ? clear_bhb_loop+0x40/0x90 [ 748.321022][T21088] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 748.326945][T21088] RIP: 0033:0x7f152698e929 [ 748.331372][T21088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 748.350995][T21088] RSP: 002b:00007f1527798038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 748.359427][T21088] RAX: ffffffffffffffda RBX: 00007f1526bb5fa0 RCX: 00007f152698e929 [ 748.367433][T21088] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000004 [ 748.375451][T21088] RBP: 00007f1526a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 748.383469][T21088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 748.391481][T21088] R13: 0000000000000000 R14: 00007f1526bb5fa0 R15: 00007ffc84b5e888 [ 748.399501][T21088] [ 748.402831][T21088] Kernel Offset: disabled [ 748.407176][T21088] Rebooting in 86400 seconds..