last executing test programs: 1m41.94565076s ago: executing program 0 (id=1216): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x14, 0x4, 0x8, 0x8}, 0x48) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000005c0)=ANY=[@ANYBLOB="300000002000010000000000000000000a0000000000000000000000140003007009003672656731000000000000000046d2192bf251e93e4b06685adf3987ae8dd9e58266b42170d14e37899cc39990fe9b9159babdd68a8d3753af7727f6c73a5c7c81632b0bf6d23257e5e002d17474067ca31506b0f54a143933266dd64af0"], 0x30}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000500)={r0, &(0x7f00000001c0), 0x0}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000280), 0x0, 0x1a, &(0x7f0000000300)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0xca, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="8b3300000000000000001500000008000300", @ANYRES32=0x0, @ANYBLOB="10001d800400020908000d8004000180"], 0x2c}}, 0x0) socket(0x1, 0x2, 0x0) r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000fddbdf25200000000c00060001000000010000001c002d800500010000000010080002007f360000050004"], 0x3c}}, 0x0) 1m41.375265993s ago: executing program 3 (id=1227): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000140), 0x208e24b) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(crct10dif-generic)\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x7ffff000) sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="240000001600010a0000000000000000f1000000040000000c0009"], 0x24}}, 0x0) 1m25.551638836s ago: executing program 0 (id=1216): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x14, 0x4, 0x8, 0x8}, 0x48) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000005c0)=ANY=[@ANYBLOB="300000002000010000000000000000000a0000000000000000000000140003007009003672656731000000000000000046d2192bf251e93e4b06685adf3987ae8dd9e58266b42170d14e37899cc39990fe9b9159babdd68a8d3753af7727f6c73a5c7c81632b0bf6d23257e5e002d17474067ca31506b0f54a143933266dd64af0"], 0x30}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000500)={r0, &(0x7f00000001c0), 0x0}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000280), 0x0, 0x1a, &(0x7f0000000300)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0xca, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="8b3300000000000000001500000008000300", @ANYRES32=0x0, @ANYBLOB="10001d800400020908000d8004000180"], 0x2c}}, 0x0) socket(0x1, 0x2, 0x0) r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000fddbdf25200000000c00060001000000010000001c002d800500010000000010080002007f360000050004"], 0x3c}}, 0x0) 1m24.916790196s ago: executing program 3 (id=1227): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000140), 0x208e24b) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(crct10dif-generic)\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x7ffff000) sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="240000001600010a0000000000000000f1000000040000000c0009"], 0x24}}, 0x0) 1m7.859782069s ago: executing program 0 (id=1216): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x14, 0x4, 0x8, 0x8}, 0x48) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000005c0)=ANY=[@ANYBLOB="300000002000010000000000000000000a0000000000000000000000140003007009003672656731000000000000000046d2192bf251e93e4b06685adf3987ae8dd9e58266b42170d14e37899cc39990fe9b9159babdd68a8d3753af7727f6c73a5c7c81632b0bf6d23257e5e002d17474067ca31506b0f54a143933266dd64af0"], 0x30}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000500)={r0, &(0x7f00000001c0), 0x0}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000280), 0x0, 0x1a, &(0x7f0000000300)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0xca, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="8b3300000000000000001500000008000300", @ANYRES32=0x0, @ANYBLOB="10001d800400020908000d8004000180"], 0x2c}}, 0x0) socket(0x1, 0x2, 0x0) r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000fddbdf25200000000c00060001000000010000001c002d800500010000000010080002007f360000050004"], 0x3c}}, 0x0) 1m6.352378967s ago: executing program 3 (id=1227): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000140), 0x208e24b) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(crct10dif-generic)\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x7ffff000) sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="240000001600010a0000000000000000f1000000040000000c0009"], 0x24}}, 0x0) 50.173574863s ago: executing program 0 (id=1216): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x14, 0x4, 0x8, 0x8}, 0x48) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000005c0)=ANY=[@ANYBLOB="300000002000010000000000000000000a0000000000000000000000140003007009003672656731000000000000000046d2192bf251e93e4b06685adf3987ae8dd9e58266b42170d14e37899cc39990fe9b9159babdd68a8d3753af7727f6c73a5c7c81632b0bf6d23257e5e002d17474067ca31506b0f54a143933266dd64af0"], 0x30}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000500)={r0, &(0x7f00000001c0), 0x0}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000280), 0x0, 0x1a, &(0x7f0000000300)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0xca, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="8b3300000000000000001500000008000300", @ANYRES32=0x0, @ANYBLOB="10001d800400020908000d8004000180"], 0x2c}}, 0x0) socket(0x1, 0x2, 0x0) r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000fddbdf25200000000c00060001000000010000001c002d800500010000000010080002007f360000050004"], 0x3c}}, 0x0) 49.509651043s ago: executing program 3 (id=1227): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000140), 0x208e24b) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(crct10dif-generic)\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x7ffff000) sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="240000001600010a0000000000000000f1000000040000000c0009"], 0x24}}, 0x0) 34.622891166s ago: executing program 0 (id=1216): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x14, 0x4, 0x8, 0x8}, 0x48) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000005c0)=ANY=[@ANYBLOB="300000002000010000000000000000000a0000000000000000000000140003007009003672656731000000000000000046d2192bf251e93e4b06685adf3987ae8dd9e58266b42170d14e37899cc39990fe9b9159babdd68a8d3753af7727f6c73a5c7c81632b0bf6d23257e5e002d17474067ca31506b0f54a143933266dd64af0"], 0x30}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000500)={r0, &(0x7f00000001c0), 0x0}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000280), 0x0, 0x1a, &(0x7f0000000300)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0xca, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="8b3300000000000000001500000008000300", @ANYRES32=0x0, @ANYBLOB="10001d800400020908000d8004000180"], 0x2c}}, 0x0) socket(0x1, 0x2, 0x0) r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000fddbdf25200000000c00060001000000010000001c002d800500010000000010080002007f360000050004"], 0x3c}}, 0x0) 33.393822515s ago: executing program 3 (id=1227): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000140), 0x208e24b) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(crct10dif-generic)\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x7ffff000) sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="240000001600010a0000000000000000f1000000040000000c0009"], 0x24}}, 0x0) 17.27578892s ago: executing program 0 (id=1216): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x14, 0x4, 0x8, 0x8}, 0x48) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000005c0)=ANY=[@ANYBLOB="300000002000010000000000000000000a0000000000000000000000140003007009003672656731000000000000000046d2192bf251e93e4b06685adf3987ae8dd9e58266b42170d14e37899cc39990fe9b9159babdd68a8d3753af7727f6c73a5c7c81632b0bf6d23257e5e002d17474067ca31506b0f54a143933266dd64af0"], 0x30}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000500)={r0, &(0x7f00000001c0), 0x0}, 0x20) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000280), 0x0, 0x1a, &(0x7f0000000300)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0xca, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="8b3300000000000000001500000008000300", @ANYRES32=0x0, @ANYBLOB="10001d800400020908000d8004000180"], 0x2c}}, 0x0) socket(0x1, 0x2, 0x0) r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000fddbdf25200000000c00060001000000010000001c002d800500010000000010080002007f360000050004"], 0x3c}}, 0x0) 15.423926252s ago: executing program 3 (id=1227): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000140), 0x208e24b) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(crct10dif-generic)\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x7ffff000) sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="240000001600010a0000000000000000f1000000040000000c0009"], 0x24}}, 0x0) 4.459887061s ago: executing program 4 (id=2171): socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) write(0xffffffffffffffff, &(0x7f0000000140), 0x0) socket(0x200000100000011, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@ipv6_getaddrlabel={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@IFAL_LABEL={0x8}]}, 0x24}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)=@newtaction={0x60, 0x30, 0x871a15abc695fa3d, 0x0, 0x100000, {}, [{0x4c, 0x1, [@m_ctinfo={0x48, 0x1, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}}, 0x0) socket$packet(0x11, 0x3, 0x300) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x34, r4, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}]}, 0x34}}, 0x0) 4.224969956s ago: executing program 4 (id=2175): socket$key(0xf, 0x3, 0x2) r0 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[], 0x10}}, 0x200000000000000) 4.085836066s ago: executing program 4 (id=2176): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f00000003c0)="131c8701feaa16bca4ac74ab821d", 0x0, 0x3f000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50) 3.138843469s ago: executing program 4 (id=2181): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r2, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000000)=0x6, 0x4) syz_emit_ethernet(0x3a, &(0x7f0000000e00)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data}}}}}, 0x0) 2.893750892s ago: executing program 1 (id=2183): r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet6(0xa, 0x80003, 0x6b) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.events\x00', 0x275a, 0x0) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000004a000003000000000000000001b5ce38c70a008000", @ANYRES32=0x0, @ANYBLOB="0000000014000100"/21], 0x30}, 0x1, 0x0, 0x0, 0x20044051}, 0x0) getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f00000000c0)=0x8) mmap(&(0x7f00008b7000/0x4000)=nil, 0x4000, 0x0, 0x13, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r2, &(0x7f0000000280)={0xa, 0x0, 0x37fffc, @empty}, 0x1c) setsockopt$IPT_SO_SET_REPLACE(r0, 0x8001000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x4d8, 0x340, 0x11, 0x148, 0x340, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x4003, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x0, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 2.711745796s ago: executing program 1 (id=2185): syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0xb, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010101, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0xb, 0x48, [@private, @rand_addr]}, @timestamp={0x44, 0x4, 0x5}, @cipso={0x86, 0x6}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000080), 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)) recvmsg(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000c40)="5c00000016006bab9a3fe3d86e17aa0a046b876c060048007ea60864160af36504811a0038001d001931a0e69ee517d34460be06000000a705251e6182949a9a7b9bcb84c9f4d4938037e70e4509c5bb4de385aa2adb88a899a655ab", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000300)={0xffffffffffffffff, 0x8, 0x8}, 0xc) ioctl$sock_inet_SIOCGIFBRDADDR(r2, 0x8919, &(0x7f0000000440)={'pim6reg\x00', {0x2, 0x0, @multicast2}}) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000400)={r4, &(0x7f0000000340)="d199384d6bf3229f3cd95e8995cec56f6418dead470bdc55b2bba1b8fbb8e32d742bc60e1c4e62661a8af191763cd07c8d9e2a70ef", &(0x7f0000000380)=""/114}, 0x20) recvmsg$kcm(r3, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r5, 0xc004743e, 0x20001400) recvmsg$kcm(r3, &(0x7f0000000c00)={0x0, 0x0, 0x0}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$TIPC_NL_PUBL_GET(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000980)={0x14, r7, 0xf01}, 0x14}}, 0x0) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_CONFIG(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xf4, r8, 0x10, 0x70bd28, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DAEMON={0x68, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0xd0}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'team0\x00'}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'batadv0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}]}, @IPVS_CMD_ATTR_DAEMON={0x70, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x3}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'vlan1\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x60}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bond_slave_0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7b}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x64010102}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_team\x00'}]}]}, 0xf4}, 0x1, 0x0, 0x0, 0x8000}, 0x41) 2.583438287s ago: executing program 4 (id=2186): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x5, &(0x7f0000002840)=ANY=[], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1d, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffe2e}, 0x90) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000300), r3) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000a80)={0x0, 0x5d, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r6, @ANYBLOB="010000000000fbdbdf25010000000800020000000000050005000000000008000300010000004800018005000200200000000600010002000000080006000a000000080003"], 0x84}}, 0x0) sendmsg$MPTCP_PM_CMD_GET_ADDR(r4, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100800}, 0xc, &(0x7f0000000280)={&(0x7f0000000140)={0x30, r6, 0x8, 0x70bd28, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0xc, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @rand_addr=0x64010101}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x8}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}]}, 0x30}, 0x1, 0x0, 0x0, 0xd1}, 0x200090c0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="8f0ccb7907081175f37538e486dd"], 0xfdef) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002300000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r8}, 0x10) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r9) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={&(0x7f00000001c0)="372c979854ca2c", 0x0, 0x0, 0x0, 0x0, r0}, 0x38) write$cgroup_subtree(r7, &(0x7f0000000180)=ANY=[], 0x240) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000580)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="cf0425bd7000000000001300000008000300", @ANYRES32=r10, @ANYBLOB="040013000a000600ffffffffffff000006001200000000000600b500c902000008001400", @ANYRES32, @ANYBLOB='\f\x00C'], 0x50}}, 0x0) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r11, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r11, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r11, 0x89f0, &(0x7f0000000080)={'ip6gre0\x00', &(0x7f0000000180)={'ip6tnl0\x00', 0x0, 0x29, 0x4b, 0x9, 0x1, 0x1, @remote, @mcast2, 0x20, 0x0, 0x7f, 0x8}}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0xfffffffb, 0xfffffff8, 0xfff, 0x22, r0, 0x7, '\x00', r12, r11, 0x2, 0x4, 0x5, 0x3}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) 2.550666873s ago: executing program 2 (id=2187): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffad, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd50, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 2.381611142s ago: executing program 2 (id=2188): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWCHAIN={0x30, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xffed}, [@NFTA_CHAIN_COUNTERS={0x10, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x7}]}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LOG_PREFIX={0xe, 0x2, 0x1, 0x0, 'syzkaller\x00'}, @NFTA_LOG_SNAPLEN={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @hash={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc0}}, 0x0) (async) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWCHAIN={0x30, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xffed}, [@NFTA_CHAIN_COUNTERS={0x10, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x7}]}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LOG_PREFIX={0xe, 0x2, 0x1, 0x0, 'syzkaller\x00'}, @NFTA_LOG_SNAPLEN={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @hash={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc0}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000000000000000008500000020000000850000000700000095"], &(0x7f0000000080)='GPL\x00'}, 0x90) (async) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000000000000000008500000020000000850000000700000095"], &(0x7f0000000080)='GPL\x00'}, 0x90) r2 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x4, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @dev}}}, &(0x7f0000000140)=0x100) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000480)=ANY=[@ANYRESDEC=r3, @ANYRESOCT, @ANYRES64=r0, @ANYRESHEX=r0, @ANYRES16=r3, @ANYRES32=r2, @ANYRES64, @ANYRES64=r1], 0xfffffecc) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x72}, 0x50) 2.380807739s ago: executing program 1 (id=2189): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$can_raw(0x1d, 0x3, 0x1) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000100)={0x0, &(0x7f0000000080)}) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), r0) socket$packet(0x11, 0x0, 0x300) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) close(0xffffffffffffffff) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0), 0xc0) setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, 0x0, 0x0) socket$igmp6(0xa, 0x3, 0x2) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) sendmsg$DEVLINK_CMD_TRAP_SET(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='Xl\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003e0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000069735f6d"], 0x58}}, 0x0) socket$alg(0x26, 0x5, 0x0) 2.200774686s ago: executing program 1 (id=2190): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_netrom_SIOCDELRT(r1, 0x891e, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='veno\x00', 0x5) socket(0x0, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, 0x0) bind$unix(0xffffffffffffffff, 0x0, 0x0) bpf$ITER_CREATE(0xb, 0x0, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(r2, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmmsg$inet(r0, &(0x7f00000011c0)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000002c0)='\x00', 0x1}, {0x0}], 0x2}}, {{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000003c0)="cbfc33990172f174c894f7255654871034f57c2631f657eb9af1f681e55f1113e6510c997211dc3d9ad68bf1c381d07f266d70be03c395f414d5e9d454729a5051b2a69a71252393ebd6bc6e87e5501a6c780a005fcd38a010b2e221020a5211c6145f3c56e58e39498d8c0f", 0x6c}, {&(0x7f0000000440)="a053f91ecaa51a4a7ebab4a5d952296586fdf018e89e52758f295a01dd91f02f326ab88740a2a322076d2f5ea7a6021c1b6183490e26e73c0059dedb916af4b3ba1aaf17cffd2d4db47416eca49fb5f08a28ce6e84ed5dda35e6272e4566ee637f0304e61393987f2371c0de72c94b4284c2a4e2b328c9a78fd7ad2db1abe0c552b9daebc11b78e3c2bccfb6ef8c951bcb64cf6836f17203a2730c326f916e9b059f5e2e7a261ccd4ea4830be11304cd786afc94c0ae180769f7c0c11fa032ce0e4232a0eecf519b11b52c57f02df6edd18cc67c68dec53d4246b8ec4e5dbcc063902aa4653fdd5b5fa307f3b6d6648a", 0xf0}, {&(0x7f0000000540)="54ece2df92919526da9a20c2c86664caa15652d5a984c35203152604cadd008b6bf9f1fa1a772dc15bd148f72372882c531fb10951a1ec664eaa0d558379f761128996522cdff58bcbe56df5033636cd4dc28dd708b98b2cf41382a3a6", 0x5d}], 0x3}}, {{&(0x7f0000000740)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000a40)=[{&(0x7f0000000800)="f97c2bee5ff74ddd3d7acce3c216b3c388aacde1affcfb523eae175202b390be35fe80a3c339a5e360d3fd566dad72865301ae521ece4c3de93e9fffd9a767f5872ee86892b7d2964f1a88452f8adb1d190299daf1d1b638dc152fb103ef7256754e042eb872b801448168a8e33daf690147d1d28fbd7c32ed40010cd1f86b847927848d8c8aed3db9c67ad22639f75fe60ff10673b58b9aedb31e8d549ee5f1840bbfe1ec52597d54184e975e473cf41394a41b1691101a3227a4aa6a555b52ee0a00e0fc23a0b57058e9899a9d430b570e9ea079edfec49b93859dba4deb6926", 0xe1}, {&(0x7f0000000780)="979b8c8b5430baedb783654a0000", 0xe}, {&(0x7f0000000940)="6d29fdf9957c14a0284f46910f3d2edc471e3bb00d681d5c8ecd48a327751694f3e1434b2a98d9b19d647c0a0adebd55c1fd27d56cab491c1243cc479a8a528250045e138df4396c1a19c4fbfc6d7b8dea1268dc59d4f46fd4039aba7acbcac59c323217ec763aa9754b96531a9ebcc58bd27ed4dd41f2f35969339128f28cec3c9e6d22da3f6d27ef3a23451eabfe1eb9dccbeb9e8fabbecaeefa7bae933a16dd0868f21f146c83b632afcd3bbf214e1ae88f02144e0823340f1768dfec8f9b73a1bfe8903c1c6528f6", 0xca}], 0x3}}, {{0x0, 0x0, &(0x7f0000000f80)=[{0x0}, {0x0}, {&(0x7f0000000c40)}, {0x0}, {&(0x7f0000000dc0)}], 0x5, &(0x7f0000001040)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x2}}, @ip_tos_int={{0x14}}], 0x30}}], 0x4, 0x1) 2.027943916s ago: executing program 1 (id=2191): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002240)=@delchain={0x234, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @filter_kind_options=@f_u32={{0x8}, {0x40, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'veth0_to_team\x00'}, @TCA_U32_HASH={0x8}, @TCA_U32_CLASSID={0x8}, @TCA_U32_MARK={0x10}, @TCA_U32_FLAGS={0x8}]}}, @TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @filter_kind_options=@f_route={{0xa}, {0x1a4, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_ACT={0x198, 0x6, [@m_nat={0x138, 0x0, 0x0, 0x0, {{0x8}, {0x54, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{}, @broadcast, @multicast1}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}}}]}, {0xbd, 0x6, "17a3a496e0b06ed4b17c112d919b00b3961dacbd47d9dd716cb9e3eeb2118c01ec30dc86f8f94756684ff97abdf1926ea4833cb4d1c8b7635bdd86527c962f82c3025f316c9ce93a199715e01810ec0ea06e0083474b51a6cbe521558d66a12f2df2e1e271a5ab64286792665b84686d0bf831b55815609942a2a30f4bbe362786d71f1ef838c58b298a7d5a1b7c94c9e9ed996546943ef4f9e906e927a8176b88cae9a3e49e2ac33f70bbceb7dc3036f0839e5ecb281ed2fc"}, {0xc}, {0xc}}}, @m_nat={0x2c, 0x0, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_csum={0x30, 0x0, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0x234}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x300}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 1.500172661s ago: executing program 2 (id=2192): r0 = socket$inet(0x2, 0x0, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(0xffffffffffffffff, 0xf504, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000006800010000000000000000000a0000000010"], 0x2c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000000140)={'filter\x00', 0x7, 0x4, 0x3c0, 0x0, 0x1f0, 0x0, 0x108, 0x2d8, 0x2d8, 0x4, 0x0, {[{{@uncond, 0xc0, 0x108}, @unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE2={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x410) r2 = socket$kcm(0x2, 0x0, 0x106) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b32, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x7, &(0x7f0000000340), 0x1) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r3, 0x0, 0x18, &(0x7f0000000000)=0xb, 0x4) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) sendmsg$inet(r2, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x30004001) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000003380)=ANY=[@ANYBLOB="180000000300000000000000a012544f95002b000000000093adffa82255f674412d020000000000005ab527ee3697f1ed4436dd1164b1b3f427f6ba6b34f98125f30e631d273683626e00dc254d570d4a6b78a5833488cfe410090000004aa900003d3cd62f00158e6eee8501000000520a0000151d010000000100bf000000003bbd424c6e6cafbe9309aba218812868a51d129e78f6ae170bf5a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b000024b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e460a000517ebc406e89dcbb7677e6528b0856e31eb9474c0106fc48e1f8c1a5f6945ac24cf609068f6ff21e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d933bedf59ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e148bf56497e5d56d06c7551b870b2851c3f0a1aab71587a21c8f1b3369ebfcb4cb2946601b0f04edb256c604f068773f6db9d661bd7f0e2536f000000000000000055211c6f864f983d745f5865aad41d29158ae7602a2d6cd415e8351ebc283df54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121a96eb372713255012e028cb2654d493a0b4b35faae176f99b745eda2967199cc93685bb537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d0007ae4e1e347c0cff28235a6bb7aa3804b907a8f2880c5cb1cb385e6add14652003c7cdd3324f07d134d3ed07f1c10900000009dd872ec64fa6c718bbd1aa591140cff0be4c6f8df084c5e9734ae30aa9afdc7125f01ab03a9b1074407136b4506000f0916aada035df2e0452a9b39e73aeeb6eaf14652dda689e2051d9b7eb85f3f2d5ae2c51944da8d7391d5b6b97419a3b76600cd1aa0afe5f8f46df4c5124ca425d374b419a6248029d33d61dd5c844024ba757371867a79b31c6617fc3327191fbf514573f1e30d1fd2d763f3ee9218b15c1d60be2168fffcd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc97def5f07f2980005a4f81a9cf8110971b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c4407eca22debc99335583b00013c3130978fa069af8223b38ced735c2d90c6d84c30a0d87d42647489b39601be5c27696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f2d987f05c534187a6240412c8f283cc0c1eba2866dc9580000000000000007fffffffff554b82d9c162f3556076b80552d961ca74f1ffdaccf0ea5f02e03a9ccb9087e6c3b3917bb74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb01efada800e50000000000fdaf2f7b3b79a433e08074ea2462974ab2cbd247eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433d866665b98ca2002c836e89feef904c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc8d0834fb8d124638fec58faeb4c16abb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a68d2bb2dd163e863314e8449801b52bb93f6c9084659ce777dda8563c859656a357770289a61faa95a82bf1cfb7f2f97252e9322abe282c3344fc6738b4467893b9bf0d1c8130ae6b00110635376413c29f7c6f7b7e29b9f4bddd5e328661f4615e627a6f608ad53a4168fe8e5d7d934aa289b4bd2b870000000000000000000000000000bc4b4ff50000009b777883a02ffd92dfc4cb4114b9f9cf4ad155110cd3ace2b322ae31bfa27847c799c8869a1ea5b98e525e6383ad7fd9795170e7b11e247603000000001459c7f606d721d3979676bffb3049166ab84ac1061991bd57c2566c10c296352a5105b6164e3f2491e4793e590dcc71f110da96366c40dd44a2c9882d3aa0f8a797b8fea6efcfb5276b7679f15559cdaabf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5e22adef9546abb7a2d9c085b189b5fd1f30e4e0c13f60870fde1f88d830b11002135e8e7262f29b6d7923bfbe0bd2a8be179e56b41ff3792cee2fc37eee739c3008ce740d8804f8e705f0dc59d000021363e8df94ff175b48dc8c12def681a11647946595445bf1cb7d2778cd27a6b3b2966b08be600000020a8a711d193bae0ab2db9ed9c6cb3c3de42ab89524414cae922141f7baf17ebb790ad60bd03870c39d1ad12c750837e63f9880fd70259e35590afb4843cd4e9989398eaa89cefb3aa13cab8d015cbaf1561d95362decd73b8f8cbf8269cac091cfaaa3c7e46d6e79145fc0f1d1b383752ccb40515a772356d746914540216adf4c0f44f1cff3760afa252720ec6dad3a98671ecdaff46cddffb1f05a0c0976070d603a442d014822369fa3eacbb69bd1b0a074357acd5d02161fed146ad3aa15d2b8101b7bd1e091ada78ecd50181f4b35cae1b29aff91494c916323b61f815c4e0701657087ad11eef97952921365bc898ba2c76a9b6e0052f43b1ad2dfdf3f958fc1d32e692bc8846c78a956ada453c67c1c2cdc4f8b1c94e9adc106e85b31e030d955c5578e107a6e8ca0d4dd05344c3e2af25d9a3b0f7805624016aeab271a75f0bacb101a103ef8948064569154a7de08f80e4df4c339b69431b0a5671097d89212b465b0b32275deae10a77e334c9fc074d181bdeb5be80a6249d472e78e6be57a5ccd354cf181e099605a644ecade221a2be926210b2690d09e4b7a3dea25403397439979c27d5613262de08bacecfff2d58437f422df4252c018795310c25e8fce18ed366ac2caade564ca869727a7d63c26271e17d7aba48971835530311545273d3caadeb5d2017dcddab8f38f2068f68a4111ddd587b5df4b5d8f1ce00231a2092eb2e797c491a1e66f73606fd95bbe0f10521862b6262f0259da51ff7517ace7361460a4669a97f7d0bf095c2787f00bdbfee19670d1e0ec5e6c3cb09972fa4d94993157b96d6695177c99d83716651129320924352cda7b8ead91c3301af620c1e8d703dd29ad77f54836779600bb0db3ecfbd36fa8164999898e4aaa56324e1c03a74daf593f92a8ecc03f8c8e3af9ae07dc03780cc0d69da9e3528c1693fb51998731992ceb27dcc0be5be4decefe41b78bc1847bf54b087e095172f06cfa6d4bf958b1d4544947ff1230655199db4f475006047fe83caca97758dffa53cee764f85932eb20d54241b2d515c0826dfe1f0f40ae920455a4548fb35e2a345c05b1c252b7877bb3d834b0b3579a36249146f832ef258df5127318c7017ac1a996c4f902f82deb60fd113ccf812d55ffd625057bd4ff3960992b85bc8d30edfca386be16b1c549aec52e31e1405f86c7760282901750b732ec06b0db735222a730000000000000000001ed58cd2c684667178576dbb57345b63c313e4a8fcfefe511e084c24b31a2e693946748bb73511695bc0eec1553b0f67d50678fb29ad13d2104fdd7a992574d475d3e51652fb3fda6a9fc0458f10b6d121bd48664858"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0xad, &(0x7f0000000040)=""/173, 0x0, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x90) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x4000000000002, 0x300) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) bind$tipc(0xffffffffffffffff, 0x0, 0x0) r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl(r6, 0x8b2c, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000040)) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 589.032057ms ago: executing program 2 (id=2193): close(0xffffffffffffffff) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000a1a6bc885c04eb5dd1a0670ab00000000"], &(0x7f00000001c0)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x0, 0x9d, 0x0, &(0x7f0000000300)=""/157, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='net_prio.prioidx\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) preadv(r1, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000001840), 0xffffffffffffffff) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0x7, 0x0, r4}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x4}, 0x38) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r2, &(0x7f00000019c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f0000001880)={0x4c, r3, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0xfffffe90}}]}, 0x4c}}, 0x0) sendmsg$DEVLINK_CMD_PORT_SET(r1, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)={0xa0, r3, 0x102, 0x70bd2c, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x6, 0x4, 0x3ff}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x6}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x6}}]}, 0xa0}, 0x1, 0x0, 0x0, 0x20088090}, 0x400c844) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfe1b) r6 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$BTRFS_IOC_SCRUB(r2, 0xc400941b, &(0x7f0000000680)={0x0, 0x5, 0x5, 0x1}) ioctl$BTRFS_IOC_SCRUB(r6, 0xc400941b, &(0x7f0000000a80)={r7, 0x3, 0x7}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r8 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r8, 0x10f, 0x87, &(0x7f0000000080)={0x41, 0x1000}, 0x10) r9 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r9, 0x10f, 0x87, &(0x7f0000000100)={0x2041}, 0x10) r10 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r10, 0x10f, 0x87, &(0x7f0000000080)={0x41}, 0x10) setsockopt$TIPC_GROUP_LEAVE(r8, 0x10f, 0x88) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000001700)=ANY=[@ANYBLOB="b7020000267d957bbfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff1d6405000000000065040400210000000404000001e37c60b7040000000000006a0a00fe000000008500000032000000b70000000000000095000000000000000ce0de7621e5e832249c04112cf7af2b75d0d1f034b1b3fb6bd3ce8fa62c7941272ff49142d860010ab162aa2264ab67e55a00000000000000edfe0969a9ddc125b686a1e83c8790c893d713b3295dad0ea697181d1e85b64126b5d72f204754d1d4a93f24215dee354e93cfc3f50ff23f8432c72012f021c84c59a9d4c142f439d3040cfee621589fb3a2f1407c7cbed48e7026f8d52d4bca2608c79aa4a73732028f88ce07ed1075da4a2ef44e3d8b88873f0b1de87dfb6d15936ec0a27cb554def9e27396df6b7851ffa26237ea6730880f06371beb3b290b7d8629a6f0373fefa0acb60888fc14ad2b83ca03ac2aee792482ce5f53cc7e04bc77b2fef26e00c5b2200a91cb80c6065a697d6fc8aa8b65aee0783b04cff0218ce82c9687b4474da89c474c23727555fc5e5f8ad0f2f7a261140440fce1f12cc6df312accd011d888384283092d987c40bbb46f68c2431b97906f00000000349834fa147bd5923bbd4e606708034931a8f1a89bdf77093a0000427aab8e21e1a33d3fe093547532fce6549dd648ad233e05a7b3ea178007c1c32e871ac81f287c4aabbd153390b16d1d41ee433e3a54ea9ee82cf14f3a4cc523ee000000000009e106d6b5289f0000000000000000000000f7bc9f46cb71f6b889d37807865e3b4e9916dd0f72c9d58ea333b90f8886dcbf5ddda0e42ca08e3303632401f2f5212b40c0e88c957fd767dbfc80b07ad668b4f6f92fb209d7c2dbac597843c8eb7bf92fe6d0bb0b72549795c2ed19e441eb69869844152ba9da0588e42cdbc5fcd245ce5e3ef0dca64931276702a312db7956f0a75eb9caa17d47a6331c7c963cbf86a845ce27c26b7136d3e7207318b1df7a6320c64f18ccd926eaeddcde8d5006d6c38db117fb1115221a66169172720ccca770bff37e59511b2606138377eda44b2f288b491ab8aae0e11a98303b0e407e0f9d21f4a3ebbd3fabf6da9a1a1f869a339fab465d8322b7280b0734fd115a19b33c8644fff71b3c62f2e1b827e2663e06a751182e968c8ab05fb1d0115d4b11d944f2c06acc023a02b7416a9a10218d21503cda13bb5df6c992e52e1c01793b728eac000058ab3b3900d279297dadc127e2f38fc60c23af2e1fefa5a83456647191ba1953d335f59aa261fe79613df6bf43884e9649691e32680d75a541c27ffe74f9d13340f2cf1c7dc2b7db01213216cd4ecfd30efe137641471987289b7e23482e026b26eacd1b97443e2ea2d1d6e31a01ee0ae7fa195a2152b2338b086423a3883f2ce3e2f84e04f4d52c985eac4b46336908599564b47db0e6aa97ee51a360f4382fd99745725d44c77d097f69d19fe86f71c38a0226d44ebe0ecbd959f14b540745cd03b8c9f02b825ba45ca85706c73115f70871db9d2a1bc2a517b39f9648123917a5db07ba4e27f961373767e1ea8f7cc558e483abef1a9923c5cfa2081e430680950b7d7c377726b557ad31fdee17ba7057741f39d29d8ab295222f96297a777bb235416e72c84afef2bdb08fb375147b028b89f15af45bc8976b91158c13c9876daa71e7db0f5a17376be39ea79ce1246c547c740e31c64e5d293e0e5a544dd166010061d6ccae46c173b8e11721e4bce22c96af00000021f80ac6c3971006db853e3c40a5417d6eac09eb0e01ac6bd4c6dacdcb1d6d2ef9c8bdea91c984022821e961236d08f8b9072ec6cb5d5a68833fd5b4e80a5ac2bc6ff323f5ce612b59ce8177956c1affcc8baf4c8b59ab959aff9a7bd81f7c7c1f1bb92ddbeed6bce8041c7f0c1c584e6ae027678ce3cfbfea938aecc3c5119c5875b7fb35dc20f5c7aaae1e276104f607a73fe501c1045873a2b1eb80e95c87f099d98028dc82bdc7ef08c871fb3061c3c5ebd613e6e5e8cf099bb6e8c0441a133c85138b36a02c47fbedf7ed1d3ce74c9ec2c676c0b2d4b5eca61dbf5769b483c2a9f6bec666dae4e81960e9bad7f17cfc3d5bcc7b7f437110ca8ffa908c12086b2227eb202a8d56e0925ba994b05c98c39de44d25932449ddf08e5377814a40877eab4440ca01b3f50d2014a61a7d32105254b424238122386424efa3a7041254f686a5faac120942287f75e8e3db569ce47b120059d774a37e11d013be50cd2cbb00f6d2a23af61ec7d30bb7dc33a92f900b6ff1d29dc61cc40b846040dbafd00c6bcfbcf7af8ea5b4bd9593f73c6c95dd6d59083763debf02ea36803976b6cc145338e1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x16, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r11, 0x702, 0xe, 0x0, &(0x7f0000000100)="e4604f89ecdb33440008d480eb00", 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 395.575761ms ago: executing program 2 (id=2194): r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f0000000100)=[{{}, {0x0, 0x0, 0x1, 0x1}}], 0x8) bind$can_raw(r0, &(0x7f0000000240), 0x10) bind$can_raw(r0, &(0x7f0000000040), 0x10) socket$alg(0x26, 0x5, 0x0) socket$nl_route(0x10, 0x3, 0x0) 65.730005ms ago: executing program 1 (id=2195): r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet6(0xa, 0x80003, 0x6b) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.events\x00', 0x275a, 0x0) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000004a000003000000000000000001b5ce38c70a008000", @ANYRES32=0x0, @ANYBLOB="0000000014000100"/23], 0x30}, 0x1, 0x0, 0x0, 0x20044051}, 0x0) getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f00000000c0)=0x8) mmap(&(0x7f00008b7000/0x4000)=nil, 0x4000, 0x0, 0x13, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x28011, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x6, 0x0) setsockopt$inet6_int(r2, 0x29, 0x1000000000021, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r2, &(0x7f0000000280)={0xa, 0x0, 0x37fffc, @empty}, 0x1c) setsockopt$IPT_SO_SET_REPLACE(r0, 0x8001000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x4d8, 0x340, 0x11, 0x148, 0x340, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x4003, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x0, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x538) 58.145444ms ago: executing program 4 (id=2196): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) bind$netlink(r2, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x80065c9}, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000000)=0x6, 0x4) syz_emit_ethernet(0x3a, &(0x7f0000000e00)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data}}}}}, 0x0) 0s ago: executing program 2 (id=2197): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000b00)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x20000000}, {0x85, 0x0, 0x0, 0x72}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) kernel console output (not intermixed with test programs): ] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1512'. [ 212.767347][ T9551] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 212.779206][ T9551] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 212.805738][ T9551] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 212.834023][ T9554] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 212.841042][ T9554] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 212.882213][ T9554] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 213.088284][ T9551] hsr_slave_0: entered promiscuous mode [ 213.095393][ T9673] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1521'. [ 213.107785][ T9673] netlink: 'syz.4.1521': attribute type 2 has an invalid length. [ 213.113722][ T9551] hsr_slave_1: entered promiscuous mode [ 213.125509][ T9673] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1521'. [ 213.135281][ T9551] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 213.149478][ T9551] Cannot create hsr debugfs directory [ 213.174589][ T9554] hsr_slave_0: entered promiscuous mode [ 213.175814][ T9673] netlink: 716 bytes leftover after parsing attributes in process `syz.4.1521'. [ 213.190375][ T9554] hsr_slave_1: entered promiscuous mode [ 213.201320][ T9554] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 213.210630][ T9554] Cannot create hsr debugfs directory [ 213.260416][ T9677] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1522'. [ 213.470109][ T2888] bridge_slave_1: left allmulticast mode [ 213.481833][ T2888] bridge_slave_1: left promiscuous mode [ 213.488660][ T2888] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.506819][ T2888] bridge_slave_0: left allmulticast mode [ 213.512677][ T2888] bridge_slave_0: left promiscuous mode [ 213.518490][ T2888] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.982299][ T2888] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 213.995689][ T2888] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 214.007354][ T2888] bond0 (unregistering): Released all slaves [ 214.232036][ T9704] netlink: 'syz.2.1533': attribute type 2 has an invalid length. [ 214.289038][ T5099] Bluetooth: hci1: command tx timeout [ 214.452113][ T5099] Bluetooth: hci3: command tx timeout [ 214.643733][ T9718] netlink: 'syz.4.1539': attribute type 178 has an invalid length. [ 214.654849][ T2888] hsr_slave_0: left promiscuous mode [ 214.661191][ T2888] hsr_slave_1: left promiscuous mode [ 214.669843][ T2888] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 214.677578][ T2888] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 214.687549][ T2888] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 214.697016][ T2888] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 214.734283][ T2888] veth1_macvtap: left promiscuous mode [ 214.740018][ T2888] veth0_macvtap: left promiscuous mode [ 214.746220][ T2888] veth1_vlan: left promiscuous mode [ 214.751696][ T2888] veth0_vlan: left promiscuous mode [ 215.259642][ T2888] team0 (unregistering): Port device team_slave_1 removed [ 215.306800][ T2888] team0 (unregistering): Port device team_slave_0 removed [ 215.777338][ T9724] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1541'. [ 216.167423][ T9744] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 216.180764][ T9745] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 216.208426][ T9748] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 216.335245][ T9753] IPVS: wrr: SCTP 127.0.0.1:0 - no destination available [ 216.348376][ T5150] IPVS: starting estimator thread 0... [ 216.362696][ T5099] Bluetooth: hci1: command tx timeout [ 216.374317][ T9756] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1553'. [ 216.389363][ T9753] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1552'. [ 216.462485][ T9757] IPVS: using max 17 ests per chain, 40800 per kthread [ 216.526360][ T5099] Bluetooth: hci3: command tx timeout [ 217.544407][ T9780] __nla_validate_parse: 2 callbacks suppressed [ 217.544430][ T9780] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1562'. [ 217.598944][ T9783] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 217.606335][ T9783] IPv6: NLM_F_CREATE should be set when creating new route [ 217.621553][ T9551] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 217.660150][ T9551] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 217.713678][ T9551] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 217.746102][ T9792] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1565'. [ 217.765553][ T9551] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 217.961749][ T9554] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 217.993285][ T9800] xt_TCPMSS: Only works on TCP SYN packets [ 217.996446][ T9554] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 218.039801][ T9554] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 218.061272][ T9554] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 218.080897][ T9805] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1570'. [ 218.209676][ T9810] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 218.324008][ T9551] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.424029][ T9551] 8021q: adding VLAN 0 to HW filter on device team0 [ 218.482223][ T5151] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.489475][ T5151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.529889][ T5151] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.537186][ T5151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 218.757066][ T9554] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.805816][ T9822] netlink: 'syz.2.1575': attribute type 10 has an invalid length. [ 218.876563][ T9554] 8021q: adding VLAN 0 to HW filter on device team0 [ 218.923500][ T5153] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.930679][ T5153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.961577][ T5153] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.968838][ T5153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.206724][ T9836] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1578'. [ 219.235631][ T9836] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1578'. [ 219.265774][ T9836] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1578'. [ 219.373557][ T9843] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1579'. [ 219.433322][ T9843] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1579'. [ 219.470101][ T9551] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 219.634587][ T9850] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1581'. [ 219.715423][ T9551] veth0_vlan: entered promiscuous mode [ 219.769657][ T9551] veth1_vlan: entered promiscuous mode [ 219.780478][ T9859] netlink: 'syz.2.1584': attribute type 1 has an invalid length. [ 219.790734][ T9859] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1584'. [ 219.839896][ T9859] netlink: 'syz.2.1584': attribute type 1 has an invalid length. [ 219.855340][ T9554] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 219.880754][ T9551] veth0_macvtap: entered promiscuous mode [ 219.904430][ T9551] veth1_macvtap: entered promiscuous mode [ 219.929410][ T9551] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 219.964744][ T9551] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 219.986238][ T9551] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 219.997388][ T9551] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.007352][ T9551] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 220.018771][ T9551] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.031211][ T9551] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.093418][ T9551] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.120038][ T9551] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.140616][ T9551] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 220.153814][ T9551] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 220.173781][ T9551] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 220.218289][ T9551] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.235598][ T9551] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.244673][ T9551] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.257226][ T9551] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.474662][ T9554] veth0_vlan: entered promiscuous mode [ 220.506576][ T9885] nbd: must specify a device to reconfigure [ 220.530151][ T9554] veth1_vlan: entered promiscuous mode [ 220.551672][ T71] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 220.572965][ T71] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 220.659975][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 220.677582][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 220.726278][ T9554] veth0_macvtap: entered promiscuous mode [ 220.778322][ T9554] veth1_macvtap: entered promiscuous mode [ 220.860793][ T9904] vlan1: entered promiscuous mode [ 221.005881][ T9554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.019319][ T9554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.029517][ T9554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.041228][ T9554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.051348][ T9554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.062444][ T9554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.072513][ T9554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 221.086762][ T9554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.098837][ T9554] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 221.119146][ T9554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.136701][ T9554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.148746][ T9554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.160042][ T9554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.171552][ T9554] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 221.182290][ T9554] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 221.195839][ T9554] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.212909][ T9554] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.235943][ T9554] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.262909][ T9554] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.276464][ T9554] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.518370][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 221.544398][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 221.622923][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 221.632742][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.308391][ T9951] xt_TCPMSS: Only works on TCP SYN packets [ 222.478036][ T9954] FAULT_INJECTION: forcing a failure. [ 222.478036][ T9954] name failslab, interval 1, probability 0, space 0, times 0 [ 222.494788][ T9954] CPU: 1 PID: 9954 Comm: syz.2.1608 Not tainted 6.10.0-rc7-syzkaller-00276-g0a1868b93fad #0 [ 222.504899][ T9954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 222.514990][ T9954] Call Trace: [ 222.518321][ T9954] [ 222.521269][ T9954] dump_stack_lvl+0x241/0x360 [ 222.526089][ T9954] ? __pfx_dump_stack_lvl+0x10/0x10 [ 222.531344][ T9954] ? __pfx__printk+0x10/0x10 [ 222.536154][ T9954] ? __pfx___might_resched+0x10/0x10 [ 222.541473][ T9954] should_fail_ex+0x3b0/0x4e0 [ 222.546176][ T9954] ? __kernfs_new_node+0xd8/0x870 [ 222.551213][ T9954] should_failslab+0x9/0x20 [ 222.555734][ T9954] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 222.561133][ T9954] __kernfs_new_node+0xd8/0x870 [ 222.566127][ T9954] ? __pfx___kernfs_new_node+0x10/0x10 [ 222.571600][ T9954] ? __pfx_lock_acquire+0x10/0x10 [ 222.576672][ T9954] ? __pfx___might_resched+0x10/0x10 [ 222.581972][ T9954] ? kernfs_create_dir_ns+0x10d/0x120 [ 222.587359][ T9954] ? sysfs_create_dir_ns+0x189/0x3a0 [ 222.592685][ T9954] ? sysfs_create_dir_ns+0x1cf/0x3a0 [ 222.597993][ T9954] kernfs_new_node+0x137/0x240 [ 222.602820][ T9954] __kernfs_create_file+0x49/0x2e0 [ 222.607956][ T9954] sysfs_add_file_mode_ns+0x24a/0x310 [ 222.613362][ T9954] sysfs_create_file_ns+0x197/0x2a0 [ 222.618575][ T9954] ? __pfx___up_read+0x10/0x10 [ 222.623358][ T9954] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 222.629093][ T9954] ? __dev_fwnode+0x50/0x80 [ 222.633638][ T9954] ? device_create_file+0xf2/0x1c0 [ 222.638793][ T9954] device_add+0x522/0xbf0 [ 222.643161][ T9954] tty_register_device_attr+0x437/0x960 [ 222.648756][ T9954] ? __pfx_tty_register_device_attr+0x10/0x10 [ 222.654859][ T9954] ? tty_port_register_device+0x5b/0x100 [ 222.660511][ T9954] rfcomm_dev_ioctl+0x19fe/0x21b0 [ 222.665573][ T9954] ? __pfx_rfcomm_dev_ioctl+0x10/0x10 [ 222.670961][ T9954] ? __local_bh_enable_ip+0x168/0x200 [ 222.676434][ T9954] ? lockdep_hardirqs_on+0x99/0x150 [ 222.681652][ T9954] ? __local_bh_enable_ip+0x168/0x200 [ 222.687039][ T9954] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 222.692769][ T9954] ? do_raw_spin_unlock+0x13c/0x8b0 [ 222.697993][ T9954] rfcomm_sock_ioctl+0x86/0xd0 [ 222.702811][ T9954] sock_do_ioctl+0x158/0x460 [ 222.707526][ T9954] ? __pfx_sock_do_ioctl+0x10/0x10 [ 222.712697][ T9954] sock_ioctl+0x629/0x8e0 [ 222.717062][ T9954] ? __pfx_sock_ioctl+0x10/0x10 [ 222.721941][ T9954] ? __fget_files+0x29/0x470 [ 222.726568][ T9954] ? __fget_files+0x3f6/0x470 [ 222.731257][ T9954] ? __fget_files+0x29/0x470 [ 222.735877][ T9954] ? bpf_lsm_file_ioctl+0x9/0x10 [ 222.740823][ T9954] ? security_file_ioctl+0x87/0xb0 [ 222.745948][ T9954] ? __pfx_sock_ioctl+0x10/0x10 [ 222.750826][ T9954] __se_sys_ioctl+0xfc/0x170 [ 222.755452][ T9954] do_syscall_64+0xf3/0x230 [ 222.759972][ T9954] ? clear_bhb_loop+0x35/0x90 [ 222.764688][ T9954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 222.770609][ T9954] RIP: 0033:0x7ff9dff75bd9 [ 222.775035][ T9954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 222.794682][ T9954] RSP: 002b:00007ff9e0d06048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 222.803123][ T9954] RAX: ffffffffffffffda RBX: 00007ff9e0103f60 RCX: 00007ff9dff75bd9 [ 222.811120][ T9954] RDX: 0000000020000100 RSI: 00000000400452c8 RDI: 0000000000000009 [ 222.819120][ T9954] RBP: 00007ff9e0d060a0 R08: 0000000000000000 R09: 0000000000000000 [ 222.827116][ T9954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 222.835096][ T9954] R13: 000000000000004d R14: 00007ff9e0103f60 R15: 00007ffc2a0daed8 [ 222.843098][ T9954] [ 223.297008][ T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.109333][ T5112] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 224.124770][ T5112] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 224.133104][ T5112] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 224.143656][ T5112] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 224.151556][ T5112] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 224.159228][ T5112] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 224.499164][ T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.680887][T10008] __nla_validate_parse: 7 callbacks suppressed [ 224.680910][T10008] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1623'. [ 224.704144][ T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.733461][ T5099] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 224.746349][ T5099] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 224.748408][ T9983] chnl_net:caif_netlink_parms(): no params data found [ 224.761277][ T5099] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 224.770290][ T5099] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 224.800463][ T5099] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 224.812296][ T5099] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 224.864051][ T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.029515][T10019] FAULT_INJECTION: forcing a failure. [ 225.029515][T10019] name failslab, interval 1, probability 0, space 0, times 0 [ 225.042698][T10019] CPU: 1 PID: 10019 Comm: syz.4.1627 Not tainted 6.10.0-rc7-syzkaller-00276-g0a1868b93fad #0 [ 225.052912][T10019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 225.063016][T10019] Call Trace: [ 225.066331][T10019] [ 225.069291][T10019] dump_stack_lvl+0x241/0x360 [ 225.074021][T10019] ? __pfx_dump_stack_lvl+0x10/0x10 [ 225.079269][T10019] ? __pfx__printk+0x10/0x10 [ 225.083914][T10019] should_fail_ex+0x3b0/0x4e0 [ 225.088616][T10019] ? __alloc_skb+0x1c3/0x440 [ 225.093231][T10019] should_failslab+0x9/0x20 [ 225.097789][T10019] kmem_cache_alloc_node_noprof+0x71/0x320 [ 225.103626][T10019] __alloc_skb+0x1c3/0x440 [ 225.108077][T10019] ? __pfx___might_resched+0x10/0x10 [ 225.113379][T10019] ? __pfx___alloc_skb+0x10/0x10 [ 225.118420][T10019] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 225.124496][T10019] ? security_socket_getpeersec_dgram+0x88/0xb0 [ 225.130762][T10019] netlink_sendmsg+0x631/0xcb0 [ 225.135600][T10019] ? __pfx_netlink_sendmsg+0x10/0x10 [ 225.140917][T10019] ? __import_iovec+0x536/0x820 [ 225.145782][T10019] ? aa_sock_msg_perm+0x91/0x160 [ 225.150739][T10019] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 225.156037][T10019] ? security_socket_sendmsg+0x87/0xb0 [ 225.161601][T10019] ? __pfx_netlink_sendmsg+0x10/0x10 [ 225.166907][T10019] __sock_sendmsg+0x221/0x270 [ 225.171614][T10019] ____sys_sendmsg+0x525/0x7d0 [ 225.176838][T10019] ? __pfx_____sys_sendmsg+0x10/0x10 [ 225.182156][T10019] __sys_sendmsg+0x2b0/0x3a0 [ 225.186767][T10019] ? __pfx___sys_sendmsg+0x10/0x10 [ 225.191977][T10019] ? vfs_write+0x7c4/0xc90 [ 225.196447][T10019] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 225.202785][T10019] ? do_syscall_64+0x100/0x230 [ 225.207572][T10019] ? do_syscall_64+0xb6/0x230 [ 225.212376][T10019] do_syscall_64+0xf3/0x230 [ 225.216992][T10019] ? clear_bhb_loop+0x35/0x90 [ 225.221683][T10019] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.227679][T10019] RIP: 0033:0x7f9f04575bd9 [ 225.232119][T10019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.252008][T10019] RSP: 002b:00007f9f053b4048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 225.260435][T10019] RAX: ffffffffffffffda RBX: 00007f9f04703f60 RCX: 00007f9f04575bd9 [ 225.268424][T10019] RDX: 0000000004000000 RSI: 0000000020000580 RDI: 0000000000000004 [ 225.276577][T10019] RBP: 00007f9f053b40a0 R08: 0000000000000000 R09: 0000000000000000 [ 225.284557][T10019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 225.292538][T10019] R13: 000000000000000b R14: 00007f9f04703f60 R15: 00007ffd99c63778 [ 225.300533][T10019] [ 225.509971][ T35] bridge_slave_1: left allmulticast mode [ 225.516244][ T35] bridge_slave_1: left promiscuous mode [ 225.547667][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.578651][ T35] bridge_slave_0: left allmulticast mode [ 225.593066][ T35] bridge_slave_0: left promiscuous mode [ 225.598926][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.970372][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 225.983972][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 225.999021][ T35] bond0 (unregistering): Released all slaves [ 226.063643][ T9983] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.071117][ T9983] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.088865][ T9983] bridge_slave_0: entered allmulticast mode [ 226.097959][ T9983] bridge_slave_0: entered promiscuous mode [ 226.131059][ T9983] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.149835][ T9983] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.164556][ T9983] bridge_slave_1: entered allmulticast mode [ 226.182717][ T9983] bridge_slave_1: entered promiscuous mode [ 226.205382][ T5112] Bluetooth: hci1: command tx timeout [ 226.329748][T10041] xt_TCPMSS: Only works on TCP SYN packets [ 226.813435][T10048] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1634'. [ 226.852021][ T5112] Bluetooth: hci3: command tx timeout [ 227.398534][ T9983] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 227.438630][T10048] ÊügáG: entered promiscuous mode [ 227.495207][ T9983] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 227.647076][T10057] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1637'. [ 227.775099][ T35] hsr_slave_0: left promiscuous mode [ 227.796795][ T35] hsr_slave_1: left promiscuous mode [ 227.809747][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 227.817559][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 227.825976][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 227.834421][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 227.858879][ T35] veth1_macvtap: left promiscuous mode [ 227.864676][ T35] veth0_macvtap: left promiscuous mode [ 227.870390][ T35] veth1_vlan: left promiscuous mode [ 227.875958][ T35] veth0_vlan: left promiscuous mode [ 228.282181][ T5099] Bluetooth: hci1: command tx timeout [ 228.543710][ T35] team0 (unregistering): Port device team_slave_1 removed [ 228.586535][ T35] team0 (unregistering): Port device team_slave_0 removed [ 228.922020][ T5099] Bluetooth: hci3: command tx timeout [ 229.019583][ T9983] team0: Port device team_slave_0 added [ 229.050779][T10069] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1640'. [ 229.077681][T10070] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 229.085027][T10070] IPv6: NLM_F_CREATE should be set when creating new route [ 229.098080][T10075] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1640'. [ 229.214344][ T9983] team0: Port device team_slave_1 added [ 229.354983][ T9983] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 229.365449][ T9983] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 229.432368][ T9983] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 229.464507][ T9983] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 229.471908][ T9983] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 229.500452][ T9983] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 229.520960][T10009] chnl_net:caif_netlink_parms(): no params data found [ 229.612546][T10098] x_tables: duplicate underflow at hook 2 [ 230.362207][ T5099] Bluetooth: hci1: command tx timeout [ 230.466748][ T9983] hsr_slave_0: entered promiscuous mode [ 230.604427][ T9983] hsr_slave_1: entered promiscuous mode [ 230.621868][ T9983] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 230.629496][ T9983] Cannot create hsr debugfs directory [ 230.661659][T10110] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1649'. [ 230.726129][T10116] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1650'. [ 230.879507][T10123] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 230.911283][T10123] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1653'. [ 230.920757][T10123] netlink: 'syz.2.1653': attribute type 1 has an invalid length. [ 230.930120][T10123] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1653'. [ 230.973943][T10009] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.981098][T10009] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.991587][T10009] bridge_slave_0: entered allmulticast mode [ 231.002062][ T5099] Bluetooth: hci3: command 0x040f tx timeout [ 231.008947][T10009] bridge_slave_0: entered promiscuous mode [ 231.019170][T10123] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1653'. [ 231.037736][T10123] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1653'. [ 231.078437][T10009] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.085977][T10009] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.093631][T10009] bridge_slave_1: entered allmulticast mode [ 231.101348][T10009] bridge_slave_1: entered promiscuous mode [ 231.370675][ T35] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.375397][T10136] can: request_module (can-proto-0) failed. [ 231.413077][T10009] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 231.465253][T10009] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 231.571550][ T35] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.677028][T10009] team0: Port device team_slave_0 added [ 231.742434][ T35] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.776311][T10009] team0: Port device team_slave_1 added [ 231.918574][ T35] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.957820][T10009] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 231.969926][T10009] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 232.022267][T10009] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 232.097424][T10009] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 232.112569][T10009] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 232.165376][T10009] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 232.378113][T10009] hsr_slave_0: entered promiscuous mode [ 232.408349][T10009] hsr_slave_1: entered promiscuous mode [ 232.442934][ T5112] Bluetooth: hci1: command tx timeout [ 232.443681][T10009] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 232.477154][T10009] Cannot create hsr debugfs directory [ 232.600760][ T35] bridge_slave_1: left allmulticast mode [ 232.612032][ T35] bridge_slave_1: left promiscuous mode [ 232.617890][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.647688][ T35] bridge_slave_0: left allmulticast mode [ 232.660938][ T35] bridge_slave_0: left promiscuous mode [ 232.678117][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.086924][ T5112] Bluetooth: hci3: command 0x040f tx timeout [ 233.285243][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 233.304700][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 233.354707][ T35] bond0 (unregistering): Released all slaves [ 233.456185][T10174] netlink: 'syz.4.1664': attribute type 10 has an invalid length. [ 233.575033][T10174] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 234.046723][ T9983] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 234.090048][ T9983] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 234.140242][ T9983] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 234.211711][ T35] hsr_slave_0: left promiscuous mode [ 234.252607][ T35] hsr_slave_1: left promiscuous mode [ 234.267497][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 234.278641][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 234.294897][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 234.308268][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 234.356183][ T35] veth1_macvtap: left promiscuous mode [ 234.380680][ T35] veth0_macvtap: left promiscuous mode [ 234.393198][ T35] veth1_vlan: left promiscuous mode [ 234.401717][ T35] veth0_vlan: left promiscuous mode [ 234.821091][T10202] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1675'. [ 234.866319][T10202] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 235.162864][ T5112] Bluetooth: hci3: command 0x040f tx timeout [ 235.200824][ T35] team0 (unregistering): Port device team_slave_1 removed [ 235.242572][ T35] team0 (unregistering): Port device team_slave_0 removed [ 235.637542][ T9983] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 235.664213][T10199] netlink: 'syz.1.1676': attribute type 3 has an invalid length. [ 235.689434][T10199] netlink: 666 bytes leftover after parsing attributes in process `syz.1.1676'. [ 236.150502][ T9983] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.226230][ T9983] 8021q: adding VLAN 0 to HW filter on device team0 [ 236.266292][ T5108] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.273564][ T5108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 236.309287][T10221] netlink: 'syz.2.1681': attribute type 10 has an invalid length. [ 236.364765][ T5160] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.371989][ T5160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.574640][T10230] IPv6: Can't replace route, no match found [ 236.598295][T10237] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1687'. [ 236.617413][T10009] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 236.655955][T10009] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 236.713729][T10009] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 236.756982][T10247] netlink: 'syz.1.1688': attribute type 10 has an invalid length. [ 236.809100][T10009] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 236.887076][T10250] syzkaller1: entered promiscuous mode [ 236.902791][T10250] syzkaller1: entered allmulticast mode [ 237.202221][T10252] netlink: 'syz.2.1691': attribute type 10 has an invalid length. [ 237.244540][T10252] netlink: 'syz.2.1691': attribute type 10 has an invalid length. [ 237.300248][T10009] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.392292][T10009] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.399318][T10267] can: request_module (can-proto-0) failed. [ 237.467598][ T5108] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.474840][ T5108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.556213][ T9983] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 237.590682][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.597950][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.643705][T10284] netlink: 'syz.1.1699': attribute type 11 has an invalid length. [ 237.651616][T10284] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1699'. [ 237.787727][T10284] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1699'. [ 237.862554][ T9983] veth0_vlan: entered promiscuous mode [ 237.912411][ T9983] veth1_vlan: entered promiscuous mode [ 238.018029][ T9983] veth0_macvtap: entered promiscuous mode [ 238.071240][ T9983] veth1_macvtap: entered promiscuous mode [ 238.110184][T10302] syzkaller1: entered promiscuous mode [ 238.132061][T10302] syzkaller1: entered allmulticast mode [ 238.137830][T10306] netlink: 'syz.2.1706': attribute type 178 has an invalid length. [ 238.208553][ T9983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 238.219840][ T9983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.234010][ T9983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 238.245221][ T9983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.258486][ T9983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 238.270734][ T9983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.297952][ T9983] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 238.370174][T10009] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 238.395079][ T9983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 238.417709][ T9983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.429536][ T9983] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 238.440589][ T9983] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.483859][ T9983] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 238.556889][ T9983] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.577828][ T9983] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.601937][ T9983] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.622474][ T9983] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.751057][T10009] veth0_vlan: entered promiscuous mode [ 238.841485][T10009] veth1_vlan: entered promiscuous mode [ 238.944725][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 238.962732][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 239.070532][T10009] veth0_macvtap: entered promiscuous mode [ 239.096300][ T71] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 239.114238][T10009] veth1_macvtap: entered promiscuous mode [ 239.125954][ T71] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 239.205519][T10009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.236934][T10009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.263649][T10009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.282118][T10009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.317839][T10009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.342180][T10009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.373796][T10009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.399467][T10009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.426698][T10009] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 239.427523][T10342] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 239.474436][T10009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.499211][T10009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.509585][T10009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.532774][T10009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.553852][T10009] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.575627][T10009] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.597491][T10009] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 239.645900][T10009] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.655270][T10009] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.666506][T10009] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.677056][T10009] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.846745][T10355] netlink: 'syz.4.1723': attribute type 1 has an invalid length. [ 239.875907][T10358] FAULT_INJECTION: forcing a failure. [ 239.875907][T10358] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 239.907525][T10359] netlink: 'syz.1.1724': attribute type 62 has an invalid length. [ 239.917753][T10358] CPU: 1 PID: 10358 Comm: syz.2.1725 Not tainted 6.10.0-rc7-syzkaller-00276-g0a1868b93fad #0 [ 239.927975][T10358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 239.938072][T10358] Call Trace: [ 239.941484][T10358] [ 239.944628][T10358] dump_stack_lvl+0x241/0x360 [ 239.949418][T10358] ? __pfx_dump_stack_lvl+0x10/0x10 [ 239.954676][T10358] ? __pfx__printk+0x10/0x10 [ 239.959318][T10358] ? __pfx_lock_release+0x10/0x10 [ 239.964400][T10358] ? __local_bh_enable_ip+0x168/0x200 [ 239.969791][T10358] ? __se_sys_ioctl+0x47/0x170 [ 239.974593][T10358] should_fail_ex+0x3b0/0x4e0 [ 239.979308][T10358] _copy_from_user+0x2f/0xe0 [ 239.983924][T10358] ax25_ioctl+0xb46/0x1d50 [ 239.988377][T10358] ? __pfx_ax25_ioctl+0x10/0x10 [ 239.993253][T10358] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 239.999598][T10358] ? tomoyo_path_number_perm+0x208/0x880 [ 240.005253][T10358] ? __pfx_lock_release+0x10/0x10 [ 240.010385][T10358] ? kfree+0x149/0x360 [ 240.014479][T10358] ? tomoyo_path_number_perm+0x71a/0x880 [ 240.020172][T10358] sock_do_ioctl+0x158/0x460 [ 240.024827][T10358] ? __pfx_sock_do_ioctl+0x10/0x10 [ 240.029984][T10358] sock_ioctl+0x629/0x8e0 [ 240.034341][T10358] ? __pfx_sock_ioctl+0x10/0x10 [ 240.039219][T10358] ? __fget_files+0x29/0x470 [ 240.043831][T10358] ? __fget_files+0x3f6/0x470 [ 240.048522][T10358] ? __fget_files+0x29/0x470 [ 240.053139][T10358] ? bpf_lsm_file_ioctl+0x9/0x10 [ 240.058089][T10358] ? security_file_ioctl+0x87/0xb0 [ 240.063216][T10358] ? __pfx_sock_ioctl+0x10/0x10 [ 240.068090][T10358] __se_sys_ioctl+0xfc/0x170 [ 240.072694][T10358] do_syscall_64+0xf3/0x230 [ 240.077208][T10358] ? clear_bhb_loop+0x35/0x90 [ 240.081905][T10358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.087834][T10358] RIP: 0033:0x7ff9dff75bd9 [ 240.092264][T10358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 240.111984][T10358] RSP: 002b:00007ff9e0d06048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 240.120415][T10358] RAX: ffffffffffffffda RBX: 00007ff9e0103f60 RCX: 00007ff9dff75bd9 [ 240.128401][T10358] RDX: 0000000020000240 RSI: 00000000000089e1 RDI: 0000000000000005 [ 240.136384][T10358] RBP: 00007ff9e0d060a0 R08: 0000000000000000 R09: 0000000000000000 [ 240.144382][T10358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 240.152449][T10358] R13: 000000000000004d R14: 00007ff9e0103f60 R15: 00007ffc2a0daed8 [ 240.160449][T10358] [ 240.234269][T10352] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 240.244668][T10352] bond1: (slave batadv1): Enslaving as a backup interface with an up link [ 240.303675][T10364] bond1 (unregistering): (slave batadv1): Releasing backup interface [ 240.344072][T10364] bond1 (unregistering): Released all slaves [ 240.427377][ T722] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.449480][ T722] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.474878][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.484184][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.682187][ T5112] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 240.682194][ T5099] Bluetooth: hci0: command 0x0c1a tx timeout [ 241.055110][ T51] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.735442][ T51] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 241.801337][ T51] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.019083][ T51] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.032544][T10393] netlink: 'syz.2.1735': attribute type 1 has an invalid length. [ 242.044654][T10393] netlink: 240 bytes leftover after parsing attributes in process `syz.2.1735'. [ 242.321377][ T5099] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 242.331395][ T5099] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 242.352961][ T5099] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 242.360582][ T51] bridge_slave_1: left allmulticast mode [ 242.372428][ T5099] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 242.376612][ T51] bridge_slave_1: left promiscuous mode [ 242.391251][ T5099] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 242.391997][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.432237][ T5099] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 242.506663][ T51] bridge_slave_0: left allmulticast mode [ 242.540464][ T51] bridge_slave_0: left promiscuous mode [ 242.564801][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 243.019314][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 243.038077][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 243.052615][ T51] bond0 (unregistering): Released all slaves [ 243.661025][T10437] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1748'. [ 243.742821][T10436] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1750'. [ 243.784038][ T5099] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 243.792699][T10436] team0: entered promiscuous mode [ 243.797774][T10436] team_slave_0: entered promiscuous mode [ 243.805758][ T5099] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 243.814219][ T5099] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 243.820590][T10436] team_slave_1: entered promiscuous mode [ 243.829297][ T5099] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 243.837557][ T5099] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 243.843974][T10436] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 243.852912][ T5099] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 244.041082][ T51] hsr_slave_0: left promiscuous mode [ 244.061274][ T51] hsr_slave_1: left promiscuous mode [ 244.108238][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 244.130616][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 244.161397][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 244.180517][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 244.259258][ T51] veth1_macvtap: left promiscuous mode [ 244.275264][ T51] veth0_macvtap: left promiscuous mode [ 244.292208][ T51] veth1_vlan: left promiscuous mode [ 244.311232][ T51] veth0_vlan: left promiscuous mode [ 244.522401][ T5112] Bluetooth: hci1: command tx timeout [ 245.348606][ T51] team0 (unregistering): Port device team_slave_1 removed [ 245.392184][ T51] team0 (unregistering): Port device team_slave_0 removed [ 245.844488][T10402] chnl_net:caif_netlink_parms(): no params data found [ 245.869249][T10474] batman_adv: batadv0: Adding interface: macvlan2 [ 245.896637][T10474] batman_adv: batadv0: The MTU of interface macvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 245.908705][ T5112] Bluetooth: hci3: command tx timeout [ 245.980599][T10474] batman_adv: batadv0: Not using interface macvlan2 (retrying later): interface not active [ 246.602335][ T5112] Bluetooth: hci1: command tx timeout [ 246.612623][T10402] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.663655][T10402] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.681993][T10402] bridge_slave_0: entered allmulticast mode [ 246.689606][T10402] bridge_slave_0: entered promiscuous mode [ 246.811139][T10402] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.870529][T10402] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.884495][T10402] bridge_slave_1: entered allmulticast mode [ 246.899707][T10402] bridge_slave_1: entered promiscuous mode [ 247.032184][T10502] syzkaller1: entered promiscuous mode [ 247.037857][T10502] syzkaller1: entered allmulticast mode [ 247.066792][T10402] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 247.134834][T10402] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 247.203230][T10441] chnl_net:caif_netlink_parms(): no params data found [ 247.296757][T10402] team0: Port device team_slave_0 added [ 247.486199][ T51] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.516407][T10402] team0: Port device team_slave_1 added [ 247.532394][T10526] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1772'. [ 247.615726][ T51] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.718000][T10534] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1772'. [ 247.813769][T10402] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 247.822410][T10402] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 247.858404][T10402] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 247.927587][ T51] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.942392][T10441] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.949752][T10441] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.960501][T10441] bridge_slave_0: entered allmulticast mode [ 247.962344][ T5112] Bluetooth: hci3: command tx timeout [ 247.969418][T10441] bridge_slave_0: entered promiscuous mode [ 247.982968][T10402] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 247.991269][T10402] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 248.034800][T10402] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 248.080114][T10441] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.089879][T10441] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.109433][T10441] bridge_slave_1: entered allmulticast mode [ 248.133072][T10441] bridge_slave_1: entered promiscuous mode [ 248.174794][ T51] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 248.307135][T10441] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 248.353297][T10441] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 248.389673][T10402] hsr_slave_0: entered promiscuous mode [ 248.406542][T10402] hsr_slave_1: entered promiscuous mode [ 248.423078][T10402] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 248.430726][T10402] Cannot create hsr debugfs directory [ 248.470602][T10441] team0: Port device team_slave_0 added [ 248.496597][T10566] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1784'. [ 248.507904][T10566] openvswitch: netlink: Key type 29 is not supported [ 248.524984][T10441] team0: Port device team_slave_1 added [ 248.633465][T10441] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 248.641562][T10441] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 248.668061][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88806405cc00: rx timeout, send abort [ 248.670179][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88802c5e9c00: rx timeout, send abort [ 248.688323][ T5112] Bluetooth: hci1: command tx timeout [ 248.689298][T10441] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 248.707367][T10441] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 248.717386][T10441] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 248.743986][T10441] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 248.844340][ T51] bridge_slave_1: left allmulticast mode [ 248.850062][ T51] bridge_slave_1: left promiscuous mode [ 248.858562][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.885050][ T51] bridge_slave_0: left allmulticast mode [ 248.899569][ T51] bridge_slave_0: left promiscuous mode [ 248.908060][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.940729][T10577] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 249.054756][T10580] FAULT_INJECTION: forcing a failure. [ 249.054756][T10580] name failslab, interval 1, probability 0, space 0, times 0 [ 249.068034][T10580] CPU: 0 PID: 10580 Comm: syz.4.1789 Not tainted 6.10.0-rc7-syzkaller-00276-g0a1868b93fad #0 [ 249.078857][T10580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 249.089052][T10580] Call Trace: [ 249.092365][T10580] [ 249.095324][T10580] dump_stack_lvl+0x241/0x360 [ 249.100025][T10580] ? __pfx_dump_stack_lvl+0x10/0x10 [ 249.105335][T10580] ? __pfx__printk+0x10/0x10 [ 249.109977][T10580] ? netlink_insert+0x10b7/0x14b0 [ 249.115044][T10580] should_fail_ex+0x3b0/0x4e0 [ 249.119744][T10580] ? __alloc_skb+0x1c3/0x440 [ 249.124362][T10580] should_failslab+0x9/0x20 [ 249.128925][T10580] kmem_cache_alloc_node_noprof+0x71/0x320 [ 249.134773][T10580] __alloc_skb+0x1c3/0x440 [ 249.139215][T10580] ? __pfx___alloc_skb+0x10/0x10 [ 249.144258][T10580] ? netlink_autobind+0xd6/0x2f0 [ 249.149221][T10580] ? netlink_autobind+0x2b0/0x2f0 [ 249.154270][T10580] netlink_sendmsg+0x631/0xcb0 [ 249.159089][T10580] ? __pfx_netlink_sendmsg+0x10/0x10 [ 249.164393][T10580] ? __import_iovec+0x361/0x820 [ 249.169115][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88806405cc00: abort rx timeout. Force session deactivation [ 249.169241][T10580] ? aa_sock_msg_perm+0x91/0x160 [ 249.184351][T10580] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 249.189650][T10580] ? security_socket_sendmsg+0x87/0xb0 [ 249.192419][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88802c5e9c00: abort rx timeout. Force session deactivation [ 249.195117][T10580] ? __pfx_netlink_sendmsg+0x10/0x10 [ 249.210565][T10580] __sock_sendmsg+0x221/0x270 [ 249.215267][T10580] ____sys_sendmsg+0x525/0x7d0 [ 249.220058][T10580] ? __pfx_____sys_sendmsg+0x10/0x10 [ 249.225375][T10580] __sys_sendmsg+0x2b0/0x3a0 [ 249.229985][T10580] ? __pfx___sys_sendmsg+0x10/0x10 [ 249.235110][T10580] ? vfs_write+0x7c4/0xc90 [ 249.239575][T10580] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 249.245920][T10580] ? do_syscall_64+0x100/0x230 [ 249.250699][T10580] ? do_syscall_64+0xb6/0x230 [ 249.255401][T10580] do_syscall_64+0xf3/0x230 [ 249.259928][T10580] ? clear_bhb_loop+0x35/0x90 [ 249.264629][T10580] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.270586][T10580] RIP: 0033:0x7f9f04575bd9 [ 249.275055][T10580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 249.294676][T10580] RSP: 002b:00007f9f053b4048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 249.303111][T10580] RAX: ffffffffffffffda RBX: 00007f9f04703f60 RCX: 00007f9f04575bd9 [ 249.311095][T10580] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 249.319078][T10580] RBP: 00007f9f053b40a0 R08: 0000000000000000 R09: 0000000000000000 [ 249.327232][T10580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 249.335209][T10580] R13: 000000000000000b R14: 00007f9f04703f60 R15: 00007ffd99c63778 [ 249.343302][T10580] [ 249.766551][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 249.788570][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 249.801375][ T51] bond0 (unregistering): Released all slaves [ 249.825185][T10596] SET target dimension over the limit! [ 249.993414][T10441] hsr_slave_0: entered promiscuous mode [ 250.009869][T10441] hsr_slave_1: entered promiscuous mode [ 250.026692][T10441] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 250.041633][T10441] Cannot create hsr debugfs directory [ 250.042306][ T5112] Bluetooth: hci3: command tx timeout [ 250.697092][T10625] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1804'. [ 250.762465][ T5112] Bluetooth: hci1: command tx timeout [ 250.765193][T10625] netlink: 'syz.4.1804': attribute type 1 has an invalid length. [ 250.807834][T10625] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1804'. [ 250.872107][ T51] hsr_slave_0: left promiscuous mode [ 250.875497][T10641] FAULT_INJECTION: forcing a failure. [ 250.875497][T10641] name failslab, interval 1, probability 0, space 0, times 0 [ 250.907777][T10641] CPU: 0 PID: 10641 Comm: syz.2.1810 Not tainted 6.10.0-rc7-syzkaller-00276-g0a1868b93fad #0 [ 250.918010][T10641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 250.928113][T10641] Call Trace: [ 250.931432][T10641] [ 250.934395][T10641] dump_stack_lvl+0x241/0x360 [ 250.939158][T10641] ? __pfx_dump_stack_lvl+0x10/0x10 [ 250.944387][T10641] ? __pfx__printk+0x10/0x10 [ 250.949006][T10641] ? ref_tracker_alloc+0x332/0x490 [ 250.954147][T10641] should_fail_ex+0x3b0/0x4e0 [ 250.958848][T10641] ? skb_clone+0x20c/0x390 [ 250.963280][T10641] should_failslab+0x9/0x20 [ 250.967803][T10641] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 250.973202][T10641] skb_clone+0x20c/0x390 [ 250.977514][T10641] __netlink_deliver_tap+0x3cc/0x7c0 [ 250.982832][T10641] ? netlink_deliver_tap+0x2e/0x1b0 [ 250.988048][T10641] netlink_deliver_tap+0x19d/0x1b0 [ 250.993178][T10641] netlink_unicast+0x7b8/0x980 [ 250.997966][T10641] ? __pfx_netlink_unicast+0x10/0x10 [ 251.003282][T10641] ? __virt_addr_valid+0x183/0x530 [ 251.008504][T10641] ? __check_object_size+0x49c/0x900 [ 251.013816][T10641] ? bpf_lsm_netlink_send+0x9/0x10 [ 251.018950][T10641] netlink_sendmsg+0x8db/0xcb0 [ 251.023753][T10641] ? __pfx_netlink_sendmsg+0x10/0x10 [ 251.029095][T10641] ? __import_iovec+0x536/0x820 [ 251.034052][T10641] ? aa_sock_msg_perm+0x91/0x160 [ 251.039014][T10641] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 251.044313][T10641] ? security_socket_sendmsg+0x87/0xb0 [ 251.049787][T10641] ? __pfx_netlink_sendmsg+0x10/0x10 [ 251.055087][T10641] __sock_sendmsg+0x221/0x270 [ 251.059795][T10641] ____sys_sendmsg+0x525/0x7d0 [ 251.064589][T10641] ? __pfx_____sys_sendmsg+0x10/0x10 [ 251.070089][T10641] __sys_sendmsg+0x2b0/0x3a0 [ 251.074695][T10641] ? __pfx___sys_sendmsg+0x10/0x10 [ 251.079823][T10641] ? vfs_write+0x7c4/0xc90 [ 251.084294][T10641] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 251.090636][T10641] ? do_syscall_64+0x100/0x230 [ 251.095412][T10641] ? do_syscall_64+0xb6/0x230 [ 251.100102][T10641] do_syscall_64+0xf3/0x230 [ 251.104614][T10641] ? clear_bhb_loop+0x35/0x90 [ 251.109410][T10641] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.115339][T10641] RIP: 0033:0x7ff9dff75bd9 [ 251.119835][T10641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 251.139727][T10641] RSP: 002b:00007ff9e0d06048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 251.148172][T10641] RAX: ffffffffffffffda RBX: 00007ff9e0103f60 RCX: 00007ff9dff75bd9 [ 251.156164][T10641] RDX: 0000000000000000 RSI: 0000000020000680 RDI: 0000000000000003 [ 251.164144][T10641] RBP: 00007ff9e0d060a0 R08: 0000000000000000 R09: 0000000000000000 [ 251.172122][T10641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 251.180097][T10641] R13: 000000000000004d R14: 00007ff9e0103f60 R15: 00007ffc2a0daed8 [ 251.188094][T10641] [ 251.213340][ T51] hsr_slave_1: left promiscuous mode [ 251.229343][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 251.249362][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 251.276387][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 251.294166][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 251.347337][ T51] veth1_macvtap: left promiscuous mode [ 251.353370][ T51] veth0_macvtap: left promiscuous mode [ 251.359195][ T51] veth1_vlan: left promiscuous mode [ 251.364799][ T51] veth0_vlan: left promiscuous mode [ 251.456997][T10652] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1813'. [ 252.038046][ T51] team0 (unregistering): Port device team_slave_1 removed [ 252.079911][ T51] team0 (unregistering): Port device team_slave_0 removed [ 252.122115][ T5112] Bluetooth: hci3: command tx timeout [ 252.739081][T10666] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1817'. [ 253.212395][T10402] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 253.264704][T10402] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 253.277227][T10402] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 253.300204][T10402] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 253.386352][T10686] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1820'. [ 253.597149][T10402] 8021q: adding VLAN 0 to HW filter on device bond0 [ 253.608227][T10693] netlink: 'syz.4.1825': attribute type 2 has an invalid length. [ 253.725238][T10402] 8021q: adding VLAN 0 to HW filter on device team0 [ 253.769633][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.776890][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 253.813717][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.820952][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 253.859935][T10441] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 253.942764][T10441] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 253.972958][T10441] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 254.008124][T10441] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 254.203117][ T5112] Bluetooth: hci3: command tx timeout [ 254.359713][T10441] 8021q: adding VLAN 0 to HW filter on device bond0 [ 254.469311][T10441] 8021q: adding VLAN 0 to HW filter on device team0 [ 254.516845][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 254.524266][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 254.646375][ T5153] bridge0: port 2(bridge_slave_1) entered blocking state [ 254.653649][ T5153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 254.877454][T10402] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 255.127463][T10402] veth0_vlan: entered promiscuous mode [ 255.169451][T10402] veth1_vlan: entered promiscuous mode [ 255.321080][T10402] veth0_macvtap: entered promiscuous mode [ 255.381389][T10402] veth1_macvtap: entered promiscuous mode [ 255.459880][T10441] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 255.502181][T10402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.531814][T10402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.545618][T10402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.566434][T10402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.582031][T10402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.600848][T10402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.624360][T10402] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 255.645552][T10766] netlink: 'syz.1.1842': attribute type 10 has an invalid length. [ 255.677238][T10402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.698953][T10402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.711640][T10402] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.733958][T10402] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.764301][T10402] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 255.808080][T10402] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.828638][T10402] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.848346][T10402] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.871676][T10402] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.941379][T10773] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1844'. [ 256.095619][T10441] veth0_vlan: entered promiscuous mode [ 256.125259][ T1245] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.142206][ T1245] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.166259][T10778] xt_TPROXY: Can be used only with -p tcp or -p udp [ 256.240495][T10441] veth1_vlan: entered promiscuous mode [ 256.321375][ T2888] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 256.342386][ T2888] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 256.435615][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 256.454224][T10787] tc_dump_action: action bad kind [ 256.473346][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 256.479893][T10441] veth0_macvtap: entered promiscuous mode [ 256.525242][T10441] veth1_macvtap: entered promiscuous mode [ 256.554963][T10794] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1849'. [ 256.593460][T10794] gtp0: entered promiscuous mode [ 256.650358][T10441] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 256.679032][T10441] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.702083][T10441] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 256.715399][T10441] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.728023][T10441] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 256.738852][T10441] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.749842][T10441] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 256.764827][T10441] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.778473][T10441] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 256.814795][T10441] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 256.861923][T10441] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.868630][T10802] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1853'. [ 256.887639][T10441] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 256.913209][T10441] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.923619][T10441] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 256.934207][T10441] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 256.947409][T10441] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 257.050359][T10807] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1853'. [ 257.097208][T10441] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 257.108220][T10441] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 257.125347][T10441] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 257.136952][T10441] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 257.340250][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 257.362481][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 257.383897][T10820] netlink: 'syz.1.1858': attribute type 9 has an invalid length. [ 257.403418][T10820] netlink: 'syz.1.1858': attribute type 7 has an invalid length. [ 257.422373][T10820] netlink: 'syz.1.1858': attribute type 8 has an invalid length. [ 257.437738][ T722] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 257.466865][ T722] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 257.840687][T10827] netlink: 'syz.2.1861': attribute type 21 has an invalid length. [ 258.664912][ T71] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.437085][T10862] netlink: 'syz.2.1875': attribute type 1 has an invalid length. [ 259.453527][T10862] netlink: 9348 bytes leftover after parsing attributes in process `syz.2.1875'. [ 259.468970][T10862] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1875'. [ 259.480391][T10862] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1875'. [ 259.534293][ T5099] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 259.545985][ T5099] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 259.555027][ T5099] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 259.565256][ T5099] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 259.580673][ T5099] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 259.587198][ T71] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.591581][ T5099] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 259.675219][ T71] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.749300][ T71] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 259.932229][T10866] chnl_net:caif_netlink_parms(): no params data found [ 259.956036][T10873] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1876'. [ 260.098049][ T71] bridge_slave_1: left allmulticast mode [ 260.112626][ T71] bridge_slave_1: left promiscuous mode [ 260.118472][ T71] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.147827][ T71] bridge_slave_0: left allmulticast mode [ 260.162556][ T71] bridge_slave_0: left promiscuous mode [ 260.172100][ T71] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.428905][ T5099] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 260.440228][ T5099] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 260.448772][ T5099] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 260.469681][ T5099] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 260.481682][ T5099] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 260.496704][ T5099] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 260.817274][ T71] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 260.830084][ T71] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 260.842488][ T71] bond0 (unregistering): Released all slaves [ 261.084341][T10866] bridge0: port 1(bridge_slave_0) entered blocking state [ 261.094945][T10866] bridge0: port 1(bridge_slave_0) entered disabled state [ 261.120861][T10866] bridge_slave_0: entered allmulticast mode [ 261.128203][T10866] bridge_slave_0: entered promiscuous mode [ 261.138665][T10866] bridge0: port 2(bridge_slave_1) entered blocking state [ 261.146466][T10866] bridge0: port 2(bridge_slave_1) entered disabled state [ 261.154693][T10866] bridge_slave_1: entered allmulticast mode [ 261.165410][T10866] bridge_slave_1: entered promiscuous mode [ 261.328870][T10866] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 261.409742][T10912] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1884'. [ 261.430669][T10866] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 261.561306][ T71] hsr_slave_0: left promiscuous mode [ 261.579153][ T71] hsr_slave_1: left promiscuous mode [ 261.589673][ T71] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 261.599704][ T71] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 261.620498][ T71] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 261.642775][ T5099] Bluetooth: hci1: command tx timeout [ 261.652105][ T71] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 261.713699][ T71] veth1_macvtap: left promiscuous mode [ 261.719490][ T71] veth0_macvtap: left promiscuous mode [ 261.742014][ T71] veth1_vlan: left promiscuous mode [ 261.747469][ T71] veth0_vlan: left promiscuous mode [ 262.579661][ T71] team0 (unregistering): Port device team_slave_1 removed [ 262.603641][ T5099] Bluetooth: hci3: command tx timeout [ 262.631818][ T71] team0 (unregistering): Port device team_slave_0 removed [ 263.164500][T10925] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1889'. [ 263.268717][T10866] team0: Port device team_slave_0 added [ 263.313153][T10866] team0: Port device team_slave_1 added [ 263.504057][T10866] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 263.522262][T10866] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 263.584609][T10866] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 263.617717][T10866] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 263.626963][T10866] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 263.680417][T10866] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 263.722177][ T5099] Bluetooth: hci1: command tx timeout [ 263.938061][T10866] hsr_slave_0: entered promiscuous mode [ 263.963547][T10866] hsr_slave_1: entered promiscuous mode [ 263.982907][T10866] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 263.990528][T10866] Cannot create hsr debugfs directory [ 264.318318][T10887] chnl_net:caif_netlink_parms(): no params data found [ 264.332671][T10969] FAULT_INJECTION: forcing a failure. [ 264.332671][T10969] name failslab, interval 1, probability 0, space 0, times 0 [ 264.357088][T10969] CPU: 0 PID: 10969 Comm: syz.2.1901 Not tainted 6.10.0-rc7-syzkaller-00276-g0a1868b93fad #0 [ 264.367407][T10969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 264.377513][T10969] Call Trace: [ 264.380829][T10969] [ 264.383796][T10969] dump_stack_lvl+0x241/0x360 [ 264.388534][T10969] ? __pfx_dump_stack_lvl+0x10/0x10 [ 264.393777][T10969] ? __pfx__printk+0x10/0x10 [ 264.398393][T10969] ? nl80211_vendor_cmd_dump+0x8e/0x1600 [ 264.404132][T10969] should_fail_ex+0x3b0/0x4e0 [ 264.408848][T10969] ? nl80211_vendor_cmd_dump+0x1dc/0x1600 [ 264.414803][T10969] should_failslab+0x9/0x20 [ 264.419357][T10969] kmalloc_trace_noprof+0x6c/0x2c0 [ 264.424598][T10969] nl80211_vendor_cmd_dump+0x1dc/0x1600 [ 264.430165][T10969] ? trace_kmalloc+0x1f/0xd0 [ 264.434777][T10969] ? kmalloc_node_track_caller_noprof+0x242/0x440 [ 264.441332][T10969] ? __build_skb_around+0x245/0x3d0 [ 264.446575][T10969] ? __pfx_nl80211_vendor_cmd_dump+0x10/0x10 [ 264.452598][T10969] ? __alloc_skb+0x28f/0x440 [ 264.457218][T10969] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.463312][T10969] ? __pfx___alloc_skb+0x10/0x10 [ 264.468268][T10969] genl_dumpit+0x107/0x1a0 [ 264.472699][T10969] netlink_dump+0x6ff/0xe50 [ 264.477228][T10969] ? __pfx_netlink_dump+0x10/0x10 [ 264.482280][T10969] ? __asan_memset+0x23/0x50 [ 264.486888][T10969] ? genl_start+0x4a8/0x6d0 [ 264.491417][T10969] __netlink_dump_start+0x59d/0x780 [ 264.496645][T10969] genl_rcv_msg+0x88c/0xec0 [ 264.501161][T10969] ? mark_lock+0x9a/0x350 [ 264.505563][T10969] ? __pfx_genl_rcv_msg+0x10/0x10 [ 264.510625][T10969] ? __pfx_genl_start+0x10/0x10 [ 264.515484][T10969] ? __pfx_genl_dumpit+0x10/0x10 [ 264.520429][T10969] ? __pfx_genl_done+0x10/0x10 [ 264.525247][T10969] ? __pfx_lock_acquire+0x10/0x10 [ 264.530276][T10969] ? __pfx_nl80211_vendor_cmd_dump+0x10/0x10 [ 264.536639][T10969] ? __pfx___might_resched+0x10/0x10 [ 264.542031][T10969] netlink_rcv_skb+0x1e3/0x430 [ 264.546814][T10969] ? __pfx_genl_rcv_msg+0x10/0x10 [ 264.551860][T10969] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 264.557209][T10969] ? __netlink_deliver_tap+0x77e/0x7c0 [ 264.562734][T10969] genl_rcv+0x28/0x40 [ 264.566846][T10969] netlink_unicast+0x7ea/0x980 [ 264.571726][T10969] ? __pfx_netlink_unicast+0x10/0x10 [ 264.577041][T10969] ? __virt_addr_valid+0x183/0x530 [ 264.582169][T10969] ? __check_object_size+0x49c/0x900 [ 264.587471][T10969] ? bpf_lsm_netlink_send+0x9/0x10 [ 264.592628][T10969] netlink_sendmsg+0x8db/0xcb0 [ 264.597419][T10969] ? __pfx_netlink_sendmsg+0x10/0x10 [ 264.602746][T10969] ? __import_iovec+0x536/0x820 [ 264.607628][T10969] ? aa_sock_msg_perm+0x91/0x160 [ 264.612597][T10969] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 264.617916][T10969] ? security_socket_sendmsg+0x87/0xb0 [ 264.623419][T10969] ? __pfx_netlink_sendmsg+0x10/0x10 [ 264.628744][T10969] __sock_sendmsg+0x221/0x270 [ 264.633439][T10969] ____sys_sendmsg+0x525/0x7d0 [ 264.638241][T10969] ? __pfx_____sys_sendmsg+0x10/0x10 [ 264.643609][T10969] __sys_sendmsg+0x2b0/0x3a0 [ 264.648249][T10969] ? __pfx___sys_sendmsg+0x10/0x10 [ 264.653379][T10969] ? vfs_write+0x7c4/0xc90 [ 264.657881][T10969] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 264.664239][T10969] ? do_syscall_64+0x100/0x230 [ 264.669036][T10969] ? do_syscall_64+0xb6/0x230 [ 264.673727][T10969] do_syscall_64+0xf3/0x230 [ 264.678266][T10969] ? clear_bhb_loop+0x35/0x90 [ 264.682951][T10969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.688885][T10969] RIP: 0033:0x7ff9dff75bd9 [ 264.693329][T10969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 264.712958][T10969] RSP: 002b:00007ff9e0d06048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 264.721412][T10969] RAX: ffffffffffffffda RBX: 00007ff9e0103f60 RCX: 00007ff9dff75bd9 [ 264.729446][T10969] RDX: 0000000000000000 RSI: 0000000020001540 RDI: 0000000000000003 [ 264.737517][T10969] RBP: 00007ff9e0d060a0 R08: 0000000000000000 R09: 0000000000000000 [ 264.745513][T10969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 264.753490][T10969] R13: 000000000000004d R14: 00007ff9e0103f60 R15: 00007ffc2a0daed8 [ 264.761501][T10969] [ 264.772352][ T5099] Bluetooth: hci3: command tx timeout [ 264.813240][T10971] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1902'. [ 264.966771][ T2852] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 264.988957][ T2852] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 265.159546][ T71] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.281582][ T71] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.380053][T10998] syzkaller1: entered promiscuous mode [ 265.385949][T10998] syzkaller1: entered allmulticast mode [ 265.410264][T10887] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.424299][T10887] bridge0: port 1(bridge_slave_0) entered disabled state [ 265.431933][T10887] bridge_slave_0: entered allmulticast mode [ 265.441665][T10887] bridge_slave_0: entered promiscuous mode [ 265.469579][ T71] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.491850][T11000] netlink: 'syz.2.1913': attribute type 10 has an invalid length. [ 265.510440][T11000] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1913'. [ 265.622526][T10887] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.629762][T10887] bridge0: port 2(bridge_slave_1) entered disabled state [ 265.649930][T10887] bridge_slave_1: entered allmulticast mode [ 265.665490][T10887] bridge_slave_1: entered promiscuous mode [ 265.743403][ T71] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.803104][ T5099] Bluetooth: hci1: command tx timeout [ 265.815416][T10887] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 265.845927][T10887] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 265.945639][T11016] wg2: entered promiscuous mode [ 265.963299][T11016] wg2: entered allmulticast mode [ 265.996102][T10887] team0: Port device team_slave_0 added [ 266.012031][T10887] team0: Port device team_slave_1 added [ 266.190756][T10887] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 266.210845][T10887] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 266.242544][T10887] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 266.313459][T10887] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 266.320456][T10887] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 266.363165][T10887] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 266.428733][T10866] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 266.530641][T11030] netlink: 'syz.2.1926': attribute type 10 has an invalid length. [ 266.539449][T11030] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1926'. [ 266.570264][T10866] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 266.619153][T10866] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 266.782388][T10866] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 266.842029][ T5099] Bluetooth: hci3: command tx timeout [ 266.862767][ T71] bridge_slave_1: left allmulticast mode [ 266.868466][ T71] bridge_slave_1: left promiscuous mode [ 266.874630][ T71] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.894429][ T71] bridge_slave_0: left allmulticast mode [ 266.903661][ T71] bridge_slave_0: left promiscuous mode [ 266.911514][ T71] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.426915][ T71] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 267.439177][ T71] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 267.452174][ T71] bond0 (unregistering): Released all slaves [ 267.467995][T11036] syzkaller1: entered promiscuous mode [ 267.473845][T11036] syzkaller1: entered allmulticast mode [ 267.484735][T10887] hsr_slave_0: entered promiscuous mode [ 267.514065][T10887] hsr_slave_1: entered promiscuous mode [ 267.536604][T10887] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 267.544473][T10887] Cannot create hsr debugfs directory [ 267.570640][T11049] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1931'. [ 267.885094][ T5099] Bluetooth: hci1: command tx timeout [ 267.956224][T11058] netlink: 'syz.4.1933': attribute type 4 has an invalid length. [ 268.169930][ T71] hsr_slave_0: left promiscuous mode [ 268.184653][ T71] hsr_slave_1: left promiscuous mode [ 268.198636][ T71] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 268.217111][ T71] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 268.243026][ T71] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 268.273057][ T71] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 268.328077][ T71] veth1_macvtap: left promiscuous mode [ 268.345248][ T71] veth0_macvtap: left promiscuous mode [ 268.351682][ T71] veth1_vlan: left promiscuous mode [ 268.362528][ T71] veth0_vlan: left promiscuous mode [ 268.922021][ T5099] Bluetooth: hci3: command tx timeout [ 269.063972][ T71] team0 (unregistering): Port device team_slave_1 removed [ 269.107647][ T71] team0 (unregistering): Port device team_slave_0 removed [ 269.878952][T10866] 8021q: adding VLAN 0 to HW filter on device bond0 [ 270.008085][T10866] 8021q: adding VLAN 0 to HW filter on device team0 [ 270.071796][ T5153] bridge0: port 1(bridge_slave_0) entered blocking state [ 270.079003][ T5153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 270.151202][ T5153] bridge0: port 2(bridge_slave_1) entered blocking state [ 270.158608][ T5153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 270.324721][T10866] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 270.403161][T11124] xt_cgroup: xt_cgroup: no path or classid specified [ 270.523019][T10887] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 270.542425][T10887] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 270.567727][T10887] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 270.604714][T10887] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 270.777144][T10866] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 270.953911][T10887] 8021q: adding VLAN 0 to HW filter on device bond0 [ 270.975218][T10866] veth0_vlan: entered promiscuous mode [ 271.027914][T10887] 8021q: adding VLAN 0 to HW filter on device team0 [ 271.046882][T10866] veth1_vlan: entered promiscuous mode [ 271.079473][T11136] syzkaller1: entered promiscuous mode [ 271.095857][T11136] syzkaller1: entered allmulticast mode [ 271.118904][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.126179][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 271.259482][ T5160] bridge0: port 2(bridge_slave_1) entered blocking state [ 271.266729][ T5160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 271.459488][T10866] veth0_macvtap: entered promiscuous mode [ 271.475977][T11138] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0) [ 271.492910][T11138] bridge_slave_0: default FDB implementation only supports local addresses [ 271.506766][T10866] veth1_macvtap: entered promiscuous mode [ 271.592997][T10866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.613078][T10866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.624322][T10866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.641329][T10866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.664469][T10866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.682066][T10866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.721629][T10866] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 271.777875][T10866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 271.796111][T10866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.816661][T10866] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 271.818156][T11153] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1964'. [ 271.828315][T10866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.849414][T10866] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 271.925343][T10866] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.952576][T10866] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.963715][T10866] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.972881][T10866] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.016141][T10887] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 272.310867][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.342903][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.424679][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.433422][T11173] syzkaller1: entered promiscuous mode [ 272.445318][T11173] syzkaller1: entered allmulticast mode [ 272.456345][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.494714][T11176] xt_cgroup: xt_cgroup: no path or classid specified [ 272.561126][T10887] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 272.734070][T10887] veth0_vlan: entered promiscuous mode [ 272.756872][T10887] veth1_vlan: entered promiscuous mode [ 272.818461][T10887] veth0_macvtap: entered promiscuous mode [ 272.840026][T10887] veth1_macvtap: entered promiscuous mode [ 272.865114][T10887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 272.876050][T10887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.887227][T10887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 272.901801][T10887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.911647][T10887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 272.931112][T11183] netlink: 'syz.1.1973': attribute type 1 has an invalid length. [ 272.939091][T11183] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1973'. [ 272.948244][T10887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.960156][T11183] netlink: 'syz.1.1973': attribute type 1 has an invalid length. [ 272.968438][T10887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 272.979011][T11183] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1973'. [ 272.988300][T10887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 273.005522][T10887] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 273.049432][T10887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 273.073929][T10887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 273.095634][T10887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 273.110014][T10887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 273.120384][T10887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 273.131375][T10887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 273.143627][T10887] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 273.153926][T11187] netlink: 'syz.1.1975': attribute type 1 has an invalid length. [ 273.206326][T11187] bond2: entered promiscuous mode [ 273.219741][T11189] bond2: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 273.246207][T10887] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 273.277299][T10887] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 273.300487][T10887] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 273.309626][T10887] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 273.343967][T11193] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1976'. [ 273.562100][ T5112] Bluetooth: hci4: command 0x0405 tx timeout [ 273.576813][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 273.599392][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 273.624257][T11203] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1979'. [ 273.692883][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 273.705912][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 273.840255][T11210] syzkaller1: entered promiscuous mode [ 273.847289][T11210] syzkaller1: entered allmulticast mode [ 274.266293][ T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.171296][ T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.326235][ T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.377076][T11233] tap0: tun_chr_ioctl cmd 2147767521 [ 275.540631][ T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.660926][ T5112] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 275.671269][ T5112] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 275.717662][ T5112] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 275.755780][ T5112] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 275.766474][ T5112] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 275.782081][ T5112] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 275.832827][ T35] bridge_slave_1: left allmulticast mode [ 275.838592][ T35] bridge_slave_1: left promiscuous mode [ 275.844752][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.855633][ T35] bridge_slave_0: left allmulticast mode [ 275.861309][ T35] bridge_slave_0: left promiscuous mode [ 275.869678][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 276.234584][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 276.248419][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 276.259972][ T35] bond0 (unregistering): Released all slaves [ 276.582575][T11245] xt_cgroup: xt_cgroup: no path or classid specified [ 276.716343][T11237] chnl_net:caif_netlink_parms(): no params data found [ 276.836939][ T35] hsr_slave_0: left promiscuous mode [ 276.876418][ T35] hsr_slave_1: left promiscuous mode [ 276.952413][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 276.976995][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 277.003532][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 277.044498][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 277.120787][ T35] veth1_macvtap: left promiscuous mode [ 277.142678][ T5112] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 277.153628][ T35] veth0_macvtap: left promiscuous mode [ 277.159235][ T5112] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 277.169297][ T35] veth1_vlan: left promiscuous mode [ 277.174775][ T5112] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 277.184569][ T5112] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 277.193466][ T5112] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 277.195735][ T35] veth0_vlan: left promiscuous mode [ 277.207797][ T5112] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 277.674620][T11276] netlink: 'syz.2.1996': attribute type 3 has an invalid length. [ 277.692169][T11276] netlink: 127180 bytes leftover after parsing attributes in process `syz.2.1996'. [ 277.802508][ T5099] Bluetooth: hci1: command tx timeout [ 278.080928][ T35] team0 (unregistering): Port device team_slave_1 removed [ 278.127461][ T35] team0 (unregistering): Port device team_slave_0 removed [ 279.042765][T11237] bridge0: port 1(bridge_slave_0) entered blocking state [ 279.049984][T11237] bridge0: port 1(bridge_slave_0) entered disabled state [ 279.107013][T11237] bridge_slave_0: entered allmulticast mode [ 279.127602][T11237] bridge_slave_0: entered promiscuous mode [ 279.143927][T11237] bridge0: port 2(bridge_slave_1) entered blocking state [ 279.151241][T11237] bridge0: port 2(bridge_slave_1) entered disabled state [ 279.169164][T11237] bridge_slave_1: entered allmulticast mode [ 279.176971][T11237] bridge_slave_1: entered promiscuous mode [ 279.242464][ T5099] Bluetooth: hci3: command tx timeout [ 279.324894][T11303] netlink: 'syz.2.2005': attribute type 1 has an invalid length. [ 279.394797][T11237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 279.437113][T11237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 279.757163][T11237] team0: Port device team_slave_0 added [ 279.791191][T11237] team0: Port device team_slave_1 added [ 279.882062][ T5099] Bluetooth: hci1: command tx timeout [ 279.940364][T11237] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 279.978497][T11237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 280.035938][T11237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 280.088453][T11237] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 280.101645][T11237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 280.162120][T11237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 280.269049][ T35] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.448369][ T35] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.539694][T11237] hsr_slave_0: entered promiscuous mode [ 280.553367][T11237] hsr_slave_1: entered promiscuous mode [ 280.577555][T11237] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 280.589651][T11237] Cannot create hsr debugfs directory [ 280.655086][ T35] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.784092][ T35] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.811687][T11265] chnl_net:caif_netlink_parms(): no params data found [ 280.858469][T11347] (unnamed net_device) (uninitialized): option xmit_hash_policy: invalid value (7) [ 281.266041][T11265] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.292899][T11265] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.300268][T11265] bridge_slave_0: entered allmulticast mode [ 281.322432][ T5099] Bluetooth: hci3: command tx timeout [ 281.341305][T11265] bridge_slave_0: entered promiscuous mode [ 281.383379][T11357] netlink: 'syz.4.2017': attribute type 3 has an invalid length. [ 281.400246][T11357] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2017'. [ 281.582504][T11265] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.589698][T11265] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.629212][T11265] bridge_slave_1: entered allmulticast mode [ 281.644642][T11265] bridge_slave_1: entered promiscuous mode [ 281.909077][T11265] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 281.925083][ T35] bridge_slave_1: left allmulticast mode [ 281.937550][ T35] bridge_slave_1: left promiscuous mode [ 281.960220][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.965027][ T5099] Bluetooth: hci1: command tx timeout [ 282.045530][ T35] bridge_slave_0: left allmulticast mode [ 282.051251][ T35] bridge_slave_0: left promiscuous mode [ 282.098668][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.363940][T11388] netlink: 'syz.1.2030': attribute type 7 has an invalid length. [ 282.381929][T11388] netlink: 244 bytes leftover after parsing attributes in process `syz.1.2030'. [ 282.866289][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 282.879292][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 282.893775][ T35] bond0 (unregistering): Released all slaves [ 282.921324][T11265] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 283.130437][T11408] No such timeout policy "syz0" [ 283.207619][T11265] team0: Port device team_slave_0 added [ 283.247359][T11265] team0: Port device team_slave_1 added [ 283.402187][ T5099] Bluetooth: hci3: command tx timeout [ 283.480527][T11265] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 283.492924][T11265] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 283.551933][T11265] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 283.563323][T11422] IPVS: set_ctl: invalid protocol: 136 172.30.0.2:20004 [ 283.583378][ T9] IPVS: starting estimator thread 0... [ 283.626732][ T35] hsr_slave_0: left promiscuous mode [ 283.634529][ T35] hsr_slave_1: left promiscuous mode [ 283.644760][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 283.659844][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 283.668768][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 283.677405][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 283.692053][T11424] IPVS: using max 16 ests per chain, 38400 per kthread [ 283.740075][ T35] veth1_macvtap: left promiscuous mode [ 283.753399][ T35] veth0_macvtap: left promiscuous mode [ 283.761945][ T35] veth1_vlan: left promiscuous mode [ 283.767484][ T35] veth0_vlan: left promiscuous mode [ 284.043112][ T5099] Bluetooth: hci1: command tx timeout [ 284.664299][ T35] team0 (unregistering): Port device team_slave_1 removed [ 284.720563][ T35] team0 (unregistering): Port device team_slave_0 removed [ 285.187378][T11265] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 285.194713][T11265] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.227337][T11265] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 285.447573][T11237] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 285.482156][ T5099] Bluetooth: hci3: command tx timeout [ 285.491203][T11265] hsr_slave_0: entered promiscuous mode [ 285.516681][T11265] hsr_slave_1: entered promiscuous mode [ 285.528976][T11265] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 285.565864][T11265] Cannot create hsr debugfs directory [ 285.612174][T11237] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 285.741067][T11237] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 285.764976][T11237] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 285.779806][T11459] x_tables: duplicate underflow at hook 2 [ 286.998026][T11482] syzkaller1: entered promiscuous mode [ 287.016652][T11482] syzkaller1: entered allmulticast mode [ 287.066030][T11485] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2059'. [ 287.197237][T11495] netlink: 'syz.2.2061': attribute type 1 has an invalid length. [ 287.229429][T11495] bond2: entered promiscuous mode [ 287.279693][T11498] netlink: 'syz.2.2061': attribute type 16 has an invalid length. [ 287.289288][T11498] netlink: 'syz.2.2061': attribute type 17 has an invalid length. [ 287.550263][T11237] 8021q: adding VLAN 0 to HW filter on device bond0 [ 287.603063][T11510] Bluetooth: MGMT ver 1.22 [ 287.737095][T11515] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2066'. [ 287.761202][T11515] vlan1: entered promiscuous mode [ 287.856998][T11237] 8021q: adding VLAN 0 to HW filter on device team0 [ 287.912267][T11265] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 287.936817][T11265] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 287.968591][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.975842][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 287.994249][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 288.001541][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 288.026915][T11265] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 288.075392][T11265] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 288.219617][T11527] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2071'. [ 288.388191][T11265] 8021q: adding VLAN 0 to HW filter on device bond0 [ 288.445856][T11531] syzkaller1: entered promiscuous mode [ 288.459567][T11531] syzkaller1: entered allmulticast mode [ 288.497889][T11265] 8021q: adding VLAN 0 to HW filter on device team0 [ 288.612681][ T5160] bridge0: port 1(bridge_slave_0) entered blocking state [ 288.619882][ T5160] bridge0: port 1(bridge_slave_0) entered forwarding state [ 288.656155][ T5160] bridge0: port 2(bridge_slave_1) entered blocking state [ 288.663538][ T5160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 288.758186][T11237] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 288.785791][T11535] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2073'. [ 288.947225][T11237] veth0_vlan: entered promiscuous mode [ 289.042780][T11237] veth1_vlan: entered promiscuous mode [ 289.171805][T11237] veth0_macvtap: entered promiscuous mode [ 289.214113][T11237] veth1_macvtap: entered promiscuous mode [ 289.296447][T11237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 289.331960][T11237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 289.352665][T11237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 289.368992][T11237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 289.391035][T11237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 289.405338][T11237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 289.425850][T11237] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 289.463622][T11237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 289.488938][T11237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 289.520648][T11237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 289.531629][T11237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 289.579819][T11237] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 289.607388][T11567] netlink: 'syz.4.2084': attribute type 9 has an invalid length. [ 289.630195][T11237] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.655781][T11237] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.679480][T11237] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.691871][T11237] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.716453][T11561] syzkaller1: entered promiscuous mode [ 289.730745][T11561] syzkaller1: entered allmulticast mode [ 289.859170][T11571] netlink: 'syz.4.2085': attribute type 9 has an invalid length. [ 289.959306][T11265] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 290.160734][T11579] netlink: 'syz.1.2088': attribute type 4 has an invalid length. [ 290.180335][T11579] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2088'. [ 290.231477][T11265] veth0_vlan: entered promiscuous mode [ 290.243442][ T2852] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 290.261025][ T2852] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 290.370375][ T722] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 290.371231][T11265] veth1_vlan: entered promiscuous mode [ 290.391922][ T722] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 290.525847][T11265] veth0_macvtap: entered promiscuous mode [ 290.555987][T11265] veth1_macvtap: entered promiscuous mode [ 290.617683][T11265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 290.647260][T11265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.662475][T11265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 290.702051][T11265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.726203][T11265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 290.732616][T11590] netlink: 596 bytes leftover after parsing attributes in process `syz.1.2093'. [ 290.752987][T11265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.780528][T11265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 290.791337][T11265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 290.810589][T11265] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 291.004902][T11265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 291.016040][T11265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.031855][T11265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 291.052029][T11265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.067606][T11265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 291.079704][T11265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 291.098485][T11265] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 291.139079][T11638] syzkaller1: entered promiscuous mode [ 291.152097][T11638] syzkaller1: entered allmulticast mode [ 291.183533][T11265] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.207614][T11265] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.221958][T11265] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.230744][T11265] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.324997][T11649] openvswitch: netlink: IP tunnel attribute has 2 unknown bytes. [ 291.546489][T11655] netlink: 100 bytes leftover after parsing attributes in process `syz.2.2103'. [ 291.597298][ T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 291.654282][T11655] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2103'. [ 291.686993][ T722] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 291.720599][ T722] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 291.765269][ T2852] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 291.774630][ T2852] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 292.531097][ T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.628872][ T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.815595][ T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.136883][ T35] bridge_slave_1: left allmulticast mode [ 293.164743][ T35] bridge_slave_1: left promiscuous mode [ 293.177344][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 293.201731][ T35] bridge_slave_0: left allmulticast mode [ 293.214425][ T35] bridge_slave_0: left promiscuous mode [ 293.214557][T11685] sctp: [Deprecated]: syz.2.2111 (pid 11685) Use of int in maxseg socket option. [ 293.214557][T11685] Use struct sctp_assoc_value instead [ 293.228808][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 293.268709][ T5112] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 293.279595][ T5112] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 293.289997][ T5112] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 293.302007][ T5112] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 293.311244][ T5112] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 293.319695][ T5112] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 293.831465][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 293.846498][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 293.858219][ T35] bond0 (unregistering): Released all slaves [ 294.175996][ T35] hsr_slave_0: left promiscuous mode [ 294.182623][ T35] hsr_slave_1: left promiscuous mode [ 294.188691][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 294.196447][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 294.205271][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 294.212861][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 294.235009][ T35] veth1_macvtap: left promiscuous mode [ 294.240577][ T35] veth0_macvtap: left promiscuous mode [ 294.246321][ T35] veth1_vlan: left promiscuous mode [ 294.253055][ T35] veth0_vlan: left promiscuous mode [ 294.855238][ T5112] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 294.867356][ T5112] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 294.879695][ T5112] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 294.889157][ T5112] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 294.898072][ T5112] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 294.910190][ T5112] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 295.122774][ T35] team0 (unregistering): Port device team_slave_1 removed [ 295.179013][ T35] team0 (unregistering): Port device team_slave_0 removed [ 295.404893][ T5099] Bluetooth: hci1: command tx timeout [ 295.842129][T11686] chnl_net:caif_netlink_parms(): no params data found [ 296.198300][T11686] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.220665][T11686] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.228166][T11686] bridge_slave_0: entered allmulticast mode [ 296.235959][T11686] bridge_slave_0: entered promiscuous mode [ 296.273069][T11686] bridge0: port 2(bridge_slave_1) entered blocking state [ 296.302652][T11686] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.326000][T11686] bridge_slave_1: entered allmulticast mode [ 296.339855][T11686] bridge_slave_1: entered promiscuous mode [ 296.351639][T11736] xt_TCPMSS: Only works on TCP SYN packets [ 296.783783][T11686] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 296.843043][T11686] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 297.002654][ T5099] Bluetooth: hci3: command tx timeout [ 297.093959][T11686] team0: Port device team_slave_0 added [ 297.227589][ T35] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.328592][T11686] team0: Port device team_slave_1 added [ 297.453770][T11776] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 297.483047][ T5099] Bluetooth: hci1: command tx timeout [ 297.505088][ T35] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.736699][ T35] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.747366][T11788] xt_TCPMSS: Only works on TCP SYN packets [ 297.781248][T11686] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 297.800596][T11686] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 297.873605][T11686] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 297.899859][T11705] chnl_net:caif_netlink_parms(): no params data found [ 298.160440][ T35] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.187931][T11686] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 298.204754][T11686] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 298.237530][T11686] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 298.575401][T11686] hsr_slave_0: entered promiscuous mode [ 298.592255][T11686] hsr_slave_1: entered promiscuous mode [ 298.601969][T11686] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 298.609587][T11686] Cannot create hsr debugfs directory [ 298.658456][T11803] syzkaller1: entered promiscuous mode [ 298.668916][T11803] syzkaller1: entered allmulticast mode [ 298.686608][T11705] bridge0: port 1(bridge_slave_0) entered blocking state [ 298.701556][T11705] bridge0: port 1(bridge_slave_0) entered disabled state [ 298.713678][T11705] bridge_slave_0: entered allmulticast mode [ 298.731702][T11705] bridge_slave_0: entered promiscuous mode [ 298.816212][T11705] bridge0: port 2(bridge_slave_1) entered blocking state [ 298.824556][T11705] bridge0: port 2(bridge_slave_1) entered disabled state [ 298.837498][T11705] bridge_slave_1: entered allmulticast mode [ 298.873845][T11705] bridge_slave_1: entered promiscuous mode [ 299.005797][T11705] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 299.082337][ T5099] Bluetooth: hci3: command tx timeout [ 299.084976][T11705] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 299.300070][T11705] team0: Port device team_slave_0 added [ 299.363478][ T35] bridge_slave_1: left allmulticast mode [ 299.382511][ T35] bridge_slave_1: left promiscuous mode [ 299.403489][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.441217][ T35] bridge_slave_0: left allmulticast mode [ 299.453376][ T35] bridge_slave_0: left promiscuous mode [ 299.465788][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.562168][ T5099] Bluetooth: hci1: command tx timeout [ 300.274145][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 300.288173][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 300.303774][ T35] bond0 (unregistering): Released all slaves [ 300.324490][T11705] team0: Port device team_slave_1 added [ 300.594036][T11705] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 300.612756][T11705] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 300.669185][T11705] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 300.839187][T11705] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 300.881338][T11705] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 300.944785][T11705] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 301.134714][T11834] netlink: zone id is out of range [ 301.142781][T11834] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2152'. [ 301.162207][ T5099] Bluetooth: hci3: command tx timeout [ 301.177838][T11833] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2152'. [ 301.212244][T11833] netlink: 'syz.2.2152': attribute type 30 has an invalid length. [ 301.359562][T11705] hsr_slave_0: entered promiscuous mode [ 301.380269][T11705] hsr_slave_1: entered promiscuous mode [ 301.396110][T11705] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 301.411838][T11705] Cannot create hsr debugfs directory [ 301.475971][ T35] hsr_slave_0: left promiscuous mode [ 301.493366][ T35] hsr_slave_1: left promiscuous mode [ 301.504593][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 301.517762][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 301.548961][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 301.571949][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 301.628178][ T35] veth1_macvtap: left promiscuous mode [ 301.636247][ T35] veth0_macvtap: left promiscuous mode [ 301.642468][ T5099] Bluetooth: hci1: command tx timeout [ 301.652002][ T35] veth1_vlan: left promiscuous mode [ 301.657409][ T35] veth0_vlan: left promiscuous mode [ 302.463174][ T35] team0 (unregistering): Port device team_slave_1 removed [ 302.512131][ T35] team0 (unregistering): Port device team_slave_0 removed [ 303.242037][ T5099] Bluetooth: hci3: command tx timeout [ 303.581400][T11686] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 303.601116][T11686] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 303.656664][T11866] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 303.679276][T11686] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 303.771610][T11686] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 304.071462][T11884] syzkaller1: entered promiscuous mode [ 304.080603][T11884] syzkaller1: entered allmulticast mode [ 304.290430][T11686] 8021q: adding VLAN 0 to HW filter on device bond0 [ 304.332529][T11705] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 304.389515][T11686] 8021q: adding VLAN 0 to HW filter on device team0 [ 304.410063][T11705] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 304.451123][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.458394][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 304.482701][T11705] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 304.521417][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.528754][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 304.560259][T11705] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 304.649924][T11908] netlink: 'syz.1.2173': attribute type 12 has an invalid length. [ 304.668072][T11908] netlink: 197276 bytes leftover after parsing attributes in process `syz.1.2173'. [ 304.861018][T11913] x_tables: duplicate underflow at hook 2 [ 304.944063][T11705] 8021q: adding VLAN 0 to HW filter on device bond0 [ 304.996736][T11705] 8021q: adding VLAN 0 to HW filter on device team0 [ 305.016904][T11686] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 305.044218][ T5191] bridge0: port 1(bridge_slave_0) entered blocking state [ 305.053136][ T5191] bridge0: port 1(bridge_slave_0) entered forwarding state [ 305.093526][ T5191] bridge0: port 2(bridge_slave_1) entered blocking state [ 305.100787][ T5191] bridge0: port 2(bridge_slave_1) entered forwarding state [ 305.297122][T11923] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2178'. [ 305.307642][T11923] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2178'. [ 305.327549][T11686] veth0_vlan: entered promiscuous mode [ 305.380048][T11686] veth1_vlan: entered promiscuous mode [ 305.505745][T11686] veth0_macvtap: entered promiscuous mode [ 305.593357][T11686] veth1_macvtap: entered promiscuous mode [ 305.684092][T11686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 305.684404][T11933] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2180'. [ 305.720692][T11686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 305.736325][T11686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 305.748115][T11686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 305.758264][T11686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 305.768944][T11686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 305.792101][T11686] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 305.844031][T11686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 305.868875][T11686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 305.886010][T11686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 305.911637][T11686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 305.925926][T11686] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 305.940761][T11938] syzkaller1: entered promiscuous mode [ 305.949835][T11938] syzkaller1: entered allmulticast mode [ 306.067784][T11686] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.091239][T11686] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.100233][T11686] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.109327][T11686] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.237337][T11705] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 306.240019][T11952] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2186'. [ 306.254169][T11952] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2186'. [ 306.263411][T11952] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2186'. [ 306.276344][T11952] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2186'. [ 306.424397][ T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 306.443873][ T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 306.520023][ T2852] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 306.544320][ T2852] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 307.348866][T11972] x_tables: duplicate underflow at hook 2 [ 308.310729][T11978] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2193'. [ 308.711213][T11705] veth0_vlan: entered promiscuous mode [ 308.746005][T11705] veth1_vlan: entered promiscuous mode [ 308.876034][T11992] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI [ 308.888692][T11992] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 308.897143][T11992] CPU: 1 PID: 11992 Comm: syz.2.2197 Not tainted 6.10.0-rc7-syzkaller-00276-g0a1868b93fad #0 [ 308.907335][T11992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 308.917605][T11992] RIP: 0010:dev_map_enqueue+0x31/0x3e0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 308.923118][T11992] Code: 41 56 41 55 41 54 53 48 83 ec 18 49 89 d4 49 89 f5 48 89 fd 49 be 00 00 00 00 00 fc ff df e8 06 9e d7 ff 48 89 e8 48 c1 e8 03 <42> 80 3c 30 00 74 08 48 89 ef e8 e0 63 3d 00 4c 8b 7d 00 48 83 c5 [ 308.942766][T11992] RSP: 0018:ffffc900034ff678 EFLAGS: 00010246 [ 308.948882][T11992] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000 [ 308.956890][T11992] RDX: ffffc9000a1a9000 RSI: 0000000000000d24 RDI: 0000000000000d25 [ 308.964898][T11992] RBP: 0000000000000000 R08: ffffffff896219f6 R09: ffffffff896219b3 [ 308.972907][T11992] R10: 0000000000000004 R11: ffff888029568000 R12: ffff888065616000 [ 308.980916][T11992] R13: ffff88806e1e9070 R14: dffffc0000000000 R15: 0000000000000000 [ 308.988930][T11992] FS: 00007ff9e0d066c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 308.997901][T11992] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 309.004553][T11992] CR2: 0000001b3261fffc CR3: 00000000699f2000 CR4: 00000000003506f0 [ 309.012647][T11992] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 309.020649][T11992] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 309.028651][T11992] Call Trace: [ 309.031966][T11992] [ 309.034927][T11992] ? __die_body+0x88/0xe0 [ 309.039301][T11992] ? die_addr+0x108/0x140 [ 309.043679][T11992] ? exc_general_protection+0x3dd/0x5d0 [ 309.049289][T11992] ? asm_exc_general_protection+0x26/0x30 [ 309.055067][T11992] ? xdp_do_redirect_frame+0x243/0x660 [ 309.060578][T11992] ? xdp_do_redirect_frame+0x286/0x660 [ 309.066082][T11992] ? dev_map_enqueue+0x31/0x3e0 [ 309.071027][T11992] ? dev_map_enqueue+0x2a/0x3e0 [ 309.075918][T11992] xdp_do_redirect_frame+0x2a6/0x660 [ 309.081252][T11992] bpf_test_run_xdp_live+0xe60/0x1e60 [ 309.087018][T11992] ? __pfx___might_resched+0x10/0x10 [ 309.092356][T11992] ? __mutex_unlock_slowpath+0x21d/0x750 [ 309.098058][T11992] ? bpf_test_run_xdp_live+0x724/0x1e60 [ 309.103740][T11992] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 309.109588][T11992] ? bpf_dispatcher_xdp+0x800/0x1000 [ 309.115088][T11992] ? bpf_dispatcher_xdp+0x800/0x1000 [ 309.120430][T11992] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 309.126381][T11992] ? _copy_from_user+0xa6/0xe0 [ 309.131182][T11992] ? bpf_test_init+0x15a/0x180 [ 309.135986][T11992] ? xdp_convert_md_to_buff+0x5b/0x330 [ 309.141494][T11992] bpf_prog_test_run_xdp+0x80e/0x11b0 [ 309.146913][T11992] ? __pfx_lock_release+0x10/0x10 [ 309.151975][T11992] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 309.157896][T11992] ? __fget_files+0x29/0x470 [ 309.162512][T11992] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 309.168335][T11992] bpf_prog_test_run+0x33a/0x3b0 [ 309.173287][T11992] __sys_bpf+0x48d/0x810 [ 309.177574][T11992] ? __pfx___sys_bpf+0x10/0x10 [ 309.182368][T11992] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 309.188357][T11992] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 309.194689][T11992] ? do_syscall_64+0x100/0x230 [ 309.199483][T11992] __x64_sys_bpf+0x7c/0x90 [ 309.204007][T11992] do_syscall_64+0xf3/0x230 [ 309.208536][T11992] ? clear_bhb_loop+0x35/0x90 [ 309.213234][T11992] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.219157][T11992] RIP: 0033:0x7ff9dff75bd9 [ 309.223591][T11992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 309.243304][T11992] RSP: 002b:00007ff9e0d06048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 309.251736][T11992] RAX: ffffffffffffffda RBX: 00007ff9e0103f60 RCX: 00007ff9dff75bd9 [ 309.259727][T11992] RDX: 0000000000000050 RSI: 0000000020000240 RDI: 000000000000000a [ 309.267875][T11992] RBP: 00007ff9dffe4e60 R08: 0000000000000000 R09: 0000000000000000 [ 309.275848][T11992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 309.283844][T11992] R13: 000000000000004d R14: 00007ff9e0103f60 R15: 00007ffc2a0daed8 [ 309.291846][T11992] [ 309.294960][T11992] Modules linked in: [ 309.298978][T11992] ---[ end trace 0000000000000000 ]--- [ 309.304498][T11992] RIP: 0010:dev_map_enqueue+0x31/0x3e0 [ 309.310092][T11992] Code: 41 56 41 55 41 54 53 48 83 ec 18 49 89 d4 49 89 f5 48 89 fd 49 be 00 00 00 00 00 fc ff df e8 06 9e d7 ff 48 89 e8 48 c1 e8 03 <42> 80 3c 30 00 74 08 48 89 ef e8 e0 63 3d 00 4c 8b 7d 00 48 83 c5 [ 309.329948][T11992] RSP: 0018:ffffc900034ff678 EFLAGS: 00010246 [ 309.336086][T11992] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000 [ 309.344127][T11992] RDX: ffffc9000a1a9000 RSI: 0000000000000d24 RDI: 0000000000000d25 [ 309.352162][T11992] RBP: 0000000000000000 R08: ffffffff896219f6 R09: ffffffff896219b3 [ 309.360164][T11992] R10: 0000000000000004 R11: ffff888029568000 R12: ffff888065616000 [ 309.368201][T11992] R13: ffff88806e1e9070 R14: dffffc0000000000 R15: 0000000000000000 [ 309.376241][T11992] FS: 00007ff9e0d066c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 309.385237][T11992] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 309.391877][T11992] CR2: 0000001b3261fffc CR3: 00000000699f2000 CR4: 00000000003506f0 [ 309.399878][T11992] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 309.408006][T11992] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 309.416048][T11992] Kernel panic - not syncing: Fatal exception in interrupt [ 309.423570][T11992] Kernel Offset: disabled [ 309.427904][T11992] Rebooting in 86400 seconds..