last executing test programs: 1m38.71779295s ago: executing program 3 (id=501): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x20, 0x0, 0x4, 0xfffff000}, {0x6}]}, 0x20) 1m37.423685467s ago: executing program 0 (id=13): socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x3}}, 0x26) 1m23.873676495s ago: executing program 3 (id=501): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x20, 0x0, 0x4, 0xfffff000}, {0x6}]}, 0x20) 1m22.609061153s ago: executing program 0 (id=13): socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x3}}, 0x26) 1m7.338913812s ago: executing program 3 (id=501): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x20, 0x0, 0x4, 0xfffff000}, {0x6}]}, 0x20) 1m5.755861424s ago: executing program 0 (id=13): socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x3}}, 0x26) 47.83749198s ago: executing program 3 (id=501): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x20, 0x0, 0x4, 0xfffff000}, {0x6}]}, 0x20) 46.377279146s ago: executing program 0 (id=13): socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x3}}, 0x26) 29.7330146s ago: executing program 3 (id=501): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x20, 0x0, 0x4, 0xfffff000}, {0x6}]}, 0x20) 27.442363441s ago: executing program 0 (id=13): socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x3}}, 0x26) 12.538388768s ago: executing program 3 (id=501): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x20, 0x0, 0x4, 0xfffff000}, {0x6}]}, 0x20) 11.069659019s ago: executing program 0 (id=13): socket(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x3}}, 0x26) 4.065307596s ago: executing program 2 (id=1550): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000000080)="e9", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000140)=ANY=[], 0xef) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0xffffffff, @empty}, 0x1c) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000740)='percpu_free_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000200)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x5}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r4, 0x11, 0x66, &(0x7f0000000100)=0xc6, 0x4) setsockopt$inet6_udp_encap(r4, 0x11, 0x64, &(0x7f0000000780)=0x2, 0x4) bind$inet6(r4, &(0x7f0000000200)={0xa, 0xe22, 0x0, @empty}, 0x1c) syz_emit_ethernet(0xd2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c00000010001ffe00989837a182138b00268f1c", @ANYRES32=0x0, @ANYBLOB="ff7f000000000000140012800a00010076786c616e0000000400028008000a"], 0x3c}, 0x1, 0x8000a0ffffffff, 0x4000000000000000}, 0x0) 3.986732511s ago: executing program 2 (id=1551): socket$netlink(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) write$binfmt_script(r1, 0x0, 0xfffffe5d) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="3c00000010008506000000ff0100000000000000", @ANYRES32=r2, @ANYBLOB="01ff00e1c2ed00001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) socket$tipc(0x1e, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224b9c5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83c6e613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e00d548cfda58c01359a17469a7a434f128dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038d0100a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f9429450c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b17680100969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06de269e97fbb0776bf56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105cfdf8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857306f01000080000000004febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60133641a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000004641624c0000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c95b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4da723171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2e9a20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1015ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3e8bab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846899c6b23c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33694f40000000000005d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b95bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e12a7697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca86f750189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71d2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc681b6c9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8504611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c01446234437b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c64cd14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7243d574ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab9a2bc51d067f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384f6536879c85d7e41bc0276ee2b125d41ff358323311703ec01d64a5ffbdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7430100bf3825a1996c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb150963b84470364942e90d1cf856cead864f5e38c83b9ed86cc5725a20299ce512b1650000000000000000000000000042ffb84a7e00000000000000aa5169d756bad126e74f69c660cff5368a330415b850eeffaebbfdafcc00"/4136], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a0108000000000000000001000000f200010073797a300000000070000000090a0133f1340b00a9ce6edc0400000000000000000100000008000ac0000000000900020073797a31000000000900010073797a30000000000800054000000025340011800a0001086c696d6974000000240002800c0001000000fd44c5509039266954833712120000000004000c0002000000ff0000000000000040fffffff9140000001000010100000000000000000000000a96a2bbcc67ba72776f5ca3952efbf736a4cbf333207703bdae4df20ee73be1976f1e565da4e22a17d1bd6cfbcc60ea095e08592569e5a21655f0bd6ac1c3be43ba0ca74299a33105ddd34bcbad23096129e0f4cc805cdfb648104684779fc6a65c3aac1edccf971d723d419f201e6be8b657851ca67e0f3d2a38fd8442e5a6d094ff27a6c49933d7474bce236b68dd58caef86000b2dcc7a498efbbc53169f96b32935c0f65f0db1d2a32c042e85a6b6c78cfe0afde07e600099225fbc947d0ee57308b3add2e2b74dd3ce051699541ed063f1ae03c57aa8f816d8cdc9e600"], 0xb8}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x4, &(0x7f0000000900)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a200000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x70, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000b40)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="350b00000000000000000d000f000c00018008000100", @ANYRES32=r7], 0x20}}, 0x0) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@migrate={0xec, 0x21, 0x1, 0x0, 0x25dfdbff, {{@in=@multicast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, [@migrate={0x9c, 0x11, [{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in=@broadcast, @in=@private=0xa010101, @in=@dev={0xac, 0x14, 0x14, 0x23}, 0x32, 0x0, 0x0, 0x0, 0x0, 0xa}, {@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @in=@loopback, @in=@empty, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x2, 0x0, 0x0, 0x0, 0xa}]}]}, 0xec}}, 0x40008c0) socket$inet6_udp(0xa, 0x2, 0x0) r9 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'team_slave_1\x00'}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) r13 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r13, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102}) ioctl$TUNSETQUEUE(r13, 0x400454d9, &(0x7f0000000080)={'ip6tnl0\x00', 0x400}) ioctl$TUNSETQUEUE(r13, 0x400454e2, &(0x7f0000000240)={'xfrm0\x00'}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r10, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="0100ffffffff000000003b00000008000300", @ANYRES32=r12, @ANYBLOB="0a0006000814110000010000060066008e8800001c0033"], 0x4c}}, 0x0) 3.284063966s ago: executing program 4 (id=1556): socket$netlink(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) write$binfmt_script(r1, 0x0, 0xfffffe5d) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="3c00000010008506000000ff0100000000000000", @ANYRES32=r2, @ANYBLOB="01ff00e1c2ed00001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) socket$tipc(0x1e, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224b9c5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83c6e613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e00d548cfda58c01359a17469a7a434f128dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038d0100a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f9429450c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b17680100969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06de269e97fbb0776bf56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105cfdf8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857306f01000080000000004febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60133641a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000004641624c0000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c95b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4da723171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2e9a20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1015ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3e8bab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846899c6b23c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33694f40000000000005d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b95bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e12a7697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca86f750189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71d2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc681b6c9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8504611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c01446234437b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c64cd14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7243d574ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab9a2bc51d067f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384f6536879c85d7e41bc0276ee2b125d41ff358323311703ec01d64a5ffbdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7430100bf3825a1996c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb150963b84470364942e90d1cf856cead864f5e38c83b9ed86cc5725a20299ce512b1650000000000000000000000000042ffb84a7e00000000000000aa5169d756bad126e74f69c660cff5368a330415b850eeffaebbfdafcc00"/4136], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a0108000000000000000001000000f200010073797a300000000070000000090a0133f1340b00a9ce6edc0400000000000000000100000008000ac0000000000900020073797a31000000000900010073797a30000000000800054000000025340011800a0001086c696d6974000000240002800c0001000000fd44c5509039266954833712120000000004000c0002000000ff0000000000000040fffffff9140000001000010100000000000000000000000a96a2bbcc67ba72776f5ca3952efbf736a4cbf333207703bdae4df20ee73be1976f1e565da4e22a17d1bd6cfbcc60ea095e08592569e5a21655f0bd6ac1c3be43ba0ca74299a33105ddd34bcbad23096129e0f4cc805cdfb648104684779fc6a65c3aac1edccf971d723d419f201e6be8b657851ca67e0f3d2a38fd8442e5a6d094ff27a6c49933d7474bce236b68dd58caef86000b2dcc7a498efbbc53169f96b32935c0f65f0db1d2a32c042e85a6b6c78cfe0afde07e600099225fbc947d0ee57308b3add2e2b74dd3ce051699541ed063f1ae03c57aa8f816d8cdc9e600"], 0xb8}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x4, &(0x7f0000000900)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a200000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x70, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000b40)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r5, @ANYBLOB="350b00000000000000000d000f000c00018008000100", @ANYRES32=r7], 0x20}}, 0x0) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@migrate={0xec, 0x21, 0x1, 0x0, 0x25dfdbff, {{@in=@multicast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}, [@migrate={0x9c, 0x11, [{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in=@broadcast, @in=@private=0xa010101, @in=@dev={0xac, 0x14, 0x14, 0x23}, 0x32, 0x0, 0x0, 0x0, 0x0, 0xa}, {@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @in=@loopback, @in=@empty, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x2, 0x0, 0x0, 0x0, 0xa}]}]}, 0xec}}, 0x40008c0) socket$inet6_udp(0xa, 0x2, 0x0) r9 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'team_slave_1\x00'}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) r13 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r13, 0x400454ca, &(0x7f0000002280)={'pim6reg0\x00', 0x2102}) ioctl$TUNSETQUEUE(r13, 0x400454d9, &(0x7f0000000080)={'ip6tnl0\x00', 0x400}) ioctl$TUNSETQUEUE(r13, 0x400454e2, &(0x7f0000000240)={'xfrm0\x00'}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r10, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="0100ffffffff000000003b00000008000300", @ANYRES32=r12, @ANYBLOB="0a0006000814110000010000060066008e8800001c0033"], 0x4c}}, 0x0) 3.021692356s ago: executing program 2 (id=1558): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/249, 0x101d0}], 0x1}, 0x0) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r2, 0xffffffffffffffff}, 0x0, &(0x7f0000000500)}, 0x20) r4 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)=@o_path={&(0x7f0000000040)='./file0\x00', 0x0, 0x4018, r3}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES64=r4, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_ADD(r6, 0x0, 0x0) sendmsg$nl_route(r5, &(0x7f00000005c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000580)={&(0x7f0000000640)=ANY=[@ANYBLOB="6c0000001d0008002bbd7000fcdbdf251c00000091d42fa33fadfc6a4f974e4c143860caef36083c2d7d01a815e52e59a3e90a32340dea6a6a674c97876fdc83775de791b60e97aa1f470d1ec3aec0105c2baeb1e7d4163aa1ba354506ae3e2789f9345128282c530560807b34c98fecda49bf9f32b21dca21ffeecd79f504c489944ee8e0a643a8fb5308c32c284e197d393fe3189565b8c9b384831103d3460a0d8daf12633679797c552f3d47ea4c52bb2e906a1f09de4518c607630188766018da929112a1a34669b75253447978d62b5b5a3ba701a26c99cb9bf38aa1", @ANYRES32=0x0, @ANYBLOB="1000040205000c0002000000060006004e21000005000c00fe0000000a000200eb028217d316000008000400070000001400030002000000e0000000030000000002000008000d0000010000080009001d0c0000"], 0x6c}, 0x1, 0x0, 0x0, 0x4040090}, 0x5) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002ac0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc8734c295cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f244a3c307145452ce64dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c65070020d7df0abc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r8, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r8, &(0x7f0000000200)=ANY=[@ANYBLOB="3a00030007"], 0xd) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1c}}, 0x0) getsockname(0xffffffffffffffff, &(0x7f0000000280)=@xdp={0x2c, 0x0, 0x0}, &(0x7f0000000040)=0x80) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="3400000010008105000000010000000000000000", @ANYRES32=r9, @ANYBLOB="0000000000000000140012800b000100627269646765"], 0x34}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000600)={'wpan3\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r10}, 0x10) r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r11) sendmsg$NLBL_CIPSOV4_C_ADD(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="010000000000000000000100000004000480080002000100000008000100000000000400088011000c800c000b80080600008a3940"], 0x3c}}, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x810100, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1, 0x0, 0x0, 0x3}, 0x0) 2.46243503s ago: executing program 4 (id=1562): r0 = socket$inet6_dccp(0xa, 0x6, 0x0) r1 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @empty}, 0x1c) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)={0x30, r2, 0x1, 0x0, 0x0, {{}, {0x0, 0x3}, {0x14}}}, 0x30}}, 0x0) connect$inet6(r0, 0x0, 0x0) 2.260164623s ago: executing program 4 (id=1563): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000002c0000002c00000002000000000000000400000d0a000000000000000b"], &(0x7f0000000f40)=""/4089, 0x46, 0xff9, 0xa}, 0x20) 2.240181969s ago: executing program 4 (id=1564): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000400000000000000000000850000005000000085000000d000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r3}, 0xe) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x0, 0x0, {0x0, 0x0, 0x0, r2}}, 0x24}}, 0x0) 2.121094874s ago: executing program 2 (id=1565): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001ec0)=[@op={0x18, 0x117, 0x3, 0x1}, @iv={0x18}], 0x30}, 0x4000) 1.972261234s ago: executing program 2 (id=1566): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x1a, 0x12, &(0x7f00000001c0)=ANY=[@ANYBLOB="18050000000000000000000000000000851000000600000018100000", @ANYRES32, @ANYBLOB="00000000000000006e00000000000000180000000000000000000000000000009500000000000000180000002020781000000000002020207b0af8ff00000000bd510000000000000701000000feffffb702000008000000b703000000000000850000001900000095"], &(0x7f0000000000)='GPL\x00', 0x8, 0xde, &(0x7f0000003e40)=""/222, 0x0, 0x40}, 0x90) 1.929299393s ago: executing program 2 (id=1567): bind$tipc(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x0, 0x20000010, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = socket$nl_rdma(0x10, 0x3, 0x14) pipe(0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)={0xffffffffffffffff, 0x9, 0x10}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x1c, &(0x7f0000000000)=ANY=[@ANYBLOB="1808000030000000000000", @ANYRES32], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000004c0)={'syztnl0\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x1b, 0x0, 0x0, &(0x7f0000000140)='GPL\x00', 0x200, 0x0, 0x0, 0x41000, 0x70, '\x00', 0x0, 0x2a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x90) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'vcan0\x00'}}]}, 0x38}}, 0x0) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x20, 0x1411, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x20}}, 0x0) 602.0145ms ago: executing program 1 (id=1568): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=ANY=[@ANYBLOB="2c010000160001000000000000000000fc000000000000000000000000000000ac1414bb00"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ac1e0001000000000000000000000000000000006c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000028001a"], 0x12c}}, 0x0) 448.264016ms ago: executing program 1 (id=1569): syz_emit_ethernet(0x36, &(0x7f0000000480)={@random="7f9e32533a7c", @local, @val, {@ipv6}}, 0x0) 407.905759ms ago: executing program 1 (id=1570): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000000)=0x401, 0x4) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x0, 0x2, 0x0, 0x0, 0x93, 0x0, 0x0, 0x0, 0x6}, 0xe) sendto$inet(r0, &(0x7f0000a34fff)='c', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x4e21}, 0x10) recvmsg(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) 318.378534ms ago: executing program 1 (id=1571): r0 = socket$inet6(0x1c, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000040)={0x1c, 0x1c}, 0x1c) getsockname(r0, 0x0, &(0x7f00000000c0)) 196.002434ms ago: executing program 4 (id=1572): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x44, 0x2, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x30, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x1c}}}}]}]}, 0x44}}, 0x800) 130.800633ms ago: executing program 1 (id=1573): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='veth1_virt_wifi\x00', 0x10) connect$inet6(r0, &(0x7f0000004540)={0xa, 0x0, 0x0, @mcast2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000100), 0x40000c4, 0x7ffffff7) 62.230489ms ago: executing program 1 (id=1574): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000100)={'sit0\x00', &(0x7f0000000400)={'tunl0\x00', 0x0, 0x700, 0x8, 0xffffffff, 0x7, {{0x5, 0x4, 0x2, 0x2, 0x14, 0x65, 0x0, 0x9, 0x4, 0x0, @remote, @local}}}}) 0s ago: executing program 4 (id=1575): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001a00000020000180140002006261746164765f736c6176655f31000008000100", @ANYRES32=r3], 0x34}}, 0x0) kernel console output (not intermixed with test programs): 36530][ T9383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 279.053335][ T9383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 279.073277][ T9383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 279.097071][ T9383] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 279.127040][ T9383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 279.146797][ T9383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 279.173287][ T9383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 279.193532][ T9383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 279.215105][ T9383] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 279.233596][ T9597] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1092'. [ 279.256325][ T9597] veth0_macvtap: left promiscuous mode [ 279.396387][ T9383] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.414406][ T9383] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.435389][ T9383] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.456032][ T9383] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.704424][ T9406] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 279.722636][ T9619] sctp: [Deprecated]: syz.4.1099 (pid 9619) Use of int in max_burst socket option deprecated. [ 279.722636][ T9619] Use struct sctp_assoc_value instead [ 279.828433][ T7886] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 279.865627][ T7886] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 279.955239][ T9631] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1104'. [ 279.985646][ T9631] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 280.049400][ T7886] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 280.081483][ T7886] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 280.125105][ T9632] syzkaller0: entered allmulticast mode [ 280.323038][ T9632] netlink: 'syz.4.1102': attribute type 1 has an invalid length. [ 280.699356][ T9406] veth0_vlan: entered promiscuous mode [ 280.739077][ T9406] veth1_vlan: entered promiscuous mode [ 280.844163][ T9658] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1113'. [ 281.102024][ T9406] veth0_macvtap: entered promiscuous mode [ 281.133921][ T9406] veth1_macvtap: entered promiscuous mode [ 281.196188][ T9406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 281.220351][ T9406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 281.230879][ T9406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 281.241873][ T9406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 281.252810][ T9406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 281.272002][ T9406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 281.288211][ T9406] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 281.314287][ T9406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 281.344067][ T9406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 281.364562][ T9406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 281.391902][ T9406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 281.412853][ T9406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 281.430452][ T9406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 281.442151][ T9406] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 281.460711][ T9406] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.470616][ T9406] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.480439][ T9406] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.490668][ T9406] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.702881][ T1127] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.834798][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 281.842673][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 281.884084][ T7886] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 281.892125][ T7886] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 282.360553][ T1127] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.643968][ T9682] netlink: 'syz.2.1123': attribute type 1 has an invalid length. [ 282.675725][ T9682] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1123'. [ 282.717067][ T1127] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.986511][ T1127] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.089421][ T5243] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 283.106126][ T5243] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 283.114276][ T5243] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 283.123710][ T5243] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 283.131570][ T5243] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 283.141279][ T5243] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 283.227845][ T9694] lo speed is unknown, defaulting to 1000 [ 283.241790][ T1127] bridge_slave_1: left allmulticast mode [ 283.248207][ T1127] bridge_slave_1: left promiscuous mode [ 283.254204][ T1127] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.264483][ T1127] bridge_slave_0: left allmulticast mode [ 283.270264][ T1127] bridge_slave_0: left promiscuous mode [ 283.276577][ T1127] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.665033][ T1127] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 283.677452][ T1127] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 283.689883][ T1127] bond0 (unregistering): Released all slaves [ 283.931628][ T9694] chnl_net:caif_netlink_parms(): no params data found [ 284.017829][ T9694] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.027175][ T9694] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.034652][ T9694] bridge_slave_0: entered allmulticast mode [ 284.044614][ T9694] bridge_slave_0: entered promiscuous mode [ 284.064966][ T9694] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.078609][ T9694] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.086003][ T9694] bridge_slave_1: entered allmulticast mode [ 284.096262][ T9694] bridge_slave_1: entered promiscuous mode [ 284.186961][ T9694] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 284.223410][ T1127] hsr_slave_0: left promiscuous mode [ 284.230472][ T1127] hsr_slave_1: left promiscuous mode [ 284.237560][ T1127] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 284.247071][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 284.255711][ T1127] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 284.263509][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 284.286707][ T1127] veth1_macvtap: left promiscuous mode [ 284.292269][ T1127] veth0_macvtap: left promiscuous mode [ 284.298374][ T1127] veth1_vlan: left promiscuous mode [ 284.304205][ T1127] veth0_vlan: left promiscuous mode [ 284.675785][ T9708] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1129'. [ 285.023568][ T5243] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 285.036356][ T5243] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 285.037866][ T9721] sctp: [Deprecated]: syz.2.1133 (pid 9721) Use of struct sctp_assoc_value in delayed_ack socket option. [ 285.037866][ T9721] Use struct sctp_sack_info instead [ 285.047324][ T5243] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 285.070962][ T5243] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 285.080304][ T5243] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 285.088120][ T5243] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 285.097315][ T9722] sctp: [Deprecated]: syz.1.1132 (pid 9722) Use of struct sctp_assoc_value in delayed_ack socket option. [ 285.097315][ T9722] Use struct sctp_sack_info instead [ 285.226415][ T5243] Bluetooth: hci1: command tx timeout [ 285.291051][ T1127] team0 (unregistering): Port device team_slave_1 removed [ 285.345985][ T1127] team0 (unregistering): Port device team_slave_0 removed [ 285.889909][ T9728] xt_CT: You must specify a L4 protocol and not use inversions on it [ 285.916442][ T9730] netlink: 'syz.2.1136': attribute type 10 has an invalid length. [ 285.980699][ T9694] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 286.052407][ T9730] --map-set only usable from mangle table [ 286.105851][ T9694] team0: Port device team_slave_0 added [ 286.143778][ T9694] team0: Port device team_slave_1 added [ 286.235051][ T9738] netlink: 'syz.1.1140': attribute type 11 has an invalid length. [ 286.279121][ T9694] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 286.293248][ T9694] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 286.335073][ T9694] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 286.354281][ T9719] lo speed is unknown, defaulting to 1000 [ 286.363778][ T9694] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 286.386234][ T9694] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 286.459210][ T9694] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 286.700018][ T9752] FAULT_INJECTION: forcing a failure. [ 286.700018][ T9752] name failslab, interval 1, probability 0, space 0, times 0 [ 286.731190][ T9752] CPU: 0 UID: 0 PID: 9752 Comm: syz.2.1146 Not tainted 6.11.0-rc4-syzkaller-00566-g7d3aed652d09 #0 [ 286.741913][ T9752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 286.752055][ T9752] Call Trace: [ 286.755330][ T9752] [ 286.758250][ T9752] dump_stack_lvl+0x241/0x360 [ 286.762929][ T9752] ? __pfx_dump_stack_lvl+0x10/0x10 [ 286.768124][ T9752] ? __pfx__printk+0x10/0x10 [ 286.772706][ T9752] ? kmem_cache_alloc_noprof+0x44/0x2a0 [ 286.778249][ T9752] ? __pfx___might_resched+0x10/0x10 [ 286.783539][ T9752] should_fail_ex+0x3b0/0x4e0 [ 286.788215][ T9752] ? ptlock_alloc+0x20/0x70 [ 286.792718][ T9752] should_failslab+0xac/0x100 [ 286.797399][ T9752] ? ptlock_alloc+0x20/0x70 [ 286.801900][ T9752] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 286.807286][ T9752] ptlock_alloc+0x20/0x70 [ 286.811608][ T9752] pte_alloc_one+0xcd/0x5d0 [ 286.816103][ T9752] ? __pfx_pte_alloc_one+0x10/0x10 [ 286.821210][ T9752] ? __pfx_validate_chain+0x10/0x10 [ 286.826484][ T9752] ? up_write+0x1a9/0x590 [ 286.830842][ T9752] handle_pte_fault+0x21b4/0x6fc0 [ 286.835885][ T9752] ? __pfx_validate_chain+0x10/0x10 [ 286.841091][ T9752] ? process_measurement+0x1af3/0x1fb0 [ 286.846555][ T9752] ? mark_lock+0x9a/0x350 [ 286.850896][ T9752] ? __pfx_handle_pte_fault+0x10/0x10 [ 286.856265][ T9752] ? __lock_acquire+0x137a/0x2040 [ 286.861310][ T9752] ? __thp_vma_allowable_orders+0x326/0xa20 [ 286.867270][ T9752] ? mt_find+0x226/0x850 [ 286.871514][ T9752] ? __pfx_lock_release+0x10/0x10 [ 286.876548][ T9752] handle_mm_fault+0x1029/0x1980 [ 286.881505][ T9752] ? __pfx_handle_mm_fault+0x10/0x10 [ 286.886807][ T9752] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 286.892098][ T9752] exc_page_fault+0x2b9/0x8c0 [ 286.896774][ T9752] ? __might_fault+0xaa/0x120 [ 286.901449][ T9752] asm_exc_page_fault+0x26/0x30 [ 286.906380][ T9752] RIP: 0010:rep_movs_alternative+0x13/0x70 [ 286.912180][ T9752] Code: cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 83 f9 40 73 40 83 f9 08 73 21 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 0f [ 286.931776][ T9752] RSP: 0018:ffffc9000da7fae0 EFLAGS: 00050202 [ 286.937851][ T9752] RAX: ffffffff84b10001 RBX: 0000000020000084 RCX: 0000000000000004 [ 286.945816][ T9752] RDX: 0000000000000001 RSI: 0000000020000080 RDI: ffffc9000da7fcf0 [ 286.953780][ T9752] RBP: 0000000000000000 R08: 0000000000000003 R09: fffff52001b4ff9e [ 286.961745][ T9752] R10: dffffc0000000000 R11: fffff52001b4ff9e R12: 0000000020000080 [ 286.969716][ T9752] R13: 1ffff92001b4ff70 R14: ffffc9000da7fcf0 R15: 0000000000000004 [ 286.977685][ T9752] ? rcuref_put_slowpath+0x2d1/0x340 [ 286.982975][ T9752] _copy_from_user+0x8c/0xe0 [ 286.987566][ T9752] copy_from_sockptr+0x62/0xa0 [ 286.992424][ T9752] packet_setsockopt+0x528/0x1970 [ 286.997450][ T9752] ? __pfx___might_resched+0x10/0x10 [ 287.002821][ T9752] ? __pfx_packet_setsockopt+0x10/0x10 [ 287.008280][ T9752] ? rcu_read_lock_any_held+0xb7/0x160 [ 287.013740][ T9752] ? aa_sk_perm+0x96d/0xab0 [ 287.018243][ T9752] ? sb_end_write+0xe9/0x1c0 [ 287.022850][ T9752] ? __pfx_aa_sk_perm+0x10/0x10 [ 287.027711][ T9752] ? vfs_write+0x7c4/0xc90 [ 287.032141][ T9752] ? aa_sock_opt_perm+0x79/0x120 [ 287.037088][ T9752] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 287.042638][ T9752] ? security_socket_setsockopt+0x87/0xb0 [ 287.048385][ T9752] ? __pfx_packet_setsockopt+0x10/0x10 [ 287.053864][ T9752] do_sock_setsockopt+0x3af/0x720 [ 287.058900][ T9752] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 287.064459][ T9752] __sys_setsockopt+0x1ae/0x250 [ 287.069320][ T9752] __x64_sys_setsockopt+0xb5/0xd0 [ 287.074432][ T9752] do_syscall_64+0xf3/0x230 [ 287.078931][ T9752] ? clear_bhb_loop+0x35/0x90 [ 287.083616][ T9752] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.089554][ T9752] RIP: 0033:0x7f3031979e79 [ 287.093969][ T9752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 287.113582][ T9752] RSP: 002b:00007f30326b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 287.122002][ T9752] RAX: ffffffffffffffda RBX: 00007f3031b15f80 RCX: 00007f3031979e79 [ 287.129969][ T9752] RDX: 0000000000000014 RSI: 0000000000000107 RDI: 0000000000000004 [ 287.137935][ T9752] RBP: 00007f30326b6090 R08: 0000000000000004 R09: 0000000000000000 [ 287.145901][ T9752] R10: 0000000020000080 R11: 0000000000000246 R12: 0000000000000001 [ 287.153863][ T9752] R13: 0000000000000000 R14: 00007f3031b15f80 R15: 00007fff5a2c50e8 [ 287.161858][ T9752] [ 287.181279][ T5243] Bluetooth: hci5: command tx timeout [ 287.286714][ T9694] hsr_slave_0: entered promiscuous mode [ 287.303305][ T5243] Bluetooth: hci1: command tx timeout [ 287.327141][ T9694] hsr_slave_1: entered promiscuous mode [ 287.860483][ T9761] bridge0: port 3(vlan0) entered blocking state [ 287.875081][ T9761] bridge0: port 3(vlan0) entered disabled state [ 287.890334][ T9761] vlan0: entered allmulticast mode [ 287.902326][ T9761] vlan0: left allmulticast mode [ 287.915517][ T9765] netlink: 'syz.4.1153': attribute type 1 has an invalid length. [ 287.924795][ T9765] netlink: 'syz.4.1153': attribute type 2 has an invalid length. [ 288.074021][ T9782] FAULT_INJECTION: forcing a failure. [ 288.074021][ T9782] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 288.096265][ T9782] CPU: 0 UID: 0 PID: 9782 Comm: syz.1.1157 Not tainted 6.11.0-rc4-syzkaller-00566-g7d3aed652d09 #0 [ 288.107040][ T9782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 288.117118][ T9782] Call Trace: [ 288.120422][ T9782] [ 288.123365][ T9782] dump_stack_lvl+0x241/0x360 [ 288.128073][ T9782] ? __pfx_dump_stack_lvl+0x10/0x10 [ 288.133303][ T9782] ? __pfx__printk+0x10/0x10 [ 288.137923][ T9782] ? __pfx_lock_release+0x10/0x10 [ 288.142971][ T9782] ? aa_label_sk_perm+0x4f0/0x6d0 [ 288.147998][ T9782] should_fail_ex+0x3b0/0x4e0 [ 288.152681][ T9782] _copy_from_user+0x2f/0xe0 [ 288.157287][ T9782] sk_getsockopt+0x1d2/0x3890 [ 288.161995][ T9782] ? __pfx_sk_getsockopt+0x10/0x10 [ 288.167140][ T9782] ? __pfx___might_resched+0x10/0x10 [ 288.172451][ T9782] ? __lock_acquire+0x137a/0x2040 [ 288.177498][ T9782] ? aa_sk_perm+0x96d/0xab0 [ 288.182019][ T9782] ? __pfx_aa_sk_perm+0x10/0x10 [ 288.186857][ T9782] ? __pfx_lock_acquire+0x10/0x10 [ 288.191956][ T9782] ? aa_sock_opt_perm+0x79/0x120 [ 288.196912][ T9782] do_sock_getsockopt+0x270/0x850 [ 288.201966][ T9782] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 288.207512][ T9782] ? __fget_files+0x3f6/0x470 [ 288.212200][ T9782] __sys_getsockopt+0x271/0x330 [ 288.217050][ T9782] ? __pfx___sys_getsockopt+0x10/0x10 [ 288.222426][ T9782] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 288.228755][ T9782] ? do_syscall_64+0x100/0x230 [ 288.233514][ T9782] __x64_sys_getsockopt+0xb5/0xd0 [ 288.238536][ T9782] do_syscall_64+0xf3/0x230 [ 288.243053][ T9782] ? clear_bhb_loop+0x35/0x90 [ 288.248023][ T9782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 288.253925][ T9782] RIP: 0033:0x7ff2ce779e79 [ 288.258348][ T9782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 288.277956][ T9782] RSP: 002b:00007ff2cf4c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 288.286366][ T9782] RAX: ffffffffffffffda RBX: 00007ff2ce915f80 RCX: 00007ff2ce779e79 [ 288.294328][ T9782] RDX: 0000000000000039 RSI: 0000000000000001 RDI: 0000000000000004 [ 288.302290][ T9782] RBP: 00007ff2cf4c0090 R08: 00000000200001c0 R09: 0000000000000000 [ 288.310274][ T9782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 288.318252][ T9782] R13: 0000000000000000 R14: 00007ff2ce915f80 R15: 00007ffd47252b78 [ 288.326330][ T9782] [ 288.478684][ T1127] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.554708][ T9793] netlink: 'syz.2.1160': attribute type 10 has an invalid length. [ 288.572224][ T9793] team0: Port device netdevsim0 removed [ 288.586498][ T9793] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 288.628313][ T1127] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.767385][ T1127] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.863117][ C0] hrtimer: interrupt took 462768 ns [ 288.982982][ T1127] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.166970][ T9809] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1166'. [ 289.216769][ T9811] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1166'. [ 289.226467][ T5243] Bluetooth: hci5: command tx timeout [ 289.358912][ T9719] chnl_net:caif_netlink_parms(): no params data found [ 289.384352][ T5243] Bluetooth: hci1: command tx timeout [ 289.423410][ T1127] bridge_slave_1: left allmulticast mode [ 289.449746][ T1127] bridge_slave_1: left promiscuous mode [ 289.473216][ T1127] bridge0: port 2(bridge_slave_1) entered disabled state [ 289.486180][ T1127] bridge_slave_0: left allmulticast mode [ 289.502349][ T1127] bridge_slave_0: left promiscuous mode [ 289.508976][ T1127] bridge0: port 1(bridge_slave_0) entered disabled state [ 289.882566][ T9823] sctp: [Deprecated]: syz.4.1171 (pid 9823) Use of struct sctp_assoc_value in delayed_ack socket option. [ 289.882566][ T9823] Use struct sctp_sack_info instead [ 290.150283][ T1127] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 290.167694][ T1127] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 290.181229][ T1127] bond0 (unregistering): Released all slaves [ 290.198950][ T9827] bond0: (slave netdevsim0): Releasing backup interface [ 290.253297][ T9826] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1172'. [ 290.461176][ T9832] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1173'. [ 290.520702][ T9719] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.528824][ T9719] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.537269][ T9719] bridge_slave_0: entered allmulticast mode [ 290.545676][ T9719] bridge_slave_0: entered promiscuous mode [ 290.556244][ T9719] bridge0: port 2(bridge_slave_1) entered blocking state [ 290.563682][ T9719] bridge0: port 2(bridge_slave_1) entered disabled state [ 290.571180][ T9719] bridge_slave_1: entered allmulticast mode [ 290.580261][ T9719] bridge_slave_1: entered promiscuous mode [ 290.600537][ T9832] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1173'. [ 290.652214][ T9833] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 290.724888][ T9694] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 290.738583][ T9694] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 290.759709][ T9694] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 290.784093][ T9836] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1174'. [ 290.856614][ T9719] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 290.885804][ T9694] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 290.981394][ T9719] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 291.146770][ T1127] hsr_slave_0: left promiscuous mode [ 291.164864][ T1127] hsr_slave_1: left promiscuous mode [ 291.171472][ T1127] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 291.182810][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 291.205320][ T1127] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 291.225077][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 291.303625][ T5243] Bluetooth: hci5: command tx timeout [ 291.312422][ T1127] veth1_macvtap: left promiscuous mode [ 291.321590][ T1127] veth0_macvtap: left promiscuous mode [ 291.335662][ T1127] veth1_vlan: left promiscuous mode [ 291.346749][ T1127] veth0_vlan: left promiscuous mode [ 291.463634][ T5243] Bluetooth: hci1: command tx timeout [ 292.197936][ T1127] team0 (unregistering): Port device team_slave_1 removed [ 292.362776][ T1127] team0 (unregistering): Port device team_slave_0 removed [ 292.981653][ T9719] team0: Port device team_slave_0 added [ 293.028301][ T9719] team0: Port device team_slave_1 added [ 293.123413][ T9719] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 293.139571][ T9719] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 293.195965][ T9875] Bluetooth: hci3: invalid length 0, exp 2 for type 22 [ 293.202974][ T9719] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 293.220357][ T9719] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 293.228191][ T9719] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 293.255973][ T9719] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 293.278007][ T9878] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1185'. [ 293.385052][ T5243] Bluetooth: hci5: command tx timeout [ 293.466618][ T9719] hsr_slave_0: entered promiscuous mode [ 293.486097][ T9719] hsr_slave_1: entered promiscuous mode [ 293.494664][ T9719] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 293.502446][ T9719] Cannot create hsr debugfs directory [ 293.738490][ T9694] 8021q: adding VLAN 0 to HW filter on device bond0 [ 293.839573][ T9694] 8021q: adding VLAN 0 to HW filter on device team0 [ 293.918176][ T1068] bridge0: port 1(bridge_slave_0) entered blocking state [ 293.925376][ T1068] bridge0: port 1(bridge_slave_0) entered forwarding state [ 293.942156][ T1068] bridge0: port 2(bridge_slave_1) entered blocking state [ 293.949453][ T1068] bridge0: port 2(bridge_slave_1) entered forwarding state [ 294.366306][ T9719] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 294.386944][ T9719] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 294.409667][ T9719] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 294.428924][ T9719] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 294.538788][ T9694] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 294.777095][ T9694] veth0_vlan: entered promiscuous mode [ 294.848091][ T9694] veth1_vlan: entered promiscuous mode [ 294.870419][ T9719] 8021q: adding VLAN 0 to HW filter on device bond0 [ 294.943333][ T9912] netlink: 'syz.4.1199': attribute type 1 has an invalid length. [ 294.951206][ T9912] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1199'. [ 294.962437][ T9913] team0: Port device virt_wifi0 added [ 294.991697][ T9719] 8021q: adding VLAN 0 to HW filter on device team0 [ 295.028897][ T7889] bridge0: port 1(bridge_slave_0) entered blocking state [ 295.036116][ T7889] bridge0: port 1(bridge_slave_0) entered forwarding state [ 295.085965][ T1068] bridge0: port 2(bridge_slave_1) entered blocking state [ 295.093821][ T1068] bridge0: port 2(bridge_slave_1) entered forwarding state [ 295.187112][ T9694] veth0_macvtap: entered promiscuous mode [ 295.255957][ T9694] veth1_macvtap: entered promiscuous mode [ 295.398164][ T9694] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 295.426131][ T9694] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.478476][ T9694] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 295.516306][ T9694] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.552381][ T9694] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 295.591327][ T9933] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1205'. [ 295.662366][ T9694] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 295.673616][ T9694] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.684145][ T9694] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 295.695392][ T9694] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 295.708405][ T9694] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 295.722994][ T9694] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.732824][ T9694] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.742763][ T9694] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.751916][ T9694] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.822992][ T9933] bond4: entered allmulticast mode [ 295.894992][ T9933] bond4 (unregistering): left allmulticast mode [ 295.912599][ T9933] bond4 (unregistering): Released all slaves [ 295.914942][ T9944] syz.1.1208[9944] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 295.921253][ T9944] syz.1.1208[9944] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 296.000927][ T9944] syz.1.1208[9944] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 296.137673][ T9719] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 296.151808][ T9933] pim6reg527: entered allmulticast mode [ 296.296838][ T1068] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 296.324011][ T1068] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 296.419194][ T1068] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 296.434233][ T1068] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 296.516172][ T9719] veth0_vlan: entered promiscuous mode [ 296.569860][ T9719] veth1_vlan: entered promiscuous mode [ 296.781919][ T9959] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1215'. [ 296.802224][ T9959] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1215'. [ 296.812039][ T9959] netlink: 7 bytes leftover after parsing attributes in process `syz.4.1215'. [ 296.824959][ T9959] tc_dump_action: action bad kind [ 296.836536][ T9962] netlink: 'syz.2.1216': attribute type 1 has an invalid length. [ 296.897375][ T9962] bond4: entered promiscuous mode [ 296.928534][ T9965] bond3: (slave team_slave_1): Releasing active interface [ 296.963681][ T9965] team_slave_1: left promiscuous mode [ 297.024387][ T9965] team_slave_1: entered promiscuous mode [ 297.044016][ T9965] bond4: (slave team_slave_1): Enslaving as an active interface with an up link [ 297.076804][ T9967] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1216'. [ 297.094245][ T9967] bond4: left promiscuous mode [ 297.095249][ T9973] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1219'. [ 297.102848][ T9967] team_slave_1: left promiscuous mode [ 297.115658][ T9973] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1219'. [ 297.151045][ T9967] 8021q: adding VLAN 0 to HW filter on device bond4 [ 297.228910][ T9719] veth0_macvtap: entered promiscuous mode [ 297.282382][ T9719] veth1_macvtap: entered promiscuous mode [ 297.358888][ T9719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 297.397779][ T9719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.433589][ T9719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 297.454725][ T9986] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1221'. [ 297.474006][ T9719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.501540][ T9719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 297.526260][ T9719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.530649][ T9990] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1221'. [ 297.544636][ T9719] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 297.559841][ T9989] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 297.599378][ T9719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.614680][ T9719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.625462][ T9719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.660321][ T9719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.679866][ T9719] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 297.695877][ T9719] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 297.727060][ T9719] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 297.786967][ T9719] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.825222][ T9719] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.843439][ T9719] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.864017][ T9719] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.959591][T10002] atomic_op ffff88806b949198 conn xmit_atomic 0000000000000000 [ 298.031311][ T7889] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 298.051850][ T7889] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 298.222814][ T7889] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.326027][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 298.337015][T10008] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 298.349136][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 298.559616][ T7889] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.657538][ T7889] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.763465][ T7889] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.916702][ T7889] bridge_slave_1: left allmulticast mode [ 298.922497][ T7889] bridge_slave_1: left promiscuous mode [ 298.930171][ T7889] bridge0: port 2(bridge_slave_1) entered disabled state [ 298.941331][ T7889] bridge_slave_0: left allmulticast mode [ 298.947483][ T7889] bridge_slave_0: left promiscuous mode [ 298.954099][ T7889] bridge0: port 1(bridge_slave_0) entered disabled state [ 299.603874][ T7889] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 299.638031][ T7889] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 299.699624][ T7889] bond0 (unregistering): Released all slaves [ 299.787201][ T5232] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 299.805182][ T5232] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 299.818858][ T5232] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 299.834849][ T5232] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 299.842880][ T5232] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 299.852331][ T5232] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 299.907921][T10021] lo speed is unknown, defaulting to 1000 [ 300.631990][ T7889] hsr_slave_0: left promiscuous mode [ 300.648970][ T7889] hsr_slave_1: left promiscuous mode [ 300.657706][ T7889] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 300.666300][ T7889] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 300.677542][ T7889] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 300.685164][ T7889] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 300.710951][ T7889] veth1_macvtap: left promiscuous mode [ 300.717760][ T7889] veth0_macvtap: left promiscuous mode [ 300.724905][ T7889] veth1_vlan: left promiscuous mode [ 300.730660][ T7889] veth0_vlan: left promiscuous mode [ 301.348928][ T7889] team0 (unregistering): Port device team_slave_1 removed [ 301.399989][ T7889] team0 (unregistering): Port device team_slave_0 removed [ 301.865488][T10031] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1232'. [ 301.903362][T10031] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1232'. [ 301.954034][ T5232] Bluetooth: hci1: command tx timeout [ 301.954747][T10031] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1232'. [ 302.515459][ T5243] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 302.524859][T10046] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1239'. [ 302.536112][ T5243] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 302.552647][ T5243] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 302.574078][ T5243] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 302.583950][ T5243] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 302.590309][T10046] netlink: 'syz.1.1239': attribute type 1 has an invalid length. [ 302.607155][ T5243] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 302.643655][T10038] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 302.661853][T10046] netlink: 'syz.1.1239': attribute type 2 has an invalid length. [ 302.671579][T10046] netlink: 'syz.1.1239': attribute type 2 has an invalid length. [ 302.680470][T10046] netlink: 'syz.1.1239': attribute type 2 has an invalid length. [ 302.689129][T10046] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1239'. [ 302.794142][T10046] bond0: entered promiscuous mode [ 302.832447][T10052] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1241'. [ 302.950831][T10044] lo speed is unknown, defaulting to 1000 [ 303.111039][T10061] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1243'. [ 303.196086][T10021] chnl_net:caif_netlink_parms(): no params data found [ 303.408217][T10067] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1245'. [ 303.531214][T10021] bridge0: port 1(bridge_slave_0) entered blocking state [ 303.541960][T10021] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.550948][T10021] bridge_slave_0: entered allmulticast mode [ 303.559916][T10021] bridge_slave_0: entered promiscuous mode [ 303.602415][T10021] bridge0: port 2(bridge_slave_1) entered blocking state [ 303.618633][T10021] bridge0: port 2(bridge_slave_1) entered disabled state [ 303.627210][T10021] bridge_slave_1: entered allmulticast mode [ 303.636065][T10021] bridge_slave_1: entered promiscuous mode [ 303.770827][T10021] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 303.998360][ T7889] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.024974][ T5232] Bluetooth: hci1: command tx timeout [ 304.037487][T10021] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 304.091351][T10084] batadv0: entered allmulticast mode [ 304.209324][T10021] team0: Port device team_slave_0 added [ 304.325502][ T7889] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.382836][T10021] team0: Port device team_slave_1 added [ 304.487907][T10096] batadv_slave_0: entered allmulticast mode [ 304.596897][T10108] netlink: 'syz.1.1259': attribute type 1 has an invalid length. [ 304.605442][T10108] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1259'. [ 304.663410][ T5232] Bluetooth: hci5: command tx timeout [ 304.711640][ T7889] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.769601][T10021] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 304.795619][T10021] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 304.856976][T10021] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 304.891007][T10096] pim6reg: entered allmulticast mode [ 304.911854][T10107] batadv_slave_0: left allmulticast mode [ 304.946832][T10121] netlink: 'syz.1.1264': attribute type 1 has an invalid length. [ 304.987572][T10121] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1264'. [ 305.039912][ T7889] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.084521][T10021] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 305.103615][T10021] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 305.138606][T10126] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 305.151664][T10021] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 305.166788][T10095] pim6reg: left allmulticast mode [ 305.378238][T10044] chnl_net:caif_netlink_parms(): no params data found [ 305.438265][T10021] hsr_slave_0: entered promiscuous mode [ 305.455027][T10021] hsr_slave_1: entered promiscuous mode [ 305.669175][ T7889] bridge_slave_1: left allmulticast mode [ 305.684987][ T7889] bridge_slave_1: left promiscuous mode [ 305.699547][ T7889] bridge0: port 2(bridge_slave_1) entered disabled state [ 305.721665][ T7889] bridge_slave_0: left allmulticast mode [ 305.728786][ T7889] bridge_slave_0: left promiscuous mode [ 305.736858][ T7889] bridge0: port 1(bridge_slave_0) entered disabled state [ 306.105823][ T5232] Bluetooth: hci1: command tx timeout [ 306.205841][T10145] netlink: 'syz.4.1270': attribute type 1 has an invalid length. [ 306.633483][ T7889] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 306.652889][ T7889] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 306.677377][ T7889] bond0 (unregistering): Released all slaves [ 306.734542][T10147] FAULT_INJECTION: forcing a failure. [ 306.734542][T10147] name failslab, interval 1, probability 0, space 0, times 0 [ 306.747905][ T5232] Bluetooth: hci5: command tx timeout [ 306.753634][T10147] CPU: 1 UID: 0 PID: 10147 Comm: syz.4.1271 Not tainted 6.11.0-rc4-syzkaller-00566-g7d3aed652d09 #0 [ 306.764547][T10147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 306.774634][T10147] Call Trace: [ 306.777934][T10147] [ 306.780878][T10147] dump_stack_lvl+0x241/0x360 [ 306.785671][T10147] ? __pfx_dump_stack_lvl+0x10/0x10 [ 306.790897][T10147] ? __pfx__printk+0x10/0x10 [ 306.795538][T10147] ? __kmalloc_node_noprof+0xb7/0x440 [ 306.800943][T10147] ? __pfx___might_resched+0x10/0x10 [ 306.806270][T10147] should_fail_ex+0x3b0/0x4e0 [ 306.810978][T10147] should_failslab+0xac/0x100 [ 306.815684][T10147] __kmalloc_node_noprof+0xdf/0x440 [ 306.820940][T10147] ? __kvmalloc_node_noprof+0x72/0x190 [ 306.826432][T10147] __kvmalloc_node_noprof+0x72/0x190 [ 306.831787][T10147] alloc_netdev_mqs+0x8ac/0x1000 [ 306.836817][T10147] rtnl_create_link+0x2f9/0xc20 [ 306.841710][T10147] rtnl_newlink+0x1423/0x20a0 [ 306.846422][T10147] ? rtnl_newlink+0xa71/0x20a0 [ 306.851240][T10147] ? __pfx_rtnl_newlink+0x10/0x10 [ 306.856302][T10147] ? do_raw_spin_unlock+0x13c/0x8b0 [ 306.861545][T10147] ? __mutex_lock+0x9a5/0xd70 [ 306.866425][T10147] ? __mutex_lock+0x527/0xd70 [ 306.871151][T10147] ? __pfx_rtnl_newlink+0x10/0x10 [ 306.876201][T10147] rtnetlink_rcv_msg+0x73f/0xcf0 [ 306.881163][T10147] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 306.886304][T10147] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 306.891833][T10147] ? ref_tracker_free+0x643/0x7e0 [ 306.896904][T10147] netlink_rcv_skb+0x1e3/0x430 [ 306.901695][T10147] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 306.907363][T10147] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 306.912692][T10147] ? netlink_deliver_tap+0x2e/0x1b0 [ 306.917926][T10147] netlink_unicast+0x7f6/0x990 [ 306.922731][T10147] ? __pfx_netlink_unicast+0x10/0x10 [ 306.928057][T10147] ? __virt_addr_valid+0x183/0x530 [ 306.933202][T10147] ? __check_object_size+0x49c/0x900 [ 306.938505][T10147] ? bpf_lsm_netlink_send+0x9/0x10 [ 306.943642][T10147] netlink_sendmsg+0x8e4/0xcb0 [ 306.948526][T10147] ? __pfx_netlink_sendmsg+0x10/0x10 [ 306.953920][T10147] ? __import_iovec+0x536/0x820 [ 306.958811][T10147] ? aa_sock_msg_perm+0x91/0x160 [ 306.963787][T10147] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 306.969188][T10147] ? security_socket_sendmsg+0x87/0xb0 [ 306.974684][T10147] ? __pfx_netlink_sendmsg+0x10/0x10 [ 306.979990][T10147] __sock_sendmsg+0x221/0x270 [ 306.984723][T10147] ____sys_sendmsg+0x525/0x7d0 [ 306.989531][T10147] ? __pfx_____sys_sendmsg+0x10/0x10 [ 306.994868][T10147] __sys_sendmsg+0x2b0/0x3a0 [ 306.999495][T10147] ? __pfx___sys_sendmsg+0x10/0x10 [ 307.004629][T10147] ? vfs_write+0x7c4/0xc90 [ 307.009126][T10147] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 307.015486][T10147] ? do_syscall_64+0x100/0x230 [ 307.020282][T10147] ? do_syscall_64+0xb6/0x230 [ 307.024986][T10147] do_syscall_64+0xf3/0x230 [ 307.029685][T10147] ? clear_bhb_loop+0x35/0x90 [ 307.034651][T10147] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.040573][T10147] RIP: 0033:0x7fc4e2d79e79 [ 307.045026][T10147] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 307.064659][T10147] RSP: 002b:00007fc4e3c45038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 307.073104][T10147] RAX: ffffffffffffffda RBX: 00007fc4e2f15f80 RCX: 00007fc4e2d79e79 [ 307.081109][T10147] RDX: 0000000020004000 RSI: 0000000020000280 RDI: 0000000000000003 [ 307.089108][T10147] RBP: 00007fc4e3c45090 R08: 0000000000000000 R09: 0000000000000000 [ 307.097101][T10147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 307.105090][T10147] R13: 0000000000000000 R14: 00007fc4e2f15f80 R15: 00007ffe8d1bc448 [ 307.113095][T10147] [ 307.156110][T10157] netlink: 'syz.2.1274': attribute type 1 has an invalid length. [ 307.182952][T10157] bond5: entered promiscuous mode [ 307.189118][T10160] netlink: 'syz.1.1275': attribute type 1 has an invalid length. [ 307.260218][T10160] bond8: entered promiscuous mode [ 307.275059][T10161] bond4: (slave team_slave_1): Releasing backup interface [ 307.322252][T10161] bond5: (slave team_slave_1): making interface the new active one [ 307.333879][T10161] team_slave_1: entered promiscuous mode [ 307.351124][T10161] bond5: (slave team_slave_1): Enslaving as an active interface with an up link [ 307.384002][T10165] bond6: (slave team_slave_1): Releasing active interface [ 307.395031][T10165] team_slave_1: left promiscuous mode [ 307.422848][T10165] bond8: (slave team_slave_1): making interface the new active one [ 307.433304][T10165] team_slave_1: entered promiscuous mode [ 307.449245][T10165] bond8: (slave team_slave_1): Enslaving as an active interface with an up link [ 307.500779][T10180] netlink: 'syz.4.1277': attribute type 3 has an invalid length. [ 307.513360][T10180] __nla_validate_parse: 5 callbacks suppressed [ 307.513377][T10180] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1277'. [ 307.530434][T10180] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1277'. [ 307.612700][T10181] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1277'. [ 307.725122][T10044] bridge0: port 1(bridge_slave_0) entered blocking state [ 307.738623][T10044] bridge0: port 1(bridge_slave_0) entered disabled state [ 307.754073][T10044] bridge_slave_0: entered allmulticast mode [ 307.765482][T10044] bridge_slave_0: entered promiscuous mode [ 307.910539][T10190] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1280'. [ 307.952195][T10044] bridge0: port 2(bridge_slave_1) entered blocking state [ 307.973766][T10044] bridge0: port 2(bridge_slave_1) entered disabled state [ 307.981891][T10044] bridge_slave_1: entered allmulticast mode [ 308.001305][T10044] bridge_slave_1: entered promiscuous mode [ 308.022308][T10190] bond6: entered allmulticast mode [ 308.075806][T10195] bond6 (unregistering): left allmulticast mode [ 308.111191][T10195] bond6 (unregistering): Released all slaves [ 308.194535][ T5232] Bluetooth: hci1: command tx timeout [ 308.350449][T10202] sctp: [Deprecated]: syz.4.1284 (pid 10202) Use of int in max_burst socket option deprecated. [ 308.350449][T10202] Use struct sctp_assoc_value instead [ 308.495751][T10044] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 308.552303][T10044] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 308.618913][ T7889] hsr_slave_0: left promiscuous mode [ 308.636981][ T7889] hsr_slave_1: left promiscuous mode [ 308.647389][ T7889] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 308.663267][ T7889] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 308.684650][ T7889] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 308.692831][ T7889] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 308.712331][T10212] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1289'. [ 308.731078][T10212] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 308.785016][ T7889] veth1_macvtap: left promiscuous mode [ 308.791178][ T7889] veth0_macvtap: left promiscuous mode [ 308.814146][ T7889] veth1_vlan: left promiscuous mode [ 308.823256][ T5232] Bluetooth: hci5: command tx timeout [ 308.830712][ T7889] veth0_vlan: left promiscuous mode [ 309.694139][ T7889] team0 (unregistering): Port device team_slave_1 removed [ 309.749344][ T7889] team0 (unregistering): Port device team_slave_0 removed [ 310.322156][T10204] lo speed is unknown, defaulting to 1000 [ 310.346959][T10217] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1290'. [ 310.385675][T10218] batman_adv: batadv3: Adding interface: netdevsim0 [ 310.392956][T10218] batman_adv: batadv3: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 310.443412][T10218] batman_adv: batadv3: Not using interface netdevsim0 (retrying later): interface not active [ 310.468976][T10223] validate_nla: 1 callbacks suppressed [ 310.468994][T10223] netlink: 'syz.4.1291': attribute type 1 has an invalid length. [ 310.513195][T10223] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1291'. [ 310.611095][T10044] team0: Port device team_slave_0 added [ 310.630551][T10044] team0: Port device team_slave_1 added [ 310.726902][T10044] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 310.743418][T10044] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 310.811041][T10044] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 310.903502][ T5232] Bluetooth: hci5: command tx timeout [ 310.909690][T10044] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 310.929433][T10044] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 310.981308][T10044] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 311.020217][T10233] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1294'. [ 311.153513][T10236] bond9: entered allmulticast mode [ 311.166937][T10238] bond9 (unregistering): left allmulticast mode [ 311.176450][T10238] bond9 (unregistering): Released all slaves [ 311.212694][T10241] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1295'. [ 311.277953][T10242] bond8: entered allmulticast mode [ 311.328489][T10241] bond8 (unregistering): left allmulticast mode [ 311.365607][T10241] bond8 (unregistering): Released all slaves [ 311.446322][T10044] hsr_slave_0: entered promiscuous mode [ 311.474026][T10044] hsr_slave_1: entered promiscuous mode [ 311.494229][T10044] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 311.515051][T10044] Cannot create hsr debugfs directory [ 311.992889][T10251] netlink: 'syz.4.1298': attribute type 10 has an invalid length. [ 312.027237][T10251] team0: Port device netdevsim0 removed [ 312.036580][T10251] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 312.494514][T10021] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 312.529977][T10263] netlink: 'syz.4.1303': attribute type 1 has an invalid length. [ 312.558166][T10263] bond8: entered promiscuous mode [ 312.564926][T10021] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 312.605560][T10021] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 312.633317][T10021] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 312.634238][T10263] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1303'. [ 312.699695][T10263] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1303'. [ 312.730364][T10269] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1305'. [ 312.740224][T10269] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1305'. [ 312.752412][T10269] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1305'. [ 312.816052][T10263] bond7: (slave team_slave_1): Releasing backup interface [ 312.866954][T10263] bond8: (slave team_slave_1): making interface the new active one [ 312.893607][T10263] team_slave_1: entered promiscuous mode [ 312.905175][T10263] bond8: (slave team_slave_1): Enslaving as an active interface with an up link [ 313.171242][T10021] 8021q: adding VLAN 0 to HW filter on device bond0 [ 313.189263][T10275] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 313.360253][T10285] netlink: 'syz.4.1309': attribute type 1 has an invalid length. [ 313.363857][T10021] 8021q: adding VLAN 0 to HW filter on device team0 [ 313.378178][T10285] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1309'. [ 313.408333][T10287] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1310'. [ 313.438618][T10287] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1310'. [ 313.501983][T10287] ipvlan1: entered allmulticast mode [ 313.515165][T10287] veth0_vlan: entered allmulticast mode [ 313.529290][T10044] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 313.548121][ T7889] bridge0: port 1(bridge_slave_0) entered blocking state [ 313.555348][ T7889] bridge0: port 1(bridge_slave_0) entered forwarding state [ 313.576697][ T7889] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.583920][ T7889] bridge0: port 2(bridge_slave_1) entered forwarding state [ 313.609261][T10044] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 313.616009][T10294] netlink: 212916 bytes leftover after parsing attributes in process `syz.2.1313'. [ 313.645818][T10295] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1312'. [ 313.658569][T10044] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 313.692287][T10044] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 313.735334][T10297] netlink: 'syz.2.1313': attribute type 2 has an invalid length. [ 314.068406][T10044] 8021q: adding VLAN 0 to HW filter on device bond0 [ 314.141677][T10044] 8021q: adding VLAN 0 to HW filter on device team0 [ 314.185834][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 314.193709][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 314.253306][T10310] tipc: Failed to remove unknown binding: 66,1,1/701895689:1082367682/1082367684 [ 314.267393][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 314.274618][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 314.411116][T10305] x_tables: ip_tables: osf match: only valid for protocol 6 [ 314.454968][T10021] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 314.696064][T10021] veth0_vlan: entered promiscuous mode [ 314.734029][T10021] veth1_vlan: entered promiscuous mode [ 314.870612][T10021] veth0_macvtap: entered promiscuous mode [ 314.947685][T10021] veth1_macvtap: entered promiscuous mode [ 315.032820][T10021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.083697][T10021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.094893][T10337] netlink: 'syz.1.1322': attribute type 1 has an invalid length. [ 315.117334][T10021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.129961][T10021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.145558][ T5232] Bluetooth: hci0: command 0x0c20 tx timeout [ 315.216610][T10021] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 315.287889][T10021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 315.310938][T10341] sock: sock_timestamping_bind_phc: sock not bind to device [ 315.326295][T10021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.362895][T10021] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 315.393423][T10021] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.425710][T10021] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 315.478863][T10021] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.513394][T10021] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.540720][T10021] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.563602][T10021] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.611926][T10044] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 315.835500][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 315.866115][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.985079][T10044] veth0_vlan: entered promiscuous mode [ 316.020085][ T1068] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 316.047750][T10044] veth1_vlan: entered promiscuous mode [ 316.053884][ T1068] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 316.206693][T10044] veth0_macvtap: entered promiscuous mode [ 316.240113][T10044] veth1_macvtap: entered promiscuous mode [ 316.470977][T10376] bond9: entered allmulticast mode [ 316.515842][T10378] bond9 (unregistering): left allmulticast mode [ 316.547097][T10378] bond9 (unregistering): Released all slaves [ 316.661736][T10044] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 316.707525][T10044] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.733837][T10044] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 316.756979][T10044] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.777702][T10044] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 316.812609][T10044] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 316.852471][T10044] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 316.957878][T10044] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 316.992893][T10044] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.015111][T10044] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 317.026249][T10044] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.051903][T10044] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 317.071979][T10044] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 317.087035][T10044] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 317.136765][T10044] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.163381][T10044] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.172132][T10044] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.203489][T10044] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 317.392521][ T1261] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.419373][ T1127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 317.433497][ T1127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 317.493771][ T7889] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 317.513569][ T7889] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 317.826426][ T1127] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.447302][ T1127] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.528695][ T1127] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.617370][ T1127] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.768164][ T1127] bridge_slave_1: left allmulticast mode [ 318.774612][ T1127] bridge_slave_1: left promiscuous mode [ 318.780376][ T1127] bridge0: port 2(bridge_slave_1) entered disabled state [ 318.790530][ T1127] bridge_slave_0: left allmulticast mode [ 318.797203][ T1127] bridge_slave_0: left promiscuous mode [ 318.803105][ T1127] bridge0: port 1(bridge_slave_0) entered disabled state [ 319.538306][ T5243] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 319.551537][ T5243] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 319.570154][ T5243] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 319.578481][ T5243] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 319.587327][ T5243] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 319.595415][ T5243] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 319.622710][ T1127] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 319.642109][ T1127] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 319.658980][ T1127] bond0 (unregistering): Released all slaves [ 319.726890][T10421] lo speed is unknown, defaulting to 1000 [ 320.143610][T10421] chnl_net:caif_netlink_parms(): no params data found [ 320.299849][ T1127] hsr_slave_0: left promiscuous mode [ 320.314767][ T1127] hsr_slave_1: left promiscuous mode [ 320.322247][ T1127] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 320.330565][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 320.341215][ T1127] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 320.349197][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 320.375341][ T1127] veth1_macvtap: left promiscuous mode [ 320.380915][ T1127] veth0_macvtap: left promiscuous mode [ 320.386615][ T1127] veth1_vlan: left promiscuous mode [ 320.391946][ T1127] veth0_vlan: left promiscuous mode [ 320.847754][T10434] FAULT_INJECTION: forcing a failure. [ 320.847754][T10434] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 320.932289][T10434] CPU: 1 UID: 0 PID: 10434 Comm: syz.2.1345 Not tainted 6.11.0-rc4-syzkaller-00566-g7d3aed652d09 #0 [ 320.943108][T10434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 320.953281][T10434] Call Trace: [ 320.956560][T10434] [ 320.959497][T10434] dump_stack_lvl+0x241/0x360 [ 320.964179][T10434] ? __pfx_dump_stack_lvl+0x10/0x10 [ 320.969406][T10434] ? __pfx__printk+0x10/0x10 [ 320.973995][T10434] ? __pfx_lock_release+0x10/0x10 [ 320.979027][T10434] should_fail_ex+0x3b0/0x4e0 [ 320.983720][T10434] _copy_from_user+0x2f/0xe0 [ 320.988342][T10434] get_timespec64+0x97/0x280 [ 320.992939][T10434] ? __pfx_get_timespec64+0x10/0x10 [ 320.998138][T10434] ? __fget_files+0x3f6/0x470 [ 321.002826][T10434] __se_sys_pselect6+0x124/0x3f0 [ 321.007771][T10434] ? __pfx___se_sys_pselect6+0x10/0x10 [ 321.013237][T10434] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 321.019665][T10434] ? do_syscall_64+0x100/0x230 [ 321.024435][T10434] ? __x64_sys_pselect6+0x21/0xf0 [ 321.029461][T10434] do_syscall_64+0xf3/0x230 [ 321.033972][T10434] ? clear_bhb_loop+0x35/0x90 [ 321.038680][T10434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.044574][T10434] RIP: 0033:0x7f3031979e79 [ 321.048984][T10434] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 321.068594][T10434] RSP: 002b:00007f30326b6038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 321.077285][T10434] RAX: ffffffffffffffda RBX: 00007f3031b15f80 RCX: 00007f3031979e79 [ 321.085260][T10434] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 321.093229][T10434] RBP: 00007f30326b6090 R08: 00000000200009c0 R09: 0000000000000000 [ 321.101199][T10434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 321.109158][T10434] R13: 0000000000000001 R14: 00007f3031b15f80 R15: 00007fff5a2c50e8 [ 321.117138][T10434] [ 321.237725][T10438] FAULT_INJECTION: forcing a failure. [ 321.237725][T10438] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 321.256194][T10438] CPU: 0 UID: 0 PID: 10438 Comm: syz.4.1347 Not tainted 6.11.0-rc4-syzkaller-00566-g7d3aed652d09 #0 [ 321.267100][T10438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 321.277180][T10438] Call Trace: [ 321.280469][T10438] [ 321.283410][T10438] dump_stack_lvl+0x241/0x360 [ 321.288109][T10438] ? __pfx_dump_stack_lvl+0x10/0x10 [ 321.293343][T10438] ? __pfx__printk+0x10/0x10 [ 321.297964][T10438] ? __pfx_lock_release+0x10/0x10 [ 321.303198][T10438] should_fail_ex+0x3b0/0x4e0 [ 321.308164][T10438] _copy_from_user+0x2f/0xe0 [ 321.312775][T10438] get_timespec64+0x97/0x280 [ 321.317422][T10438] ? __pfx_get_timespec64+0x10/0x10 [ 321.322649][T10438] ? __fget_files+0x3f6/0x470 [ 321.327366][T10438] __se_sys_pselect6+0x124/0x3f0 [ 321.332327][T10438] ? __pfx___se_sys_pselect6+0x10/0x10 [ 321.337817][T10438] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 321.344173][T10438] ? do_syscall_64+0x100/0x230 [ 321.348958][T10438] ? __x64_sys_pselect6+0x21/0xf0 [ 321.354004][T10438] do_syscall_64+0xf3/0x230 [ 321.358520][T10438] ? clear_bhb_loop+0x35/0x90 [ 321.363227][T10438] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.369140][T10438] RIP: 0033:0x7fc4e2d79e79 [ 321.373566][T10438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 321.393195][T10438] RSP: 002b:00007fc4e3c45038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 321.401639][T10438] RAX: ffffffffffffffda RBX: 00007fc4e2f15f80 RCX: 00007fc4e2d79e79 [ 321.409647][T10438] RDX: 0000000020000940 RSI: 0000000020000900 RDI: 0000000000000040 [ 321.417652][T10438] RBP: 00007fc4e3c45090 R08: 00000000200009c0 R09: 0000000000000000 [ 321.425742][T10438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 321.433744][T10438] R13: 0000000000000001 R14: 00007fc4e2f15f80 R15: 00007ffe8d1bc448 [ 321.441757][T10438] [ 321.451249][ T5232] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 321.498136][ T5232] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 321.511862][ T5232] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 321.623357][ T5232] Bluetooth: hci1: command tx timeout [ 321.624886][ T4618] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 321.645608][ T4618] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 321.654834][ T4618] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 321.974629][T10447] FAULT_INJECTION: forcing a failure. [ 321.974629][T10447] name failslab, interval 1, probability 0, space 0, times 0 [ 322.011347][T10447] CPU: 1 UID: 0 PID: 10447 Comm: syz.4.1350 Not tainted 6.11.0-rc4-syzkaller-00566-g7d3aed652d09 #0 [ 322.022172][T10447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 322.032259][T10447] Call Trace: [ 322.035566][T10447] [ 322.038522][T10447] dump_stack_lvl+0x241/0x360 [ 322.043232][T10447] ? __pfx_dump_stack_lvl+0x10/0x10 [ 322.048480][T10447] ? __pfx__printk+0x10/0x10 [ 322.053100][T10447] ? __kmalloc_noprof+0xb0/0x400 [ 322.058062][T10447] ? __pfx___might_resched+0x10/0x10 [ 322.063385][T10447] should_fail_ex+0x3b0/0x4e0 [ 322.068098][T10447] ? sock_kmalloc+0xd7/0x160 [ 322.072718][T10447] should_failslab+0xac/0x100 [ 322.077427][T10447] ? sock_kmalloc+0xd7/0x160 [ 322.082055][T10447] __kmalloc_noprof+0xd8/0x400 [ 322.086851][T10447] sock_kmalloc+0xd7/0x160 [ 322.091299][T10447] ____sys_sendmsg+0x216/0x7d0 [ 322.096712][T10447] ? __pfx_____sys_sendmsg+0x10/0x10 [ 322.102033][T10447] __sys_sendmmsg+0x3b2/0x740 [ 322.106751][T10447] ? __pfx___sys_sendmmsg+0x10/0x10 [ 322.111990][T10447] ? do_raw_spin_unlock+0x13c/0x8b0 [ 322.117242][T10447] ? __schedule+0x1808/0x4a60 [ 322.121966][T10447] ? __pfx___schedule+0x10/0x10 [ 322.126841][T10447] ? bpf_send_signal_common+0x2dd/0x430 [ 322.132490][T10447] ? __pfx_lock_release+0x10/0x10 [ 322.137568][T10447] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 322.143662][T10447] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 322.150101][T10447] __x64_sys_sendmmsg+0xa0/0xb0 [ 322.154974][T10447] do_syscall_64+0xf3/0x230 [ 322.159495][T10447] ? clear_bhb_loop+0x35/0x90 [ 322.164193][T10447] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.170099][T10447] RIP: 0033:0x7fc4e2d79e79 [ 322.174529][T10447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 322.194597][T10447] RSP: 002b:00007fc4e3c45038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 322.203120][T10447] RAX: ffffffffffffffda RBX: 00007fc4e2f15f80 RCX: 00007fc4e2d79e79 [ 322.211104][T10447] RDX: 0000000000000001 RSI: 0000000020005300 RDI: 0000000000000005 [ 322.219269][T10447] RBP: 00007fc4e3c45090 R08: 0000000000000000 R09: 0000000000000000 [ 322.227270][T10447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 322.235270][T10447] R13: 0000000000000000 R14: 00007fc4e2f15f80 R15: 00007ffe8d1bc448 [ 322.243274][T10447] [ 322.340771][ T1127] team0 (unregistering): Port device team_slave_1 removed [ 322.420319][ T1127] team0 (unregistering): Port device team_slave_0 removed [ 323.198846][T10439] lo speed is unknown, defaulting to 1000 [ 323.209525][T10421] bridge0: port 1(bridge_slave_0) entered blocking state [ 323.251842][T10421] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.259506][T10461] netlink: 'syz.1.1353': attribute type 1 has an invalid length. [ 323.289877][T10421] bridge_slave_0: entered allmulticast mode [ 323.296359][T10461] __nla_validate_parse: 6 callbacks suppressed [ 323.296374][T10461] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1353'. [ 323.328016][T10421] bridge_slave_0: entered promiscuous mode [ 323.348993][T10421] bridge0: port 2(bridge_slave_1) entered blocking state [ 323.367760][T10421] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.393437][T10466] sctp: [Deprecated]: syz.2.1354 (pid 10466) Use of struct sctp_assoc_value in delayed_ack socket option. [ 323.393437][T10466] Use struct sctp_sack_info instead [ 323.400355][T10421] bridge_slave_1: entered allmulticast mode [ 323.435108][T10421] bridge_slave_1: entered promiscuous mode [ 323.466239][T10464] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1355'. [ 323.503896][T10459] sctp: [Deprecated]: syz.2.1354 (pid 10459) Use of struct sctp_assoc_value in delayed_ack socket option. [ 323.503896][T10459] Use struct sctp_sack_info instead [ 323.555959][T10464] veth0_macvtap: left promiscuous mode [ 323.701713][T10421] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 323.711358][ T5243] Bluetooth: hci5: command tx timeout [ 323.711969][ T4618] Bluetooth: hci1: command tx timeout [ 323.755028][T10421] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 323.779412][T10474] ieee802154 phy1 wpan1: encryption failed: -90 [ 323.852467][T10476] netlink: 'syz.4.1358': attribute type 1 has an invalid length. [ 323.923778][T10480] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1358'. [ 323.937667][T10476] bond9: entered promiscuous mode [ 323.944537][T10480] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1358'. [ 323.956153][T10479] netlink: 'syz.1.1359': attribute type 3 has an invalid length. [ 323.973725][T10421] team0: Port device team_slave_0 added [ 324.025441][T10421] team0: Port device team_slave_1 added [ 324.134719][T10476] bond8: (slave team_slave_1): Releasing active interface [ 324.157985][T10476] team_slave_1: left promiscuous mode [ 324.222005][T10476] bond9: (slave team_slave_1): making interface the new active one [ 324.283378][T10476] team_slave_1: entered promiscuous mode [ 324.304135][T10476] bond9: (slave team_slave_1): Enslaving as an active interface with an up link [ 324.330602][T10421] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 324.340279][T10421] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.390458][T10421] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 324.405979][T10421] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 324.414427][T10421] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.442108][T10421] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 324.479175][T10491] bond0: entered promiscuous mode [ 324.484809][T10491] bond_slave_0: entered promiscuous mode [ 324.490857][T10491] bond_slave_1: entered promiscuous mode [ 324.700449][ T1127] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.803793][T10499] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1364'. [ 325.075966][ T1127] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.183916][T10421] hsr_slave_0: entered promiscuous mode [ 325.205202][T10421] hsr_slave_1: entered promiscuous mode [ 325.336633][ T1127] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.439809][T10501] lo speed is unknown, defaulting to 1000 [ 325.492351][ T1127] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.570042][T10439] chnl_net:caif_netlink_parms(): no params data found [ 325.784707][ T5243] Bluetooth: hci1: command tx timeout [ 325.784710][ T4618] Bluetooth: hci5: command tx timeout [ 326.199108][T10527] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1375'. [ 326.229561][T10527] netlink: 'syz.1.1375': attribute type 1 has an invalid length. [ 326.250216][T10527] netlink: 'syz.1.1375': attribute type 2 has an invalid length. [ 326.259282][T10527] netlink: 'syz.1.1375': attribute type 2 has an invalid length. [ 326.268311][T10527] netlink: 'syz.1.1375': attribute type 2 has an invalid length. [ 326.277154][T10439] bridge0: port 1(bridge_slave_0) entered blocking state [ 326.285568][T10439] bridge0: port 1(bridge_slave_0) entered disabled state [ 326.294123][T10439] bridge_slave_0: entered allmulticast mode [ 326.304871][T10439] bridge_slave_0: entered promiscuous mode [ 326.321355][T10527] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1375'. [ 326.337007][T10439] bridge0: port 2(bridge_slave_1) entered blocking state [ 326.349140][T10439] bridge0: port 2(bridge_slave_1) entered disabled state [ 326.357829][T10439] bridge_slave_1: entered allmulticast mode [ 326.366682][T10439] bridge_slave_1: entered promiscuous mode [ 326.498065][ T1127] bridge_slave_1: left allmulticast mode [ 326.513814][ T1127] bridge_slave_1: left promiscuous mode [ 326.531520][ T1127] bridge0: port 2(bridge_slave_1) entered disabled state [ 326.558528][ T1127] bridge_slave_0: left allmulticast mode [ 326.564601][ T1127] bridge_slave_0: left promiscuous mode [ 326.570467][ T1127] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.058898][ T1127] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 327.072890][ T1127] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 327.087989][ T1127] bond0 (unregistering): Released all slaves [ 327.205735][T10439] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 327.279667][T10439] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 327.317942][T10542] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1379'. [ 327.329406][T10542] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1379'. [ 327.361977][T10541] netlink: 'syz.2.1379': attribute type 1 has an invalid length. [ 327.434587][T10541] bond6: entered promiscuous mode [ 327.502387][T10439] team0: Port device team_slave_0 added [ 327.630721][T10542] bond5: (slave team_slave_1): Releasing active interface [ 327.654634][T10542] team_slave_1: left promiscuous mode [ 327.720571][T10542] bond6: (slave team_slave_1): making interface the new active one [ 327.729452][T10542] team_slave_1: entered promiscuous mode [ 327.737519][T10542] bond6: (slave team_slave_1): Enslaving as an active interface with an up link [ 327.784915][T10439] team0: Port device team_slave_1 added [ 327.865383][ T4618] Bluetooth: hci1: command tx timeout [ 327.865390][ T5243] Bluetooth: hci5: command tx timeout [ 327.951364][T10439] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 327.975167][T10439] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 328.012090][T10439] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 328.088785][T10439] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 328.102181][T10439] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 328.167210][T10439] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 328.539003][ T1127] hsr_slave_0: left promiscuous mode [ 328.554844][ T1127] hsr_slave_1: left promiscuous mode [ 328.564121][ T1127] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 328.582619][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 328.602811][ T1127] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 328.621174][ T1127] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 328.658529][ T1127] veth1_macvtap: left promiscuous mode [ 328.674747][ T1127] veth0_macvtap: left promiscuous mode [ 328.680537][ T1127] veth1_vlan: left promiscuous mode [ 328.686553][ T1127] veth0_vlan: left promiscuous mode [ 329.434333][ T1127] team0 (unregistering): Port device team_slave_1 removed [ 329.482363][ T1127] team0 (unregistering): Port device team_slave_0 removed [ 329.947509][ T4618] Bluetooth: hci5: command tx timeout [ 330.008722][T10439] hsr_slave_0: entered promiscuous mode [ 330.019459][T10439] hsr_slave_1: entered promiscuous mode [ 330.026999][T10439] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 330.036034][T10439] Cannot create hsr debugfs directory [ 330.072828][T10567] netlink: 'syz.2.1387': attribute type 1 has an invalid length. [ 330.082378][T10567] workqueue: Failed to create a rescuer kthread for wq "bond7": -EINTR [ 330.090790][T10568] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1387'. [ 330.316406][T10421] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 330.345712][T10421] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 330.394936][T10421] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 330.438446][T10421] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 330.478953][T10579] xt_limit: Overflow, try lower: 262144/524288 [ 330.815198][T10595] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1395'. [ 330.838529][T10595] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1395'. [ 331.235600][T10604] netlink: 'syz.1.1399': attribute type 1 has an invalid length. [ 331.293897][T10602] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1398'. [ 331.318380][T10604] bond9: entered promiscuous mode [ 331.336644][T10608] sctp: [Deprecated]: syz.2.1400 (pid 10608) Use of struct sctp_assoc_value in delayed_ack socket option. [ 331.336644][T10608] Use struct sctp_sack_info instead [ 331.414540][T10606] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1399'. [ 331.444488][T10600] delete_channel: no stack [ 331.452542][T10606] bond9: left promiscuous mode [ 331.466297][T10606] 8021q: adding VLAN 0 to HW filter on device bond9 [ 331.506814][T10421] 8021q: adding VLAN 0 to HW filter on device bond0 [ 331.555437][T10613] netlink: 'syz.2.1402': attribute type 1 has an invalid length. [ 331.596518][T10615] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1402'. [ 331.611889][T10613] bond7: entered promiscuous mode [ 331.637735][T10615] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1402'. [ 331.678823][T10421] 8021q: adding VLAN 0 to HW filter on device team0 [ 331.733905][T10613] bond6: (slave team_slave_1): Releasing active interface [ 331.775304][T10613] team_slave_1: left promiscuous mode [ 331.811028][T10613] bond7: (slave team_slave_1): making interface the new active one [ 331.847937][T10613] team_slave_1: entered promiscuous mode [ 331.886523][T10613] bond7: (slave team_slave_1): Enslaving as an active interface with an up link [ 332.016845][ T1127] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.024038][ T1127] bridge0: port 1(bridge_slave_0) entered forwarding state [ 332.095853][T10439] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 332.133691][ T7889] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.140890][ T7889] bridge0: port 2(bridge_slave_1) entered forwarding state [ 332.170725][T10439] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 332.210780][T10439] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 332.248851][T10439] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 332.426187][T10644] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1412'. [ 332.467161][T10645] sctp: [Deprecated]: syz.2.1411 (pid 10645) Use of struct sctp_assoc_value in delayed_ack socket option. [ 332.467161][T10645] Use struct sctp_sack_info instead [ 332.505141][T10648] bond10: entered allmulticast mode [ 332.607497][T10644] bond10 (unregistering): left allmulticast mode [ 332.630070][T10644] bond10 (unregistering): Released all slaves [ 332.797530][T10644] pim6reg527: entered allmulticast mode [ 332.864935][T10421] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 332.901226][T10439] 8021q: adding VLAN 0 to HW filter on device bond0 [ 333.021550][T10660] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1415'. [ 333.044569][T10439] 8021q: adding VLAN 0 to HW filter on device team0 [ 333.087737][T10421] veth0_vlan: entered promiscuous mode [ 333.124022][ T7889] bridge0: port 1(bridge_slave_0) entered blocking state [ 333.131831][ T7889] bridge0: port 1(bridge_slave_0) entered forwarding state [ 333.174287][ T7889] bridge0: port 2(bridge_slave_1) entered blocking state [ 333.181464][ T7889] bridge0: port 2(bridge_slave_1) entered forwarding state [ 333.221013][T10421] veth1_vlan: entered promiscuous mode [ 333.340459][T10671] netlink: 8235 bytes leftover after parsing attributes in process `syz.2.1419'. [ 333.528480][T10421] veth0_macvtap: entered promiscuous mode [ 333.560186][T10421] veth1_macvtap: entered promiscuous mode [ 333.565771][T10675] netlink: 'syz.2.1420': attribute type 1 has an invalid length. [ 333.586033][T10675] netlink: 'syz.2.1420': attribute type 1 has an invalid length. [ 333.650351][T10421] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 333.683374][T10421] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.714733][T10421] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 333.742042][T10421] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.764256][T10421] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 333.799656][T10421] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 333.815032][T10421] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.839033][T10421] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 333.859891][T10421] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.876723][T10684] netlink: 'syz.2.1422': attribute type 3 has an invalid length. [ 333.884898][T10421] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 333.953789][T10421] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.978031][T10686] sctp: [Deprecated]: syz.1.1423 (pid 10686) Use of struct sctp_assoc_value in delayed_ack socket option. [ 333.978031][T10686] Use struct sctp_sack_info instead [ 333.980000][T10421] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.019972][T10421] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.039813][T10421] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.090939][T10439] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 334.346241][T10439] veth0_vlan: entered promiscuous mode [ 334.380104][ T1068] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 334.415493][ T1068] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 334.491523][T10439] veth1_vlan: entered promiscuous mode [ 334.638204][T10696] lo speed is unknown, defaulting to 1000 [ 334.658159][T10705] syz_tun: entered promiscuous mode [ 334.704557][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 334.734339][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 334.752470][T10439] veth0_macvtap: entered promiscuous mode [ 334.968896][T10705] syz_tun (unregistering): left promiscuous mode [ 335.092392][T10711] netlink: 'syz.2.1430': attribute type 10 has an invalid length. [ 335.128669][T10711] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 335.164010][T10711] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 335.178637][T10439] veth1_macvtap: entered promiscuous mode [ 335.231846][T10439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 335.263820][T10439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.283774][T10439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 335.308687][T10439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.340198][T10439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 335.373161][T10439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.404809][T10439] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 335.446159][T10439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 335.493172][T10439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.520723][T10439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 335.544795][T10439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.557260][T10439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 335.570549][T10439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 335.593485][T10718] netlink: 'syz.2.1432': attribute type 11 has an invalid length. [ 335.595199][T10439] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 335.641937][T10439] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.652093][T10719] __nla_validate_parse: 1 callbacks suppressed [ 335.652109][T10719] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1433'. [ 335.673843][T10439] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.684149][T10719] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1433'. [ 335.694156][T10439] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.707656][T10439] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 335.729814][T10717] netlink: 'syz.4.1433': attribute type 1 has an invalid length. [ 335.787581][T10717] bond10: entered promiscuous mode [ 335.906967][ T7889] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.953846][T10719] bond9: (slave team_slave_1): Releasing active interface [ 335.971755][T10719] team_slave_1: left promiscuous mode [ 336.009483][T10719] bond10: (slave team_slave_1): making interface the new active one [ 336.048331][T10719] team_slave_1: entered promiscuous mode [ 336.070553][T10719] bond10: (slave team_slave_1): Enslaving as an active interface with an up link [ 336.228531][ T7889] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.322248][ T7889] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.466615][ T1127] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 336.478584][ T1127] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 336.593960][ T7886] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 336.602676][ T7886] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 336.672935][ T7889] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.916935][ T7889] bridge_slave_1: left allmulticast mode [ 336.922666][ T7889] bridge_slave_1: left promiscuous mode [ 336.929592][ T7889] bridge0: port 2(bridge_slave_1) entered disabled state [ 336.945583][ T7889] bridge_slave_0: left allmulticast mode [ 336.951264][ T7889] bridge_slave_0: left promiscuous mode [ 336.957432][ T7889] bridge0: port 1(bridge_slave_0) entered disabled state [ 337.312627][T10727] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1434'. [ 337.347715][T10727] netlink: 'syz.2.1434': attribute type 16 has an invalid length. [ 337.381538][T10727] netlink: 64138 bytes leftover after parsing attributes in process `syz.2.1434'. [ 337.417552][T10725] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 337.676625][ T7889] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 337.704411][ T7889] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 337.726319][ T7889] bond0 (unregistering): Released all slaves [ 337.736059][ T5243] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 337.746176][ T5243] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 337.757436][ T5243] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 337.766027][ T5243] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 337.774143][ T5243] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 337.788458][ T5243] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 337.825722][T10728] netlink: 'syz.4.1435': attribute type 1 has an invalid length. [ 337.891828][T10728] bond11: entered promiscuous mode [ 337.901316][T10729] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1435'. [ 337.914904][T10729] bond11: left promiscuous mode [ 337.930396][T10729] 8021q: adding VLAN 0 to HW filter on device bond11 [ 338.175834][T10730] lo speed is unknown, defaulting to 1000 [ 338.592099][ T7889] hsr_slave_0: left promiscuous mode [ 338.599587][ T7889] hsr_slave_1: left promiscuous mode [ 338.607293][ T7889] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 338.615380][ T7889] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 338.625129][ T7889] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 338.635681][ T7889] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 338.668326][ T7889] veth1_macvtap: left promiscuous mode [ 338.674110][ T7889] veth0_macvtap: left promiscuous mode [ 338.679761][ T7889] veth1_vlan: left promiscuous mode [ 338.685153][ T7889] veth0_vlan: left promiscuous mode [ 339.284912][ T7889] team0 (unregistering): Port device team_slave_1 removed [ 339.342805][ T7889] team0 (unregistering): Port device team_slave_0 removed [ 339.866317][ T4618] Bluetooth: hci1: command tx timeout [ 340.013703][T10736] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1436'. [ 340.159738][T10730] chnl_net:caif_netlink_parms(): no params data found [ 340.437047][T10753] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 340.537252][T10730] bridge0: port 1(bridge_slave_0) entered blocking state [ 340.551453][T10730] bridge0: port 1(bridge_slave_0) entered disabled state [ 340.567735][T10730] bridge_slave_0: entered allmulticast mode [ 340.587044][T10730] bridge_slave_0: entered promiscuous mode [ 340.613362][T10746] lo speed is unknown, defaulting to 1000 [ 340.621306][T10730] bridge0: port 2(bridge_slave_1) entered blocking state [ 340.656024][T10730] bridge0: port 2(bridge_slave_1) entered disabled state [ 340.682629][T10730] bridge_slave_1: entered allmulticast mode [ 340.728320][T10730] bridge_slave_1: entered promiscuous mode [ 340.754509][ T5243] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 340.766396][ T5243] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 340.776308][ T5243] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 340.786001][T10759] netlink: 116 bytes leftover after parsing attributes in process `syz.1.1442'. [ 340.802113][ T5243] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 340.811105][ T5243] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 340.827034][ T5243] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 341.015185][T10730] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 341.064957][T10730] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 341.275689][T10730] team0: Port device team_slave_0 added [ 341.296378][T10730] team0: Port device team_slave_1 added [ 341.427145][ T7889] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 341.586077][T10756] lo speed is unknown, defaulting to 1000 [ 341.709797][ T7889] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 341.813828][T10730] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 341.820917][T10730] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 341.927822][T10730] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 341.943892][ T4618] Bluetooth: hci1: command tx timeout [ 341.982358][T10730] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 342.024758][T10730] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 342.053393][T10730] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 342.096880][ T7889] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.128139][T10769] lo speed is unknown, defaulting to 1000 [ 342.238600][ T7889] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.521625][T10730] hsr_slave_0: entered promiscuous mode [ 342.535150][T10730] hsr_slave_1: entered promiscuous mode [ 342.886007][T10786] netlink: 'syz.2.1450': attribute type 10 has an invalid length. [ 342.912549][ T4618] Bluetooth: hci5: command tx timeout [ 343.214726][ T7889] bridge_slave_1: left allmulticast mode [ 343.224451][ T7889] bridge_slave_1: left promiscuous mode [ 343.232278][ T7889] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.256159][ T7889] bridge_slave_0: left allmulticast mode [ 343.262581][ T7889] bridge_slave_0: left promiscuous mode [ 343.269924][ T7889] bridge0: port 1(bridge_slave_0) entered disabled state [ 343.797182][ T7889] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 343.811016][ T7889] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 343.827124][ T7889] bond0 (unregistering): Released all slaves [ 344.024546][ T4618] Bluetooth: hci1: command tx timeout [ 344.385431][T10797] lo speed is unknown, defaulting to 1000 [ 344.390165][T10756] chnl_net:caif_netlink_parms(): no params data found [ 344.795418][T10756] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.829393][T10756] bridge0: port 1(bridge_slave_0) entered disabled state [ 344.843374][T10756] bridge_slave_0: entered allmulticast mode [ 344.861413][T10756] bridge_slave_0: entered promiscuous mode [ 344.877920][T10756] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.896481][T10806] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1455'. [ 344.898358][T10756] bridge0: port 2(bridge_slave_1) entered disabled state [ 344.936763][T10756] bridge_slave_1: entered allmulticast mode [ 344.983358][ T4618] Bluetooth: hci5: command tx timeout [ 344.984841][T10756] bridge_slave_1: entered promiscuous mode [ 345.215819][ T7889] hsr_slave_0: left promiscuous mode [ 345.222755][ T7889] hsr_slave_1: left promiscuous mode [ 345.253515][ T7889] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 345.272599][ T7889] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 345.292625][ T7889] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 345.300609][ T7889] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 345.337521][ T7889] veth1_macvtap: left promiscuous mode [ 345.344110][ T7889] veth0_macvtap: left promiscuous mode [ 345.349763][ T7889] veth1_vlan: left promiscuous mode [ 345.356884][ T7889] veth0_vlan: left promiscuous mode [ 346.006246][ T7889] team0 (unregistering): Port device team_slave_1 removed [ 346.067907][ T7889] team0 (unregistering): Port device team_slave_0 removed [ 346.104287][ T4618] Bluetooth: hci1: command tx timeout [ 346.592246][T10756] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 346.665956][T10756] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 346.835345][T10756] team0: Port device team_slave_0 added [ 346.900107][T10756] team0: Port device team_slave_1 added [ 346.953715][T10823] ieee802154 phy1 wpan1: encryption failed: -90 [ 347.063747][ T4618] Bluetooth: hci5: command tx timeout [ 347.092638][T10756] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 347.103721][T10756] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 347.137004][T10756] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 347.155540][T10756] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 347.163564][T10756] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 347.193418][T10756] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 347.363913][T10730] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 347.427661][T10730] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 347.474530][T10829] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1463'. [ 347.474608][T10835] netlink: 'syz.2.1464': attribute type 11 has an invalid length. [ 347.583814][T10730] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 347.597833][T10730] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 347.656070][T10756] hsr_slave_0: entered promiscuous mode [ 347.664640][T10756] hsr_slave_1: entered promiscuous mode [ 347.671769][T10756] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 347.680897][T10756] Cannot create hsr debugfs directory [ 348.304930][T10853] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 348.308823][T10730] 8021q: adding VLAN 0 to HW filter on device bond0 [ 348.395709][T10730] 8021q: adding VLAN 0 to HW filter on device team0 [ 348.450875][ T1068] bridge0: port 1(bridge_slave_0) entered blocking state [ 348.458937][ T1068] bridge0: port 1(bridge_slave_0) entered forwarding state [ 348.492752][ T1068] bridge0: port 2(bridge_slave_1) entered blocking state [ 348.500668][ T1068] bridge0: port 2(bridge_slave_1) entered forwarding state [ 348.721543][T10756] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 348.748461][T10756] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 348.772516][T10756] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 348.798908][T10756] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 349.095842][T10756] 8021q: adding VLAN 0 to HW filter on device bond0 [ 349.143862][ T4618] Bluetooth: hci5: command tx timeout [ 349.170143][T10756] 8021q: adding VLAN 0 to HW filter on device team0 [ 349.212197][ T1068] bridge0: port 1(bridge_slave_0) entered blocking state [ 349.219495][ T1068] bridge0: port 1(bridge_slave_0) entered forwarding state [ 349.262472][ T1068] bridge0: port 2(bridge_slave_1) entered blocking state [ 349.270571][ T1068] bridge0: port 2(bridge_slave_1) entered forwarding state [ 349.412578][T10730] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 349.462903][T10756] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 349.483593][T10756] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 349.599462][T10880] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1482'. [ 349.710346][T10730] veth0_vlan: entered promiscuous mode [ 349.765085][T10730] veth1_vlan: entered promiscuous mode [ 349.965837][T10730] veth0_macvtap: entered promiscuous mode [ 350.007951][T10730] veth1_macvtap: entered promiscuous mode [ 350.096433][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 350.123847][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 350.143582][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 350.155487][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 350.167454][T10730] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 350.179065][T10756] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 350.189875][T10896] netlink: 'syz.2.1485': attribute type 1 has an invalid length. [ 350.203858][T10896] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 350.211109][T10896] IPv6: NLM_F_CREATE should be set when creating new route [ 350.219016][T10896] IPv6: NLM_F_CREATE should be set when creating new route [ 350.232080][T10901] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 350.270138][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 350.294419][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 350.313540][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 350.328548][T10903] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1488'. [ 350.336390][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 350.365763][T10730] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 350.375549][T10903] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1488'. [ 350.399648][T10730] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.422195][T10730] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.445585][T10730] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.465895][T10730] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.762666][T10756] veth0_vlan: entered promiscuous mode [ 350.776450][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 350.781388][T10756] veth1_vlan: entered promiscuous mode [ 350.820391][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 350.910338][ T7883] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 350.924250][T10756] veth0_macvtap: entered promiscuous mode [ 350.941356][T10756] veth1_macvtap: entered promiscuous mode [ 350.949986][ T7883] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 351.043217][T10756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 351.083197][T10756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.113390][T10756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 351.144451][T10756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.161874][T10756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 351.168716][ T8] IPVS: starting estimator thread 0... [ 351.189510][T10756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.215651][T10756] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 351.258478][T10756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 351.285417][T10921] IPVS: using max 21 ests per chain, 50400 per kthread [ 351.303515][T10756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.320496][T10756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 351.331899][T10756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.344049][T10756] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 351.368509][T10756] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 351.396827][T10756] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 351.455250][T10756] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.476554][T10929] tipc: Failed to remove unknown binding: 66,1,1/2886997162:2371832972/2371832974 [ 351.489091][T10756] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.511022][T10756] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.515724][T10928] x_tables: ip_tables: osf match: only valid for protocol 6 [ 351.525818][T10756] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.578052][T10931] netlink: 'syz.4.1496': attribute type 116 has an invalid length. [ 351.613970][T10931] netlink: 'syz.4.1496': attribute type 8 has an invalid length. [ 351.814374][ T7889] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 351.822967][ T7889] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 351.928557][ T7887] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 351.960263][ T7887] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 352.305229][T10951] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 352.428655][T10958] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1507'. [ 352.492736][T10958] bond8: entered allmulticast mode [ 352.501808][T10958] bond8 (unregistering): left allmulticast mode [ 352.511628][T10958] bond8 (unregistering): Released all slaves [ 352.533915][T10962] netlink: 892 bytes leftover after parsing attributes in process `syz.4.1508'. [ 352.783284][T10969] netlink: 'syz.4.1510': attribute type 1 has an invalid length. [ 352.803233][T10969] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1510'. [ 352.940299][T10974] ieee802154 phy1 wpan1: encryption failed: -90 [ 352.962163][T10976] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1512'. [ 353.007265][ T52] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.649584][ T52] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.726718][ T52] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.814702][ T52] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.922465][ T52] bridge_slave_1: left allmulticast mode [ 353.928469][ T52] bridge_slave_1: left promiscuous mode [ 353.934712][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 353.947296][ T52] bridge_slave_0: left allmulticast mode [ 353.952969][ T52] bridge_slave_0: left promiscuous mode [ 353.966874][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 354.625442][ T5243] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 354.637336][ T5243] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 354.646583][ T5243] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 354.662536][ T5243] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 354.672395][ T5243] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 354.681431][ T5243] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 354.747829][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 354.764401][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 354.777610][ T52] bond0 (unregistering): Released all slaves [ 354.818313][T10978] lo speed is unknown, defaulting to 1000 [ 355.404169][ T52] hsr_slave_0: left promiscuous mode [ 355.438603][ T52] hsr_slave_1: left promiscuous mode [ 355.445992][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 355.454565][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 355.462636][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 355.471632][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 355.502605][ T52] veth1_macvtap: left promiscuous mode [ 355.508788][ T52] veth0_macvtap: left promiscuous mode [ 355.515037][ T52] veth1_vlan: left promiscuous mode [ 355.520370][ T52] veth0_vlan: left promiscuous mode [ 356.466781][ T52] team0 (unregistering): Port device team_slave_1 removed [ 356.576850][ T52] team0 (unregistering): Port device team_slave_0 removed [ 356.677792][ T4618] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 356.690459][ T4618] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 356.703885][ T4618] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 356.716434][ T4618] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 356.730542][ T4618] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 356.744373][ T5232] Bluetooth: hci1: command tx timeout [ 356.759419][ T4618] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 357.291154][T10978] chnl_net:caif_netlink_parms(): no params data found [ 357.336113][T10989] netlink: 'syz.2.1515': attribute type 1 has an invalid length. [ 357.355288][T10989] workqueue: Failed to create a rescuer kthread for wq "bond8": -EINTR [ 357.365929][T10995] bond7: (slave team_slave_1): Releasing active interface [ 357.393337][T10995] team_slave_1: left promiscuous mode [ 357.693302][T11005] lo speed is unknown, defaulting to 1000 [ 357.719706][T11020] netlink: 892 bytes leftover after parsing attributes in process `syz.2.1519'. [ 357.813480][T10978] bridge0: port 1(bridge_slave_0) entered blocking state [ 357.832159][T10978] bridge0: port 1(bridge_slave_0) entered disabled state [ 357.847412][T10978] bridge_slave_0: entered allmulticast mode [ 357.864627][T10978] bridge_slave_0: entered promiscuous mode [ 357.881210][T11022] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1520'. [ 358.004651][T11025] bond10: entered allmulticast mode [ 358.066562][T11024] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1521'. [ 358.131103][T11027] bond10 (unregistering): left allmulticast mode [ 358.146130][T11027] bond10 (unregistering): Released all slaves [ 358.174501][T10978] bridge0: port 2(bridge_slave_1) entered blocking state [ 358.181849][T10978] bridge0: port 2(bridge_slave_1) entered disabled state [ 358.191847][T10978] bridge_slave_1: entered allmulticast mode [ 358.200065][T10978] bridge_slave_1: entered promiscuous mode [ 358.212307][T11028] bond12: entered allmulticast mode [ 358.220601][T11031] bond12 (unregistering): left allmulticast mode [ 358.247414][T11031] bond12 (unregistering): Released all slaves [ 358.316246][T11037] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1522'. [ 358.500612][T10978] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 358.529646][T11040] netlink: 'syz.1.1523': attribute type 1 has an invalid length. [ 358.541660][T11040] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1523'. [ 358.547829][T10978] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 358.687816][T11048] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 358.719136][T10978] team0: Port device team_slave_0 added [ 358.826679][ T4618] Bluetooth: hci1: command tx timeout [ 358.858902][ T52] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.903558][ T4618] Bluetooth: hci5: command tx timeout [ 358.920364][T10978] team0: Port device team_slave_1 added [ 359.138547][ T52] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.169643][T11069] FAULT_INJECTION: forcing a failure. [ 359.169643][T11069] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 359.219307][T11069] CPU: 1 UID: 0 PID: 11069 Comm: syz.1.1531 Not tainted 6.11.0-rc4-syzkaller-00566-g7d3aed652d09 #0 [ 359.230124][T11069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 359.240293][T11069] Call Trace: [ 359.243593][T11069] [ 359.246539][T11069] dump_stack_lvl+0x241/0x360 [ 359.251235][T11069] ? __pfx_dump_stack_lvl+0x10/0x10 [ 359.256499][T11069] ? __pfx__printk+0x10/0x10 [ 359.261133][T11069] should_fail_ex+0x3b0/0x4e0 [ 359.265874][T11069] _copy_from_user+0x2f/0xe0 [ 359.270487][T11069] copy_from_sockptr+0x62/0xa0 [ 359.275283][T11069] ip6_mroute_setsockopt+0x463/0x1340 [ 359.280689][T11069] ? __pfx_ip6_mroute_setsockopt+0x10/0x10 [ 359.286543][T11069] ? __might_fault+0xc6/0x120 [ 359.291250][T11069] do_ipv6_setsockopt+0x48c/0x3630 [ 359.296386][T11069] ? __pfx_do_ipv6_setsockopt+0x10/0x10 [ 359.301955][T11069] ? aa_label_sk_perm+0x4f0/0x6d0 [ 359.307024][T11069] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 359.312435][T11069] ? __pfx___might_resched+0x10/0x10 [ 359.317754][T11069] ? __lock_acquire+0x137a/0x2040 [ 359.322807][T11069] ? aa_sk_perm+0x96d/0xab0 [ 359.327329][T11069] ipv6_setsockopt+0x5c/0x1a0 [ 359.332023][T11069] rawv6_setsockopt+0x327/0x740 [ 359.336902][T11069] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 359.342298][T11069] ? aa_sock_opt_perm+0x79/0x120 [ 359.347259][T11069] ? sock_common_setsockopt+0x37/0xc0 [ 359.352651][T11069] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 359.358561][T11069] do_sock_setsockopt+0x3af/0x720 [ 359.363613][T11069] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 359.369170][T11069] ? __fget_files+0x29/0x470 [ 359.373779][T11069] ? __fget_files+0x3f6/0x470 [ 359.378487][T11069] __sys_setsockopt+0x1ae/0x250 [ 359.383358][T11069] __x64_sys_setsockopt+0xb5/0xd0 [ 359.388402][T11069] do_syscall_64+0xf3/0x230 [ 359.392924][T11069] ? clear_bhb_loop+0x35/0x90 [ 359.397627][T11069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.403546][T11069] RIP: 0033:0x7ff2ce779e79 [ 359.407975][T11069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 359.427694][T11069] RSP: 002b:00007ff2cf4c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 359.436129][T11069] RAX: ffffffffffffffda RBX: 00007ff2ce915f80 RCX: 00007ff2ce779e79 [ 359.444117][T11069] RDX: 00000000000000d1 RSI: 0000000000000029 RDI: 0000000000000003 [ 359.452103][T11069] RBP: 00007ff2cf4c0090 R08: 0000000000000004 R09: 0000000000000000 [ 359.460095][T11069] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001 [ 359.468090][T11069] R13: 0000000000000000 R14: 00007ff2ce915f80 R15: 00007ffd47252b78 [ 359.476098][T11069] [ 359.488174][T10978] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 359.502347][T10978] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 359.538449][T10978] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 359.551976][T10978] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 359.559676][T10978] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 359.591809][T10978] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 359.657699][T11071] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1533'. [ 359.798113][ T52] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.816271][T11083] netlink: 'syz.2.1536': attribute type 1 has an invalid length. [ 359.825283][T11083] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1536'. [ 359.987695][ T52] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.154465][T10978] hsr_slave_0: entered promiscuous mode [ 360.186089][T10978] hsr_slave_1: entered promiscuous mode [ 360.204691][T11096] netlink: 'syz.4.1540': attribute type 10 has an invalid length. [ 360.208613][T11097] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 360.215251][T11096] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1540'. [ 360.251868][T11005] chnl_net:caif_netlink_parms(): no params data found [ 360.693902][ T52] bridge_slave_1: left allmulticast mode [ 360.706908][ T52] bridge_slave_1: left promiscuous mode [ 360.714500][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 360.737097][ T52] bridge_slave_0: left allmulticast mode [ 360.747105][ T52] bridge_slave_0: left promiscuous mode [ 360.754701][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 360.904629][ T5243] Bluetooth: hci1: command tx timeout [ 360.958076][T11115] netlink: 'syz.2.1547': attribute type 1 has an invalid length. [ 360.969223][T11115] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1547'. [ 360.983852][ T5243] Bluetooth: hci5: command tx timeout [ 361.523584][T11129] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1551'. [ 361.533832][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 361.552120][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 361.567497][ T52] bond0 (unregistering): Released all slaves [ 361.586846][T11110] netlink: 'syz.4.1545': attribute type 10 has an invalid length. [ 361.606546][T11110] bond0: (slave netdevsim0): Releasing backup interface [ 361.622761][T11110] team0: Port device netdevsim0 added [ 361.668791][T11005] bridge0: port 1(bridge_slave_0) entered blocking state [ 361.676900][T11005] bridge0: port 1(bridge_slave_0) entered disabled state [ 361.684947][T11005] bridge_slave_0: entered allmulticast mode [ 361.692343][T11005] bridge_slave_0: entered promiscuous mode [ 361.807286][T11122] bond10: entered allmulticast mode [ 361.827518][T11123] bond10 (unregistering): left allmulticast mode [ 361.854874][T11123] bond10 (unregistering): Released all slaves [ 361.893893][T11128] netlink: 'syz.2.1551': attribute type 1 has an invalid length. [ 362.026930][T11128] bond8: entered promiscuous mode [ 362.071260][T11130] bond8: (slave team_slave_1): making interface the new active one [ 362.079806][T11130] team_slave_1: entered promiscuous mode [ 362.087612][T11130] bond8: (slave team_slave_1): Enslaving as an active interface with an up link [ 362.153866][T11005] bridge0: port 2(bridge_slave_1) entered blocking state [ 362.161366][T11005] bridge0: port 2(bridge_slave_1) entered disabled state [ 362.171900][T11005] bridge_slave_1: entered allmulticast mode [ 362.182083][T11005] bridge_slave_1: entered promiscuous mode [ 362.242805][T11153] netlink: 'syz.4.1556': attribute type 1 has an invalid length. [ 362.314302][T11153] bond12: entered promiscuous mode [ 362.394937][T11005] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 362.426670][T11005] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 362.448020][T11156] bond10: (slave team_slave_1): Releasing active interface [ 362.456506][T11156] team_slave_1: left promiscuous mode [ 362.482781][T11161] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 362.485740][T11156] bond12: (slave team_slave_1): making interface the new active one [ 362.502756][T11156] team_slave_1: entered promiscuous mode [ 362.511005][T11156] bond12: (slave team_slave_1): Enslaving as an active interface with an up link [ 362.684411][T11164] netlink: 'syz.1.1559': attribute type 1 has an invalid length. [ 362.712761][T11005] team0: Port device team_slave_0 added [ 362.802566][T11005] team0: Port device team_slave_1 added [ 362.984479][ T5243] Bluetooth: hci1: command tx timeout [ 363.063470][ T5243] Bluetooth: hci5: command tx timeout [ 363.091090][T11005] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 363.123215][T11005] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 363.189184][T11005] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 363.211621][ T52] hsr_slave_0: left promiscuous mode [ 363.219025][ T52] hsr_slave_1: left promiscuous mode [ 363.227343][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 363.244632][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 363.259493][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 363.268770][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 363.310433][ T52] veth1_macvtap: left promiscuous mode [ 363.317121][ T52] veth0_macvtap: left promiscuous mode [ 363.324474][ T52] veth1_vlan: left promiscuous mode [ 363.330435][ T52] veth0_vlan: left promiscuous mode [ 364.228324][ T52] team0 (unregistering): Port device team_slave_1 removed [ 364.278355][ T52] team0 (unregistering): Port device team_slave_0 removed [ 364.781908][T11175] __nla_validate_parse: 6 callbacks suppressed [ 364.781931][T11175] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1564'. [ 364.813207][T11175] bridge_slave_1: left allmulticast mode [ 364.833873][T11175] bridge_slave_1: left promiscuous mode [ 364.839709][T11175] bridge0: port 2(bridge_slave_1) entered disabled state [ 364.868273][T11175] bridge_slave_0: left allmulticast mode [ 364.875807][T11184] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1568'. [ 364.883065][T11175] bridge_slave_0: left promiscuous mode [ 364.894265][T11175] bridge0: port 1(bridge_slave_0) entered disabled state [ 365.034578][T11005] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 365.050654][T11005] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 365.104584][T11005] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 365.134302][T11181] vcan0 speed is unknown, defaulting to 1000 [ 365.143423][ T5243] Bluetooth: hci5: command tx timeout [ 365.155593][T11181] vcan0 speed is unknown, defaulting to 1000 [ 365.165950][T11181] vcan0 speed is unknown, defaulting to 1000 [ 365.388748][T11005] hsr_slave_0: entered promiscuous mode [ 365.410132][T11005] hsr_slave_1: entered promiscuous mode [ 365.431397][T11005] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 365.443513][T11005] Cannot create hsr debugfs directory [ 365.515146][T11200] [ 365.517519][T11200] ================================================ [ 365.524011][T11200] WARNING: lock held when returning to user space! [ 365.530510][T11200] 6.11.0-rc4-syzkaller-00566-g7d3aed652d09 #0 Not tainted [ 365.537622][T11200] ------------------------------------------------ [ 365.544118][T11200] syz.4.1575/11200 is leaving the kernel with locks still held! [ 365.551745][T11200] 1 lock held by syz.4.1575/11200: [ 365.556857][T11200] #0: ffffffff8fc84b88 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_act_cable_test+0x187/0x3f0 [ 365.557056][T11181] infiniband syz1: set active [ 365.571880][T11181] infiniband syz1: added vcan0 [ 365.580962][T11181] syz1: rxe_create_cq: returned err = -12 [ 365.590069][T11181] infiniband syz1: Couldn't create ib_mad CQ [ 365.597055][T11181] infiniband syz1: Couldn't open port 1 [ 365.616109][T11181] RDS/IB: syz1: added [ 365.620231][T11181] smc: adding ib device syz1 with port count 1 [ 365.626905][T11181] smc: ib device syz1 port 1 has pnetid [ 366.183448][ T1068] ================================================================== [ 366.191551][ T1068] BUG: KASAN: slab-use-after-free in __mutex_lock+0xcf5/0xd70 [ 366.199175][ T1068] Read of size 4 at addr ffff888021c40034 by task kworker/u8:6/1068 [ 366.207134][ T1068] [ 366.209444][ T1068] CPU: 0 UID: 0 PID: 1068 Comm: kworker/u8:6 Not tainted 6.11.0-rc4-syzkaller-00566-g7d3aed652d09 #0 [ 366.220281][ T1068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 366.230317][ T1068] Workqueue: events_unbound linkwatch_event [ 366.236213][ T1068] Call Trace: [ 366.239491][ T1068] [ 366.242421][ T1068] dump_stack_lvl+0x241/0x360 [ 366.247086][ T1068] ? __pfx_dump_stack_lvl+0x10/0x10 [ 366.252451][ T1068] ? __pfx__printk+0x10/0x10 [ 366.257031][ T1068] ? _printk+0xd5/0x120 [ 366.261171][ T1068] ? __virt_addr_valid+0x183/0x530 [ 366.266263][ T1068] ? __virt_addr_valid+0x183/0x530 [ 366.271444][ T1068] print_report+0x169/0x550 [ 366.275934][ T1068] ? __virt_addr_valid+0x183/0x530 [ 366.281044][ T1068] ? __virt_addr_valid+0x183/0x530 [ 366.286151][ T1068] ? __virt_addr_valid+0x45f/0x530 [ 366.291272][ T1068] ? __phys_addr+0xba/0x170 [ 366.295848][ T1068] ? __mutex_lock+0xcf5/0xd70 [ 366.300510][ T1068] kasan_report+0x143/0x180 [ 366.305003][ T1068] ? __mutex_lock+0xcf5/0xd70 [ 366.309665][ T1068] __mutex_lock+0xcf5/0xd70 [ 366.314157][ T1068] ? preempt_schedule+0xe1/0xf0 [ 366.318990][ T1068] ? linkwatch_event+0xe/0x60 [ 366.323651][ T1068] ? __pfx_preempt_schedule+0x10/0x10 [ 366.329017][ T1068] ? __pfx___mutex_lock+0x10/0x10 [ 366.334035][ T1068] ? preempt_schedule_thunk+0x1a/0x30 [ 366.339415][ T1068] ? process_scheduled_works+0x945/0x1830 [ 366.345140][ T1068] linkwatch_event+0xe/0x60 [ 366.349630][ T1068] process_scheduled_works+0xa2c/0x1830 [ 366.355173][ T1068] ? __pfx_process_scheduled_works+0x10/0x10 [ 366.361143][ T1068] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 366.366674][ T1068] ? assign_work+0x364/0x3d0 [ 366.371270][ T1068] worker_thread+0x86d/0xd40 [ 366.375864][ T1068] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 366.381746][ T1068] ? __kthread_parkme+0x169/0x1d0 [ 366.386769][ T1068] ? __pfx_worker_thread+0x10/0x10 [ 366.391887][ T1068] kthread+0x2f0/0x390 [ 366.395944][ T1068] ? __pfx_worker_thread+0x10/0x10 [ 366.401036][ T1068] ? __pfx_kthread+0x10/0x10 [ 366.405610][ T1068] ret_from_fork+0x4b/0x80 [ 366.410012][ T1068] ? __pfx_kthread+0x10/0x10 [ 366.414590][ T1068] ret_from_fork_asm+0x1a/0x30 [ 366.419341][ T1068] [ 366.422353][ T1068] [ 366.424659][ T1068] Allocated by task 11199: [ 366.429048][ T1068] kasan_save_track+0x3f/0x80 [ 366.433722][ T1068] __kasan_slab_alloc+0x66/0x80 [ 366.438572][ T1068] kmem_cache_alloc_node_noprof+0x16b/0x320 [ 366.444453][ T1068] dup_task_struct+0x57/0x8c0 [ 366.449112][ T1068] copy_process+0x5d1/0x3e10 [ 366.453687][ T1068] kernel_clone+0x226/0x8f0 [ 366.458195][ T1068] __se_sys_clone3+0x2cb/0x350 [ 366.462940][ T1068] do_syscall_64+0xf3/0x230 [ 366.467424][ T1068] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.473301][ T1068] [ 366.475608][ T1068] Freed by task 16: [ 366.479389][ T1068] kasan_save_track+0x3f/0x80 [ 366.484061][ T1068] kasan_save_free_info+0x40/0x50 [ 366.489085][ T1068] poison_slab_object+0xe0/0x150 [ 366.494008][ T1068] __kasan_slab_free+0x37/0x60 [ 366.498752][ T1068] kmem_cache_free+0x145/0x350 [ 366.503672][ T1068] delayed_put_task_struct+0x125/0x300 [ 366.509113][ T1068] rcu_core+0xafd/0x1830 [ 366.513351][ T1068] handle_softirqs+0x2c4/0x970 [ 366.518186][ T1068] run_ksoftirqd+0xca/0x130 [ 366.522706][ T1068] smpboot_thread_fn+0x544/0xa30 [ 366.527668][ T1068] kthread+0x2f0/0x390 [ 366.531811][ T1068] ret_from_fork+0x4b/0x80 [ 366.536224][ T1068] ret_from_fork_asm+0x1a/0x30 [ 366.541017][ T1068] [ 366.543322][ T1068] Last potentially related work creation: [ 366.549633][ T1068] kasan_save_stack+0x3f/0x60 [ 366.554299][ T1068] __kasan_record_aux_stack+0xac/0xc0 [ 366.559660][ T1068] call_rcu+0x167/0xa70 [ 366.563807][ T1068] __schedule+0x1808/0x4a60 [ 366.568309][ T1068] preempt_schedule_irq+0xfb/0x1c0 [ 366.573406][ T1068] irqentry_exit+0x5e/0x90 [ 366.577808][ T1068] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 366.583787][ T1068] [ 366.586112][ T1068] Second to last potentially related work creation: [ 366.592703][ T1068] kasan_save_stack+0x3f/0x60 [ 366.597378][ T1068] __kasan_record_aux_stack+0xac/0xc0 [ 366.602745][ T1068] task_work_add+0xb8/0x450 [ 366.607239][ T1068] sched_tick+0x322/0x610 [ 366.611566][ T1068] update_process_times+0x202/0x230 [ 366.616772][ T1068] tick_nohz_handler+0x37c/0x500 [ 366.621691][ T1068] __hrtimer_run_queues+0x551/0xd50 [ 366.626873][ T1068] hrtimer_interrupt+0x396/0x990 [ 366.631792][ T1068] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 366.637766][ T1068] sysvec_apic_timer_interrupt+0x52/0xc0 [ 366.643387][ T1068] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 366.649349][ T1068] [ 366.651652][ T1068] The buggy address belongs to the object at ffff888021c40000 [ 366.651652][ T1068] which belongs to the cache task_struct of size 7424 [ 366.666213][ T1068] The buggy address is located 52 bytes inside of [ 366.666213][ T1068] freed 7424-byte region [ffff888021c40000, ffff888021c41d00) [ 366.679994][ T1068] [ 366.682298][ T1068] The buggy address belongs to the physical page: [ 366.688697][ T1068] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888021c45a00 pfn:0x21c40 [ 366.698750][ T1068] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 366.707408][ T1068] memcg:ffff88805afef541 [ 366.711660][ T1068] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 366.719209][ T1068] page_type: 0xfdffffff(slab) [ 366.723874][ T1068] raw: 00fff00000000040 ffff8880166fd500 dead000000000100 dead000000000122 [ 366.732440][ T1068] raw: ffff888021c45a00 0000000080040003 00000001fdffffff ffff88805afef541 [ 366.741010][ T1068] head: 00fff00000000040 ffff8880166fd500 dead000000000100 dead000000000122 [ 366.749923][ T1068] head: ffff888021c45a00 0000000080040003 00000001fdffffff ffff88805afef541 [ 366.758576][ T1068] head: 00fff00000000003 ffffea0000871001 ffffffffffffffff 0000000000000000 [ 366.767233][ T1068] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 366.775889][ T1068] page dumped because: kasan: bad access detected [ 366.782296][ T1068] page_owner tracks the page as allocated [ 366.788028][ T1068] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 52, tgid 52 (kworker/u8:3), ts 7190592114, free_ts 0 [ 366.808163][ T1068] post_alloc_hook+0x1f3/0x230 [ 366.812921][ T1068] get_page_from_freelist+0x2e4c/0x2f10 [ 366.818457][ T1068] __alloc_pages_noprof+0x256/0x6c0 [ 366.823651][ T1068] alloc_slab_page+0x5f/0x120 [ 366.828318][ T1068] allocate_slab+0x5a/0x2f0 [ 366.832811][ T1068] ___slab_alloc+0xcd1/0x14b0 [ 366.837492][ T1068] __slab_alloc+0x58/0xa0 [ 366.841831][ T1068] kmem_cache_alloc_node_noprof+0x1fe/0x320 [ 366.847728][ T1068] dup_task_struct+0x57/0x8c0 [ 366.852392][ T1068] copy_process+0x5d1/0x3e10 [ 366.857019][ T1068] kernel_clone+0x226/0x8f0 [ 366.861507][ T1068] user_mode_thread+0x132/0x1a0 [ 366.866346][ T1068] call_usermodehelper_exec_work+0x5c/0x230 [ 366.872228][ T1068] process_scheduled_works+0xa2c/0x1830 [ 366.877758][ T1068] worker_thread+0x86d/0xd40 [ 366.882332][ T1068] kthread+0x2f0/0x390 [ 366.886398][ T1068] page_owner free stack trace missing [ 366.891763][ T1068] [ 366.894068][ T1068] Memory state around the buggy address: [ 366.899674][ T1068] ffff888021c3ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 366.907715][ T1068] ffff888021c3ff80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 366.915758][ T1068] >ffff888021c40000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 366.923795][ T1068] ^ [ 366.929407][ T1068] ffff888021c40080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 366.937458][ T1068] ffff888021c40100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 366.945501][ T1068] ================================================================== [ 366.978145][ T1068] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 366.985377][ T1068] CPU: 0 UID: 0 PID: 1068 Comm: kworker/u8:6 Not tainted 6.11.0-rc4-syzkaller-00566-g7d3aed652d09 #0 [ 366.996235][ T1068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 367.006277][ T1068] Workqueue: events_unbound linkwatch_event [ 367.012160][ T1068] Call Trace: [ 367.015429][ T1068] [ 367.018345][ T1068] dump_stack_lvl+0x241/0x360 [ 367.023080][ T1068] ? __pfx_dump_stack_lvl+0x10/0x10 [ 367.028552][ T1068] ? __pfx__printk+0x10/0x10 [ 367.033225][ T1068] ? rcu_is_watching+0x15/0xb0 [ 367.038443][ T1068] ? vscnprintf+0x5d/0x90 [ 367.042791][ T1068] panic+0x349/0x860 [ 367.046684][ T1068] ? check_panic_on_warn+0x21/0xb0 [ 367.051780][ T1068] ? __pfx_panic+0x10/0x10 [ 367.056178][ T1068] ? trace_irq_enable+0x2c/0x120 [ 367.061107][ T1068] ? _raw_spin_unlock_irqrestore+0xd8/0x140 [ 367.066986][ T1068] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 367.072870][ T1068] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 367.079185][ T1068] ? print_report+0x502/0x550 [ 367.083861][ T1068] check_panic_on_warn+0x86/0xb0 [ 367.088804][ T1068] ? __mutex_lock+0xcf5/0xd70 [ 367.093474][ T1068] end_report+0x77/0x160 [ 367.097712][ T1068] kasan_report+0x154/0x180 [ 367.102206][ T1068] ? __mutex_lock+0xcf5/0xd70 [ 367.107132][ T1068] __mutex_lock+0xcf5/0xd70 [ 367.111796][ T1068] ? preempt_schedule+0xe1/0xf0 [ 367.116632][ T1068] ? linkwatch_event+0xe/0x60 [ 367.121292][ T1068] ? __pfx_preempt_schedule+0x10/0x10 [ 367.126653][ T1068] ? __pfx___mutex_lock+0x10/0x10 [ 367.131663][ T1068] ? preempt_schedule_thunk+0x1a/0x30 [ 367.137028][ T1068] ? process_scheduled_works+0x945/0x1830 [ 367.142910][ T1068] linkwatch_event+0xe/0x60 [ 367.147401][ T1068] process_scheduled_works+0xa2c/0x1830 [ 367.152944][ T1068] ? __pfx_process_scheduled_works+0x10/0x10 [ 367.158916][ T1068] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 367.164460][ T1068] ? assign_work+0x364/0x3d0 [ 367.169039][ T1068] worker_thread+0x86d/0xd40 [ 367.173623][ T1068] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 367.179511][ T1068] ? __kthread_parkme+0x169/0x1d0 [ 367.184529][ T1068] ? __pfx_worker_thread+0x10/0x10 [ 367.189629][ T1068] kthread+0x2f0/0x390 [ 367.193689][ T1068] ? __pfx_worker_thread+0x10/0x10 [ 367.198786][ T1068] ? __pfx_kthread+0x10/0x10 [ 367.203365][ T1068] ret_from_fork+0x4b/0x80 [ 367.207771][ T1068] ? __pfx_kthread+0x10/0x10 [ 367.212368][ T1068] ret_from_fork_asm+0x1a/0x30 [ 367.217150][ T1068] [ 367.220467][ T1068] Kernel Offset: disabled [ 367.224792][ T1068] Rebooting in 86400 seconds..