last executing test programs: 1m26.062141079s ago: executing program 4 (id=234): socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x200000000000011, 0x2, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r3, &(0x7f00000000c0)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @random="e4bb98e2876d"}, 0x14) getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x0, 0x0, {0x7, r5}, [@MDBA_SET_ENTRY={0x20, 0x1, {r1, 0x0, 0x0, 0x0, {@in6_addr=@private0, 0x86dd}}}]}, 0x38}, 0x1, 0xf00}, 0x600) 1m14.518896659s ago: executing program 4 (id=234): socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x200000000000011, 0x2, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r3, &(0x7f00000000c0)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @random="e4bb98e2876d"}, 0x14) getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x0, 0x0, {0x7, r5}, [@MDBA_SET_ENTRY={0x20, 0x1, {r1, 0x0, 0x0, 0x0, {@in6_addr=@private0, 0x86dd}}}]}, 0x38}, 0x1, 0xf00}, 0x600) 1m1.047885326s ago: executing program 4 (id=234): socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x200000000000011, 0x2, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r3, &(0x7f00000000c0)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @random="e4bb98e2876d"}, 0x14) getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x0, 0x0, {0x7, r5}, [@MDBA_SET_ENTRY={0x20, 0x1, {r1, 0x0, 0x0, 0x0, {@in6_addr=@private0, 0x86dd}}}]}, 0x38}, 0x1, 0xf00}, 0x600) 48.682624239s ago: executing program 4 (id=234): socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x200000000000011, 0x2, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r3, &(0x7f00000000c0)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @random="e4bb98e2876d"}, 0x14) getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x0, 0x0, {0x7, r5}, [@MDBA_SET_ENTRY={0x20, 0x1, {r1, 0x0, 0x0, 0x0, {@in6_addr=@private0, 0x86dd}}}]}, 0x38}, 0x1, 0xf00}, 0x600) 35.048327559s ago: executing program 4 (id=234): socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x200000000000011, 0x2, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r3, &(0x7f00000000c0)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @random="e4bb98e2876d"}, 0x14) getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x0, 0x0, {0x7, r5}, [@MDBA_SET_ENTRY={0x20, 0x1, {r1, 0x0, 0x0, 0x0, {@in6_addr=@private0, 0x86dd}}}]}, 0x38}, 0x1, 0xf00}, 0x600) 15.857200146s ago: executing program 4 (id=234): socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x200000000000011, 0x2, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r3, &(0x7f00000000c0)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @random="e4bb98e2876d"}, 0x14) getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x0, 0x0, {0x7, r5}, [@MDBA_SET_ENTRY={0x20, 0x1, {r1, 0x0, 0x0, 0x0, {@in6_addr=@private0, 0x86dd}}}]}, 0x38}, 0x1, 0xf00}, 0x600) 4.202866438s ago: executing program 0 (id=2692): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$rds(0x15, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b0000000000"], 0x30}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2002}, [@IFLA_IFNAME={0x14, 0x3, 'bond0\x00'}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x3c}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[], 0xf0}}, 0x0) syz_init_net_socket$llc(0x1a, 0x2, 0x0) r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001840), &(0x7f0000001880)=0xc) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000002440), &(0x7f0000002480)=0xc) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000024c0)={0x0}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002c80)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000680)="e40034ea77f09a1229ebdd6f9ed9cc81055bf3fa66f6b2c79498d001679dd9eb12b125cb56313d29185954d9b5d42453d1a67e2ccc4b07e44cf10132ce33ec0714eeba71b7ef13b54492ac793167e6debd3a452bf48af2107460a820ae74f42d4e38f4157ff3ff77c769fedce1a3acb4ebbf067873b2189d9108f5814df45a3e0f6b95f160f7e295a4e459cba60654eb8762af43d5ef02a8e3b6373fa3a769c4c5dbdf89bc7e794a54b269c647215c52fffcbc989937c468ad6d411a9b2be332ee0bd14f4ceac34aa0479b406feb4a4315f8b367f30608d38cb0146628f6", 0xde}, {&(0x7f0000000300)="fd8c8d7ccbaa75da6b9e500791f84ef95c5cc9e2526e1896e8cad5c20295c5ba52d0f1b96eb629720e6f0c994ba83d5459e9f47965a69d4f753fd0bde07e1f469cc80b979ccd81a357668c890fbf31480d1e1fe6c6a725e79f8c7b7681e8f424c1d56bc3319aeac71e4942f39902a705a26c7df9216208ca4be4e5807c4f743789d91ff40000fbf1281c373259e12e359c8b95a61d19adaa909b1e8da7505344fef218f1ded93e3ecca5fcc13355c01e856a4ebab62b4248c39f4150227c06ae1701009737a961e16a9c2ef8c3cb7bd3b0b049ca12eedb181252b39c75d720a54536ff346fb4cde10b6adf688c50d818", 0xf0}], 0x2, &(0x7f0000000580)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {r7}}}], 0x60, 0x800}}, {{0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000001c40)="8ae3298d1176e97d4abfe4585964980543805e53a9d967bced1808b42661353cd0a2b5205312d2f0307ae8c9e5a4", 0x2e}], 0x1, &(0x7f0000001dc0)}}, {{&(0x7f0000002640)=@abs, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4000}}], 0x3, 0x8000) getsockopt$inet_pktinfo(r6, 0x0, 0x8, &(0x7f0000000140)={0x0, @multicast2, @private}, &(0x7f0000000180)=0xc) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0x8004}, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r8 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xe}}, 0x0) getsockname$packet(r8, &(0x7f00000007c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$FOU_CMD_ADD(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x24, r4, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast1}, @FOU_ATTR_IFINDEX={0x8, 0xb, r9}]}, 0x24}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb01001800000000000000280000002800000006000000010000000000000800000000040000000000000000000900010000002e00002e00000000000000000000000000003742a457e7fe4c1551274a381b152f7b15fe3661855882b5b1e2d9675a8c1440f33d41980a231eb85d15482fc4f7e07f87182ae106f4fcea2781fa6ece710a7c8faa2542714c2324ceba641a50ad8999e8ad7b7ccb05ada1417e61b1399e9f55fdaed8b353f15e09169f4b4a00758be32fce44d0a42c4f8e1bc100b5dabf7e7651a53a6505c2f60b438dc7a33bdb6692aa89"], &(0x7f0000002d80)=""/4100, 0x46, 0x1004, 0x1}, 0x20) ioctl$FS_IOC_FSSETXATTR(r5, 0x401c5820, &(0x7f0000000000)={0x2, 0xfffffff8, 0x0, 0x6e65}) r10 = socket$inet6_sctp(0xa, 0x0, 0x84) sendto$inet6(r10, 0x0, 0x0, 0x24048841, &(0x7f00000000c0)={0xa, 0x20, 0x0, @mcast1, 0x15}, 0x1c) setsockopt$inet6_IPV6_ADDRFORM(r10, 0x29, 0x2, 0x0, 0x0) 3.538607488s ago: executing program 0 (id=2699): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)) ioctl$SIOCSIFHWADDR(r0, 0x8b26, &(0x7f0000000080)={'wlan1\x00', @random="000000f900"}) 3.417595707s ago: executing program 0 (id=2701): syz_init_net_socket$ax25(0x3, 0x0, 0x1) connect$ax25(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, &(0x7f0000000000)={0x2, &(0x7f0000000180)=[{0x4}, {0x6}]}, 0x10) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000000)="26eb6d12cb78af20c43504e686a3130f2b123c2587ebe03ac0cce7de9bdfe28abf6398bbdfa8969f", 0x28}], 0x1) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0x40305839, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\b\x00'/20]) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) socket$kcm(0x15, 0x5, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000100)=@l2tp={0xa, 0x0, @broadcast, 0xffffc0fe}, 0x80, 0x0}, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'sit0\x00', 0x0}) r6 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x6}, 0x4) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000340)=ANY=[@ANYBLOB="18080000000000000000000000000000181100005dcf079d2028d7015fe1396a7618e307caf72d619d76e12f5b6d706f9501ee898794d9832ce13f3d4b97a59cb0c5c858f955568af4971a658ede46d0434ffff8ab27e547f8190aa56a43587e286437fced4f4d600765e4f55ebaecc9f449f7b983f18b42846d213aa00cdcde2d54fe15cb434534c46200a3c0f552fb50471d8238", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007baaf8ff00000000b5090800000000007baaf0ff00000000bf8700000000000007090000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7050000080000004600020076000000bf9800000000000056080200000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$packet_fanout_data(r6, 0x107, 0x16, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6}]}, 0x10) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, r5}, 0x14) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0xf00, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001300a900"/20, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="080004007f"], 0x30}}, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c20000000800457916000000000000119078ac1414bbac1414bb00004e2100089078"], 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) recvmmsg(r4, &(0x7f0000003e40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000003780)=[{&(0x7f0000003740)=""/4, 0x4}], 0x1}}, {{0x0, 0x0, &(0x7f0000003bc0)=[{&(0x7f0000003a00)=""/183, 0xb7}], 0x1, &(0x7f0000003c00)=""/63, 0xfffffffffffffe61}}, {{&(0x7f0000003c80)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, 0x0, 0x0, &(0x7f0000003e00)=""/48, 0x30}}], 0x4, 0x0, 0x0) 2.515955729s ago: executing program 0 (id=2708): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000480)={0x1b, 0x0, 0x0, 0x6, 0x0, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x1}, 0x48) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@bloom_filter={0x1e, 0x5, 0x7fff, 0x0, 0x0, 0xffffffffffffffff, 0x7f}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r0, &(0x7f0000000a00), &(0x7f0000000280)=@tcp6=r1}, 0x20) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r3, &(0x7f0000000900)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000008c0)={&(0x7f0000000a80)=ANY=[@ANYRESOCT, @ANYRES16, @ANYRES16=r2], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4c000) getsockname(r2, &(0x7f0000000040)=@in={0x2, 0x0, @remote}, &(0x7f00000000c0)=0x80) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000640), 0xc, &(0x7f00000006c0)={&(0x7f0000000680)=@bridge_getneigh={0x28, 0x1e, 0x8, 0x70bd2b, 0x25dfdbfd, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7003}, [@IFLA_TXQLEN={0x8, 0xd, 0x7}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x40800) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newlink={0xac, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x84, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x74, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_EGRESS_QOS={0x34, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x87cd, 0x6}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x4, 0x27b6}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x6, 0x7}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x6, 0x9}}]}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x6, 0x4}}, @IFLA_VLAN_EGRESS_QOS={0x28, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x200, 0x7}}, @IFLA_VLAN_QOS_MAPPING={0xffffffffffffffa5, 0x1, {0x3, 0x4}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xfffffe01, 0x7f}}]}]}}}, @IFLA_LINK={0x8, 0x5, r5}]}, 0xac}}, 0x0) 2.30749699s ago: executing program 0 (id=2712): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="28000000010859040000000000000000070000020600024088eb00000900010073797a3100000000"], 0x28}, 0x1, 0x0, 0x0, 0x8004}, 0x4008800) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, 0x0, 0x0) r1 = accept(0xffffffffffffffff, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r2 = socket(0x10, 0x803, 0x6) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r2) getsockname$packet(r2, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f00000014c0)={0x2, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x2, 0x18, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x75, @local}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@multicast2, @in6=@private1}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}, @sadb_x_kmaddress={0x8, 0x19, 0x0, @in6={0xa, 0x0, 0x0, @private0}, @in6={0x2, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}]}, 0xe0}}, 0x0) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010f10407000000000000000000000002", @ANYRES32=r3, @ANYBLOB="0000400000000002280012000c00010076657468"], 0x48}}, 0x5) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="2800000014002101000000000000000002200000", @ANYRES32=r3, @ANYBLOB="08000400ffffffff08000200e0"], 0x28}}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="280000001400212100000000000000000200"], 0x28}}, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="2000000014002101000000ac0000000002000000", @ANYRES32=r8, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x18}}, 0x4040004) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x60, 0x0, 0x0, r10}}, 0x24}}, 0x0) r11 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r11, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @local}, 0xc) 2.097054017s ago: executing program 0 (id=2714): socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r0, 0x4004662b, &(0x7f0000000000)=0x1) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000180)='blkio.bfq.dequeue\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f0000002400)={{r1}, 0x0, 0x0, @inherit={0x70, &(0x7f00000005c0)=ANY=[@ANYBLOB="ded5aab3f21edc825431aca9d7d7d3b100000000000000050000000000000000000000000000000000000000000082c273d2a960dff36f216700"/102, @ANYRESOCT=r1, @ANYRESOCT=r1, @ANYBLOB="661bec0316f80d28b1ce12dddf4bd867f7a137efb364022cf840c035336b208093dd223d49726278e0f896d39627b1c4c78a2ed258292d5ef96857aa486276ad72d05240ace0e0751156c5d71dac438f5c132a7371d66cf4c97ff7b4d7ce0a6449565218758aa921eeb192bc7676eb3bed1131da2d4981fb5027d6032c2701126f7803185a83b3ba742d3fd31df557cf8d2867611350fd82b3b7b073d0c6ab74fe5e3b5a2040259c8dcc2a13442b52d818dc9ed2556c1c36936d3fa7cb1402dc28fc081e3c3c9b236385"]}, @name="1e14281273ac5c8262d9b21fc10561c801ffa81fa3ccff813ff8b2a8d6512a8fa9773d1b77ab0bf6220ddc62b49e5ec62c635409107a7633e73e22fdf150b452ea8281d08e02e105fa9c8811a48f9603da4f413e012343fdccf508e6822b4d7d9e8802712fe80ad8c8e586b8d2de859a16c9e58ea47f0672c82a644da949febe03fe15f1ca1d205c5ff4676682b3e3655573bd917161a1faf9584ae483118971353a12d4e588f6e0e02ffc40ffb1e0d6d817515b1fb0d53d7220a9ec1cbad3f5e2a1ac4215d705e2c44717d2cb56d4156020ff75912214c099423c9676263ce96e1fa183a41dd3dad67d57942b0110b6aa5a4ecef357eb0dfc47f9555a422ac7cb9a056a20078194542a5d32600392d4081a8d90c8a634a74e4d41808e9afc87b56436984dab00857dd84d7463d8546a32d7d95664ccf154ca8ac8dd6572ba85456bc7b43bd7ffacf3262e54279098d30faf162c183c034c3a66dd72c62993d2d88212f9c7ce81746a5c4a4ec2670651fab31268fb8146b7054fbe9e7b9b3638c8ceb894cf60d2c2c9633a9fdf501dd2ea264c74676cb9c968765e24d995dd4bbfc57b324a9a25c6615f07462d61bfbbd43a6abc36404223cd5800005694379258e9d6cd6268ff06ac3f4b5ad590a893f90bcc3541e5df8fe6850bbb188cd7a68c608ae6bffdaf0880083b81c0a9fe7b05f4f13e02dd46b0c2e3671012e7c667547883278e7d36c64326d89fe2b3499769b394ebc8e362e83ac126c14e75a3d8c6b0c9b133ef2eb9a960154718188ff78bb3ff39512a70ed24484db1ff6cff8d9ff98da0c719612ac621b695bcfa0ac880c281c6e1a8d42cfd23d4728f4f2ab7e837c189d874be6526ed869e7827f194d180a1b6c5c64fc16d1c05219fecf6afc838ce8a14077868c5e1b2733dd961639b1cd7c80e4593b900eb612bef94a207556cf7da764971b366f08803b36f98b79b00047c558e97f1bc694589727bdf5e43d6ac9aa441190a085311d3dfdb2e4d5c3d777a4d68dac730118cf4a3d44eac920efd975362423f834dec8d6ffbf22d194af2fb4860f7a961cbecbe92491a33b618c8d6c7f8bd27e0be2467c1f2be9e7fa6d3a2d764bba9e7ed13f55ab6a82b3816f6aac2cec627305194f218228a03f8c5255ad348afc8fce5f78c6e5402fd162d37a3562505466a7bdc78b21022aae8eec781f7b3265e71c07710d8e7c1d662852da1cd633d29575a553576222432d175c889300c1c0cb3676e143975afa6f90819ef61c64bcd99bb9168faf4572987a28f3356055b42f38ebf17e5f85fa7ce63d013a00ef287df2f4088bb8867b2b76b980f167a96ac1a44634e2c4741703aaef9cb4bd603014e07b807f178ccd911553fa71beaf81e5ac6f28d6f1514f61b14d247da1f2ba42b6ab06b45c1a639d2de8265030c2baab5e272c5224c47b1f2947c3c956d275808681119205204ee6e20d4ff17091c8a80e1be7afbf88516885573350ad66a67e93247e8850249a137054b378fa25eacac3b0dac7ff0c9176383ace558825130d03767b8356ccf08f2086b39819dd6c72ad28bef5f797777226b1556ff2e7a6a844a5f5ac4217e2b89f771f685304b77eb7e1ca4aa19fbeae39a26fb785ec5c56dc9ae862dc86c3b5af8416a1ad1b37016e76c90d5f981f6221443564db72f2264a9247b12efc1df695029b2bc743befabb4a1d0d7e53f50ea78f57184d5dfbc9aa0e2db761edc13f1db64bf919b98701e532857f4e8279512e0df53ae9352be000c392f66d078af13f3dde08d6ed82c908c96a0ffe7c9fca6cab8f9af74c0919b3de52635bb04e2b2f611d1cb2d5fe4c24ef18494ffb048c51bbb7840301324de92b49d552a46e15400d0c19ee59e9b787627ebbcd4afdbaf349d9f9ad2e1e1fa98c97ca8721de261557ff446502bb2fbbcf6f9024fa08620badf33323ec5b6864e394de21d18f71df50decbbbad76158973fba106c4cb74180a134c44b577bc97f7134c7341cf4b009f5fa442826c2ab65551ddb2fc68368919c989020181debf35f1fa1f7a469e4ea963b097416a1e2dcbafc62d4c5246596f1f715fa9e924901e918f3fc1810c5b201267da0e1932308b51c5025c5d51b0acbc585dd69322bafbb234b4b11ae38a114355909d6454dbf241f28c6774712e4077dee7ff6b85bd0145128679a80673fd9cf734521dad5fe8c126d762c3e90acc25ca8ce2fadeb7a56e2fc61d9c29e04c2d663394f6eebd01f24b3692161f52647abe0ca89c90629e26cac630e81ba329aa0abc57d96c46c5eecc9ef241077dd9114626da9341a0dd6164b073e0fa6f5b9f63c4ec9459745c935466734a14c912b18c22521c1949f80c5bd590e83bd8db831d622f804b7d62cf025904c7f785cee4e7c9558f7f9121e8a8aab37b88bd3ca1d3566e843f077e2be99186fc6d5fa41956983de9aeb42367f1de1ff4f1bd78d772761718a1065a59331eee7fbabecae7a8543664f5cd28fe2e4bc601fce5c75e697384d7f199840901dcd4234c37bf761ed892c3bef713b370ee9a6e1973b96c4f2296fa26dfda1ec3768b884f85db05da45301bb7bb8d90231498a1d1af46b54f8403f4d0014d24bca24f6eba37d58716ab5f74f7b25ff86f42c193455d307d51ab9f61a559cc9e254765fb44c732b49156c5718d4a99293a7cdd1d60788af5d42c1526b830c916b16fc50032a626ef9275072a7d74ce31f608c4888a11c52c9fd60c19a37bb8b3d9a6c35beb85a2c5204b704f29c8053d5624373add4f751349ea84754b4f00c20da2b3158726a06fc5cfa1d6e922ac5c5dcb2108dbce3e6fc4f41e536322bfc46ec699940cfbd0b51c37fdd3a0a819a6cc84de39704a1e6f2a2ac0512b4b1f06b11ab3fc8b16af50506af56397278b8e188c137271e5ab601d6032a0e18aa6d9d0bd40d0b778933abbe90bcb8a3571594e84f797d37fa832dfe86e625c430d42928f61fa527e6baf13161726bfcbc371d96dcd32e8cb7b3b17b41fb440ea044284c6b732c195c50f655107252eb69eef24aeef6c7f325429f8f36462d1660bc000ad40c6282c9e5572c716e3de6d9ef8eccefbfee08ed38d13276be5e78f770968981ee3eaee9c733938729c7c4192838a0a8eeeff153fbd817814ec85efb6c1cc58753ea8b660bb3a247dd62628a075828183ad84d2c60434a2540b5b35b5f0c2c10535c1ee7fba922710279d6b2f0baa0faed56cd87eee274bb8394113772c0fd14cd5bf4f3ef6387fba3ff25d23c7a164863ca9c7b872a6ceef346b1553751faf8880c2160ef2084b49e16514e298a7f0a2429e205015b0c2f1bcc1e48eb4782cf4b246ae574087164d542f85412b9e68816ed029ccc51297fe08b043c4d54ead91096aa8419a13aa77cebb649d75311f24c0b68af204220c4b3df508c55255a0273ee24a483e7f290f2c2e6f063ed4994f12756ee1ddd986bbe6e52b824bab2c3da626c615fa3872ac53a84777d65c2a2b64311b6bee1ed8aa27f648dfb7cae005d3a621d9c10446f992272f18e14ea975d5a723bc34e75f4b3606ff4f61d54781c653abb268893bdcd1801967ac0987599f47971b1f90ae30c3a3561ef8b26d5b9a6b1f9daf29a78ad2014640cd50370c2a15245278e0ccf5057f031f316a547a0d635a378e425895c8570771a14030a8544ef075d3f626aebd0414e9515f4184af3e6ee56c4daea6a254eb9b5b39566664fc651d817b477768af3e8bf24642551c757f8a2d20180b95304bc1dd61622002ff06185efa565b6959623e7e2281ffec4959b5bded3dc7d563766203e75d480aae9a8d2816dd8b6b6f2ba1a8be3683a190d11df4f3e0ad6ba2b8ad6bb9685f2671a1f12dbe4836fd4dac9a0c9d136cecf9f62ac13f25fdc8de85280456aa4c75160a4bc2b478b9cb0822ef199e8f7f9e0245892efbfe33299395e82c20c13662553738d59fe521c450f722d034187b448de40a4458134abd0535d9a8f3414c5aaf9acd2f274e8400c1c8181d15c565b4e085ef9cad5e932b2e1f7891c2fe01fee0296e6c309653e10e1d08346255766a42cebb17fb165e4c28232083610e26f187bd5d1ca7f5e7e7c5cc179b3c862c15b43b6b4601257769b5d3062d56cc8f0ed43df220ec0f4c76ba83b0e18ce9e2e2190e0820aa4437b07e3bfae67ec4c48e1c996f6680eeea99c9f22ada30dc0f9ea905eb043e6431aae0a04740014fa563db6d96209cf1f96daf778dfc194a71c9deb34c14d82616f251eb11cb1bc1e41377ec0a4ccd8a53f2c193e77db47de93ecf5e38caebc394d82a1e61b3b2dda1e50ce42352b5b7d5285525e193486e775d386b3161583c48ca0bd8cd8efa6f7cac5fe9d2292cf23b30f5d4fda4890914e27c895bd16610d0bb2fdab956c68bab1ce89ccac6ebf8949a2a6d714dd944b4559aa291e7a81d77d40a75b901cbcbe4cdf15dde4bb63bd9f192471bd2e0cca88201255c86b422d7f93e068967c248a0414a06b44c13062af66cd5146081c0d9e2591bcc348971d7938e2c34f122253e21e29ed20e4749013bd5679d5a37f37402ecf205ad1527914f85555d642097410bf3c687565ba5cce0e97ca28d92666c1ad3559ac638a88729a97154ef5e394d70dfe712466b238f60548059445d0bae2d6d2da9e78a855fc7692397cedafc7887c94c765f98773f03f3dbb71ffa468f42c61ad91743532387d0f2919b0ba794f90f3988efb98f29867695d55a92575c66a28aab114f1acb09b61de9445ed57e3aecc84c105a2febe8ee0ef447e63629ad6261cbb6b51f1228300289a21f1fb7199cc38821ccc9d1d8db3d45fd2a370062a20ba2265ef0e8df377be01f143d17581cde4473c5383399b14623af3d37fd90c729a351aaa6215915d576d76e83bfca1bb777fcdadd62e5b096509756988f70e09da6cd149585395f05fb0e685ee50bc04a0ebd930d0f570b9cf089ea5cbcf5375f1c988bd31f82b3efa9f95a11654058c58676d5851f31bd6a52d1d9412b567ee817bc8a92e40dac5f76c8092199bac6cc942ad6752f19b9840dd89aea8b219da440b4b3da122fb44b2bb86f9faa5aa06c3b76093cc0c30f6eeeaad57d6163ac4b4e6105d0718b719860f12c767ac452acd7789ba31d9c9d9d9b9dc238044d89258337e3eef815f74fc2a715882b268185c4717e9a47775e11a5c210867cef74ce24d06e1593ddb198bc305ca6e3605c7424cf288a21eeb425206918392f83d178afba94a5e363646aacea3ad854d62d81f08f4a3f404bb69723501c22d95a6cadaf101a52b16d5b69a81c633b5680deced95cf8fe8727707ae8dbcb00d0f6212cc0c2e06af63d5d94f4c2c29a9df70beb9b2f9eb6c98c67c8502bba33f3ce5c150a0ff8ad28ad6de26b74f717630df540e65ef59bdeb97549b9aecb8d3486bcdc79a95267b4a47f06e83e6febe67ee8250aac6a80bb0b9c56d8be1ecbba8da03b22741e90667a44545e4ce422fe415abe81a9949530d61bcadcbe0ccaa3d7f1fc94520deb6a76c0356c768a4acfdd8a0f852baf12f2fbe1ae6fbcfda4dae1316aad07d492221869ffbca179a57f7c190dadee6f97ac1a7396f34e97a90d85eaf78573e9f393e80c9d797f4e96641c4c1d9909da708ec17258b293105475b747e948a5ae6c57805e3049326fd33c761de4cf7be9ec2b9caa9166c25363adf89c70f5385de1cdbea"}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00'}) r3 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, 0xf}, 0x90) r4 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r4, 0x84, 0x1e, &(0x7f00000000c0)=0xa0, 0x4) bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) unshare(0x62040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r6, &(0x7f0000000580)={&(0x7f0000000440), 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x88000) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000100001001c000000000000000000000a20000000000a01010000000000000000020000000900010073797a300000000048000000030a01010000000000000000020000000900010073797a30000000000900030073797a3200000000080007006e617400140004800800014000000000080002"], 0xa4}}, 0x20000094) sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB=','], 0x2c}}, 0x0) close(0xffffffffffffffff) 1.867916393s ago: executing program 3 (id=2717): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x28, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x2}]}]}, 0x28}, 0x1, 0x0, 0xf00000000000000}, 0x0) 1.750467271s ago: executing program 3 (id=2719): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x1e, &(0x7f0000000000)=0x88, 0x4) (async) r1 = socket(0x1e, 0x1, 0x0) listen(r1, 0x0) (async) shutdown(r1, 0x2) (async) readv(r1, &(0x7f0000000980)=[{&(0x7f0000000300)=""/182, 0xb6}], 0x1) r2 = syz_genetlink_get_family_id$smc(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, r2, 0x0, 0x70bd2a, 0x25dfdbfc, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004040}, 0x4000080) (async) bind$inet6(r0, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xa, 0x1, 0x4, 0xffffffff, 0x2, 0x1}, 0x48) (async, rerun: 32) r3 = socket$inet6(0xa, 0x2, 0x0) (async, rerun: 32) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0) (async) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$bt_hci_HCI_FILTER(r5, 0x0, 0x2, &(0x7f0000000000), 0x10) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000080)={0x17b, 0x0}, 0x8) bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f00000000c0)=r6, 0x4) r7 = socket$nl_generic(0x10, 0x3, 0x10) (async) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000e80), 0xffffffffffffffff) (async) r9 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) getsockopt$ax25_int(r9, 0x101, 0x8, &(0x7f0000000800), &(0x7f0000000840)=0x4) sendmsg$DEVLINK_CMD_SB_GET(r7, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000ec0)={0x3c, r8, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0) (async) socket$inet_udplite(0x2, 0x2, 0x88) (async, rerun: 64) bind$inet6(r3, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c) (async, rerun: 64) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xe, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="720ac4ff000000000000009500"/23], &(0x7f0000000040)='syzkaller\x00'}, 0x90) 1.673603321s ago: executing program 2 (id=2720): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x8, 0x3, 0x280, 0x110, 0xffffffff, 0xffffffff, 0x110, 0xffffffff, 0x200, 0xffffffff, 0xffffffff, 0x200, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @dev, [], [], 'batadv0\x00', 'wg1\x00'}, 0x0, 0xa8, 0xe8, 0x0, {0x0, 0x4c00}}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "ea01dace53ca15d49302b6f9280e0081e08ab2cff0c119a466e514dcba71"}}, {{@uncond, 0x0, 0xa8, 0xc8}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2e0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="7cf0ff001000010400"/20, @ANYRES32=r1, @ANYBLOB="00000000000000005c001280110001006272696467655f736c617665000000004400058005000900000000000500200001000000050028"], 0x7c}}, 0x0) 1.630719231s ago: executing program 1 (id=2721): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/5, 0x214000, 0x800}, 0x20) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000001c0)=0x800, 0x4) r1 = socket$tipc(0x1e, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000a00)={'veth1_to_team\x00', 0x0}) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SFACILITIES(r3, 0x89e3, &(0x7f00000000c0)={0x0, 0x0, 0xa, 0xb}) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r4}, 0x10) getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, &(0x7f0000000040), &(0x7f0000000200)=0x30) 1.519794197s ago: executing program 3 (id=2722): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000480)={0x1b, 0x0, 0x0, 0x6, 0x0, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x1}, 0x48) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@bloom_filter={0x1e, 0x5, 0x7fff, 0x0, 0x0, 0xffffffffffffffff, 0x7f}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r0, &(0x7f0000000a00), &(0x7f0000000280)=@tcp6=r1, 0x4}, 0x20) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x0, 0x803, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r3, &(0x7f0000000900)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000008c0)={&(0x7f0000000a80)=ANY=[@ANYRESOCT, @ANYRES16, @ANYRES16=r2], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4c000) getsockname(r2, &(0x7f0000000040)=@in={0x2, 0x0, @remote}, &(0x7f00000000c0)=0x80) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000640), 0xc, &(0x7f00000006c0)={&(0x7f0000000680)=@bridge_getneigh={0x28, 0x1e, 0x8, 0x70bd2b, 0x25dfdbfd, {0x7, 0x0, 0x0, 0x0, 0x0, 0x7003}, [@IFLA_TXQLEN={0x8, 0xd, 0x7}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x40800) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newlink={0xac, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x84, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x74, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_EGRESS_QOS={0x34, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x87cd, 0x6}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x4, 0x27b6}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x6, 0x7}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x6, 0x9}}]}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x6, 0x4}}, @IFLA_VLAN_EGRESS_QOS={0x28, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x200, 0x7}}, @IFLA_VLAN_QOS_MAPPING={0xffffffffffffffa5, 0x1, {0x3, 0x4}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xfffffe01, 0x7f}}]}]}}}, @IFLA_LINK={0x8, 0x5, r5}]}, 0xac}}, 0x0) 1.519314866s ago: executing program 2 (id=2723): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1a, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@getchain={0x2c, 0x66, 0xfcd66a900070b359, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0x0, 0x60}}, [{0x8, 0xb, 0x37}]}, 0x2c}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) close(0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) 1.420335596s ago: executing program 2 (id=2724): r0 = epoll_create1(0x0) epoll_create1(0x0) (async) r1 = epoll_create1(0x0) r2 = socket$isdn(0x22, 0x3, 0x11) ioctl$IMHOLD_L1(r2, 0x80044948, &(0x7f0000000040)=0x1) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) (async) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r1, 0x300, r0, &(0x7f0000000140)={0x30002000}) syz_emit_ethernet(0x3cc, &(0x7f0000000180)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "c5819c", 0x396, 0x3a, 0x0, @dev, @mcast2, {[], @ndisc_ns={0x87, 0x0, 0x0, @loopback, [{0x4, 0x13, "a72ca4b1ec69796fbadccb37fd442c4d8c48b798440c36eb9b6b4202f65e59aca7cec82d57e0d7012d004b22a579869d5deb4a4679efac9f006c312864afc7c6724ebafa521d464aa31c575c6ba6fa029c2ffb1f5e39e06da5ebb10b046a420c7bad645b5792b14903e8106549a90eaddade5cf43d51d6ea04b57dcf63b2e5e84729e5df5a71a2f8081663e61b99ab1740ee86362d431d914a"}, {0x5, 0x1b, "ff4eed91d5fcdea6aab72f88e722154a36cdf20a3c51c94202ca26eaf6a0188cb9282a61d9d789e13a4e3796784067b93975fadb67dd1a3508305cfd5d946c78e0ddfbe9f2fc4e314838c16a7be9d5c9fc767491154332c9bbc999bd265e8d44608e10be81ec5883a7e4017eb74e5a02d6ab2abd632c81e595749bda13ffdf1e98082390b4439488266be162605a63961846a05f5ed6b0d205e7f143423259cdd31604cc90a63da41778a627021263d487deb522c5afa442c28d65e3b393cac3ef557f12a728d9e9bd8ac1749006bcfe4eaf3ac8d8ce2a6e"}, {0x20, 0x1b, "6a45580ba8ffcf8e57ca8d226458bbdddd168836824ad40dd6dccec7875aa6329ed0db55e964a4348c11ac6b7194639578185f4914700258a844dad12adeff8152029c8789eab7e36d6bb872c9e56c7b6dac1b32415d38e7d70761c43745989837e1d48bfc8d08b73776e32d0d217a29c7ae7b067afc89222a4c39b5ea6fbc21e7750f8b065228b1c3dab1be2690ce5ce705bb69e056f6be20060196beb4be105d026b2cd1827166b2f109283206470b4c44e7d2333b8216c0eadf22ab3fa322ad52fa472b22b165e4a7d38f5a066a3b06d43d2fd7335d56de13fd7b"}, {0xe, 0x5, "14fc9f599de1f7bf1850380d1757b35fc58428cdc36bee5f68a51d77671fb8a62c9ba677e5a38799"}, {0x1, 0xc, "cb16e55878da28343e1f91ff701f530dfb24602c52daa640b3d1de6bf68379056b7f3d81419a70a89fcf1e2819d6f0bb282961633124d64b02b6f1b5b086d23cd228eda13c06ba1a965253009baec4c6ec0fa42348a5435480831fa1b3bd7bc5"}, {0x4, 0x14, "8776b00f76321a9ef776086d58333503e3ac37748306a7f4ac0eea2978dab2f048c8c95093d9e9876aa6e5c93f0aa176ce3725da4077919a1c9c2a930b9c88cfe005d32bd1e7231cf9435a7e8d20939db76beb8ae756963c54e655770ec3e0e9490ff32908629f18875694897b213056ebacb0e0eaa8a672e6939014be8898796d9dc015582073c8c15bec3c8531658b2d1ecf8577af457cd63ecf8bab138de9b9"}]}}}}}}, 0x0) 1.357729329s ago: executing program 1 (id=2725): syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, &(0x7f0000000040)=ANY=[], &(0x7f00000000c0)=0x28) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xda00) r1 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0xf, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1, 0x1b, 0x2}, 0x48) 1.311936326s ago: executing program 3 (id=2726): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$rds(0x15, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000001000010000003a194618d96d6d2e8553", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b0000000000"], 0x30}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2002}, [@IFLA_IFNAME={0x14, 0x3, 'bond0\x00'}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x3c}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[], 0xf0}}, 0x0) syz_init_net_socket$llc(0x1a, 0x2, 0x0) r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001840), &(0x7f0000001880)=0xc) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000002440), &(0x7f0000002480)=0xc) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000024c0)={0x0}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002c80)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000680)="e40034ea77f09a1229ebdd6f9ed9cc81055bf3fa66f6b2c79498d001679dd9eb12b125cb56313d29185954d9b5d42453d1a67e2ccc4b07e44cf10132ce33ec0714eeba71b7ef13b54492ac793167e6debd3a452bf48af2107460a820ae74f42d4e38f4157ff3ff77c769fedce1a3acb4ebbf067873b2189d9108f5814df45a3e0f6b95f160f7e295a4e459cba60654eb8762af43d5ef02a8e3b6373fa3a769c4c5dbdf89bc7e794a54b269c647215c52fffcbc989937c468ad6d411a9b2be332ee0bd14f4ceac34aa0479b406feb4a4315f8b367f30608d38cb0146628f6", 0xde}, {&(0x7f0000000300)="fd8c8d7ccbaa75da6b9e500791f84ef95c5cc9e2526e1896e8cad5c20295c5ba52d0f1b96eb629720e6f0c994ba83d5459e9f47965a69d4f753fd0bde07e1f469cc80b979ccd81a357668c890fbf31480d1e1fe6c6a725e79f8c7b7681e8f424c1d56bc3319aeac71e4942f39902a705a26c7df9216208ca4be4e5807c4f743789d91ff40000fbf1281c373259e12e359c8b95a61d19adaa909b1e8da7505344fef218f1ded93e3ecca5fcc13355c01e856a4ebab62b4248c39f4150227c06ae1701009737a961e16a9c2ef8c3cb7bd3b0b049ca12eedb181252b39c75d720a54536ff346fb4cde10b6adf688c50d818", 0xf0}], 0x2, &(0x7f0000000580)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {r7}}}], 0x60, 0x800}}, {{0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000001c40)="8ae3298d1176e97d4abfe4585964980543805e53a9d967bced1808b42661353cd0a2b5205312d2f0307ae8c9e5a4", 0x2e}], 0x1, &(0x7f0000001dc0)}}, {{&(0x7f0000002640)=@abs, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4000}}], 0x3, 0x8000) getsockopt$inet_pktinfo(r6, 0x0, 0x8, &(0x7f0000000140)={0x0, @multicast2, @private}, &(0x7f0000000180)=0xc) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0x8004}, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r8 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xe}}, 0x0) getsockname$packet(r8, &(0x7f00000007c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$FOU_CMD_ADD(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x24, r4, 0x1, 0x0, 0x0, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast1}, @FOU_ATTR_IFINDEX={0x8, 0xb, r9}]}, 0x24}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb01001800000000000000280000002800000006000000010000000000000800000000040000000000000000000900010000002e00002e00000000000000000000000000003742a457e7fe4c1551274a381b152f7b15fe3661855882b5b1e2d9675a8c1440f33d41980a231eb85d15482fc4f7e07f87182ae106f4fcea2781fa6ece710a7c8faa2542714c2324ceba641a50ad8999e8ad7b7ccb05ada1417e61b1399e9f55fdaed8b353f15e09169f4b4a00758be32fce44d0a42c4f8e1bc100b5dabf7e7651a53a6505c2f60b438dc7a33bdb6692aa89"], &(0x7f0000002d80)=""/4100, 0x46, 0x1004, 0x1}, 0x20) ioctl$FS_IOC_FSSETXATTR(r5, 0x401c5820, &(0x7f0000000000)={0x2, 0xfffffff8, 0x0, 0x6e65}) r10 = socket$inet6_sctp(0xa, 0x0, 0x84) sendto$inet6(r10, 0x0, 0x0, 0x24048841, &(0x7f00000000c0)={0xa, 0x20, 0x0, @mcast1, 0x15}, 0x1c) setsockopt$inet6_IPV6_ADDRFORM(r10, 0x29, 0x2, 0x0, 0x0) 1.187951926s ago: executing program 2 (id=2727): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000005c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000280)={0x44, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x18, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x0, 0x0, 0x58]}}]}]}]}, 0x44}}, 0x0) (fail_nth: 5) 1.187191461s ago: executing program 1 (id=2728): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000140)='9', 0x1}], 0x1) r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xe, 0x4, 0x8, 0x6, 0x0, 0x1}, 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r1, &(0x7f0000000140), 0x0}, 0x20) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) r2 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c) listen(r2, 0x80080400) r3 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r3, &(0x7f0000e5c000)={0x2, 0x4e20, @remote}, 0x10) getsockopt$inet_int(r3, 0x10d, 0xc9, &(0x7f0000000000), &(0x7f0000000240)=0x4) r4 = socket$packet(0x11, 0x3, 0x300) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000001180), r7) sendmsg$NFC_CMD_GET_SE(r6, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000011c0)={0x14, r8, 0x5953a6d8b15e6715}, 0x14}}, 0x0) sendmsg$NFC_CMD_GET_TARGET(r5, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000004}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x14, r8, 0x20, 0x70bd25, 0x25dfdbfb, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4) ioctl$sock_SIOCGIFINDEX(r4, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', 0x0}) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f00000000c0)={r9, 0x2, 0x6}, 0xfffffffffffffdd9) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xe, 0x4, 0x4, 0x8, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000140)={r10, &(0x7f00000007c0), &(0x7f00000000c0)=""/79}, 0x20) r11 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r11, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000180)={0x0, @in={{0x2, 0x4e23, @multicast1}}, 0xa000000, 0x1, 0x0, 0x0, 0x55, 0x5, 0x7f}, 0x9c) r12 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r12, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000000)=@newtaction={0x60, 0x30, 0x53b, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_simple={0x48, 0x1, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}}, 0x0) 614.08436ms ago: executing program 2 (id=2729): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r0) sendmsg$NL80211_CMD_DEL_TX_TS(r0, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000b00)={0x38, r3, 0x428, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0xfffffff8, 0x12}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}]}, 0x38}}, 0x8001) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000007c0), r2) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_IPTABLES={0x5}]}}}]}, 0x3c}}, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_DEV(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="dd30b700"], 0x14}}, 0x0) r7 = openat$cgroup_ro(r1, &(0x7f0000000080)='cpuset.memory_pressure\x00', 0x275a, 0x0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000004c0), r6) r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000600), r0) r11 = socket(0x11, 0x800000003, 0x0) r12 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r11, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r12, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000b40)=@gettclass={0x24, 0x2a, 0x200, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r13, {0x3, 0xd}, {0xfff3, 0x9}, {0x7, 0xffe0}}, ["", "", ""]}, 0x24}}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000940)={0xffffffffffffffff, 0xe0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000640)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0), 0x0, 0xad, &(0x7f00000006c0)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000740), &(0x7f0000000780), 0x8, 0x2b, 0x8, 0x8, &(0x7f0000000800)}}, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000980)={'team0\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f0000000ac0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x80480}, 0xc, &(0x7f0000000a80)={&(0x7f00000009c0)=ANY=[@ANYBLOB="84000000", @ANYRES16=r10, @ANYBLOB="000425bd7000fedbdf250600000014000180080003000300000008000100", @ANYRES32=r13, @ANYBLOB="5c000180b8e9c1061869f5d570300000000000000000000008000100", @ANYRES32=r14, @ANYBLOB="14000200626f6e645f736c6176655f31000000000800030002000000080003000100000008000100", @ANYRES32=r15, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="0800030002000000"], 0x84}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) sendmsg$NLBL_MGMT_C_ADD(r8, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x34, r9, 0x20, 0x70bd2c, 0x25dfdbfc, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}, @NLBL_MGMT_A_CLPDOI={0x8}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x26}]}, 0x34}, 0x1, 0x0, 0x0, 0x44011}, 0x5000) pread64(r7, 0x0, 0x9, 0x0) r16 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r17 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wpan3\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEV(r16, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x94, r17, 0x200, 0x70bd2b, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_DEVICE={0x10, 0x2e, 0x0, 0x1, {0xc, 0x4, {0xaaaaaaaaaaaa0202}}}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r18}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x2e, 0x0, 0x1, {0xc, 0x4, {0xaaaaaaaaaaaa0302}}}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x7}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x2e, 0x0, 0x1, {0xc, 0x4, {0xaaaaaaaaaaaa0102}}}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x2e, 0x0, 0x1, {0xc}}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x2e, 0x0, 0x1, {0xc, 0x4, {0xaaaaaaaaaaaa0202}}}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x2e, 0x0, 0x1, {0xc, 0x4, {0xaaaaaaaaaaaa0102}}}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) bpf$ENABLE_STATS(0x20, &(0x7f0000000440), 0x4) read(r7, &(0x7f0000001440)=""/180, 0xb4) sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYRES8=r1, @ANYRES64=r1, @ANYRESOCT=r1, @ANYRESHEX=0x0], 0x78}}, 0x40000) 439.801758ms ago: executing program 3 (id=2730): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000240)="480000001400190d09004beafd0d8c562c84ed7a80ffe05e959126dda8900db462060f000000000000a2bc5603ca00000f7f89000000200000000301ff0000000309ff5bffff00c7", 0x48}], 0x1) 359.86825ms ago: executing program 1 (id=2731): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000100)=0x10) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000001c0)=0x8) r3 = socket(0x2, 0x80805, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x11, &(0x7f00000077c0)={r2, 0x0, 0x500}, 0x8) 358.855105ms ago: executing program 2 (id=2732): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$kcm(0x10, 0x400000002, 0x0) r2 = socket(0x2, 0x2, 0x0) getsockopt$nfc_llcp(r2, 0x88, 0x68, 0x0, 0x20000000) r3 = socket$inet6(0xa, 0x4, 0x5) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000480)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x44, 0x44, 0xb, [@typedef={0x6}, @func={0x6, 0x0, 0x0, 0xc, 0x3}, @func_proto={0x0, 0x4, 0x0, 0xd, 0x0, [{0xe}, {0xe}, {0xf}, {0xe, 0x1}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x61, 0x61, 0x5f, 0x2e]}}, &(0x7f0000000500)=""/59, 0x67, 0x3b, 0x1}, 0x20) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000000)={0x0, 0x2}, &(0x7f0000000400)=0x8) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f0000000440)={r4}, &(0x7f0000000640)=0x8) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x4, 0x6, 0x80}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000017c0)={r5, &(0x7f0000001700), &(0x7f0000001780), 0x3}, 0x20) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2, 0x13, r3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00'}, 0x10) sendmsg$inet(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000240)="b000000016007f029e78f6030f7a0a762353bfb89fd8c902317bab30f89f080aaaaeb9d8091c815dcf03e14e877733fff4fe20a5be870f576b162e7de2d02673e789a4950c9cdc206e086fd0dc8ca9afcd9d522ac78876a4595146add31b35355848794ca3f8b38aef1e114ab9fb0200000000000000a3b0c81c6f8144e74fe13b80ca46c1a6c04ad73c9d44b605f900"/158, 0x9e}, {&(0x7f00000000c0)="68c32a7de6a2395800000000000000000000894faaf39ffe271f432f", 0x1c}], 0x2}, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r6, &(0x7f00000001c0)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r7, &(0x7f0000000100), 0xfffffd9d) sendfile(r6, r7, 0x0, 0x8000002b) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{0x1}, &(0x7f0000000140), &(0x7f0000000300)}, 0x20) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000380)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x2}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x3, 0x15, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x21}, {{0x18, 0x1, 0x1, 0x0, r7}}, {}, [@generic={0x9, 0x8, 0x2, 0x1, 0x9}, @map_val, @call={0x85, 0x0, 0x0, 0x20}, @exit, @exit], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$IPSET_CMD_RENAME(r0, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000002880)={&(0x7f0000002840)={0x1c, 0x5, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) r9 = socket(0x10, 0x803, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r9, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={0x0, 0x14}}, 0x28004000) getsockname$packet(r9, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32=r10, @ANYBLOB="0000000000000000280012000900010076"], 0x48}}, 0x0) socket(0x28, 0x5, 0x0) socket(0x28, 0x5, 0x0) 192.5906ms ago: executing program 3 (id=2733): syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000500)=[{{&(0x7f0000000040)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0xbf, 0x0}}], 0x73d, 0x0, 0x0) ppoll(&(0x7f0000000440)=[{}], 0x1, 0x0, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb01001800000000000000300000003000000004000000020000000000001103000000ffffffff000000000100000d010000000000000001000000020000000000000802000000000061"], 0x0, 0x4c}, 0x20) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r1, 0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x2c, r2, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r4}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}]]}, 0x2c}}, 0x0) clock_gettime(0xfffffffffffffffd, 0x0) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xa00, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0) syz_emit_ethernet(0x3b6, &(0x7f00000003c0)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x380, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x9, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af2502"}, {0x0, 0x1, "000000050000000026000400"}, {0x0, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x0, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f019"}, {0x21, 0x7, "b8a3e100908f61640000000200fe80ffff00000000000000ff0bc0fe00000000008879e66485201a0015ca83747357a027450004000000"}, {0x0, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c"}, {0x0, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81ed"}]}}}}}}, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x3, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x85}}, &(0x7f0000000000)='GPL\x00'}, 0x90) 174.513973ms ago: executing program 1 (id=2734): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x4) socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) write(r1, &(0x7f0000000040)="2700250014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27) 0s ago: executing program 1 (id=2735): r0 = socket$inet6(0xa, 0x80002, 0x0) sendmmsg$inet(r0, &(0x7f0000000e00)=[{{&(0x7f0000000180)={0x2, 0x4e23, @rand_addr=0x2000000}, 0x10, 0x0, 0x0, &(0x7f0000000b40)=[@ip_retopts={{0x1c, 0x0, 0x7, {[@cipso={0x86, 0xa, 0x3, [{0x5, 0x4, "f1ac"}]}]}}}], 0x20, 0x25}}], 0x1, 0x0) kernel console output (not intermixed with test programs): ][T12892] tipc: Enabling of bearer rejected, already enabled [ 333.219630][ T5102] Bluetooth: hci0: command tx timeout [ 333.300310][ T5102] Bluetooth: hci1: command tx timeout [ 334.066327][T12746] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 334.073489][T12746] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 334.101651][T12746] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 334.116432][T12746] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 334.123554][T12746] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 334.153814][T12746] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 334.597787][T12746] hsr_slave_0: entered promiscuous mode [ 334.620525][T12746] hsr_slave_1: entered promiscuous mode [ 334.667979][T12746] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 334.675610][T12746] Cannot create hsr debugfs directory [ 335.297268][ T5102] Bluetooth: hci0: command tx timeout [ 335.376133][ T5102] Bluetooth: hci1: command tx timeout [ 335.831640][T12986] netlink: 5312 bytes leftover after parsing attributes in process `syz.2.1867'. [ 335.851597][T12986] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 336.424877][T12746] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.467874][T12744] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 336.502502][T12744] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 336.619163][T12746] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.642478][T12744] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 336.654033][T13027] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1880'. [ 336.664188][T13027] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1880'. [ 336.685478][T13029] netlink: 'syz.3.1881': attribute type 10 has an invalid length. [ 336.694756][T13029] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1881'. [ 336.715725][T12744] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 336.742892][T13030] A link change request failed with some changes committed already. Interface macvlan0 may have been left with an inconsistent configuration, please check. [ 336.834520][T12746] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.994936][T12746] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.111274][T13047] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1886'. [ 337.211102][T13047] netlink: 'syz.0.1886': attribute type 6 has an invalid length. [ 337.258085][T12744] 8021q: adding VLAN 0 to HW filter on device bond0 [ 337.295025][T12744] 8021q: adding VLAN 0 to HW filter on device team0 [ 337.409437][T13057] netlink: 'syz.2.1889': attribute type 27 has an invalid length. [ 337.582967][T13057] sit0: left promiscuous mode [ 337.644150][T13057] bridge0: port 2(bridge_slave_1) entered disabled state [ 337.652104][T13057] bridge0: port 1(bridge_slave_0) entered disabled state [ 337.669062][T13057] bond0: left promiscuous mode [ 337.674047][T13057] bond_slave_0: left promiscuous mode [ 337.681316][T13057] bond_slave_1: left promiscuous mode [ 337.693007][T13057] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 337.764669][T13057] wg2: left promiscuous mode [ 337.773344][T13057] wg2: left allmulticast mode [ 337.839293][T13057] infiniband syz2: set down [ 337.893436][T13057] batadv_slave_0: left promiscuous mode [ 337.914821][T13057] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 338.054676][T13057] macsec0: left promiscuous mode [ 338.061006][T13057] macsec0: left allmulticast mode [ 338.068736][T13057] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 338.085013][T13057] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 338.094726][T13057] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 338.105483][T13057] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 338.261067][T13067] netlink: 'syz.3.1891': attribute type 10 has an invalid length. [ 338.289729][ T5148] bridge0: port 1(bridge_slave_0) entered blocking state [ 338.296988][ T5148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 338.318637][ T5148] bridge0: port 2(bridge_slave_1) entered blocking state [ 338.325922][ T5148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 338.376409][T13069] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1892'. [ 338.395694][T13059] bridge0: port 3(geneve1) entered blocking state [ 338.417239][T13059] bridge0: port 3(geneve1) entered disabled state [ 338.424062][T13059] geneve1: entered allmulticast mode [ 338.445709][T13059] geneve1: entered promiscuous mode [ 338.477092][T13072] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1892'. [ 338.565083][T12746] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 338.658007][T12746] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 338.688500][T13082] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1894'. [ 338.708471][T12746] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 338.744868][T12746] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 338.845259][T13084] tipc: Enabling of bearer rejected, already enabled [ 339.257268][T12746] 8021q: adding VLAN 0 to HW filter on device bond0 [ 339.335688][T12746] 8021q: adding VLAN 0 to HW filter on device team0 [ 339.391652][ T45] bridge0: port 1(bridge_slave_0) entered blocking state [ 339.399281][ T45] bridge0: port 1(bridge_slave_0) entered forwarding state [ 339.440094][ T45] bridge0: port 2(bridge_slave_1) entered blocking state [ 339.447391][ T45] bridge0: port 2(bridge_slave_1) entered forwarding state [ 339.471508][T13113] netlink: 'syz.0.1901': attribute type 1 has an invalid length. [ 339.499904][T13113] netlink: 112860 bytes leftover after parsing attributes in process `syz.0.1901'. [ 339.520499][T12744] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 339.528341][T13113] netlink: 1 bytes leftover after parsing attributes in process `syz.0.1901'. [ 339.602444][T13116] netlink: 'syz.2.1902': attribute type 6 has an invalid length. [ 339.650715][T12746] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 340.368704][T13145] syzkaller0: entered promiscuous mode [ 340.385099][T13145] syzkaller0: entered allmulticast mode [ 340.442913][ T35] syzkaller0: tun_net_xmit 48 [ 340.462827][T13154] syzkaller0: tun_chr_ioctl cmd 2147767520 [ 340.520554][T12746] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 340.578800][T13145] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 340.585526][T13145] syzkaller0: Linktype set failed because interface is up [ 340.632514][T13145] netlink: 'syz.0.1908': attribute type 5 has an invalid length. [ 340.687847][T13145] syzkaller0: tun_net_xmit 1280 [ 343.245765][T12744] veth0_vlan: entered promiscuous mode [ 343.312372][T12746] veth0_vlan: entered promiscuous mode [ 343.350619][T12744] veth1_vlan: entered promiscuous mode [ 343.401307][T12746] veth1_vlan: entered promiscuous mode [ 343.604157][T12746] veth0_macvtap: entered promiscuous mode [ 343.623858][T12744] veth0_macvtap: entered promiscuous mode [ 343.649024][T12746] veth1_macvtap: entered promiscuous mode [ 343.703365][T12744] veth1_macvtap: entered promiscuous mode [ 343.713222][T13244] __nla_validate_parse: 3 callbacks suppressed [ 343.713243][T13244] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.1918'. [ 343.733211][T12746] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 343.758541][T13246] netlink: 'syz.0.1919': attribute type 10 has an invalid length. [ 343.817686][T12746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 343.838883][T12746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.860210][T12746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 343.882660][T12746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.892483][T13251] netlink: 'syz.2.1918': attribute type 3 has an invalid length. [ 343.915735][T12746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 343.942426][T12746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.964405][T12746] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 344.020602][T12746] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.041976][T12746] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.061153][T12746] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.086063][T12746] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.158903][T12744] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 344.182871][T12744] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.206453][T12744] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 344.260685][T12744] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 344.297266][T12744] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.326174][T12744] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 344.349594][T12744] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.390115][T12744] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 344.417668][T12744] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.445674][T12744] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 344.482937][T12744] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.509707][T12744] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 344.582423][T12744] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.606072][T12744] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.623548][T12744] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.635568][T12744] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.709865][T13283] netlink: 'syz.3.1927': attribute type 15 has an invalid length. [ 344.718596][T13283] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1927'. [ 344.728152][T13281] tap0: tun_chr_ioctl cmd 1074025672 [ 344.733514][T13281] tap0: ignored: set checksum enabled [ 344.810416][ T2483] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 344.828899][ T2483] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.894161][T13286] netlink: 'syz.3.1928': attribute type 29 has an invalid length. [ 344.941651][T13286] netlink: 'syz.3.1928': attribute type 29 has an invalid length. [ 344.956810][T13287] netlink: 'syz.3.1928': attribute type 29 has an invalid length. [ 345.000773][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 345.009485][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 345.103319][ T2467] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 345.134403][ T2467] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 345.220158][ T2483] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 345.240999][ T2483] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 345.480869][T13305] x_tables: duplicate underflow at hook 1 [ 345.593273][T13315] dccp_invalid_packet: P.Data Offset(0) too small [ 345.725230][ T2467] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 345.910311][ T2467] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 346.001303][ T2467] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 346.084839][ T2467] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 346.218218][ T2467] bridge_slave_1: left allmulticast mode [ 346.223906][ T2467] bridge_slave_1: left promiscuous mode [ 346.230103][ T2467] bridge0: port 2(bridge_slave_1) entered disabled state [ 346.239806][ T2467] bridge_slave_0: left allmulticast mode [ 346.245471][ T2467] bridge_slave_0: left promiscuous mode [ 346.252174][ T2467] bridge0: port 1(bridge_slave_0) entered disabled state [ 346.619697][ T2467] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 346.634376][ T2467] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 346.645955][ T2467] bond0 (unregistering): Released all slaves [ 347.013695][ T2467] hsr_slave_0: left promiscuous mode [ 347.031550][ T2467] hsr_slave_1: left promiscuous mode [ 347.044301][ T2467] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 347.052245][ T2467] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 347.061406][ T2467] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 347.069661][ T2467] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 347.094919][ T2467] veth1_macvtap: left promiscuous mode [ 347.100642][ T2467] veth0_macvtap: left promiscuous mode [ 347.106561][ T2467] veth1_vlan: left promiscuous mode [ 347.111948][ T2467] veth0_vlan: left promiscuous mode [ 347.865049][ T2467] team0 (unregistering): Port device team_slave_1 removed [ 347.988702][ T2467] team0 (unregistering): Port device team_slave_0 removed [ 348.051896][ T4488] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 348.063444][ T4488] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 348.076063][ T4488] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 348.098375][ T4488] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 348.109589][ T4488] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 348.123812][ T4488] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 348.581273][T13336] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1940'. [ 348.794957][T13360] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1947'. [ 348.936546][T13360] netlink: 'syz.3.1947': attribute type 6 has an invalid length. [ 349.257383][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 349.560165][T13353] chnl_net:caif_netlink_parms(): no params data found [ 349.611618][T13402] bond0: (slave bond_slave_0): Releasing backup interface [ 349.711247][T13407] batadv_slave_0: entered promiscuous mode [ 349.925647][T13353] bridge0: port 1(bridge_slave_0) entered blocking state [ 349.967402][T13353] bridge0: port 1(bridge_slave_0) entered disabled state [ 349.983328][T13353] bridge_slave_0: entered allmulticast mode [ 350.011573][T13353] bridge_slave_0: entered promiscuous mode [ 350.026351][T13353] bridge0: port 2(bridge_slave_1) entered blocking state [ 350.039586][T13353] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.052454][T13353] bridge_slave_1: entered allmulticast mode [ 350.060851][T13353] bridge_slave_1: entered promiscuous mode [ 350.168522][T13353] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 350.176209][ T4488] Bluetooth: hci0: command tx timeout [ 350.195496][T13434] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1972'. [ 350.234187][T13353] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 350.307665][T13429] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1971'. [ 350.336744][T13429] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1971'. [ 350.449712][T13353] team0: Port device team_slave_0 added [ 350.478243][T13353] team0: Port device team_slave_1 added [ 350.544747][T13445] netlink: 'syz.2.1977': attribute type 20 has an invalid length. [ 350.628036][T13353] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 350.628901][T13449] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1977'. [ 350.665025][T13353] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 350.703617][T13353] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 350.785739][T13449] openvswitch: ÊügáG: Dropping previously announced user features [ 350.786520][T13353] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 350.802487][T13353] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 350.845971][T13353] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 350.914271][T13456] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1980'. [ 350.961724][T13462] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1982'. [ 351.062117][T13466] netlink: 'syz.1.1982': attribute type 6 has an invalid length. [ 351.112537][T13353] hsr_slave_0: entered promiscuous mode [ 351.120494][T13353] hsr_slave_1: entered promiscuous mode [ 351.139785][T13469] FAULT_INJECTION: forcing a failure. [ 351.139785][T13469] name failslab, interval 1, probability 0, space 0, times 0 [ 351.166916][T13469] CPU: 0 PID: 13469 Comm: syz.0.1983 Not tainted 6.10.0-rc7-syzkaller-00262-g70c676cb3dfc #0 [ 351.177207][T13469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 351.187304][T13469] Call Trace: [ 351.190698][T13469] [ 351.193635][T13469] dump_stack_lvl+0x241/0x360 [ 351.198345][T13469] ? __pfx_dump_stack_lvl+0x10/0x10 [ 351.203565][T13469] ? __pfx__printk+0x10/0x10 [ 351.208180][T13469] ? netlink_insert+0x10b7/0x14b0 [ 351.213221][T13469] should_fail_ex+0x3b0/0x4e0 [ 351.218006][T13469] ? __alloc_skb+0x1c3/0x440 [ 351.222642][T13469] should_failslab+0x9/0x20 [ 351.227181][T13469] kmem_cache_alloc_node_noprof+0x71/0x320 [ 351.233019][T13469] __alloc_skb+0x1c3/0x440 [ 351.237458][T13469] ? __pfx___alloc_skb+0x10/0x10 [ 351.242413][T13469] ? netlink_autobind+0xd6/0x2f0 [ 351.247369][T13469] ? netlink_autobind+0x2b0/0x2f0 [ 351.252415][T13469] netlink_sendmsg+0x631/0xcb0 [ 351.257208][T13469] ? __pfx_netlink_sendmsg+0x10/0x10 [ 351.262512][T13469] ? __import_iovec+0x536/0x820 [ 351.267373][T13469] ? aa_sock_msg_perm+0x91/0x160 [ 351.272418][T13469] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 351.277712][T13469] ? security_socket_sendmsg+0x87/0xb0 [ 351.283186][T13469] ? __pfx_netlink_sendmsg+0x10/0x10 [ 351.288491][T13469] __sock_sendmsg+0x221/0x270 [ 351.293183][T13469] ____sys_sendmsg+0x525/0x7d0 [ 351.297973][T13469] ? __pfx_____sys_sendmsg+0x10/0x10 [ 351.303295][T13469] __sys_sendmsg+0x2b0/0x3a0 [ 351.307906][T13469] ? __pfx___sys_sendmsg+0x10/0x10 [ 351.313030][T13469] ? vfs_write+0x7c4/0xc90 [ 351.317496][T13469] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 351.323835][T13469] ? do_syscall_64+0x100/0x230 [ 351.328621][T13469] ? do_syscall_64+0xb6/0x230 [ 351.333323][T13469] do_syscall_64+0xf3/0x230 [ 351.337851][T13469] ? clear_bhb_loop+0x35/0x90 [ 351.342547][T13469] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 351.348472][T13469] RIP: 0033:0x7f57e8d75bd9 [ 351.352898][T13469] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 351.372516][T13469] RSP: 002b:00007f57e9a7c048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 351.380944][T13469] RAX: ffffffffffffffda RBX: 00007f57e8f03f60 RCX: 00007f57e8d75bd9 [ 351.388928][T13469] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000003 [ 351.396906][T13469] RBP: 00007f57e9a7c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 351.404907][T13469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 351.412888][T13469] R13: 000000000000004d R14: 00007f57e8f03f60 R15: 00007ffe6c03b5f8 [ 351.420884][T13469] [ 351.810985][T13490] netlink: 'syz.0.1989': attribute type 4 has an invalid length. [ 351.831107][T13492] netlink: 'syz.0.1989': attribute type 4 has an invalid length. [ 352.205164][T13505] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1996'. [ 352.224605][T13505] netlink: 'syz.3.1996': attribute type 6 has an invalid length. [ 352.257110][ T4488] Bluetooth: hci0: command tx timeout [ 352.277913][T13353] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 352.304826][T13353] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 352.344027][T13353] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 352.363706][T13353] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 352.549261][T13353] 8021q: adding VLAN 0 to HW filter on device bond0 [ 352.614217][T13353] 8021q: adding VLAN 0 to HW filter on device team0 [ 352.638872][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 352.646222][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 352.678999][T13521] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1999'. [ 352.717232][T13525] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1999'. [ 352.751733][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 352.759027][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 352.814036][T13521] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 352.959947][T13521] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 353.054241][T13533] wireguard0: entered promiscuous mode [ 353.060658][T13533] wireguard0: entered allmulticast mode [ 353.222211][T13353] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 353.573074][T13565] netlink: 'syz.3.2014': attribute type 1 has an invalid length. [ 353.813249][T13353] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 353.975253][T13585] __nla_validate_parse: 5 callbacks suppressed [ 353.975278][T13585] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2018'. [ 354.101919][T13591] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2020'. [ 354.145684][T13591] xt_recent: hitcount (2147483648) is larger than allowed maximum (255) [ 354.163628][T13592] xt_recent: hitcount (2147483648) is larger than allowed maximum (255) [ 354.334044][T13605] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2024'. [ 354.336878][ T4488] Bluetooth: hci0: command tx timeout [ 354.573943][T13353] veth0_vlan: entered promiscuous mode [ 354.633362][T13353] veth1_vlan: entered promiscuous mode [ 354.755064][T13353] veth0_macvtap: entered promiscuous mode [ 354.785266][T13353] veth1_macvtap: entered promiscuous mode [ 354.809067][T13620] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 354.833367][T13353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 354.858705][T13353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.883791][T13353] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 354.904594][T13353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 354.944296][T13353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.965006][T13353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 354.977893][T13353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.988105][T13637] netlink: 780 bytes leftover after parsing attributes in process `syz.1.2032'. [ 355.001407][T13637] unsupported nla_type 152 [ 355.006882][T13353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 355.019618][T13353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.034639][T13353] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 355.053123][T13353] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.064826][T13353] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.074358][T13353] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.097042][T13353] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.277702][ T142] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 355.305678][ T142] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 355.321056][T13646] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2037'. [ 355.368194][ T2483] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 355.377187][ T2483] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 355.977309][T13668] netlink: 'syz.3.2044': attribute type 1 has an invalid length. [ 356.081267][T13668] bond1: (slave gretap1): making interface the new active one [ 356.098461][T13668] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 356.110211][T13674] tipc: Started in network mode [ 356.117242][T13674] tipc: Node identity aaaaaaaaaa3, cluster identity 4711 [ 356.139727][T13674] tipc: Enabled bearer , priority 0 [ 356.277215][T13684] Unsupported ieee802154 address type: 0 [ 356.327590][T13678] IPVS: Scheduler module ip_vs_sip not found [ 356.786229][T13709] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2058'. [ 356.795251][T13709] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2058'. [ 357.076699][T13729] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2064'. [ 357.077085][T13721] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2063'. [ 357.256167][ T25] tipc: Node number set to 10136234 [ 357.370179][ T2853] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.074537][ T2853] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.144224][ T2853] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.202920][ T2853] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.296253][ T2853] bridge_slave_1: left allmulticast mode [ 358.302871][ T2853] bridge_slave_1: left promiscuous mode [ 358.310993][ T2853] bridge0: port 2(bridge_slave_1) entered disabled state [ 358.321402][ T2853] bridge_slave_0: left allmulticast mode [ 358.327386][ T2853] bridge_slave_0: left promiscuous mode [ 358.333086][ T2853] bridge0: port 1(bridge_slave_0) entered disabled state [ 358.672982][ T2853] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 358.685662][ T2853] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 358.698418][ T2853] bond0 (unregistering): Released all slaves [ 359.063447][ T2853] hsr_slave_0: left promiscuous mode [ 359.069696][ T2853] hsr_slave_1: left promiscuous mode [ 359.079039][ T2853] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 359.088255][ T2853] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 359.096951][ T2853] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 359.104377][ T2853] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 359.139973][ T2853] veth1_macvtap: left promiscuous mode [ 359.157911][ T2853] veth0_macvtap: left promiscuous mode [ 359.163713][ T2853] veth1_vlan: left promiscuous mode [ 359.204212][ T2853] veth0_vlan: left promiscuous mode [ 359.254146][T13743] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2067'. [ 359.619307][ T5102] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 359.632106][ T5102] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 359.643181][ T5102] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 359.655266][ T5102] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 359.667746][ T5102] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 359.675491][ T5102] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 359.712665][T13764] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2074'. [ 359.729073][T13764] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2074'. [ 360.134217][T13773] Bluetooth: hci3: invalid length 0, exp 2 for type 7 [ 360.168338][ T2853] team0 (unregistering): Port device team_slave_1 removed [ 360.218253][ T2853] team0 (unregistering): Port device team_slave_0 removed [ 360.868548][T13779] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2078'. [ 361.407319][T13799] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2085'. [ 361.700365][ T4488] Bluetooth: hci0: command tx timeout [ 361.770767][T13817] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2090'. [ 361.829935][T13817] bridge5: the hash_elasticity option has been deprecated and is always 16 [ 362.012483][T13760] chnl_net:caif_netlink_parms(): no params data found [ 362.069283][T13833] netlink: 5312 bytes leftover after parsing attributes in process `syz.1.2095'. [ 362.116312][T13833] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 362.168688][T13837] netlink: 'syz.0.2097': attribute type 21 has an invalid length. [ 362.178340][T13837] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2097'. [ 362.258912][T13760] bridge0: port 1(bridge_slave_0) entered blocking state [ 362.260788][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 362.276073][T13760] bridge0: port 1(bridge_slave_0) entered disabled state [ 362.292797][T13760] bridge_slave_0: entered allmulticast mode [ 362.307511][T13760] bridge_slave_0: entered promiscuous mode [ 362.321553][T13760] bridge0: port 2(bridge_slave_1) entered blocking state [ 362.336270][T13760] bridge0: port 2(bridge_slave_1) entered disabled state [ 362.344019][T13760] bridge_slave_1: entered allmulticast mode [ 362.361206][T13760] bridge_slave_1: entered promiscuous mode [ 362.468775][T13760] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 362.534172][T13760] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 362.660282][T13760] team0: Port device team_slave_0 added [ 362.670773][T13760] team0: Port device team_slave_1 added [ 362.773130][T13760] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 362.790964][T13760] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 362.833702][T13760] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 362.877191][T13760] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 362.884372][T13760] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 362.966259][T13760] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 363.188276][T13760] hsr_slave_0: entered promiscuous mode [ 363.215682][T13760] hsr_slave_1: entered promiscuous mode [ 363.482964][T13914] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2114'. [ 363.531800][T13913] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2116'. [ 363.656864][T13916] netlink: 'syz.0.2114': attribute type 6 has an invalid length. [ 363.776464][ T5102] Bluetooth: hci0: command tx timeout [ 363.791319][T13923] IPv6: sit1: Disabled Multicast RS [ 363.978053][T13929] team0: Port device macvlan1 added [ 364.166929][T13938] netlink: 'syz.0.2123': attribute type 1 has an invalid length. [ 364.217808][T13937] team_slave_0: entered promiscuous mode [ 364.224022][T13937] team_slave_1: entered promiscuous mode [ 364.249228][T13937] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 364.274439][T13937] bond0: (slave macvlan2): Enslaving as an active interface with an up link [ 364.665147][T13957] __nla_validate_parse: 2 callbacks suppressed [ 364.665168][T13957] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2129'. [ 364.702139][T13960] netlink: 'syz.0.2129': attribute type 6 has an invalid length. [ 364.924866][T13970] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2132'. [ 365.063851][T13760] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 365.104563][T13760] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 365.126373][T13760] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 365.198063][T13760] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 365.243951][T13981] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2137'. [ 365.449065][T13992] veth0_vlan: entered allmulticast mode [ 365.639969][T13760] 8021q: adding VLAN 0 to HW filter on device bond0 [ 365.689845][T13760] 8021q: adding VLAN 0 to HW filter on device team0 [ 365.708410][T13999] bridge0: port 1(bridge_slave_0) entered disabled state [ 365.723839][T13999] tipc: Resetting bearer [ 365.732763][T13999] bridge_slave_1: left allmulticast mode [ 365.739347][T13999] bridge_slave_1: left promiscuous mode [ 365.745359][T13999] bridge0: port 2(bridge_slave_1) entered disabled state [ 365.756882][T13999] tipc: Resetting bearer [ 365.765490][T13999] bond0: (slave bond_slave_0): Releasing backup interface [ 365.780491][T13999] bond0: (slave bond_slave_1): Releasing backup interface [ 365.809255][T13999] team0: Port device team_slave_0 removed [ 365.832744][T13999] team0: Port device team_slave_1 removed [ 365.845546][T13999] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 365.856219][ T5102] Bluetooth: hci0: command 0x040f tx timeout [ 365.873102][T13999] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 365.894161][T14007] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2144'. [ 365.905243][T13999] batman_adv: batadv0: Removing interface: ipvlan2 [ 365.924486][T13997] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2140'. [ 365.969312][T14003] 8021q: adding VLAN 0 to HW filter on device bond0 [ 365.985157][T14003] team0: Port device bond0 added [ 366.012606][T14010] netlink: 'syz.2.2144': attribute type 6 has an invalid length. [ 366.056639][ T5153] bridge0: port 1(bridge_slave_0) entered blocking state [ 366.063891][ T5153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 366.126185][ T5153] bridge0: port 2(bridge_slave_1) entered blocking state [ 366.133412][ T5153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 366.284487][T13760] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 366.329469][T14026] netlink: 188 bytes leftover after parsing attributes in process `syz.3.2151'. [ 366.346652][T14026] netlink: 'syz.3.2151': attribute type 1 has an invalid length. [ 366.374647][T14023] netlink: 120 bytes leftover after parsing attributes in process `syz.2.2148'. [ 366.395765][T14023] xt_TPROXY: Can be used only with -p tcp or -p udp [ 366.562600][T14034] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2152'. [ 366.597611][T14037] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2153'. [ 366.679673][T14039] FAULT_INJECTION: forcing a failure. [ 366.679673][T14039] name failslab, interval 1, probability 0, space 0, times 0 [ 366.697006][T13760] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 366.712819][T14039] CPU: 0 PID: 14039 Comm: syz.2.2154 Not tainted 6.10.0-rc7-syzkaller-00262-g70c676cb3dfc #0 [ 366.723034][T14039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 366.733131][T14039] Call Trace: [ 366.736448][T14039] [ 366.739417][T14039] dump_stack_lvl+0x241/0x360 [ 366.744155][T14039] ? __pfx_dump_stack_lvl+0x10/0x10 [ 366.749407][T14039] ? __pfx__printk+0x10/0x10 [ 366.754057][T14039] ? netlink_insert+0x10b7/0x14b0 [ 366.759133][T14039] should_fail_ex+0x3b0/0x4e0 [ 366.763871][T14039] ? __alloc_skb+0x1c3/0x440 [ 366.768507][T14039] should_failslab+0x9/0x20 [ 366.773059][T14039] kmem_cache_alloc_node_noprof+0x71/0x320 [ 366.778918][T14039] __alloc_skb+0x1c3/0x440 [ 366.783372][T14039] ? __pfx___alloc_skb+0x10/0x10 [ 366.788323][T14039] ? netlink_autobind+0xd6/0x2f0 [ 366.793276][T14039] ? netlink_autobind+0x2b0/0x2f0 [ 366.798335][T14039] netlink_sendmsg+0x631/0xcb0 [ 366.803143][T14039] ? __pfx_netlink_sendmsg+0x10/0x10 [ 366.808473][T14039] ? __import_iovec+0x536/0x820 [ 366.813342][T14039] ? aa_sock_msg_perm+0x91/0x160 [ 366.818307][T14039] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 366.823599][T14039] ? security_socket_sendmsg+0x87/0xb0 [ 366.829075][T14039] ? __pfx_netlink_sendmsg+0x10/0x10 [ 366.834404][T14039] __sock_sendmsg+0x221/0x270 [ 366.839115][T14039] ____sys_sendmsg+0x525/0x7d0 [ 366.843899][T14039] ? __pfx_____sys_sendmsg+0x10/0x10 [ 366.849208][T14039] __sys_sendmsg+0x2b0/0x3a0 [ 366.853812][T14039] ? __pfx___sys_sendmsg+0x10/0x10 [ 366.858935][T14039] ? vfs_write+0x7c4/0xc90 [ 366.863400][T14039] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 366.869740][T14039] ? do_syscall_64+0x100/0x230 [ 366.874522][T14039] ? do_syscall_64+0xb6/0x230 [ 366.879218][T14039] do_syscall_64+0xf3/0x230 [ 366.883739][T14039] ? clear_bhb_loop+0x35/0x90 [ 366.888422][T14039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 366.894330][T14039] RIP: 0033:0x7ffb4d775bd9 [ 366.898751][T14039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 366.918467][T14039] RSP: 002b:00007ffb4e4b2048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 366.927013][T14039] RAX: ffffffffffffffda RBX: 00007ffb4d903f60 RCX: 00007ffb4d775bd9 [ 366.935004][T14039] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 366.942990][T14039] RBP: 00007ffb4e4b20a0 R08: 0000000000000000 R09: 0000000000000000 [ 366.950968][T14039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 366.959035][T14039] R13: 000000000000000b R14: 00007ffb4d903f60 R15: 00007fffd3719518 [ 366.967030][T14039] [ 367.000438][T14042] batadv0: entered promiscuous mode [ 367.020475][T14042] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 367.031508][T14042] batadv0: left promiscuous mode [ 367.494820][T13760] veth0_vlan: entered promiscuous mode [ 367.524593][T13760] veth1_vlan: entered promiscuous mode [ 367.628230][T14077] netlink: 'syz.3.2164': attribute type 15 has an invalid length. [ 367.659155][T14077] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2164'. [ 367.723359][T13760] veth0_macvtap: entered promiscuous mode [ 367.803125][T13760] veth1_macvtap: entered promiscuous mode [ 367.889573][T14089] team0: Device is already in use. [ 367.914408][T13760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 367.936985][ T5102] Bluetooth: hci0: command 0x040f tx timeout [ 367.949692][T13760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.962124][T13760] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 367.981351][T13760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 367.992738][T13760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.005106][T13760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 368.018189][T13760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.030356][T13760] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 368.041076][T13760] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.058097][T13760] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 368.077982][T13760] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.107309][T13760] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.119090][T13760] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.130092][T13760] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.355235][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 368.380658][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 368.524048][T14109] x_tables: duplicate underflow at hook 1 [ 368.544535][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 368.587109][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 369.239641][T14139] syz.2.2185: vmalloc error: size 16781312, failed to allocated page array size 32776, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 369.250111][T14151] –eth0_vlan: renamed from bridge_slave_1 (while UP) [ 369.297093][T14139] CPU: 0 PID: 14139 Comm: syz.2.2185 Not tainted 6.10.0-rc7-syzkaller-00262-g70c676cb3dfc #0 [ 369.307404][T14139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 369.317499][T14139] Call Trace: [ 369.320816][T14139] [ 369.323778][T14139] dump_stack_lvl+0x241/0x360 [ 369.328525][T14139] ? __pfx_dump_stack_lvl+0x10/0x10 [ 369.333776][T14139] ? __pfx__printk+0x10/0x10 [ 369.338426][T14139] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 369.344894][T14139] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 369.351446][T14139] warn_alloc+0x278/0x410 [ 369.355884][T14139] ? __pfx_warn_alloc+0x10/0x10 [ 369.361480][T14139] ? xskq_create+0xb6/0x170 [ 369.366014][T14139] ? __get_vm_area_node+0x23d/0x270 [ 369.371247][T14139] __vmalloc_node_range_noprof+0x69f/0x1460 [ 369.377178][T14139] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 369.383518][T14139] ? __kasan_kmalloc+0x98/0xb0 [ 369.388309][T14139] ? xskq_create+0x54/0x170 [ 369.392845][T14139] vmalloc_user_noprof+0x74/0x80 [ 369.397806][T14139] ? xskq_create+0xb6/0x170 [ 369.402323][T14139] xskq_create+0xb6/0x170 [ 369.406674][T14139] xsk_init_queue+0xa1/0x100 [ 369.411305][T14139] xsk_setsockopt+0x598/0x950 [ 369.416003][T14139] ? __pfx_xsk_setsockopt+0x10/0x10 [ 369.421228][T14139] ? __pfx_lock_acquire+0x10/0x10 [ 369.426611][T14139] ? aa_sock_opt_perm+0x79/0x120 [ 369.431570][T14139] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 369.437125][T14139] ? security_socket_setsockopt+0x87/0xb0 [ 369.442858][T14139] ? __pfx_xsk_setsockopt+0x10/0x10 [ 369.448068][T14139] do_sock_setsockopt+0x3af/0x720 [ 369.453112][T14139] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 369.458694][T14139] ? __fget_files+0x29/0x470 [ 369.463308][T14139] ? __fget_files+0x3f6/0x470 [ 369.468015][T14139] __sys_setsockopt+0x1ae/0x250 [ 369.472891][T14139] __x64_sys_setsockopt+0xb5/0xd0 [ 369.478110][T14139] do_syscall_64+0xf3/0x230 [ 369.482636][T14139] ? clear_bhb_loop+0x35/0x90 [ 369.487327][T14139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.493238][T14139] RIP: 0033:0x7ffb4d775bd9 [ 369.497748][T14139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 369.517472][T14139] RSP: 002b:00007ffb4e470048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 369.525899][T14139] RAX: ffffffffffffffda RBX: 00007ffb4d904110 RCX: 00007ffb4d775bd9 [ 369.533964][T14139] RDX: 0000000000000002 RSI: 000000000000011b RDI: 000000000000000b [ 369.541941][T14139] RBP: 00007ffb4d7e4e60 R08: 0000000000000004 R09: 0000000000000000 [ 369.550011][T14139] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 [ 369.557993][T14139] R13: 000000000000000b R14: 00007ffb4d904110 R15: 00007fffd3719518 [ 369.566005][T14139] [ 369.601634][T14139] Mem-Info: [ 369.605197][T14139] active_anon:3397 inactive_anon:0 isolated_anon:0 [ 369.605197][T14139] active_file:1547 inactive_file:38290 isolated_file:0 [ 369.605197][T14139] unevictable:768 dirty:224 writeback:0 [ 369.605197][T14139] slab_reclaimable:9732 slab_unreclaimable:104072 [ 369.605197][T14139] mapped:13214 shmem:1282 pagetables:614 [ 369.605197][T14139] sec_pagetables:0 bounce:0 [ 369.605197][T14139] kernel_misc_reclaimable:0 [ 369.605197][T14139] free:1393764 free_pcp:3782 free_cma:0 [ 369.652616][T14139] Node 0 active_anon:13488kB inactive_anon:0kB active_file:6188kB inactive_file:153080kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:52856kB dirty:892kB writeback:0kB shmem:3592kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10948kB pagetables:2456kB sec_pagetables:0kB all_unreclaimable? no [ 369.694040][T14139] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:80kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 369.727404][T14139] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 369.774883][T14139] lowmem_reserve[]: 0 2571 2571 0 0 [ 369.795155][T14139] Node 0 DMA32 free:1606740kB boost:0kB min:35108kB low:43884kB high:52660kB reserved_highatomic:0KB active_anon:15940kB inactive_anon:0kB active_file:6188kB inactive_file:152780kB unevictable:1536kB writepending:888kB present:3129332kB managed:2659864kB mlocked:0kB bounce:0kB free_pcp:13724kB local_pcp:7528kB free_cma:0kB [ 369.858631][T14139] lowmem_reserve[]: 0 0 0 0 0 [ 369.863446][T14139] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:300kB unevictable:0kB writepending:4kB present:1048576kB managed:360kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 369.912426][T14139] lowmem_reserve[]: 0 0 0 0 0 [ 369.922812][T14162] __nla_validate_parse: 4 callbacks suppressed [ 369.922834][T14162] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2192'. [ 369.922861][T14139] Node 1 Normal free:3950684kB boost:0kB min:54788kB low:68484kB high:82180kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:80kB unevictable:1536kB writepending:4kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:1008kB local_pcp:1008kB free_cma:0kB [ 369.974031][T14139] lowmem_reserve[]: 0 0 0 0 0 [ 369.988155][T14139] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 370.011935][T14139] Node 0 DMA32: 1*4kB (M) 2*8kB (UE) 26*16kB (M) 109*32kB (UM) 154*64kB (UME) 41*128kB (UME) 60*256kB (UME) 43*512kB (UME) 17*1024kB (UM) 9*2048kB (U) 369*4096kB (UM) = 1603668kB [ 370.047078][T14139] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 370.085340][T14139] Node 1 Normal: 5*4kB (UM) 5*8kB (UM) 8*16kB (UM) 7*32kB (UM) 1*64kB (M) 3*128kB (UM) 1*256kB (U) 4*512kB (UM) 5*1024kB (U) 3*2048kB (U) 961*4096kB (M) = 3950684kB [ 370.103977][T14139] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 370.114139][T14139] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 370.124295][T14139] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 370.135115][T14139] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 370.144653][T14139] 43419 total pagecache pages [ 370.149622][T14139] 0 pages in swap cache [ 370.153809][T14139] Free swap = 124996kB [ 370.166425][T14139] Total swap = 124996kB [ 370.170633][T14139] 2097051 pages RAM [ 370.181323][T14139] 0 pages HighMem/MovableOnly [ 370.188002][T14139] 400875 pages reserved [ 370.192197][T14139] 0 pages cma reserved [ 370.284469][T14172] netlink: 'syz.2.2197': attribute type 5 has an invalid length. [ 370.428729][T14177] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2199'. [ 370.522492][T14180] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2201'. [ 370.615606][T14185] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2203'. [ 370.902060][T13902] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.527291][T13902] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.593088][T13902] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.684882][T13902] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.798987][T13902] bridge_slave_1: left allmulticast mode [ 371.804781][T13902] bridge_slave_1: left promiscuous mode [ 371.810672][T13902] bridge0: port 2(bridge_slave_1) entered disabled state [ 371.821489][T13902] bridge_slave_0: left allmulticast mode [ 371.827721][T13902] bridge_slave_0: left promiscuous mode [ 371.833544][T13902] bridge0: port 1(bridge_slave_0) entered disabled state [ 372.192787][T13902] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 372.205129][T13902] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 372.217467][T13902] bond0 (unregistering): Released all slaves [ 372.607392][T13902] hsr_slave_0: left promiscuous mode [ 372.613508][T13902] hsr_slave_1: left promiscuous mode [ 372.624028][T13902] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 372.642213][T13902] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 372.650818][T13902] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 372.666187][T13902] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 372.693424][T13902] veth1_macvtap: left promiscuous mode [ 372.699649][T13902] veth0_macvtap: left promiscuous mode [ 372.705372][T13902] veth1_vlan: left promiscuous mode [ 372.711467][T13902] veth0_vlan: left promiscuous mode [ 372.788575][T14207] netlink: 'syz.2.2209': attribute type 1 has an invalid length. [ 372.819867][T14207] netlink: 'syz.2.2209': attribute type 1 has an invalid length. [ 372.855921][T14207] netlink: 'syz.2.2209': attribute type 2 has an invalid length. [ 372.864317][T14210] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 372.885033][T14211] netlink: 6 bytes leftover after parsing attributes in process `syz.3.2210'. [ 372.928036][T14207] netlink: 'syz.2.2209': attribute type 1 has an invalid length. [ 372.936390][T14210] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 372.962071][T14214] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2209'. [ 372.989643][T14207] netlink: 'syz.2.2209': attribute type 1 has an invalid length. [ 373.018289][T14207] netlink: 'syz.2.2209': attribute type 2 has an invalid length. [ 373.199338][ T4488] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 373.211060][ T4488] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 373.223318][ T4488] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 373.233340][ T4488] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 373.241988][ T4488] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 373.251291][ T4488] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 373.653463][T13902] team0 (unregistering): Port device team_slave_1 removed [ 373.713764][T13902] team0 (unregistering): Port device team_slave_0 removed [ 374.328094][T14227] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2213'. [ 374.368433][T14229] €Â: left allmulticast mode [ 374.373214][T14229] €Â: left promiscuous mode [ 374.402179][T14229] bridge0: port 1(€Â) entered disabled state [ 374.440861][T14229] –eth0_vlan: left allmulticast mode [ 374.452491][T14229] –eth0_vlan: left promiscuous mode [ 374.458551][T14229] bridge0: port 2(–eth0_vlan) entered disabled state [ 374.493254][T14229] bond0: (slave bond_slave_1): Releasing backup interface [ 374.567092][T14229] team0: Port device team_slave_0 removed [ 374.631013][T14229] team0: Port device team_slave_1 removed [ 374.645049][T14229] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 374.653313][T14229] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 374.674298][T14229] bond0: (slave team1): Releasing backup interface [ 374.701106][T14229] bond1: (slave gretap1): Releasing backup interface [ 374.927745][T14239] netlink: 'syz.0.2219': attribute type 10 has an invalid length. [ 374.946999][T14239] team0: Port device netdevsim0 added [ 375.011989][T14247] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2222'. [ 375.026263][T14243] netlink: 'syz.0.2219': attribute type 10 has an invalid length. [ 375.084354][T14250] xt_recent: hitcount (2147483648) is larger than allowed maximum (255) [ 375.275688][T14255] xt_ecn: cannot match TCP bits for non-tcp packets [ 375.299829][ T4488] Bluetooth: hci0: command tx timeout [ 375.406211][T14255] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2224'. [ 375.492779][T14218] chnl_net:caif_netlink_parms(): no params data found [ 375.576670][T14268] netlink: 'syz.2.2226': attribute type 9 has an invalid length. [ 375.618316][T14276] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2230'. [ 375.630805][T14276] ip6gretap0: entered allmulticast mode [ 375.762061][T14218] bridge0: port 1(bridge_slave_0) entered blocking state [ 375.769491][T14218] bridge0: port 1(bridge_slave_0) entered disabled state [ 375.778876][T14218] bridge_slave_0: entered allmulticast mode [ 375.787037][T14218] bridge_slave_0: entered promiscuous mode [ 375.796326][T14218] bridge0: port 2(bridge_slave_1) entered blocking state [ 375.803666][T14218] bridge0: port 2(bridge_slave_1) entered disabled state [ 375.813967][T14218] bridge_slave_1: entered allmulticast mode [ 375.822164][T14218] bridge_slave_1: entered promiscuous mode [ 375.923435][T14218] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 375.973375][T14218] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 376.126840][T14302] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2238'. [ 376.195672][T14218] team0: Port device team_slave_0 added [ 376.222917][T14218] team0: Port device team_slave_1 added [ 376.392194][T14218] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 376.405340][T14218] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 376.448128][T14218] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 376.460971][T14315] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2241'. [ 376.473179][T14315] tipc: Enabled bearer , priority 0 [ 376.488302][T14318] bridge6: entered promiscuous mode [ 376.515289][T14320] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2245'. [ 376.535347][T14218] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 376.553517][T14218] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 376.605025][T14218] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 376.799203][T14334] netlink: 188 bytes leftover after parsing attributes in process `syz.3.2249'. [ 376.824612][T14218] hsr_slave_0: entered promiscuous mode [ 376.843397][T14218] hsr_slave_1: entered promiscuous mode [ 376.994821][T14342] bridge_slave_0: left allmulticast mode [ 377.033422][T14342] bridge_slave_0: left promiscuous mode [ 377.043812][T14342] bridge0: port 1(bridge_slave_0) entered disabled state [ 377.088844][T14342] bridge_slave_1: left allmulticast mode [ 377.105334][T14342] bridge_slave_1: left promiscuous mode [ 377.125671][T14342] bridge0: port 2(bridge_slave_1) entered disabled state [ 377.161587][T14342] bond0: (slave bond_slave_0): Releasing backup interface [ 377.201948][T14342] bond0: (slave bond_slave_1): Releasing backup interface [ 377.233149][T14362] netlink: 240 bytes leftover after parsing attributes in process `syz.2.2257'. [ 377.272832][T14342] team_slave_0: left promiscuous mode [ 377.329757][T14342] team0: Port device team_slave_0 removed [ 377.342091][T14342] team_slave_1: left promiscuous mode [ 377.355059][T14342] team0: Port device team_slave_1 removed [ 377.376124][ T4488] Bluetooth: hci0: command tx timeout [ 377.382966][T14342] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 377.396248][T14342] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 377.426548][T14342] team0: Port device macvlan1 removed [ 377.443557][T14342] bond0: (slave macvlan2): Releasing backup interface [ 377.505714][T14348] 8021q: adding VLAN 0 to HW filter on device bond0 [ 377.517247][T14348] team0: Port device bond0 added [ 377.531301][ T6739] tipc: Resetting bearer [ 377.957802][T14384] syzkaller0: entered promiscuous mode [ 377.973304][T14384] syzkaller0: entered allmulticast mode [ 378.003114][T14384] ieee802154 phy0 wpan0: encryption failed: -90 [ 378.194602][T14395] netlink: 'syz.3.2267': attribute type 1 has an invalid length. [ 378.212542][T14395] netlink: 9396 bytes leftover after parsing attributes in process `syz.3.2267'. [ 378.306789][T14218] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 378.326709][T14218] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 378.350019][T14402] xt_SECMARK: invalid mode: 0 [ 378.354747][T14218] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 378.355700][T14401] xt_SECMARK: invalid mode: 0 [ 378.372898][T14218] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 378.647647][T14409] 8021q: adding VLAN 0 to HW filter on device bond0 [ 378.655777][T14409] team0: Port device bond0 added [ 378.693328][T14414] netlink: 'syz.0.2272': attribute type 23 has an invalid length. [ 378.718236][T14218] 8021q: adding VLAN 0 to HW filter on device bond0 [ 378.775783][T14218] 8021q: adding VLAN 0 to HW filter on device team0 [ 378.815672][ T5153] bridge0: port 1(bridge_slave_0) entered blocking state [ 378.822952][ T5153] bridge0: port 1(bridge_slave_0) entered forwarding state [ 378.882034][ T6739] bridge0: port 2(bridge_slave_1) entered blocking state [ 378.889297][ T6739] bridge0: port 2(bridge_slave_1) entered forwarding state [ 378.910774][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.918203][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.330968][T14438] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2281'. [ 379.350028][T14438] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 379.366577][T14438] (unnamed net_device) (uninitialized): option arp_validate: invalid value (18446744071562199068) [ 379.430516][T14218] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 379.458938][ T4488] Bluetooth: hci0: command tx timeout [ 379.954206][T14218] veth0_vlan: entered promiscuous mode [ 379.981752][T14218] veth1_vlan: entered promiscuous mode [ 380.070376][T14218] veth0_macvtap: entered promiscuous mode [ 380.105240][T14218] veth1_macvtap: entered promiscuous mode [ 380.143860][T14481] netlink: 'syz.3.2293': attribute type 2 has an invalid length. [ 380.160462][T14481] __nla_validate_parse: 2 callbacks suppressed [ 380.160485][T14481] netlink: 38 bytes leftover after parsing attributes in process `syz.3.2293'. [ 380.215644][T14218] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 380.243404][T14218] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 380.260969][T14218] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.304288][T14218] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 380.336790][T14218] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 380.360418][T14218] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 380.390554][T14487] IPVS: set_ctl: invalid protocol: 0 224.0.0.1:0 [ 380.444411][T14218] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.464641][T14218] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.478757][T14218] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.495458][T14218] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.767561][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 380.775442][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 380.859827][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 380.870088][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 381.153796][T14517] netlink: 'syz.2.2306': attribute type 16 has an invalid length. [ 381.260470][T14523] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2308'. [ 381.758934][T14547] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2315'. [ 381.812163][T14548] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2316'. [ 381.915598][T14551] tipc: Resetting bearer [ 381.967064][T14551] team0: Port device bond0 removed [ 382.051669][T14555] 8021q: adding VLAN 0 to HW filter on device bond0 [ 382.079921][T14555] team0: Port device bond0 added [ 382.301958][T14571] netlink: 47 bytes leftover after parsing attributes in process `syz.2.2326'. [ 382.318468][T14571] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2326'. [ 382.481858][T14580] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2328'. [ 382.639908][T14590] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2333'. [ 382.671052][T14590] xfrm1: entered promiscuous mode [ 382.677457][T14590] xfrm1: entered allmulticast mode [ 382.712365][T14594] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2335'. [ 382.931020][T14610] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2341'. [ 382.968422][T14612] netlink: 'syz.3.2342': attribute type 1 has an invalid length. [ 383.102007][ T62] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.348505][ T62] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.413391][ T62] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.486338][ T62] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.604127][ T62] bridge_slave_1: left allmulticast mode [ 384.611130][ T62] bridge_slave_1: left promiscuous mode [ 384.618365][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 384.629006][ T62] bridge_slave_0: left allmulticast mode [ 384.634686][ T62] bridge_slave_0: left promiscuous mode [ 384.640678][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 384.992787][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 385.004409][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 385.018243][ T62] bond0 (unregistering): Released all slaves [ 385.107268][T14623] x_tables: ip6_tables: rpfilter match: used from hooks POSTROUTING, but only valid from PREROUTING [ 385.504211][ T53] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 385.520936][ T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 385.532272][ T53] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 385.549112][ T53] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 385.558490][ T53] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 385.568468][ T53] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 385.987627][T14645] __nla_validate_parse: 1 callbacks suppressed [ 385.987647][T14645] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2353'. [ 386.084716][T14649] netlink: 'syz.1.2356': attribute type 5 has an invalid length. [ 386.106390][ T4488] Bluetooth: hci2: command 0x0406 tx timeout [ 386.245936][T14656] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2355'. [ 386.284690][T14656] netlink: 'syz.0.2355': attribute type 30 has an invalid length. [ 386.383428][T14667] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2360'. [ 386.411776][T14667] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2360'. [ 386.510809][ T62] hsr_slave_0: left promiscuous mode [ 386.540574][ T62] hsr_slave_1: left promiscuous mode [ 386.554998][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 386.564355][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 386.573222][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 386.586805][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 386.651839][ T62] veth1_macvtap: left promiscuous mode [ 386.668185][ T62] veth0_macvtap: left promiscuous mode [ 386.677370][ T62] veth1_vlan: left promiscuous mode [ 386.682776][ T62] veth0_vlan: left promiscuous mode [ 387.404297][ T62] team0 (unregistering): Port device team_slave_1 removed [ 387.455163][ T62] team0 (unregistering): Port device team_slave_0 removed [ 387.617062][ T5102] Bluetooth: hci0: command tx timeout [ 387.914137][T14688] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2365'. [ 388.075892][T14698] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2367'. [ 388.142003][T14704] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2371'. [ 388.445441][T14638] chnl_net:caif_netlink_parms(): no params data found [ 388.859207][T14638] bridge0: port 1(bridge_slave_0) entered blocking state [ 388.877336][T14638] bridge0: port 1(bridge_slave_0) entered disabled state [ 388.884824][T14638] bridge_slave_0: entered allmulticast mode [ 388.920239][T14638] bridge_slave_0: entered promiscuous mode [ 388.941118][T14638] bridge0: port 2(bridge_slave_1) entered blocking state [ 388.956684][T14638] bridge0: port 2(bridge_slave_1) entered disabled state [ 388.970947][T14638] bridge_slave_1: entered allmulticast mode [ 388.999275][T14638] bridge_slave_1: entered promiscuous mode [ 389.053221][T14734] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2380'. [ 389.100042][T14638] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 389.168603][T14638] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 389.295522][T14638] team0: Port device team_slave_0 added [ 389.354973][T14638] team0: Port device team_slave_1 added [ 389.525226][T14638] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 389.553753][T14638] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 389.591940][T14638] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 389.617054][T14638] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 389.632698][T14638] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 389.702281][ T5102] Bluetooth: hci0: command tx timeout [ 389.767930][T14638] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 389.925287][T14638] hsr_slave_0: entered promiscuous mode [ 389.942816][T14638] hsr_slave_1: entered promiscuous mode [ 390.373794][T14769] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2392'. [ 390.502110][T14775] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2395'. [ 390.943858][T14796] team0: Port device bond0 removed [ 391.020681][T14799] 8021q: adding VLAN 0 to HW filter on device bond0 [ 391.060564][T14799] team0: Port device bond0 added [ 391.069492][T14801] netlink: 'syz.1.2402': attribute type 13 has an invalid length. [ 391.272900][T14806] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2404'. [ 391.371946][T14638] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 391.445391][T14638] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 391.470502][T14638] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 391.505070][T14638] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 391.719996][T14827] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2412'. [ 391.776542][ T5102] Bluetooth: hci0: command tx timeout [ 391.885495][T14638] 8021q: adding VLAN 0 to HW filter on device bond0 [ 391.931079][T14837] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2416'. [ 391.976265][T14638] 8021q: adding VLAN 0 to HW filter on device team0 [ 391.996060][T14841] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2417'. [ 392.024800][ T6739] bridge0: port 1(bridge_slave_0) entered blocking state [ 392.032072][ T6739] bridge0: port 1(bridge_slave_0) entered forwarding state [ 392.063279][ T5153] bridge0: port 2(bridge_slave_1) entered blocking state [ 392.070617][ T5153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 392.685991][T14638] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 393.019186][T14891] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2429'. [ 393.233513][T14899] team0: Port device bond0 removed [ 393.241255][T14904] FAULT_INJECTION: forcing a failure. [ 393.241255][T14904] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 393.278793][T14904] CPU: 1 PID: 14904 Comm: syz.0.2433 Not tainted 6.10.0-rc7-syzkaller-00262-g70c676cb3dfc #0 [ 393.289135][T14904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 393.299320][T14904] Call Trace: [ 393.302811][T14904] [ 393.305776][T14904] dump_stack_lvl+0x241/0x360 [ 393.310509][T14904] ? __pfx_dump_stack_lvl+0x10/0x10 [ 393.315755][T14904] ? __pfx__printk+0x10/0x10 [ 393.320421][T14904] ? __pfx_lock_release+0x10/0x10 [ 393.325504][T14904] should_fail_ex+0x3b0/0x4e0 [ 393.330242][T14904] _copy_from_user+0x2f/0xe0 [ 393.334879][T14904] copy_msghdr_from_user+0xae/0x680 [ 393.340110][T14904] ? __pfx___might_resched+0x10/0x10 [ 393.345423][T14904] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 393.351253][T14904] ? __might_fault+0xaa/0x120 [ 393.356003][T14904] do_recvmmsg+0x40f/0xae0 [ 393.360477][T14904] ? __pfx_lock_release+0x10/0x10 [ 393.365577][T14904] ? __pfx_do_recvmmsg+0x10/0x10 [ 393.370575][T14904] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 393.376520][T14904] ? ksys_write+0x23e/0x2c0 [ 393.381053][T14904] ? __pfx_lock_release+0x10/0x10 [ 393.386102][T14904] ? vfs_write+0x7c4/0xc90 [ 393.390590][T14904] ? __mutex_unlock_slowpath+0x21d/0x750 [ 393.396252][T14904] ? __fget_files+0x3f6/0x470 [ 393.400958][T14904] __x64_sys_recvmmsg+0x199/0x250 [ 393.406027][T14904] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 393.411695][T14904] ? do_syscall_64+0x100/0x230 [ 393.416484][T14904] ? do_syscall_64+0xb6/0x230 [ 393.421191][T14904] do_syscall_64+0xf3/0x230 [ 393.425720][T14904] ? clear_bhb_loop+0x35/0x90 [ 393.430418][T14904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.436338][T14904] RIP: 0033:0x7f57e8d75bd9 [ 393.440764][T14904] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 393.460391][T14904] RSP: 002b:00007f57e9a7c048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 393.468909][T14904] RAX: ffffffffffffffda RBX: 00007f57e8f03f60 RCX: 00007f57e8d75bd9 [ 393.476891][T14904] RDX: 040000000000027a RSI: 0000000020003900 RDI: 0000000000000004 [ 393.484872][T14904] RBP: 00007f57e9a7c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 393.492856][T14904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 393.500837][T14904] R13: 000000000000004d R14: 00007f57e8f03f60 R15: 00007ffe6c03b5f8 [ 393.508839][T14904] [ 393.641345][T14911] 8021q: adding VLAN 0 to HW filter on device bond0 [ 393.660632][T14911] team0: Port device bond0 added [ 393.853324][T14638] veth0_vlan: entered promiscuous mode [ 393.860267][ T5102] Bluetooth: hci0: command tx timeout [ 393.929409][T14638] veth1_vlan: entered promiscuous mode [ 394.016522][T14934] xt_ecn: cannot match TCP bits for non-tcp packets [ 394.047135][T14934] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2441'. [ 394.080677][T14638] veth0_macvtap: entered promiscuous mode [ 394.092586][T14638] veth1_macvtap: entered promiscuous mode [ 394.143445][T14638] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 394.174109][T14638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.206077][T14638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.230533][T14638] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.243901][T14638] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.277379][T14638] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 394.287518][T14939] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2443'. [ 394.322292][T14638] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.354543][T14638] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.372053][T14638] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.381933][T14638] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.398336][T14944] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2444'. [ 394.408492][T14944] netlink: 2 bytes leftover after parsing attributes in process `syz.3.2444'. [ 394.455010][T14947] netlink: 'syz.1.2446': attribute type 20 has an invalid length. [ 394.549639][T14948] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2446'. [ 394.621775][T14948] ÊügáG: entered promiscuous mode [ 394.660673][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 394.671268][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 394.794945][T14960] netlink: 'syz.3.2451': attribute type 6 has an invalid length. [ 394.834219][ T142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 394.850041][T14962] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 394.866550][ T142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 395.503474][T14995] netlink: 'syz.3.2459': attribute type 10 has an invalid length. [ 395.530561][T14995] batadv_slave_0: left promiscuous mode [ 395.561637][T14995] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 395.831123][T15010] netlink: 'syz.1.2464': attribute type 6 has an invalid length. [ 396.013116][T15017] xfrm1: entered promiscuous mode [ 396.041676][T15017] xfrm1: entered allmulticast mode [ 396.063920][T15025] netlink: 'syz.3.2470': attribute type 1 has an invalid length. [ 396.126134][T15025] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 396.135775][T15025] bond2: (slave batadv1): making interface the new active one [ 396.147979][T15025] bond2: (slave batadv1): Enslaving as an active interface with an up link [ 396.289896][T15036] A link change request failed with some changes committed already. Interface hsr0 may have been left with an inconsistent configuration, please check. [ 396.563087][T15048] __nla_validate_parse: 9 callbacks suppressed [ 396.563110][T15048] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2479'. [ 396.589910][T15044] netlink: 'syz.2.2478': attribute type 3 has an invalid length. [ 396.852208][ T2467] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.021890][ T4488] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 397.034452][ T4488] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 397.074659][ T4488] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 397.091086][ T4488] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 397.107036][ T4488] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 397.120252][ T4488] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 397.449158][T15056] chnl_net:caif_netlink_parms(): no params data found [ 397.558715][ T2467] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.572999][T15056] bridge0: port 1(bridge_slave_0) entered blocking state [ 397.580728][T15056] bridge0: port 1(bridge_slave_0) entered disabled state [ 397.589239][T15056] bridge_slave_0: entered allmulticast mode [ 397.597788][T15056] bridge_slave_0: entered promiscuous mode [ 397.607260][T15056] bridge0: port 2(bridge_slave_1) entered blocking state [ 397.614415][T15056] bridge0: port 2(bridge_slave_1) entered disabled state [ 397.623862][T15056] bridge_slave_1: entered allmulticast mode [ 397.631763][T15056] bridge_slave_1: entered promiscuous mode [ 397.653256][ T2467] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.698693][T15056] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 397.713643][T15056] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 397.755333][ T2467] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.789136][T15056] team0: Port device team_slave_0 added [ 397.799488][T15056] team0: Port device team_slave_1 added [ 397.837737][T15056] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 397.844755][T15056] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 397.872277][T15056] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 397.886580][T15056] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 397.893575][T15056] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 397.920282][T15056] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 397.980167][T15056] hsr_slave_0: entered promiscuous mode [ 397.989406][T15056] hsr_slave_1: entered promiscuous mode [ 397.995657][T15056] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 398.003904][T15056] Cannot create hsr debugfs directory [ 398.114864][ T2467] bridge_slave_1: left allmulticast mode [ 398.120795][ T2467] bridge_slave_1: left promiscuous mode [ 398.127207][ T2467] bridge0: port 2(bridge_slave_1) entered disabled state [ 398.140116][ T2467] bridge_slave_0: left allmulticast mode [ 398.147063][ T2467] bridge_slave_0: left promiscuous mode [ 398.152774][ T2467] bridge0: port 1(bridge_slave_0) entered disabled state [ 398.522503][ T2467] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 398.535668][ T2467] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 398.550441][ T2467] bond0 (unregistering): Released all slaves [ 398.685509][T15056] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 398.770985][T15056] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 398.853851][T15056] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.046539][T15056] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.126309][ T2467] hsr_slave_0: left promiscuous mode [ 399.166340][ T2467] hsr_slave_1: left promiscuous mode [ 399.188621][ T2467] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 399.199888][ T2467] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 399.217919][ T2467] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 399.220271][ T4488] Bluetooth: hci0: command tx timeout [ 399.225528][ T2467] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 399.329043][ T2467] veth1_macvtap: left promiscuous mode [ 399.342117][ T2467] veth0_macvtap: left promiscuous mode [ 399.358423][ T2467] veth1_vlan: left promiscuous mode [ 399.381648][ T2467] veth0_vlan: left promiscuous mode [ 399.383264][ T5102] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 399.398674][ T5102] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 399.416342][ T5102] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 399.425299][ T5102] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 399.436670][ T5102] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 399.444211][ T5102] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 399.964237][ T2467] team0 (unregistering): Port device team_slave_1 removed [ 400.018617][ T2467] team0 (unregistering): Port device team_slave_0 removed [ 400.483026][T15069] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2482'. [ 400.502851][T15069] xfrm1: entered promiscuous mode [ 400.508401][T15069] xfrm1: entered allmulticast mode [ 400.560861][T15076] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2485'. [ 400.848335][T15056] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 401.089284][T15092] sit0: entered promiscuous mode [ 401.096941][T15092] netlink: 'syz.2.2492': attribute type 1 has an invalid length. [ 401.115168][T15092] netlink: 1 bytes leftover after parsing attributes in process `syz.2.2492'. [ 401.161653][T15056] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 401.205642][T15056] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 401.246607][T15056] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 401.266968][T15100] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2495'. [ 401.296178][ T4488] Bluetooth: hci0: command tx timeout [ 401.324930][T15100] xfrm1: entered promiscuous mode [ 401.332578][T15100] xfrm1: entered allmulticast mode [ 401.498248][T15109] Bluetooth: MGMT ver 1.22 [ 401.536092][ T4488] Bluetooth: hci1: command tx timeout [ 401.684269][ T2467] tipc: Resetting bearer [ 402.085539][T15121] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 402.305084][ T2467] tipc: Disabling bearer [ 402.695587][ T2467] team0: Port device bond0 removed [ 402.718013][ T2467] bond0 (unregistering): Released all slaves [ 402.846903][ T2467] ÊügáG: left promiscuous mode [ 402.994951][T15145] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2507'. [ 403.016876][ T2467] tipc: Disabling bearer [ 403.048373][ T2467] tipc: Left network mode [ 403.174352][T15056] 8021q: adding VLAN 0 to HW filter on device bond0 [ 403.262391][T15150] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2508'. [ 403.272806][T15150] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2508'. [ 403.381350][ T4488] Bluetooth: hci0: command tx timeout [ 403.475748][T15077] chnl_net:caif_netlink_parms(): no params data found [ 403.479062][T15155] IPVS: set_ctl: invalid protocol: 29 172.30.1.1:20000 [ 403.530844][T15056] 8021q: adding VLAN 0 to HW filter on device team0 [ 403.616943][ T4488] Bluetooth: hci1: command tx timeout [ 403.639965][T15161] netlink: del zone limit has 8 unknown bytes [ 403.653396][T15162] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2512'. [ 403.924722][ T5155] bridge0: port 1(bridge_slave_0) entered blocking state [ 403.932055][ T5155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 404.014728][T15077] bridge0: port 1(bridge_slave_0) entered blocking state [ 404.022471][T15077] bridge0: port 1(bridge_slave_0) entered disabled state [ 404.032237][T15077] bridge_slave_0: entered allmulticast mode [ 404.039973][T15077] bridge_slave_0: entered promiscuous mode [ 404.053591][ T5153] bridge0: port 2(bridge_slave_1) entered blocking state [ 404.060859][ T5153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 404.095399][T15077] bridge0: port 2(bridge_slave_1) entered blocking state [ 404.129680][T15077] bridge0: port 2(bridge_slave_1) entered disabled state [ 404.156216][T15077] bridge_slave_1: entered allmulticast mode [ 404.183610][T15077] bridge_slave_1: entered promiscuous mode [ 404.280942][T15178] FAULT_INJECTION: forcing a failure. [ 404.280942][T15178] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 404.303991][T15178] CPU: 1 PID: 15178 Comm: syz.3.2517 Not tainted 6.10.0-rc7-syzkaller-00262-g70c676cb3dfc #0 [ 404.314302][T15178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 404.324435][T15178] Call Trace: [ 404.327748][T15178] [ 404.330704][T15178] dump_stack_lvl+0x241/0x360 [ 404.335406][T15178] ? __pfx_dump_stack_lvl+0x10/0x10 [ 404.340627][T15178] ? __pfx__printk+0x10/0x10 [ 404.345243][T15178] ? __pfx_lock_release+0x10/0x10 [ 404.350284][T15178] should_fail_ex+0x3b0/0x4e0 [ 404.355003][T15178] _copy_from_user+0x2f/0xe0 [ 404.359662][T15178] copy_msghdr_from_user+0xae/0x680 [ 404.364878][T15178] ? __pfx___might_resched+0x10/0x10 [ 404.370192][T15178] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 404.376053][T15178] ? __might_fault+0xaa/0x120 [ 404.380783][T15178] do_recvmmsg+0x40f/0xae0 [ 404.385398][T15178] ? __pfx_lock_release+0x10/0x10 [ 404.390436][T15178] ? __pfx_do_recvmmsg+0x10/0x10 [ 404.395420][T15178] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 404.401343][T15178] ? ksys_write+0x23e/0x2c0 [ 404.405871][T15178] ? __pfx_lock_release+0x10/0x10 [ 404.410943][T15178] ? vfs_write+0x7c4/0xc90 [ 404.415410][T15178] ? __mutex_unlock_slowpath+0x21d/0x750 [ 404.421074][T15178] ? __fget_files+0x3f6/0x470 [ 404.425786][T15178] __x64_sys_recvmmsg+0x199/0x250 [ 404.430869][T15178] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 404.436430][T15178] ? do_syscall_64+0x100/0x230 [ 404.441225][T15178] ? do_syscall_64+0xb6/0x230 [ 404.445944][T15178] do_syscall_64+0xf3/0x230 [ 404.450480][T15178] ? clear_bhb_loop+0x35/0x90 [ 404.455161][T15178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.461072][T15178] RIP: 0033:0x7f9279575bd9 [ 404.465511][T15178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 404.485129][T15178] RSP: 002b:00007f927a28f048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 404.493573][T15178] RAX: ffffffffffffffda RBX: 00007f9279703f60 RCX: 00007f9279575bd9 [ 404.501589][T15178] RDX: 040000000000027a RSI: 0000000020003900 RDI: 0000000000000004 [ 404.509656][T15178] RBP: 00007f927a28f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 404.517657][T15178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 404.525724][T15178] R13: 000000000000004d R14: 00007f9279703f60 R15: 00007ffd401f3008 [ 404.533796][T15178] [ 404.594128][ T2467] hsr_slave_0: left promiscuous mode [ 404.600762][ T2467] hsr_slave_1: left promiscuous mode [ 404.630486][ T2467] veth1_macvtap: left promiscuous mode [ 404.636316][ T2467] veth0_macvtap: left promiscuous mode [ 404.643209][ T2467] veth1_vlan: left promiscuous mode [ 404.649326][ T2467] veth0_vlan: left promiscuous mode [ 405.467293][ T4488] Bluetooth: hci0: command tx timeout [ 405.710826][ T4488] Bluetooth: hci1: command tx timeout [ 405.924442][T15077] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 405.957956][T15077] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 406.126854][T15077] team0: Port device team_slave_0 added [ 406.137662][T15077] team0: Port device team_slave_1 added [ 406.322253][T15212] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2529'. [ 406.346979][T15077] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 406.365673][T15077] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 406.410718][T15077] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 406.442201][T15077] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 406.456737][T15077] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 406.492840][T15077] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 406.747221][T15077] hsr_slave_0: entered promiscuous mode [ 406.767748][T15228] FAULT_INJECTION: forcing a failure. [ 406.767748][T15228] name failslab, interval 1, probability 0, space 0, times 0 [ 406.787529][T15077] hsr_slave_1: entered promiscuous mode [ 406.794644][T15228] CPU: 1 PID: 15228 Comm: syz.2.2534 Not tainted 6.10.0-rc7-syzkaller-00262-g70c676cb3dfc #0 [ 406.804864][T15228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 406.814961][T15228] Call Trace: [ 406.818271][T15228] [ 406.821233][T15228] dump_stack_lvl+0x241/0x360 [ 406.825971][T15228] ? __pfx_dump_stack_lvl+0x10/0x10 [ 406.831216][T15228] ? __pfx__printk+0x10/0x10 [ 406.835845][T15228] ? is_bpf_text_address+0x285/0x2a0 [ 406.841163][T15228] should_fail_ex+0x3b0/0x4e0 [ 406.845871][T15228] ? alloc_empty_file+0x9e/0x1d0 [ 406.850846][T15228] should_failslab+0x9/0x20 [ 406.855397][T15228] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 406.860852][T15228] alloc_empty_file+0x9e/0x1d0 [ 406.865663][T15228] path_openat+0x105/0x35f0 [ 406.870218][T15228] ? mark_lock+0x9a/0x350 [ 406.874569][T15228] ? __pfx_stack_trace_save+0x10/0x10 [ 406.879970][T15228] ? __lock_acquire+0x1346/0x1fd0 [ 406.885022][T15228] ? __lock_acquire+0x1346/0x1fd0 [ 406.890069][T15228] ? __pfx_path_openat+0x10/0x10 [ 406.895039][T15228] do_filp_open+0x235/0x490 [ 406.899558][T15228] ? __pfx_do_filp_open+0x10/0x10 [ 406.904618][T15228] ? _raw_spin_unlock+0x28/0x50 [ 406.909482][T15228] ? alloc_fd+0x5a1/0x640 [ 406.913831][T15228] do_sys_openat2+0x13e/0x1d0 [ 406.918620][T15228] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 406.924638][T15228] ? __pfx_do_sys_openat2+0x10/0x10 [ 406.929879][T15228] ? __fget_files+0x3f6/0x470 [ 406.934600][T15228] __x64_sys_openat+0x247/0x2a0 [ 406.939475][T15228] ? __pfx___x64_sys_openat+0x10/0x10 [ 406.944874][T15228] ? do_syscall_64+0x100/0x230 [ 406.949667][T15228] ? do_syscall_64+0xb6/0x230 [ 406.954386][T15228] do_syscall_64+0xf3/0x230 [ 406.958925][T15228] ? clear_bhb_loop+0x35/0x90 [ 406.963627][T15228] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 406.969546][T15228] RIP: 0033:0x7ffb4d774610 [ 406.973974][T15228] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 79 8d 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 cc 8d 02 00 8b 44 [ 406.993699][T15228] RSP: 002b:00007ffb4e4b1f70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 407.002135][T15228] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffb4d774610 [ 407.010207][T15228] RDX: 0000000000000000 RSI: 00007ffb4d7e3609 RDI: 00000000ffffff9c [ 407.018197][T15228] RBP: 00007ffb4d7e3609 R08: 0000000000000000 R09: 0000000000000000 [ 407.026192][T15228] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 407.034175][T15228] R13: 000000000000000b R14: 00007ffb4d903f60 R15: 00007fffd3719518 [ 407.042184][T15228] [ 407.234647][T15234] macsec1: entered promiscuous mode [ 407.240627][T15234] gretap0: entered promiscuous mode [ 407.255128][T15234] gretap0: left promiscuous mode [ 407.441637][T15245] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2538'. [ 407.541552][T15056] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 407.741402][T15252] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2541'. [ 407.776446][ T4488] Bluetooth: hci1: command tx timeout [ 407.812031][T15056] veth0_vlan: entered promiscuous mode [ 407.942829][T15056] veth1_vlan: entered promiscuous mode [ 407.982356][T15261] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2545'. [ 408.060476][T15056] veth0_macvtap: entered promiscuous mode [ 408.084234][T15056] veth1_macvtap: entered promiscuous mode [ 408.134449][T15056] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 408.204419][T15056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 408.216824][T15056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.228303][T15056] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 408.239707][T15056] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.252090][T15056] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 408.283324][T15056] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.311817][T15056] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.326230][T15056] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.345429][T15056] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.401138][T15077] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 408.421276][T15077] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 408.460188][T15077] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 408.475522][T15077] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 408.592389][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 408.612604][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 408.684773][T15275] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 408.698065][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 408.709530][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 408.831761][T15077] 8021q: adding VLAN 0 to HW filter on device bond0 [ 408.920380][T15280] FAULT_INJECTION: forcing a failure. [ 408.920380][T15280] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 408.934179][T15077] 8021q: adding VLAN 0 to HW filter on device team0 [ 408.961386][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 408.968599][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 408.984304][T15280] CPU: 1 PID: 15280 Comm: syz.0.2549 Not tainted 6.10.0-rc7-syzkaller-00262-g70c676cb3dfc #0 [ 408.994519][T15280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 409.004635][T15280] Call Trace: [ 409.007948][T15280] [ 409.010908][T15280] dump_stack_lvl+0x241/0x360 [ 409.015663][T15280] ? __pfx_dump_stack_lvl+0x10/0x10 [ 409.020917][T15280] ? __pfx__printk+0x10/0x10 [ 409.025572][T15280] ? snprintf+0xda/0x120 [ 409.029859][T15280] should_fail_ex+0x3b0/0x4e0 [ 409.034603][T15280] _copy_to_user+0x2f/0xb0 [ 409.039056][T15280] simple_read_from_buffer+0xca/0x150 [ 409.044469][T15280] proc_fail_nth_read+0x1e9/0x250 [ 409.049524][T15280] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 409.055119][T15280] ? rw_verify_area+0x520/0x6b0 [ 409.060018][T15280] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 409.065613][T15280] vfs_read+0x204/0xbc0 [ 409.069794][T15280] ? __pfx_lock_release+0x10/0x10 [ 409.074853][T15280] ? __pfx_vfs_read+0x10/0x10 [ 409.079631][T15280] ? __fget_files+0x29/0x470 [ 409.084240][T15280] ? __fget_files+0x3f6/0x470 [ 409.088962][T15280] ksys_read+0x1a0/0x2c0 [ 409.093247][T15280] ? __pfx_ksys_read+0x10/0x10 [ 409.098035][T15280] ? do_syscall_64+0x100/0x230 [ 409.102822][T15280] ? do_syscall_64+0xb6/0x230 [ 409.107518][T15280] do_syscall_64+0xf3/0x230 [ 409.112041][T15280] ? clear_bhb_loop+0x35/0x90 [ 409.116726][T15280] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.122635][T15280] RIP: 0033:0x7f57e8d746bc [ 409.127057][T15280] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 409.146786][T15280] RSP: 002b:00007f57e9a7c040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 409.155231][T15280] RAX: ffffffffffffffda RBX: 00007f57e8f03f60 RCX: 00007f57e8d746bc [ 409.163211][T15280] RDX: 000000000000000f RSI: 00007f57e9a7c0b0 RDI: 0000000000000004 [ 409.171187][T15280] RBP: 00007f57e9a7c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 409.179176][T15280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 409.187149][T15280] R13: 000000000000004d R14: 00007f57e8f03f60 R15: 00007ffe6c03b5f8 [ 409.195142][T15280] [ 409.313462][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 409.320689][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 409.369256][T15290] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2552'. [ 409.722243][ T11] bridge_slave_1: left allmulticast mode [ 409.734537][ T11] bridge_slave_1: left promiscuous mode [ 409.760820][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 409.786300][ T11] bridge_slave_0: left allmulticast mode [ 409.797666][ T11] bridge_slave_0: left promiscuous mode [ 409.807382][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 410.299436][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 410.314733][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 410.331830][ T11] bond0 (unregistering): Released all slaves [ 410.347544][T15306] tipc: Enabling of bearer rejected, already enabled [ 410.363263][T15316] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2560'. [ 410.492424][T15077] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 410.857348][T15340] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2566'. [ 411.709287][ T11] hsr_slave_0: left promiscuous mode [ 411.827731][ T11] hsr_slave_1: left promiscuous mode [ 411.849614][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 411.864256][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 411.883560][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 411.896556][ T11] batman_adv: batadv0: Removing interface: ipvlan2 [ 411.914085][ T11] batman_adv: batadv0: Removing interface: ipvlan3 [ 411.982872][ T11] veth1_macvtap: left promiscuous mode [ 411.989660][ T11] veth0_macvtap: left promiscuous mode [ 411.995719][ T11] veth1_vlan: left promiscuous mode [ 412.004433][ T11] veth0_vlan: left promiscuous mode [ 412.745193][ T11] team0 (unregistering): Port device team_slave_1 removed [ 412.797528][ T11] team0 (unregistering): Port device team_slave_0 removed [ 413.281886][T15374] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2572'. [ 413.304468][T15374] vlan2: entered promiscuous mode [ 413.310973][T15374] bond0: entered promiscuous mode [ 413.317624][T15374] bond_slave_0: entered promiscuous mode [ 413.323548][T15374] bond_slave_1: entered promiscuous mode [ 413.333697][T15374] bond0: left promiscuous mode [ 413.338860][T15374] bond_slave_0: left promiscuous mode [ 413.344596][T15374] bond_slave_1: left promiscuous mode [ 413.393148][T15376] team0: entered promiscuous mode [ 413.398587][T15376] team_slave_0: entered promiscuous mode [ 413.404447][T15376] team_slave_1: entered promiscuous mode [ 413.412933][T15376] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 413.423155][T15376] team0: left promiscuous mode [ 413.428884][T15376] team_slave_0: left promiscuous mode [ 413.434709][T15376] team_slave_1: left promiscuous mode [ 413.494964][T15389] tipc: Enabling of bearer rejected, already enabled [ 413.518718][T15398] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2579'. [ 413.557810][T15077] veth0_vlan: entered promiscuous mode [ 413.722986][T15077] veth1_vlan: entered promiscuous mode [ 413.743254][T15404] syzkaller0: entered promiscuous mode [ 413.792377][T15404] syzkaller0 (unregistering): left promiscuous mode [ 414.020283][T15077] veth0_macvtap: entered promiscuous mode [ 414.045208][T15077] veth1_macvtap: entered promiscuous mode [ 414.110881][T15419] team0: entered promiscuous mode [ 414.134813][T15419] bond0: entered promiscuous mode [ 414.165676][T15419] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 414.261385][T15077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 414.280048][T15077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 414.313087][T15077] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 414.361039][T15431] netlink: 'syz.1.2590': attribute type 21 has an invalid length. [ 414.398045][T15431] IPv6: NLM_F_CREATE should be specified when creating new route [ 414.425185][T15433] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2591'. [ 414.561444][T15077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 414.605884][T15077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 414.622069][T15077] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 414.636388][T15077] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 414.649074][T15077] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 414.660053][T15439] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2591'. [ 414.712004][T15077] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.753574][T15077] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.773815][T15077] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.802113][T15077] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.967328][T15417] team0: left promiscuous mode [ 414.979069][T15417] bond0: left promiscuous mode [ 415.016397][T15417] netdevsim netdevsim0 netdevsim0: left promiscuous mode [ 415.138715][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 415.176125][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 415.283872][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 415.306215][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 415.363559][T15464] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2603'. [ 415.986143][ T35] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.150785][ T35] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.283177][ T35] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.514421][ T35] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.716652][ T35] bridge_slave_1: left allmulticast mode [ 416.722337][ T35] bridge_slave_1: left promiscuous mode [ 416.729256][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 416.738820][ T35] bridge_slave_0: left allmulticast mode [ 416.744479][ T35] bridge_slave_0: left promiscuous mode [ 416.751483][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 417.143963][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 417.158168][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 417.172890][ T35] bond0 (unregistering): Released all slaves [ 417.560995][ T35] hsr_slave_0: left promiscuous mode [ 417.568411][ T35] hsr_slave_1: left promiscuous mode [ 417.575531][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 417.583297][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 417.593465][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 417.601291][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 417.627547][ T35] veth1_macvtap: left promiscuous mode [ 417.633159][ T35] veth0_macvtap: left promiscuous mode [ 417.638988][ T35] veth1_vlan: left promiscuous mode [ 417.644573][ T35] veth0_vlan: left promiscuous mode [ 418.180659][ T35] team0 (unregistering): Port device team_slave_1 removed [ 418.296479][ T35] team0 (unregistering): Port device team_slave_0 removed [ 418.372358][T15499] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2612'. [ 418.574358][ T5102] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 418.585556][ T5102] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 418.608279][ T5102] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 418.622358][ T5102] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 418.640997][ T5102] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 418.653150][ T5102] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 419.128403][T15508] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2616'. [ 419.281280][T15514] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2618'. [ 419.582086][T15533] bridge_slave_0: left allmulticast mode [ 419.596135][T15533] bridge_slave_0: left promiscuous mode [ 419.601992][T15533] bridge0: port 1(bridge_slave_0) entered disabled state [ 419.632962][T15533] bridge_slave_1: left allmulticast mode [ 419.645958][T15533] bridge_slave_1: left promiscuous mode [ 419.651821][T15533] bridge0: port 2(bridge_slave_1) entered disabled state [ 419.680119][T15533] bond0: (slave bond_slave_0): Releasing backup interface [ 419.691101][T15533] bond0: (slave bond_slave_1): Releasing backup interface [ 419.728830][T15533] team0: Port device team_slave_0 removed [ 419.761429][T15533] team0: Port device team_slave_1 removed [ 419.769473][T15533] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 419.790791][T15533] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 419.807108][T15533] geneve1: left allmulticast mode [ 419.812490][T15533] geneve1: left promiscuous mode [ 419.822516][T15533] bridge0: port 3(geneve1) entered disabled state [ 419.834509][T15533] bond0: (slave netdevsim0): Releasing backup interface [ 419.868784][T15538] 8021q: adding VLAN 0 to HW filter on device bond0 [ 419.885584][T15538] team0: Port device bond0 added [ 419.893770][T15546] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2627'. [ 419.927715][T15541] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2627'. [ 419.993314][T15551] netlink: 116 bytes leftover after parsing attributes in process `syz.3.2629'. [ 420.053951][T15553] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2630'. [ 420.171878][T15562] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2633'. [ 420.318311][T15503] chnl_net:caif_netlink_parms(): no params data found [ 420.428830][T15575] netlink: 'syz.0.2638': attribute type 32 has an invalid length. [ 420.437103][T15575] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2638'. [ 420.447006][T15575] (unnamed net_device) (uninitialized): Setting coupled_control to off (0) [ 420.527954][T15503] bridge0: port 1(bridge_slave_0) entered blocking state [ 420.535573][T15503] bridge0: port 1(bridge_slave_0) entered disabled state [ 420.543863][T15503] bridge_slave_0: entered allmulticast mode [ 420.553201][T15503] bridge_slave_0: entered promiscuous mode [ 420.562765][T15580] tipc: Started in network mode [ 420.569177][T15580] tipc: Node identity ac1414, cluster identity 4711 [ 420.578502][T15580] tipc: New replicast peer: 0.0.0.0 [ 420.584762][T15580] tipc: Enabled bearer , priority 0 [ 420.592085][T15503] bridge0: port 2(bridge_slave_1) entered blocking state [ 420.600165][T15503] bridge0: port 2(bridge_slave_1) entered disabled state [ 420.608081][T15503] bridge_slave_1: entered allmulticast mode [ 420.615545][T15503] bridge_slave_1: entered promiscuous mode [ 420.669637][T15503] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 420.683621][T15503] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 420.736258][ T4488] Bluetooth: hci1: command tx timeout [ 420.792690][T15503] team0: Port device team_slave_0 added [ 420.810219][T15503] team0: Port device team_slave_1 added [ 420.847167][T15586] bridge_slave_0: left allmulticast mode [ 420.853319][T15586] bridge_slave_0: left promiscuous mode [ 420.859448][T15586] bridge0: port 1(bridge_slave_0) entered disabled state [ 420.875254][T15586] bridge_slave_1: left allmulticast mode [ 420.882101][T15586] bridge_slave_1: left promiscuous mode [ 420.888481][T15586] bridge0: port 2(bridge_slave_1) entered disabled state [ 420.902337][T15586] bond0: (slave bond_slave_0): Releasing backup interface [ 420.950917][T15586] bond0: (slave bond_slave_1): Releasing backup interface [ 421.045636][T15586] team0: Port device team_slave_0 removed [ 421.130199][T15586] team0: Port device team_slave_1 removed [ 421.150729][T15586] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 421.168784][T15586] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 421.205190][T15586] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 421.232951][T15586] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 421.313295][T15587] 8021q: adding VLAN 0 to HW filter on device bond0 [ 421.339576][T15587] team0: Port device bond0 added [ 421.405764][T15597] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2642'. [ 421.415749][T15602] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2643'. [ 421.445533][T15503] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 421.465462][T15503] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 421.494436][T15503] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 421.511275][T15503] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 421.518686][T15503] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 421.548988][T15503] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 421.697005][ T9] tipc: Node number set to 2886996992 [ 421.703919][T15503] hsr_slave_0: entered promiscuous mode [ 421.729893][T15503] hsr_slave_1: entered promiscuous mode [ 421.747465][T15609] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2646'. [ 422.597688][T15658] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2663'. [ 422.816203][ T4488] Bluetooth: hci1: command 0x041b tx timeout [ 424.900477][ T4488] Bluetooth: hci1: command 0x041b tx timeout [ 425.522604][T15656] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2661'. [ 425.532779][T15663] 8021q: VLANs not supported on hsr0 [ 425.546361][T15665] 8021q: VLANs not supported on hsr0 [ 425.865012][T15503] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 425.904223][T15503] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 425.929297][T15503] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 425.970699][T15503] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 426.283966][T15503] 8021q: adding VLAN 0 to HW filter on device bond0 [ 426.332459][T15503] 8021q: adding VLAN 0 to HW filter on device team0 [ 426.372398][ T5148] bridge0: port 1(bridge_slave_0) entered blocking state [ 426.379637][ T5148] bridge0: port 1(bridge_slave_0) entered forwarding state [ 426.483762][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 426.491093][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 426.545692][T15701] vlan3: entered promiscuous mode [ 426.674964][T15711] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2676'. [ 426.787546][T15714] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2681'. [ 426.977443][ T5102] Bluetooth: hci1: command 0x041b tx timeout [ 427.299721][T15740] ipvlan3: entered promiscuous mode [ 427.315111][T15740] ipvlan3: entered allmulticast mode [ 427.323542][T15740] dummy0: entered allmulticast mode [ 427.396728][T15503] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 427.562742][T15749] netlink: 18 bytes leftover after parsing attributes in process `syz.3.2690'. [ 427.654046][T15752] team0: Port device bond0 removed [ 427.703766][T15752] team0: Port device netdevsim0 removed [ 427.733611][T15756] 8021q: adding VLAN 0 to HW filter on device bond0 [ 427.762185][T15756] team0: Port device bond0 added [ 427.778517][T15760] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2695'. [ 428.094513][T15503] veth0_vlan: entered promiscuous mode [ 428.107668][T15771] netlink: 'syz.1.2696': attribute type 21 has an invalid length. [ 428.121304][T15771] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2696'. [ 428.210269][T15503] veth1_vlan: entered promiscuous mode [ 428.246283][T15773] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2698'. [ 428.284826][T15778] FAULT_INJECTION: forcing a failure. [ 428.284826][T15778] name failslab, interval 1, probability 0, space 0, times 0 [ 428.298132][T15778] CPU: 1 PID: 15778 Comm: syz.3.2700 Not tainted 6.10.0-rc7-syzkaller-00262-g70c676cb3dfc #0 [ 428.308332][T15778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 428.318421][T15778] Call Trace: [ 428.321734][T15778] [ 428.324723][T15778] dump_stack_lvl+0x241/0x360 [ 428.329460][T15778] ? __pfx_dump_stack_lvl+0x10/0x10 [ 428.334717][T15778] ? __pfx__printk+0x10/0x10 [ 428.339381][T15778] should_fail_ex+0x3b0/0x4e0 [ 428.344112][T15778] ? skb_clone+0x20c/0x390 [ 428.348662][T15778] should_failslab+0x9/0x20 [ 428.353208][T15778] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 428.358636][T15778] skb_clone+0x20c/0x390 [ 428.362928][T15778] ? dev_queue_xmit_nit+0x220/0xc10 [ 428.368175][T15778] dev_queue_xmit_nit+0x419/0xc10 [ 428.373246][T15778] ? dev_queue_xmit_nit+0x2b/0xc10 [ 428.378406][T15778] ? validate_xmit_skb+0xa04/0x1120 [ 428.383654][T15778] dev_hard_start_xmit+0x15f/0x7e0 [ 428.388808][T15778] ? __pfx_validate_xmit_skb+0x10/0x10 [ 428.394327][T15778] __dev_queue_xmit+0x1b0e/0x3d30 [ 428.399394][T15778] ? netlink_unicast+0x7ea/0x980 [ 428.404387][T15778] ? netlink_sendmsg+0x8db/0xcb0 [ 428.409375][T15778] ? __sock_sendmsg+0x221/0x270 [ 428.414278][T15778] ? __dev_queue_xmit+0x2d2/0x3d30 [ 428.419447][T15778] ? __pfx___dev_queue_xmit+0x10/0x10 [ 428.424867][T15778] ? __copy_skb_header+0x437/0x5b0 [ 428.430026][T15778] ? __asan_memcpy+0x40/0x70 [ 428.434661][T15778] ? __copy_skb_header+0x437/0x5b0 [ 428.439827][T15778] ? __skb_clone+0x454/0x6c0 [ 428.444476][T15778] ? skb_clone+0x240/0x390 [ 428.448947][T15778] __netlink_deliver_tap+0x54d/0x7c0 [ 428.454303][T15778] ? netlink_deliver_tap+0x2e/0x1b0 [ 428.459556][T15778] netlink_deliver_tap+0x19d/0x1b0 [ 428.464726][T15778] netlink_sendskb+0x68/0x140 [ 428.469459][T15778] netlink_unicast+0x39d/0x980 [ 428.474298][T15778] ? __pfx_netlink_unicast+0x10/0x10 [ 428.479663][T15778] nlmsg_notify+0x13b/0x1c0 [ 428.484223][T15778] tc_modify_qdisc+0x1c58/0x1e40 [ 428.489236][T15778] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 428.494624][T15778] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 428.499952][T15778] rtnetlink_rcv_msg+0x89b/0x1180 [ 428.505106][T15778] ? rtnetlink_rcv_msg+0x208/0x1180 [ 428.510357][T15778] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 428.515872][T15778] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 428.521906][T15778] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 428.528292][T15778] ? __local_bh_enable_ip+0x168/0x200 [ 428.533715][T15778] ? lockdep_hardirqs_on+0x99/0x150 [ 428.538973][T15778] ? __local_bh_enable_ip+0x168/0x200 [ 428.544407][T15778] ? dev_hard_start_xmit+0x773/0x7e0 [ 428.549744][T15778] ? __dev_queue_xmit+0x2d2/0x3d30 [ 428.554907][T15778] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 428.560765][T15778] ? __dev_queue_xmit+0x2d2/0x3d30 [ 428.565928][T15778] ? __dev_queue_xmit+0x16c9/0x3d30 [ 428.571192][T15778] ? __dev_queue_xmit+0x2d2/0x3d30 [ 428.576369][T15778] ? ref_tracker_free+0x643/0x7e0 [ 428.581461][T15778] netlink_rcv_skb+0x1e3/0x430 [ 428.586274][T15778] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 428.591865][T15778] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 428.597236][T15778] ? netlink_deliver_tap+0x2e/0x1b0 [ 428.602663][T15778] netlink_unicast+0x7ea/0x980 [ 428.607493][T15778] ? __pfx_netlink_unicast+0x10/0x10 [ 428.612835][T15778] ? __virt_addr_valid+0x183/0x530 [ 428.618158][T15778] ? __check_object_size+0x49c/0x900 [ 428.623497][T15778] ? bpf_lsm_netlink_send+0x9/0x10 [ 428.628642][T15778] netlink_sendmsg+0x8db/0xcb0 [ 428.633483][T15778] ? __pfx_netlink_sendmsg+0x10/0x10 [ 428.638811][T15778] ? __import_iovec+0x536/0x820 [ 428.643678][T15778] ? aa_sock_msg_perm+0x91/0x160 [ 428.648651][T15778] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 428.654050][T15778] ? security_socket_sendmsg+0x87/0xb0 [ 428.659536][T15778] ? __pfx_netlink_sendmsg+0x10/0x10 [ 428.664942][T15778] __sock_sendmsg+0x221/0x270 [ 428.669652][T15778] ____sys_sendmsg+0x525/0x7d0 [ 428.674495][T15778] ? __pfx_____sys_sendmsg+0x10/0x10 [ 428.679892][T15778] __sys_sendmsg+0x2b0/0x3a0 [ 428.684542][T15778] ? __pfx___sys_sendmsg+0x10/0x10 [ 428.689691][T15778] ? vfs_write+0x7c4/0xc90 [ 428.694161][T15778] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 428.700537][T15778] ? do_syscall_64+0x100/0x230 [ 428.705337][T15778] ? do_syscall_64+0xb6/0x230 [ 428.710058][T15778] do_syscall_64+0xf3/0x230 [ 428.714598][T15778] ? clear_bhb_loop+0x35/0x90 [ 428.719305][T15778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.725228][T15778] RIP: 0033:0x7f9279575bd9 [ 428.729680][T15778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 428.749329][T15778] RSP: 002b:00007f927a28f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 428.757786][T15778] RAX: ffffffffffffffda RBX: 00007f9279703f60 RCX: 00007f9279575bd9 [ 428.765767][T15778] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 428.773768][T15778] RBP: 00007f927a28f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 428.781749][T15778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 428.789749][T15778] R13: 000000000000004d R14: 00007f9279703f60 R15: 00007ffd401f3008 [ 428.797783][T15778] [ 428.908779][T15503] veth0_macvtap: entered promiscuous mode [ 428.943407][T15503] veth1_macvtap: entered promiscuous mode [ 429.017436][T15503] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 429.052978][T15503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 429.057103][ T5102] Bluetooth: hci1: command 0x041b tx timeout [ 429.082290][T15503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 429.133773][T15503] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 429.203894][T15503] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.235258][T15503] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.267797][T15503] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.293745][T15503] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.313422][T15808] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2708'. [ 429.427311][T15811] team0: Port device bond0 removed [ 429.452594][T15812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 429.473866][T15812] team0: Port device bond0 added [ 429.672846][ T2853] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 429.696835][ T2853] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 429.753874][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 429.775413][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 430.307809][T15854] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2722'. [ 430.541794][T15864] FAULT_INJECTION: forcing a failure. [ 430.541794][T15864] name failslab, interval 1, probability 0, space 0, times 0 [ 430.568868][T15861] team0: Port device bond0 removed [ 430.577565][T15864] CPU: 1 PID: 15864 Comm: syz.2.2727 Not tainted 6.10.0-rc7-syzkaller-00262-g70c676cb3dfc #0 [ 430.587783][T15864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 430.597866][T15864] Call Trace: [ 430.601162][T15864] [ 430.604104][T15864] dump_stack_lvl+0x241/0x360 [ 430.608809][T15864] ? __pfx_dump_stack_lvl+0x10/0x10 [ 430.614026][T15864] ? __pfx__printk+0x10/0x10 [ 430.618645][T15864] ? __pfx___might_resched+0x10/0x10 [ 430.623952][T15864] should_fail_ex+0x3b0/0x4e0 [ 430.628658][T15864] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 430.634908][T15864] should_failslab+0x9/0x20 [ 430.639439][T15864] __kmalloc_noprof+0xd8/0x400 [ 430.644225][T15864] genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 430.650316][T15864] genl_rcv_msg+0x802/0xec0 [ 430.654841][T15864] ? mark_lock+0x9a/0x350 [ 430.659210][T15864] ? __pfx_genl_rcv_msg+0x10/0x10 [ 430.664268][T15864] ? __pfx_lock_acquire+0x10/0x10 [ 430.669389][T15864] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 430.674781][T15864] ? __pfx_nl80211_join_mesh+0x10/0x10 [ 430.680284][T15864] ? __pfx_nl80211_post_doit+0x10/0x10 [ 430.685758][T15864] ? __pfx___might_resched+0x10/0x10 [ 430.691076][T15864] netlink_rcv_skb+0x1e3/0x430 [ 430.695869][T15864] ? __pfx_genl_rcv_msg+0x10/0x10 [ 430.700920][T15864] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 430.706511][T15864] genl_rcv+0x28/0x40 [ 430.710505][T15864] netlink_unicast+0x7ea/0x980 [ 430.715291][T15864] ? __pfx_netlink_unicast+0x10/0x10 [ 430.720593][T15864] ? __virt_addr_valid+0x183/0x530 [ 430.725726][T15864] ? __check_object_size+0x49c/0x900 [ 430.731151][T15864] ? bpf_lsm_netlink_send+0x9/0x10 [ 430.736305][T15864] netlink_sendmsg+0x8db/0xcb0 [ 430.741117][T15864] ? __pfx_netlink_sendmsg+0x10/0x10 [ 430.746434][T15864] ? __import_iovec+0x536/0x820 [ 430.751304][T15864] ? aa_sock_msg_perm+0x91/0x160 [ 430.756301][T15864] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 430.761600][T15864] ? security_socket_sendmsg+0x87/0xb0 [ 430.767164][T15864] ? __pfx_netlink_sendmsg+0x10/0x10 [ 430.772467][T15864] __sock_sendmsg+0x221/0x270 [ 430.777161][T15864] ____sys_sendmsg+0x525/0x7d0 [ 430.782125][T15864] ? __pfx_____sys_sendmsg+0x10/0x10 [ 430.787464][T15864] __sys_sendmsg+0x2b0/0x3a0 [ 430.792173][T15864] ? __pfx___sys_sendmsg+0x10/0x10 [ 430.797400][T15864] ? vfs_write+0x7c4/0xc90 [ 430.801895][T15864] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 430.808260][T15864] ? do_syscall_64+0x100/0x230 [ 430.813052][T15864] ? do_syscall_64+0xb6/0x230 [ 430.817767][T15864] do_syscall_64+0xf3/0x230 [ 430.822292][T15864] ? clear_bhb_loop+0x35/0x90 [ 430.826985][T15864] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.832897][T15864] RIP: 0033:0x7ffb4d775bd9 [ 430.837327][T15864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 430.857043][T15864] RSP: 002b:00007ffb4e4b2048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 430.865488][T15864] RAX: ffffffffffffffda RBX: 00007ffb4d903f60 RCX: 00007ffb4d775bd9 [ 430.873480][T15864] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 430.881504][T15864] RBP: 00007ffb4e4b20a0 R08: 0000000000000000 R09: 0000000000000000 [ 430.889490][T15864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 430.897475][T15864] R13: 000000000000000b R14: 00007ffb4d903f60 R15: 00007fffd3719518 [ 430.905479][T15864] [ 431.014507][T15861] bond0: (slave batadv_slave_0): Releasing backup interface [ 431.132854][T15861] bond2: (slave batadv1): Releasing active interface [ 431.168765][T15865] 8021q: adding VLAN 0 to HW filter on device bond0 [ 431.187546][T15865] team0: Port device bond0 added [ 431.706364][T15892] ------------[ cut here ]------------ [ 431.711903][T15892] WARNING: CPU: 0 PID: 15892 at net/mac80211/chan.c:501 _ieee80211_change_chanctx+0x34b/0x1240 [ 431.724598][T15892] Modules linked in: [ 431.730157][T15892] CPU: 0 PID: 15892 Comm: syz.3.2733 Not tainted 6.10.0-rc7-syzkaller-00262-g70c676cb3dfc #0 [ 431.741574][T15892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 431.752267][T15892] RIP: 0010:_ieee80211_change_chanctx+0x34b/0x1240 [ 431.759154][T15892] Code: 05 74 1a 83 fd 0d 75 1c e8 e2 9e 8f f6 eb 25 e8 db 9e 8f f6 eb 1e e8 d4 9e 8f f6 eb 17 e8 cd 9e 8f f6 eb 10 e8 c6 9e 8f f6 90 <0f> 0b 90 eb 05 e8 bb 9e 8f f6 48 8b 2c 24 4c 89 7c 24 60 4c 89 ff [ 431.779491][T15892] RSP: 0018:ffffc9000445eba8 EFLAGS: 00010283 [ 431.785621][T15892] RAX: ffffffff8b06895a RBX: ffff888070a93cf6 RCX: 0000000000040000 [ 431.796387][T15892] RDX: ffffc90009bd1000 RSI: 00000000000008c1 RDI: 00000000000008c2 [ 431.804559][T15892] RBP: 0000000000000007 R08: 0000000000000005 R09: ffffffff8b0688ff [ 431.813223][T15892] R10: 0000000000000007 R11: ffff888063181e00 R12: dffffc0000000000 [ 431.822585][T15892] R13: ffff888070a93c00 R14: ffff888070a93c00 R15: ffff88806ef90e20 [ 431.831661][T15892] FS: 00007f927a26e6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 431.841101][T15892] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 431.844340][T15895] netlink: 'syz.3.2733': attribute type 10 has an invalid length. [ 431.847793][T15892] CR2: 00007f927a26cfc8 CR3: 000000002e8bc000 CR4: 00000000003506f0 [ 431.847881][T15892] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 431.847900][T15892] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 431.847919][T15892] Call Trace: [ 431.847931][T15892] [ 431.847943][T15892] ? __warn+0x163/0x4e0 [ 431.847980][T15892] ? _ieee80211_change_chanctx+0x34b/0x1240 [ 431.897582][T15892] ? report_bug+0x2b3/0x500 [ 431.902165][T15892] ? _ieee80211_change_chanctx+0x34b/0x1240 [ 431.908191][T15892] ? handle_bug+0x3e/0x70 [ 431.912582][T15892] ? exc_invalid_op+0x1a/0x50 [ 431.917408][T15892] ? asm_exc_invalid_op+0x1a/0x20 [ 431.922503][T15892] ? _ieee80211_change_chanctx+0x2ef/0x1240 [ 431.930005][T15892] ? _ieee80211_change_chanctx+0x34a/0x1240 [ 431.937784][T15892] ? _ieee80211_change_chanctx+0x34b/0x1240 [ 431.943744][T15892] ? _ieee80211_change_chanctx+0x34a/0x1240 [ 431.949937][T15892] ieee80211_recalc_chanctx_chantype+0xf27/0xfb0 [ 431.956741][T15892] ? __pfx_ieee80211_recalc_chanctx_chantype+0x10/0x10 [ 431.963653][T15892] ? ieee80211_link_update_chanreq+0x8c/0x2f0 [ 431.970134][T15892] ? __asan_memcpy+0x40/0x70 [ 431.974819][T15892] ? ieee80211_link_update_chanreq+0x299/0x2f0 [ 431.981148][T15892] ieee80211_link_change_chanreq+0x11a6/0x1470 [ 431.987759][T15892] ? __pfx_ieee80211_link_change_chanreq+0x10/0x10 [ 431.994334][T15892] ? cfg80211_get_chans_dfs_required+0xae2/0xb60 [ 432.000835][T15892] ieee80211_set_ap_chanwidth+0x1d5/0x2f0 [ 432.006689][T15892] ? ieee80211_get_channel_khz+0x173/0x920 [ 432.012558][T15892] ? __pfx_ieee80211_set_ap_chanwidth+0x10/0x10 [ 432.020261][T15892] rdev_set_ap_chanwidth+0x118/0x2b0 [ 432.027879][T15892] __nl80211_set_channel+0x528/0x660 [ 432.033237][T15892] ? nl80211_set_wiphy+0x279/0x2c80 [ 432.039596][T15892] ? __pfx___nl80211_set_channel+0x10/0x10 [ 432.045466][T15892] ? lockdep_hardirqs_on+0x99/0x150 [ 432.051108][T15892] nl80211_set_wiphy+0x1215/0x2c80 [ 432.056377][T15892] ? __pfx___sanitizer_cov_trace_pc+0x10/0x10 [ 432.062512][T15892] ? nl80211_pre_doit+0x5f/0x8b0 [ 432.067616][T15892] ? __pfx_netdev_run_todo+0x10/0x10 [ 432.072956][T15892] ? __pfx_nl80211_set_wiphy+0x10/0x10 [ 432.078869][T15892] ? __nla_parse+0x40/0x60 [ 432.083418][T15892] genl_rcv_msg+0xb14/0xec0 [ 432.088082][T15892] ? mark_lock+0x9a/0x350 [ 432.092482][T15892] ? __pfx_genl_rcv_msg+0x10/0x10 [ 432.098119][T15892] ? __pfx_lock_acquire+0x10/0x10 [ 432.103196][T15892] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 432.109023][T15892] ? __pfx_nl80211_set_wiphy+0x10/0x10 [ 432.114542][T15892] ? __pfx_nl80211_post_doit+0x10/0x10 [ 432.120294][T15892] ? __pfx___might_resched+0x10/0x10 [ 432.125649][T15892] netlink_rcv_skb+0x1e3/0x430 [ 432.132140][T15892] ? __pfx_genl_rcv_msg+0x10/0x10 [ 432.138705][T15892] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 432.144086][T15892] ? __netlink_deliver_tap+0x77e/0x7c0 [ 432.149698][T15892] genl_rcv+0x28/0x40 [ 432.153744][T15892] netlink_unicast+0x7ea/0x980 [ 432.158698][T15892] ? __pfx_netlink_unicast+0x10/0x10 [ 432.164120][T15892] ? __virt_addr_valid+0x183/0x530 [ 432.170182][T15892] ? __check_object_size+0x49c/0x900 [ 432.175534][T15892] ? bpf_lsm_netlink_send+0x9/0x10 [ 432.181199][T15892] netlink_sendmsg+0x8db/0xcb0 [ 432.186635][T15892] ? __pfx_netlink_sendmsg+0x10/0x10 [ 432.191980][T15892] ? __import_iovec+0x536/0x820 [ 432.197349][T15892] ? aa_sock_msg_perm+0x91/0x160 [ 432.202354][T15892] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 432.207773][T15892] ? security_socket_sendmsg+0x87/0xb0 [ 432.213376][T15892] ? __pfx_netlink_sendmsg+0x10/0x10 [ 432.218800][T15892] __sock_sendmsg+0x221/0x270 [ 432.223529][T15892] ____sys_sendmsg+0x525/0x7d0 [ 432.228753][T15892] ? __pfx_____sys_sendmsg+0x10/0x10 [ 432.235123][T15892] __sys_sendmsg+0x2b0/0x3a0 [ 432.241260][T15892] ? __pfx___sys_sendmsg+0x10/0x10 [ 432.246573][T15892] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 432.252946][T15892] ? do_syscall_64+0x100/0x230 [ 432.258480][T15892] ? do_syscall_64+0xb6/0x230 [ 432.263239][T15892] do_syscall_64+0xf3/0x230 [ 432.267926][T15892] ? clear_bhb_loop+0x35/0x90 [ 432.272657][T15892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.279145][T15892] RIP: 0033:0x7f9279575bd9 [ 432.283693][T15892] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 432.303776][T15892] RSP: 002b:00007f927a26e048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 432.312340][T15892] RAX: ffffffffffffffda RBX: 00007f9279704038 RCX: 00007f9279575bd9 [ 432.320472][T15892] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000007 [ 432.328881][T15892] RBP: 00007f92795e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 432.338174][T15892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 432.347329][T15892] R13: 000000000000006e R14: 00007f9279704038 R15: 00007ffd401f3008 [ 432.356190][T15892] [ 432.359256][T15892] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 432.366568][T15892] CPU: 0 PID: 15892 Comm: syz.3.2733 Not tainted 6.10.0-rc7-syzkaller-00262-g70c676cb3dfc #0 [ 432.376759][T15892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 432.386852][T15892] Call Trace: [ 432.390163][T15892] [ 432.393124][T15892] dump_stack_lvl+0x241/0x360 [ 432.397863][T15892] ? __pfx_dump_stack_lvl+0x10/0x10 [ 432.403295][T15892] ? __pfx__printk+0x10/0x10 [ 432.407947][T15892] ? vscnprintf+0x5d/0x90 [ 432.412324][T15892] panic+0x349/0x860 [ 432.416271][T15892] ? __warn+0x172/0x4e0 [ 432.420461][T15892] ? __pfx_panic+0x10/0x10 [ 432.424930][T15892] __warn+0x346/0x4e0 [ 432.428935][T15892] ? _ieee80211_change_chanctx+0x34b/0x1240 [ 432.434847][T15892] report_bug+0x2b3/0x500 [ 432.439200][T15892] ? _ieee80211_change_chanctx+0x34b/0x1240 [ 432.445117][T15892] handle_bug+0x3e/0x70 [ 432.449283][T15892] exc_invalid_op+0x1a/0x50 [ 432.453796][T15892] asm_exc_invalid_op+0x1a/0x20 [ 432.458670][T15892] RIP: 0010:_ieee80211_change_chanctx+0x34b/0x1240 [ 432.465186][T15892] Code: 05 74 1a 83 fd 0d 75 1c e8 e2 9e 8f f6 eb 25 e8 db 9e 8f f6 eb 1e e8 d4 9e 8f f6 eb 17 e8 cd 9e 8f f6 eb 10 e8 c6 9e 8f f6 90 <0f> 0b 90 eb 05 e8 bb 9e 8f f6 48 8b 2c 24 4c 89 7c 24 60 4c 89 ff [ 432.484806][T15892] RSP: 0018:ffffc9000445eba8 EFLAGS: 00010283 [ 432.490890][T15892] RAX: ffffffff8b06895a RBX: ffff888070a93cf6 RCX: 0000000000040000 [ 432.498870][T15892] RDX: ffffc90009bd1000 RSI: 00000000000008c1 RDI: 00000000000008c2 [ 432.506851][T15892] RBP: 0000000000000007 R08: 0000000000000005 R09: ffffffff8b0688ff [ 432.514828][T15892] R10: 0000000000000007 R11: ffff888063181e00 R12: dffffc0000000000 [ 432.522808][T15892] R13: ffff888070a93c00 R14: ffff888070a93c00 R15: ffff88806ef90e20 [ 432.530801][T15892] ? _ieee80211_change_chanctx+0x2ef/0x1240 [ 432.536712][T15892] ? _ieee80211_change_chanctx+0x34a/0x1240 [ 432.542634][T15892] ? _ieee80211_change_chanctx+0x34a/0x1240 [ 432.548569][T15892] ieee80211_recalc_chanctx_chantype+0xf27/0xfb0 [ 432.555007][T15892] ? __pfx_ieee80211_recalc_chanctx_chantype+0x10/0x10 [ 432.561988][T15892] ? ieee80211_link_update_chanreq+0x8c/0x2f0 [ 432.568085][T15892] ? __asan_memcpy+0x40/0x70 [ 432.572683][T15892] ? ieee80211_link_update_chanreq+0x299/0x2f0 [ 432.578929][T15892] ieee80211_link_change_chanreq+0x11a6/0x1470 [ 432.585190][T15892] ? __pfx_ieee80211_link_change_chanreq+0x10/0x10 [ 432.591721][T15892] ? cfg80211_get_chans_dfs_required+0xae2/0xb60 [ 432.598110][T15892] ieee80211_set_ap_chanwidth+0x1d5/0x2f0 [ 432.603839][T15892] ? ieee80211_get_channel_khz+0x173/0x920 [ 432.609657][T15892] ? __pfx_ieee80211_set_ap_chanwidth+0x10/0x10 [ 432.615939][T15892] rdev_set_ap_chanwidth+0x118/0x2b0 [ 432.621263][T15892] __nl80211_set_channel+0x528/0x660 [ 432.626563][T15892] ? nl80211_set_wiphy+0x279/0x2c80 [ 432.631866][T15892] ? __pfx___nl80211_set_channel+0x10/0x10 [ 432.637714][T15892] ? lockdep_hardirqs_on+0x99/0x150 [ 432.642942][T15892] nl80211_set_wiphy+0x1215/0x2c80 [ 432.648080][T15892] ? __pfx___sanitizer_cov_trace_pc+0x10/0x10 [ 432.654207][T15892] ? nl80211_pre_doit+0x5f/0x8b0 [ 432.659243][T15892] ? __pfx_netdev_run_todo+0x10/0x10 [ 432.664548][T15892] ? __pfx_nl80211_set_wiphy+0x10/0x10 [ 432.670134][T15892] ? __nla_parse+0x40/0x60 [ 432.674578][T15892] genl_rcv_msg+0xb14/0xec0 [ 432.679097][T15892] ? mark_lock+0x9a/0x350 [ 432.683446][T15892] ? __pfx_genl_rcv_msg+0x10/0x10 [ 432.688509][T15892] ? __pfx_lock_acquire+0x10/0x10 [ 432.693544][T15892] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 432.698936][T15892] ? __pfx_nl80211_set_wiphy+0x10/0x10 [ 432.704409][T15892] ? __pfx_nl80211_post_doit+0x10/0x10 [ 432.709969][T15892] ? __pfx___might_resched+0x10/0x10 [ 432.715300][T15892] netlink_rcv_skb+0x1e3/0x430 [ 432.720086][T15892] ? __pfx_genl_rcv_msg+0x10/0x10 [ 432.725124][T15892] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 432.730467][T15892] ? __netlink_deliver_tap+0x77e/0x7c0 [ 432.735968][T15892] genl_rcv+0x28/0x40 [ 432.739960][T15892] netlink_unicast+0x7ea/0x980 [ 432.744750][T15892] ? __pfx_netlink_unicast+0x10/0x10 [ 432.750080][T15892] ? __virt_addr_valid+0x183/0x530 [ 432.755221][T15892] ? __check_object_size+0x49c/0x900 [ 432.760526][T15892] ? bpf_lsm_netlink_send+0x9/0x10 [ 432.765661][T15892] netlink_sendmsg+0x8db/0xcb0 [ 432.770459][T15892] ? __pfx_netlink_sendmsg+0x10/0x10 [ 432.775769][T15892] ? __import_iovec+0x536/0x820 [ 432.780643][T15892] ? aa_sock_msg_perm+0x91/0x160 [ 432.785600][T15892] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 432.790905][T15892] ? security_socket_sendmsg+0x87/0xb0 [ 432.796383][T15892] ? __pfx_netlink_sendmsg+0x10/0x10 [ 432.801769][T15892] __sock_sendmsg+0x221/0x270 [ 432.806468][T15892] ____sys_sendmsg+0x525/0x7d0 [ 432.811256][T15892] ? __pfx_____sys_sendmsg+0x10/0x10 [ 432.816575][T15892] __sys_sendmsg+0x2b0/0x3a0 [ 432.821212][T15892] ? __pfx___sys_sendmsg+0x10/0x10 [ 432.826392][T15892] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 432.832734][T15892] ? do_syscall_64+0x100/0x230 [ 432.837520][T15892] ? do_syscall_64+0xb6/0x230 [ 432.842218][T15892] do_syscall_64+0xf3/0x230 [ 432.846742][T15892] ? clear_bhb_loop+0x35/0x90 [ 432.851432][T15892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.857347][T15892] RIP: 0033:0x7f9279575bd9 [ 432.861770][T15892] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 432.881384][T15892] RSP: 002b:00007f927a26e048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 432.889924][T15892] RAX: ffffffffffffffda RBX: 00007f9279704038 RCX: 00007f9279575bd9 [ 432.897906][T15892] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000007 [ 432.905897][T15892] RBP: 00007f92795e4e60 R08: 0000000000000000 R09: 0000000000000000 [ 432.913888][T15892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 432.921909][T15892] R13: 000000000000006e R14: 00007f9279704038 R15: 00007ffd401f3008 [ 432.929906][T15892] [ 432.933258][T15892] Kernel Offset: disabled [ 432.937714][T15892] Rebooting in 86400 seconds..