last executing test programs: 1m12.500105084s ago: executing program 0 (id=3026): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000006c0)=ANY=[@ANYBLOB="780000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="15010000000000005000128009000100766c616e00000000400002800600010002000000340003800c400100178b0000040000000c00010007000000fcffffff0c00010007", @ANYRES32=r1], 0x78}}, 0x0) 1m0.972765886s ago: executing program 0 (id=3026): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000006c0)=ANY=[@ANYBLOB="780000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="15010000000000005000128009000100766c616e00000000400002800600010002000000340003800c400100178b0000040000000c00010007000000fcffffff0c00010007", @ANYRES32=r1], 0x78}}, 0x0) 48.204874886s ago: executing program 0 (id=3026): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000006c0)=ANY=[@ANYBLOB="780000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="15010000000000005000128009000100766c616e00000000400002800600010002000000340003800c400100178b0000040000000c00010007000000fcffffff0c00010007", @ANYRES32=r1], 0x78}}, 0x0) 36.094671868s ago: executing program 0 (id=3026): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000006c0)=ANY=[@ANYBLOB="780000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="15010000000000005000128009000100766c616e00000000400002800600010002000000340003800c400100178b0000040000000c00010007000000fcffffff0c00010007", @ANYRES32=r1], 0x78}}, 0x0) 25.522071129s ago: executing program 0 (id=3026): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000006c0)=ANY=[@ANYBLOB="780000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="15010000000000005000128009000100766c616e00000000400002800600010002000000340003800c400100178b0000040000000c00010007000000fcffffff0c00010007", @ANYRES32=r1], 0x78}}, 0x0) 15.08232418s ago: executing program 1 (id=3884): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r0) r2 = gettid() r3 = getpid() ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000080)={'wpan1\x00'}) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x1, 0xb, 0x5, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000080)={r4, &(0x7f0000000240), 0x20000000}, 0x20) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x1, 0x0, 0x0, {{@in6=@private2, @in=@multicast1, 0x0, 0x0, 0x0, 0xfffe}, {@in=@empty, 0x0, 0x33}, @in=@remote, {}, {}, {}, 0x0, 0x0, 0xa}}, 0xf0}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x8, &(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="000000000000000018200000", @ANYRES32, @ANYBLOB="000000feffffffffffffff00fcffff51"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r5, 0x89f1, &(0x7f0000000900)={'ip6gre0\x00', @random="0600002000"}) r6 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r6, 0x0, 0x21, &(0x7f0000d10ffc), 0x3) r7 = gettid() r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={r7, r8, 0x0, 0x0, 0x0}, 0x30) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)={0xfffffffffffffe63, r1, 0x1, 0x70bd27, 0x25dfdbff, {}, [@NL802154_ATTR_PID={0x8, 0x1c, r2}, @NL802154_ATTR_PID={0x8, 0x1c, r3}, @NL802154_ATTR_WPAN_DEV={0xc}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r8}, @NL802154_ATTR_PID={0x8, 0x1c, 0xffffffffffffffff}, @NL802154_ATTR_PID={0x8, 0x1c, r7}]}, 0x48}, 0x1, 0x0, 0x0, 0x40d4}, 0x1) r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r0) sendmsg$IEEE802154_LIST_PHY(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000004c0)={0x14, r9, 0x1, 0x70bd25, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x8080) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000001fd8)=ANY=[@ANYBLOB="7b00000000000000bc1010000000000904000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xb, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 14.649971774s ago: executing program 1 (id=3886): r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) r3 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r3, &(0x7f0000000080)={0x1d, r2, 0x0, {0x0, 0x0, 0x4}}, 0x18) sendmsg$can_j1939(r3, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) setsockopt$SO_J1939_ERRQUEUE(r3, 0x6b, 0x4, &(0x7f0000000100)=0x1, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=@newtfilter={0x24, 0x11, 0x1, 0x74bd2b, 0x0, {0x0, 0x0, 0x74, r4, {0x6, 0x4}, {0x0, 0x4}, {0xa}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) 14.26485479s ago: executing program 1 (id=3888): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000025000a20000000000a01030000000000000000010000000900010073797a300000000040000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000900020073797a3000000000600000000c0a01020000000000000000010000000900020073797a320000000034000380300000800800067f1e10dce1ae0f1156ea400000000024000b8020000180070001006374000014000280080001400000000008000240000000000900010073797a3000000000140000001000010000000000000000000000000a"], 0xe8}, 0x1, 0x0, 0x0, 0x4000080}, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r1, &(0x7f0000000000), 0x10) setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, &(0x7f0000000140)=[{{0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x1}}, {{0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}], 0xe) unshare(0x22020600) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='ext4_writepages_result\x00', r3}, 0x10) r5 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r4}, 0x8) close(r5) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, r5, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x8031, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) setsockopt$sock_attach_bpf(r2, 0x1, 0x34, &(0x7f0000000040), 0x4) setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, &(0x7f0000000000), 0x0) r6 = socket$inet(0x2, 0x3, 0x5) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r6, 0x89f0, &(0x7f0000000380)={'sit0\x00', &(0x7f00000001c0)={'tunl0\x00', 0x0, 0x8000, 0x80, 0x99, 0xff, {{0x19, 0x4, 0x1, 0x0, 0x64, 0x67, 0x0, 0x4, 0xa7af547ebaa3f003, 0x0, @private, @rand_addr=0x64010101, {[@timestamp={0x44, 0x14, 0x4a, 0x0, 0x5, [0x5, 0x101, 0x8, 0x7]}, @ra={0x94, 0x4, 0x1}, @timestamp_prespec={0x44, 0xc, 0x96, 0x3, 0x7, [{@local}]}, @timestamp={0x44, 0x14, 0xd4, 0x0, 0xc, [0x3, 0xc, 0x3, 0x2]}, @ssrr={0x89, 0xb, 0x2c, [@remote, @rand_addr=0x64010102]}, @rr={0x7, 0xb, 0x7a, [@dev={0xac, 0x14, 0x14, 0x3f}, @dev={0xac, 0x14, 0x14, 0x22}]}]}}}}}) sendmsg$nl_route_sched(r6, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)=@getqdisc={0x48, 0x26, 0x400, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0x2}, {0x3, 0xf}, {0xf, 0xe}}, [{0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x1}]}, 0x48}}, 0x4000) r8 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r8, &(0x7f0000000780), 0x0, 0x0) r9 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r8, 0x84, 0x10, &(0x7f0000000900)=@assoc_value={r10, 0x9}, 0x8) getsockopt$MRT(r6, 0x0, 0xcf, 0x0, 0x0) r11 = socket$inet6(0xa, 0x80002, 0x88) setsockopt$inet6_udp_int(r11, 0x11, 0xa, &(0x7f0000000080)=0x6, 0x4) sendmmsg$inet(r11, &(0x7f0000001880)=[{{&(0x7f0000000100)={0x2, 0x4e20, @remote}, 0x10, 0x0}}], 0x1, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 12.763321596s ago: executing program 0 (id=3026): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000006c0)=ANY=[@ANYBLOB="780000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="15010000000000005000128009000100766c616e00000000400002800600010002000000340003800c400100178b0000040000000c00010007000000fcffffff0c00010007", @ANYRES32=r1], 0x78}}, 0x0) 10.987192362s ago: executing program 1 (id=3893): ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f0000000140)={'veth0_to_batadv\x00', {0x2, 0x4e20, @remote}}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r0, r1, 0x2, 0x2, 0x0, @void, @value}, 0x10) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r2, r3, 0x2, 0x2, 0x0, @void, @value}, 0x10) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x103, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0xffffffff, 0x0, 0x0, 0x40f00, 0x6b, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r7}, 0x10) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00', r8}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r4, r5, 0x2, 0x2, 0x0, @void, @value}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) 10.425826292s ago: executing program 1 (id=3896): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48) (async, rerun: 32) bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) (rerun: 32) listen(0xffffffffffffffff, 0x3) (async) socket$phonet(0x23, 0x2, 0x1) (async) r0 = socket$inet_dccp(0x2, 0x6, 0x0) sendmmsg(r0, &(0x7f0000000c80)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000000740)="912cd6b7b4889d9ae88091c860ecf81c65caaa03916f1346", 0x18}, {&(0x7f0000000940)="48fb5ecd16bbd0e17af5b5d9bbc633e31d8a35a241b06fa05d2d047fd80c291340d526456e3d1a7a8b152f089d2be8d90ee66c1b5884a48c4bda06490bc911d05257948a5f613dffc2d6aa26f7787714f21cf6009bd15c1db57ee4ea5bb527102361cd558a9f1fd273981933cbcfac3939953686df6008a561074d5a3ece68802a2fb02aa939f2723b20cfdf426b3a8346347ebd1b984f2f66dcee5ec0c9435713b936f21633f4e48774d9646e64fbc8efa2065d2c88c107f1149972a1a8174041d33ced88417ba56967dc863d862610d9151ede59f08cf7731020976e536f43", 0xe0}, {&(0x7f0000000a40)}, {&(0x7f0000000ac0)="932d2708210c24411a2548743ca667ec878efef190f34bed389fb54b5641eb095625925c1a50c0d659be0f17a1268881a71d2fe0c166e2b4dbf808778841ba7e72c363bfa902c3b270da922426eeed6ecbb6ae6f748fcb2fcc61a50b15434ee153670fba00a3ccdb30569a2fda7ff125e6f55f1cdf852d52aca2b92bf4e16ba34d6ac2eb3004c26502e5222860a6ed70201603cf063642f7229f989c94f73461cc18b7e3781128976e5302c59c6e706e181cd75cf2", 0xb5}], 0x4}}], 0x4, 0x4) (async) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r1, 0x84, 0x83, &(0x7f00000002c0), 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async, rerun: 64) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async, rerun: 64) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x37, 0x301, 0x270bd27, 0x25dfdbfc, {0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x5}, 0x0) (async) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700) (async) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r4, &(0x7f00000000c0), 0x9) sendfile(r4, r3, 0x0, 0x10000) (async, rerun: 64) r5 = openat$cgroup_ro(r4, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (rerun: 64) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r6, &(0x7f0000000200), 0x806000) (async) ioctl$FS_IOC_RESVSP(r6, 0x40305829, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x9ffffc}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000500), r2) (async, rerun: 32) r7 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r8 = syz_genetlink_get_family_id$gtp(&(0x7f0000000400), 0xffffffffffffffff) (async, rerun: 64) r9 = syz_open_procfs$namespace(0x0, &(0x7f0000000600)='ns/pid\x00') (rerun: 64) sendmsg$GTP_CMD_GETPDP(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x2c, r8, 0x1, 0x0, 0x0, {}, [@GTPA_VERSION={0x8}, @GTPA_NET_NS_FD={0x8, 0x7, r9}, @GTPA_LINK={0x8}]}, 0x2c}}, 0x0) (async, rerun: 32) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12812, r5, 0x0) (rerun: 32) 10.008632371s ago: executing program 1 (id=3898): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r3, &(0x7f0000000080)={0x1d, 0x0, 0x0, {0x0, 0x0, 0x4}}, 0x18) sendmsg$can_j1939(r3, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee) setsockopt$SO_J1939_ERRQUEUE(r3, 0x6b, 0x4, &(0x7f0000000100)=0x1, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=@newtfilter={0x24, 0x11, 0x1, 0x74bd2b, 0x0, {0x0, 0x0, 0x74, r4, {0x6, 0x4}, {0x0, 0x4}, {0xa}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) 4.415233219s ago: executing program 4 (id=3931): r0 = syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x34, r3, 0x1, 0xfffffffe, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20048051}, 0xc084) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r1}, 0x8) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x20, 0xf, &(0x7f00000004c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpin6={0x18, 0x1, {0x0, r0, 0x1, 0x3, 0x3, 0x4, {0xa, 0x4e22, 0xfffffff8, @local, 0x9}}}, 0x32) syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) 4.253713554s ago: executing program 4 (id=3933): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b00)={0x3c, r1, 0x1, 0x80000, 0x25dfdbfb, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x80008000}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_REMOVE(r5, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x70, r6, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0x18, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @multicast2}}]}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x11}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x5}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x8e}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x3}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x49}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}]}, 0x70}, 0x1, 0x0, 0x0, 0x4}, 0x1) close(r4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_int(r7, &(0x7f0000000080)='pids.max\x00', 0x2, 0x0) write$cgroup_subtree(r8, &(0x7f0000000300)=ANY=[@ANYRESDEC], 0x9) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @random="a78092d4436f"}) sendmsg$nl_route_sched(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000005b80)=@delchain={0x24, 0x26, 0xf31}, 0x24}}, 0x0) recvmmsg(r3, &(0x7f0000001b80)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}, 0x3}], 0x2, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000010000000000000000000000711216000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) 3.700342102s ago: executing program 2 (id=3937): mmap(&(0x7f0000400000/0x3000)=nil, 0x3000, 0x0, 0x4d032, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f00000001c0)={@mcast2={0xff, 0x5}, @mcast1, @mcast2, 0x800000, 0xa, 0x0, 0x0, 0x7ffffffe, 0x140192, r5}) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f0000000400)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_SET_LBT_MODE(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="010026bd7000fddbdf251200000008000300", @ANYRES32=r10], 0x1c}, 0x1, 0x0, 0x0, 0x40810}, 0x4010) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newtfilter={0x6c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x3c, 0x2, [@TCA_BASIC_EMATCHES={0x38, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x2c, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1}, @TCF_EM_META={0x18, 0x2, 0x0, 0x0, {{}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x1}}}]}}]}]}]}}]}, 0x6c}}, 0x0) 1.415309261s ago: executing program 4 (id=3938): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg$inet(r1, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$kcm(0x29, 0xc, 0x0) r2 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r2, 0x0, 0x0) syz_init_net_socket$x25(0x9, 0x5, 0x0) close(0x4) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r4, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8) bind$inet(r3, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10) sendmmsg(r3, &(0x7f0000003a80)=[{{&(0x7f00000000c0)=@in={0x2, 0x4e24, @loopback}, 0x80, 0x0}}], 0x1, 0x20000020) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) close(0x4) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=@newtaction={0x64, 0x30, 0x1, 0x0, 0x0, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6}]}, {0x4002}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) 1.361693904s ago: executing program 2 (id=3939): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) close(r2) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r1) sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fdb8df250a0000001400018008ea0a007369700006000100021c0000"], 0x28}, 0x1, 0x0, 0x0, 0x240000c0}, 0x88000) r4 = socket(0x1e, 0x5, 0x0) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000, 0x0, 0x0, 0x0, 0x0, 0xf7, 0x2000}, 0x1c) getsockname$netlink(r4, &(0x7f0000000040), &(0x7f0000000080)=0xc) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000080)=""/91, 0x22000, 0x1000, 0xffffffff, 0x2}, 0x20) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async) close(r2) (async) syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r1) (async) sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010027bd7000fdb8df250a0000001400018008ea0a007369700006000100021c0000"], 0x28}, 0x1, 0x0, 0x0, 0x240000c0}, 0x88000) (async) socket(0x1e, 0x5, 0x0) (async) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000, 0x0, 0x0, 0x0, 0x0, 0xf7, 0x2000}, 0x1c) (async) getsockname$netlink(r4, &(0x7f0000000040), &(0x7f0000000080)=0xc) (async) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f0000000100)={&(0x7f0000000080)=""/91, 0x22000, 0x1000, 0xffffffff, 0x2}, 0x20) (async) 1.306344148s ago: executing program 2 (id=3940): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000180)={@empty, 0x0}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000440)=ANY=[@ANYBLOB="f80000005400100029bd7000fddbdf2507000000", @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=r2, @ANYBLOB="00020300ac1e00010000000000000000000000008edd000020000100", @ANYRES32=r2, @ANYBLOB="00000200000000000000000000000000000000000000000020000100", @ANYRES32=r1, @ANYBLOB="01010200fc0000000000000000000000000000010800000020000100", @ANYRES32=r1, @ANYBLOB="00010000200100000000000000000000000000018edd000020000100", @ANYRES32=r1, @ANYBLOB="01030400fc0000000000000000000000000000008edd000020000100", @ANYRES32=r1, @ANYBLOB="00000100fe8000000000000000000000000000aa0800000020000100", @ANYRES32=r1, @ANYBLOB="000401000000000000000000000000000000000008000000"], 0xf8}}, 0x0) (async) r3 = socket$inet(0xa, 0x801, 0x84) r4 = socket(0x28, 0x5, 0x0) (async) r5 = socket(0x28, 0x5, 0x0) bind$vsock_stream(r5, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) (async) listen(r5, 0x0) connect$vsock_stream(r4, &(0x7f0000000080), 0x10) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) (async) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r7, &(0x7f0000000200), 0xf000) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x12, r6, 0x0) (async) accept4$inet(r5, &(0x7f00000000c0)={0x2, 0x0, @broadcast}, &(0x7f0000000280)=0x10, 0x0) connect$inet(r3, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r3, 0x8) (async) r8 = accept4(r3, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f0000000280)={0x0, @in={{0x2, 0x4e23, @empty}}, 0x9, 0x7f, 0xfffffffb, 0x3f1, 0x63, 0x0, 0x9}, &(0x7f00000003c0)=0x9c) (async) connect$inet6(r8, &(0x7f0000000000)={0xa, 0x4e24, 0x7, @dev={0xfe, 0x80, '\x00', 0x26}, 0xf}, 0x1c) 1.161042656s ago: executing program 4 (id=3942): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$NL80211_CMD_DEL_PMK(r0, 0x0, 0x8004) sendmsg$nl_xfrm(r0, &(0x7f0000000940)={0x0, 0xfffffff0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000090000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001000000003c0000000a000000fe8000000000000000000000000000aa0000000001000000000000000000000000000000ff010000000000000000000000000001000000002b0000000a000000fe8800000000000000000000000000010000000000000000000000000000000000000000ff020000000000000000000000000001000000003200000002000000fe8000000000000000000000000000000000000004"], 0x254}}, 0x0) 1.089741507s ago: executing program 2 (id=3943): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_init_net_socket$ax25(0x3, 0x3, 0xcd) getsockopt$ax25_int(r1, 0x101, 0x8, &(0x7f0000000140), &(0x7f0000000180)=0x4) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000100)) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000140)) getuid() r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x50, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x18, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}, @IFLA_MACVLAN_MACADDR_DATA={0x4}, @IFLA_MACVLAN_MACADDR_MODE={0x8, 0x3, 0x3}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@bridge_newvlan={0x48, 0x70, 0x400, 0x70bd2c, 0x25dfdbff, {0x7, 0x0, 0x0, r4}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x6}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_STATE={0x5}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_MCAST_ROUTER={0x5, 0x6, 0x2}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_RANGE={0x6, 0x2, 0xd}}]}, 0x48}}, 0x20004000) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x8040) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a74000000060a09040000000000000000020000000900010073797a30000000000900020073797a320000000048000480440001800c0001007061796c6f6164003400028008000440000000000800084029ba70c408000240000000000800054000000000080003"], 0x9c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) syz_init_net_socket$ax25(0x3, 0x3, 0xcd) (async) getsockopt$ax25_int(r1, 0x101, 0x8, &(0x7f0000000140), &(0x7f0000000180)=0x4) (async) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) (async) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000100)) (async) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000140)) (async) getuid() (async) socket$nl_route(0x10, 0x3, 0x0) (async) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'macvlan0\x00'}) (async) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=@newlink={0x50, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x18, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}, @IFLA_MACVLAN_MACADDR_DATA={0x4}, @IFLA_MACVLAN_MACADDR_MODE={0x8, 0x3, 0x3}]}}}, @IFLA_LINK={0x8, 0x5, r4}]}, 0x50}}, 0x0) (async) sendmsg$nl_route(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@bridge_newvlan={0x48, 0x70, 0x400, 0x70bd2c, 0x25dfdbff, {0x7, 0x0, 0x0, r4}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0x0, 0x6}}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_STATE={0x5}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_MCAST_ROUTER={0x5, 0x6, 0x2}}, @BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_RANGE={0x6, 0x2, 0xd}}]}, 0x48}}, 0x20004000) (async) sendmsg$NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x8040) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a74000000060a09040000000000000000020000000900010073797a30000000000900020073797a320000000048000480440001800c0001007061796c6f6164003400028008000440000000000800084029ba70c408000240000000000800054000000000080003"], 0x9c}}, 0x0) (async) 1.088793363s ago: executing program 4 (id=3944): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r4, 0x0, 0xce, &(0x7f0000000000), &(0x7f0000000200)=0xfffffffffffffea4) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@ipv6_delroute={0x38, 0x19, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@RTA_PRIORITY={0x8, 0x1e, 0x400}, @RTA_GATEWAY={0x14, 0x5, @mcast2}]}, 0x38}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x4c, 0x10, 0xffffff1f, 0xfffffffc, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x3}, @IFLA_GRE_REMOTE={0x8, 0x7, @remote}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x4c}}, 0x8080) 1.014937795s ago: executing program 3 (id=3945): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) socket$xdp(0x2c, 0x3, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a68000000060a0b040000000000000000020000003c000480140001800c000100636f756e746572000400028024000180090001006d65746100000000140002800800024000000003080003400000efe60900010073797a30000000000900020073797a32"], 0x90}}, 0x0) 942.830901ms ago: executing program 3 (id=3946): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x8) sendto$inet6(r0, &(0x7f0000000140)="f4", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00'}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00', 0x90}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0x0, 0x5}, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={0x1, 0x58, &(0x7f0000000180)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r1, 0x0, 0x18}, 0xc) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="d80000001c0081044e81f782db44b904021d080201000000207e12a118000c", 0x1f}], 0x1, 0x0, 0x0, 0x7400}, 0x0) socket$kcm(0x10, 0x2, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r3 = socket$kcm(0x10, 0x3, 0x10) socketpair(0x22, 0x5, 0xa65, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000300)={0x0, 0xd6, "7176a37aef546d61c0c26fa2e24b1f64edb35603b2a780f50eec643559fd6da0f15a41809b5ebd803d67e1ef12a8618cd378e84a2a30003d7e606e6c0c34882a79c3e0a9048b343256d3d74f3a9cbfee9e321107c1ed8bf6186773bdd50bdf3fc5b8f7cf22038226ae52f64355c3b731691b4e67a6d97579ce28e1756a7e50b3ef01d2a40dacdf6aae69faa80fd0b351bbb3677e5b120d44556bb39843be91a833fd4ed193a5ab1bf234644962af57943e730c4d20a6a11d55cdb285da1ef38fabe6d9d3244a222c5552221852e706c2f2c3dc825d59"}, &(0x7f0000000280)=0xde) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r4, 0x84, 0x70, &(0x7f0000000400)={r5, @in={{0x2, 0x4e23, @multicast2}}, [0xc813, 0x3, 0x5c84653b, 0x5, 0x80000000, 0x6f2e79f6, 0x40, 0x8, 0x8, 0x5, 0x7, 0x8000, 0x7, 0x2, 0xc142]}, &(0x7f0000000500)=0x100) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c064001000009053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$inet_udp(0x2, 0x2, 0x0) r8 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r8, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) bind$inet(r7, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x4, @multicast2}, 0x14) setsockopt$inet_IP_XFRM_POLICY(r7, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@dev={0xac, 0x14, 0x14, 0x3d}, @in6=@private2, 0x0, 0x0, 0x4e22, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, {}, 0x0, 0x0, 0x1, 0x0, 0x7}, {{@in, 0x4d6, 0x33}, 0x0, @in6=@empty, 0x0, 0x2, 0x0, 0xb7}}, 0xe8) getsockname$llc(0xffffffffffffffff, 0x0, 0x0) sendmmsg(r7, &(0x7f0000007fc0), 0x800001d, 0x0) r9 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r6) sendmsg$NLBL_CIPSOV4_C_ADD(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01000000000000000000030000000400048008f60200010000000800010000000000040008801c000c800c000b800900000000000c000b8008000a00f159000000006ee12bc86a39cc9f1dd900f963a01c69cfebf60336c1297c4c9a76e7b48e9bbd6b8bfa193a08aec90b2f1b203b57bde2aaa5b0a5e14b922bf5cc14e269993ae69f2bf5a51b969b711d2a216c23c083405efe95c6080a28d37414fa"], 0x48}}, 0x0) socket$netlink(0x10, 0x3, 0x14) 833.697163ms ago: executing program 2 (id=3947): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r0}, 0x38) r1 = socket$inet6_dccp(0xa, 0x6, 0x0) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha512\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) r4 = accept4(r3, 0x0, 0x0, 0x0) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4}}]}, 0x34}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000840)={'tunl0\x00', &(0x7f00000007c0)={'ip_vti0\x00', r7, 0x20, 0x20, 0xd9, 0x3, {{0x11, 0x4, 0x0, 0x1, 0x44, 0x65, 0x0, 0x2, 0x4, 0x0, @private=0xa010100, @empty, {[@cipso={0x86, 0x23, 0x0, [{0x6, 0x10, "8cebc5fe1d97611d088d037a1b66"}, {0x6, 0xd, "100aef6c3ae67bb1de8c98"}]}, @noop, @timestamp={0x44, 0x8, 0xe0, 0x0, 0x4, [0xfffffffe]}, @ra={0x94, 0x4}]}}}}}) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'wg1\x00', &(0x7f00000004c0)=@ethtool_rxnfc={0x1e, 0x0, 0x0, {0x0, @usr_ip6_spec={@dev, @local}, {0x0, @local}, @esp_ip4_spec={@broadcast, @private}, {0x0, @link_local}}}}) sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)=ANY=[@ANYBLOB="280000002c000100000000000000006604000080140016"], 0x28}], 0x1}, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x550, 0x1c0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x480, 0xffffffff, 0xffffffff, 0x480, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0xb000000, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x298, 0x2c0, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}]}, @common=@inet=@SET1={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5b0) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x2e}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r8, 0x0, 0xe, 0x0, &(0x7f00000000c0)="e0b9545dd30a3731677b2d0bfa91", 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x3}, 0x50) r9 = accept4$packet(0xffffffffffffffff, &(0x7f0000000640), &(0x7f0000000680)=0x14, 0x800) ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000000780)={'veth0_virt_wifi\x00', &(0x7f0000000700)=@ethtool_coalesce={0xe, 0x8, 0xc920, 0xef38, 0x8, 0x7fffffff, 0x0, 0x5, 0x3, 0x100, 0x0, 0x0, 0x9, 0x2, 0x8, 0x7, 0x1, 0xa1e3, 0x7, 0x7fff, 0xa8, 0x0, 0x83dd}}) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r0}, 0x38) 738.769175ms ago: executing program 4 (id=3948): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}}, 0x1c) r2 = socket$nl_audit(0x10, 0x3, 0x9) ioctl$BTRFS_IOC_QUOTA_RESCAN(r0, 0x4040942c, &(0x7f0000000100)={0x0, 0x1, [0x7, 0x4, 0xd52a, 0x8000, 0x3, 0xb]}) sendmsg$AUDIT_SIGNAL_INFO(r2, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x33fe0}, 0x33fe0}}, 0x0) sendmsg$AUDIT_SIGNAL_INFO(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x10, 0x3f2, 0x0, 0x0, 0x25dfdbfb}, 0x10}, 0x1, 0x0, 0x0, 0x40000030}, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) ppoll(&(0x7f0000000500)=[{r3}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 588.685218ms ago: executing program 3 (id=3949): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000200)="a10100001400add427323b470c45b45602067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x1a1}], 0x1) r2 = socket(0x22, 0x2, 0x10004) r3 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_buf(r3, 0x0, 0x41, &(0x7f0000000180)=""/4096, &(0x7f0000001180)=0x28) syz_genetlink_get_family_id$fou(&(0x7f0000000000), r2) 373.687046ms ago: executing program 3 (id=3950): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) (async) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r2, &(0x7f0000000340)='0', 0x1, 0x0, &(0x7f0000000240)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}, 0x1c) (async) shutdown(r2, 0x1) (async) getsockopt$bt_hci(r2, 0x84, 0x85, &(0x7f0000003140)=""/4095, &(0x7f0000000000)=0xfff) (async) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000040)={0x8000001, 0x7}, 0x8) r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000080023e7c2d6bb35c80cbff774e6d51fa18aeb43052c1794669532e94e75ba8ee7d5aa51da000928aa682e423810ae569e9abbfd44722fb0675b672ee31190ad77b832f99"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000001c0)="88"}, 0x48) syz_emit_ethernet(0xae, &(0x7f0000000200)=ANY=[@ANYBLOB="0180c2000000a1924dc53baf86dd608800a000783afffe8000000000000000000000000000bbff0200000000000000000000000000018600907800000d000000000000000000000aa78ce54006598080a8030037000023493b87aafaffffffffffffff23732472eefa45ad96489269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af180200010000000004000001260004001801000000001b00"], 0x0) (async) close(r1) (async) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000780)=@newtaction={0xd8, 0x30, 0xffff, 0x0, 0x0, {}, [{0xc4, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c}]]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0x54, 0x2, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18}, @TCA_GACT_PROB={0xfffffffffffffe9b}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xd8}}, 0x0) (async) getsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000380), 0x10) (async) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x4) 268.16191ms ago: executing program 3 (id=3951): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001280)=ANY=[@ANYBLOB="b702000023000000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007d60b7030000010000006a0a00fe00000000850000000d000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000000000639100000000000000000000ff7f00000000cb04fcbb0ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b839994fb484510bef2e488fbac2fe6faaf75e5cc4815bd2051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5d053bdec75dcab772be2c9d2d29db3d36dd01797bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67d4c6a06e828e5216f601b19db1af1b5d356d0f015d885b4b8ffc0fa3f880287c862137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f1b1b71b5f7fc6edc76600000000826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bda6f82881eb8c9cfa72b08eecc972a3fd2c46f3c1cde71a19d1a2982492abaa96665372831210e00d2bfea3bf97ff8836d000000000000000000000000000000000000000000250d623b48a29e330900b8c552202407804f1ba1817256caf1090b71f2928ed030f3c8194cc3cbf48e2f4c9248c4c00a32d4873da3b7d66b1ce6f72aab16c923b16c4bfdbb24fb17bd198139c21c46065c6922fd705e670d0b5d6d495a773b872e8f88"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000100), 0x237, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r2 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) (async) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x1}}}}]}, 0x44}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=@newtfilter={0x54, 0x2c, 0xd27, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_flow={{0x9}, {0x24, 0x2, [@TCA_FLOW_EMATCHES={0x20, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x4}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x1, 0x8, 0x4bd}, {0xffffffffffffffff, 0x4, 0x4}}}]}]}]}}]}, 0x54}}, 0x0) (async) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async) close(r1) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0x3, 0x2d, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0xffffffffffffff53, 0x0, 0x0, 0x0}, 0x50) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x0, @void, @value}, 0x94) (async) r5 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_udp_int(r5, 0x88, 0x1, &(0x7f0000000080), 0x4) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x1f00, 0x18, 0x19, &(0x7f00000007c0)="9f44948721919580684010a40566", 0x0, 0x7ff, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39", &(0x7f0000000380)="8c5911c525f5cf4c4ecf207ad2ec", 0x0, 0x0, 0xffffffff}, 0x23) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb7, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x4a}, [@ldst={0x7}]}, &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x23) 54.47798ms ago: executing program 3 (id=3952): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000f40)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c000000030000000200000000000003"], 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) (async) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000800)={'hsr0\x00', 0x0}) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x2, [@struct={0x0, 0x2, 0x0, 0x4, 0x0, 0x0, [{0x0, 0x2}, {0x0, 0x2}]}, @int]}}, 0x0, 0x4e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) (async) r4 = socket$rxrpc(0x21, 0x2, 0xa) (async) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000006c0)='cpuset.memory_pressure\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_DEL(r5, 0x2, r0) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r4, 0x110, 0x3) connect$rxrpc(r4, &(0x7f0000000000)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @dev}}, 0x24) (async, rerun: 32) sendmsg$inet(r4, &(0x7f0000000180)={0x0, 0xfffffffffffffd6b, 0x0, 0x0, &(0x7f00000000c0)=[@ip_tos_int={{0x18, 0x110}}], 0x18, 0x4c00}, 0x0) (async, rerun: 32) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000010000000000000", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r3, @ANYBLOB="01000000010000000000000000000000000000020000000000000000c999defb181721e11f0d43f956d6b0bfa2b883834547203265e256bc799715de44f91141955094ccc12208080b566b495d1e75e417688908ef443d4c3824b986c224fd1c97a4cbc1c8840f149b5753336e565a47bd55bb5ef532991ecec17b1fd90bccecd0dc6afc0120148cee24e8671395f55e42399fff8cff9548a9b6b630af1d41c622ad6affc5aee6270f2c674a312fe6067dbd9ebf0eddbea528bc90ad8bab1a3bd79cd5179a4bcdcec715d3be981df6bcfa4502ddcf755321956d5768eaf59021571a9761adf61506667bcbec04f2a5a54584d8127891e47070c3660c2a13218ef806"], 0x48) r7 = socket(0x10, 0x3, 0x0) bind$netlink(r7, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) (async) write(r7, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26) connect$netlink(r7, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) (async) setsockopt$sock_int(r7, 0x1, 0x21, &(0x7f0000b4bffc)=0x8, 0x4) write(r7, &(0x7f0000000000)='\"', 0x1) (async) recvmmsg(r7, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0) getsockopt$inet6_buf(r7, 0x29, 0x6, &(0x7f0000000240)=""/149, &(0x7f0000000040)=0x95) (async) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f00000000c0)=[@in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e22, @loopback}], 0x20) r8 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r8, &(0x7f0000000140), 0x0, 0x40000, &(0x7f00000001c0)={0x11, 0x1c, r2, 0x1, 0x70, 0x6, @local}, 0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r2], 0x20}}, 0x0) (async, rerun: 32) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x8, 0xf, &(0x7f00000004c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x9}, [@ldst={0x0, 0x0, 0x4, 0x3, 0x0, 0x7ffffffffffffef0, 0xfffffffffffffffc}, @tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}, @exit, @jmp={0x5, 0x0, 0x3, 0x7, 0xb, 0xffffffffffffffc0, 0x4}, @initr0={0x18, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x2}, @ldst={0x3, 0x2, 0x2, 0xa, 0x2, 0x100, 0xfffffffffffffff0}, @exit]}, &(0x7f0000000300)='syzkaller\x00', 0x6, 0x1000, &(0x7f0000001500)=""/4096, 0x41000, 0x0, '\x00', r2, @fallback=0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3, &(0x7f0000000580)=[r6, r6, r6], &(0x7f00000005c0)=[{0x1, 0x2, 0x4, 0x6}, {0x4, 0x3, 0x1, 0x4}, {0x3, 0x4, 0xe, 0x4}], 0x10, 0x7, @void, @value}, 0x94) (rerun: 32) ioctl$BTRFS_IOC_DEFRAG(r9, 0x50009402, 0x0) (async) socket$key(0xf, 0x3, 0x2) 0s ago: executing program 2 (id=3953): r0 = socket$netlink(0x10, 0x3, 0x0) (async) pread64(0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffff9) (async) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_emit_ethernet(0x1f, &(0x7f0000000080)=ANY=[@ANYRES64=r1, @ANYRES8=r1, @ANYBLOB="955f3c01855f1a40c1c7e6b74a2d2540ecd13ee814b1a48c4989c862405787c150bd942d845809d2285aba0e673475186f556c8ecaee12a4cea174e326", @ANYRES16=r0, @ANYRES64=r0], 0x0) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0x22, 0x0, &(0x7f0000000440)="f6020000008ad645eef854849d63bd5260ce0a538d11a0681af188ab66a578bb3fb7", 0x0, 0xffffffff, 0x0, 0x2, 0x0, &(0x7f0000000700)="010a", 0x0}, 0x50) (async) r2 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f00000001c0)='devices.deny\x00', 0x2, 0x0) write$cgroup_devices(r2, &(0x7f0000000240)={'b', ' *:* ', 'rm\x00'}, 0x9) (async) sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="180000007a00010600000000000000000700430ca9"], 0x18}], 0x1}, 0x0) kernel console output (not intermixed with test programs): er this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 387.745609][T17341] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 387.811324][T17341] hsr_slave_0: entered promiscuous mode [ 387.820001][T17341] hsr_slave_1: entered promiscuous mode [ 387.826921][T17341] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 387.839459][T17341] Cannot create hsr debugfs directory [ 387.845121][T17362] bridge0: port 1(bridge_slave_0) entered blocking state [ 387.852604][T17362] bridge0: port 1(bridge_slave_0) entered disabled state [ 387.860745][T17362] bridge_slave_0: entered allmulticast mode [ 387.868320][T17362] bridge_slave_0: entered promiscuous mode [ 387.875764][T17362] bridge0: port 2(bridge_slave_1) entered blocking state [ 387.884021][T17362] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.891783][T17362] bridge_slave_1: entered allmulticast mode [ 387.900415][T17362] bridge_slave_1: entered promiscuous mode [ 387.956671][T17362] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 387.969797][T17362] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 388.023662][T17362] team0: Port device team_slave_0 added [ 388.036343][T17362] team0: Port device team_slave_1 added [ 388.076565][T17362] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 388.084120][T17362] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 388.112206][T17362] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 388.178867][T17362] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 388.186042][T17362] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 388.189193][T17403] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3485'. [ 388.217917][T17362] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 388.261586][T17341] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.416317][T17404] netlink: 'syz.4.3485': attribute type 10 has an invalid length. [ 388.469093][T17405] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3485'. [ 388.584653][T17408] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3486'. [ 388.607638][T17408] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3486'. [ 388.636774][T17408] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3486'. [ 388.672748][T17408] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3486'. [ 388.867932][ T5147] Bluetooth: hci3: command tx timeout [ 389.582420][T17341] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.592750][ T5147] Bluetooth: hci1: command tx timeout [ 389.630406][T17362] hsr_slave_0: entered promiscuous mode [ 389.643396][T17362] hsr_slave_1: entered promiscuous mode [ 389.650654][T17362] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 389.658538][T17362] Cannot create hsr debugfs directory [ 389.664148][T17404] bridge0: left allmulticast mode [ 389.675451][T17404] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 389.722035][T17341] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.810402][T17341] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.954141][T17430] ebtables: ebtables: counters copy to user failed while replacing table [ 389.991081][T17437] FAULT_INJECTION: forcing a failure. [ 389.991081][T17437] name failslab, interval 1, probability 0, space 0, times 0 [ 390.008499][T17437] CPU: 0 UID: 0 PID: 17437 Comm: syz.4.3490 Not tainted 6.13.0-rc2-syzkaller-00390-g9bc5c9515b48 #0 [ 390.019420][T17437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 390.029597][T17437] Call Trace: [ 390.032896][T17437] [ 390.035846][T17437] dump_stack_lvl+0x241/0x360 [ 390.040569][T17437] ? __pfx_dump_stack_lvl+0x10/0x10 [ 390.045799][T17437] ? __pfx__printk+0x10/0x10 [ 390.050478][T17437] ? ref_tracker_alloc+0x332/0x490 [ 390.055626][T17437] should_fail_ex+0x3b0/0x4e0 [ 390.060345][T17437] should_failslab+0xac/0x100 [ 390.065051][T17437] ? skb_clone+0x20c/0x390 [ 390.069499][T17437] kmem_cache_alloc_noprof+0x70/0x380 [ 390.074915][T17437] skb_clone+0x20c/0x390 [ 390.079197][T17437] __netlink_deliver_tap+0x3cc/0x7f0 [ 390.084528][T17437] ? netlink_deliver_tap+0x2e/0x1b0 [ 390.089754][T17437] netlink_deliver_tap+0x19d/0x1b0 [ 390.094876][T17437] netlink_sendskb+0x68/0x140 [ 390.099579][T17437] netlink_unicast+0x39d/0x990 [ 390.104487][T17437] ? __pfx_netlink_unicast+0x10/0x10 [ 390.110261][T17437] netlink_rcv_skb+0x262/0x430 [ 390.115121][T17437] ? __pfx_genl_rcv_msg+0x10/0x10 [ 390.116985][T17440] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3493'. [ 390.120161][T17437] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 390.120222][T17437] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 390.120255][T17437] genl_rcv+0x28/0x40 [ 390.120275][T17437] netlink_unicast+0x7f6/0x990 [ 390.120306][T17437] ? __pfx_netlink_unicast+0x10/0x10 [ 390.120329][T17437] ? __virt_addr_valid+0x45f/0x530 [ 390.120353][T17437] ? __phys_addr_symbol+0x2f/0x70 [ 390.120373][T17437] ? __check_object_size+0x47a/0x730 [ 390.120400][T17437] netlink_sendmsg+0x8e4/0xcb0 [ 390.120432][T17437] ? __pfx_netlink_sendmsg+0x10/0x10 [ 390.120455][T17437] ? aa_sock_msg_perm+0x91/0x160 [ 390.185020][T17437] ? __pfx_netlink_sendmsg+0x10/0x10 [ 390.190345][T17437] __sock_sendmsg+0x221/0x270 [ 390.195069][T17437] __sys_sendto+0x363/0x4c0 [ 390.199612][T17437] ? __pfx___sys_sendto+0x10/0x10 [ 390.204679][T17437] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 390.210692][T17437] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 390.217298][T17437] ? exc_page_fault+0x590/0x8b0 [ 390.222195][T17437] __x64_sys_sendto+0xde/0x100 [ 390.226998][T17437] do_syscall_64+0xf3/0x230 [ 390.231535][T17437] ? clear_bhb_loop+0x35/0x90 [ 390.236249][T17437] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 390.242276][T17437] RIP: 0033:0x7f5fe6987bac [ 390.246835][T17437] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 390.266822][T17437] RSP: 002b:00007f5fe7719ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 390.275247][T17437] RAX: ffffffffffffffda RBX: 00007f5fe7719fc0 RCX: 00007f5fe6987bac [ 390.283228][T17437] RDX: 000000000000001c RSI: 00007f5fe771a010 RDI: 0000000000000005 [ 390.291324][T17437] RBP: 0000000000000000 R08: 00007f5fe7719f14 R09: 000000000000000c [ 390.299436][T17437] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005 [ 390.307555][T17437] R13: 00007f5fe7719f68 R14: 00007f5fe771a010 R15: 0000000000000000 [ 390.315831][T17437] [ 390.495487][T17449] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3496'. [ 390.569617][T17450] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3494'. [ 390.593913][T17452] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 0, id = 0 [ 390.702460][T17341] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 390.731348][T17341] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 390.766333][T17341] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 390.789001][T17454] netlink: 'syz.4.3497': attribute type 3 has an invalid length. [ 390.804353][T17341] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 390.838435][T17362] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 390.855476][T17362] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 390.874067][T17362] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 390.901996][T17362] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 390.962261][ T5147] Bluetooth: hci3: command tx timeout [ 391.023153][T17341] 8021q: adding VLAN 0 to HW filter on device bond0 [ 391.072076][T17341] 8021q: adding VLAN 0 to HW filter on device team0 [ 391.094804][ T3471] bridge0: port 1(bridge_slave_0) entered blocking state [ 391.102479][ T3471] bridge0: port 1(bridge_slave_0) entered forwarding state [ 391.128332][ T1168] bridge0: port 2(bridge_slave_1) entered blocking state [ 391.135633][ T1168] bridge0: port 2(bridge_slave_1) entered forwarding state [ 391.156915][T17461] netlink: 'syz.4.3499': attribute type 2 has an invalid length. [ 391.166617][T17461] netlink: 'syz.4.3499': attribute type 1 has an invalid length. [ 391.169402][T17362] 8021q: adding VLAN 0 to HW filter on device bond0 [ 391.226037][T17362] 8021q: adding VLAN 0 to HW filter on device team0 [ 391.261282][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 391.268496][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 391.306553][T17341] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 391.346517][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 391.353850][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 391.436713][T17463] netlink: 'syz.4.3500': attribute type 2 has an invalid length. [ 391.457588][T17463] netlink: 'syz.4.3500': attribute type 1 has an invalid length. [ 391.511421][T17470] netlink: 'syz.2.3501': attribute type 10 has an invalid length. [ 391.513300][T17362] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 391.556911][T17362] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 391.684421][ T5147] Bluetooth: hci1: command tx timeout [ 391.736657][T17341] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 391.847304][T17483] FAULT_INJECTION: forcing a failure. [ 391.847304][T17483] name failslab, interval 1, probability 0, space 0, times 0 [ 391.860587][T17483] CPU: 0 UID: 0 PID: 17483 Comm: syz.1.3505 Not tainted 6.13.0-rc2-syzkaller-00390-g9bc5c9515b48 #0 [ 391.871385][T17483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 391.881480][T17483] Call Trace: [ 391.884781][T17483] [ 391.887009][T17341] veth0_vlan: entered promiscuous mode [ 391.887718][T17483] dump_stack_lvl+0x241/0x360 [ 391.898014][T17483] ? __pfx_dump_stack_lvl+0x10/0x10 [ 391.903352][T17483] ? __pfx__printk+0x10/0x10 [ 391.907992][T17483] should_fail_ex+0x3b0/0x4e0 [ 391.912725][T17483] should_failslab+0xac/0x100 [ 391.917446][T17483] ? skb_clone+0x20c/0x390 [ 391.922000][T17483] kmem_cache_alloc_noprof+0x70/0x380 [ 391.927515][T17483] skb_clone+0x20c/0x390 [ 391.931884][T17483] ? dev_queue_xmit_nit+0x3fe/0xca0 [ 391.935758][T17341] veth1_vlan: entered promiscuous mode [ 391.937096][T17483] dev_queue_xmit_nit+0x249/0xca0 [ 391.937124][T17483] ? dev_queue_xmit_nit+0x2b/0xca0 [ 391.937142][T17483] ? validate_xmit_skb+0x9b8/0xff0 [ 391.937167][T17483] dev_hard_start_xmit+0x15f/0x7d0 [ 391.963717][T17483] ? __pfx_validate_xmit_skb+0x10/0x10 [ 391.969302][T17483] __dev_queue_xmit+0x1b73/0x3f50 [ 391.974685][T17483] ? netlink_unicast+0x39d/0x990 [ 391.979754][T17483] ? __sys_sendto+0x363/0x4c0 [ 391.984442][T17483] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 391.990520][T17483] ? __dev_queue_xmit+0x2f4/0x3f50 [ 391.995742][T17483] ? __pfx___dev_queue_xmit+0x10/0x10 [ 392.001146][T17483] ? __copy_skb_header+0x437/0x5b0 [ 392.006275][T17483] ? __asan_memcpy+0x40/0x70 [ 392.010877][T17483] ? __copy_skb_header+0x437/0x5b0 [ 392.016089][T17483] ? __skb_clone+0x454/0x6c0 [ 392.020689][T17483] ? skb_clone+0x240/0x390 [ 392.025123][T17483] __netlink_deliver_tap+0x56b/0x7f0 [ 392.030621][T17483] ? netlink_deliver_tap+0x2e/0x1b0 [ 392.036746][T17483] netlink_deliver_tap+0x19d/0x1b0 [ 392.042003][T17483] netlink_sendskb+0x68/0x140 [ 392.047080][T17483] netlink_unicast+0x39d/0x990 [ 392.052138][T17483] ? __pfx_netlink_unicast+0x10/0x10 [ 392.057555][T17483] netlink_rcv_skb+0x262/0x430 [ 392.062474][T17483] ? __pfx_genl_rcv_msg+0x10/0x10 [ 392.067526][T17483] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 392.072950][T17483] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 392.078458][T17483] genl_rcv+0x28/0x40 [ 392.082465][T17483] netlink_unicast+0x7f6/0x990 [ 392.087255][T17483] ? __pfx_netlink_unicast+0x10/0x10 [ 392.092552][T17483] ? __virt_addr_valid+0x45f/0x530 [ 392.097677][T17483] ? __phys_addr_symbol+0x2f/0x70 [ 392.102711][T17483] ? __check_object_size+0x47a/0x730 [ 392.108119][T17483] netlink_sendmsg+0x8e4/0xcb0 [ 392.113003][T17483] ? __pfx_netlink_sendmsg+0x10/0x10 [ 392.118317][T17483] ? aa_sock_msg_perm+0x91/0x160 [ 392.123445][T17483] ? __pfx_netlink_sendmsg+0x10/0x10 [ 392.128734][T17483] __sock_sendmsg+0x221/0x270 [ 392.133514][T17483] __sys_sendto+0x363/0x4c0 [ 392.138113][T17483] ? __pfx___sys_sendto+0x10/0x10 [ 392.143156][T17483] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 392.150043][T17483] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 392.156399][T17483] ? exc_page_fault+0x590/0x8b0 [ 392.161290][T17483] __x64_sys_sendto+0xde/0x100 [ 392.166079][T17483] do_syscall_64+0xf3/0x230 [ 392.170595][T17483] ? clear_bhb_loop+0x35/0x90 [ 392.175275][T17483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.181257][T17483] RIP: 0033:0x7f2b85187bac [ 392.185684][T17483] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b [ 392.205944][T17483] RSP: 002b:00007f2b85effec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 392.214500][T17483] RAX: ffffffffffffffda RBX: 00007f2b85efffc0 RCX: 00007f2b85187bac [ 392.222690][T17483] RDX: 000000000000001c RSI: 00007f2b85f00010 RDI: 0000000000000005 [ 392.230790][T17483] RBP: 0000000000000000 R08: 00007f2b85efff14 R09: 000000000000000c [ 392.238960][T17483] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005 [ 392.246988][T17483] R13: 00007f2b85efff68 R14: 00007f2b85f00010 R15: 0000000000000000 [ 392.255513][T17483] [ 392.300398][T17341] veth0_macvtap: entered promiscuous mode [ 392.339413][T17341] veth1_macvtap: entered promiscuous mode [ 392.366313][T17341] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 392.379613][T17341] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 392.389952][T17341] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 392.406550][T17341] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 392.423296][T17341] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 392.448247][T17341] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 392.469458][T17341] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 392.483831][T17341] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 392.495896][T17492] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 392.533362][T17341] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 392.559847][T17341] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 392.577258][T17341] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 392.586107][T17341] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 392.618191][T17492] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 392.636227][ T9] IPVS: starting estimator thread 0... [ 392.649519][T17495] netlink: 'syz.4.3508': attribute type 39 has an invalid length. [ 392.681501][T17362] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 392.709906][T17492] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 392.727391][T17497] IPVS: using max 25 ests per chain, 60000 per kthread [ 392.856155][T17492] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 392.938355][ T1141] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 392.959004][ T1141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 393.020755][T17492] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.031441][ T5147] Bluetooth: hci3: command tx timeout [ 393.046132][T17503] __nla_validate_parse: 5 callbacks suppressed [ 393.046152][T17503] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3509'. [ 393.062323][T17503] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3509'. [ 393.080522][T17492] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.131366][T17492] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.146652][T17500] netlink: 'syz.2.3509': attribute type 2 has an invalid length. [ 393.155274][T17500] netlink: 'syz.2.3509': attribute type 1 has an invalid length. [ 393.166226][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 393.172694][T17492] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.194463][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 393.226753][T17362] veth0_vlan: entered promiscuous mode [ 393.265266][T17362] veth1_vlan: entered promiscuous mode [ 393.385961][T17362] veth0_macvtap: entered promiscuous mode [ 393.405471][T17362] veth1_macvtap: entered promiscuous mode [ 393.476270][T17362] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 393.488479][T17362] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 393.499465][T17362] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 393.510620][T17362] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 393.520942][T17362] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 393.536423][T17362] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 393.549140][T17362] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 393.560032][T17362] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 393.570664][T17362] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 393.580744][T17362] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 393.592113][T17362] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 393.603159][T17362] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 393.679819][T17362] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.689562][T17362] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.706441][T17362] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.718401][T17362] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.901967][ T3447] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 393.920031][ T3447] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 393.998525][T17530] netdevsim netdevsim3: Direct firmware load for / [ 393.998525][T17530] failed with error -2 [ 394.012651][ T3447] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 394.019321][T17530] netdevsim netdevsim3: Falling back to sysfs fallback for: / [ 394.019321][T17530] [ 394.029785][ T3447] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 394.274343][T17535] veth1_macvtap: left promiscuous mode [ 394.280141][T17535] macsec0: entered promiscuous mode [ 394.285516][T17535] macsec0: entered allmulticast mode [ 394.314741][T17538] veth1_macvtap: entered promiscuous mode [ 394.321847][T17538] veth1_macvtap: entered allmulticast mode [ 394.329403][T17538] macsec0: left promiscuous mode [ 394.335310][T17538] macsec0: left allmulticast mode [ 394.340805][T17538] veth1_macvtap: left allmulticast mode [ 394.444562][T17543] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3522'. [ 394.454653][T17543] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3522'. [ 394.464040][T17543] netlink: 'syz.1.3522': attribute type 25 has an invalid length. [ 394.484289][T17543] pim6reg0: tun_chr_ioctl cmd 1074025694 [ 394.833554][T17550] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3524'. [ 394.852237][T17550] syz_tun: entered promiscuous mode [ 394.932311][T17555] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3525'. [ 394.976612][T17558] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3526'. [ 395.091838][ T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.371697][ T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.495398][ T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.714945][ T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.801814][ T12] bridge_slave_1: left allmulticast mode [ 395.807807][ T12] bridge_slave_1: left promiscuous mode [ 395.813522][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 395.824879][ T12] bridge_slave_0: left allmulticast mode [ 395.832539][ T12] bridge_slave_0: left promiscuous mode [ 395.839385][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 396.162433][T17570] FAULT_INJECTION: forcing a failure. [ 396.162433][T17570] name failslab, interval 1, probability 0, space 0, times 0 [ 396.180735][T17570] CPU: 0 UID: 0 PID: 17570 Comm: syz.4.3530 Not tainted 6.13.0-rc2-syzkaller-00390-g9bc5c9515b48 #0 [ 396.191553][T17570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 396.201649][T17570] Call Trace: [ 396.204960][T17570] [ 396.207933][T17570] dump_stack_lvl+0x241/0x360 [ 396.212793][T17570] ? __pfx_dump_stack_lvl+0x10/0x10 [ 396.218045][T17570] ? __pfx__printk+0x10/0x10 [ 396.222694][T17570] ? skb_copy_bits+0x84/0x870 [ 396.227441][T17570] ? __lock_acquire+0x1397/0x2100 [ 396.232622][T17570] should_fail_ex+0x3b0/0x4e0 [ 396.237357][T17570] should_failslab+0xac/0x100 [ 396.242078][T17570] ? skb_clone+0x20c/0x390 [ 396.246532][T17570] kmem_cache_alloc_noprof+0x70/0x380 [ 396.252061][T17570] skb_clone+0x20c/0x390 [ 396.256455][T17570] macvlan_handle_frame+0x895/0x1450 [ 396.262064][T17570] ? __pfx_macvlan_handle_frame+0x10/0x10 [ 396.267924][T17570] ? __pfx_packet_rcv+0x10/0x10 [ 396.272821][T17570] ? __pfx_macvlan_handle_frame+0x10/0x10 [ 396.278593][T17570] __netif_receive_skb_core+0x14eb/0x4690 [ 396.284356][T17570] ? __pfx_macvlan_handle_frame+0x10/0x10 [ 396.290142][T17570] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 396.296281][T17570] ? mark_lock+0x9a/0x360 [ 396.300660][T17570] ? __pfx___skb_flow_dissect+0x10/0x10 [ 396.306267][T17570] ? __lock_acquire+0x1397/0x2100 [ 396.311368][T17570] __netif_receive_skb+0x12f/0x650 [ 396.316525][T17570] ? __pfx_lock_acquire+0x10/0x10 [ 396.321596][T17570] ? kasan_save_track+0x51/0x80 [ 396.326478][T17570] ? __pfx___netif_receive_skb+0x10/0x10 [ 396.332234][T17570] ? build_skb+0x52/0x2a0 [ 396.336633][T17570] ? tun_get_user+0x2177/0x4890 [ 396.341517][T17570] ? tun_chr_write_iter+0x10d/0x1f0 [ 396.346757][T17570] ? do_syscall_64+0xf3/0x230 [ 396.351656][T17570] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 396.357764][T17570] ? tun_rx_batched+0x160/0x8f0 [ 396.362694][T17570] ? __pfx_lockdep_softirqs_off+0x10/0x10 [ 396.368465][T17570] ? netif_receive_skb+0x131/0x890 [ 396.373687][T17570] ? netif_receive_skb+0x131/0x890 [ 396.378858][T17570] netif_receive_skb+0x1e8/0x890 [ 396.384179][T17570] ? tun_rx_batched+0x160/0x8f0 [ 396.389163][T17570] ? __pfx_netif_receive_skb+0x10/0x10 [ 396.394678][T17570] ? tun_rx_batched+0x160/0x8f0 [ 396.399576][T17570] tun_rx_batched+0x1b7/0x8f0 [ 396.404406][T17570] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 396.410782][T17570] ? __pfx_lock_acquire+0x10/0x10 [ 396.415895][T17570] ? __pfx_tun_rx_batched+0x10/0x10 [ 396.421154][T17570] tun_get_user+0x30d6/0x4890 [ 396.425871][T17570] ? tun_get_user+0x2bbe/0x4890 [ 396.430770][T17570] ? tun_get_user+0x86e/0x4890 [ 396.435661][T17570] ? __lock_acquire+0x1397/0x2100 [ 396.440730][T17570] ? __pfx_tun_get_user+0x10/0x10 [ 396.445895][T17570] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 396.451390][T17570] ? tun_get+0x1e/0x2f0 [ 396.455753][T17570] ? __pfx_lock_release+0x10/0x10 [ 396.460923][T17570] ? tun_get+0x1e/0x2f0 [ 396.465127][T17570] ? tun_get+0x27d/0x2f0 [ 396.469423][T17570] tun_chr_write_iter+0x10d/0x1f0 [ 396.473771][ T5844] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 396.474489][T17570] vfs_write+0xaeb/0xd30 [ 396.485913][T17570] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 396.491678][T17570] ? __pfx_vfs_write+0x10/0x10 [ 396.492888][ T5844] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 396.496468][T17570] ? __fget_files+0x2a/0x410 [ 396.496504][T17570] ? __fget_files+0x2a/0x410 [ 396.512874][T17570] ksys_write+0x18f/0x2b0 [ 396.516013][ T5844] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 396.517223][T17570] ? __pfx_ksys_write+0x10/0x10 [ 396.517250][T17570] ? do_syscall_64+0x100/0x230 [ 396.517280][T17570] ? do_syscall_64+0xb6/0x230 [ 396.517300][T17570] do_syscall_64+0xf3/0x230 [ 396.517318][T17570] ? clear_bhb_loop+0x35/0x90 [ 396.517341][T17570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 396.517360][T17570] RIP: 0033:0x7f5fe69847cf [ 396.535224][ T5844] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 396.538873][T17570] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 396.538899][T17570] RSP: 002b:00007f5fe771b000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 396.538923][T17570] RAX: ffffffffffffffda RBX: 00007f5fe6b75fa0 RCX: 00007f5fe69847cf [ 396.538938][T17570] RDX: 0000000000000010 RSI: 0000000020000000 RDI: 00000000000000c8 [ 396.538951][T17570] RBP: 00007f5fe771b090 R08: 0000000000000000 R09: 0000000000000000 [ 396.538965][T17570] R10: 0000000000000010 R11: 0000000000000293 R12: 0000000000000001 [ 396.538977][T17570] R13: 0000000000000001 R14: 00007f5fe6b75fa0 R15: 00007ffd5725c2d8 [ 396.539004][T17570] [ 396.542718][T17573] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3529'. [ 396.649707][ T5834] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 396.671024][ T5834] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 396.845021][T17580] xt_hashlimit: size too large, truncated to 1048576 [ 396.901406][T17583] xt_hashlimit: max too large, truncated to 1048576 [ 396.939350][T17583] No such timeout policy "syz1" [ 396.955341][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 396.975689][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 396.994711][ T12] bond0 (unregistering): Released all slaves [ 397.112519][T17582] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.246981][T17571] lo speed is unknown, defaulting to 1000 [ 397.339087][T17582] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.465253][T17582] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.583937][T17582] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.613818][T17588] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 397.703354][ T12] hsr_slave_0: left promiscuous mode [ 397.721884][ T12] hsr_slave_1: left promiscuous mode [ 397.788352][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 397.826469][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 397.865767][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 397.897562][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 397.966194][ T12] veth1_macvtap: left promiscuous mode [ 397.975484][ T12] veth0_macvtap: left promiscuous mode [ 397.986257][ T12] veth1_vlan: left promiscuous mode [ 398.000275][T17596] netlink: 'syz.1.3538': attribute type 4 has an invalid length. [ 398.060298][T17595] netlink: 'syz.1.3538': attribute type 4 has an invalid length. [ 398.137490][ T12] veth0_vlan: left promiscuous mode [ 398.788905][ T5834] Bluetooth: hci3: command tx timeout [ 399.053120][ T12] team0 (unregistering): Port device team_slave_1 removed [ 399.112556][ T12] team0 (unregistering): Port device team_slave_0 removed [ 400.076092][ T46] lo speed is unknown, defaulting to 1000 [ 400.165366][ T25] lo speed is unknown, defaulting to 1000 [ 400.242935][T17582] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.315732][T17582] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.342937][T17571] chnl_net:caif_netlink_parms(): no params data found [ 400.379542][T17613] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3540'. [ 400.413930][T17582] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.458310][T17582] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.636550][T17624] lo speed is unknown, defaulting to 1000 [ 400.737674][T17621] tipc: Started in network mode [ 400.742807][T17621] tipc: Node identity 7, cluster identity 9 [ 400.751486][T17621] tipc: Node number set to 7 [ 400.784438][T17621] netlink: 'syz.3.3544': attribute type 2 has an invalid length. [ 400.792907][T17621] netlink: 'syz.3.3544': attribute type 1 has an invalid length. [ 400.824925][T17571] bridge0: port 1(bridge_slave_0) entered blocking state [ 400.838211][T17571] bridge0: port 1(bridge_slave_0) entered disabled state [ 400.856050][T17571] bridge_slave_0: entered allmulticast mode [ 400.866153][T17571] bridge_slave_0: entered promiscuous mode [ 400.872351][ T5147] Bluetooth: hci3: command tx timeout [ 400.901468][T17635] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3544'. [ 400.910868][T17635] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3544'. [ 401.006972][T17571] bridge0: port 2(bridge_slave_1) entered blocking state [ 401.015513][T17571] bridge0: port 2(bridge_slave_1) entered disabled state [ 401.030936][T17571] bridge_slave_1: entered allmulticast mode [ 401.039874][T17571] bridge_slave_1: entered promiscuous mode [ 401.147967][T17646] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3548'. [ 401.180528][T17646] bridge0: port 2(bridge_slave_1) entered disabled state [ 401.188217][T17646] bridge0: port 1(bridge_slave_0) entered disabled state [ 401.233077][T17646] bridge0: entered allmulticast mode [ 401.254825][T17571] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 401.268917][T17571] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 401.324092][T17649] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3550'. [ 401.345317][T17647] bridge0: port 1(vlan2) entered blocking state [ 401.351826][T17647] bridge0: port 1(vlan2) entered disabled state [ 401.358700][T17647] vlan2: entered allmulticast mode [ 401.363845][T17647] veth0: entered allmulticast mode [ 401.386917][T17647] vlan2: entered promiscuous mode [ 401.392738][T17647] veth0: entered promiscuous mode [ 401.465126][T17649] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 401.571096][T17662] xt_hashlimit: size too large, truncated to 1048576 [ 401.597326][ T5147] Bluetooth: hci5: command 0x0406 tx timeout [ 401.623371][T17571] team0: Port device team_slave_0 added [ 401.652725][T17571] team0: Port device team_slave_1 added [ 401.704601][T17667] xt_hashlimit: max too large, truncated to 1048576 [ 401.733607][T17571] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 401.747470][T17571] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 401.793359][T17667] No such timeout policy "syz1" [ 401.831117][T17571] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 401.833467][T17671] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3556'. [ 401.859802][T17571] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 401.877268][T17571] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 401.939370][T17571] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 402.136411][T17675] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.268845][T17571] hsr_slave_0: entered promiscuous mode [ 402.288156][T17571] hsr_slave_1: entered promiscuous mode [ 402.298532][T17571] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 402.306162][T17571] Cannot create hsr debugfs directory [ 402.384108][T17675] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.434964][T17684] bridge0: entered promiscuous mode [ 402.447349][T17686] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 402.554434][T17675] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.602089][T17686] bridge0: left promiscuous mode [ 402.665358][T17675] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 402.958037][ T5834] Bluetooth: hci3: command tx timeout [ 403.008553][T17675] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.084348][T17690] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3560'. [ 403.131497][T17690] bridge0: entered allmulticast mode [ 403.205182][T17675] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.224737][T17693] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3561'. [ 403.242965][T17693] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3561'. [ 403.288679][T17693] netlink: 'syz.1.3561': attribute type 2 has an invalid length. [ 403.329287][T17675] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.339712][T17693] netlink: 'syz.1.3561': attribute type 1 has an invalid length. [ 403.438012][T17675] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.667656][T17696] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3562'. [ 403.676698][T17696] netlink: 'syz.1.3562': attribute type 5 has an invalid length. [ 403.778925][T17571] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 403.829568][T17571] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 403.929968][T17571] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 403.941327][T17571] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 404.205329][T17710] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.228086][T17708] netlink: 'syz.1.3567': attribute type 39 has an invalid length. [ 404.270469][T17571] 8021q: adding VLAN 0 to HW filter on device bond0 [ 404.306834][T17571] 8021q: adding VLAN 0 to HW filter on device team0 [ 404.320557][T17710] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.399280][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 404.406439][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 404.416650][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 404.423884][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 404.457920][T17710] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.583422][T17710] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.629534][T17719] sit0: entered promiscuous mode [ 404.663690][T17719] netlink: 'syz.1.3570': attribute type 1 has an invalid length. [ 404.883348][T17571] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 404.944465][T17571] veth0_vlan: entered promiscuous mode [ 404.958709][T17571] veth1_vlan: entered promiscuous mode [ 405.001527][T17571] veth0_macvtap: entered promiscuous mode [ 405.027696][ T5834] Bluetooth: hci3: command tx timeout [ 405.028248][T17728] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.072231][T17571] veth1_macvtap: entered promiscuous mode [ 405.114286][T17571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 405.133948][T17571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.145447][T17571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 405.164563][T17571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.174709][T17571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 405.185688][T17571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.207551][T17571] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 405.217447][T17728] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.246626][T17571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 405.266277][T17571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.288379][T17571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 405.309902][T17571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 405.328049][T17571] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 405.340212][T17728] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.363802][T17571] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 405.373438][T17571] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 405.382615][T17571] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 405.392381][T17571] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 405.444322][T17728] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.557236][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 405.580250][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 405.606086][T17728] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 405.649706][T17728] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 405.681180][T17728] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 405.705813][T17728] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 405.719677][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 405.735557][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 405.926929][T17738] FAULT_INJECTION: forcing a failure. [ 405.926929][T17738] name failslab, interval 1, probability 0, space 0, times 0 [ 405.939765][T17738] CPU: 0 UID: 0 PID: 17738 Comm: syz.2.3577 Not tainted 6.13.0-rc2-syzkaller-00390-g9bc5c9515b48 #0 [ 405.950576][T17738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 405.960760][T17738] Call Trace: [ 405.964126][T17738] [ 405.967183][T17738] dump_stack_lvl+0x241/0x360 [ 405.971911][T17738] ? __pfx_dump_stack_lvl+0x10/0x10 [ 405.977166][T17738] ? __pfx__printk+0x10/0x10 [ 405.981864][T17738] should_fail_ex+0x3b0/0x4e0 [ 405.986595][T17738] should_failslab+0xac/0x100 [ 405.991414][T17738] ? skb_clone+0x20c/0x390 [ 405.995872][T17738] kmem_cache_alloc_noprof+0x70/0x380 [ 406.001296][T17738] skb_clone+0x20c/0x390 [ 406.005583][T17738] ? dev_queue_xmit_nit+0x3fe/0xca0 [ 406.010912][T17738] dev_queue_xmit_nit+0x249/0xca0 [ 406.015985][T17738] ? dev_queue_xmit_nit+0x2b/0xca0 [ 406.021150][T17738] ? validate_xmit_skb+0x9b8/0xff0 [ 406.026279][T17738] dev_hard_start_xmit+0x15f/0x7d0 [ 406.031505][T17738] ? __pfx_validate_xmit_skb+0x10/0x10 [ 406.036995][T17738] __dev_queue_xmit+0x1b73/0x3f50 [ 406.042071][T17738] ? kasan_save_track+0x51/0x80 [ 406.046941][T17738] ? ____sys_sendmsg+0x52a/0x7e0 [ 406.051910][T17738] ? __dev_queue_xmit+0x2f4/0x3f50 [ 406.057136][T17738] ? __pfx___dev_queue_xmit+0x10/0x10 [ 406.062563][T17738] ? __copy_skb_header+0x437/0x5b0 [ 406.067795][T17738] ? __asan_memcpy+0x40/0x70 [ 406.072430][T17738] ? __copy_skb_header+0x437/0x5b0 [ 406.077590][T17738] ? __skb_clone+0x454/0x6c0 [ 406.082207][T17738] ? skb_clone+0x240/0x390 [ 406.086651][T17738] __netlink_deliver_tap+0x56b/0x7f0 [ 406.092036][T17738] ? netlink_deliver_tap+0x2e/0x1b0 [ 406.097283][T17738] netlink_deliver_tap+0x19d/0x1b0 [ 406.102521][T17738] netlink_unicast+0x7c4/0x990 [ 406.107856][T17738] ? __pfx_netlink_unicast+0x10/0x10 [ 406.113192][T17738] ? __virt_addr_valid+0x45f/0x530 [ 406.118360][T17738] ? __phys_addr_symbol+0x2f/0x70 [ 406.123434][T17738] ? __check_object_size+0x47a/0x730 [ 406.128781][T17738] netlink_sendmsg+0x8e4/0xcb0 [ 406.133606][T17738] ? __pfx_netlink_sendmsg+0x10/0x10 [ 406.139042][T17738] ? aa_sock_msg_perm+0x91/0x160 [ 406.144026][T17738] ? __pfx_netlink_sendmsg+0x10/0x10 [ 406.149513][T17738] __sock_sendmsg+0x221/0x270 [ 406.154310][T17738] ____sys_sendmsg+0x52a/0x7e0 [ 406.159234][T17738] ? __pfx_____sys_sendmsg+0x10/0x10 [ 406.164558][T17738] ? __fget_files+0x2a/0x410 [ 406.169208][T17738] ? __fget_files+0x2a/0x410 [ 406.173839][T17738] __sys_sendmsg+0x269/0x350 [ 406.178460][T17738] ? __pfx_lock_release+0x10/0x10 [ 406.183605][T17738] ? __pfx___sys_sendmsg+0x10/0x10 [ 406.188756][T17738] ? __pfx_vfs_write+0x10/0x10 [ 406.193559][T17738] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 406.200150][T17738] ? do_syscall_64+0x100/0x230 [ 406.204977][T17738] ? do_syscall_64+0xb6/0x230 [ 406.209668][T17738] do_syscall_64+0xf3/0x230 [ 406.214202][T17738] ? clear_bhb_loop+0x35/0x90 [ 406.218914][T17738] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 406.225031][T17738] RIP: 0033:0x7feff6985d19 [ 406.229492][T17738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 406.249147][T17738] RSP: 002b:00007feff7871038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 406.257608][T17738] RAX: ffffffffffffffda RBX: 00007feff6b75fa0 RCX: 00007feff6985d19 [ 406.265621][T17738] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004 [ 406.273608][T17738] RBP: 00007feff7871090 R08: 0000000000000000 R09: 0000000000000000 [ 406.281602][T17738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 406.289598][T17738] R13: 0000000000000000 R14: 00007feff6b75fa0 R15: 00007ffc48abbc78 [ 406.297610][T17738] [ 406.452290][T17745] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.482564][T17748] netlink: 'syz.2.3581': attribute type 10 has an invalid length. [ 406.498562][T17748] batman_adv: batadv0: Adding interface: wlan0 [ 406.504894][T17748] batman_adv: batadv0: The MTU of interface wlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 406.537449][T17748] batman_adv: batadv0: Interface activated: wlan0 [ 406.557765][T17745] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.603634][T17748] netlink: 'syz.2.3581': attribute type 10 has an invalid length. [ 406.622133][T17748] __nla_validate_parse: 6 callbacks suppressed [ 406.622157][T17748] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3581'. [ 406.704767][ T1141] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.765268][T17748] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 406.802060][T17745] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.848878][T17710] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.868483][T17710] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.891278][T17710] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.902596][T17745] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.923804][T17710] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.971586][T17745] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 406.990170][T17745] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 407.005199][T17745] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 407.020255][T17745] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 407.229822][ T1141] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 407.626421][ T1141] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 407.974563][ T1141] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.146281][ T5147] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 408.166061][ T5147] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 408.175714][ T5147] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 408.197279][ T5147] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 408.206334][ T5147] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 408.230955][T17773] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.242000][ T5147] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 408.363871][T17773] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.416897][T17774] lo speed is unknown, defaulting to 1000 [ 408.453654][T17773] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.481244][ T1141] bridge_slave_1: left allmulticast mode [ 408.487852][ T1141] bridge_slave_1: left promiscuous mode [ 408.493813][ T1141] bridge0: port 2(bridge_slave_1) entered disabled state [ 408.508986][ T1141] bridge_slave_0: left allmulticast mode [ 408.519546][ T1141] bridge_slave_0: left promiscuous mode [ 408.530426][T17776] delete_channel: no stack [ 408.536069][ T1141] bridge0: port 1(bridge_slave_0) entered disabled state [ 408.633497][T17793] netlink: 9 bytes leftover after parsing attributes in process `syz.4.3595'. [ 408.729543][T17797] netlink: 'syz.4.3595': attribute type 9 has an invalid length. [ 408.755234][T17797] netlink: 'syz.4.3595': attribute type 7 has an invalid length. [ 408.765072][T17797] netlink: 'syz.4.3595': attribute type 8 has an invalid length. [ 409.152402][ T1141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 409.165717][ T1141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 409.177354][ T1141] bond0 (unregistering): Released all slaves [ 409.200761][T17773] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 409.214785][T17796] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3594'. [ 409.637883][T17808] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3597'. [ 409.741743][T17815] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 409.751089][T17813] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 409.887072][ C0] vcan0: j1939_xtp_rx_dat: no tx connection found [ 409.893754][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 409.901988][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 409.909957][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 409.918052][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 409.926462][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 409.935271][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 409.943254][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 409.951375][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 409.959314][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 409.967398][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 409.975254][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 409.983548][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 409.991733][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 410.000384][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 410.008453][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 410.016384][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 410.024446][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 410.032467][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 410.040456][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 410.048551][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 410.056742][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 410.064881][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 410.073052][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 410.081158][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 410.089304][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 410.097682][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 410.105644][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 410.113691][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 410.121575][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 410.129644][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 410.138074][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 410.146241][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 410.154125][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 410.162207][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 410.170081][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 410.178289][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 410.186233][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 410.194468][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 410.203048][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 410.211269][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 410.219272][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 410.227546][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 410.235405][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 410.243932][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 410.252089][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 410.260088][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 410.267983][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 410.275954][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 410.284464][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 410.292690][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 410.300668][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 410.308649][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 410.316544][ C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 410.337429][ T5147] Bluetooth: hci3: command tx timeout [ 410.375875][T17774] chnl_net:caif_netlink_parms(): no params data found [ 410.452601][ T1141] hsr_slave_0: left promiscuous mode [ 410.470012][ T1141] hsr_slave_1: left promiscuous mode [ 410.476635][ T1141] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 410.487538][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 410.502309][ T1141] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 410.506503][T17826] FAULT_INJECTION: forcing a failure. [ 410.506503][T17826] name failslab, interval 1, probability 0, space 0, times 0 [ 410.511038][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 410.536702][T17826] CPU: 1 UID: 0 PID: 17826 Comm: syz.2.3601 Not tainted 6.13.0-rc2-syzkaller-00390-g9bc5c9515b48 #0 [ 410.547582][T17826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 410.557839][T17826] Call Trace: [ 410.561245][T17826] [ 410.564183][T17826] dump_stack_lvl+0x241/0x360 [ 410.569092][T17826] ? __pfx_dump_stack_lvl+0x10/0x10 [ 410.574677][T17826] ? __pfx__printk+0x10/0x10 [ 410.579538][T17826] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 410.585832][T17826] ? __pfx___might_resched+0x10/0x10 [ 410.591463][T17826] should_fail_ex+0x3b0/0x4e0 [ 410.596248][T17826] should_failslab+0xac/0x100 [ 410.601040][T17826] kmem_cache_alloc_node_noprof+0x77/0x380 [ 410.607146][T17826] ? __alloc_skb+0x1c3/0x440 [ 410.612012][T17826] __alloc_skb+0x1c3/0x440 [ 410.616526][T17826] ? __pfx___alloc_skb+0x10/0x10 [ 410.622075][T17826] ? netlink_ack_tlv_len+0x6e/0x200 [ 410.627749][T17826] netlink_ack+0x145/0xa50 [ 410.632722][T17826] ? __sock_sendmsg+0x221/0x270 [ 410.637586][T17826] ? ____sys_sendmsg+0x52a/0x7e0 [ 410.642644][T17826] netlink_rcv_skb+0x262/0x430 [ 410.647546][T17826] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 410.653118][T17826] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 410.658421][T17826] ? apparmor_capable+0x13b/0x1b0 [ 410.663663][T17826] ? bpf_lsm_capable+0x9/0x10 [ 410.668384][T17826] ? security_capable+0x7e/0x2d0 [ 410.673425][T17826] nfnetlink_rcv+0x297/0x2ab0 [ 410.678500][T17826] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 410.684286][T17826] ? __dev_queue_xmit+0x2f4/0x3f50 [ 410.689574][T17826] ? __dev_queue_xmit+0x1775/0x3f50 [ 410.695161][T17826] ? kasan_save_track+0x51/0x80 [ 410.700237][T17826] ? ____sys_sendmsg+0x52a/0x7e0 [ 410.705216][T17826] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 410.710443][T17826] ? __dev_queue_xmit+0x2f4/0x3f50 [ 410.715691][T17826] ? __pfx___dev_queue_xmit+0x10/0x10 [ 410.721109][T17826] ? ref_tracker_free+0x643/0x7e0 [ 410.726251][T17826] ? __asan_memcpy+0x40/0x70 [ 410.730854][T17826] ? __pfx_ref_tracker_free+0x10/0x10 [ 410.736271][T17826] ? netlink_deliver_tap+0x2e/0x1b0 [ 410.741739][T17826] ? skb_clone+0x240/0x390 [ 410.746646][T17826] ? __pfx_lock_release+0x10/0x10 [ 410.752046][T17826] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 410.757616][T17826] ? netlink_deliver_tap+0x2e/0x1b0 [ 410.762910][T17826] netlink_unicast+0x7f6/0x990 [ 410.767867][T17826] ? __pfx_netlink_unicast+0x10/0x10 [ 410.773333][T17826] ? __virt_addr_valid+0x45f/0x530 [ 410.778735][T17826] ? __phys_addr_symbol+0x2f/0x70 [ 410.783768][T17826] ? __check_object_size+0x47a/0x730 [ 410.789412][T17826] netlink_sendmsg+0x8e4/0xcb0 [ 410.794301][T17826] ? __pfx_netlink_sendmsg+0x10/0x10 [ 410.799774][T17826] ? aa_sock_msg_perm+0x91/0x160 [ 410.804835][T17826] ? __pfx_netlink_sendmsg+0x10/0x10 [ 410.810434][T17826] __sock_sendmsg+0x221/0x270 [ 410.815208][T17826] ____sys_sendmsg+0x52a/0x7e0 [ 410.820182][T17826] ? __pfx_____sys_sendmsg+0x10/0x10 [ 410.825486][T17826] ? __fget_files+0x2a/0x410 [ 410.830206][T17826] ? __fget_files+0x2a/0x410 [ 410.834930][T17826] __sys_sendmsg+0x269/0x350 [ 410.839743][T17826] ? __pfx_lock_release+0x10/0x10 [ 410.844875][T17826] ? __pfx___sys_sendmsg+0x10/0x10 [ 410.850031][T17826] ? __pfx_vfs_write+0x10/0x10 [ 410.854925][T17826] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 410.861357][T17826] ? do_syscall_64+0x100/0x230 [ 410.866130][T17826] ? do_syscall_64+0xb6/0x230 [ 410.870852][T17826] do_syscall_64+0xf3/0x230 [ 410.875387][T17826] ? clear_bhb_loop+0x35/0x90 [ 410.880110][T17826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.886026][T17826] RIP: 0033:0x7feff6985d19 [ 410.890871][T17826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 410.910957][T17826] RSP: 002b:00007feff7871038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 410.919599][T17826] RAX: ffffffffffffffda RBX: 00007feff6b75fa0 RCX: 00007feff6985d19 [ 410.928250][T17826] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004 [ 410.936327][T17826] RBP: 00007feff7871090 R08: 0000000000000000 R09: 0000000000000000 [ 410.944544][T17826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 410.952753][T17826] R13: 0000000000000000 R14: 00007feff6b75fa0 R15: 00007ffc48abbc78 [ 410.961130][T17826] [ 411.046098][ T1141] veth1_macvtap: left promiscuous mode [ 411.087242][ T1141] veth0_macvtap: left promiscuous mode [ 411.093220][ T1141] veth1_vlan: left promiscuous mode [ 411.114269][ T1141] veth0_vlan: left promiscuous mode [ 411.771415][ T1141] team0 (unregistering): Port device team_slave_1 removed [ 411.828599][ T1141] team0 (unregistering): Port device team_slave_0 removed [ 412.387379][ T5147] Bluetooth: hci3: command 0x041b tx timeout [ 412.425492][T17823] bond0: (slave bridge0): Releasing backup interface [ 412.460988][T17824] team0: Mode changed to "loadbalance" [ 412.505032][T17773] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.523797][T17773] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.543084][T17773] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.615162][T17773] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.828980][T17774] bridge0: port 1(bridge_slave_0) entered blocking state [ 412.844951][T17774] bridge0: port 1(bridge_slave_0) entered disabled state [ 412.853133][T17774] bridge_slave_0: entered allmulticast mode [ 412.854294][T17860] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3609'. [ 412.864337][T17774] bridge_slave_0: entered promiscuous mode [ 412.868958][T17860] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3609'. [ 412.882580][T17774] bridge0: port 2(bridge_slave_1) entered blocking state [ 412.901323][T17774] bridge0: port 2(bridge_slave_1) entered disabled state [ 412.917952][T17857] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3605'. [ 412.965734][T17864] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 412.965759][T17774] bridge_slave_1: entered allmulticast mode [ 412.992522][T17774] bridge_slave_1: entered promiscuous mode [ 413.003031][T17851] netlink: 900 bytes leftover after parsing attributes in process `syz.3.3605'. [ 413.149119][T17774] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 413.177917][T17774] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 413.378477][T17883] FAULT_INJECTION: forcing a failure. [ 413.378477][T17883] name failslab, interval 1, probability 0, space 0, times 0 [ 413.388755][T17774] team0: Port device team_slave_0 added [ 413.434418][T17883] CPU: 1 UID: 0 PID: 17883 Comm: syz.2.3615 Not tainted 6.13.0-rc2-syzkaller-00390-g9bc5c9515b48 #0 [ 413.445435][T17883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 413.456029][T17883] Call Trace: [ 413.460344][T17883] [ 413.463367][T17883] dump_stack_lvl+0x241/0x360 [ 413.468297][T17883] ? __pfx_dump_stack_lvl+0x10/0x10 [ 413.473645][T17883] ? __pfx__printk+0x10/0x10 [ 413.478563][T17883] ? ref_tracker_alloc+0x332/0x490 [ 413.483914][T17883] should_fail_ex+0x3b0/0x4e0 [ 413.488765][T17883] should_failslab+0xac/0x100 [ 413.493843][T17883] ? skb_clone+0x20c/0x390 [ 413.498323][T17883] kmem_cache_alloc_noprof+0x70/0x380 [ 413.504456][T17883] skb_clone+0x20c/0x390 [ 413.509021][T17883] __netlink_deliver_tap+0x3cc/0x7f0 [ 413.514825][T17883] ? netlink_deliver_tap+0x2e/0x1b0 [ 413.520355][T17883] netlink_deliver_tap+0x19d/0x1b0 [ 413.525700][T17883] netlink_sendskb+0x68/0x140 [ 413.531330][T17883] netlink_unicast+0x39d/0x990 [ 413.536303][T17883] ? __pfx_netlink_unicast+0x10/0x10 [ 413.542077][T17883] netlink_rcv_skb+0x262/0x430 [ 413.546883][T17883] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 413.552913][T17883] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 413.558436][T17883] ? apparmor_capable+0x13b/0x1b0 [ 413.563711][T17883] ? bpf_lsm_capable+0x9/0x10 [ 413.568439][T17883] ? security_capable+0x7e/0x2d0 [ 413.573598][T17883] nfnetlink_rcv+0x297/0x2ab0 [ 413.578685][T17883] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 413.584648][T17883] ? __dev_queue_xmit+0x2f4/0x3f50 [ 413.589822][T17883] ? __dev_queue_xmit+0x1775/0x3f50 [ 413.595076][T17883] ? kasan_save_track+0x51/0x80 [ 413.600024][T17883] ? ____sys_sendmsg+0x52a/0x7e0 [ 413.605023][T17883] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 413.610268][T17883] ? __dev_queue_xmit+0x2f4/0x3f50 [ 413.615437][T17883] ? __pfx___dev_queue_xmit+0x10/0x10 [ 413.620973][T17883] ? ref_tracker_free+0x643/0x7e0 [ 413.626051][T17883] ? __asan_memcpy+0x40/0x70 [ 413.631059][T17883] ? __pfx_ref_tracker_free+0x10/0x10 [ 413.636503][T17883] ? netlink_deliver_tap+0x2e/0x1b0 [ 413.641746][T17883] ? skb_clone+0x240/0x390 [ 413.646225][T17883] ? __pfx_lock_release+0x10/0x10 [ 413.649892][T17897] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3618'. [ 413.651281][T17883] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 413.651322][T17883] ? netlink_deliver_tap+0x2e/0x1b0 [ 413.651345][T17883] netlink_unicast+0x7f6/0x990 [ 413.651379][T17883] ? __pfx_netlink_unicast+0x10/0x10 [ 413.681243][T17883] ? __virt_addr_valid+0x45f/0x530 [ 413.686391][T17883] ? __phys_addr_symbol+0x2f/0x70 [ 413.691453][T17883] ? __check_object_size+0x47a/0x730 [ 413.696754][T17883] netlink_sendmsg+0x8e4/0xcb0 [ 413.701815][T17883] ? __pfx_netlink_sendmsg+0x10/0x10 [ 413.707131][T17883] ? aa_sock_msg_perm+0x91/0x160 [ 413.712199][T17883] ? __pfx_netlink_sendmsg+0x10/0x10 [ 413.717698][T17883] __sock_sendmsg+0x221/0x270 [ 413.722505][T17883] ____sys_sendmsg+0x52a/0x7e0 [ 413.727318][T17883] ? __pfx_____sys_sendmsg+0x10/0x10 [ 413.732808][T17883] ? __fget_files+0x2a/0x410 [ 413.737542][T17883] ? __fget_files+0x2a/0x410 [ 413.742337][T17883] __sys_sendmsg+0x269/0x350 [ 413.747855][T17883] ? __pfx_lock_release+0x10/0x10 [ 413.753844][T17883] ? __pfx___sys_sendmsg+0x10/0x10 [ 413.760504][T17883] ? __pfx_vfs_write+0x10/0x10 [ 413.765556][T17883] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 413.772807][T17883] ? do_syscall_64+0x100/0x230 [ 413.777619][T17883] ? do_syscall_64+0xb6/0x230 [ 413.782606][T17883] do_syscall_64+0xf3/0x230 [ 413.787335][T17883] ? clear_bhb_loop+0x35/0x90 [ 413.792842][T17883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 413.799228][T17883] RIP: 0033:0x7feff6985d19 [ 413.803743][T17883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 413.824177][T17883] RSP: 002b:00007feff7871038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 413.833843][T17883] RAX: ffffffffffffffda RBX: 00007feff6b75fa0 RCX: 00007feff6985d19 [ 413.842145][T17883] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004 [ 413.850138][T17883] RBP: 00007feff7871090 R08: 0000000000000000 R09: 0000000000000000 [ 413.858832][T17883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 413.867372][T17883] R13: 0000000000000000 R14: 00007feff6b75fa0 R15: 00007ffc48abbc78 [ 413.875633][T17883] [ 413.905473][T17774] team0: Port device team_slave_1 added [ 414.018408][T17901] openvswitch: netlink: Geneve opt len 126 is not a multiple of 4. [ 414.029280][T17903] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3621'. [ 414.052996][T17901] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3619'. [ 414.065970][T17905] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3620'. [ 414.114066][T17901] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3619'. [ 414.129953][T17901] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3619'. [ 414.198218][T17774] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 414.205327][T17774] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 414.252190][T17774] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 414.285401][T17774] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 414.302295][T17774] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 414.379938][T17774] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 414.475492][ T5147] Bluetooth: hci3: command 0x041b tx timeout [ 414.564191][T17923] netlink: 'syz.3.3626': attribute type 3 has an invalid length. [ 414.626979][T17774] hsr_slave_0: entered promiscuous mode [ 414.638046][T17774] hsr_slave_1: entered promiscuous mode [ 414.646938][T17774] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 414.655841][T17774] Cannot create hsr debugfs directory [ 415.214326][T17944] lo speed is unknown, defaulting to 1000 [ 415.679309][T17774] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 415.703534][T17774] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 415.729872][T17774] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 415.758859][T17774] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 415.791113][T17964] netlink: 'syz.4.3637': attribute type 1 has an invalid length. [ 415.962266][T17774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 416.019716][T17774] 8021q: adding VLAN 0 to HW filter on device team0 [ 416.037591][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 416.044924][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 416.079684][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 416.087380][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 416.265788][T17980] netlink: 'syz.1.3640': attribute type 1 has an invalid length. [ 416.291142][T17774] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 416.320541][T17774] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 416.370592][T17980] veth0_vlan: entered allmulticast mode [ 416.547317][ T5147] Bluetooth: hci3: command 0x041b tx timeout [ 416.878327][T18006] lo speed is unknown, defaulting to 1000 [ 417.151222][T17774] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 417.243845][T17774] veth0_vlan: entered promiscuous mode [ 417.306353][T17774] veth1_vlan: entered promiscuous mode [ 417.414975][T17774] veth0_macvtap: entered promiscuous mode [ 417.452032][T17774] veth1_macvtap: entered promiscuous mode [ 417.547486][T17774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 417.595127][T17774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 417.631745][T17774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 417.662494][T17774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 417.678270][T17774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 417.702774][T17774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 417.729483][T17774] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 417.783153][T17774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 417.806265][T17774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 417.830766][T17774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 417.847226][T17774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 417.869465][T17774] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 418.070261][T17774] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 418.079277][T17774] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 418.089046][T17774] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 418.098632][T17774] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 418.185197][T18042] macsec0: entered promiscuous mode [ 418.231358][T18042] veth1_macvtap: left promiscuous mode [ 418.446744][T18045] lo speed is unknown, defaulting to 1000 [ 418.502775][T17774] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0 [ 418.530128][T17774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 418.628453][ T5147] Bluetooth: hci3: command 0x041b tx timeout [ 418.648303][ T3471] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 418.656408][ T3471] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 418.781240][T18056] __nla_validate_parse: 10 callbacks suppressed [ 418.781265][T18056] netlink: 1280 bytes leftover after parsing attributes in process `syz.2.3659'. [ 418.810294][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 418.819432][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 418.838256][T18056] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 418.952235][T18069] macvlan0: entered allmulticast mode [ 418.959551][T18069] veth1_vlan: entered allmulticast mode [ 418.959554][T18056] netlink: 240 bytes leftover after parsing attributes in process `syz.2.3659'. [ 419.006385][T18069] veth1_vlan: left allmulticast mode [ 419.062710][T18069] macvlan0 (unregistering): left allmulticast mode [ 419.233659][T18074] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 419.283858][T18042] syzkaller0: entered promiscuous mode [ 419.290638][T18042] syzkaller0: entered allmulticast mode [ 419.309941][T18042] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3654'. [ 419.318442][T18072] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3663'. [ 419.369294][T18074] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3663'. [ 419.402416][ T1141] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 420.734516][T18085] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3666'. [ 421.062363][ T5834] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 421.084888][ T5834] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 421.105211][ T5834] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 421.130014][ T5834] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 421.148828][ T5834] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 421.161254][ T5834] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 422.328732][ T1141] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.539162][ T1141] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.648341][T18092] lo speed is unknown, defaulting to 1000 [ 422.665567][T18102] netlink: 1280 bytes leftover after parsing attributes in process `syz.3.3673'. [ 422.737909][T18102] openvswitch: netlink: Flow actions attr not present in new flow. [ 422.796346][ T1141] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.013518][T18128] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3677'. [ 423.150825][T18092] chnl_net:caif_netlink_parms(): no params data found [ 423.210008][T18136] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3682'. [ 423.272840][ T5834] Bluetooth: hci3: command tx timeout [ 423.453884][T18151] netlink: 'syz.2.3686': attribute type 21 has an invalid length. [ 423.469699][T18151] IPv6: NLM_F_CREATE should be specified when creating new route [ 423.495868][T18151] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 423.503454][T18151] IPv6: NLM_F_CREATE should be set when creating new route [ 423.510791][T18151] IPv6: NLM_F_CREATE should be set when creating new route [ 423.518272][T18151] IPv6: NLM_F_CREATE should be set when creating new route [ 423.564506][ T1141] bridge_slave_1: left allmulticast mode [ 423.586795][ T1141] bridge_slave_1: left promiscuous mode [ 423.603395][ T1141] bridge0: port 2(bridge_slave_1) entered disabled state [ 423.622338][ T1141] bridge_slave_0: left allmulticast mode [ 423.628159][ T1141] bridge_slave_0: left promiscuous mode [ 423.634633][ T1141] bridge0: port 1(bridge_slave_0) entered disabled state [ 424.113876][ T1141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 424.126086][ T1141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 424.145819][ T1141] bond0 (unregistering): Released all slaves [ 424.155714][T18092] bridge0: port 1(bridge_slave_0) entered blocking state [ 424.163257][T18092] bridge0: port 1(bridge_slave_0) entered disabled state [ 424.171227][T18092] bridge_slave_0: entered allmulticast mode [ 424.180194][T18092] bridge_slave_0: entered promiscuous mode [ 424.188951][T18092] bridge0: port 2(bridge_slave_1) entered blocking state [ 424.196515][T18092] bridge0: port 2(bridge_slave_1) entered disabled state [ 424.204665][T18092] bridge_slave_1: entered allmulticast mode [ 424.213770][T18092] bridge_slave_1: entered promiscuous mode [ 424.309104][T18164] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 424.475942][T18167] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3688'. [ 424.551586][T18164] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 424.580457][T18092] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 424.596931][T18092] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 424.644994][T18177] tipc: Invalid UDP bearer configuration [ 424.645107][T18177] tipc: Enabling of bearer rejected, failed to enable media [ 424.750417][T18164] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 424.777705][T18173] lo speed is unknown, defaulting to 1000 [ 424.832718][T18092] team0: Port device team_slave_0 added [ 424.853412][T18092] team0: Port device team_slave_1 added [ 424.908002][ T1141] hsr_slave_0: left promiscuous mode [ 424.914299][ T1141] hsr_slave_1: left promiscuous mode [ 424.932467][ T1141] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 424.942500][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 424.961567][ T1141] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 424.975221][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 425.020699][ T1141] veth1_macvtap: left promiscuous mode [ 425.028408][ T1141] veth0_macvtap: left promiscuous mode [ 425.034050][ T1141] veth1_vlan: left promiscuous mode [ 425.042502][ T1141] veth0_vlan: left promiscuous mode [ 425.291987][T18189] ip6t_srh: unknown srh match flags 5294 [ 425.349862][ T5834] Bluetooth: hci3: command tx timeout [ 425.686787][ T1141] team0 (unregistering): Port device team_slave_1 removed [ 425.752400][ T1141] team0 (unregistering): Port device team_slave_0 removed [ 426.383291][T18164] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.441235][T18092] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 426.457771][T18092] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 426.484680][T18092] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 426.529491][T18092] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 426.544739][T18092] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 426.572831][T18092] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 426.706941][T18164] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.751374][T18092] hsr_slave_0: entered promiscuous mode [ 426.764341][T18198] can: request_module (can-proto-0) failed. [ 426.775525][T18092] hsr_slave_1: entered promiscuous mode [ 426.784395][T18092] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 426.815722][T18092] Cannot create hsr debugfs directory [ 426.841373][T18164] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.880818][T18164] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.961209][T18164] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 427.079435][T18203] ebtables: ebtables: counters copy to user failed while replacing table [ 427.404159][T18215] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 427.428580][ T5834] Bluetooth: hci3: command tx timeout [ 427.563823][T18215] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 427.599381][T18237] hsr0: entered promiscuous mode [ 427.604895][T18237] macsec1: entered allmulticast mode [ 427.610473][T18237] hsr0: entered allmulticast mode [ 427.615633][T18237] hsr_slave_0: entered allmulticast mode [ 427.622885][T18237] hsr_slave_1: entered allmulticast mode [ 427.649237][T18237] hsr0: left allmulticast mode [ 427.657170][T18237] hsr_slave_0: left allmulticast mode [ 427.671829][T18237] hsr_slave_1: left allmulticast mode [ 427.733823][T18215] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 427.825723][T18215] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 428.066575][T18092] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 428.085862][T18092] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 428.098347][T18092] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 428.110614][T18092] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 428.136623][T18215] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 428.154721][T18215] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 428.170426][T18215] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 428.373980][T18257] ebtables: ebtables: counters copy to user failed while replacing table [ 428.512276][T18215] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 428.537238][T18263] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3714'. [ 428.558599][T18265] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3713'. [ 428.626907][T18092] 8021q: adding VLAN 0 to HW filter on device bond0 [ 428.648863][T18092] 8021q: adding VLAN 0 to HW filter on device team0 [ 428.663453][ T2978] bridge0: port 1(bridge_slave_0) entered blocking state [ 428.670661][ T2978] bridge0: port 1(bridge_slave_0) entered forwarding state [ 428.734050][T18273] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3713'. [ 428.750273][ T1168] bridge0: port 2(bridge_slave_1) entered blocking state [ 428.757661][ T1168] bridge0: port 2(bridge_slave_1) entered forwarding state [ 428.796915][T18274] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3716'. [ 428.821940][T18092] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 428.832978][T18092] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 429.155906][T18092] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 429.217856][T18092] veth0_vlan: entered promiscuous mode [ 429.235193][T18092] veth1_vlan: entered promiscuous mode [ 429.273689][T18092] veth0_macvtap: entered promiscuous mode [ 429.287553][T18092] veth1_macvtap: entered promiscuous mode [ 429.305559][T18092] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 429.319122][T18092] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 429.329872][T18092] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 429.340645][T18092] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 429.350656][T18092] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 429.361772][T18092] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 429.375006][T18092] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 429.386631][T18092] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 429.397397][T18092] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 429.407304][T18092] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 429.418232][T18092] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 429.429577][T18092] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 429.447494][T18092] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.456242][T18092] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.465518][T18092] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.475060][T18092] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.508485][ T5834] Bluetooth: hci3: command tx timeout [ 429.561654][T18092] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0 [ 429.571463][T18092] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 429.597382][ T3471] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 429.605470][ T3471] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 429.651860][T18302] syz.1.3723 uses old SIOCAX25GETINFO [ 429.653031][ T2978] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 429.665523][ T2978] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 429.919949][T18311] pim6reg1: entered promiscuous mode [ 429.925307][T18311] pim6reg1: entered allmulticast mode [ 429.983216][T18307] ebtables: ebtables: counters copy to user failed while replacing table [ 430.243876][T18329] netlink: 172 bytes leftover after parsing attributes in process `syz.4.3729'. [ 430.453946][T18340] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3734'. [ 430.472024][T18340] erspan0: entered promiscuous mode [ 430.482701][T18342] syz.1.3735[18342] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 430.482852][T18342] syz.1.3735[18342] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 430.492906][T18340] batman_adv: batadv0: Adding interface: macvlan4 [ 430.496513][T18342] syz.1.3735[18342] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 430.515770][T18340] batman_adv: batadv0: The MTU of interface macvlan4 is too small (1450) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 430.555748][T18340] batman_adv: batadv0: Interface activated: macvlan4 [ 430.636900][T18347] SET target dimension over the limit! [ 430.655768][T18347] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3736'. [ 430.665830][T18347] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 430.674034][T18347] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 430.683048][T18347] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 430.690945][T18347] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 430.983938][T18351] ebtables: ebtables: counters copy to user failed while replacing table [ 431.233193][T18366] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3742'. [ 431.279938][T18366] tipc: Enabling of bearer rejected, media not registered [ 431.612407][ T1168] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.936624][T18386] lo speed is unknown, defaulting to 1000 [ 433.000897][T18392] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3749'. [ 433.122786][T18397] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3751'. [ 433.147080][ T1168] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.230771][T18388] bond0: option mode: unable to set because the bond device has slaves [ 433.451784][ T1168] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.452090][ T5147] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 433.491761][ T5147] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 433.512044][ T5147] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 433.528348][ T5147] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 433.543806][ T5147] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 433.560769][ T5147] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 433.561584][T18418] gre1: entered promiscuous mode [ 433.635378][T18422] openvswitch: netlink: Duplicate or invalid key (type 0). [ 433.646556][T18422] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 433.660961][T18422] ax25_connect(): syz.4.3755 uses autobind, please contact jreuter@yaina.de [ 433.733143][ T1168] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.763918][T18424] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input8 [ 433.806385][T18421] netlink: 'syz.3.3754': attribute type 2 has an invalid length. [ 433.821481][T18416] lo speed is unknown, defaulting to 1000 [ 433.823173][T18427] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3756'. [ 433.835733][T18421] netlink: 'syz.3.3754': attribute type 2 has an invalid length. [ 433.838878][T18427] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3756'. [ 433.861921][T18421] netlink: 'syz.3.3754': attribute type 2 has an invalid length. [ 433.916239][T18427] netlink: 'syz.1.3756': attribute type 2 has an invalid length. [ 433.924553][T18427] netlink: 'syz.1.3756': attribute type 1 has an invalid length. [ 434.115147][T18443] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3760'. [ 434.220599][T18416] chnl_net:caif_netlink_parms(): no params data found [ 434.258970][ T1168] bridge_slave_1: left allmulticast mode [ 434.264784][ T1168] bridge_slave_1: left promiscuous mode [ 434.273911][ T1168] bridge0: port 2(bridge_slave_1) entered disabled state [ 434.289521][T18450] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3761'. [ 434.299392][ T1168] bridge_slave_0: left allmulticast mode [ 434.305055][ T1168] bridge_slave_0: left promiscuous mode [ 434.317708][ T1168] bridge0: port 1(bridge_slave_0) entered disabled state [ 434.747359][ T1168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 434.760372][ T1168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 434.771482][ T1168] bond0 (unregistering): Released all slaves [ 435.260080][T18416] bridge0: port 1(bridge_slave_0) entered blocking state [ 435.298711][T18416] bridge0: port 1(bridge_slave_0) entered disabled state [ 435.306062][T18416] bridge_slave_0: entered allmulticast mode [ 435.349890][T18416] bridge_slave_0: entered promiscuous mode [ 435.477881][T18416] bridge0: port 2(bridge_slave_1) entered blocking state [ 435.485103][T18416] bridge0: port 2(bridge_slave_1) entered disabled state [ 435.530552][T18416] bridge_slave_1: entered allmulticast mode [ 435.558366][T18416] bridge_slave_1: entered promiscuous mode [ 435.667367][ T5147] Bluetooth: hci3: command tx timeout [ 435.667874][T18491] __nla_validate_parse: 3 callbacks suppressed [ 435.667892][T18491] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3770'. [ 435.735507][ T1168] hsr_slave_0: left promiscuous mode [ 435.754956][ T1168] hsr_slave_1: left promiscuous mode [ 435.780239][ T1168] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 435.797284][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 435.819626][ T1168] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 435.829437][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 435.854344][ T1168] veth1_macvtap: left promiscuous mode [ 435.860622][ T1168] veth0_macvtap: left promiscuous mode [ 435.866205][ T1168] veth1_vlan: left promiscuous mode [ 435.871883][ T1168] veth0_vlan: left promiscuous mode [ 436.451334][ T1168] team0 (unregistering): Port device team_slave_1 removed [ 436.502839][ T1168] team0 (unregistering): Port device team_slave_0 removed [ 437.029256][T18416] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 437.068131][T18416] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 437.289777][T18416] team0: Port device team_slave_0 added [ 437.320804][T18416] team0: Port device team_slave_1 added [ 437.398736][T18416] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 437.415057][T18416] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 437.467973][T18515] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3777'. [ 437.476072][T18416] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 437.528639][T18520] bridge2: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 437.567685][T18416] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 437.574677][T18416] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 437.630240][T18416] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 437.714781][T18416] hsr_slave_0: entered promiscuous mode [ 437.726073][T18416] hsr_slave_1: entered promiscuous mode [ 437.734927][T18416] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 437.744549][T18416] Cannot create hsr debugfs directory [ 437.750707][ T5147] Bluetooth: hci3: command tx timeout [ 437.926030][T18532] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3781'. [ 437.945858][T18530] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3780'. [ 437.961458][T18530] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3780'. [ 437.978298][T18530] netlink: 'syz.3.3780': attribute type 2 has an invalid length. [ 437.986415][T18530] netlink: 'syz.3.3780': attribute type 1 has an invalid length. [ 438.051070][T18534] netlink: 'syz.1.3782': attribute type 2 has an invalid length. [ 438.155655][T18536] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3783'. [ 438.315947][T18546] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3786'. [ 438.433283][T18551] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.484148][T18549] netlink: 'syz.2.3787': attribute type 21 has an invalid length. [ 438.494481][T18549] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3787'. [ 438.534465][T18551] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.574760][T18555] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3790'. [ 438.695589][T18551] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.810388][T18551] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.863800][T18569] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3792'. [ 438.897594][T18416] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 438.931380][T18416] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 438.963149][T18416] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 438.981026][T18416] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 439.007610][T18551] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 439.026652][T18551] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 439.058657][T18551] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 439.110132][T18551] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 439.247637][T18416] 8021q: adding VLAN 0 to HW filter on device bond0 [ 439.269583][T18416] 8021q: adding VLAN 0 to HW filter on device team0 [ 439.282540][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state [ 439.289696][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 439.331079][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state [ 439.338327][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 439.415202][T18579] Bluetooth: MGMT ver 1.23 [ 439.546954][T18587] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 439.760193][T18416] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 439.791196][T18416] veth0_vlan: entered promiscuous mode [ 439.814778][T18416] veth1_vlan: entered promiscuous mode [ 439.828952][ T5147] Bluetooth: hci3: command tx timeout [ 439.919921][T18416] veth0_macvtap: entered promiscuous mode [ 439.979533][T18416] veth1_macvtap: entered promiscuous mode [ 440.028175][T18416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 440.039579][T18416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 440.053161][T18416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 440.072287][T18416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 440.086168][T18416] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 440.117776][T18416] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 440.143281][T18416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 440.156571][T18416] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 440.183007][T18416] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.193824][T18416] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.217239][T18416] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.227717][T18416] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 440.259683][T18625] netlink: 'syz.2.3805': attribute type 4 has an invalid length. [ 440.327585][T18625] netlink: 'syz.2.3805': attribute type 4 has an invalid length. [ 440.413129][T18416] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0 [ 440.423556][T18416] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 440.444760][T18625] netlink: 'syz.2.3805': attribute type 12 has an invalid length. [ 440.474213][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 440.514051][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 440.596578][T18635] netlink: 'syz.1.3808': attribute type 2 has an invalid length. [ 440.601235][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 440.616484][T18635] netlink: 'syz.1.3808': attribute type 1 has an invalid length. [ 440.630763][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 440.728369][T18642] __nla_validate_parse: 9 callbacks suppressed [ 440.728390][T18642] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3811'. [ 440.960010][T18649] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3814'. [ 441.046952][T18651] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3815'. [ 441.189679][T18659] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 441.252800][T18657] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3817'. [ 441.449598][T18665] netlink: 'syz.1.3819': attribute type 10 has an invalid length. [ 441.472122][T18665] netlink: 55 bytes leftover after parsing attributes in process `syz.1.3819'. [ 442.110326][ T62] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.451193][ T62] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.538757][ T62] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.617392][T18681] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3824'. [ 443.690512][ T62] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.754537][T18684] lo speed is unknown, defaulting to 1000 [ 443.819088][T18689] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3827'. [ 443.868601][T18689] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3827'. [ 443.897143][T18689] netlink: 'syz.2.3827': attribute type 6 has an invalid length. [ 444.094960][ T5834] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 444.115735][ T5844] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 444.127360][ T5844] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 444.135529][ T5844] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 444.144773][ T5844] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 444.152510][ T5844] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 444.256957][T18695] lo speed is unknown, defaulting to 1000 [ 444.277209][ T62] bridge_slave_1: left allmulticast mode [ 444.307509][ T62] bridge_slave_1: left promiscuous mode [ 444.313375][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 444.374349][ T62] bridge_slave_0: left allmulticast mode [ 444.389368][ T62] bridge_slave_0: left promiscuous mode [ 444.395153][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 444.881544][T18717] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3833'. [ 444.991326][T18719] ebtables: ebtables: counters copy to user failed while replacing table [ 445.113539][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 445.116668][T18723] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3835'. [ 445.134312][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 445.148959][ T62] bond0 (unregistering): Released all slaves [ 445.181341][T18711] bridge2: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 445.243957][T18723] bridge_slave_1: left allmulticast mode [ 445.260507][T18723] bridge_slave_1: left promiscuous mode [ 445.276675][T18723] bridge0: port 2(bridge_slave_1) entered disabled state [ 445.316326][T18723] bridge_slave_0: left allmulticast mode [ 445.327340][T18723] bridge_slave_0: left promiscuous mode [ 445.336185][T18723] bridge0: port 1(bridge_slave_0) entered disabled state [ 445.363528][T18731] netlink: ct family unspecified [ 445.376847][T18731] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 445.829265][T18749] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3840'. [ 445.896108][T18752] netlink: 176 bytes leftover after parsing attributes in process `syz.4.3842'. [ 445.926328][T18753] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3841'. [ 445.934657][T18752] netlink: 176 bytes leftover after parsing attributes in process `syz.4.3842'. [ 446.082192][ T62] hsr_slave_0: left promiscuous mode [ 446.126956][ T62] hsr_slave_1: left promiscuous mode [ 446.150069][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 446.172331][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 446.198171][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 446.205836][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 446.227950][ T5147] Bluetooth: hci3: command tx timeout [ 446.246410][ T62] veth1_macvtap: left promiscuous mode [ 446.253616][T18768] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3844'. [ 446.277477][ T62] veth0_macvtap: left promiscuous mode [ 446.283310][ T62] veth1_vlan: left promiscuous mode [ 446.302013][ T62] veth0_vlan: left promiscuous mode [ 446.894521][ T62] team0 (unregistering): Port device team_slave_1 removed [ 446.949721][ T62] team0 (unregistering): Port device team_slave_0 removed [ 447.484469][T18752] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 447.567865][T18695] chnl_net:caif_netlink_parms(): no params data found [ 447.871046][T18794] bridge3: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 447.928933][T18695] bridge0: port 1(bridge_slave_0) entered blocking state [ 447.946729][T18695] bridge0: port 1(bridge_slave_0) entered disabled state [ 447.965165][T18695] bridge_slave_0: entered allmulticast mode [ 447.989309][T18695] bridge_slave_0: entered promiscuous mode [ 448.005507][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 448.021714][T18695] bridge0: port 2(bridge_slave_1) entered blocking state [ 448.035310][T18797] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3849'. [ 448.045307][T18797] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3849'. [ 448.054815][T18695] bridge0: port 2(bridge_slave_1) entered disabled state [ 448.071896][T18797] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3849'. [ 448.077349][T18695] bridge_slave_1: entered allmulticast mode [ 448.103903][T18695] bridge_slave_1: entered promiscuous mode [ 448.210903][T18695] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 448.244468][T18695] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 448.313393][ T5147] Bluetooth: hci3: command tx timeout [ 448.451455][T18695] team0: Port device team_slave_0 added [ 448.463139][T18695] team0: Port device team_slave_1 added [ 448.607776][T18695] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 448.624052][T18695] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 448.662078][T18695] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 448.716066][T18695] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 448.748345][T18695] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 448.813880][T18695] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 448.866739][T18817] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3856'. [ 448.918500][T18695] hsr_slave_0: entered promiscuous mode [ 448.937351][T18695] hsr_slave_1: entered promiscuous mode [ 448.958122][T18695] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 448.993977][T18695] Cannot create hsr debugfs directory [ 449.013443][T18823] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3857'. [ 449.190510][T18829] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.295253][T18829] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.358311][T18829] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.421533][T18829] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 449.461574][T18841] bridge4: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 449.549652][T18829] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 449.601791][T18829] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 449.630039][T18829] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 449.639459][T18847] netlink: 'syz.2.3865': attribute type 1 has an invalid length. [ 449.667980][T18829] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 449.726236][T18847] 8021q: adding VLAN 0 to HW filter on device bond1 [ 449.760302][T18851] xt_hashlimit: size too large, truncated to 1048576 [ 449.800822][T18844] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 449.815026][T18844] bond1: (slave batadv1): making interface the new active one [ 449.823120][T18854] xt_hashlimit: max too large, truncated to 1048576 [ 449.852218][T18854] No such timeout policy "syz1" [ 449.861180][T18844] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 449.912889][T18847] bond1: (slave vlan3): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 450.190314][T18695] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 450.249878][T18695] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 450.278219][T18695] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 450.311695][T18695] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 450.388656][ T5147] Bluetooth: hci3: command tx timeout [ 450.574739][T18695] 8021q: adding VLAN 0 to HW filter on device bond0 [ 450.677209][T18875] 8021q: adding VLAN 0 to HW filter on device bond1 [ 450.705238][T18875] bond0: (slave bond1): Enslaving as an active interface with an up link [ 450.784512][T18695] 8021q: adding VLAN 0 to HW filter on device team0 [ 450.824047][ T3471] bridge0: port 1(bridge_slave_0) entered blocking state [ 450.831384][ T3471] bridge0: port 1(bridge_slave_0) entered forwarding state [ 450.879032][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 450.886177][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 451.063811][T18885] lo speed is unknown, defaulting to 1000 [ 451.149518][T18889] __nla_validate_parse: 7 callbacks suppressed [ 451.149538][T18889] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3877'. [ 451.212496][T18889] syz_tun: entered promiscuous mode [ 451.379025][T18893] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3878'. [ 451.532998][T18695] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 451.673236][T18695] veth0_vlan: entered promiscuous mode [ 451.721100][T18695] veth1_vlan: entered promiscuous mode [ 451.756928][T18885] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3876'. [ 451.811746][T18906] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3880'. [ 451.812966][T18695] veth0_macvtap: entered promiscuous mode [ 452.106499][T18695] veth1_macvtap: entered promiscuous mode [ 452.253881][T18695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 452.283317][T18695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 452.311389][T18695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 452.336919][T18913] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3883'. [ 452.343234][T18695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 452.388974][T18695] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 452.422138][T18695] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 452.466604][T18695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 452.476628][ T5147] Bluetooth: hci3: command tx timeout [ 452.494359][T18695] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 452.510335][T18914] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.544268][T18695] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.562456][T18695] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.582026][T18695] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.595774][T18695] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.677595][T18914] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.723273][T18925] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3885'. [ 452.759743][T18914] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.960369][T18914] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.146840][T18695] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0 [ 453.163589][T18935] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3887'. [ 453.182604][T18695] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.248639][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 453.256482][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 453.338697][T18914] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.378851][T18939] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3888'. [ 453.396186][T18939] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3888'. [ 453.573462][T18914] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.635345][T18914] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.702053][T18940] lo speed is unknown, defaulting to 1000 [ 453.710334][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 453.731548][T18914] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.747451][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 454.194426][T18945] xt_hashlimit: size too large, truncated to 1048576 [ 454.719922][T18947] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 454.748426][T18941] sctp: [Deprecated]: syz.1.3888 (pid 18941) Use of struct sctp_assoc_value in delayed_ack socket option. [ 454.748426][T18941] Use struct sctp_sack_info instead [ 454.803941][T18947] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 454.847470][T18947] gretap1: entered promiscuous mode [ 454.852761][T18947] gretap1: entered allmulticast mode [ 454.981882][T18937] siw: device registration error -23 [ 455.098598][ T1168] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.166655][T18962] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3889'. [ 455.435644][ T1168] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.679562][ T1168] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.773065][ T1168] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.923896][ T1168] bridge_slave_1: left allmulticast mode [ 455.933342][ T1168] bridge_slave_1: left promiscuous mode [ 455.944472][ T1168] bridge0: port 2(bridge_slave_1) entered disabled state [ 455.962073][ T1168] bridge_slave_0: left allmulticast mode [ 455.972014][ T1168] bridge_slave_0: left promiscuous mode [ 455.983172][ T1168] bridge0: port 1(bridge_slave_0) entered disabled state [ 456.763171][ T5844] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 456.827526][ T5844] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 456.888131][ T5844] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 456.899703][ T5844] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 456.908046][ T5844] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 456.916119][ T5844] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 457.224792][ T1168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 457.249556][ T1168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 457.272546][ T1168] bond0 (unregistering): Released all slaves [ 457.313927][T18982] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3897'. [ 457.630126][T18971] lo speed is unknown, defaulting to 1000 [ 457.641750][T18986] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3899'. [ 457.903993][ T1168] hsr_slave_0: left promiscuous mode [ 457.993650][ T1168] hsr_slave_1: left promiscuous mode [ 458.192705][ T1168] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 458.200414][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 458.209464][ T5844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 458.219999][ T1168] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 458.220170][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 458.247512][ T5844] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 458.257555][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 458.264975][ T5844] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 458.273388][ T5844] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 458.285070][ T5844] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 458.340214][ T1168] veth1_macvtap: left promiscuous mode [ 458.345801][ T1168] veth0_macvtap: left promiscuous mode [ 458.378230][ T1168] veth1_vlan: left promiscuous mode [ 458.383645][ T1168] veth0_vlan: left promiscuous mode [ 459.045016][ T5147] Bluetooth: hci3: command tx timeout [ 459.119063][ T1168] team0 (unregistering): Port device team_slave_1 removed [ 459.180097][ T1168] team0 (unregistering): Port device team_slave_0 removed [ 459.786362][T19002] netlink: 'syz.4.3904': attribute type 3 has an invalid length. [ 459.806814][T19003] geneve2: entered promiscuous mode [ 459.815515][T19003] geneve2: entered allmulticast mode [ 459.826195][T19005] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3905'. [ 459.874609][T18993] lo speed is unknown, defaulting to 1000 [ 460.056032][T18971] chnl_net:caif_netlink_parms(): no params data found [ 460.236599][T19024] lo speed is unknown, defaulting to 1000 [ 460.253479][T18971] bridge0: port 1(bridge_slave_0) entered blocking state [ 460.261593][T18971] bridge0: port 1(bridge_slave_0) entered disabled state [ 460.269595][T18971] bridge_slave_0: entered allmulticast mode [ 460.277974][T18971] bridge_slave_0: entered promiscuous mode [ 460.294187][T18971] bridge0: port 2(bridge_slave_1) entered blocking state [ 460.334879][T18971] bridge0: port 2(bridge_slave_1) entered disabled state [ 460.371491][T18971] bridge_slave_1: entered allmulticast mode [ 460.387244][T18971] bridge_slave_1: entered promiscuous mode [ 460.397752][ T5147] Bluetooth: hci2: command tx timeout [ 460.427810][T19029] netlink: 'syz.3.3909': attribute type 2 has an invalid length. [ 460.435581][T19029] netlink: 'syz.3.3909': attribute type 1 has an invalid length. [ 460.493581][T19026] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3909'. [ 460.508474][T19026] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3909'. [ 460.582811][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies. [ 460.639713][T18971] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 460.757332][T18971] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 460.782607][T18993] chnl_net:caif_netlink_parms(): no params data found [ 460.846875][T19043] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 460.979648][T18971] team0: Port device team_slave_0 added [ 461.014178][T19049] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3915'. [ 461.033078][T19046] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3914'. [ 461.046481][T19046] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3914'. [ 461.056338][T19046] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3914'. [ 461.066977][T19046] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3914'. [ 461.091938][T18971] team0: Port device team_slave_1 added [ 461.120903][ T5147] Bluetooth: hci3: command tx timeout [ 461.172457][T19049] batadv0: entered promiscuous mode [ 461.208022][T19049] macvtap1: entered promiscuous mode [ 461.224436][T19049] macvtap1: entered allmulticast mode [ 461.231613][T19049] batadv0: entered allmulticast mode [ 461.244159][T19049] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 461.544545][T18971] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 461.552078][T18971] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 461.579726][T18971] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 461.661483][T18971] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 461.671786][T18971] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 461.702431][T18971] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 461.737941][T18993] bridge0: port 1(bridge_slave_0) entered blocking state [ 461.745093][T18993] bridge0: port 1(bridge_slave_0) entered disabled state [ 461.753058][T18993] bridge_slave_0: entered allmulticast mode [ 461.760456][T18993] bridge_slave_0: entered promiscuous mode [ 461.768926][T18993] bridge0: port 2(bridge_slave_1) entered blocking state [ 461.776075][T18993] bridge0: port 2(bridge_slave_1) entered disabled state [ 461.783661][T18993] bridge_slave_1: entered allmulticast mode [ 461.790861][T18993] bridge_slave_1: entered promiscuous mode [ 461.966488][T18993] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 462.072310][T18971] hsr_slave_0: entered promiscuous mode [ 462.096054][T18971] hsr_slave_1: entered promiscuous mode [ 462.111296][T18971] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 462.119167][T18971] Cannot create hsr debugfs directory [ 462.148278][T18993] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 462.264081][T18993] team0: Port device team_slave_0 added [ 462.308351][T19082] netlink: 'syz.4.3921': attribute type 2 has an invalid length. [ 462.338274][T19082] netlink: 'syz.4.3921': attribute type 1 has an invalid length. [ 462.370487][T18993] team0: Port device team_slave_1 added [ 462.479097][ T5147] Bluetooth: hci2: command tx timeout [ 462.627328][T18993] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 462.637224][T18993] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 462.648309][T19091] __nla_validate_parse: 85 callbacks suppressed [ 462.648329][T19091] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3923'. [ 462.679144][T19091] nbd: socks must be embedded in a SOCK_ITEM attr [ 462.731087][T18993] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 462.767824][T18993] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 462.774988][T18993] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 462.802167][T18993] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 462.822016][T19097] netlink: 'syz.2.3926': attribute type 7 has an invalid length. [ 462.837539][T19097] netlink: 80 bytes leftover after parsing attributes in process `syz.2.3926'. [ 462.894392][T19099] syzkaller0: entered allmulticast mode [ 463.061873][T18993] hsr_slave_0: entered promiscuous mode [ 463.070482][T18993] hsr_slave_1: entered promiscuous mode [ 463.093821][T18993] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 463.103275][T19108] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3929'. [ 463.113863][T18993] Cannot create hsr debugfs directory [ 463.187806][ T5147] Bluetooth: hci3: command tx timeout [ 463.231617][T19107] lo speed is unknown, defaulting to 1000 [ 463.301201][T19117] smc: net device wg0 applied user defined pnetid SYZ0 [ 463.512341][T18993] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.156536][T19137] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3937'. [ 464.555515][ T5147] Bluetooth: hci2: command tx timeout [ 465.273625][ T5147] Bluetooth: hci3: command tx timeout [ 466.023275][T18993] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.097614][T18993] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.170507][T18993] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 466.194817][T19144] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3938'. [ 466.223388][T19144] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3938'. [ 466.352709][T19158] netlink: 'syz.3.3941': attribute type 4 has an invalid length. [ 466.362845][T19161] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3942'. [ 466.450191][T19167] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3943'. [ 466.474526][T19165] netlink: 'syz.4.3944': attribute type 1 has an invalid length. [ 466.501665][T19169] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3943'. [ 466.561475][T19165] 8021q: adding VLAN 0 to HW filter on device bond2 [ 466.573860][T18993] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 466.596973][T18993] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 466.627285][ T5147] Bluetooth: hci2: command tx timeout [ 466.656931][T19173] bond2: (slave gretap2): making interface the new active one [ 466.665683][T19175] netlink: 'syz.3.3946': attribute type 6 has an invalid length. [ 466.675071][T19175] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.3946'. [ 466.688755][T19173] bond2: (slave gretap2): Enslaving as an active interface with an up link [ 466.707758][T18993] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 466.762074][T18993] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 466.946593][T19178] netlink: 'syz.2.3947': attribute type 11 has an invalid length. [ 467.062551][T18971] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 467.100866][T18971] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 467.130295][T18971] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 467.160704][T18971] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 467.239635][T18993] 8021q: adding VLAN 0 to HW filter on device bond0 [ 467.321690][T18993] 8021q: adding VLAN 0 to HW filter on device team0 [ 467.382104][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 467.389366][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 467.471911][ T3495] bridge0: port 2(bridge_slave_1) entered blocking state [ 467.479162][ T3495] bridge0: port 2(bridge_slave_1) entered forwarding state [ 467.546730][T19198] ------------[ cut here ]------------ [ 467.553891][T19198] WARNING: CPU: 0 PID: 19198 at net/rxrpc/sendmsg.c:296 rxrpc_send_data+0x2969/0x2b30 [ 467.564352][T19198] Modules linked in: [ 467.568730][T19198] CPU: 0 UID: 0 PID: 19198 Comm: syz.3.3952 Not tainted 6.13.0-rc2-syzkaller-00390-g9bc5c9515b48 #0 [ 467.580605][T19198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 467.590976][T19198] RIP: 0010:rxrpc_send_data+0x2969/0x2b30 [ 467.596749][T19198] Code: 24 48 48 89 de e8 77 33 b3 f6 4c 39 f3 b8 00 fe ff ff 41 bf fc ff ff ff 44 0f 44 f8 45 31 f6 e9 71 fd ff ff e8 78 2e b3 f6 90 <0f> 0b 90 48 8b 7c 24 28 e8 8a f2 0d f7 e9 46 fd ff ff 89 d9 80 e1 [ 467.617248][T19198] RSP: 0018:ffffc90003af7620 EFLAGS: 00010293 [ 467.623367][T19198] RAX: ffffffff8aec2fc8 RBX: ffff8880289f0380 RCX: ffff888031b73c00 [ 467.631578][T19198] RDX: 0000000000000000 RSI: 00000000000000ff RDI: ffff88804af71440 [ 467.640021][T19198] RBP: ffffc90003af78d0 R08: ffff88804af7143f R09: 0000000000000000 [ 467.648422][T19198] R10: ffff88804af71340 R11: ffffed10095ee288 R12: ffff8880289f0348 [ 467.656530][T19198] R13: 1ffff1100513e06f R14: ffff88804af71000 R15: 0000000000000000 [ 467.664801][T19198] FS: 00007fc4dd1d06c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 467.674230][T19198] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 467.681671][T19198] CR2: 00007fc4dd18df98 CR3: 000000006de9a000 CR4: 00000000003526f0 [ 467.689942][T19198] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 467.698059][T19198] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 467.706171][T19198] Call Trace: [ 467.710039][T19198] [ 467.710886][T18993] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 467.712993][T19198] ? __warn+0x165/0x4d0 [ 467.727923][T19198] ? rxrpc_send_data+0x2969/0x2b30 [ 467.733095][T19198] ? report_bug+0x2b3/0x500 [ 467.738207][T19198] ? rxrpc_send_data+0x2969/0x2b30 [ 467.743370][T19198] ? handle_bug+0x60/0x90 [ 467.748127][T19198] ? exc_invalid_op+0x1a/0x50 [ 467.752850][T19198] ? asm_exc_invalid_op+0x1a/0x20 [ 467.758189][T19198] ? rxrpc_send_data+0x2968/0x2b30 [ 467.763375][T19198] ? rxrpc_send_data+0x2969/0x2b30 [ 467.769308][T19198] ? __pfx_rxrpc_send_data+0x10/0x10 [ 467.774827][T19198] ? __local_bh_enable_ip+0x168/0x200 [ 467.780332][T19198] ? lockdep_hardirqs_on+0x99/0x150 [ 467.785586][T19198] ? __local_bh_enable_ip+0x168/0x200 [ 467.791382][T19198] ? __pfx_default_wake_function+0x10/0x10 [ 467.791526][T18971] 8021q: adding VLAN 0 to HW filter on device bond0 [ 467.797698][T19198] rxrpc_do_sendmsg+0x1569/0x1910 [ 467.797743][T19198] ? __pfx_rxrpc_do_sendmsg+0x10/0x10 [ 467.797763][T19198] ? rxrpc_sendmsg+0x127/0x920 [ 467.797786][T19198] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 467.797812][T19198] ? do_raw_spin_unlock+0x13c/0x8b0 [ 467.797842][T19198] ? rxrpc_sendmsg+0x5d8/0x920 [ 467.797870][T19198] ? __pfx_rxrpc_sendmsg+0x10/0x10 [ 467.797891][T19198] __sock_sendmsg+0x221/0x270 [ 467.847203][T19198] ____sys_sendmsg+0x52a/0x7e0 [ 467.852026][T19198] ? __pfx_____sys_sendmsg+0x10/0x10 [ 467.857391][T19198] ? __fget_files+0x2a/0x410 [ 467.862035][T19198] ? __fget_files+0x2a/0x410 [ 467.866675][T19198] __sys_sendmsg+0x269/0x350 [ 467.872161][T19198] ? __pfx___sys_sendmsg+0x10/0x10 [ 467.877541][T19198] ? __local_bh_enable_ip+0x168/0x200 [ 467.883016][T19198] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 467.889483][T19198] ? do_syscall_64+0x100/0x230 [ 467.894300][T19198] ? do_syscall_64+0xb6/0x230 [ 467.899610][T19198] do_syscall_64+0xf3/0x230 [ 467.904174][T19198] ? clear_bhb_loop+0x35/0x90 [ 467.909158][T19198] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 467.914956][T18971] 8021q: adding VLAN 0 to HW filter on device team0 [ 467.915076][T19198] RIP: 0033:0x7fc4dc385d19 [ 467.926160][T19198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 467.946582][T19198] RSP: 002b:00007fc4dd1d0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 467.955125][T19198] RAX: ffffffffffffffda RBX: 00007fc4dc575fa0 RCX: 00007fc4dc385d19 [ 467.963236][T19198] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000006 [ 467.971829][T19198] RBP: 00007fc4dc401a20 R08: 0000000000000000 R09: 0000000000000000 [ 467.975036][ T3495] bridge0: port 1(bridge_slave_0) entered blocking state [ 467.980294][T19198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 467.987175][ T3495] bridge0: port 1(bridge_slave_0) entered forwarding state [ 468.003493][T19198] R13: 0000000000000000 R14: 00007fc4dc575fa0 R15: 00007ffcc0b50f38 [ 468.011613][T19198] [ 468.014680][T19198] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 468.021995][T19198] CPU: 0 UID: 0 PID: 19198 Comm: syz.3.3952 Not tainted 6.13.0-rc2-syzkaller-00390-g9bc5c9515b48 #0 [ 468.032788][T19198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 468.042868][T19198] Call Trace: [ 468.046168][T19198] [ 468.049240][T19198] dump_stack_lvl+0x241/0x360 [ 468.053958][T19198] ? __pfx_dump_stack_lvl+0x10/0x10 [ 468.059200][T19198] ? __pfx__printk+0x10/0x10 [ 468.063827][T19198] ? _printk+0xd5/0x120 [ 468.068021][T19198] ? __init_begin+0x41000/0x41000 [ 468.073088][T19198] ? vscnprintf+0x5d/0x90 [ 468.077478][T19198] panic+0x349/0x880 [ 468.081429][T19198] ? __warn+0x174/0x4d0 [ 468.085707][T19198] ? __pfx_panic+0x10/0x10 [ 468.090200][T19198] __warn+0x344/0x4d0 [ 468.094329][T19198] ? rxrpc_send_data+0x2969/0x2b30 [ 468.099527][T19198] report_bug+0x2b3/0x500 [ 468.103902][T19198] ? rxrpc_send_data+0x2969/0x2b30 [ 468.109053][T19198] handle_bug+0x60/0x90 [ 468.113225][T19198] exc_invalid_op+0x1a/0x50 [ 468.117745][T19198] asm_exc_invalid_op+0x1a/0x20 [ 468.122600][T19198] RIP: 0010:rxrpc_send_data+0x2969/0x2b30 [ 468.128320][T19198] Code: 24 48 48 89 de e8 77 33 b3 f6 4c 39 f3 b8 00 fe ff ff 41 bf fc ff ff ff 44 0f 44 f8 45 31 f6 e9 71 fd ff ff e8 78 2e b3 f6 90 <0f> 0b 90 48 8b 7c 24 28 e8 8a f2 0d f7 e9 46 fd ff ff 89 d9 80 e1 [ 468.147945][T19198] RSP: 0018:ffffc90003af7620 EFLAGS: 00010293 [ 468.154025][T19198] RAX: ffffffff8aec2fc8 RBX: ffff8880289f0380 RCX: ffff888031b73c00 [ 468.162002][T19198] RDX: 0000000000000000 RSI: 00000000000000ff RDI: ffff88804af71440 [ 468.169975][T19198] RBP: ffffc90003af78d0 R08: ffff88804af7143f R09: 0000000000000000 [ 468.177951][T19198] R10: ffff88804af71340 R11: ffffed10095ee288 R12: ffff8880289f0348 [ 468.185928][T19198] R13: 1ffff1100513e06f R14: ffff88804af71000 R15: 0000000000000000 [ 468.194085][T19198] ? rxrpc_send_data+0x2968/0x2b30 [ 468.199338][T19198] ? __pfx_rxrpc_send_data+0x10/0x10 [ 468.204685][T19198] ? __local_bh_enable_ip+0x168/0x200 [ 468.210174][T19198] ? lockdep_hardirqs_on+0x99/0x150 [ 468.215501][T19198] ? __local_bh_enable_ip+0x168/0x200 [ 468.221205][T19198] ? __pfx_default_wake_function+0x10/0x10 [ 468.227061][T19198] rxrpc_do_sendmsg+0x1569/0x1910 [ 468.232123][T19198] ? __pfx_rxrpc_do_sendmsg+0x10/0x10 [ 468.237502][T19198] ? rxrpc_sendmsg+0x127/0x920 [ 468.242266][T19198] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 468.247991][T19198] ? do_raw_spin_unlock+0x13c/0x8b0 [ 468.253191][T19198] ? rxrpc_sendmsg+0x5d8/0x920 [ 468.258165][T19198] ? __pfx_rxrpc_sendmsg+0x10/0x10 [ 468.263304][T19198] __sock_sendmsg+0x221/0x270 [ 468.267999][T19198] ____sys_sendmsg+0x52a/0x7e0 [ 468.272771][T19198] ? __pfx_____sys_sendmsg+0x10/0x10 [ 468.278053][T19198] ? __fget_files+0x2a/0x410 [ 468.282651][T19198] ? __fget_files+0x2a/0x410 [ 468.287252][T19198] __sys_sendmsg+0x269/0x350 [ 468.291873][T19198] ? __pfx___sys_sendmsg+0x10/0x10 [ 468.297072][T19198] ? __local_bh_enable_ip+0x168/0x200 [ 468.302602][T19198] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 468.309035][T19198] ? do_syscall_64+0x100/0x230 [ 468.313911][T19198] ? do_syscall_64+0xb6/0x230 [ 468.318605][T19198] do_syscall_64+0xf3/0x230 [ 468.323197][T19198] ? clear_bhb_loop+0x35/0x90 [ 468.327876][T19198] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.333771][T19198] RIP: 0033:0x7fc4dc385d19 [ 468.338186][T19198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 468.357905][T19198] RSP: 002b:00007fc4dd1d0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 468.366530][T19198] RAX: ffffffffffffffda RBX: 00007fc4dc575fa0 RCX: 00007fc4dc385d19 [ 468.374531][T19198] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000006 [ 468.382704][T19198] RBP: 00007fc4dc401a20 R08: 0000000000000000 R09: 0000000000000000 [ 468.390729][T19198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 468.398711][T19198] R13: 0000000000000000 R14: 00007fc4dc575fa0 R15: 00007ffcc0b50f38 [ 468.406695][T19198] [ 468.410082][T19198] Kernel Offset: disabled [ 468.414512][T19198] Rebooting in 86400 seconds..