last executing test programs: 1m32.023088083s ago: executing program 3 (id=3653): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f00000001c0)={0x0, 0x6}, 0x8) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000001340)="d8000000100081044e81f782db44b904021d080006000000e8fe55a1180015000600142603600e120a000d0000000401a80016000a003a40f8ff070000000000004dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025cc049e00360db70100000040fad95667e006dcdf63951f215ce29bf1d809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)) r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000780), r2) r4 = accept4(r0, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x0, @hyper}, &(0x7f0000000140)=0x80, 0x80000) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000340)={'syztnl0\x00', &(0x7f0000000240)={'tunl0\x00', 0x0, 0x8000, 0x7, 0xdd, 0x2, {{0x35, 0x4, 0x0, 0x14, 0xd4, 0x68, 0x0, 0x9e, 0x29, 0x0, @broadcast, @multicast2, {[@timestamp={0x44, 0x28, 0xd7, 0x0, 0x4, [0x3, 0x1, 0xfffffff7, 0x55, 0x3, 0x9, 0x1, 0x5, 0x0]}, @lsrr={0x83, 0xb, 0x5c, [@dev={0xac, 0x14, 0x14, 0x1b}, @private=0xa010102]}, @cipso={0x86, 0x12, 0x1, [{0x2, 0xc, "a5d5e1d2c233617c4af0"}]}, @end, @ssrr={0x89, 0x1f, 0xb, [@dev={0xac, 0x14, 0x14, 0x3d}, @multicast2, @private=0xa010102, @rand_addr=0x64010102, @loopback, @loopback, @multicast2]}, @cipso={0x86, 0x59, 0x3, [{0x6, 0x9, "e478323b43be3b"}, {0x1, 0x8, "b00efc9a38de"}, {0x0, 0x3, "05"}, {0x6, 0x4, 'U5'}, {0x0, 0x2}, {0x0, 0x4, '\f6'}, {0x6, 0x12, "ddda87af76890685027a3eb19cd61517"}, {0x5, 0x10, "64034e50c8f6df6c4d5379ffa686"}, {0x7, 0x11, "56ad3215f2f2491ad1c2387a8d85ec"}, {0x2, 0x2}]}]}}}}}) sendmsg$nl_route(r4, &(0x7f0000000480)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)=@ipv4_deladdr={0x84, 0x15, 0x400, 0x70bd29, 0x25dfdbfd, {0x2, 0x0, 0x2c, 0xff, r5}, [@IFA_TARGET_NETNSID={0x8, 0xa, 0x2}, @IFA_FLAGS={0x8, 0x8, 0x220}, @IFA_LOCAL={0x8, 0x2, @multicast1}, @IFA_LOCAL={0x8, 0x2, @rand_addr=0x64010101}, @IFA_LOCAL={0x8, 0x2, @private=0xa010102}, @IFA_LABEL={0x14}, @IFA_LABEL={0x14, 0x3, 'macvtap0\x00'}, @IFA_LABEL={0x14, 0x3, 'syzkaller0\x00'}, @IFA_FLAGS={0x8, 0x8, 0x400}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000001}, 0x20004010) sendmsg$NLBL_MGMT_C_ADD(r2, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000c80)={0x24, r3, 0x1, 0x400000, 0x0, {}, [@NLBL_MGMT_A_DOMAIN={0x6, 0x1, '[\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x24}}, 0x0) syz_emit_ethernet(0x7c, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaaaa86dd6092c01f00462f00fc02000000000000000000000032f91b0900000000000000a39c9ed6f129e46a77554e41231e8f2b16260ae52421880b00000000000000000021000086dd080088befffffffe100000000100000000000000080022eb00000000200000000200000000000000"], 0x0) r6 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_MOD(r6, 0x3, r0, &(0x7f0000000080)={0x10006004}) 1m19.530143374s ago: executing program 3 (id=3653): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f00000001c0)={0x0, 0x6}, 0x8) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000001340)="d8000000100081044e81f782db44b904021d080006000000e8fe55a1180015000600142603600e120a000d0000000401a80016000a003a40f8ff070000000000004dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025cc049e00360db70100000040fad95667e006dcdf63951f215ce29bf1d809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)) r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000780), r2) r4 = accept4(r0, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x0, @hyper}, &(0x7f0000000140)=0x80, 0x80000) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000340)={'syztnl0\x00', &(0x7f0000000240)={'tunl0\x00', 0x0, 0x8000, 0x7, 0xdd, 0x2, {{0x35, 0x4, 0x0, 0x14, 0xd4, 0x68, 0x0, 0x9e, 0x29, 0x0, @broadcast, @multicast2, {[@timestamp={0x44, 0x28, 0xd7, 0x0, 0x4, [0x3, 0x1, 0xfffffff7, 0x55, 0x3, 0x9, 0x1, 0x5, 0x0]}, @lsrr={0x83, 0xb, 0x5c, [@dev={0xac, 0x14, 0x14, 0x1b}, @private=0xa010102]}, @cipso={0x86, 0x12, 0x1, [{0x2, 0xc, "a5d5e1d2c233617c4af0"}]}, @end, @ssrr={0x89, 0x1f, 0xb, [@dev={0xac, 0x14, 0x14, 0x3d}, @multicast2, @private=0xa010102, @rand_addr=0x64010102, @loopback, @loopback, @multicast2]}, @cipso={0x86, 0x59, 0x3, [{0x6, 0x9, "e478323b43be3b"}, {0x1, 0x8, "b00efc9a38de"}, {0x0, 0x3, "05"}, {0x6, 0x4, 'U5'}, {0x0, 0x2}, {0x0, 0x4, '\f6'}, {0x6, 0x12, "ddda87af76890685027a3eb19cd61517"}, {0x5, 0x10, "64034e50c8f6df6c4d5379ffa686"}, {0x7, 0x11, "56ad3215f2f2491ad1c2387a8d85ec"}, {0x2, 0x2}]}]}}}}}) sendmsg$nl_route(r4, &(0x7f0000000480)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)=@ipv4_deladdr={0x84, 0x15, 0x400, 0x70bd29, 0x25dfdbfd, {0x2, 0x0, 0x2c, 0xff, r5}, [@IFA_TARGET_NETNSID={0x8, 0xa, 0x2}, @IFA_FLAGS={0x8, 0x8, 0x220}, @IFA_LOCAL={0x8, 0x2, @multicast1}, @IFA_LOCAL={0x8, 0x2, @rand_addr=0x64010101}, @IFA_LOCAL={0x8, 0x2, @private=0xa010102}, @IFA_LABEL={0x14}, @IFA_LABEL={0x14, 0x3, 'macvtap0\x00'}, @IFA_LABEL={0x14, 0x3, 'syzkaller0\x00'}, @IFA_FLAGS={0x8, 0x8, 0x400}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000001}, 0x20004010) sendmsg$NLBL_MGMT_C_ADD(r2, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000c80)={0x24, r3, 0x1, 0x400000, 0x0, {}, [@NLBL_MGMT_A_DOMAIN={0x6, 0x1, '[\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x24}}, 0x0) syz_emit_ethernet(0x7c, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaaaa86dd6092c01f00462f00fc02000000000000000000000032f91b0900000000000000a39c9ed6f129e46a77554e41231e8f2b16260ae52421880b00000000000000000021000086dd080088befffffffe100000000100000000000000080022eb00000000200000000200000000000000"], 0x0) r6 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_MOD(r6, 0x3, r0, &(0x7f0000000080)={0x10006004}) 1m7.612334127s ago: executing program 3 (id=3653): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f00000001c0)={0x0, 0x6}, 0x8) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000001340)="d8000000100081044e81f782db44b904021d080006000000e8fe55a1180015000600142603600e120a000d0000000401a80016000a003a40f8ff070000000000004dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025cc049e00360db70100000040fad95667e006dcdf63951f215ce29bf1d809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)) r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000780), r2) r4 = accept4(r0, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x0, @hyper}, &(0x7f0000000140)=0x80, 0x80000) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000340)={'syztnl0\x00', &(0x7f0000000240)={'tunl0\x00', 0x0, 0x8000, 0x7, 0xdd, 0x2, {{0x35, 0x4, 0x0, 0x14, 0xd4, 0x68, 0x0, 0x9e, 0x29, 0x0, @broadcast, @multicast2, {[@timestamp={0x44, 0x28, 0xd7, 0x0, 0x4, [0x3, 0x1, 0xfffffff7, 0x55, 0x3, 0x9, 0x1, 0x5, 0x0]}, @lsrr={0x83, 0xb, 0x5c, [@dev={0xac, 0x14, 0x14, 0x1b}, @private=0xa010102]}, @cipso={0x86, 0x12, 0x1, [{0x2, 0xc, "a5d5e1d2c233617c4af0"}]}, @end, @ssrr={0x89, 0x1f, 0xb, [@dev={0xac, 0x14, 0x14, 0x3d}, @multicast2, @private=0xa010102, @rand_addr=0x64010102, @loopback, @loopback, @multicast2]}, @cipso={0x86, 0x59, 0x3, [{0x6, 0x9, "e478323b43be3b"}, {0x1, 0x8, "b00efc9a38de"}, {0x0, 0x3, "05"}, {0x6, 0x4, 'U5'}, {0x0, 0x2}, {0x0, 0x4, '\f6'}, {0x6, 0x12, "ddda87af76890685027a3eb19cd61517"}, {0x5, 0x10, "64034e50c8f6df6c4d5379ffa686"}, {0x7, 0x11, "56ad3215f2f2491ad1c2387a8d85ec"}, {0x2, 0x2}]}]}}}}}) sendmsg$nl_route(r4, &(0x7f0000000480)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)=@ipv4_deladdr={0x84, 0x15, 0x400, 0x70bd29, 0x25dfdbfd, {0x2, 0x0, 0x2c, 0xff, r5}, [@IFA_TARGET_NETNSID={0x8, 0xa, 0x2}, @IFA_FLAGS={0x8, 0x8, 0x220}, @IFA_LOCAL={0x8, 0x2, @multicast1}, @IFA_LOCAL={0x8, 0x2, @rand_addr=0x64010101}, @IFA_LOCAL={0x8, 0x2, @private=0xa010102}, @IFA_LABEL={0x14}, @IFA_LABEL={0x14, 0x3, 'macvtap0\x00'}, @IFA_LABEL={0x14, 0x3, 'syzkaller0\x00'}, @IFA_FLAGS={0x8, 0x8, 0x400}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000001}, 0x20004010) sendmsg$NLBL_MGMT_C_ADD(r2, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000c80)={0x24, r3, 0x1, 0x400000, 0x0, {}, [@NLBL_MGMT_A_DOMAIN={0x6, 0x1, '[\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x24}}, 0x0) syz_emit_ethernet(0x7c, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaaaa86dd6092c01f00462f00fc02000000000000000000000032f91b0900000000000000a39c9ed6f129e46a77554e41231e8f2b16260ae52421880b00000000000000000021000086dd080088befffffffe100000000100000000000000080022eb00000000200000000200000000000000"], 0x0) r6 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_MOD(r6, 0x3, r0, &(0x7f0000000080)={0x10006004}) 1m6.865568651s ago: executing program 0 (id=3917): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$rxrpc(0x21, 0x2, 0xa) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r1, 0x110, 0x4, &(0x7f0000000200)=0x2, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1d, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x92}}]}, &(0x7f0000000180)='syzkaller\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1m6.147492214s ago: executing program 0 (id=3923): socket$inet6(0xa, 0x6, 0x8) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x6, &(0x7f0000000000), 0x4) getsockopt$inet6_opts(r0, 0x29, 0x37, 0x0, &(0x7f0000000040)) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r1, &(0x7f0000000300)={0x1f, 0x0, @any, 0x4}, 0xe) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000280)={0x3, 0x101, 0xfffd, 0x4}, 0xc) listen(r1, 0x7) socket(0x9, 0x4, 0x3) 54.179302919s ago: executing program 3 (id=3653): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f00000001c0)={0x0, 0x6}, 0x8) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000001340)="d8000000100081044e81f782db44b904021d080006000000e8fe55a1180015000600142603600e120a000d0000000401a80016000a003a40f8ff070000000000004dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025cc049e00360db70100000040fad95667e006dcdf63951f215ce29bf1d809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)) r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000780), r2) r4 = accept4(r0, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x0, @hyper}, &(0x7f0000000140)=0x80, 0x80000) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000340)={'syztnl0\x00', &(0x7f0000000240)={'tunl0\x00', 0x0, 0x8000, 0x7, 0xdd, 0x2, {{0x35, 0x4, 0x0, 0x14, 0xd4, 0x68, 0x0, 0x9e, 0x29, 0x0, @broadcast, @multicast2, {[@timestamp={0x44, 0x28, 0xd7, 0x0, 0x4, [0x3, 0x1, 0xfffffff7, 0x55, 0x3, 0x9, 0x1, 0x5, 0x0]}, @lsrr={0x83, 0xb, 0x5c, [@dev={0xac, 0x14, 0x14, 0x1b}, @private=0xa010102]}, @cipso={0x86, 0x12, 0x1, [{0x2, 0xc, "a5d5e1d2c233617c4af0"}]}, @end, @ssrr={0x89, 0x1f, 0xb, [@dev={0xac, 0x14, 0x14, 0x3d}, @multicast2, @private=0xa010102, @rand_addr=0x64010102, @loopback, @loopback, @multicast2]}, @cipso={0x86, 0x59, 0x3, [{0x6, 0x9, "e478323b43be3b"}, {0x1, 0x8, "b00efc9a38de"}, {0x0, 0x3, "05"}, {0x6, 0x4, 'U5'}, {0x0, 0x2}, {0x0, 0x4, '\f6'}, {0x6, 0x12, "ddda87af76890685027a3eb19cd61517"}, {0x5, 0x10, "64034e50c8f6df6c4d5379ffa686"}, {0x7, 0x11, "56ad3215f2f2491ad1c2387a8d85ec"}, {0x2, 0x2}]}]}}}}}) sendmsg$nl_route(r4, &(0x7f0000000480)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)=@ipv4_deladdr={0x84, 0x15, 0x400, 0x70bd29, 0x25dfdbfd, {0x2, 0x0, 0x2c, 0xff, r5}, [@IFA_TARGET_NETNSID={0x8, 0xa, 0x2}, @IFA_FLAGS={0x8, 0x8, 0x220}, @IFA_LOCAL={0x8, 0x2, @multicast1}, @IFA_LOCAL={0x8, 0x2, @rand_addr=0x64010101}, @IFA_LOCAL={0x8, 0x2, @private=0xa010102}, @IFA_LABEL={0x14}, @IFA_LABEL={0x14, 0x3, 'macvtap0\x00'}, @IFA_LABEL={0x14, 0x3, 'syzkaller0\x00'}, @IFA_FLAGS={0x8, 0x8, 0x400}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000001}, 0x20004010) sendmsg$NLBL_MGMT_C_ADD(r2, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000c80)={0x24, r3, 0x1, 0x400000, 0x0, {}, [@NLBL_MGMT_A_DOMAIN={0x6, 0x1, '[\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x24}}, 0x0) syz_emit_ethernet(0x7c, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaaaa86dd6092c01f00462f00fc02000000000000000000000032f91b0900000000000000a39c9ed6f129e46a77554e41231e8f2b16260ae52421880b00000000000000000021000086dd080088befffffffe100000000100000000000000080022eb00000000200000000200000000000000"], 0x0) r6 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_MOD(r6, 0x3, r0, &(0x7f0000000080)={0x10006004}) 53.421836399s ago: executing program 0 (id=3923): socket$inet6(0xa, 0x6, 0x8) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x6, &(0x7f0000000000), 0x4) getsockopt$inet6_opts(r0, 0x29, 0x37, 0x0, &(0x7f0000000040)) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r1, &(0x7f0000000300)={0x1f, 0x0, @any, 0x4}, 0xe) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000280)={0x3, 0x101, 0xfffd, 0x4}, 0xc) listen(r1, 0x7) socket(0x9, 0x4, 0x3) 48.756026667s ago: executing program 2 (id=4057): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="020000"], 0x10) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{0x1, 0xffffffffffffffff}, &(0x7f0000000300), &(0x7f00000003c0)=r1}, 0x20) r5 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x3c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x1}]}}]}, 0x3c}}, 0xc0) r7 = openat$cgroup_ro(r1, &(0x7f00000004c0)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x5, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000780)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000640), &(0x7f0000000680)='%pK \x00'}, 0x20) r10 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000007c0)={0xffffffffffffffff, 0x4, 0x18}, 0xc) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x8, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r11}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r12 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@base={0x14, 0x4, 0x9, 0x5, 0x8, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x2, 0x0, @void, @value, @void, @value}, 0x50) r13 = bpf$ITER_CREATE(0x21, &(0x7f0000000880), 0x8) r14 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000fc0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x3, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001100)={0x11, 0x30, &(0x7f0000000e40)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffff}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @ldst={0x2, 0x0, 0x4, 0xb, 0x4, 0xfffffffffffffff0}, @call={0x85, 0x0, 0x0, 0x4e}, @alu={0x7, 0x1, 0x0, 0x2, 0x5, 0xfffffffffffffff0, 0x10}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x8001}, @ringbuf_output={{}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000440)='syzkaller\x00', 0x1ff, 0x0, 0x0, 0x40f00, 0x2, '\x00', r6, 0x0, r7, 0x8, &(0x7f0000000500)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000000580)={0x3, 0x7, 0x0, 0x200}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000001040)=[r8, r9, r10, r11, r12, r13, r14], &(0x7f0000001080)=[{0x4, 0x5, 0x8, 0x8}, {0x0, 0x3, 0xf, 0x7}, {0x0, 0x5, 0xe, 0x3}, {0x4, 0x4, 0x6, 0x4}, {0x2, 0x2, 0x1, 0x5}, {0x1, 0x3, 0x9, 0x8}, {0x0, 0x3, 0x10, 0x6}], 0x10, 0x8000, @void, @value}, 0x94) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r15 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) write$cgroup_subtree(r2, &(0x7f00000001c0)={[{0x2b, 'cpu'}]}, 0x5) r16 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r15) sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r15, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r16, @ANYBLOB="21082cbd7000ffdbdf2d2e0000000c0005000202aaaaaaaaaaaa05002b001700000005002e00050000000a0001007770616e30"], 0x3c}, 0x1, 0x0, 0x0, 0x41}, 0x404c044) openat$cgroup(r14, &(0x7f0000000280)='syz1\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@fallback=r0, 0x2, 0x0, 0x0, &(0x7f0000001200), 0x3, 0x0, &(0x7f0000001200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0}, 0x22) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r0, 0x2000012, 0x100e, 0x2, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x13, &(0x7f0000000180)=0x400, 0x4) 48.440338848s ago: executing program 2 (id=4060): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000d80)=@security={'security\x00', 0x44, 0x4, 0x2a0, 0xffffffff, 0x2a0, 0x1d0, 0x1d0, 0xffffffff, 0xffffffff, 0x3a8, 0x3a8, 0x3a8, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x203, 0xa8, 0x1d0, 0x8502}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:initctl_t:s0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x11}}, @common=@unspec=@NFQUEUE2={0x28}}, {{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@loopback, [], 0x0, 0x0, 0x4e23}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d8) 48.127433003s ago: executing program 2 (id=4061): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(r0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee1, 0x8031, 0xffffffffffffffff, 0x0) socket(0x14, 0x1, 0x10c45a) 35.483563936s ago: executing program 3 (id=3653): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f00000001c0)={0x0, 0x6}, 0x8) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000001340)="d8000000100081044e81f782db44b904021d080006000000e8fe55a1180015000600142603600e120a000d0000000401a80016000a003a40f8ff070000000000004dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025cc049e00360db70100000040fad95667e006dcdf63951f215ce29bf1d809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)) r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000780), r2) r4 = accept4(r0, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x0, @hyper}, &(0x7f0000000140)=0x80, 0x80000) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000340)={'syztnl0\x00', &(0x7f0000000240)={'tunl0\x00', 0x0, 0x8000, 0x7, 0xdd, 0x2, {{0x35, 0x4, 0x0, 0x14, 0xd4, 0x68, 0x0, 0x9e, 0x29, 0x0, @broadcast, @multicast2, {[@timestamp={0x44, 0x28, 0xd7, 0x0, 0x4, [0x3, 0x1, 0xfffffff7, 0x55, 0x3, 0x9, 0x1, 0x5, 0x0]}, @lsrr={0x83, 0xb, 0x5c, [@dev={0xac, 0x14, 0x14, 0x1b}, @private=0xa010102]}, @cipso={0x86, 0x12, 0x1, [{0x2, 0xc, "a5d5e1d2c233617c4af0"}]}, @end, @ssrr={0x89, 0x1f, 0xb, [@dev={0xac, 0x14, 0x14, 0x3d}, @multicast2, @private=0xa010102, @rand_addr=0x64010102, @loopback, @loopback, @multicast2]}, @cipso={0x86, 0x59, 0x3, [{0x6, 0x9, "e478323b43be3b"}, {0x1, 0x8, "b00efc9a38de"}, {0x0, 0x3, "05"}, {0x6, 0x4, 'U5'}, {0x0, 0x2}, {0x0, 0x4, '\f6'}, {0x6, 0x12, "ddda87af76890685027a3eb19cd61517"}, {0x5, 0x10, "64034e50c8f6df6c4d5379ffa686"}, {0x7, 0x11, "56ad3215f2f2491ad1c2387a8d85ec"}, {0x2, 0x2}]}]}}}}}) sendmsg$nl_route(r4, &(0x7f0000000480)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)=@ipv4_deladdr={0x84, 0x15, 0x400, 0x70bd29, 0x25dfdbfd, {0x2, 0x0, 0x2c, 0xff, r5}, [@IFA_TARGET_NETNSID={0x8, 0xa, 0x2}, @IFA_FLAGS={0x8, 0x8, 0x220}, @IFA_LOCAL={0x8, 0x2, @multicast1}, @IFA_LOCAL={0x8, 0x2, @rand_addr=0x64010101}, @IFA_LOCAL={0x8, 0x2, @private=0xa010102}, @IFA_LABEL={0x14}, @IFA_LABEL={0x14, 0x3, 'macvtap0\x00'}, @IFA_LABEL={0x14, 0x3, 'syzkaller0\x00'}, @IFA_FLAGS={0x8, 0x8, 0x400}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000001}, 0x20004010) sendmsg$NLBL_MGMT_C_ADD(r2, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000c80)={0x24, r3, 0x1, 0x400000, 0x0, {}, [@NLBL_MGMT_A_DOMAIN={0x6, 0x1, '[\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x24}}, 0x0) syz_emit_ethernet(0x7c, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaaaa86dd6092c01f00462f00fc02000000000000000000000032f91b0900000000000000a39c9ed6f129e46a77554e41231e8f2b16260ae52421880b00000000000000000021000086dd080088befffffffe100000000100000000000000080022eb00000000200000000200000000000000"], 0x0) r6 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_MOD(r6, 0x3, r0, &(0x7f0000000080)={0x10006004}) 34.904668406s ago: executing program 0 (id=3923): socket$inet6(0xa, 0x6, 0x8) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x6, &(0x7f0000000000), 0x4) getsockopt$inet6_opts(r0, 0x29, 0x37, 0x0, &(0x7f0000000040)) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r1, &(0x7f0000000300)={0x1f, 0x0, @any, 0x4}, 0xe) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000280)={0x3, 0x101, 0xfffd, 0x4}, 0xc) listen(r1, 0x7) socket(0x9, 0x4, 0x3) 34.481389814s ago: executing program 2 (id=4061): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(r0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee1, 0x8031, 0xffffffffffffffff, 0x0) socket(0x14, 0x1, 0x10c45a) 18.416248703s ago: executing program 0 (id=3923): socket$inet6(0xa, 0x6, 0x8) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x6, &(0x7f0000000000), 0x4) getsockopt$inet6_opts(r0, 0x29, 0x37, 0x0, &(0x7f0000000040)) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r1, &(0x7f0000000300)={0x1f, 0x0, @any, 0x4}, 0xe) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000280)={0x3, 0x101, 0xfffd, 0x4}, 0xc) listen(r1, 0x7) socket(0x9, 0x4, 0x3) 17.652496968s ago: executing program 2 (id=4061): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(r0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee1, 0x8031, 0xffffffffffffffff, 0x0) socket(0x14, 0x1, 0x10c45a) 17.408484404s ago: executing program 3 (id=3653): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f00000001c0)={0x0, 0x6}, 0x8) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000001340)="d8000000100081044e81f782db44b904021d080006000000e8fe55a1180015000600142603600e120a000d0000000401a80016000a003a40f8ff070000000000004dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025cc049e00360db70100000040fad95667e006dcdf63951f215ce29bf1d809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0)) r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000780), r2) r4 = accept4(r0, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x0, @hyper}, &(0x7f0000000140)=0x80, 0x80000) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000340)={'syztnl0\x00', &(0x7f0000000240)={'tunl0\x00', 0x0, 0x8000, 0x7, 0xdd, 0x2, {{0x35, 0x4, 0x0, 0x14, 0xd4, 0x68, 0x0, 0x9e, 0x29, 0x0, @broadcast, @multicast2, {[@timestamp={0x44, 0x28, 0xd7, 0x0, 0x4, [0x3, 0x1, 0xfffffff7, 0x55, 0x3, 0x9, 0x1, 0x5, 0x0]}, @lsrr={0x83, 0xb, 0x5c, [@dev={0xac, 0x14, 0x14, 0x1b}, @private=0xa010102]}, @cipso={0x86, 0x12, 0x1, [{0x2, 0xc, "a5d5e1d2c233617c4af0"}]}, @end, @ssrr={0x89, 0x1f, 0xb, [@dev={0xac, 0x14, 0x14, 0x3d}, @multicast2, @private=0xa010102, @rand_addr=0x64010102, @loopback, @loopback, @multicast2]}, @cipso={0x86, 0x59, 0x3, [{0x6, 0x9, "e478323b43be3b"}, {0x1, 0x8, "b00efc9a38de"}, {0x0, 0x3, "05"}, {0x6, 0x4, 'U5'}, {0x0, 0x2}, {0x0, 0x4, '\f6'}, {0x6, 0x12, "ddda87af76890685027a3eb19cd61517"}, {0x5, 0x10, "64034e50c8f6df6c4d5379ffa686"}, {0x7, 0x11, "56ad3215f2f2491ad1c2387a8d85ec"}, {0x2, 0x2}]}]}}}}}) sendmsg$nl_route(r4, &(0x7f0000000480)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)=@ipv4_deladdr={0x84, 0x15, 0x400, 0x70bd29, 0x25dfdbfd, {0x2, 0x0, 0x2c, 0xff, r5}, [@IFA_TARGET_NETNSID={0x8, 0xa, 0x2}, @IFA_FLAGS={0x8, 0x8, 0x220}, @IFA_LOCAL={0x8, 0x2, @multicast1}, @IFA_LOCAL={0x8, 0x2, @rand_addr=0x64010101}, @IFA_LOCAL={0x8, 0x2, @private=0xa010102}, @IFA_LABEL={0x14}, @IFA_LABEL={0x14, 0x3, 'macvtap0\x00'}, @IFA_LABEL={0x14, 0x3, 'syzkaller0\x00'}, @IFA_FLAGS={0x8, 0x8, 0x400}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000001}, 0x20004010) sendmsg$NLBL_MGMT_C_ADD(r2, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000c80)={0x24, r3, 0x1, 0x400000, 0x0, {}, [@NLBL_MGMT_A_DOMAIN={0x6, 0x1, '[\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x24}}, 0x0) syz_emit_ethernet(0x7c, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaabbaaaaaaaaaaaa86dd6092c01f00462f00fc02000000000000000000000032f91b0900000000000000a39c9ed6f129e46a77554e41231e8f2b16260ae52421880b00000000000000000021000086dd080088befffffffe100000000100000000000000080022eb00000000200000000200000000000000"], 0x0) r6 = epoll_create(0x6) epoll_ctl$EPOLL_CTL_MOD(r6, 0x3, r0, &(0x7f0000000080)={0x10006004}) 2.561293569s ago: executing program 4 (id=4310): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x4) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000540), r1) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000900), r0) sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000940)={0x30, r2, 0x60a7277b8798d353, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @local}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008801}, 0x20001000) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000001e40), r0) (fail_nth: 11) 2.260501989s ago: executing program 4 (id=4311): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f00000000c0), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000001c0)={'vcan0\x00', 0x0}) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x20}, 0xc) bind$inet6(r5, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r5, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r6) ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r6, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, r7, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r8}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x8}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x9}]}, 0x34}, 0x1, 0x0, 0x0, 0x40111}, 0x20000004) sendmmsg$sock(r5, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000080)="d769b1", 0x34000}], 0x1}}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000280)="a6", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000001540)=[{&(0x7f00000019c0)="a4e26125e4", 0x5}], 0x1}}], 0x3, 0x40448c0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0) ioctl$FIDEDUPERANGE(r3, 0xc0189436, &(0x7f0000001f80)={0x9, 0x7, 0x4, 0x0, 0x0, [{{}, 0x6}, {{r3}, 0xc5a}, {{}, 0x1}, {{r3}, 0x7}]}) sendmsg$can_bcm(r1, &(0x7f00000002c0)={&(0x7f0000000100)={0x1d, r2}, 0x10, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="01000000030000000500000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000008001000000010000557b"], 0x48}, 0x1, 0x0, 0x0, 0x20040000}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="3000000010000100dfffffffffffffff00000000", @ANYRES32=0x0, @ANYBLOB="0000000021000400080004000006000008001b"], 0x30}}, 0x4000) 1.508635941s ago: executing program 1 (id=4315): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="30000000100001080000fffffffffffffffe0000", @ANYRES32=0x0, @ANYBLOB="000000000000000008000400699b000008001b"], 0x30}}, 0x0) 1.352255691s ago: executing program 1 (id=4316): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@updpolicy={0x23c, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@empty, 0x0, 0x3, 0x0, 0x0, 0xa, 0x0, 0x0, 0x5e}, {0x0, 0x800, 0x0, 0x7, 0x0, 0x0, 0x3, 0x7}, {0x0, 0x0, 0x3}}, [@tmpl={0x184, 0x5, [{{@in=@remote, 0x0, 0x6c}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x8}, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x1}, {{@in6=@private2, 0x0, 0x32}, 0x0, @in6=@remote, 0x3502}, {{@in6=@loopback, 0x0, 0x3c}, 0x2, @in=@remote, 0x0, 0x1, 0x3, 0x0, 0x60}, {{@in6=@mcast2, 0x4d3, 0x3c}, 0x2, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {{@in=@empty, 0x0, 0x32}, 0x2, @in=@dev, 0xffffffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x2b}, 0x2, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x4}]}]}, 0x23c}}, 0x0) 1.299042177s ago: executing program 1 (id=4317): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) nanosleep(&(0x7f00000000c0)={0x77359400}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000006b113e00000000008510000002000000850000000500000095003300000000009500250500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb8000000, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@bloom_filter={0x1e, 0x0, 0xca, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x1d, 0xf, &(0x7f0000000000)=@ringbuf={{0x18, 0x2}, {{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0x2}, {}, {0x85, 0x0, 0x0, 0x9c}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0xd, 0x4, 0x4, 0x9, 0x150, r2, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0xf, &(0x7f0000000e80)=ANY=[@ANYBLOB="180000000100000000000000fdffffff18110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000008bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 1.203206827s ago: executing program 4 (id=4318): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x4008, 0x3, 0x2a0, 0x128, 0x32, 0x148, 0x128, 0x148, 0x200, 0x240, 0x240, 0x200, 0x240, 0x7fffffe, 0x0, {[{{@uncond, 0x0, 0xc8, 0x130, 0x0, {}, [@common=@ttl={{}, {0x2, 0x80}}, @common=@icmp={{0x28}, {0x0, 'nd'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}, {{@ip={@local, @private=0xa010100, 0x0, 0xff, 'gretap0\x00', 'veth0_vlan\x00', {}, {0xff}, 0x5c, 0x1}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0xfffffffffffffc98) socket$pppl2tp(0x18, 0x1, 0x1) 1.11184861s ago: executing program 1 (id=4319): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x84}, 0x44080) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xd0f, 0x70bd26, 0x25dfdbfd, {0x60, 0x0, 0x0, r1, {0x0, 0xa}, {0x2, 0xa}}}, 0x24}}, 0x800) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f00000001c0)={'ip6_vti0\x00', &(0x7f0000000140)={'ip6tnl0\x00', 0x0, 0x29, 0x8, 0xd8, 0x6, 0x27, @empty, @empty, 0x40, 0x700, 0x80000001, 0x1000}}) syz_emit_ethernet(0x3a, &(0x7f0000000180)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @empty}, {0x0, 0x0, 0x18, 0x0, @wg=@data}}}}}, 0x0) 1.03800483s ago: executing program 4 (id=4320): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'veth0_to_bond\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="2000000011000101000000000000000000004000", @ANYRES32=r2], 0x20}}, 0x4004010) 901.80752ms ago: executing program 2 (id=4061): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(r0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee1, 0x8031, 0xffffffffffffffff, 0x0) socket(0x14, 0x1, 0x10c45a) 157.149937ms ago: executing program 1 (id=4321): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x4) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000540), r1) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000900), r0) sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000940)={0x30, r2, 0x60a7277b8798d353, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @local}]}, 0x30}, 0x1, 0x0, 0x0, 0x4008801}, 0x20001000) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000001e40), r0) (fail_nth: 12) 156.049271ms ago: executing program 4 (id=4322): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@bloom_filter={0x1e, 0x2, 0x3, 0xd, 0x40, r0, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x2, 0x4, 0x7, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0xa, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x36a, 0x0, 0x0, 0x0, 0x2a}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x1309, 0x0, 0x0, 0x0, 0x2}, @generic={0x4, 0x6, 0x1, 0x2}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}]}, &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x1000, &(0x7f0000000fc0)=""/4096, 0x40f00, 0x8, '\x00', r1, 0x0, r2, 0x8, &(0x7f0000000140)={0x5, 0x2}, 0x8, 0x10, &(0x7f0000000180)={0x5, 0x5, 0xd8, 0x8a}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000240)=[r0, r0, r0, r0, r0, r3, r0], &(0x7f0000000300)=[{0x5, 0x1, 0xe, 0x6}], 0x10, 0x4, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000f00)={0x1f, 0xf, &(0x7f0000000680)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x25}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 199.268µs ago: executing program 1 (id=4323): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x2, 0xfffffffe, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x3, 0xffe0}, {0x0, 0x7}, {0x14, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x44}, 0x40004) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$TOKEN_CREATE(0x24, &(0x7f0000000100)={0x0, r0}, 0x8) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x0, 0x3, 0x2, 0x0, 0x4102, 0x1, 0x10000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)={0x20, r3, 0x1, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x4014001}, 0x9590f6cc3ea35512) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x4000000) 50.921µs ago: executing program 0 (id=3923): socket$inet6(0xa, 0x6, 0x8) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x6, &(0x7f0000000000), 0x4) getsockopt$inet6_opts(r0, 0x29, 0x37, 0x0, &(0x7f0000000040)) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r1, &(0x7f0000000300)={0x1f, 0x0, @any, 0x4}, 0xe) setsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000280)={0x3, 0x101, 0xfffd, 0x4}, 0xc) listen(r1, 0x7) socket(0x9, 0x4, 0x3) 0s ago: executing program 4 (id=4324): getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@dev, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffe}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) ioctl$FS_IOC_GETFSLABEL(r0, 0x400452c8, &(0x7f0000000100)) getsockopt$sock_buf(r0, 0x1, 0x1c, &(0x7f0000000000)=""/44, &(0x7f0000000040)=0x2c) kernel console output (not intermixed with test programs): Google Compute Engine, BIOS Google 05/07/2025 [ 393.559345][T18770] Call Trace: [ 393.559352][T18770] [ 393.559360][T18770] dump_stack_lvl+0x189/0x250 [ 393.559388][T18770] ? __pfx____ratelimit+0x10/0x10 [ 393.559412][T18770] ? __pfx_dump_stack_lvl+0x10/0x10 [ 393.559435][T18770] ? __pfx__printk+0x10/0x10 [ 393.559459][T18770] ? __pfx___might_resched+0x10/0x10 [ 393.559481][T18770] ? fs_reclaim_acquire+0x7d/0x100 [ 393.559505][T18770] should_fail_ex+0x414/0x560 [ 393.559529][T18770] should_failslab+0xa8/0x100 [ 393.559550][T18770] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 393.559568][T18770] ? __alloc_skb+0x112/0x2d0 [ 393.559590][T18770] __alloc_skb+0x112/0x2d0 [ 393.559613][T18770] netlink_ack+0x146/0xa50 [ 393.559631][T18770] ? __up_read+0x280/0x680 [ 393.559650][T18770] ? __pfx___up_read+0x10/0x10 [ 393.559678][T18770] rdma_nl_rcv+0x3c8/0x980 [ 393.559709][T18770] ? __pfx_rdma_nl_rcv+0x10/0x10 [ 393.559728][T18770] ? __lock_acquire+0xab9/0xd20 [ 393.559768][T18770] ? netlink_deliver_tap+0x2e/0x1b0 [ 393.559787][T18770] ? netlink_deliver_tap+0x2e/0x1b0 [ 393.559810][T18770] netlink_unicast+0x758/0x8d0 [ 393.559839][T18770] netlink_sendmsg+0x805/0xb30 [ 393.559868][T18770] ? __pfx_netlink_sendmsg+0x10/0x10 [ 393.559891][T18770] ? aa_sock_msg_perm+0x94/0x160 [ 393.559913][T18770] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 393.559933][T18770] ? __pfx_netlink_sendmsg+0x10/0x10 [ 393.559952][T18770] __sock_sendmsg+0x219/0x270 [ 393.559977][T18770] ____sys_sendmsg+0x505/0x830 [ 393.560004][T18770] ? __pfx_____sys_sendmsg+0x10/0x10 [ 393.560034][T18770] ? import_iovec+0x74/0xa0 [ 393.560054][T18770] ___sys_sendmsg+0x21f/0x2a0 [ 393.560077][T18770] ? __pfx____sys_sendmsg+0x10/0x10 [ 393.560132][T18770] ? __fget_files+0x2a/0x420 [ 393.560150][T18770] ? __fget_files+0x3a0/0x420 [ 393.560178][T18770] __x64_sys_sendmsg+0x19b/0x260 [ 393.560201][T18770] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 393.560236][T18770] ? __pfx_ksys_write+0x10/0x10 [ 393.560249][T18770] ? rcu_is_watching+0x15/0xb0 [ 393.560278][T18770] ? do_syscall_64+0xbe/0x3b0 [ 393.560297][T18770] do_syscall_64+0xfa/0x3b0 [ 393.560312][T18770] ? lockdep_hardirqs_on+0x9c/0x150 [ 393.560332][T18770] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.560349][T18770] ? clear_bhb_loop+0x60/0xb0 [ 393.560369][T18770] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.560385][T18770] RIP: 0033:0x7f9770f8e929 [ 393.560401][T18770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 393.560414][T18770] RSP: 002b:00007f9771dba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 393.560433][T18770] RAX: ffffffffffffffda RBX: 00007f97711b5fa0 RCX: 00007f9770f8e929 [ 393.560445][T18770] RDX: 0000000000000080 RSI: 0000200000013c00 RDI: 0000000000000003 [ 393.560455][T18770] RBP: 00007f9771dba090 R08: 0000000000000000 R09: 0000000000000000 [ 393.560466][T18770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 393.560475][T18770] R13: 0000000000000000 R14: 00007f97711b5fa0 R15: 00007ffe7606d028 [ 393.560502][T18770] [ 393.950553][T18778] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0) [ 393.966327][T18778] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647 [ 394.004838][T18782] netlink: 'syz.1.3857': attribute type 1 has an invalid length. [ 394.055912][T18522] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 394.072479][T18522] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 394.096481][T18522] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 394.134851][T18522] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 394.261754][T18522] 8021q: adding VLAN 0 to HW filter on device bond0 [ 394.331685][T18522] 8021q: adding VLAN 0 to HW filter on device team0 [ 394.374134][T10905] bridge0: port 1(bridge_slave_0) entered blocking state [ 394.376604][T18800] sctp: [Deprecated]: syz.0.3861 (pid 18800) Use of int in maxseg socket option. [ 394.376604][T18800] Use struct sctp_assoc_value instead [ 394.381428][T10905] bridge0: port 1(bridge_slave_0) entered forwarding state [ 394.452641][T10921] bridge0: port 2(bridge_slave_1) entered blocking state [ 394.459829][T10921] bridge0: port 2(bridge_slave_1) entered forwarding state [ 394.682211][T18818] SET target dimension over the limit! [ 394.931654][T18831] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3870'. [ 394.998645][ T5842] Bluetooth: hci1: command tx timeout [ 395.073526][T18841] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3872'. [ 395.188423][T18522] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 395.314617][T18522] veth0_vlan: entered promiscuous mode [ 395.371853][T18522] veth1_vlan: entered promiscuous mode [ 395.435919][T18522] veth0_macvtap: entered promiscuous mode [ 395.454681][T18522] veth1_macvtap: entered promiscuous mode [ 395.506031][T18522] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 395.533073][T18522] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 395.568265][T18853] netlink: 11 bytes leftover after parsing attributes in process `syz.0.3876'. [ 395.609142][T18522] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.633200][T18522] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.667700][T18522] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.676466][T18522] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.897079][T18868] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0 [ 395.987703][T10918] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 396.019184][T10918] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 396.097183][T18876] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3885'. [ 396.110184][T18876] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3885'. [ 396.132912][ T3009] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 396.179974][ T3009] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 396.302574][T18888] xt_TCPMSS: Only works on TCP SYN packets [ 396.513478][T18896] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.3891'. [ 396.520144][T18901] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.3891'. [ 396.534344][T18900] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3892'. [ 396.628844][T18900] No such timeout policy "syz0" [ 396.656139][T18900] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3892'. [ 397.613548][T18960] xt_policy: output policy not valid in PREROUTING and INPUT [ 397.787871][ T30] audit: type=1800 audit(1750620072.830:7): pid=18965 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3911" name="memory.events" dev="tmpfs" ino=1265 res=0 errno=0 [ 397.956608][ T3009] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 398.040043][T18971] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 398.050943][T18971] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 398.060987][T18971] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 398.243929][T18983] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0 [ 398.430562][ T3009] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 398.620887][T19005] SET target dimension over the limit! [ 398.912002][ T5847] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 398.925363][ T5847] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 398.934394][ T5847] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 398.943708][ T5847] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 398.952227][ T5847] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 399.032085][T19016] __nla_validate_parse: 1 callbacks suppressed [ 399.032106][T19016] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.3922'. [ 399.060282][T19016] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 399.094917][ T3009] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.142540][T19015] netlink: 'syz.1.3922': attribute type 4 has an invalid length. [ 399.254785][ T3009] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.608402][ T3009] bridge_slave_1: left allmulticast mode [ 399.618120][ T3009] bridge_slave_1: left promiscuous mode [ 399.661622][ T3009] bridge0: port 2(bridge_slave_1) entered disabled state [ 399.689288][T19036] netlink: 'syz.4.3926': attribute type 2 has an invalid length. [ 399.737259][ T3009] bridge_slave_0: left allmulticast mode [ 399.765580][ T3009] bridge_slave_0: left promiscuous mode [ 399.792583][ T3009] bridge0: port 1(bridge_slave_0) entered disabled state [ 400.134966][T19050] netlink: 'syz.2.3931': attribute type 1 has an invalid length. [ 400.161067][T19050] netlink: 'syz.2.3931': attribute type 2 has an invalid length. [ 400.175994][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 400.186611][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 400.195295][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 400.204109][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 400.212281][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 400.524863][ T3009] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 400.536474][ T3009] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 400.547183][ T3009] bond0 (unregistering): Released all slaves [ 400.562650][T19036] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3926'. [ 400.582067][T19013] chnl_net:caif_netlink_parms(): no params data found [ 400.999537][ T5842] Bluetooth: hci0: command tx timeout [ 401.243941][T19085] netlink: 'syz.2.3938': attribute type 6 has an invalid length. [ 401.275474][T19013] bridge0: port 1(bridge_slave_0) entered blocking state [ 401.297835][T19013] bridge0: port 1(bridge_slave_0) entered disabled state [ 401.305356][T19013] bridge_slave_0: entered allmulticast mode [ 401.316006][T19013] bridge_slave_0: entered promiscuous mode [ 401.348614][T19013] bridge0: port 2(bridge_slave_1) entered blocking state [ 401.355875][T19013] bridge0: port 2(bridge_slave_1) entered disabled state [ 401.380991][T19013] bridge_slave_1: entered allmulticast mode [ 401.395166][T19013] bridge_slave_1: entered promiscuous mode [ 401.419667][ T3009] hsr_slave_0: left promiscuous mode [ 401.426036][ T3009] hsr_slave_1: left promiscuous mode [ 401.436122][ T3009] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 401.451038][ T3009] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 401.461719][ T3009] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 401.469368][ T3009] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 401.518095][ T3009] veth1_macvtap: left promiscuous mode [ 401.524062][ T3009] veth0_macvtap: left promiscuous mode [ 401.533426][ T3009] veth1_vlan: left promiscuous mode [ 401.543239][ T3009] veth0_vlan: left promiscuous mode [ 402.280525][ T5842] Bluetooth: hci1: command tx timeout [ 402.426897][ T3009] team0 (unregistering): Port device team_slave_1 removed [ 402.482873][ T3009] team0 (unregistering): Port device team_slave_0 removed [ 403.015469][T19101] tipc: Enabling of bearer rejected, media not registered [ 403.077635][ T5842] Bluetooth: hci0: command tx timeout [ 403.112109][T19013] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 403.156801][T19103] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 403.264462][T19013] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 403.348774][T19118] netlink: 256 bytes leftover after parsing attributes in process `syz.2.3948'. [ 403.521368][T19013] team0: Port device team_slave_0 added [ 403.566760][T19013] team0: Port device team_slave_1 added [ 403.702558][T19132] netlink: 'syz.2.3953': attribute type 10 has an invalid length. [ 403.739842][T19013] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 403.765237][T19013] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 403.794764][T19013] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 403.798952][T19138] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3954'. [ 403.842473][T19132] mac80211_hwsim hwsim29 wlan1: entered promiscuous mode [ 403.858633][T19132] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 403.988633][T19013] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 403.995628][T19013] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 404.028996][T19150] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3954'. [ 404.116159][T19013] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 404.241449][T19155] netlink: 'syz.2.3956': attribute type 6 has an invalid length. [ 404.315475][T19163] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3956'. [ 404.358254][ T5847] Bluetooth: hci1: command tx timeout [ 404.362915][T19165] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3957'. [ 404.409482][T19051] chnl_net:caif_netlink_parms(): no params data found [ 404.485652][T19013] hsr_slave_0: entered promiscuous mode [ 404.498010][T19013] hsr_slave_1: entered promiscuous mode [ 404.505718][T19013] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 404.514390][T19013] Cannot create hsr debugfs directory [ 404.552337][T19133] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 404.649166][T19172] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 0 [ 404.879927][T19051] bridge0: port 1(bridge_slave_0) entered blocking state [ 404.887149][T19051] bridge0: port 1(bridge_slave_0) entered disabled state [ 404.896045][T19051] bridge_slave_0: entered allmulticast mode [ 404.904725][T19051] bridge_slave_0: entered promiscuous mode [ 404.926675][T19051] bridge0: port 2(bridge_slave_1) entered blocking state [ 404.934001][T19051] bridge0: port 2(bridge_slave_1) entered disabled state [ 404.941724][T19051] bridge_slave_1: entered allmulticast mode [ 404.951719][T19051] bridge_slave_1: entered promiscuous mode [ 405.036760][T19051] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 405.069747][T19051] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 405.157777][ T5847] Bluetooth: hci0: command tx timeout [ 405.179845][T19201] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3967'. [ 405.320432][T19051] team0: Port device team_slave_0 added [ 405.331851][T19051] team0: Port device team_slave_1 added [ 405.446195][T19051] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 405.453618][T19051] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 405.489575][T19051] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 405.500652][T19213] .: renamed from bond0 [ 405.506325][T19211] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3970'. [ 405.523652][T19051] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 405.531057][T19051] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 405.558911][T19051] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 405.682941][T19051] hsr_slave_0: entered promiscuous mode [ 405.693621][T19051] hsr_slave_1: entered promiscuous mode [ 405.701187][T19051] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 405.713088][T19051] Cannot create hsr debugfs directory [ 405.963430][T19013] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 406.035120][T19013] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 406.047342][T19232] SET target dimension over the limit! [ 406.067077][T19013] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 406.152822][T19013] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 406.245942][T19233] syzkaller1: entered promiscuous mode [ 406.252268][T19233] syzkaller1: entered allmulticast mode [ 406.279115][ T5847] Bluetooth: hci5: command 0x0406 tx timeout [ 406.404804][T19051] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.437840][ T5842] Bluetooth: hci1: command tx timeout [ 406.494471][T19254] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3981'. [ 406.506469][T19254] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3981'. [ 406.585973][T19051] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.641949][T19261] netlink: 71 bytes leftover after parsing attributes in process `syz.4.3983'. [ 406.690878][T19051] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.735852][T19261] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3983'. [ 406.811654][T19051] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 406.919992][T19261] bond0: entered allmulticast mode [ 406.974024][T19261] Bluetooth: MGMT ver 1.23 [ 407.049359][T19271] bond0: (slave bond_slave_0): Releasing backup interface [ 407.068122][T19271] bond_slave_0 (unregistering): left promiscuous mode [ 407.240449][ T5847] Bluetooth: hci0: command tx timeout [ 407.300683][T19013] 8021q: adding VLAN 0 to HW filter on device bond0 [ 407.374563][T19051] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 407.442634][T19051] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 407.459781][T19293] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3992'. [ 407.469538][T19051] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 407.497358][T19051] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 407.552412][T19013] 8021q: adding VLAN 0 to HW filter on device team0 [ 407.796385][T10917] bridge0: port 1(bridge_slave_0) entered blocking state [ 407.803649][T10917] bridge0: port 1(bridge_slave_0) entered forwarding state [ 407.831007][T10917] bridge0: port 2(bridge_slave_1) entered blocking state [ 407.838259][T10917] bridge0: port 2(bridge_slave_1) entered forwarding state [ 407.860184][T19320] netlink: 'syz.1.3997': attribute type 3 has an invalid length. [ 407.885860][T19310] syzkaller1: entered promiscuous mode [ 407.893053][T19310] syzkaller1: entered allmulticast mode [ 408.412657][T19051] 8021q: adding VLAN 0 to HW filter on device bond0 [ 408.502056][T19051] 8021q: adding VLAN 0 to HW filter on device team0 [ 408.517672][ T5847] Bluetooth: hci1: command tx timeout [ 408.571902][T10917] bridge0: port 1(bridge_slave_0) entered blocking state [ 408.579143][T10917] bridge0: port 1(bridge_slave_0) entered forwarding state [ 408.625532][T19340] Cannot find del_set index 5 as target [ 408.625532][T19338] x_tables: ip6_tables: MASQUERADE target: used from hooks INPUT, but only usable from POSTROUTING [ 408.671515][T19340] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 408.817588][T19336] team0: Port device team_slave_0 removed [ 408.863411][T10917] bridge0: port 2(bridge_slave_1) entered blocking state [ 408.870653][T10917] bridge0: port 2(bridge_slave_1) entered forwarding state [ 408.977918][T19361] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4008'. [ 408.981148][T19013] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 408.997918][ T5842] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 409.236428][T19013] veth0_vlan: entered promiscuous mode [ 409.321246][ T5842] Bluetooth: hci0: command 0x0c1a tx timeout [ 409.345905][T19375] __nla_validate_parse: 1 callbacks suppressed [ 409.345924][T19375] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.4012'. [ 409.363692][T19013] veth1_vlan: entered promiscuous mode [ 409.398500][T19371] syzkaller1: entered promiscuous mode [ 409.404015][T19371] syzkaller1: entered allmulticast mode [ 409.564005][T19013] veth0_macvtap: entered promiscuous mode [ 409.621678][T19013] veth1_macvtap: entered promiscuous mode [ 409.694498][T19013] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 409.746749][T19013] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 409.795459][T19013] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.825320][T19013] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.850130][T19013] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 409.887544][T19013] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.116842][T19051] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 410.130920][T19400] xt_CT: No such helper "syz0" [ 410.221851][T19412] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4019'. [ 410.435389][T19051] veth0_vlan: entered promiscuous mode [ 410.453850][T10918] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 410.482220][T10918] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 410.512860][T19422] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4021'. [ 410.529990][T19051] veth1_vlan: entered promiscuous mode [ 410.560354][T10918] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 410.574474][T10918] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 410.655313][T19051] veth0_macvtap: entered promiscuous mode [ 410.749418][T19051] veth1_macvtap: entered promiscuous mode [ 410.825660][T19434] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4024'. [ 410.836048][T19051] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 410.863115][T19051] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 411.010935][T19051] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.020191][T19051] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.031068][T19051] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.042027][T19051] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.215720][T10921] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.357280][T10921] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.447385][T10921] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.467390][ T3009] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 411.475670][ T3009] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 411.506771][T10905] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 411.516449][T10905] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 411.629928][T10921] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.827236][T10921] bridge_slave_1: left allmulticast mode [ 411.833553][T10921] bridge_slave_1: left promiscuous mode [ 411.847268][T10921] bridge0: port 2(bridge_slave_1) entered disabled state [ 411.891660][T10921] bridge_slave_0: left allmulticast mode [ 411.897373][T10921] bridge_slave_0: left promiscuous mode [ 411.917703][T10921] bridge0: port 1(bridge_slave_0) entered disabled state [ 412.293439][T19461] netlink: 9 bytes leftover after parsing attributes in process `syz.2.4030'. [ 412.443175][ T5847] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 412.453416][ T5847] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 412.463288][ T5847] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 412.471948][ T5847] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 412.480052][ T5847] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 412.621023][ T5847] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 412.638884][ T5847] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 412.662328][ T5847] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 412.690746][ T5847] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 412.718037][ T5847] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 412.795622][T10921] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 412.807075][T10921] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 412.817634][T10921] bond0 (unregistering): Released all slaves [ 412.860293][T19461] gretap0: entered promiscuous mode [ 413.036081][T19467] netlink: 1196 bytes leftover after parsing attributes in process `syz.1.4032'. [ 413.126849][T19470] SET target dimension over the limit! [ 413.150215][T19471] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4033'. [ 413.160023][T19471] netlink: 68 bytes leftover after parsing attributes in process `syz.2.4033'. [ 413.183898][T19471] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4033'. [ 413.199903][T19474] netlink: 576 bytes leftover after parsing attributes in process `syz.1.4035'. [ 413.616738][T10921] hsr_slave_0: left promiscuous mode [ 413.623921][T10921] hsr_slave_1: left promiscuous mode [ 413.632777][T10921] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 413.641965][T10921] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 413.657404][T10921] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 413.666224][T10921] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 413.730894][T10921] veth1_macvtap: left promiscuous mode [ 413.736544][T10921] veth0_macvtap: left promiscuous mode [ 413.742690][T10921] veth1_vlan: left promiscuous mode [ 413.748559][T10921] veth0_vlan: left promiscuous mode [ 414.424435][T10921] team0 (unregistering): Port device team_slave_1 removed [ 414.483736][T10921] team0 (unregistering): Port device team_slave_0 removed [ 414.519662][ T5842] Bluetooth: hci0: command tx timeout [ 414.744701][T19509] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 414.757937][ T5842] Bluetooth: hci1: command tx timeout [ 414.872912][T19510] __nla_validate_parse: 1 callbacks suppressed [ 414.872929][T19510] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4043'. [ 415.360008][T19517] SET target dimension over the limit! [ 415.596241][T19530] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4049'. [ 415.667323][T19462] chnl_net:caif_netlink_parms(): no params data found [ 415.821533][T19464] chnl_net:caif_netlink_parms(): no params data found [ 416.050001][T19462] bridge0: port 1(bridge_slave_0) entered blocking state [ 416.059353][T19462] bridge0: port 1(bridge_slave_0) entered disabled state [ 416.066597][T19462] bridge_slave_0: entered allmulticast mode [ 416.075119][T19462] bridge_slave_0: entered promiscuous mode [ 416.111884][T19550] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4053'. [ 416.139172][T19462] bridge0: port 2(bridge_slave_1) entered blocking state [ 416.146525][T19462] bridge0: port 2(bridge_slave_1) entered disabled state [ 416.154396][T19462] bridge_slave_1: entered allmulticast mode [ 416.162452][T19462] bridge_slave_1: entered promiscuous mode [ 416.189246][T19550] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2 [ 416.201728][T19550] gretap2: entered promiscuous mode [ 416.207018][T19550] gretap2: entered allmulticast mode [ 416.262483][T19464] bridge0: port 1(bridge_slave_0) entered blocking state [ 416.270022][T19464] bridge0: port 1(bridge_slave_0) entered disabled state [ 416.277572][T19464] bridge_slave_0: entered allmulticast mode [ 416.285052][T19464] bridge_slave_0: entered promiscuous mode [ 416.297541][T19464] bridge0: port 2(bridge_slave_1) entered blocking state [ 416.304830][T19464] bridge0: port 2(bridge_slave_1) entered disabled state [ 416.328021][T19464] bridge_slave_1: entered allmulticast mode [ 416.336678][T19464] bridge_slave_1: entered promiscuous mode [ 416.501193][T19462] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 416.539519][T19462] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 416.569822][T19464] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 416.591809][T19464] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 416.601324][ T5842] Bluetooth: hci0: command tx timeout [ 416.681480][T19564] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4059'. [ 416.843008][ T5842] Bluetooth: hci1: command tx timeout [ 416.953991][T19462] team0: Port device team_slave_0 added [ 417.130225][T19464] team0: Port device team_slave_0 added [ 417.143145][T19462] team0: Port device team_slave_1 added [ 417.243441][T10921] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.292952][T19464] team0: Port device team_slave_1 added [ 417.582031][T10921] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.595511][T19580] netlink: 'syz.4.4064': attribute type 4 has an invalid length. [ 417.644126][T19464] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 417.657747][T19464] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 417.698652][T19464] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 417.712212][T19464] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 417.719774][T19464] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 417.746333][T19464] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 417.781311][T19462] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 417.796529][T19462] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 417.857764][T19462] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 417.871642][T19583] netlink: 'syz.4.4065': attribute type 10 has an invalid length. [ 417.891574][T19462] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 417.902794][T19462] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 417.938508][T19462] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 417.949635][T19584] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4065'. [ 417.960645][T19584] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4065'. [ 417.995803][T10921] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.025806][ T5847] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 418.035006][ T5847] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 418.044207][ T5847] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 418.056923][ T5847] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 418.066885][ T5847] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 418.095694][T19583] syz_tun: entered promiscuous mode [ 418.153414][T19588] netlink: 'syz.1.4066': attribute type 3 has an invalid length. [ 418.231996][T10921] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.330106][T19597] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4068'. [ 418.343103][T19464] hsr_slave_0: entered promiscuous mode [ 418.353123][T19464] hsr_slave_1: entered promiscuous mode [ 418.360171][T19464] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 418.368913][T19464] Cannot create hsr debugfs directory [ 418.565406][T19462] hsr_slave_0: entered promiscuous mode [ 418.585136][T19462] hsr_slave_1: entered promiscuous mode [ 418.597352][T19462] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 418.617779][T19462] Cannot create hsr debugfs directory [ 418.678444][ T5842] Bluetooth: hci0: command tx timeout [ 418.918271][ T5842] Bluetooth: hci1: command tx timeout [ 419.050253][T19622] netlink: 50 bytes leftover after parsing attributes in process `syz.4.4074'. [ 419.059557][T19622] netlink: 80 bytes leftover after parsing attributes in process `syz.4.4074'. [ 419.131133][T19626] netlink: 56 bytes leftover after parsing attributes in process `syz.1.4075'. [ 419.205980][T19627] team0: Cannot enslave team device to itself [ 419.214176][T19628] team0: Cannot enslave team device to itself [ 419.239829][T10921] bridge_slave_1: left allmulticast mode [ 419.251219][T10921] bridge_slave_1: left promiscuous mode [ 419.251413][T19633] x_tables: duplicate underflow at hook 1 [ 419.257104][T10921] bridge0: port 2(bridge_slave_1) entered disabled state [ 419.279397][T10921] bridge_slave_0: left allmulticast mode [ 419.285167][T10921] bridge_slave_0: left promiscuous mode [ 419.292037][T10921] bridge0: port 1(bridge_slave_0) entered disabled state [ 419.524154][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805e56c000: rx timeout, send abort [ 419.815682][T10921] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 419.826668][T10921] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 419.841416][T10921] bond0 (unregistering): Released all slaves [ 420.117895][ T5842] Bluetooth: hci3: command tx timeout [ 420.276262][T19655] __nla_validate_parse: 2 callbacks suppressed [ 420.276279][T19655] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4083'. [ 420.384951][T10921] hsr_slave_0: left promiscuous mode [ 420.395377][T10921] hsr_slave_1: left promiscuous mode [ 420.402878][T10921] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 420.411147][T10921] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 420.426732][T10921] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 420.434572][T10921] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 420.459037][T10921] veth1_macvtap: left promiscuous mode [ 420.464593][T10921] veth0_macvtap: left promiscuous mode [ 420.470501][T10921] veth1_vlan: left promiscuous mode [ 420.475863][T10921] veth0_vlan: left promiscuous mode [ 420.758029][ T5842] Bluetooth: hci0: command tx timeout [ 421.010287][ T5842] Bluetooth: hci1: command tx timeout [ 421.093809][T10921] team0 (unregistering): Port device team_slave_1 removed [ 421.155176][T10921] team0 (unregistering): Port device team_slave_0 removed [ 421.660547][T19585] chnl_net:caif_netlink_parms(): no params data found [ 421.959608][T19585] bridge0: port 1(bridge_slave_0) entered blocking state [ 421.966990][T19585] bridge0: port 1(bridge_slave_0) entered disabled state [ 421.974809][T19585] bridge_slave_0: entered allmulticast mode [ 421.983659][T19585] bridge_slave_0: entered promiscuous mode [ 422.014801][T19585] bridge0: port 2(bridge_slave_1) entered blocking state [ 422.027761][T19585] bridge0: port 2(bridge_slave_1) entered disabled state [ 422.040144][T19585] bridge_slave_1: entered allmulticast mode [ 422.048773][T19585] bridge_slave_1: entered promiscuous mode [ 422.175486][T19683] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 422.196218][T19585] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 422.212195][ T5842] Bluetooth: hci3: command 0x041b tx timeout [ 422.241966][T19585] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 422.405032][T19585] team0: Port device team_slave_0 added [ 422.438506][T19585] team0: Port device team_slave_1 added [ 422.581196][T19699] hsr0: entered allmulticast mode [ 422.586291][T19699] hsr_slave_0: entered allmulticast mode [ 422.596877][T19699] hsr_slave_1: entered allmulticast mode [ 422.639031][T19585] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 422.646019][T19585] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 422.685348][T19585] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 422.746438][T10917] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.786385][T19585] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 422.794286][T19585] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 422.831005][T19585] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 422.953872][T19464] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 422.999516][T10917] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.026882][T19709] tipc: Started in network mode [ 423.032736][T19709] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 423.040477][T19709] tipc: Enabled bearer , priority 0 [ 423.055030][T19585] hsr_slave_0: entered promiscuous mode [ 423.076817][T19585] hsr_slave_1: entered promiscuous mode [ 423.084392][T19585] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 423.107604][T19585] Cannot create hsr debugfs directory [ 423.113410][T19464] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 423.206858][T10917] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.259553][T19464] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 423.297937][T19717] sit0: entered promiscuous mode [ 423.317240][T19717] netlink: 'syz.4.4098': attribute type 1 has an invalid length. [ 423.333313][T19717] netlink: 1 bytes leftover after parsing attributes in process `syz.4.4098'. [ 423.414970][T10917] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.442757][T19464] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 423.551283][T19462] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 423.572427][T19462] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 423.617108][T19733] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4101'. [ 423.627667][T19733] netlink: 'syz.4.4101': attribute type 7 has an invalid length. [ 423.628731][T19462] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 423.635547][T19733] netlink: 'syz.4.4101': attribute type 8 has an invalid length. [ 423.654217][T19733] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4101'. [ 423.661376][T19462] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 423.699357][T19733] batadv_slave_1: entered promiscuous mode [ 423.707110][T19733] batadv_slave_1: left promiscuous mode [ 423.807118][T10917] bridge_slave_1: left allmulticast mode [ 423.814951][T10917] bridge_slave_1: left promiscuous mode [ 423.826197][T10917] bridge0: port 2(bridge_slave_1) entered disabled state [ 423.837384][T10917] bridge_slave_0: left allmulticast mode [ 423.850153][T10917] bridge_slave_0: left promiscuous mode [ 423.865620][T10917] bridge0: port 1(bridge_slave_0) entered disabled state [ 423.985518][T19745] netlink: 'syz.4.4104': attribute type 1 has an invalid length. [ 424.159952][ T5916] tipc: Node number set to 11578026 [ 424.223121][T10917] bond1 (unregistering): (slave gretap1): Releasing active interface [ 424.290082][ T5847] Bluetooth: hci3: command 0x041b tx timeout [ 424.495297][T10917] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 424.504455][T10917] bond_slave_1: left promiscuous mode [ 424.513074][T10917] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 424.522161][T10917] mac80211_hwsim hwsim29 wlan1: left promiscuous mode [ 424.535038][T10917] bond0 (unregistering): Released all slaves [ 424.552579][T10917] bond1 (unregistering): Released all slaves [ 424.593252][T19752] macvtap1: entered promiscuous mode [ 424.607787][T19752] vlan0: entered promiscuous mode [ 424.613086][T19752] macvtap1: entered allmulticast mode [ 424.623969][T19752] vlan0: entered allmulticast mode [ 424.636067][T19752] veth0_vlan: entered allmulticast mode [ 424.976937][T19761] bridge0: the hash_elasticity option has been deprecated and is always 16 [ 425.009908][T19761] bridge0: port 2(bridge_slave_1) entered disabled state [ 425.018913][T19761] bridge0: port 1(bridge_slave_0) entered disabled state [ 425.085575][T10917] hsr_slave_0: left promiscuous mode [ 425.106917][T10917] hsr_slave_1: left promiscuous mode [ 425.115571][T10917] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 425.123351][T10917] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 425.132951][T10917] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 425.140596][T10917] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 425.167134][T10917] veth1_macvtap: left promiscuous mode [ 425.172971][T10917] veth0_macvtap: left promiscuous mode [ 425.178784][T10917] veth1_vlan: left promiscuous mode [ 425.184145][T10917] veth0_vlan: left promiscuous mode [ 425.745590][T10917] team0 (unregistering): Port device team_slave_1 removed [ 425.791809][T10917] team0 (unregistering): Port device team_slave_0 removed [ 426.159964][T19766] netlink: 'syz.1.4111': attribute type 4 has an invalid length. [ 426.230910][T19770] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4112'. [ 426.263199][T19770] netlink: 'syz.4.4112': attribute type 7 has an invalid length. [ 426.273439][T19770] netlink: 'syz.4.4112': attribute type 8 has an invalid length. [ 426.284992][T19770] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4112'. [ 426.335602][T19770] batadv_slave_1: entered promiscuous mode [ 426.349958][T19770] batadv_slave_1: left promiscuous mode [ 426.359626][ T5847] Bluetooth: hci3: command 0x041b tx timeout [ 426.397595][T19772] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4113'. [ 426.409646][T19464] 8021q: adding VLAN 0 to HW filter on device bond0 [ 426.454253][T19772] netlink: 272 bytes leftover after parsing attributes in process `syz.1.4113'. [ 426.470768][T19772] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4113'. [ 426.606497][T19464] 8021q: adding VLAN 0 to HW filter on device team0 [ 426.659300][T10921] bridge0: port 1(bridge_slave_0) entered blocking state [ 426.666494][T10921] bridge0: port 1(bridge_slave_0) entered forwarding state [ 426.692507][T10921] bridge0: port 2(bridge_slave_1) entered blocking state [ 426.699770][T10921] bridge0: port 2(bridge_slave_1) entered forwarding state [ 426.723458][T19462] 8021q: adding VLAN 0 to HW filter on device bond0 [ 426.789094][T19779] netlink: 60 bytes leftover after parsing attributes in process `syz.1.4115'. [ 426.810328][T19585] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 426.865307][T19462] 8021q: adding VLAN 0 to HW filter on device team0 [ 426.894433][T19585] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 426.947530][T19585] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 427.001588][T10905] bridge0: port 1(bridge_slave_0) entered blocking state [ 427.008814][T10905] bridge0: port 1(bridge_slave_0) entered forwarding state [ 427.049073][T10905] bridge0: port 2(bridge_slave_1) entered blocking state [ 427.056279][T10905] bridge0: port 2(bridge_slave_1) entered forwarding state [ 427.097253][T19585] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 427.541349][T19585] 8021q: adding VLAN 0 to HW filter on device bond0 [ 427.618616][T19585] 8021q: adding VLAN 0 to HW filter on device team0 [ 427.652641][T10917] bridge0: port 1(bridge_slave_0) entered blocking state [ 427.659885][T10917] bridge0: port 1(bridge_slave_0) entered forwarding state [ 427.702675][ T3009] bridge0: port 2(bridge_slave_1) entered blocking state [ 427.709895][ T3009] bridge0: port 2(bridge_slave_1) entered forwarding state [ 427.743999][T19827] No such timeout policy "syz0" [ 427.846831][T19464] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 427.906829][T19462] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 428.092160][T19462] veth0_vlan: entered promiscuous mode [ 428.116758][T19464] veth0_vlan: entered promiscuous mode [ 428.166256][T19462] veth1_vlan: entered promiscuous mode [ 428.196701][T19464] veth1_vlan: entered promiscuous mode [ 428.260295][T19842] Bluetooth: MGMT ver 1.23 [ 428.293859][T19585] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 428.321100][T19462] veth0_macvtap: entered promiscuous mode [ 428.372800][T19464] veth0_macvtap: entered promiscuous mode [ 428.392150][T19849] netlink: 'syz.4.4128': attribute type 39 has an invalid length. [ 428.392846][T19462] veth1_macvtap: entered promiscuous mode [ 428.445000][ T5847] Bluetooth: hci3: command 0x041b tx timeout [ 428.505814][T19464] veth1_macvtap: entered promiscuous mode [ 428.572885][T19462] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 428.683825][T19462] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 428.706822][T19858] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4130'. [ 428.707330][T19462] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 428.729712][T19462] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 428.741003][T19462] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 428.750112][T19462] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 428.765953][T19464] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 428.775134][T19585] veth0_vlan: entered promiscuous mode [ 428.820366][T19464] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 428.854653][T19464] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 428.868521][T19464] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 428.877292][T19464] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 428.886854][T19464] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 428.928109][T19585] veth1_vlan: entered promiscuous mode [ 429.032716][T10917] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 429.041328][T10917] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 429.114524][T19585] veth0_macvtap: entered promiscuous mode [ 429.162728][T19585] veth1_macvtap: entered promiscuous mode [ 429.190651][T19871] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4133'. [ 429.235899][T10906] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 429.245834][T10906] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 429.254703][T19871] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4133'. [ 429.268379][T19871] bridge_slave_0: entered promiscuous mode [ 429.314951][ T3009] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 429.322106][T19585] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 429.351436][ T3009] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 429.414304][T19585] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 429.446407][T19873] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4134'. [ 429.488933][T19585] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.501162][T19585] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.511786][T19585] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.520729][T19585] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.561249][ T3009] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 429.584686][ T3009] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 429.704099][T19882] netlink: 'syz.4.4136': attribute type 7 has an invalid length. [ 429.717303][T19882] netlink: 'syz.4.4136': attribute type 8 has an invalid length. [ 429.735714][T19882] batadv_slave_1: entered promiscuous mode [ 429.750683][T19882] batadv_slave_1: left promiscuous mode [ 429.979977][ T3009] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.006831][T10906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 430.050402][T10906] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 430.169647][ T3009] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.211347][T10901] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 430.232235][T10901] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 430.273875][ T3009] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.439260][T19888] SET target dimension over the limit! [ 430.535407][ T3009] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 430.813526][T19894] raw_sendmsg: syz.1.4140 forgot to set AF_INET. Fix it! [ 431.024584][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 431.035005][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 431.044010][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 431.053318][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 431.061250][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 431.091495][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 431.101914][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 431.117878][ T3009] bridge_slave_1: left allmulticast mode [ 431.123722][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 431.131216][ T3009] bridge_slave_1: left promiscuous mode [ 431.139286][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 431.147476][ T3009] bridge0: port 2(bridge_slave_1) entered disabled state [ 431.155621][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 431.166980][ T3009] bridge_slave_0: left allmulticast mode [ 431.189711][ T3009] bridge_slave_0: left promiscuous mode [ 431.200153][ T3009] bridge0: port 1(bridge_slave_0) entered disabled state [ 431.790641][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 431.801196][ T3009] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 431.810278][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 431.818851][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 431.826604][ T3009] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 431.838525][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 431.839629][ T3009] bond0 (unregistering): Released all slaves [ 431.852667][ T5842] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 432.026695][T19910] __nla_validate_parse: 3 callbacks suppressed [ 432.026714][T19910] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4143'. [ 432.156249][T19909] tap0: tun_chr_ioctl cmd 1074025678 [ 432.162125][T19909] tap0: group set to 0 [ 432.278147][ T3009] hsr_slave_0: left promiscuous mode [ 432.285995][ T3009] hsr_slave_1: left promiscuous mode [ 432.294607][ T3009] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 432.317592][ T3009] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 432.335680][ T3009] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 432.345648][ T3009] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 432.372466][ T3009] veth1_macvtap: left promiscuous mode [ 432.378468][ T3009] veth0_macvtap: left promiscuous mode [ 432.384093][ T3009] veth1_vlan: left promiscuous mode [ 432.390103][ T3009] veth0_vlan: left promiscuous mode [ 432.997638][ T5842] Bluetooth: hci2: command 0x0405 tx timeout [ 433.022071][ T3009] team0 (unregistering): Port device team_slave_1 removed [ 433.064044][ T3009] team0 (unregistering): Port device team_slave_0 removed [ 433.171643][ T5842] Bluetooth: hci0: command tx timeout [ 433.240536][ T5842] Bluetooth: hci1: command tx timeout [ 433.684593][T19930] SET target dimension over the limit! [ 433.864514][T19897] chnl_net:caif_netlink_parms(): no params data found [ 433.967813][ T5842] Bluetooth: hci3: command tx timeout [ 434.111465][T19905] chnl_net:caif_netlink_parms(): no params data found [ 434.360247][T19899] chnl_net:caif_netlink_parms(): no params data found [ 434.385743][T19897] bridge0: port 1(bridge_slave_0) entered blocking state [ 434.393084][T19897] bridge0: port 1(bridge_slave_0) entered disabled state [ 434.401110][T19897] bridge_slave_0: entered allmulticast mode [ 434.408355][T19897] bridge_slave_0: entered promiscuous mode [ 434.446471][T10921] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.479078][T19897] bridge0: port 2(bridge_slave_1) entered blocking state [ 434.486527][T19897] bridge0: port 2(bridge_slave_1) entered disabled state [ 434.497714][T19897] bridge_slave_1: entered allmulticast mode [ 434.515591][T19897] bridge_slave_1: entered promiscuous mode [ 434.623865][T19970] delete_channel: no stack [ 434.745868][T10921] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.772186][T19897] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 434.785112][T19897] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 434.885654][T10921] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.904388][T19905] bridge0: port 1(bridge_slave_0) entered blocking state [ 434.912027][T19905] bridge0: port 1(bridge_slave_0) entered disabled state [ 434.917278][T19979] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4160'. [ 434.927946][T19905] bridge_slave_0: entered allmulticast mode [ 434.942202][T19905] bridge_slave_0: entered promiscuous mode [ 435.035793][T19981] Cannot find map_set index 0 as target [ 435.063590][T19897] team0: Port device team_slave_0 added [ 435.092104][T19897] team0: Port device team_slave_1 added [ 435.160200][T10921] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 435.229652][T19905] bridge0: port 2(bridge_slave_1) entered blocking state [ 435.236897][T19905] bridge0: port 2(bridge_slave_1) entered disabled state [ 435.246345][ T5842] Bluetooth: hci0: command tx timeout [ 435.262061][T19905] bridge_slave_1: entered allmulticast mode [ 435.273933][T19905] bridge_slave_1: entered promiscuous mode [ 435.281210][T19899] bridge0: port 1(bridge_slave_0) entered blocking state [ 435.309909][T19899] bridge0: port 1(bridge_slave_0) entered disabled state [ 435.317295][T19899] bridge_slave_0: entered allmulticast mode [ 435.324675][ T5842] Bluetooth: hci1: command tx timeout [ 435.333146][T19899] bridge_slave_0: entered promiscuous mode [ 435.341912][T19899] bridge0: port 2(bridge_slave_1) entered blocking state [ 435.349505][T19899] bridge0: port 2(bridge_slave_1) entered disabled state [ 435.356751][T19899] bridge_slave_1: entered allmulticast mode [ 435.365291][T19899] bridge_slave_1: entered promiscuous mode [ 435.536013][T19897] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 435.543770][T19897] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 435.545018][T20008] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4167'. [ 435.571640][T19897] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 435.594589][T19897] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 435.602516][T19897] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 435.629471][T19897] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 435.649733][T19905] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 435.808222][T19905] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 435.830481][T19899] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 435.933938][T19899] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 435.993069][T19897] hsr_slave_0: entered promiscuous mode [ 436.014841][T19897] hsr_slave_1: entered promiscuous mode [ 436.022294][T19897] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 436.030904][T19897] Cannot create hsr debugfs directory [ 436.037711][ T5842] Bluetooth: hci3: command tx timeout [ 436.103389][T19899] team0: Port device team_slave_0 added [ 436.104970][T20025] netlink: 576 bytes leftover after parsing attributes in process `syz.4.4173'. [ 436.140886][T19905] team0: Port device team_slave_0 added [ 436.150055][T19899] team0: Port device team_slave_1 added [ 436.190051][T19905] team0: Port device team_slave_1 added [ 436.301673][T19899] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 436.310076][T19899] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 436.337093][T19899] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 436.349700][T20027] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4174'. [ 436.360044][T20027] netlink: 5 bytes leftover after parsing attributes in process `syz.4.4174'. [ 436.426338][T10921] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.457954][T19899] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 436.465199][T19899] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 436.492221][T19899] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 436.527026][T19905] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 436.535166][T19905] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 436.561731][T19905] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 436.628663][T19905] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 436.635765][T19905] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 436.664327][T19905] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 436.725132][T20036] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4177'. [ 436.749987][T10921] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.791544][T19899] hsr_slave_0: entered promiscuous mode [ 436.798619][T19899] hsr_slave_1: entered promiscuous mode [ 436.805854][T19899] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 436.813997][T19899] Cannot create hsr debugfs directory [ 436.833306][T20037] ip6erspan0: entered promiscuous mode [ 436.878916][T10921] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.983246][T20042] openvswitch: netlink: nsh attr 0 has unexpected len 1 expected 0 [ 437.119086][T10921] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 437.170212][T19905] hsr_slave_0: entered promiscuous mode [ 437.183419][T19905] hsr_slave_1: entered promiscuous mode [ 437.201727][T19905] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 437.216213][T19905] Cannot create hsr debugfs directory [ 437.253679][T20048] netlink: 'syz.4.4181': attribute type 1 has an invalid length. [ 437.273904][T20048] netlink: 228 bytes leftover after parsing attributes in process `syz.4.4181'. [ 437.317846][ T5842] Bluetooth: hci0: command tx timeout [ 437.397691][ T5842] Bluetooth: hci1: command tx timeout [ 437.484669][T20055] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4183'. [ 437.495548][T20057] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4183'. [ 437.762634][T10921] bridge_slave_1: left allmulticast mode [ 437.772285][T10921] bridge_slave_1: left promiscuous mode [ 437.784873][T10921] bridge0: port 2(bridge_slave_1) entered disabled state [ 437.810011][T10921] bridge_slave_0: left allmulticast mode [ 437.815704][T10921] bridge_slave_0: left promiscuous mode [ 437.833756][T10921] bridge0: port 1(bridge_slave_0) entered disabled state [ 437.865376][T10921] bridge_slave_1: left allmulticast mode [ 437.874752][T10921] bridge_slave_1: left promiscuous mode [ 437.891940][T10921] bridge0: port 2(bridge_slave_1) entered disabled state [ 437.912575][T10921] bridge_slave_0: left allmulticast mode [ 437.923531][T10921] bridge_slave_0: left promiscuous mode [ 437.936507][T10921] bridge0: port 1(bridge_slave_0) entered disabled state [ 438.117969][ T5842] Bluetooth: hci3: command tx timeout [ 438.356599][T10921] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 438.367343][T10921] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 438.378873][T10921] bond0 (unregistering): Released all slaves [ 438.707842][T10921] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 438.720023][T10921] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 438.733783][T10921] bond0 (unregistering): Released all slaves [ 439.166221][T20090] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4192'. [ 439.184700][T20090] netlink: 'syz.4.4192': attribute type 7 has an invalid length. [ 439.192624][T20090] netlink: 'syz.4.4192': attribute type 8 has an invalid length. [ 439.200715][T20090] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4192'. [ 439.238454][T20090] batadv_slave_1: entered promiscuous mode [ 439.246027][T20090] batadv_slave_1: left promiscuous mode [ 439.401986][ T5842] Bluetooth: hci0: command tx timeout [ 439.421725][T10921] hsr_slave_0: left promiscuous mode [ 439.428296][T10921] hsr_slave_1: left promiscuous mode [ 439.434463][T10921] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 439.444818][T10921] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 439.454049][T10921] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 439.461708][T10921] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 439.475596][T10921] hsr_slave_0: left promiscuous mode [ 439.481531][ T5842] Bluetooth: hci1: command tx timeout [ 439.481885][T20095] openvswitch: netlink: EtherType 0 is less than min 600 [ 439.494579][T10921] hsr_slave_1: left promiscuous mode [ 439.501004][T10921] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 439.509519][T10921] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 439.518015][T10921] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 439.525592][T10921] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 439.582028][T10921] veth1_macvtap: left promiscuous mode [ 439.588241][T10921] veth0_macvtap: left promiscuous mode [ 439.594178][T10921] veth1_vlan: left promiscuous mode [ 439.595970][T20097] netlink: 'syz.4.4195': attribute type 1 has an invalid length. [ 439.599966][T10921] veth0_vlan: left promiscuous mode [ 439.615707][T10921] veth1_macvtap: left promiscuous mode [ 439.621425][T10921] veth0_macvtap: left promiscuous mode [ 439.628276][T10921] veth1_vlan: left promiscuous mode [ 439.633549][T10921] veth0_vlan: left promiscuous mode [ 440.197952][ T5842] Bluetooth: hci3: command tx timeout [ 440.343244][T10921] team0 (unregistering): Port device team_slave_1 removed [ 440.390266][T10921] team0 (unregistering): Port device team_slave_0 removed [ 441.155559][T10921] team0 (unregistering): Port device team_slave_1 removed [ 441.201124][T10921] team0 (unregistering): Port device team_slave_0 removed [ 441.615375][T20097] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 441.646022][T20108] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ULvyآDUDw}z' [ 441.656447][T20108] CPU: 1 UID: 0 PID: 20108 Comm: syz.1.4199 Not tainted 6.16.0-rc2-syzkaller-00162-g302251f1fdfd #0 PREEMPT(full) [ 441.656471][T20108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 441.656485][T20108] Call Trace: [ 441.656492][T20108] [ 441.656501][T20108] dump_stack_lvl+0x189/0x250 [ 441.656534][T20108] ? __pfx_dump_stack_lvl+0x10/0x10 [ 441.656558][T20108] ? __pfx__printk+0x10/0x10 [ 441.656577][T20108] ? kernfs_path_from_node+0x2c/0x260 [ 441.656598][T20108] ? kernfs_path_from_node+0x2c/0x260 [ 441.656615][T20108] ? kernfs_path_from_node+0x2c/0x260 [ 441.656636][T20108] ? kernfs_path_from_node+0x22c/0x260 [ 441.656654][T20108] ? kernfs_path_from_node+0x2c/0x260 [ 441.656677][T20108] sysfs_warn_dup+0x8e/0xa0 [ 441.656696][T20108] sysfs_do_create_link_sd+0xc0/0x110 [ 441.656719][T20108] device_add_class_symlinks+0x1cf/0x240 [ 441.656750][T20108] device_add+0x475/0xb50 [ 441.656774][T20108] wiphy_register+0x199a/0x26b0 [ 441.656813][T20108] ? __pfx_wiphy_register+0x10/0x10 [ 441.656832][T20108] ? minstrel_ht_alloc+0x6dd/0x7e0 [ 441.656864][T20108] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 441.656892][T20108] ieee80211_register_hw+0x33e1/0x4120 [ 441.656934][T20108] ? ieee80211_register_hw+0x1441/0x4120 [ 441.656965][T20108] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 441.656989][T20108] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 441.657022][T20108] ? __hrtimer_setup+0x187/0x210 [ 441.657045][T20108] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 441.657068][T20108] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 441.657120][T20108] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 441.657137][T20108] ? trace_kmalloc+0x1f/0xd0 [ 441.657151][T20108] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 441.657168][T20108] ? kstrndup+0xbf/0x160 [ 441.657200][T20108] hwsim_new_radio_nl+0xea4/0x1b10 [ 441.657222][T20108] ? __pfx___nla_validate_parse+0x10/0x10 [ 441.657262][T20108] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 441.657295][T20108] ? __nla_parse+0x40/0x60 [ 441.657323][T20108] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 441.657356][T20108] genl_family_rcv_msg_doit+0x212/0x300 [ 441.657387][T20108] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 441.657431][T20108] ? bpf_lsm_capable+0x9/0x20 [ 441.657447][T20108] ? security_capable+0x7e/0x2e0 [ 441.657477][T20108] genl_rcv_msg+0x60e/0x790 [ 441.657508][T20108] ? __pfx_genl_rcv_msg+0x10/0x10 [ 441.657530][T20108] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 441.657565][T20108] netlink_rcv_skb+0x205/0x470 [ 441.657586][T20108] ? __pfx_genl_rcv_msg+0x10/0x10 [ 441.657611][T20108] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 441.657652][T20108] ? down_read+0x1ad/0x2e0 [ 441.657672][T20108] genl_rcv+0x28/0x40 [ 441.657691][T20108] netlink_unicast+0x758/0x8d0 [ 441.657722][T20108] netlink_sendmsg+0x805/0xb30 [ 441.657761][T20108] ? __pfx_netlink_sendmsg+0x10/0x10 [ 441.657787][T20108] ? aa_sock_msg_perm+0x94/0x160 [ 441.657812][T20108] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 441.657834][T20108] ? __pfx_netlink_sendmsg+0x10/0x10 [ 441.657856][T20108] __sock_sendmsg+0x219/0x270 [ 441.657885][T20108] ____sys_sendmsg+0x505/0x830 [ 441.657913][T20108] ? __pfx_____sys_sendmsg+0x10/0x10 [ 441.657947][T20108] ? import_iovec+0x74/0xa0 [ 441.657969][T20108] ___sys_sendmsg+0x21f/0x2a0 [ 441.657992][T20108] ? __pfx____sys_sendmsg+0x10/0x10 [ 441.658059][T20108] ? __fget_files+0x2a/0x420 [ 441.658077][T20108] ? __fget_files+0x3a0/0x420 [ 441.658109][T20108] __x64_sys_sendmsg+0x19b/0x260 [ 441.658134][T20108] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 441.658167][T20108] ? rcu_is_watching+0x15/0xb0 [ 441.658198][T20108] ? do_syscall_64+0xbe/0x3b0 [ 441.658220][T20108] do_syscall_64+0xfa/0x3b0 [ 441.658235][T20108] ? lockdep_hardirqs_on+0x9c/0x150 [ 441.658257][T20108] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.658275][T20108] ? clear_bhb_loop+0x60/0xb0 [ 441.658302][T20108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 441.658326][T20108] RIP: 0033:0x7f9770f8e929 [ 441.658343][T20108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 441.658359][T20108] RSP: 002b:00007f9771dba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 441.658382][T20108] RAX: ffffffffffffffda RBX: 00007f97711b5fa0 RCX: 00007f9770f8e929 [ 441.658396][T20108] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 441.658408][T20108] RBP: 00007f9771010b39 R08: 0000000000000000 R09: 0000000000000000 [ 441.658419][T20108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 441.658429][T20108] R13: 0000000000000000 R14: 00007f97711b5fa0 R15: 00007ffe7606d028 [ 441.658463][T20108] [ 442.679614][T19897] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 442.699933][T19897] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 442.729311][T19897] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 442.753147][T19897] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 442.802882][T19899] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 442.826640][T19899] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 442.857878][T19899] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 442.869550][T19899] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 442.929904][T19905] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 442.958460][T19905] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 442.973732][T19905] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 442.993308][T19905] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 443.184698][T19897] 8021q: adding VLAN 0 to HW filter on device bond0 [ 443.245369][T19897] 8021q: adding VLAN 0 to HW filter on device team0 [ 443.276266][T10918] bridge0: port 1(bridge_slave_0) entered blocking state [ 443.283432][T10918] bridge0: port 1(bridge_slave_0) entered forwarding state [ 443.306477][T19899] 8021q: adding VLAN 0 to HW filter on device bond0 [ 443.331702][T10918] bridge0: port 2(bridge_slave_1) entered blocking state [ 443.338912][T10918] bridge0: port 2(bridge_slave_1) entered forwarding state [ 443.396345][T19899] 8021q: adding VLAN 0 to HW filter on device team0 [ 443.423148][T19905] 8021q: adding VLAN 0 to HW filter on device bond0 [ 443.452796][T10921] bridge0: port 1(bridge_slave_0) entered blocking state [ 443.459944][T10921] bridge0: port 1(bridge_slave_0) entered forwarding state [ 443.471955][T10921] bridge0: port 2(bridge_slave_1) entered blocking state [ 443.479109][T10921] bridge0: port 2(bridge_slave_1) entered forwarding state [ 443.564892][T19905] 8021q: adding VLAN 0 to HW filter on device team0 [ 443.615687][T10922] bridge0: port 1(bridge_slave_0) entered blocking state [ 443.622921][T10922] bridge0: port 1(bridge_slave_0) entered forwarding state [ 443.693645][T10922] bridge0: port 2(bridge_slave_1) entered blocking state [ 443.700893][T10922] bridge0: port 2(bridge_slave_1) entered forwarding state [ 444.051522][T19897] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 444.170110][T19897] veth0_vlan: entered promiscuous mode [ 444.255870][T19897] veth1_vlan: entered promiscuous mode [ 444.291269][T20173] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ULvyآDUDw}zR' [ 444.307647][T20173] CPU: 1 UID: 0 PID: 20173 Comm: syz.1.4211 Not tainted 6.16.0-rc2-syzkaller-00162-g302251f1fdfd #0 PREEMPT(full) [ 444.307674][T20173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 444.307685][T20173] Call Trace: [ 444.307693][T20173] [ 444.307701][T20173] dump_stack_lvl+0x189/0x250 [ 444.307737][T20173] ? __pfx_dump_stack_lvl+0x10/0x10 [ 444.307760][T20173] ? __pfx__printk+0x10/0x10 [ 444.307779][T20173] ? kernfs_path_from_node+0x2c/0x260 [ 444.307799][T20173] ? kernfs_path_from_node+0x2c/0x260 [ 444.307815][T20173] ? kernfs_path_from_node+0x2c/0x260 [ 444.307835][T20173] ? kernfs_path_from_node+0x22c/0x260 [ 444.307852][T20173] ? kernfs_path_from_node+0x2c/0x260 [ 444.307873][T20173] sysfs_warn_dup+0x8e/0xa0 [ 444.307892][T20173] sysfs_do_create_link_sd+0xc0/0x110 [ 444.307913][T20173] device_add_class_symlinks+0x1cf/0x240 [ 444.307935][T20173] device_add+0x475/0xb50 [ 444.307959][T20173] wiphy_register+0x199a/0x26b0 [ 444.307994][T20173] ? __pfx_wiphy_register+0x10/0x10 [ 444.308011][T20173] ? minstrel_ht_alloc+0x6dd/0x7e0 [ 444.308037][T20173] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 444.308061][T20173] ieee80211_register_hw+0x33e1/0x4120 [ 444.308098][T20173] ? ieee80211_register_hw+0x1441/0x4120 [ 444.308125][T20173] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 444.308148][T20173] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 444.308178][T20173] ? __hrtimer_setup+0x187/0x210 [ 444.308199][T20173] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 444.308221][T20173] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 444.308270][T20173] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 444.308285][T20173] ? trace_kmalloc+0x1f/0xd0 [ 444.308297][T20173] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 444.308315][T20173] ? kstrndup+0xbf/0x160 [ 444.308346][T20173] hwsim_new_radio_nl+0xea4/0x1b10 [ 444.308366][T20173] ? __pfx___nla_validate_parse+0x10/0x10 [ 444.308406][T20173] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 444.308436][T20173] ? __nla_parse+0x40/0x60 [ 444.308462][T20173] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 444.308490][T20173] genl_family_rcv_msg_doit+0x212/0x300 [ 444.308520][T20173] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 444.308561][T20173] ? bpf_lsm_capable+0x9/0x20 [ 444.308576][T20173] ? security_capable+0x7e/0x2e0 [ 444.308604][T20173] genl_rcv_msg+0x60e/0x790 [ 444.308635][T20173] ? __pfx_genl_rcv_msg+0x10/0x10 [ 444.308656][T20173] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 444.308691][T20173] netlink_rcv_skb+0x205/0x470 [ 444.308710][T20173] ? __pfx_genl_rcv_msg+0x10/0x10 [ 444.308734][T20173] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 444.308774][T20173] ? down_read+0x1ad/0x2e0 [ 444.308795][T20173] genl_rcv+0x28/0x40 [ 444.308815][T20173] netlink_unicast+0x758/0x8d0 [ 444.308846][T20173] netlink_sendmsg+0x805/0xb30 [ 444.308875][T20173] ? __pfx_netlink_sendmsg+0x10/0x10 [ 444.308899][T20173] ? aa_sock_msg_perm+0x94/0x160 [ 444.308922][T20173] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 444.308941][T20173] ? __pfx_netlink_sendmsg+0x10/0x10 [ 444.308963][T20173] __sock_sendmsg+0x219/0x270 [ 444.308991][T20173] ____sys_sendmsg+0x505/0x830 [ 444.309019][T20173] ? __pfx_____sys_sendmsg+0x10/0x10 [ 444.309049][T20173] ? import_iovec+0x74/0xa0 [ 444.309070][T20173] ___sys_sendmsg+0x21f/0x2a0 [ 444.309093][T20173] ? __pfx____sys_sendmsg+0x10/0x10 [ 444.309157][T20173] ? __fget_files+0x2a/0x420 [ 444.309176][T20173] ? __fget_files+0x3a0/0x420 [ 444.309206][T20173] __x64_sys_sendmsg+0x19b/0x260 [ 444.309232][T20173] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 444.309265][T20173] ? rcu_is_watching+0x15/0xb0 [ 444.309291][T20173] ? do_syscall_64+0xbe/0x3b0 [ 444.309312][T20173] do_syscall_64+0xfa/0x3b0 [ 444.309327][T20173] ? lockdep_hardirqs_on+0x9c/0x150 [ 444.309347][T20173] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.309364][T20173] ? clear_bhb_loop+0x60/0xb0 [ 444.309385][T20173] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.309401][T20173] RIP: 0033:0x7f9770f8e929 [ 444.309417][T20173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 444.309432][T20173] RSP: 002b:00007f9771dba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 444.309450][T20173] RAX: ffffffffffffffda RBX: 00007f97711b5fa0 RCX: 00007f9770f8e929 [ 444.309460][T20173] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005 [ 444.309471][T20173] RBP: 00007f9771010b39 R08: 0000000000000000 R09: 0000000000000000 [ 444.309480][T20173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 444.309490][T20173] R13: 0000000000000000 R14: 00007f97711b5fa0 R15: 00007ffe7606d028 [ 444.309520][T20173] [ 444.810611][T19905] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 444.873532][T19899] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 444.934016][T19897] veth0_macvtap: entered promiscuous mode [ 445.005057][T20182] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input6 [ 445.036722][T19905] veth0_vlan: entered promiscuous mode [ 445.068024][T19897] veth1_macvtap: entered promiscuous mode [ 445.095161][T19905] veth1_vlan: entered promiscuous mode [ 445.160497][T19897] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 445.215321][T19897] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 445.225485][T19897] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.234573][T19897] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.245111][T19897] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.253978][T19897] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.341110][T19905] veth0_macvtap: entered promiscuous mode [ 445.342341][T20193] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4215'. [ 445.355176][T19899] veth0_vlan: entered promiscuous mode [ 445.361664][T20193] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4215'. [ 445.379848][T19905] veth1_macvtap: entered promiscuous mode [ 445.432131][T19899] veth1_vlan: entered promiscuous mode [ 445.500787][T19905] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 445.546779][T19905] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 445.600789][T10922] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 445.615971][T10922] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 445.626902][T19905] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.635902][T19905] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.649924][T19905] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.665247][T19905] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 445.731557][T10905] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 445.750934][T10905] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 445.812810][T19899] veth0_macvtap: entered promiscuous mode [ 445.874166][T19899] veth1_macvtap: entered promiscuous mode [ 445.933803][T10921] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 445.962893][T10921] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 446.064442][T19899] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 446.133906][T19899] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 446.165244][T10906] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 446.166041][T19899] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.197742][T10906] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 446.198959][T19899] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.225772][T19899] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.234956][T19899] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.310050][T20212] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ULvyآDUDw}zR' [ 446.335620][T20217] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4223'. [ 446.339209][T20212] CPU: 0 UID: 0 PID: 20212 Comm: syz.1.4221 Not tainted 6.16.0-rc2-syzkaller-00162-g302251f1fdfd #0 PREEMPT(full) [ 446.339234][T20212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 446.339245][T20212] Call Trace: [ 446.339253][T20212] [ 446.339261][T20212] dump_stack_lvl+0x189/0x250 [ 446.339295][T20212] ? __pfx_dump_stack_lvl+0x10/0x10 [ 446.339321][T20212] ? __pfx__printk+0x10/0x10 [ 446.339341][T20212] ? kernfs_path_from_node+0x2c/0x260 [ 446.339361][T20212] ? kernfs_path_from_node+0x2c/0x260 [ 446.339379][T20212] ? kernfs_path_from_node+0x2c/0x260 [ 446.339400][T20212] ? kernfs_path_from_node+0x22c/0x260 [ 446.339418][T20212] ? kernfs_path_from_node+0x2c/0x260 [ 446.339440][T20212] sysfs_warn_dup+0x8e/0xa0 [ 446.339459][T20212] sysfs_do_create_link_sd+0xc0/0x110 [ 446.339482][T20212] device_add_class_symlinks+0x1cf/0x240 [ 446.339505][T20212] device_add+0x475/0xb50 [ 446.339529][T20212] wiphy_register+0x199a/0x26b0 [ 446.339566][T20212] ? __pfx_wiphy_register+0x10/0x10 [ 446.339584][T20212] ? minstrel_ht_alloc+0x6dd/0x7e0 [ 446.339613][T20212] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 446.339640][T20212] ieee80211_register_hw+0x33e1/0x4120 [ 446.339682][T20212] ? ieee80211_register_hw+0x1441/0x4120 [ 446.339718][T20212] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 446.339744][T20212] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 446.339777][T20212] ? __hrtimer_setup+0x187/0x210 [ 446.339799][T20212] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 446.339823][T20212] mac80211_hwsim_new_radio+0x2f0e/0x5340 [ 446.339874][T20212] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 446.339890][T20212] ? trace_kmalloc+0x1f/0xd0 [ 446.339904][T20212] ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0 [ 446.339921][T20212] ? kstrndup+0xbf/0x160 [ 446.339952][T20212] hwsim_new_radio_nl+0xea4/0x1b10 [ 446.339973][T20212] ? __pfx___nla_validate_parse+0x10/0x10 [ 446.340012][T20212] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 446.340045][T20212] ? __nla_parse+0x40/0x60 [ 446.340071][T20212] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 446.340104][T20212] genl_family_rcv_msg_doit+0x212/0x300 [ 446.340135][T20212] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 446.340173][T20212] ? bpf_lsm_capable+0x9/0x20 [ 446.340189][T20212] ? security_capable+0x7e/0x2e0 [ 446.340217][T20212] genl_rcv_msg+0x60e/0x790 [ 446.340247][T20212] ? __pfx_genl_rcv_msg+0x10/0x10 [ 446.340269][T20212] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 446.340303][T20212] netlink_rcv_skb+0x205/0x470 [ 446.340324][T20212] ? __pfx_genl_rcv_msg+0x10/0x10 [ 446.340349][T20212] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 446.340388][T20212] ? down_read+0x1ad/0x2e0 [ 446.340408][T20212] genl_rcv+0x28/0x40 [ 446.340429][T20212] netlink_unicast+0x758/0x8d0 [ 446.340475][T20212] netlink_sendmsg+0x805/0xb30 [ 446.340507][T20212] ? __pfx_netlink_sendmsg+0x10/0x10 [ 446.340531][T20212] ? aa_sock_msg_perm+0x94/0x160 [ 446.340554][T20212] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 446.340575][T20212] ? __pfx_netlink_sendmsg+0x10/0x10 [ 446.340597][T20212] __sock_sendmsg+0x219/0x270 [ 446.340626][T20212] ____sys_sendmsg+0x505/0x830 [ 446.340654][T20212] ? __pfx_____sys_sendmsg+0x10/0x10 [ 446.340685][T20212] ? import_iovec+0x74/0xa0 [ 446.340706][T20212] ___sys_sendmsg+0x21f/0x2a0 [ 446.340740][T20212] ? __pfx____sys_sendmsg+0x10/0x10 [ 446.340803][T20212] ? __fget_files+0x2a/0x420 [ 446.340821][T20212] ? __fget_files+0x3a0/0x420 [ 446.340852][T20212] __x64_sys_sendmsg+0x19b/0x260 [ 446.340877][T20212] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 446.340911][T20212] ? rcu_is_watching+0x15/0xb0 [ 446.340941][T20212] ? do_syscall_64+0xbe/0x3b0 [ 446.340962][T20212] do_syscall_64+0xfa/0x3b0 [ 446.340976][T20212] ? lockdep_hardirqs_on+0x9c/0x150 [ 446.340999][T20212] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 446.341016][T20212] ? clear_bhb_loop+0x60/0xb0 [ 446.341037][T20212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 446.341053][T20212] RIP: 0033:0x7f9770f8e929 [ 446.341070][T20212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 446.341085][T20212] RSP: 002b:00007f9771dba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 446.341103][T20212] RAX: ffffffffffffffda RBX: 00007f97711b5fa0 RCX: 00007f9770f8e929 [ 446.341116][T20212] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005 [ 446.341128][T20212] RBP: 00007f9771010b39 R08: 0000000000000000 R09: 0000000000000000 [ 446.341139][T20212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 446.341150][T20212] R13: 0000000000000000 R14: 00007f97711b5fa0 R15: 00007ffe7606d028 [ 446.341182][T20212] [ 447.062881][T10922] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 447.219467][T10922] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 447.239838][T10918] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 447.262966][T10918] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 447.300120][T10917] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 447.308199][T10917] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 447.342285][T10922] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 447.582780][T10922] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 447.839650][T20233] FAULT_INJECTION: forcing a failure. [ 447.839650][T20233] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 447.858018][T10922] bridge_slave_1: left allmulticast mode [ 447.865026][T10922] bridge_slave_1: left promiscuous mode [ 447.886856][T10922] bridge0: port 2(bridge_slave_1) entered disabled state [ 447.888290][T20233] CPU: 1 UID: 0 PID: 20233 Comm: syz.4.4228 Not tainted 6.16.0-rc2-syzkaller-00162-g302251f1fdfd #0 PREEMPT(full) [ 447.888314][T20233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 447.888335][T20233] Call Trace: [ 447.888342][T20233] [ 447.888349][T20233] dump_stack_lvl+0x189/0x250 [ 447.888379][T20233] ? __pfx____ratelimit+0x10/0x10 [ 447.888402][T20233] ? __pfx_dump_stack_lvl+0x10/0x10 [ 447.888424][T20233] ? __pfx__printk+0x10/0x10 [ 447.888442][T20233] ? __might_fault+0xb0/0x130 [ 447.888470][T20233] should_fail_ex+0x414/0x560 [ 447.888495][T20233] _copy_from_iter+0x1db/0x16f0 [ 447.888521][T20233] ? rcu_is_watching+0x15/0xb0 [ 447.888546][T20233] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 447.888565][T20233] ? __pfx__copy_from_iter+0x10/0x10 [ 447.888588][T20233] ? __build_skb_around+0x257/0x3e0 [ 447.888611][T20233] ? netlink_sendmsg+0x642/0xb30 [ 447.888628][T20233] ? skb_put+0x11b/0x210 [ 447.888650][T20233] netlink_sendmsg+0x6b2/0xb30 [ 447.888678][T20233] ? __pfx_netlink_sendmsg+0x10/0x10 [ 447.888700][T20233] ? aa_sock_msg_perm+0x94/0x160 [ 447.888722][T20233] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 447.888742][T20233] ? __pfx_netlink_sendmsg+0x10/0x10 [ 447.888761][T20233] __sock_sendmsg+0x219/0x270 [ 447.888788][T20233] ____sys_sendmsg+0x505/0x830 [ 447.888813][T20233] ? __pfx_____sys_sendmsg+0x10/0x10 [ 447.888842][T20233] ? import_iovec+0x74/0xa0 [ 447.888862][T20233] ___sys_sendmsg+0x21f/0x2a0 [ 447.888884][T20233] ? __pfx____sys_sendmsg+0x10/0x10 [ 447.888938][T20233] ? __fget_files+0x2a/0x420 [ 447.888955][T20233] ? __fget_files+0x3a0/0x420 [ 447.888983][T20233] __x64_sys_sendmsg+0x19b/0x260 [ 447.889005][T20233] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 447.889034][T20233] ? __pfx_ksys_write+0x10/0x10 [ 447.889047][T20233] ? rcu_is_watching+0x15/0xb0 [ 447.889074][T20233] ? do_syscall_64+0xbe/0x3b0 [ 447.889093][T20233] do_syscall_64+0xfa/0x3b0 [ 447.889107][T20233] ? lockdep_hardirqs_on+0x9c/0x150 [ 447.889127][T20233] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.889143][T20233] ? clear_bhb_loop+0x60/0xb0 [ 447.889162][T20233] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 447.889177][T20233] RIP: 0033:0x7fcd78d8e929 [ 447.889193][T20233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 447.889206][T20233] RSP: 002b:00007fcd79c44038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 447.889224][T20233] RAX: ffffffffffffffda RBX: 00007fcd78fb5fa0 RCX: 00007fcd78d8e929 [ 447.889236][T20233] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 447.889247][T20233] RBP: 00007fcd79c44090 R08: 0000000000000000 R09: 0000000000000000 [ 447.889256][T20233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 447.889266][T20233] R13: 0000000000000000 R14: 00007fcd78fb5fa0 R15: 00007ffc7e8db348 [ 447.889293][T20233] [ 448.354434][ T5847] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 448.364447][ T5847] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 448.373585][ T5847] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 448.384197][ T5847] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 448.392249][ T5847] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 448.432425][T10922] bridge_slave_0: left allmulticast mode [ 448.445954][T10922] bridge_slave_0: left promiscuous mode [ 448.458094][T10922] bridge0: port 1(bridge_slave_0) entered disabled state [ 448.488134][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 448.497850][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 448.506384][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 448.515771][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 448.525746][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 448.847978][T10922] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 448.861029][T10922] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 448.871977][T10922] bond0 (unregistering): Released all slaves [ 449.242055][T20241] team_slave_0 (unregistering): left promiscuous mode [ 449.255767][T20241] team_slave_0 (unregistering): left allmulticast mode [ 449.276049][T20241] team0: Port device team_slave_0 removed [ 449.321045][T20243] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4230'. [ 449.456899][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 449.465967][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 449.475104][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 449.486870][T20250] ipvlan0: entered promiscuous mode [ 449.494162][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 449.502537][T20250] ipvlan0: entered allmulticast mode [ 449.508853][ T5842] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 449.597221][T10922] hsr_slave_0: left promiscuous mode [ 449.604640][T10922] hsr_slave_1: left promiscuous mode [ 449.611649][T10922] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 449.619341][T10922] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 449.627076][T10922] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 449.634795][T10922] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 449.661133][T10922] veth1_macvtap: left promiscuous mode [ 449.666646][T10922] veth0_macvtap: left promiscuous mode [ 449.672394][T10922] veth1_vlan: left promiscuous mode [ 449.678158][T10922] veth0_vlan: left promiscuous mode [ 450.124535][T10922] team0 (unregistering): Port device team_slave_1 removed [ 450.175021][T10922] team0 (unregistering): Port device team_slave_0 removed [ 450.438402][ T5847] Bluetooth: hci0: command tx timeout [ 450.597902][ T5847] Bluetooth: hci1: command tx timeout [ 450.793530][T20252] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4232'. [ 450.803622][T20253] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4232'. [ 451.072015][T20235] chnl_net:caif_netlink_parms(): no params data found [ 451.294114][T20237] chnl_net:caif_netlink_parms(): no params data found [ 451.494061][T20235] bridge0: port 1(bridge_slave_0) entered blocking state [ 451.510594][T20235] bridge0: port 1(bridge_slave_0) entered disabled state [ 451.524821][T20235] bridge_slave_0: entered allmulticast mode [ 451.536783][T20235] bridge_slave_0: entered promiscuous mode [ 451.559030][ T5847] Bluetooth: hci3: command tx timeout [ 451.634715][T20235] bridge0: port 2(bridge_slave_1) entered blocking state [ 451.645151][T20235] bridge0: port 2(bridge_slave_1) entered disabled state [ 451.654282][T20235] bridge_slave_1: entered allmulticast mode [ 451.662330][T20235] bridge_slave_1: entered promiscuous mode [ 451.708793][T20284] FAULT_INJECTION: forcing a failure. [ 451.708793][T20284] name failslab, interval 1, probability 0, space 0, times 0 [ 451.729895][T20284] CPU: 0 UID: 0 PID: 20284 Comm: syz.1.4239 Not tainted 6.16.0-rc2-syzkaller-00162-g302251f1fdfd #0 PREEMPT(full) [ 451.729920][T20284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 451.729931][T20284] Call Trace: [ 451.729938][T20284] [ 451.729945][T20284] dump_stack_lvl+0x189/0x250 [ 451.729974][T20284] ? __pfx____ratelimit+0x10/0x10 [ 451.729997][T20284] ? __pfx_dump_stack_lvl+0x10/0x10 [ 451.730021][T20284] ? __pfx__printk+0x10/0x10 [ 451.730042][T20284] ? __pfx___might_resched+0x10/0x10 [ 451.730065][T20284] ? fs_reclaim_acquire+0x7d/0x100 [ 451.730088][T20284] should_fail_ex+0x414/0x560 [ 451.730115][T20284] should_failslab+0xa8/0x100 [ 451.730134][T20284] __kmalloc_noprof+0xcb/0x4f0 [ 451.730150][T20284] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 451.730179][T20284] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 451.730209][T20284] genl_family_rcv_msg_doit+0xb8/0x300 [ 451.730239][T20284] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 451.730263][T20284] ? rcu_is_watching+0x15/0xb0 [ 451.730288][T20284] ? apparmor_capable+0x137/0x1b0 [ 451.730307][T20284] ? bpf_lsm_capable+0x9/0x20 [ 451.730322][T20284] ? security_capable+0x7e/0x2e0 [ 451.730349][T20284] genl_rcv_msg+0x60e/0x790 [ 451.730389][T20284] ? __pfx_genl_rcv_msg+0x10/0x10 [ 451.730410][T20284] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 451.730444][T20284] netlink_rcv_skb+0x205/0x470 [ 451.730464][T20284] ? __pfx_genl_rcv_msg+0x10/0x10 [ 451.730488][T20284] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 451.730527][T20284] ? down_read+0x1ad/0x2e0 [ 451.730547][T20284] genl_rcv+0x28/0x40 [ 451.730567][T20284] netlink_unicast+0x758/0x8d0 [ 451.730597][T20284] netlink_sendmsg+0x805/0xb30 [ 451.730627][T20284] ? __pfx_netlink_sendmsg+0x10/0x10 [ 451.730650][T20284] ? aa_sock_msg_perm+0x94/0x160 [ 451.730673][T20284] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 451.730692][T20284] ? __pfx_netlink_sendmsg+0x10/0x10 [ 451.730712][T20284] __sock_sendmsg+0x219/0x270 [ 451.730740][T20284] ____sys_sendmsg+0x505/0x830 [ 451.730766][T20284] ? __pfx_____sys_sendmsg+0x10/0x10 [ 451.730797][T20284] ? import_iovec+0x74/0xa0 [ 451.730818][T20284] ___sys_sendmsg+0x21f/0x2a0 [ 451.730841][T20284] ? __pfx____sys_sendmsg+0x10/0x10 [ 451.730902][T20284] ? __fget_files+0x2a/0x420 [ 451.730919][T20284] ? __fget_files+0x3a0/0x420 [ 451.730948][T20284] __x64_sys_sendmsg+0x19b/0x260 [ 451.730971][T20284] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 451.731001][T20284] ? __pfx_ksys_write+0x10/0x10 [ 451.731014][T20284] ? rcu_is_watching+0x15/0xb0 [ 451.731042][T20284] ? do_syscall_64+0xbe/0x3b0 [ 451.731062][T20284] do_syscall_64+0xfa/0x3b0 [ 451.731076][T20284] ? lockdep_hardirqs_on+0x9c/0x150 [ 451.731098][T20284] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.731114][T20284] ? clear_bhb_loop+0x60/0xb0 [ 451.731134][T20284] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.731151][T20284] RIP: 0033:0x7f9770f8e929 [ 451.731166][T20284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.731181][T20284] RSP: 002b:00007f9771dba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 451.731199][T20284] RAX: ffffffffffffffda RBX: 00007f97711b5fa0 RCX: 00007f9770f8e929 [ 451.731212][T20284] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 451.731222][T20284] RBP: 00007f9771dba090 R08: 0000000000000000 R09: 0000000000000000 [ 451.731233][T20284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 451.731244][T20284] R13: 0000000000000000 R14: 00007f97711b5fa0 R15: 00007ffe7606d028 [ 451.731273][T20284] [ 452.106348][T20286] netlink: 256 bytes leftover after parsing attributes in process `syz.4.4240'. [ 452.141129][T20288] netlink: 'syz.1.4241': attribute type 11 has an invalid length. [ 452.163903][T20237] bridge0: port 1(bridge_slave_0) entered blocking state [ 452.171211][T20237] bridge0: port 1(bridge_slave_0) entered disabled state [ 452.181947][T20237] bridge_slave_0: entered allmulticast mode [ 452.190122][T20237] bridge_slave_0: entered promiscuous mode [ 452.213692][T20235] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 452.232034][T20235] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 452.262517][T20237] bridge0: port 2(bridge_slave_1) entered blocking state [ 452.270781][T20237] bridge0: port 2(bridge_slave_1) entered disabled state [ 452.278274][T20237] bridge_slave_1: entered allmulticast mode [ 452.286036][T20237] bridge_slave_1: entered promiscuous mode [ 452.342344][T20247] chnl_net:caif_netlink_parms(): no params data found [ 452.417812][T20235] team0: Port device team_slave_0 added [ 452.427101][T20237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 452.441313][T20237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 452.535831][ T5847] Bluetooth: hci0: command tx timeout [ 452.562243][T10922] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.586011][T20235] team0: Port device team_slave_1 added [ 452.679764][ T5847] Bluetooth: hci1: command tx timeout [ 452.813374][T20237] team0: Port device team_slave_0 added [ 452.859411][T10922] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.877078][T20247] bridge0: port 1(bridge_slave_0) entered blocking state [ 452.888745][T20247] bridge0: port 1(bridge_slave_0) entered disabled state [ 452.895965][T20247] bridge_slave_0: entered allmulticast mode [ 452.915361][T20247] bridge_slave_0: entered promiscuous mode [ 452.924445][T20235] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 452.932918][T20235] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 452.959596][T20235] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 452.973303][T20237] team0: Port device team_slave_1 added [ 452.999758][T10922] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.015456][T20247] bridge0: port 2(bridge_slave_1) entered blocking state [ 453.026929][T20247] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.043807][T20247] bridge_slave_1: entered allmulticast mode [ 453.055177][T20247] bridge_slave_1: entered promiscuous mode [ 453.069981][T20235] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 453.078304][T20235] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 453.106712][T20235] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 453.176134][T10922] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.281705][T20247] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 453.300073][T20237] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 453.307833][T20237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 453.319184][T20327] FAULT_INJECTION: forcing a failure. [ 453.319184][T20327] name failslab, interval 1, probability 0, space 0, times 0 [ 453.334701][T20237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 453.361576][T20247] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 453.370934][T20327] CPU: 0 UID: 0 PID: 20327 Comm: syz.4.4252 Not tainted 6.16.0-rc2-syzkaller-00162-g302251f1fdfd #0 PREEMPT(full) [ 453.370957][T20327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 453.370965][T20327] Call Trace: [ 453.370972][T20327] [ 453.370980][T20327] dump_stack_lvl+0x189/0x250 [ 453.371007][T20327] ? __pfx____ratelimit+0x10/0x10 [ 453.371029][T20327] ? __pfx_dump_stack_lvl+0x10/0x10 [ 453.371049][T20327] ? __pfx__printk+0x10/0x10 [ 453.371067][T20327] ? __pfx___might_resched+0x10/0x10 [ 453.371089][T20327] ? fs_reclaim_acquire+0x7d/0x100 [ 453.371112][T20327] should_fail_ex+0x414/0x560 [ 453.371138][T20327] should_failslab+0xa8/0x100 [ 453.371158][T20327] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 453.371175][T20327] ? hwsim_new_radio_nl+0xd1e/0x1b10 [ 453.371199][T20327] kstrndup+0x80/0x160 [ 453.371221][T20327] hwsim_new_radio_nl+0xd1e/0x1b10 [ 453.371250][T20327] ? __pfx___nla_validate_parse+0x10/0x10 [ 453.371288][T20327] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 453.371319][T20327] ? __nla_parse+0x40/0x60 [ 453.371346][T20327] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 453.371377][T20327] genl_family_rcv_msg_doit+0x212/0x300 [ 453.371408][T20327] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 453.371445][T20327] ? bpf_lsm_capable+0x9/0x20 [ 453.371459][T20327] ? security_capable+0x7e/0x2e0 [ 453.371486][T20327] genl_rcv_msg+0x60e/0x790 [ 453.371514][T20327] ? __pfx_genl_rcv_msg+0x10/0x10 [ 453.371536][T20327] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 453.371569][T20327] netlink_rcv_skb+0x205/0x470 [ 453.371589][T20327] ? __pfx_genl_rcv_msg+0x10/0x10 [ 453.371613][T20327] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 453.371651][T20327] ? down_read+0x1ad/0x2e0 [ 453.371671][T20327] genl_rcv+0x28/0x40 [ 453.371691][T20327] netlink_unicast+0x758/0x8d0 [ 453.371721][T20327] netlink_sendmsg+0x805/0xb30 [ 453.371750][T20327] ? __pfx_netlink_sendmsg+0x10/0x10 [ 453.371774][T20327] ? aa_sock_msg_perm+0x94/0x160 [ 453.371796][T20327] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 453.371816][T20327] ? __pfx_netlink_sendmsg+0x10/0x10 [ 453.371835][T20327] __sock_sendmsg+0x219/0x270 [ 453.371863][T20327] ____sys_sendmsg+0x505/0x830 [ 453.371890][T20327] ? __pfx_____sys_sendmsg+0x10/0x10 [ 453.371918][T20327] ? import_iovec+0x74/0xa0 [ 453.371939][T20327] ___sys_sendmsg+0x21f/0x2a0 [ 453.371962][T20327] ? __pfx____sys_sendmsg+0x10/0x10 [ 453.372020][T20327] ? __fget_files+0x2a/0x420 [ 453.372038][T20327] ? __fget_files+0x3a0/0x420 [ 453.372065][T20327] __x64_sys_sendmsg+0x19b/0x260 [ 453.372088][T20327] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 453.372119][T20327] ? __pfx_ksys_write+0x10/0x10 [ 453.372132][T20327] ? rcu_is_watching+0x15/0xb0 [ 453.372161][T20327] ? do_syscall_64+0xbe/0x3b0 [ 453.372181][T20327] do_syscall_64+0xfa/0x3b0 [ 453.372196][T20327] ? lockdep_hardirqs_on+0x9c/0x150 [ 453.372217][T20327] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.372240][T20327] ? clear_bhb_loop+0x60/0xb0 [ 453.372260][T20327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.372276][T20327] RIP: 0033:0x7fcd78d8e929 [ 453.372292][T20327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 453.372306][T20327] RSP: 002b:00007fcd79c44038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 453.372324][T20327] RAX: ffffffffffffffda RBX: 00007fcd78fb5fa0 RCX: 00007fcd78d8e929 [ 453.372336][T20327] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004 [ 453.372347][T20327] RBP: 00007fcd79c44090 R08: 0000000000000000 R09: 0000000000000000 [ 453.372358][T20327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 453.372368][T20327] R13: 0000000000000000 R14: 00007fcd78fb5fa0 R15: 00007ffc7e8db348 [ 453.372393][T20327] [ 453.767798][ T5847] Bluetooth: hci3: command tx timeout [ 453.853204][T20237] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 453.864909][T20237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 453.902759][T20237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 453.988596][T20235] hsr_slave_0: entered promiscuous mode [ 453.995237][T20235] hsr_slave_1: entered promiscuous mode [ 454.001971][T20235] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 454.010783][T20235] Cannot create hsr debugfs directory [ 454.092410][T20247] team0: Port device team_slave_0 added [ 454.101322][T20247] team0: Port device team_slave_1 added [ 454.154505][T20237] hsr_slave_0: entered promiscuous mode [ 454.164840][T20237] hsr_slave_1: entered promiscuous mode [ 454.179077][T20237] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 454.186665][T20237] Cannot create hsr debugfs directory [ 454.276108][T20247] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 454.283800][T20247] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 454.310075][T20247] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 454.399695][T20354] netlink: 'syz.1.4258': attribute type 1 has an invalid length. [ 454.411452][T20247] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 454.419757][T20247] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 454.427935][T20354] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.4258'. [ 454.445933][T20247] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 454.495389][T20349] syzkaller1: entered promiscuous mode [ 454.501300][T20349] syzkaller1: entered allmulticast mode [ 454.600903][ T5847] Bluetooth: hci0: command tx timeout [ 454.654957][T20362] xt_CT: You must specify a L4 protocol and not use inversions on it [ 454.665171][T20362] netlink: 'syz.1.4261': attribute type 10 has an invalid length. [ 454.676536][T20247] hsr_slave_0: entered promiscuous mode [ 454.684356][T20247] hsr_slave_1: entered promiscuous mode [ 454.691110][T20247] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 454.699289][T20247] Cannot create hsr debugfs directory [ 454.755052][T20362] bridge0: port 3(team0) entered blocking state [ 454.764808][T20362] bridge0: port 3(team0) entered disabled state [ 454.776080][ T5847] Bluetooth: hci1: command tx timeout [ 454.778117][T20362] team0: entered allmulticast mode [ 454.786982][T20362] team_slave_1: entered allmulticast mode [ 454.805928][T20362] team0: entered promiscuous mode [ 454.823253][T20362] team_slave_1: entered promiscuous mode [ 454.897356][T20372] sock: sock_timestamping_bind_phc: sock not bind to device [ 455.014841][T10922] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.170719][T10922] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.198236][T20380] team0: Device gtp0 is of different type [ 455.313725][T10922] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.411756][T10922] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.487359][T20387] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4267'. [ 455.727298][T20396] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4270'. [ 455.751839][T10922] bridge_slave_1: left allmulticast mode [ 455.760981][T10922] bridge_slave_1: left promiscuous mode [ 455.766762][T10922] bridge0: port 2(bridge_slave_1) entered disabled state [ 455.780100][T10922] bridge_slave_0: left allmulticast mode [ 455.798386][ T5847] Bluetooth: hci3: command tx timeout [ 455.804075][T10922] bridge_slave_0: left promiscuous mode [ 455.810276][T10922] bridge0: port 1(bridge_slave_0) entered disabled state [ 455.845888][T10922] bridge_slave_1: left allmulticast mode [ 455.852970][T10922] bridge_slave_1: left promiscuous mode [ 455.858992][T10922] bridge0: port 2(bridge_slave_1) entered disabled state [ 455.891597][T10922] bridge_slave_0: left allmulticast mode [ 455.897291][T10922] bridge_slave_0: left promiscuous mode [ 455.903570][T10922] bridge0: port 1(bridge_slave_0) entered disabled state [ 455.933801][T20408] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 456.453945][T10922] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 456.466425][T10922] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 456.477040][T10922] bond0 (unregistering): Released all slaves [ 456.679419][ T5847] Bluetooth: hci0: command tx timeout [ 456.776561][T10922] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 456.788578][T10922] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 456.799567][T10922] bond0 (unregistering): Released all slaves [ 456.839457][ T5847] Bluetooth: hci1: command tx timeout [ 457.065199][T20429] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 457.221061][T20434] tipc: Resetting bearer [ 457.465430][T20436] netlink: 'syz.1.4282': attribute type 18 has an invalid length. [ 457.514677][T20436] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 457.523745][T20436] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 457.532798][T20436] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 457.541916][T20436] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 457.632661][T10922] hsr_slave_0: left promiscuous mode [ 457.654350][T10922] hsr_slave_1: left promiscuous mode [ 457.665698][T10922] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 457.673694][T10922] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 457.682562][T10922] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 457.690439][T10922] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 457.717822][T10922] hsr_slave_0: left promiscuous mode [ 457.729074][T10922] hsr_slave_1: left promiscuous mode [ 457.735089][T10922] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 457.750169][T20444] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4286'. [ 457.752461][T10922] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 457.767789][T10922] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 457.775342][T10922] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 457.825671][T10922] veth1_macvtap: left promiscuous mode [ 457.831722][T10922] veth0_macvtap: left promiscuous mode [ 457.837742][T10922] veth1_vlan: left promiscuous mode [ 457.843202][T10922] veth0_vlan: left promiscuous mode [ 457.878060][ T5847] Bluetooth: hci3: command tx timeout [ 458.003207][T10922] veth1_macvtap: left promiscuous mode [ 458.015507][T10922] veth0_macvtap: left promiscuous mode [ 458.022129][T10922] veth1_vlan: left promiscuous mode [ 458.027726][T10922] veth0_vlan: left promiscuous mode [ 458.575995][T10922] team0 (unregistering): Port device team_slave_1 removed [ 458.624480][T10922] team0 (unregistering): Port device team_slave_0 removed [ 459.355414][T10922] team0 (unregistering): Port device team_slave_1 removed [ 459.395085][T10922] team0 (unregistering): Port device team_slave_0 removed [ 459.985702][T20454] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4287'. [ 460.126308][T20461] : renamed from veth0_vlan (while UP) [ 460.341544][T20471] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 460.651613][T20235] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 460.663569][T20235] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 460.692281][T20235] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 460.737362][T20235] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 460.887307][T20237] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 460.925653][T20237] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 460.959405][T20237] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 460.976666][T20237] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 461.075155][T20247] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 461.086232][T20247] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 461.110290][T20247] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 461.133225][T20247] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 461.221587][T20235] 8021q: adding VLAN 0 to HW filter on device bond0 [ 461.306363][T20235] 8021q: adding VLAN 0 to HW filter on device team0 [ 461.360341][T10901] bridge0: port 1(bridge_slave_0) entered blocking state [ 461.367538][T10901] bridge0: port 1(bridge_slave_0) entered forwarding state [ 461.416792][T10917] bridge0: port 2(bridge_slave_1) entered blocking state [ 461.423962][T10917] bridge0: port 2(bridge_slave_1) entered forwarding state [ 461.468343][T20237] 8021q: adding VLAN 0 to HW filter on device bond0 [ 461.520606][T20237] 8021q: adding VLAN 0 to HW filter on device team0 [ 461.578739][T10918] bridge0: port 1(bridge_slave_0) entered blocking state [ 461.585943][T10918] bridge0: port 1(bridge_slave_0) entered forwarding state [ 461.632813][T20247] 8021q: adding VLAN 0 to HW filter on device bond0 [ 461.656085][T20247] 8021q: adding VLAN 0 to HW filter on device team0 [ 461.707102][T10905] bridge0: port 2(bridge_slave_1) entered blocking state [ 461.714305][T10905] bridge0: port 2(bridge_slave_1) entered forwarding state [ 461.778945][T10905] bridge0: port 1(bridge_slave_0) entered blocking state [ 461.786128][T10905] bridge0: port 1(bridge_slave_0) entered forwarding state [ 461.829954][T10917] bridge0: port 2(bridge_slave_1) entered blocking state [ 461.837120][T10917] bridge0: port 2(bridge_slave_1) entered forwarding state [ 461.890700][T20237] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 461.914378][T20529] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4305'. [ 461.925916][T20237] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 461.948240][T20529] netlink: 'syz.4.4305': attribute type 5 has an invalid length. [ 462.012679][T20529] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4305'. [ 462.046173][T20532] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 462.057382][T20529] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 462.107909][T20529] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 462.116569][T20529] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 462.157596][T20529] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 462.166345][T20529] geneve3: entered promiscuous mode [ 462.182001][T20529] geneve3: entered allmulticast mode [ 462.211772][T20537] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4306'. [ 462.266655][T20235] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 462.404391][T20235] veth0_vlan: entered promiscuous mode [ 462.469193][T20235] veth1_vlan: entered promiscuous mode [ 462.609520][T20237] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 462.647011][T20235] veth0_macvtap: entered promiscuous mode [ 462.693806][T20235] veth1_macvtap: entered promiscuous mode [ 462.727892][T20557] FAULT_INJECTION: forcing a failure. [ 462.727892][T20557] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 462.741154][T20557] CPU: 0 UID: 0 PID: 20557 Comm: syz.4.4310 Not tainted 6.16.0-rc2-syzkaller-00162-g302251f1fdfd #0 PREEMPT(full) [ 462.741179][T20557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 462.741188][T20557] Call Trace: [ 462.741196][T20557] [ 462.741203][T20557] dump_stack_lvl+0x189/0x250 [ 462.741231][T20557] ? __pfx____ratelimit+0x10/0x10 [ 462.741254][T20557] ? __pfx_dump_stack_lvl+0x10/0x10 [ 462.741276][T20557] ? __pfx__printk+0x10/0x10 [ 462.741295][T20557] ? __might_fault+0xb0/0x130 [ 462.741321][T20557] should_fail_ex+0x414/0x560 [ 462.741344][T20557] _copy_to_iter+0x1db/0x16f0 [ 462.741366][T20557] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 462.741387][T20557] ? lockdep_hardirqs_on+0x9c/0x150 [ 462.741409][T20557] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 462.741429][T20557] ? __pfx__copy_to_iter+0x10/0x10 [ 462.741447][T20557] ? __skb_try_recv_from_queue+0x2b2/0x730 [ 462.741474][T20557] ? __skb_try_recv_datagram+0x3da/0x4e0 [ 462.741500][T20557] __skb_datagram_iter+0xf8/0x990 [ 462.741521][T20557] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 462.741548][T20557] skb_copy_datagram_iter+0xc5/0x230 [ 462.741572][T20557] netlink_recvmsg+0x2ab/0xa30 [ 462.741606][T20557] ? __pfx_netlink_recvmsg+0x10/0x10 [ 462.741628][T20557] ? aa_sock_msg_perm+0x94/0x160 [ 462.741651][T20557] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 462.741669][T20557] ? security_socket_recvmsg+0x7e/0x2e0 [ 462.741692][T20557] ? __pfx_netlink_recvmsg+0x10/0x10 [ 462.741712][T20557] sock_recvmsg+0x229/0x270 [ 462.741736][T20557] __sys_recvfrom+0x1f6/0x340 [ 462.741756][T20557] ? __pfx___sys_recvfrom+0x10/0x10 [ 462.741771][T20557] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 462.741797][T20557] ? __fget_files+0x3a0/0x420 [ 462.741825][T20557] ? ksys_write+0x22a/0x250 [ 462.741843][T20557] ? __pfx_ksys_write+0x10/0x10 [ 462.741856][T20557] ? rcu_is_watching+0x15/0xb0 [ 462.741883][T20557] __x64_sys_recvfrom+0xde/0x100 [ 462.741903][T20557] do_syscall_64+0xfa/0x3b0 [ 462.741918][T20557] ? lockdep_hardirqs_on+0x9c/0x150 [ 462.741939][T20557] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.741955][T20557] ? clear_bhb_loop+0x60/0xb0 [ 462.741975][T20557] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.741989][T20557] RIP: 0033:0x7fcd78d906f4 [ 462.742005][T20557] Code: 89 4c 24 1c e8 ed 5f 02 00 44 8b 54 24 1c 8b 3c 24 45 31 c9 89 c5 48 8b 54 24 10 48 8b 74 24 08 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 04 24 e8 39 60 02 00 48 8b 04 [ 462.742018][T20557] RSP: 002b:00007fcd79c42ed0 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 462.742037][T20557] RAX: ffffffffffffffda RBX: 00007fcd79c42fc0 RCX: 00007fcd78d906f4 [ 462.742048][T20557] RDX: 0000000000001000 RSI: 00007fcd79c43010 RDI: 0000000000000004 [ 462.742059][T20557] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 462.742069][T20557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 462.742079][T20557] R13: 00007fcd79c42f68 R14: 00007fcd79c43010 R15: 0000000000000000 [ 462.742106][T20557] [ 462.795400][T20235] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 463.133370][T20235] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 463.170732][T20569] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0001 with DS=0x2 [ 463.220738][T20235] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.238646][T20235] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.268620][T20235] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.277371][T20235] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 463.420850][T20579] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4313'. [ 463.432565][T20579] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4313'. [ 463.442385][T20579] netlink: 'syz.1.4313': attribute type 11 has an invalid length. [ 463.474252][T20575] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 463.489864][T20575] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 463.521610][T20247] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 463.536780][T20237] veth0_vlan: entered promiscuous mode [ 463.624908][T20581] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4314'. [ 463.637377][T20237] veth1_vlan: entered promiscuous mode [ 463.754571][T20237] veth0_macvtap: entered promiscuous mode [ 463.774100][T10905] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 463.789227][T10905] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 463.799489][T20247] veth0_vlan: entered promiscuous mode [ 463.831651][T20237] veth1_macvtap: entered promiscuous mode [ 463.856553][T20247] veth1_vlan: entered promiscuous mode [ 463.872958][T10905] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 463.891900][T10905] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 463.940508][T20237] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 463.992821][T20237] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 464.031008][T20237] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.060584][T20237] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.070032][T20237] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.078889][T20237] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.104044][T20247] veth0_macvtap: entered promiscuous mode [ 464.188338][T20247] veth1_macvtap: entered promiscuous mode [ 464.289019][T20247] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 464.384361][T20247] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 464.522867][T10899] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.569833][T20247] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.581948][T20247] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.590791][T20247] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.601660][T20247] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.685669][T10899] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.707805][ T3009] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 464.715656][ T3009] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 464.770800][T10899] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.824899][T10917] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 464.833406][T10917] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 464.877230][T10899] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.929361][T10918] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 464.937207][T10918] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 465.012562][T10917] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 465.023572][T10917] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 465.383571][T20610] openvswitch: netlink: IPv6 tunnel dst address is zero [ 465.481222][T10899] bridge_slave_1: left allmulticast mode [ 465.497627][T10899] bridge_slave_1: left promiscuous mode [ 465.512360][T10899] bridge0: port 2(bridge_slave_1) entered disabled state [ 465.558592][T10899] bridge_slave_0: left allmulticast mode [ 465.564294][T10899] bridge_slave_0: left promiscuous mode [ 465.597023][T10899] bridge0: port 1(bridge_slave_0) entered disabled state [ 465.844586][T10899] Oops: general protection fault, probably for non-canonical address 0xdffffc001fffe000: 0000 [#1] SMP KASAN PTI [ 465.856522][T10899] KASAN: probably user-memory-access in range [0x00000000ffff0000-0x00000000ffff0007] [ 465.866079][T10899] CPU: 0 UID: 0 PID: 10899 Comm: kworker/u8:11 Not tainted 6.16.0-rc2-syzkaller-00162-g302251f1fdfd #0 PREEMPT(full) [ 465.878413][T10899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 465.888469][T10899] Workqueue: netns cleanup_net [ 465.893229][T10899] RIP: 0010:ip6_mc_clear_src+0x119/0x4e0 [ 465.898853][T10899] Code: ff ff ff e8 09 ef 41 01 89 c5 31 ff 89 c6 e8 2e e4 9b f7 85 ed 74 45 e8 e5 df 9b f7 eb 05 e8 de df 9b f7 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 e8 5d ff f7 49 8b 2c 24 49 8d 7c [ 465.918451][T10899] RSP: 0018:ffffc9001a327158 EFLAGS: 00010206 [ 465.924507][T10899] RAX: 000000001fffe000 RBX: 1ffff11006860e02 RCX: ffff88806bf63c00 [ 465.932464][T10899] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 465.940420][T10899] RBP: 0000000000000001 R08: ffffffff8fa110f7 R09: 1ffffffff1f4221e [ 465.948388][T10899] R10: dffffc0000000000 R11: fffffbfff1f4221f R12: 00000000ffff0000 [ 465.956344][T10899] R13: dffffc0000000000 R14: 0000000000000538 R15: ffff888034307010 [ 465.964311][T10899] FS: 0000000000000000(0000) GS:ffff888125c51000(0000) knlGS:0000000000000000 [ 465.973227][T10899] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 465.979797][T10899] CR2: 00007fcf785b5f40 CR3: 00000000540c6000 CR4: 00000000003526f0 [ 465.987769][T10899] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 465.995740][T10899] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 466.003787][T10899] Call Trace: [ 466.007052][T10899] [ 466.009974][T10899] __ipv6_dev_mc_dec+0x30d/0x390 [ 466.014904][T10899] __ipv6_ifa_notify+0x43d/0xac0 [ 466.019835][T10899] ? __pfx___ipv6_ifa_notify+0x10/0x10 [ 466.025282][T10899] ? __lock_acquire+0xab9/0xd20 [ 466.030124][T10899] ? __local_bh_enable_ip+0x12d/0x1c0 [ 466.035492][T10899] ? lockdep_hardirqs_on+0x9c/0x150 [ 466.040685][T10899] ? __local_bh_enable_ip+0x12d/0x1c0 [ 466.046055][T10899] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 466.051772][T10899] addrconf_ifdown+0xe69/0x1880 [ 466.056622][T10899] ? tls_dev_event+0x717/0xec0 [ 466.061368][T10899] ? __pfx_addrconf_ifdown+0x10/0x10 [ 466.066645][T10899] addrconf_notify+0x1bc/0x1010 [ 466.071484][T10899] notifier_call_chain+0x1b3/0x3e0 [ 466.076589][T10899] dev_close_many+0x29c/0x410 [ 466.081272][T10899] ? __pfx_dev_close_many+0x10/0x10 [ 466.086456][T10899] unregister_netdevice_many_notify+0x834/0x2320 [ 466.092804][T10899] ? __lock_acquire+0xab9/0xd20 [ 466.097655][T10899] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 466.104416][T10899] ? unregister_netdevice_queue+0x1b3/0x380 [ 466.110301][T10899] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 466.116537][T10899] ? net_generic+0x1e/0x240 [ 466.121029][T10899] ? net_generic+0x1e/0x240 [ 466.125525][T10899] ops_undo_list+0x3dc/0x990 [ 466.130105][T10899] ? __pfx_ops_undo_list+0x10/0x10 [ 466.135212][T10899] cleanup_net+0x4c5/0x800 [ 466.139615][T10899] ? __pfx_cleanup_net+0x10/0x10 [ 466.144545][T10899] ? _raw_spin_unlock_irq+0x23/0x50 [ 466.149737][T10899] ? process_scheduled_works+0x9ef/0x17b0 [ 466.155454][T10899] ? process_scheduled_works+0x9ef/0x17b0 [ 466.161166][T10899] process_scheduled_works+0xae1/0x17b0 [ 466.166709][T10899] ? __pfx_process_scheduled_works+0x10/0x10 [ 466.172683][T10899] worker_thread+0x8a0/0xda0 [ 466.177272][T10899] kthread+0x70e/0x8a0 [ 466.181328][T10899] ? __pfx_worker_thread+0x10/0x10 [ 466.186427][T10899] ? __pfx_kthread+0x10/0x10 [ 466.191003][T10899] ? _raw_spin_unlock_irq+0x23/0x50 [ 466.196194][T10899] ? lockdep_hardirqs_on+0x9c/0x150 [ 466.201386][T10899] ? __pfx_kthread+0x10/0x10 [ 466.205966][T10899] ret_from_fork+0x3f9/0x770 [ 466.210547][T10899] ? __pfx_ret_from_fork+0x10/0x10 [ 466.215650][T10899] ? __switch_to_asm+0x39/0x70 [ 466.220400][T10899] ? __switch_to_asm+0x33/0x70 [ 466.225146][T10899] ? __pfx_kthread+0x10/0x10 [ 466.229733][T10899] ret_from_fork_asm+0x1a/0x30 [ 466.234487][T10899] [ 466.237503][T10899] Modules linked in: [ 466.243391][T10899] ---[ end trace 0000000000000000 ]--- [ 466.258032][T10899] RIP: 0010:ip6_mc_clear_src+0x119/0x4e0 [ 466.258508][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 466.263701][T10899] Code: ff ff ff e8 09 ef 41 01 89 c5 31 ff 89 c6 e8 2e e4 9b f7 85 ed 74 45 e8 e5 df 9b f7 eb 05 e8 de df 9b f7 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 e8 5d ff f7 49 8b 2c 24 49 8d 7c [ 466.273899][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 466.294986][T10899] RSP: 0018:ffffc9001a327158 EFLAGS: 00010206 [ 466.301158][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 466.304613][T10899] RAX: 000000001fffe000 RBX: 1ffff11006860e02 RCX: ffff88806bf63c00 [ 466.312560][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 466.322957][T10899] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 466.328161][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 466.334999][T10899] RBP: 0000000000000001 R08: ffffffff8fa110f7 R09: 1ffffffff1f4221e [ 466.350453][T10899] R10: dffffc0000000000 R11: fffffbfff1f4221f R12: 00000000ffff0000 [ 466.358937][T10899] R13: dffffc0000000000 R14: 0000000000000538 R15: ffff888034307010 [ 466.366936][T10899] FS: 0000000000000000(0000) GS:ffff888125d51000(0000) knlGS:0000000000000000 [ 466.375958][T10899] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 466.382817][T10899] CR2: 00007fcf769f6d00 CR3: 00000000771ba000 CR4: 00000000003526f0 [ 466.390835][T10899] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 466.399516][T10899] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 466.407763][T10899] Kernel panic - not syncing: Fatal exception [ 466.414072][T10899] Kernel Offset: disabled [ 466.418390][T10899] Rebooting in 86400 seconds..