last executing test programs: 1m25.984972629s ago: executing program 0 (id=631): ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'tunl0\x00', &(0x7f0000000000)={'gre0\x00', 0x0, 0x10, 0x18, 0xd, 0x1000, {{0x33, 0x4, 0x1, 0x39, 0xcc, 0x65, 0x0, 0x6, 0x4, 0x0, @remote, @remote, {[@ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x34, 0x44, 0x1, 0x9, [{@loopback}, {@rand_addr=0x64010102, 0x5}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4}, {@local, 0x3}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x3}, {@local, 0x649d}]}, @cipso={0x86, 0x5d, 0x2, [{0x2, 0xd, "000b4981e900a0c0bee4a7"}, {0x1, 0x8, "a0e6beaeff7d"}, {0x6, 0x11, "cc73d7cc2afe6f7bed733f7e7ea9b5"}, {0x6, 0x6, "e7bff799"}, {0x3, 0x3, 'b'}, {0x1, 0xb, "a1ec89e963d215aec2"}, {0x1, 0x4a, "b0d61433f8a561b662"}, {0x7, 0x12, "6cc889fdc5e001cd418cd60ae302ef86"}]}, @lsrr={0x83, 0x23, 0x2f, [@multicast1, @multicast2, @dev={0xac, 0x14, 0x14, 0x2b}, @local, @rand_addr=0x64010101, @rand_addr=0x64010100, @rand_addr=0x64010100, @loopback]}]}}}}}) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc7, 0xc7, 0xc, [@datasec={0x7, 0x5, 0x0, 0xf, 0x3, [{0x3, 0xdb, 0x9}, {0x2, 0x1, 0x3}, {0x4, 0x0, 0x4}, {0x3, 0x9, 0xfffffa36}, {0x5, 0x5, 0x4}], "868fe5"}, @volatile={0x7, 0x0, 0x0, 0x9, 0x5}, @const={0x8, 0x0, 0x0, 0xa, 0x5}, @ptr={0x5}, @typedef={0x8, 0x0, 0x0, 0x8, 0x1}, @float={0x2, 0x0, 0x0, 0x10, 0x4}, @union={0x2, 0x3, 0x0, 0x5, 0x1, 0x65d, [{0xe, 0x0, 0xfffffff9}, {0xe, 0x4, 0x1}, {0x5, 0x0, 0x300000}]}, @decl_tag={0x2, 0x0, 0x0, 0x11, 0x3, 0x9}]}, {0x0, [0x0, 0x2e, 0x5f, 0x0, 0x30, 0x30, 0x2e, 0x2e, 0x30, 0x5f]}}, &(0x7f0000000380)=""/28, 0xec, 0x1c, 0x1, 0x9, 0x0, @void, @value}, 0x28) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8953, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @broadcast}}) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x18, 0x16, &(0x7f0000000180)=ANY=[@ANYRESOCT=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', r0, @fallback=0x2b, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1m13.584157098s ago: executing program 0 (id=631): ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'tunl0\x00', &(0x7f0000000000)={'gre0\x00', 0x0, 0x10, 0x18, 0xd, 0x1000, {{0x33, 0x4, 0x1, 0x39, 0xcc, 0x65, 0x0, 0x6, 0x4, 0x0, @remote, @remote, {[@ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x34, 0x44, 0x1, 0x9, [{@loopback}, {@rand_addr=0x64010102, 0x5}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4}, {@local, 0x3}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x3}, {@local, 0x649d}]}, @cipso={0x86, 0x5d, 0x2, [{0x2, 0xd, "000b4981e900a0c0bee4a7"}, {0x1, 0x8, "a0e6beaeff7d"}, {0x6, 0x11, "cc73d7cc2afe6f7bed733f7e7ea9b5"}, {0x6, 0x6, "e7bff799"}, {0x3, 0x3, 'b'}, {0x1, 0xb, "a1ec89e963d215aec2"}, {0x1, 0x4a, "b0d61433f8a561b662"}, {0x7, 0x12, "6cc889fdc5e001cd418cd60ae302ef86"}]}, @lsrr={0x83, 0x23, 0x2f, [@multicast1, @multicast2, @dev={0xac, 0x14, 0x14, 0x2b}, @local, @rand_addr=0x64010101, @rand_addr=0x64010100, @rand_addr=0x64010100, @loopback]}]}}}}}) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc7, 0xc7, 0xc, [@datasec={0x7, 0x5, 0x0, 0xf, 0x3, [{0x3, 0xdb, 0x9}, {0x2, 0x1, 0x3}, {0x4, 0x0, 0x4}, {0x3, 0x9, 0xfffffa36}, {0x5, 0x5, 0x4}], "868fe5"}, @volatile={0x7, 0x0, 0x0, 0x9, 0x5}, @const={0x8, 0x0, 0x0, 0xa, 0x5}, @ptr={0x5}, @typedef={0x8, 0x0, 0x0, 0x8, 0x1}, @float={0x2, 0x0, 0x0, 0x10, 0x4}, @union={0x2, 0x3, 0x0, 0x5, 0x1, 0x65d, [{0xe, 0x0, 0xfffffff9}, {0xe, 0x4, 0x1}, {0x5, 0x0, 0x300000}]}, @decl_tag={0x2, 0x0, 0x0, 0x11, 0x3, 0x9}]}, {0x0, [0x0, 0x2e, 0x5f, 0x0, 0x30, 0x30, 0x2e, 0x2e, 0x30, 0x5f]}}, &(0x7f0000000380)=""/28, 0xec, 0x1c, 0x1, 0x9, 0x0, @void, @value}, 0x28) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8953, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @broadcast}}) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x18, 0x16, &(0x7f0000000180)=ANY=[@ANYRESOCT=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', r0, @fallback=0x2b, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1m2.5469872s ago: executing program 0 (id=631): ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'tunl0\x00', &(0x7f0000000000)={'gre0\x00', 0x0, 0x10, 0x18, 0xd, 0x1000, {{0x33, 0x4, 0x1, 0x39, 0xcc, 0x65, 0x0, 0x6, 0x4, 0x0, @remote, @remote, {[@ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x34, 0x44, 0x1, 0x9, [{@loopback}, {@rand_addr=0x64010102, 0x5}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4}, {@local, 0x3}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x3}, {@local, 0x649d}]}, @cipso={0x86, 0x5d, 0x2, [{0x2, 0xd, "000b4981e900a0c0bee4a7"}, {0x1, 0x8, "a0e6beaeff7d"}, {0x6, 0x11, "cc73d7cc2afe6f7bed733f7e7ea9b5"}, {0x6, 0x6, "e7bff799"}, {0x3, 0x3, 'b'}, {0x1, 0xb, "a1ec89e963d215aec2"}, {0x1, 0x4a, "b0d61433f8a561b662"}, {0x7, 0x12, "6cc889fdc5e001cd418cd60ae302ef86"}]}, @lsrr={0x83, 0x23, 0x2f, [@multicast1, @multicast2, @dev={0xac, 0x14, 0x14, 0x2b}, @local, @rand_addr=0x64010101, @rand_addr=0x64010100, @rand_addr=0x64010100, @loopback]}]}}}}}) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc7, 0xc7, 0xc, [@datasec={0x7, 0x5, 0x0, 0xf, 0x3, [{0x3, 0xdb, 0x9}, {0x2, 0x1, 0x3}, {0x4, 0x0, 0x4}, {0x3, 0x9, 0xfffffa36}, {0x5, 0x5, 0x4}], "868fe5"}, @volatile={0x7, 0x0, 0x0, 0x9, 0x5}, @const={0x8, 0x0, 0x0, 0xa, 0x5}, @ptr={0x5}, @typedef={0x8, 0x0, 0x0, 0x8, 0x1}, @float={0x2, 0x0, 0x0, 0x10, 0x4}, @union={0x2, 0x3, 0x0, 0x5, 0x1, 0x65d, [{0xe, 0x0, 0xfffffff9}, {0xe, 0x4, 0x1}, {0x5, 0x0, 0x300000}]}, @decl_tag={0x2, 0x0, 0x0, 0x11, 0x3, 0x9}]}, {0x0, [0x0, 0x2e, 0x5f, 0x0, 0x30, 0x30, 0x2e, 0x2e, 0x30, 0x5f]}}, &(0x7f0000000380)=""/28, 0xec, 0x1c, 0x1, 0x9, 0x0, @void, @value}, 0x28) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8953, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @broadcast}}) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x18, 0x16, &(0x7f0000000180)=ANY=[@ANYRESOCT=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', r0, @fallback=0x2b, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 47.696366734s ago: executing program 0 (id=631): ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'tunl0\x00', &(0x7f0000000000)={'gre0\x00', 0x0, 0x10, 0x18, 0xd, 0x1000, {{0x33, 0x4, 0x1, 0x39, 0xcc, 0x65, 0x0, 0x6, 0x4, 0x0, @remote, @remote, {[@ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x34, 0x44, 0x1, 0x9, [{@loopback}, {@rand_addr=0x64010102, 0x5}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4}, {@local, 0x3}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x3}, {@local, 0x649d}]}, @cipso={0x86, 0x5d, 0x2, [{0x2, 0xd, "000b4981e900a0c0bee4a7"}, {0x1, 0x8, "a0e6beaeff7d"}, {0x6, 0x11, "cc73d7cc2afe6f7bed733f7e7ea9b5"}, {0x6, 0x6, "e7bff799"}, {0x3, 0x3, 'b'}, {0x1, 0xb, "a1ec89e963d215aec2"}, {0x1, 0x4a, "b0d61433f8a561b662"}, {0x7, 0x12, "6cc889fdc5e001cd418cd60ae302ef86"}]}, @lsrr={0x83, 0x23, 0x2f, [@multicast1, @multicast2, @dev={0xac, 0x14, 0x14, 0x2b}, @local, @rand_addr=0x64010101, @rand_addr=0x64010100, @rand_addr=0x64010100, @loopback]}]}}}}}) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc7, 0xc7, 0xc, [@datasec={0x7, 0x5, 0x0, 0xf, 0x3, [{0x3, 0xdb, 0x9}, {0x2, 0x1, 0x3}, {0x4, 0x0, 0x4}, {0x3, 0x9, 0xfffffa36}, {0x5, 0x5, 0x4}], "868fe5"}, @volatile={0x7, 0x0, 0x0, 0x9, 0x5}, @const={0x8, 0x0, 0x0, 0xa, 0x5}, @ptr={0x5}, @typedef={0x8, 0x0, 0x0, 0x8, 0x1}, @float={0x2, 0x0, 0x0, 0x10, 0x4}, @union={0x2, 0x3, 0x0, 0x5, 0x1, 0x65d, [{0xe, 0x0, 0xfffffff9}, {0xe, 0x4, 0x1}, {0x5, 0x0, 0x300000}]}, @decl_tag={0x2, 0x0, 0x0, 0x11, 0x3, 0x9}]}, {0x0, [0x0, 0x2e, 0x5f, 0x0, 0x30, 0x30, 0x2e, 0x2e, 0x30, 0x5f]}}, &(0x7f0000000380)=""/28, 0xec, 0x1c, 0x1, 0x9, 0x0, @void, @value}, 0x28) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8953, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @broadcast}}) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x18, 0x16, &(0x7f0000000180)=ANY=[@ANYRESOCT=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', r0, @fallback=0x2b, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 33.166844594s ago: executing program 0 (id=631): ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'tunl0\x00', &(0x7f0000000000)={'gre0\x00', 0x0, 0x10, 0x18, 0xd, 0x1000, {{0x33, 0x4, 0x1, 0x39, 0xcc, 0x65, 0x0, 0x6, 0x4, 0x0, @remote, @remote, {[@ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x34, 0x44, 0x1, 0x9, [{@loopback}, {@rand_addr=0x64010102, 0x5}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4}, {@local, 0x3}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x3}, {@local, 0x649d}]}, @cipso={0x86, 0x5d, 0x2, [{0x2, 0xd, "000b4981e900a0c0bee4a7"}, {0x1, 0x8, "a0e6beaeff7d"}, {0x6, 0x11, "cc73d7cc2afe6f7bed733f7e7ea9b5"}, {0x6, 0x6, "e7bff799"}, {0x3, 0x3, 'b'}, {0x1, 0xb, "a1ec89e963d215aec2"}, {0x1, 0x4a, "b0d61433f8a561b662"}, {0x7, 0x12, "6cc889fdc5e001cd418cd60ae302ef86"}]}, @lsrr={0x83, 0x23, 0x2f, [@multicast1, @multicast2, @dev={0xac, 0x14, 0x14, 0x2b}, @local, @rand_addr=0x64010101, @rand_addr=0x64010100, @rand_addr=0x64010100, @loopback]}]}}}}}) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc7, 0xc7, 0xc, [@datasec={0x7, 0x5, 0x0, 0xf, 0x3, [{0x3, 0xdb, 0x9}, {0x2, 0x1, 0x3}, {0x4, 0x0, 0x4}, {0x3, 0x9, 0xfffffa36}, {0x5, 0x5, 0x4}], "868fe5"}, @volatile={0x7, 0x0, 0x0, 0x9, 0x5}, @const={0x8, 0x0, 0x0, 0xa, 0x5}, @ptr={0x5}, @typedef={0x8, 0x0, 0x0, 0x8, 0x1}, @float={0x2, 0x0, 0x0, 0x10, 0x4}, @union={0x2, 0x3, 0x0, 0x5, 0x1, 0x65d, [{0xe, 0x0, 0xfffffff9}, {0xe, 0x4, 0x1}, {0x5, 0x0, 0x300000}]}, @decl_tag={0x2, 0x0, 0x0, 0x11, 0x3, 0x9}]}, {0x0, [0x0, 0x2e, 0x5f, 0x0, 0x30, 0x30, 0x2e, 0x2e, 0x30, 0x5f]}}, &(0x7f0000000380)=""/28, 0xec, 0x1c, 0x1, 0x9, 0x0, @void, @value}, 0x28) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8953, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @broadcast}}) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x18, 0x16, &(0x7f0000000180)=ANY=[@ANYRESOCT=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', r0, @fallback=0x2b, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 16.760928014s ago: executing program 0 (id=631): ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'tunl0\x00', &(0x7f0000000000)={'gre0\x00', 0x0, 0x10, 0x18, 0xd, 0x1000, {{0x33, 0x4, 0x1, 0x39, 0xcc, 0x65, 0x0, 0x6, 0x4, 0x0, @remote, @remote, {[@ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0x34, 0x44, 0x1, 0x9, [{@loopback}, {@rand_addr=0x64010102, 0x5}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4}, {@local, 0x3}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x3}, {@local, 0x649d}]}, @cipso={0x86, 0x5d, 0x2, [{0x2, 0xd, "000b4981e900a0c0bee4a7"}, {0x1, 0x8, "a0e6beaeff7d"}, {0x6, 0x11, "cc73d7cc2afe6f7bed733f7e7ea9b5"}, {0x6, 0x6, "e7bff799"}, {0x3, 0x3, 'b'}, {0x1, 0xb, "a1ec89e963d215aec2"}, {0x1, 0x4a, "b0d61433f8a561b662"}, {0x7, 0x12, "6cc889fdc5e001cd418cd60ae302ef86"}]}, @lsrr={0x83, 0x23, 0x2f, [@multicast1, @multicast2, @dev={0xac, 0x14, 0x14, 0x2b}, @local, @rand_addr=0x64010101, @rand_addr=0x64010100, @rand_addr=0x64010100, @loopback]}]}}}}}) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc7, 0xc7, 0xc, [@datasec={0x7, 0x5, 0x0, 0xf, 0x3, [{0x3, 0xdb, 0x9}, {0x2, 0x1, 0x3}, {0x4, 0x0, 0x4}, {0x3, 0x9, 0xfffffa36}, {0x5, 0x5, 0x4}], "868fe5"}, @volatile={0x7, 0x0, 0x0, 0x9, 0x5}, @const={0x8, 0x0, 0x0, 0xa, 0x5}, @ptr={0x5}, @typedef={0x8, 0x0, 0x0, 0x8, 0x1}, @float={0x2, 0x0, 0x0, 0x10, 0x4}, @union={0x2, 0x3, 0x0, 0x5, 0x1, 0x65d, [{0xe, 0x0, 0xfffffff9}, {0xe, 0x4, 0x1}, {0x5, 0x0, 0x300000}]}, @decl_tag={0x2, 0x0, 0x0, 0x11, 0x3, 0x9}]}, {0x0, [0x0, 0x2e, 0x5f, 0x0, 0x30, 0x30, 0x2e, 0x2e, 0x30, 0x5f]}}, &(0x7f0000000380)=""/28, 0xec, 0x1c, 0x1, 0x9, 0x0, @void, @value}, 0x28) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8953, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @broadcast}}) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x18, 0x16, &(0x7f0000000180)=ANY=[@ANYRESOCT=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', r0, @fallback=0x2b, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 2.538906981s ago: executing program 2 (id=1695): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1300000000000000000000000000000000000000e677c3e84b7c4c251aef93ed763a1473f95b335ba485de563c41155181e5d8fe9347b8d91b06ffc5df6aa666bb5a1780682e005c3d3530fb62977e81f620ed097c3f122a3e61b31204afab457a99cb15bf63eca28273b190afca7ad901fe1686bbd15b5bb2c12f9f82314921693c235fc3a51e5ab38f10a43c731e47c496389c39acf16915792e5833300bf2289a7887ac09c907ca1a95af62b34f347f02ea8e27e4b3384f9b1ff1061838da2be017c76bc9c063501317faff63b41dadfe573519deea2bfab1ef602813b6dc78123bdfdaff8a2810290e88f7d97cad14294c5d8852b696b713", @ANYRES8=0x0, @ANYRES8, @ANYRES32=0x0, @ANYRES32, @ANYRESHEX], 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0x17, &(0x7f0000000c80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055090100000000009500000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000076000000bf91000000000000b7020000000000001400000005000000b70000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000017c0)=0x1000, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000400)="5aee41dea43e9eee28e622e563a3", 0x0, 0x103e, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.076157714s ago: executing program 2 (id=1700): socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$inet_dccp(0x2, 0x6, 0x0) socket(0x40000000015, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0x4, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000ff000000000000090000002c0000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet(0xa, 0x801, 0x84) socket$netlink(0x10, 0x3, 0x4) socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000006c0)=ANY=[@ANYBLOB="4c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="1502ffffffa100001c00128009000100766c616e000000000c000280060001000000000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x4c}, 0x1, 0xba01}, 0x0) 1.797139914s ago: executing program 1 (id=1703): socket$qrtr(0x2a, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) socket(0x2b, 0x80801, 0x1) socket$alg(0x26, 0x5, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) socket$netlink(0x10, 0x3, 0x4) socket$nl_generic(0x10, 0x3, 0x10) socket$igmp(0x2, 0x3, 0x2) socket$nl_rdma(0x10, 0x3, 0x14) socket$nl_xfrm(0x10, 0x3, 0x6) socket$netlink(0x10, 0x3, 0x4) socket$igmp(0x2, 0x3, 0x2) socket$igmp6(0xa, 0x3, 0x2) socket$xdp(0x2c, 0x3, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000180)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r1], 0x20) 1.696255111s ago: executing program 2 (id=1705): sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="800000000b0601020000000000000000030000010900020073797a300000000005"], 0x80}, 0x1, 0x0, 0x0, 0x800}, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="640000001900010000000000000000001d0109004d000f"], 0x64}}, 0x0) 1.476839956s ago: executing program 3 (id=1709): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg$inet(r0, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000003d80)=[{&(0x7f0000003ac0)="bb", 0x1}], 0x1}}], 0x1, 0x60cd894) 1.402458059s ago: executing program 1 (id=1710): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x5}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x88}}, 0x20000040) 1.39455218s ago: executing program 2 (id=1711): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x24, r1, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x20008040}, 0x4000) 1.25002505s ago: executing program 3 (id=1714): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0), &(0x7f00000001c0), 0x7ff, r1}, 0x38) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000240)=[@mask_cswp={0x58, 0x114, 0x9, {{0xa69b, 0x2001}, &(0x7f0000000180)=0x4, 0x0, 0x2, 0x100, 0x6, 0x4, 0x3a, 0x5}}], 0x58}, 0x0) 1.03075328s ago: executing program 3 (id=1717): r0 = socket(0x840000000002, 0x3, 0x100) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) getsockopt$bt_hci(r0, 0x0, 0x29, 0x0, &(0x7f0000000180)) 1.030535652s ago: executing program 1 (id=1718): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) close(r0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r3, 0x0) syz_emit_ethernet(0x36, &(0x7f00000003c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0x0, 0x0, 0x1000}}}}}}, 0x0) 754.091341ms ago: executing program 1 (id=1723): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="2400000070000100000000000200000007000000", @ANYRES32=r2, @ANYBLOB="0c0001"], 0x24}, 0x1, 0x0, 0x0, 0x4040004}, 0x0) 694.821046ms ago: executing program 3 (id=1725): bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0500000004000000080000000b00000000000000c2e7e4f10119eb045d"], 0x48) 694.660605ms ago: executing program 2 (id=1726): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000240)=@assoc_value={0x0, 0x3ac}, 0x8) 512.299885ms ago: executing program 2 (id=1729): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000900)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x0, 0x6, 0x16, 0x64, 0x0, 0x70, 0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast}, "1425"}}, 0x24) 422.639534ms ago: executing program 1 (id=1731): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@can_newroute={0x24, 0x18, 0x1, 0x70bd29, 0x0, {}, [@CGW_SRC_IF={0x8}, @CGW_DST_IF={0x8}]}, 0x24}}, 0x0) 422.517022ms ago: executing program 4 (id=1732): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="0700a3fcf070d1ff"], 0xffdd) 416.346628ms ago: executing program 3 (id=1733): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00"/13], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) sendmsg$nl_xfrm(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000140)=@updsa={0x144, 0x10, 0x1, 0x0, 0x200019, {{@in6=@dev, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32}, {@in6=@private1, 0x0, 0x32}, @in=@multicast2, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @offload={0xc, 0x1c, {r3, 0x4}}]}, 0x144}}, 0x0) 318.863993ms ago: executing program 4 (id=1734): r0 = socket(0x28, 0x5, 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, 0x0, 0x0) 297.715513ms ago: executing program 4 (id=1735): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x258, 0x0, 0xffffffff, 0xffffffff, 0x1c0, 0xffffffff, 0x480, 0xffffffff, 0xffffffff, 0x480, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xa4, 0xc4, 0x60030000, {0x0, 0xff000000}}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xa4, 0xcc}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0xfd}}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x2b4) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 226.871976ms ago: executing program 3 (id=1736): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000680)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000fddbdf25070000000800", @ANYRES32=r2], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884) 154.778612ms ago: executing program 1 (id=1737): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000600)='wg2\x00', 0x4) 154.637464ms ago: executing program 4 (id=1738): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="08009e00", @ANYRESDEC], 0x24}}, 0x0) 91.198801ms ago: executing program 4 (id=1739): r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000ec0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_KEY(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000740)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000ffdbdf251800000008000300", @ANYRES32=r2, @ANYBLOB="0800308004000180cc1c9b2fd81825db9b1b362e8f07ca7d4cf738a3904219f980421c5ab9db277de7f56a8d112cbf6b9771375b620feab527d0d68170d43850cd8d9ccd36fe9c9bd35f599e7404121d7f250ba854a69a71a9305635670c97730075f2eaebce4f0785f5fdbcb678bb63f3fe5587e339ac7cb1728dfdbeaae8bbaf99a5614c7ac97ec407b8648a4e22ab5b58a9"], 0x24}, 0x1, 0x0, 0x0, 0x4000010}, 0x810) 0s ago: executing program 4 (id=1740): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000", @ANYRES16=r1, @ANYBLOB="030704707900000000000100040004000180"], 0x18}}, 0x0) recvmmsg(r0, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000340)=""/1, 0x1}, {&(0x7f0000000780)=""/4096, 0x1000}], 0x2}, 0xe75}], 0x3ffffffffffffb8, 0x60002000, 0x0) kernel console output (not intermixed with test programs): xpected cc 0x1003 length: 249 > 9 [ 182.905732][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 182.915978][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 182.924140][ T5836] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 182.932160][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 183.219524][ T8298] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 183.231355][ T8298] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 183.242893][ T8298] bond0 (unregistering): Released all slaves [ 183.541536][ T9312] __nla_validate_parse: 1 callbacks suppressed [ 183.541556][ T9312] netlink: 4 bytes leftover after parsing attributes in process `syz.4.901'. [ 183.596248][ T9313] netlink: 28 bytes leftover after parsing attributes in process `syz.1.898'. [ 183.605842][ T9313] netlink: 8 bytes leftover after parsing attributes in process `syz.1.898'. [ 183.619363][ T9313] netlink: 'syz.1.898': attribute type 7 has an invalid length. [ 183.647143][ T9316] netlink: 188 bytes leftover after parsing attributes in process `syz.2.900'. [ 183.678087][ T9316] netlink: 'syz.2.900': attribute type 1 has an invalid length. [ 183.903127][ T9319] openvswitch: netlink: EtherType 50a is less than min 600 [ 184.099791][ T9332] netlink: 4 bytes leftover after parsing attributes in process `syz.4.905'. [ 184.126483][ T9331] Cannot find add_set index 3 as target [ 184.413227][ T9342] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 184.483227][ T8298] hsr_slave_0: left promiscuous mode [ 184.495913][ T8298] hsr_slave_1: left promiscuous mode [ 184.503919][ T8298] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 184.511607][ T8298] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 184.521665][ T8298] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 184.529573][ T8298] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 184.559269][ T8298] veth1_macvtap: left promiscuous mode [ 184.565157][ T8298] veth0_macvtap: left promiscuous mode [ 184.572040][ T8298] veth1_vlan: left promiscuous mode [ 184.578749][ T8298] veth0_vlan: left promiscuous mode [ 184.970867][ T5841] Bluetooth: hci0: command tx timeout [ 185.080976][ T8298] team0 (unregistering): Port device team_slave_1 removed [ 185.131615][ T8298] team0 (unregistering): Port device team_slave_0 removed [ 185.824342][ T9298] chnl_net:caif_netlink_parms(): no params data found [ 186.134848][ T9375] netlink: 'syz.4.916': attribute type 10 has an invalid length. [ 186.144051][ T9375] team0: Device hsr_slave_0 failed to register rx_handler [ 186.261025][ T9298] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.275456][ T9298] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.283360][ T9298] bridge_slave_0: entered allmulticast mode [ 186.290768][ T9298] bridge_slave_0: entered promiscuous mode [ 186.299270][ T9298] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.307027][ T9298] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.314420][ T9298] bridge_slave_1: entered allmulticast mode [ 186.321715][ T9298] bridge_slave_1: entered promiscuous mode [ 186.376539][ T9388] netlink: 24 bytes leftover after parsing attributes in process `syz.1.920'. [ 186.377865][ T9298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 186.411832][ T9298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 186.474113][ T9392] netlink: 'syz.2.921': attribute type 4 has an invalid length. [ 186.677201][ T9298] team0: Port device team_slave_0 added [ 186.734196][ T9298] team0: Port device team_slave_1 added [ 186.741357][ T9403] atomic_op ffff8880626dc198 conn xmit_atomic 0000000000000000 [ 186.856388][ T9298] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 186.863872][ T9298] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.896003][ T9298] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 186.916480][ T9411] netlink: 24 bytes leftover after parsing attributes in process `syz.4.928'. [ 186.952363][ T9298] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 186.959433][ T9298] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 186.986108][ T9298] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 187.045110][ T5841] Bluetooth: hci0: command tx timeout [ 187.150465][ T9298] hsr_slave_0: entered promiscuous mode [ 187.157618][ T9298] hsr_slave_1: entered promiscuous mode [ 187.164110][ T9298] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 187.176313][ T9298] Cannot create hsr debugfs directory [ 187.814206][ T9453] netlink: 8 bytes leftover after parsing attributes in process `syz.1.941'. [ 187.915466][ T9453] netlink: 64 bytes leftover after parsing attributes in process `syz.1.941'. [ 188.687421][ T9462] tun0: tun_chr_ioctl cmd 21731 [ 188.731384][ T9298] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 188.766137][ T9298] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 188.784090][ T9471] netlink: 'syz.1.948': attribute type 10 has an invalid length. [ 188.823177][ T9298] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 188.866889][ T9471] veth0_vlan: left promiscuous mode [ 188.893212][ T9471] veth0_vlan: entered promiscuous mode [ 188.908086][ T9471] team0: Device veth0_vlan failed to register rx_handler [ 188.920946][ T9298] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 189.125197][ T5841] Bluetooth: hci0: command tx timeout [ 189.158683][ T9298] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.271284][ T9298] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.329337][ T8280] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.336544][ T8280] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.379381][ T8280] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.386735][ T8280] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.477282][ T9499] netlink: 'syz.3.953': attribute type 10 has an invalid length. [ 189.538873][ T9504] netlink: 12 bytes leftover after parsing attributes in process `syz.4.957'. [ 189.548023][ T9504] netlink: 764 bytes leftover after parsing attributes in process `syz.4.957'. [ 189.557251][ T9504] netlink: 18 bytes leftover after parsing attributes in process `syz.4.957'. [ 189.566516][ T9504] netlink: 30728 bytes leftover after parsing attributes in process `syz.4.957'. [ 189.577165][ T9499] veth1_vlan: left promiscuous mode [ 189.586009][ T9499] team0: Device veth1_vlan failed to register rx_handler [ 189.626658][ T9505] netlink: 4 bytes leftover after parsing attributes in process `syz.1.955'. [ 189.895390][ T9508] netlink: 16 bytes leftover after parsing attributes in process `syz.4.957'. [ 190.078480][ T9298] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 190.191828][ T9298] veth0_vlan: entered promiscuous mode [ 190.209880][ T9298] veth1_vlan: entered promiscuous mode [ 190.242805][ T9298] veth0_macvtap: entered promiscuous mode [ 190.269268][ T9298] veth1_macvtap: entered promiscuous mode [ 190.317477][ T9298] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 190.349699][ T9298] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 190.489026][ T9298] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.502490][ T9526] netlink: 'syz.4.965': attribute type 10 has an invalid length. [ 190.520337][ T9298] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.534186][ T9298] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.562508][ T9529] netlink: 'syz.1.966': attribute type 10 has an invalid length. [ 190.564050][ T9298] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.583217][ T9526] veth0_vlan: left promiscuous mode [ 190.590004][ T9526] veth0_vlan: entered promiscuous mode [ 190.597657][ T9526] team0: Device veth0_vlan failed to register rx_handler [ 190.618889][ T9532] netlink: 56 bytes leftover after parsing attributes in process `syz.3.964'. [ 190.621506][ T9529] veth0_vlan: left promiscuous mode [ 190.628304][ T9532] netlink: 576 bytes leftover after parsing attributes in process `syz.3.964'. [ 190.650164][ T9529] veth0_vlan: entered promiscuous mode [ 190.661077][ T9529] team0: Device veth0_vlan failed to register rx_handler [ 190.968658][ T9535] bridge3: entered promiscuous mode [ 190.973951][ T9535] bridge3: entered allmulticast mode [ 191.205311][ T5841] Bluetooth: hci0: command tx timeout [ 191.500391][ T6229] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 191.535037][ T6229] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 191.758119][ T6256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 191.783724][ T6256] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 191.906267][ T9564] netlink: 132 bytes leftover after parsing attributes in process `syz.3.974'. [ 191.974512][ T9568] netlink: 12 bytes leftover after parsing attributes in process `syz.3.974'. [ 192.482335][ T9573] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 192.719463][ T9588] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.787395][ T9588] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.847457][ T9588] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.926508][ T9597] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 192.985911][ T9597] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 193.285224][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 193.294261][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 193.541977][ T8298] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.554453][ T9581] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 193.713875][ T8298] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.926192][ T8298] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.060599][ T8298] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.494166][ T8298] bridge_slave_1: left allmulticast mode [ 194.525115][ T8298] bridge_slave_1: left promiscuous mode [ 194.530920][ T8298] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.564169][ T8298] bridge_slave_0: left allmulticast mode [ 194.574748][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.593729][ T8298] bridge_slave_0: left promiscuous mode [ 194.610643][ T8298] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.696987][ T9625] netlink: 'syz.2.992': attribute type 10 has an invalid length. [ 194.730562][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 194.740377][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 194.753617][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 194.764303][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 194.772545][ T5836] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 194.780135][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 195.268601][ T9635] __nla_validate_parse: 6 callbacks suppressed [ 195.268623][ T9635] netlink: 8 bytes leftover after parsing attributes in process `syz.4.994'. [ 195.410665][ T8298] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 195.422786][ T8298] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 195.432813][ T9639] netlink: 16 bytes leftover after parsing attributes in process `syz.3.995'. [ 195.442291][ T9640] netlink: 16 bytes leftover after parsing attributes in process `syz.3.995'. [ 195.453917][ T8298] bond0 (unregistering): Released all slaves [ 195.465258][ T9640] netlink: 84 bytes leftover after parsing attributes in process `syz.3.995'. [ 195.478172][ T9625] veth0_vlan: left promiscuous mode [ 195.491152][ T9625] veth0_vlan: entered promiscuous mode [ 195.498671][ T9625] team0: Device veth0_vlan failed to register rx_handler [ 195.638037][ T9632] netlink: 16 bytes leftover after parsing attributes in process `syz.1.993'. [ 195.731185][ T9643] netlink: 830 bytes leftover after parsing attributes in process `syz.1.993'. [ 196.439295][ T9660] netlink: 'syz.3.1000': attribute type 10 has an invalid length. [ 196.452224][ T9660] veth0_vlan: left promiscuous mode [ 196.459071][ T9660] veth0_vlan: entered promiscuous mode [ 196.466644][ T9660] team0: Device veth0_vlan failed to register rx_handler [ 196.770240][ T8298] hsr_slave_0: left promiscuous mode [ 196.779411][ T8298] hsr_slave_1: left promiscuous mode [ 196.785427][ T8298] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 196.793384][ T8298] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 196.805602][ T5841] Bluetooth: hci0: command tx timeout [ 196.813298][ T8298] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 196.821034][ T8298] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 196.850683][ T8298] veth1_macvtap: left promiscuous mode [ 196.856376][ T8298] veth0_macvtap: left promiscuous mode [ 196.861957][ T8298] veth1_vlan: left promiscuous mode [ 196.867406][ T8298] veth0_vlan: left promiscuous mode [ 197.363862][ T8298] team0 (unregistering): Port device team_slave_1 removed [ 197.404719][ T8298] team0 (unregistering): Port device team_slave_0 removed [ 197.976338][ T9666] netlink: 'syz.4.1001': attribute type 10 has an invalid length. [ 198.002574][ T9666] veth0_vlan: left promiscuous mode [ 198.009213][ T9666] veth0_vlan: entered promiscuous mode [ 198.019983][ T9666] team0: Device veth0_vlan failed to register rx_handler [ 198.181526][ T9626] chnl_net:caif_netlink_parms(): no params data found [ 198.905566][ T5841] Bluetooth: hci0: command tx timeout [ 199.050274][ T9626] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.075684][ T9626] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.086816][ T9626] bridge_slave_0: entered allmulticast mode [ 199.094588][ T9626] bridge_slave_0: entered promiscuous mode [ 199.144453][ T9626] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.162478][ T9626] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.188228][ T9626] bridge_slave_1: entered allmulticast mode [ 199.195885][ T9626] bridge_slave_1: entered promiscuous mode [ 199.604193][ T9626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 199.635851][ T9626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 199.717346][ T9703] netlink: 'syz.3.1012': attribute type 21 has an invalid length. [ 199.761607][ T9626] team0: Port device team_slave_0 added [ 199.812868][ T9626] team0: Port device team_slave_1 added [ 199.933874][ T9626] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 199.951437][ T9626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.002372][ T9626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 200.024610][ T9707] ipvlan2: entered promiscuous mode [ 200.032146][ T9709] FAULT_INJECTION: forcing a failure. [ 200.032146][ T9709] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 200.046007][ T9707] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 200.054245][ T9707] team0: Device ipvlan2 is already an upper device of the team interface [ 200.071641][ T9709] CPU: 0 UID: 0 PID: 9709 Comm: syz.2.1015 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0 [ 200.071663][ T9709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 200.071673][ T9709] Call Trace: [ 200.071678][ T9709] [ 200.071684][ T9709] dump_stack_lvl+0x241/0x360 [ 200.071708][ T9709] ? __pfx_dump_stack_lvl+0x10/0x10 [ 200.071725][ T9709] ? __pfx__printk+0x10/0x10 [ 200.071741][ T9709] ? __pfx_lock_release+0x10/0x10 [ 200.071769][ T9709] should_fail_ex+0x40a/0x550 [ 200.071795][ T9709] _copy_from_user+0x2d/0xb0 [ 200.071816][ T9709] move_addr_to_kernel+0x82/0x150 [ 200.071838][ T9709] copy_msghdr_from_user+0x43e/0x680 [ 200.071859][ T9709] ? __pfx___might_resched+0x10/0x10 [ 200.071881][ T9709] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 200.071900][ T9709] ? __fget_files+0x2a/0x410 [ 200.071925][ T9709] ? __sys_sendmmsg+0x392/0x720 [ 200.071942][ T9709] ? __might_fault+0xaa/0x120 [ 200.071960][ T9709] __sys_sendmmsg+0x32b/0x720 [ 200.071983][ T9709] ? __pfx___sys_sendmmsg+0x10/0x10 [ 200.072008][ T9709] ? __pfx_lock_release+0x10/0x10 [ 200.072036][ T9709] ? kstrtouint_from_user+0x128/0x190 [ 200.072082][ T9709] ? ksys_write+0x22a/0x2b0 [ 200.072105][ T9709] ? __pfx_lock_release+0x10/0x10 [ 200.072142][ T9709] ? sb_end_write+0xe9/0x1c0 [ 200.072173][ T9709] ? vfs_write+0x7fa/0xd10 [ 200.072197][ T9709] ? __mutex_unlock_slowpath+0x227/0x800 [ 200.072238][ T9709] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 200.072263][ T9709] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 200.072286][ T9709] ? do_syscall_64+0x100/0x230 [ 200.072307][ T9709] __x64_sys_sendmmsg+0xa0/0xb0 [ 200.072324][ T9709] do_syscall_64+0xf3/0x230 [ 200.072348][ T9709] ? clear_bhb_loop+0x35/0x90 [ 200.072372][ T9709] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.072392][ T9709] RIP: 0033:0x7f55fdb8d169 [ 200.072406][ T9709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 200.072419][ T9709] RSP: 002b:00007f55fe90c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 200.072436][ T9709] RAX: ffffffffffffffda RBX: 00007f55fdda5fa0 RCX: 00007f55fdb8d169 [ 200.072447][ T9709] RDX: 0000000000000002 RSI: 00004000000020c0 RDI: 0000000000000004 [ 200.072456][ T9709] RBP: 00007f55fe90c090 R08: 0000000000000000 R09: 0000000000000000 [ 200.072465][ T9709] R10: 0000000000000088 R11: 0000000000000246 R12: 0000000000000001 [ 200.072474][ T9709] R13: 0000000000000000 R14: 00007f55fdda5fa0 R15: 00007ffea1e424c8 [ 200.072495][ T9709] [ 200.429720][ T9626] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 200.438794][ T9626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.467206][ T9626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 200.505686][ T9711] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1016'. [ 200.581049][ T9720] netlink: 'syz.4.1019': attribute type 1 has an invalid length. [ 200.605332][ T9720] 8021q: adding VLAN 0 to HW filter on device bond3 [ 200.623887][ T9721] sctp: [Deprecated]: syz.3.1018 (pid 9721) Use of int in max_burst socket option. [ 200.623887][ T9721] Use struct sctp_assoc_value instead [ 200.682004][ T9720] bond3: (slave veth7): Enslaving as an active interface with a down link [ 200.774505][ T9727] netlink: 'syz.4.1022': attribute type 10 has an invalid length. [ 200.792523][ T9626] hsr_slave_0: entered promiscuous mode [ 200.799382][ T9626] hsr_slave_1: entered promiscuous mode [ 200.805874][ T9626] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 200.813583][ T9626] Cannot create hsr debugfs directory [ 200.819436][ T9727] veth0_vlan: left promiscuous mode [ 200.819505][ T9725] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1020'. [ 200.825930][ T9727] veth0_vlan: entered promiscuous mode [ 200.841201][ T9727] team0: Device veth0_vlan failed to register rx_handler [ 200.860457][ T9725] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 200.874113][ T9725] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 200.965205][ T5148] Bluetooth: hci0: command tx timeout [ 201.737957][ T9749] 8021q: adding VLAN 0 to HW filter on device bond2 [ 201.766844][ T5834] Bluetooth: hci2: command 0x0406 tx timeout [ 201.777431][ T9749] team0: Port device bond2 added [ 201.782568][ T5148] Bluetooth: hci1: command 0x0406 tx timeout [ 201.782664][ T5834] Bluetooth: hci3: command 0x0406 tx timeout [ 202.283077][ T9754] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1029'. [ 202.311737][ T9754] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1029'. [ 202.323257][ T9626] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 202.358349][ T9760] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1031'. [ 202.361535][ T9754] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1029'. [ 202.386043][ T9626] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 202.437090][ T9626] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 202.469064][ T9626] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 202.564016][ T9772] netlink: 'syz.4.1034': attribute type 10 has an invalid length. [ 202.576177][ T9772] veth0_vlan: left promiscuous mode [ 202.583806][ T9772] veth0_vlan: entered promiscuous mode [ 202.592173][ T9772] team0: Device veth0_vlan failed to register rx_handler [ 202.801548][ T9626] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.891568][ T9626] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.926865][ T6256] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.934076][ T6256] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.036962][ T6256] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.044183][ T6256] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.055359][ T5834] Bluetooth: hci0: command tx timeout [ 203.239431][ T25] IPVS: starting estimator thread 0... [ 203.355496][ T9786] IPVS: using max 18 ests per chain, 43200 per kthread [ 203.389272][ T9626] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 203.463490][ T9789] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1038'. [ 203.523645][ T9789] netlink: 'syz.4.1038': attribute type 1 has an invalid length. [ 203.540762][ T9789] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 203.586669][ T9767] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1030'. [ 203.659353][ T9761] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 203.753235][ T9767] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1030'. [ 204.643180][ T9626] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 205.155193][ T9812] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1042'. [ 205.185952][ T9626] veth0_vlan: entered promiscuous mode [ 205.248556][ T9626] veth1_vlan: entered promiscuous mode [ 205.478737][ T9626] veth0_macvtap: entered promiscuous mode [ 205.489174][ T9626] veth1_macvtap: entered promiscuous mode [ 205.561188][ T9626] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 205.636736][ T9626] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 205.707163][ T9626] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.751170][ T9626] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.779826][ T9626] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.808787][ T9626] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.097010][ T8288] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.115361][ T8288] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.208757][ T8284] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.238500][ T8284] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.808301][ T9887] __nla_validate_parse: 2 callbacks suppressed [ 206.808322][ T9887] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1056'. [ 207.122603][ T9899] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1059'. [ 207.721530][ T6229] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.887422][ T6229] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.931749][ T9864] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1051'. [ 207.951941][ T9864] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 207.978171][ T6229] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.993746][ T9864] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1051'. [ 208.057553][ T6229] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.205401][ T6229] bridge_slave_1: left allmulticast mode [ 208.211165][ T6229] bridge_slave_1: left promiscuous mode [ 208.221926][ T6229] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.232071][ T6229] bridge_slave_0: left allmulticast mode [ 208.238255][ T6229] bridge_slave_0: left promiscuous mode [ 208.244018][ T6229] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.798476][ T6229] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 208.824771][ T6229] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 208.843737][ T6229] bond0 (unregistering): Released all slaves [ 208.946903][ T9931] bridge3: left promiscuous mode [ 208.976389][ T9931] bridge3: left allmulticast mode [ 208.992642][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 209.027410][ T5834] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 209.036542][ T5834] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 209.049123][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 209.060004][ T5834] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 209.069154][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 209.893495][ T6229] hsr_slave_0: left promiscuous mode [ 209.908839][ T6229] hsr_slave_1: left promiscuous mode [ 209.920566][ T6229] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 209.942942][ T6229] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 209.996488][ T6229] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 210.024140][ T6229] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 210.248656][ T6229] veth1_macvtap: left promiscuous mode [ 210.265720][ T6229] veth0_macvtap: left promiscuous mode [ 210.279690][ T6229] veth1_vlan: left promiscuous mode [ 210.290895][ T6229] veth0_vlan: left promiscuous mode [ 211.129937][ T5834] Bluetooth: hci0: command tx timeout [ 211.223115][ T6229] team0 (unregistering): Port device team_slave_1 removed [ 211.269467][ T6229] team0 (unregistering): Port device team_slave_0 removed [ 211.737559][ T9955] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1074'. [ 211.797718][ T9972] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1078'. [ 211.821006][ T9964] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1074'. [ 211.900057][ T9972] wireguard0: entered promiscuous mode [ 211.906193][ T9972] wireguard0: entered allmulticast mode [ 211.931791][ T9977] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1078'. [ 212.027420][ T9979] netlink: 'syz.1.1080': attribute type 10 has an invalid length. [ 212.072262][ T9979] veth0_vlan: left promiscuous mode [ 212.084674][ T9979] veth0_vlan: entered promiscuous mode [ 212.105282][ T9979] team0: Device veth0_vlan failed to register rx_handler [ 212.220039][ T9982] 8021q: adding VLAN 0 to HW filter on device bond4 [ 212.627280][ T9934] chnl_net:caif_netlink_parms(): no params data found [ 213.116324][ T9934] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.144750][ T9934] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.167838][ T9934] bridge_slave_0: entered allmulticast mode [ 213.215290][ T5841] Bluetooth: hci0: command tx timeout [ 213.243392][ T9934] bridge_slave_0: entered promiscuous mode [ 213.287276][T10009] netlink: 'syz.1.1088': attribute type 4 has an invalid length. [ 213.330429][ T9934] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.377930][ T9934] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.415534][T10015] netlink: 'syz.1.1091': attribute type 4 has an invalid length. [ 213.447074][ T9934] bridge_slave_1: entered allmulticast mode [ 213.453996][ T9934] bridge_slave_1: entered promiscuous mode [ 214.046645][ T9934] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 214.086712][ T9934] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 214.337446][T10025] netlink: 'syz.1.1093': attribute type 10 has an invalid length. [ 214.608758][T10031] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1094'. [ 214.622144][ T9934] team0: Port device team_slave_0 added [ 214.633854][T10025] veth0_vlan: left promiscuous mode [ 214.640154][T10025] veth0_vlan: entered promiscuous mode [ 214.657830][T10025] team0: Device veth0_vlan failed to register rx_handler [ 214.692380][ T9934] team0: Port device team_slave_1 added [ 214.791345][ T9934] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 214.797149][T10039] netlink: 'syz.3.1097': attribute type 10 has an invalid length. [ 214.815135][ T9934] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 214.841707][ T9934] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 214.855846][T10036] syz_tun: entered allmulticast mode [ 214.863451][T10039] veth0_vlan: left promiscuous mode [ 214.878197][T10039] veth0_vlan: entered promiscuous mode [ 214.890746][T10039] team0: Device veth0_vlan failed to register rx_handler [ 214.906133][ T9934] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 214.913457][ T9934] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 214.949228][ T9934] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 215.083576][ T9934] hsr_slave_0: entered promiscuous mode [ 215.092289][ T9934] hsr_slave_1: entered promiscuous mode [ 215.099251][ T9934] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 215.108519][ T9934] Cannot create hsr debugfs directory [ 215.132478][T10035] syz_tun: left allmulticast mode [ 215.259349][T10043] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1098'. [ 215.295831][ T5841] Bluetooth: hci0: command tx timeout [ 215.348282][T10043] ipvlan2: entered promiscuous mode [ 215.356175][T10043] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 215.363738][T10043] bond0: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 216.254713][ T9934] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 216.279301][ T9934] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 216.287294][T10057] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1104'. [ 216.313454][ T9934] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 216.326743][ T9934] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 216.344520][T10057] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1104'. [ 216.612453][ T9934] 8021q: adding VLAN 0 to HW filter on device bond0 [ 216.837642][ T9934] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.067492][ T8280] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.074716][ T8280] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.141504][ T8280] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.148653][ T8280] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.374987][ T5841] Bluetooth: hci0: command tx timeout [ 217.567303][T10095] netlink: 'syz.4.1115': attribute type 10 has an invalid length. [ 217.576726][T10095] veth0_vlan: left promiscuous mode [ 217.585091][T10095] veth0_vlan: entered promiscuous mode [ 217.591257][T10097] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1114'. [ 217.592380][T10095] team0: Device veth0_vlan failed to register rx_handler [ 217.832960][ T9934] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.999705][ T9934] veth0_vlan: entered promiscuous mode [ 218.043468][ T9934] veth1_vlan: entered promiscuous mode [ 218.114094][ T9934] veth0_macvtap: entered promiscuous mode [ 218.167759][ T9934] veth1_macvtap: entered promiscuous mode [ 218.224385][ T9934] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.292529][ T9934] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 218.344055][ T9934] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.376174][ T9934] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.391975][ T9934] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.402983][ T9934] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.462264][T10111] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1121'. [ 218.475785][T10111] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-rr(0) [ 218.653253][ T8288] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.671679][ T8288] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.752128][ T8280] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.761727][ T8280] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.946189][T10125] netlink: 'syz.3.1127': attribute type 10 has an invalid length. [ 218.969844][T10125] veth0_vlan: left promiscuous mode [ 219.006235][T10125] veth0_vlan: entered promiscuous mode [ 219.066373][T10125] team0: Device veth0_vlan failed to register rx_handler [ 220.020701][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.195367][ T5841] Bluetooth: hci4: link tx timeout [ 220.200921][ T5841] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 220.313063][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.529710][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.629648][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 220.740243][ T11] bridge_slave_1: left allmulticast mode [ 220.746058][ T11] bridge_slave_1: left promiscuous mode [ 220.751766][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.761685][ T11] bridge_slave_0: left allmulticast mode [ 220.767839][ T11] bridge_slave_0: left promiscuous mode [ 220.773571][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.371501][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 221.392925][ T5849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 221.409965][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 221.439519][ T5849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 221.447636][ T5849] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 221.458062][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 221.467702][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 221.488841][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 221.499861][ T11] bond0 (unregistering): Released all slaves [ 221.866547][T10187] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1138'. [ 222.245626][ T5849] Bluetooth: hci4: command 0x0406 tx timeout [ 222.548437][T10198] netlink: 'syz.3.1142': attribute type 10 has an invalid length. [ 223.179315][T10198] veth0_vlan: left promiscuous mode [ 223.191632][T10198] veth0_vlan: entered promiscuous mode [ 223.200128][T10198] team0: Device veth0_vlan failed to register rx_handler [ 223.273676][ T11] hsr_slave_0: left promiscuous mode [ 223.299185][ T11] hsr_slave_1: left promiscuous mode [ 223.310659][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 223.335391][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 223.355877][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 223.363618][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 223.461386][ T11] veth1_macvtap: left promiscuous mode [ 223.474477][ T11] veth0_macvtap: left promiscuous mode [ 223.504728][ T11] veth1_vlan: left promiscuous mode [ 223.523474][ T11] veth0_vlan: left promiscuous mode [ 223.530228][ T5834] Bluetooth: hci0: command tx timeout [ 224.087057][ T11] team0 (unregistering): Port device team_slave_1 removed [ 224.132750][ T11] team0 (unregistering): Port device team_slave_0 removed [ 224.959526][T10169] chnl_net:caif_netlink_parms(): no params data found [ 225.252030][T10259] IPVS: set_ctl: invalid protocol: 58 224.0.0.2:20000 [ 225.605344][ T5834] Bluetooth: hci0: command tx timeout [ 225.734785][T10169] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.743659][T10169] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.755752][T10169] bridge_slave_0: entered allmulticast mode [ 225.779779][T10169] bridge_slave_0: entered promiscuous mode [ 225.807271][T10268] Driver unsupported XDP return value 0 on prog (id 412) dev N/A, expect packet loss! [ 225.820658][T10169] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.907630][T10169] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.923650][T10169] bridge_slave_1: entered allmulticast mode [ 225.939414][T10169] bridge_slave_1: entered promiscuous mode [ 226.053443][T10169] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 226.118872][T10169] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 226.367199][T10304] Bluetooth: MGMT ver 1.23 [ 226.377057][T10304] Bluetooth: MGMT ver 1.23 [ 226.377656][T10169] team0: Port device team_slave_0 added [ 226.421668][T10169] team0: Port device team_slave_1 added [ 226.561636][T10169] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 226.587414][T10169] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 226.638468][T10169] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 226.663228][T10169] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 226.683998][T10169] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 226.762137][T10169] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 226.950115][T10169] hsr_slave_0: entered promiscuous mode [ 226.967658][T10169] hsr_slave_1: entered promiscuous mode [ 226.992339][T10169] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 227.014502][T10169] Cannot create hsr debugfs directory [ 227.335540][T10333] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1166'. [ 227.695106][ T5834] Bluetooth: hci0: command tx timeout [ 228.030186][T10169] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 228.078439][T10365] x_tables: duplicate entry at hook 2 [ 228.082565][T10169] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 228.105979][T10169] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 228.164339][T10169] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 228.281575][T10369] netlink: 'syz.3.1174': attribute type 10 has an invalid length. [ 228.310697][T10369] veth0_vlan: left promiscuous mode [ 228.330886][T10369] veth0_vlan: entered promiscuous mode [ 228.357292][T10369] team0: Device veth0_vlan failed to register rx_handler [ 228.554466][T10169] 8021q: adding VLAN 0 to HW filter on device bond0 [ 228.592853][T10169] 8021q: adding VLAN 0 to HW filter on device team0 [ 228.613152][ T8284] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.620829][ T8284] bridge0: port 1(bridge_slave_0) entered forwarding state [ 228.667712][ T6235] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.674944][ T6235] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.024630][T10392] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1177'. [ 229.073088][T10392] hsr_slave_0: left promiscuous mode [ 229.113613][T10392] hsr_slave_1: left promiscuous mode [ 229.196682][T10359] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1172'. [ 229.249239][T10169] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 229.351966][T10169] veth0_vlan: entered promiscuous mode [ 229.372082][T10169] veth1_vlan: entered promiscuous mode [ 229.406316][T10400] netlink: 'syz.4.1178': attribute type 58 has an invalid length. [ 229.414211][T10400] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1178'. [ 229.664932][T10169] veth0_macvtap: entered promiscuous mode [ 229.770552][T10169] veth1_macvtap: entered promiscuous mode [ 229.778491][ T5834] Bluetooth: hci0: command tx timeout [ 229.814124][T10169] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 229.846222][T10169] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 229.883239][T10169] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.908285][T10169] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.918904][T10169] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 229.932384][T10169] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 230.123015][T10415] netlink: 248 bytes leftover after parsing attributes in process `syz.3.1181'. [ 230.153937][ T8280] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 230.214424][ T8280] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 230.243196][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 230.301932][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 230.638351][T10423] 8021q: adding VLAN 0 to HW filter on device bond5 [ 230.991095][T10441] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1189'. [ 231.007609][T10443] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1189'. [ 231.069011][ T6256] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.431951][ T6256] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.930558][ T6256] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.174353][ T6256] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.282262][T10452] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 232.444334][ T6256] bridge_slave_1: left allmulticast mode [ 232.474776][ T6256] bridge_slave_1: left promiscuous mode [ 232.493537][ T6256] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.545716][ T6256] bridge_slave_0: left allmulticast mode [ 232.563072][ T6256] bridge_slave_0: left promiscuous mode [ 232.579918][ T6256] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.635985][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 232.650238][ T5849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 232.659371][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 232.671658][ T5849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 232.680512][ T5849] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 232.692827][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 233.699577][ T6256] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 233.711277][ T6256] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 233.721836][ T6256] bond0 (unregistering): Released all slaves [ 233.957597][T10472] netlink: 1256 bytes leftover after parsing attributes in process `syz.2.1196'. [ 234.154092][T10481] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1200'. [ 234.187033][T10481] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1200'. [ 234.283072][T10481] bridge0: port 2(syz_tun) entered blocking state [ 234.290788][T10481] bridge0: port 2(syz_tun) entered disabled state [ 234.297628][T10481] syz_tun: entered allmulticast mode [ 234.310701][T10481] syz_tun: entered promiscuous mode [ 234.560745][T10461] chnl_net:caif_netlink_parms(): no params data found [ 234.729840][ T5849] Bluetooth: hci0: command tx timeout [ 234.840391][ T6256] hsr_slave_0: left promiscuous mode [ 234.876481][ T6256] hsr_slave_1: left promiscuous mode [ 234.890471][ T6256] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 234.920896][ T6256] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 234.946538][ T6256] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 234.954008][ T6256] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 235.032607][ T6256] veth1_macvtap: left promiscuous mode [ 235.062718][ T6256] veth0_macvtap: left promiscuous mode [ 235.078336][ T6256] veth1_vlan: left promiscuous mode [ 235.083678][ T6256] veth0_vlan: left promiscuous mode [ 236.088678][ T6256] team0 (unregistering): Port device team_slave_1 removed [ 236.139072][ T6256] team0 (unregistering): Port device team_slave_0 removed [ 236.739393][T10461] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.754465][T10461] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.761992][T10461] bridge_slave_0: entered allmulticast mode [ 236.773432][T10461] bridge_slave_0: entered promiscuous mode [ 236.796014][T10461] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.803305][T10461] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.806333][ T5849] Bluetooth: hci0: command tx timeout [ 236.823808][T10461] bridge_slave_1: entered allmulticast mode [ 236.861581][T10461] bridge_slave_1: entered promiscuous mode [ 237.064724][T10461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 237.076728][T10461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 237.137224][T10533] netlink: 'syz.4.1214': attribute type 3 has an invalid length. [ 237.152179][T10461] team0: Port device team_slave_0 added [ 237.183785][T10461] team0: Port device team_slave_1 added [ 237.298657][T10461] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 237.315134][T10461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 237.348448][T10461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 237.432731][T10461] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 237.440907][T10461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 237.467536][T10461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 237.583361][T10546] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1218'. [ 237.613067][T10546] nbd: socks must be embedded in a SOCK_ITEM attr [ 237.887762][T10461] hsr_slave_0: entered promiscuous mode [ 237.899078][T10461] hsr_slave_1: entered promiscuous mode [ 237.906431][T10461] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 237.914178][T10461] Cannot create hsr debugfs directory [ 238.337756][T10550] syzkaller1: entered promiscuous mode [ 238.343499][T10550] syzkaller1: entered allmulticast mode [ 238.600753][T10562] netlink: 'syz.4.1221': attribute type 1 has an invalid length. [ 238.633425][T10562] 8021q: adding VLAN 0 to HW filter on device bond6 [ 238.701914][T10564] Cannot find del_set index 4 as target [ 238.885147][ T5849] Bluetooth: hci0: command tx timeout [ 239.268598][T10587] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1226'. [ 239.403049][T10587] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1226'. [ 239.446017][T10590] netlink: 'syz.2.1227': attribute type 1 has an invalid length. [ 239.959419][T10601] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1230'. [ 239.970610][T10602] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1230'. [ 240.078916][T10461] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 240.158254][T10461] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 240.207699][T10461] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 240.259609][T10622] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1238'. [ 240.274109][T10622] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1238'. [ 240.279088][T10461] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 240.309944][T10622] x_tables: ip6_tables: SYNPROXY target: used from hooks PREROUTING, but only usable from INPUT/FORWARD [ 240.321969][T10622] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1238'. [ 240.551957][T10461] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.562247][T10631] FAULT_INJECTION: forcing a failure. [ 240.562247][T10631] name failslab, interval 1, probability 0, space 0, times 1 [ 240.592748][T10631] CPU: 1 UID: 0 PID: 10631 Comm: syz.3.1240 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0 [ 240.592783][T10631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 240.592796][T10631] Call Trace: [ 240.592804][T10631] [ 240.592814][T10631] dump_stack_lvl+0x241/0x360 [ 240.592847][T10631] ? __pfx_dump_stack_lvl+0x10/0x10 [ 240.592871][T10631] ? __pfx__printk+0x10/0x10 [ 240.592895][T10631] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 240.592927][T10631] ? __pfx___might_resched+0x10/0x10 [ 240.592962][T10631] should_fail_ex+0x40a/0x550 [ 240.592999][T10631] should_failslab+0xac/0x100 [ 240.593029][T10631] kmem_cache_alloc_node_noprof+0x77/0x380 [ 240.593059][T10631] ? __alloc_skb+0x1c3/0x440 [ 240.593084][T10631] __alloc_skb+0x1c3/0x440 [ 240.593111][T10631] ? __pfx___alloc_skb+0x10/0x10 [ 240.593135][T10631] ? __pfx___mutex_trylock_common+0x10/0x10 [ 240.593166][T10631] tipc_nl_compat_dumpit+0x311/0x740 [ 240.593207][T10631] tipc_nl_compat_recv+0xe38/0x1590 [ 240.593246][T10631] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 240.593285][T10631] ? genl_get_cmd+0x610/0xce0 [ 240.593305][T10631] ? __pfx_tipc_nl_bearer_dump+0x10/0x10 [ 240.593328][T10631] ? __pfx_tipc_nl_compat_bearer_dump+0x10/0x10 [ 240.593361][T10631] ? __pfx___mutex_lock+0x10/0x10 [ 240.593387][T10631] ? __pfx_genl_get_cmd+0x10/0x10 [ 240.593415][T10631] ? __pfx_validate_chain+0x10/0x10 [ 240.593448][T10631] genl_rcv_msg+0xb1f/0xec0 [ 240.593481][T10631] ? __pfx_genl_rcv_msg+0x10/0x10 [ 240.593535][T10631] ? __pfx_lock_acquire+0x10/0x10 [ 240.593566][T10631] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 240.593599][T10631] ? __pfx___might_resched+0x10/0x10 [ 240.593638][T10631] netlink_rcv_skb+0x206/0x480 [ 240.593668][T10631] ? __pfx_genl_rcv_msg+0x10/0x10 [ 240.593693][T10631] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 240.593760][T10631] genl_rcv+0x28/0x40 [ 240.593779][T10631] netlink_unicast+0x7f6/0x990 [ 240.593816][T10631] ? __pfx_netlink_unicast+0x10/0x10 [ 240.593840][T10631] ? __virt_addr_valid+0x45f/0x530 [ 240.593861][T10631] ? __phys_addr_symbol+0x2f/0x70 [ 240.593880][T10631] ? __check_object_size+0x47a/0x730 [ 240.593914][T10631] netlink_sendmsg+0x8de/0xcb0 [ 240.593957][T10631] ? __pfx_netlink_sendmsg+0x10/0x10 [ 240.593993][T10631] ? aa_sock_msg_perm+0x91/0x160 [ 240.594031][T10631] ? __pfx_netlink_sendmsg+0x10/0x10 [ 240.594059][T10631] __sock_sendmsg+0x221/0x270 [ 240.594091][T10631] ____sys_sendmsg+0x53a/0x860 [ 240.594124][T10631] ? __pfx_____sys_sendmsg+0x10/0x10 [ 240.594145][T10631] ? __fget_files+0x2a/0x410 [ 240.594178][T10631] ? __fget_files+0x2a/0x410 [ 240.594219][T10631] __sys_sendmsg+0x269/0x350 [ 240.594248][T10631] ? __pfx___sys_sendmsg+0x10/0x10 [ 240.594291][T10631] ? do_sys_openat2+0x17a/0x1d0 [ 240.594351][T10631] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 240.594384][T10631] ? do_syscall_64+0x100/0x230 [ 240.594413][T10631] ? do_syscall_64+0xb6/0x230 [ 240.594442][T10631] do_syscall_64+0xf3/0x230 [ 240.594467][T10631] ? clear_bhb_loop+0x35/0x90 [ 240.594500][T10631] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.594529][T10631] RIP: 0033:0x7fb587b8d169 [ 240.594548][T10631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 240.594566][T10631] RSP: 002b:00007fb588ac3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 240.594588][T10631] RAX: ffffffffffffffda RBX: 00007fb587da5fa0 RCX: 00007fb587b8d169 [ 240.594603][T10631] RDX: 0000000020000844 RSI: 00004000000002c0 RDI: 0000000000000004 [ 240.594616][T10631] RBP: 00007fb588ac3090 R08: 0000000000000000 R09: 0000000000000000 [ 240.594629][T10631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 240.594641][T10631] R13: 0000000000000000 R14: 00007fb587da5fa0 R15: 00007ffc68c812d8 [ 240.594674][T10631] [ 240.965551][ T5849] Bluetooth: hci0: command tx timeout [ 241.066524][T10461] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.311223][ T8288] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.319095][ T8288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.350478][ T8288] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.357679][ T8288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.524814][T10648] --map-set only usable from mangle table [ 241.676280][T10620] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 241.703427][T10461] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 241.762691][T10461] veth0_vlan: entered promiscuous mode [ 241.778190][T10461] veth1_vlan: entered promiscuous mode [ 241.838811][T10461] veth0_macvtap: entered promiscuous mode [ 241.853982][T10461] veth1_macvtap: entered promiscuous mode [ 241.874593][T10461] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 241.900231][T10461] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 241.912012][T10461] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.922163][T10461] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.931739][T10461] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.941059][T10461] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.196132][T10659] netlink: 'syz.4.1248': attribute type 2 has an invalid length. [ 242.215922][ T6229] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.234606][ T6229] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 242.282420][T10659] Tq: entered promiscuous mode [ 242.357835][T10663] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1250'. [ 242.422249][ T8284] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.445096][ T8284] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.003419][T10680] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1255'. [ 243.548521][T10690] syzkaller0: entered promiscuous mode [ 243.554063][T10690] syzkaller0: entered allmulticast mode [ 243.935403][T10698] netlink: 'syz.4.1260': attribute type 1 has an invalid length. [ 243.943203][T10698] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1260'. [ 245.483695][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 245.527212][ T5834] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 245.549357][ T5834] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 245.557695][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 245.573696][ T5834] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 245.584030][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 246.448459][T10718] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1264'. [ 246.509156][ T8280] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.670622][T10726] netlink: 'syz.2.1269': attribute type 10 has an invalid length. [ 246.703592][ T8280] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.724021][T10726] veth0_vlan: left promiscuous mode [ 246.735353][T10726] veth0_vlan: entered promiscuous mode [ 246.751601][T10726] team0: Device veth0_vlan failed to register rx_handler [ 246.795115][ T8280] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 246.895883][T10733] netlink: 7 bytes leftover after parsing attributes in process `syz.4.1271'. [ 246.982567][ T8280] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 247.142366][T10700] chnl_net:caif_netlink_parms(): no params data found [ 247.527341][T10700] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.559923][T10700] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.573473][T10700] bridge_slave_0: entered allmulticast mode [ 247.576030][T10746] netlink: 'syz.2.1274': attribute type 10 has an invalid length. [ 247.585607][T10700] bridge_slave_0: entered promiscuous mode [ 247.606461][ T5834] Bluetooth: hci0: command tx timeout [ 247.623589][T10746] veth0_vlan: left promiscuous mode [ 247.654134][T10746] veth0_vlan: entered promiscuous mode [ 247.688526][T10746] team0: Device veth0_vlan failed to register rx_handler [ 247.726161][T10700] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.744024][T10700] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.818353][T10700] bridge_slave_1: entered allmulticast mode [ 247.836024][T10700] bridge_slave_1: entered promiscuous mode [ 247.879251][T10756] xt_TCPMSS: Only works on TCP SYN packets [ 247.904503][ T8280] bridge_slave_1: left allmulticast mode [ 247.913038][ T8280] bridge_slave_1: left promiscuous mode [ 247.924521][ T8280] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.940947][ T8280] bridge_slave_0: left allmulticast mode [ 247.947893][ T8280] bridge_slave_0: left promiscuous mode [ 247.953764][ T8280] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.984654][T10758] --map-set only usable from mangle table [ 248.364039][ T8280] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 248.381309][ T8280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 248.392515][ T8280] bond0 (unregistering): Released all slaves [ 248.421930][T10700] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 248.460713][T10700] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 248.561032][T10700] team0: Port device team_slave_0 added [ 248.599904][T10700] team0: Port device team_slave_1 added [ 248.653580][T10700] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 248.661645][T10700] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 248.694504][T10700] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 248.785954][T10700] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 248.793083][T10700] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 248.823148][T10700] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 249.033813][T10776] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1284'. [ 249.130558][T10700] hsr_slave_0: entered promiscuous mode [ 249.150508][T10700] hsr_slave_1: entered promiscuous mode [ 249.170700][T10700] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 249.185097][T10700] Cannot create hsr debugfs directory [ 249.383831][T10791] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1289'. [ 249.423041][ T8280] hsr_slave_0: left promiscuous mode [ 249.434573][ T8280] hsr_slave_1: left promiscuous mode [ 249.445701][ T8280] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 249.453172][ T8280] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 249.483782][ T8280] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 249.515195][ T8280] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 249.571107][ T8280] veth1_macvtap: left promiscuous mode [ 249.577283][ T8280] veth0_macvtap: left promiscuous mode [ 249.583154][ T8280] veth1_vlan: left promiscuous mode [ 249.588852][ T8280] veth0_vlan: left promiscuous mode [ 249.695216][ T5834] Bluetooth: hci0: command tx timeout [ 250.159982][ T8280] team0 (unregistering): Port device team_slave_1 removed [ 250.229195][ T8280] team0 (unregistering): Port device team_slave_0 removed [ 250.237926][T10801] netlink: 'syz.3.1292': attribute type 10 has an invalid length. [ 250.727308][T10792] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1287'. [ 250.778363][T10799] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1287'. [ 250.796163][T10801] veth0_vlan: left promiscuous mode [ 250.816609][T10801] veth0_vlan: entered promiscuous mode [ 250.855688][T10801] team0: Device veth0_vlan failed to register rx_handler [ 250.956669][T10808] tipc: Resetting bearer [ 251.414112][T10818] bond0 (unregistering): Released all slaves [ 251.777391][ T5834] Bluetooth: hci0: command tx timeout [ 252.628212][T10700] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 252.688650][T10836] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1302'. [ 252.702474][T10700] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 252.758232][T10700] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 252.795620][T10700] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 253.055492][T10700] 8021q: adding VLAN 0 to HW filter on device bond0 [ 253.084030][T10844] netlink: 1256 bytes leftover after parsing attributes in process `syz.3.1303'. [ 253.139235][T10700] 8021q: adding VLAN 0 to HW filter on device team0 [ 253.153339][ T8284] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.160548][ T8284] bridge0: port 1(bridge_slave_0) entered forwarding state [ 253.185127][ T6238] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.192250][ T6238] bridge0: port 2(bridge_slave_1) entered forwarding state [ 253.281473][T10833] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1301'. [ 253.312392][T10833] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 253.345780][T10833] netlink: 830 bytes leftover after parsing attributes in process `syz.1.1301'. [ 253.835457][T10700] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 253.854800][ T5849] Bluetooth: hci0: command tx timeout [ 254.045720][T10700] veth0_vlan: entered promiscuous mode [ 254.047161][T10856] raw_sendmsg: syz.3.1305 forgot to set AF_INET. Fix it! [ 254.082898][T10700] veth1_vlan: entered promiscuous mode [ 254.181697][T10700] veth0_macvtap: entered promiscuous mode [ 254.192071][T10700] veth1_macvtap: entered promiscuous mode [ 254.235236][T10700] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 254.263875][T10700] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 254.300695][T10700] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.316003][T10700] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.324927][T10700] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.333664][T10700] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 254.685684][ T8288] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 254.718128][ T8288] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 254.821350][ T8288] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 254.840352][ T8288] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 254.866098][T10876] netlink: 'syz.3.1313': attribute type 10 has an invalid length. [ 254.899972][T10876] veth0_vlan: left promiscuous mode [ 254.914394][T10876] veth0_vlan: entered promiscuous mode [ 254.934026][T10876] team0: Device veth0_vlan failed to register rx_handler [ 255.232941][T10890] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1318'. [ 255.243554][T10890] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1318'. [ 255.256873][T10890] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1318'. [ 255.471473][T10896] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1320'. [ 255.882807][T10898] netlink: 376 bytes leftover after parsing attributes in process `syz.4.1322'. [ 255.897951][T10898] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1322'. [ 255.925438][ T5849] Bluetooth: hci0: command 0x0405 tx timeout [ 256.008044][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.783413][ T8288] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.970051][ T8288] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.141612][ T8288] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.236471][ T8288] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.367646][ T8288] bridge_slave_1: left allmulticast mode [ 257.375926][ T8288] bridge_slave_1: left promiscuous mode [ 257.381714][ T8288] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.393227][ T8288] bridge_slave_0: left allmulticast mode [ 257.401059][ T8288] bridge_slave_0: left promiscuous mode [ 257.409617][ T8288] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.851930][ T8288] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 257.864335][ T8288] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 257.875422][ T8288] bond0 (unregistering): Released all slaves [ 258.137983][T10937] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 258.358909][T10947] netlink: 'syz.3.1335': attribute type 10 has an invalid length. [ 258.419067][T10947] veth0_vlan: left promiscuous mode [ 258.452334][T10947] veth0_vlan: entered promiscuous mode [ 258.496139][T10947] team0: Device veth0_vlan failed to register rx_handler [ 258.826322][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 258.843603][ T5849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 258.852923][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 258.861166][ T5849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 258.869015][ T5849] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 258.876754][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 259.640554][T10981] __nla_validate_parse: 2 callbacks suppressed [ 259.640575][T10981] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1344'. [ 259.742840][T10985] netlink: 1284 bytes leftover after parsing attributes in process `syz.2.1343'. [ 259.768715][T10985] openvswitch: netlink: Missing key (keys=40, expected=80) [ 259.812491][ T8288] hsr_slave_0: left promiscuous mode [ 259.829335][T10985] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1343'. [ 259.840773][ T8288] hsr_slave_1: left promiscuous mode [ 259.851533][ T8288] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 259.908662][ T8288] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 259.919239][ T8288] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 259.928644][ T8288] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 259.936006][T10993] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1346'. [ 259.966230][ T8288] veth1_macvtap: left promiscuous mode [ 259.971856][ T8288] veth0_macvtap: left promiscuous mode [ 259.977911][ T8288] veth1_vlan: left promiscuous mode [ 259.983269][ T8288] veth0_vlan: left promiscuous mode [ 260.050580][T10995] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 260.071838][T10995] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 260.529006][T10999] netlink: 'syz.3.1348': attribute type 1 has an invalid length. [ 260.589490][ T8288] team0 (unregistering): Port device team_slave_1 removed [ 260.641267][ T8288] team0 (unregistering): Port device team_slave_0 removed [ 260.976916][ T5849] Bluetooth: hci0: command tx timeout [ 261.242834][T10954] chnl_net:caif_netlink_parms(): no params data found [ 261.337169][T11010] netlink: 'syz.1.1351': attribute type 10 has an invalid length. [ 261.402456][T11010] veth0_vlan: left promiscuous mode [ 261.410482][T11010] veth0_vlan: entered promiscuous mode [ 261.419261][T11010] team0: Device veth0_vlan failed to register rx_handler [ 261.884328][T10954] bridge0: port 1(bridge_slave_0) entered blocking state [ 261.926421][T10954] bridge0: port 1(bridge_slave_0) entered disabled state [ 261.934655][T10954] bridge_slave_0: entered allmulticast mode [ 261.955420][T10954] bridge_slave_0: entered promiscuous mode [ 261.973935][T10954] bridge0: port 2(bridge_slave_1) entered blocking state [ 261.994556][T10954] bridge0: port 2(bridge_slave_1) entered disabled state [ 262.015329][T10954] bridge_slave_1: entered allmulticast mode [ 262.036231][T10954] bridge_slave_1: entered promiscuous mode [ 262.167739][T10954] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 262.236148][T10954] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 262.283871][T11032] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1355'. [ 262.335893][T11032] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1355'. [ 262.370946][T10954] team0: Port device team_slave_0 added [ 262.386866][T10954] team0: Port device team_slave_1 added [ 262.616249][T10954] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 262.623319][T10954] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 262.656123][T10954] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 262.725563][T10954] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 262.740576][T10954] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 262.815044][T10954] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 263.033647][T11037] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 263.045228][ T5849] Bluetooth: hci0: command tx timeout [ 263.303519][T10954] hsr_slave_0: entered promiscuous mode [ 263.329315][T10954] hsr_slave_1: entered promiscuous mode [ 263.382630][T10954] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 263.398154][T10954] Cannot create hsr debugfs directory [ 263.997075][T11048] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1360'. [ 264.332374][T10954] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 264.352530][T10954] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 264.374512][T10954] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 264.401685][T10954] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 264.632504][T10954] 8021q: adding VLAN 0 to HW filter on device bond0 [ 264.901905][T10954] 8021q: adding VLAN 0 to HW filter on device team0 [ 264.923977][ T6238] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.931172][ T6238] bridge0: port 1(bridge_slave_0) entered forwarding state [ 264.989559][T11073] netlink: 'syz.1.1369': attribute type 10 has an invalid length. [ 264.999587][ T6235] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.006782][ T6235] bridge0: port 2(bridge_slave_1) entered forwarding state [ 265.104137][T11073] veth0_vlan: left promiscuous mode [ 265.126746][ T5849] Bluetooth: hci0: command tx timeout [ 265.135165][T11073] veth0_vlan: entered promiscuous mode [ 265.147315][T11073] team0: Device veth0_vlan failed to register rx_handler [ 266.006769][T10954] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 266.073450][T10954] veth0_vlan: entered promiscuous mode [ 266.089678][T10954] veth1_vlan: entered promiscuous mode [ 266.124011][T10954] veth0_macvtap: entered promiscuous mode [ 266.134594][T10954] veth1_macvtap: entered promiscuous mode [ 266.157925][T10954] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 266.162104][T11102] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1375'. [ 266.170636][T10954] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 266.175230][T11102] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1375'. [ 266.186419][T10954] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.200908][T10954] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.212185][T10954] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.221950][T10954] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 266.384411][T11104] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1376'. [ 266.398090][T11104] netlink: 136 bytes leftover after parsing attributes in process `syz.3.1376'. [ 266.407647][ T6238] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 266.417419][ T6238] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 266.476151][ T8288] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 266.485339][ T8288] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 266.652925][T11109] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1379'. [ 266.925366][T11120] netlink: 'syz.1.1381': attribute type 3 has an invalid length. [ 266.933461][T11120] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1381'. [ 267.871475][ T8298] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 268.455630][ T8298] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 268.701914][ T8298] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 268.764194][ T8298] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 268.846267][ T8298] bridge_slave_1: left allmulticast mode [ 268.851998][ T8298] bridge_slave_1: left promiscuous mode [ 268.857907][ T8298] bridge0: port 2(bridge_slave_1) entered disabled state [ 268.867059][ T8298] bridge_slave_0: left allmulticast mode [ 268.872805][ T8298] bridge_slave_0: left promiscuous mode [ 268.880191][ T8298] bridge0: port 1(bridge_slave_0) entered disabled state [ 268.985110][T11142] xt_TCPMSS: Only works on TCP SYN packets [ 269.074547][T11146] netlink: 'syz.3.1389': attribute type 10 has an invalid length. [ 269.088948][T11151] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 269.293186][T11157] ipt_REJECT: ECHOREPLY no longer supported. [ 269.349872][ T29] audit: type=1107 audit(1741369852.205:2): pid=11159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='?c4NfvH;~S-c!C:yY [ 269.349872][ T29] /' [ 269.554225][T11166] xt_hashlimit: size too large, truncated to 1048576 [ 269.694440][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 269.705354][ T5834] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 269.716087][ T5834] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 269.735753][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 269.743549][ T5834] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 269.751899][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 269.907842][ T8298] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 269.910073][T11179] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1397'. [ 269.945457][ T8298] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 269.963466][ T8298] bond0 (unregistering): Released all slaves [ 269.979257][T11146] veth0_vlan: left promiscuous mode [ 269.987597][T11146] veth0_vlan: entered promiscuous mode [ 269.997000][T11146] team0: Device veth0_vlan failed to register rx_handler [ 270.091994][T11174] macsec0: entered promiscuous mode [ 270.104445][T11174] macsec0: entered allmulticast mode [ 270.127247][T11175] veth1_macvtap: entered allmulticast mode [ 270.144827][T11175] macsec0: left promiscuous mode [ 270.155207][T11175] macsec0: left allmulticast mode [ 270.160432][T11175] veth1_macvtap: left allmulticast mode [ 270.210396][T11181] tap0: tun_chr_ioctl cmd 1074025677 [ 270.217809][T11181] tap0: linktype set to 804 [ 270.337558][T11184] netlink: 'syz.4.1398': attribute type 21 has an invalid length. [ 271.005050][T11212] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1406'. [ 271.334203][ T8298] hsr_slave_0: left promiscuous mode [ 271.350204][ T8298] hsr_slave_1: left promiscuous mode [ 271.363447][ T8298] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 271.396061][ T8298] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 271.414142][ T8298] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 271.423708][ T8298] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 271.511568][ T8298] veth1_macvtap: left promiscuous mode [ 271.525574][ T8298] veth0_macvtap: left promiscuous mode [ 271.531261][ T8298] veth1_vlan: left promiscuous mode [ 271.555119][ T8298] veth0_vlan: left promiscuous mode [ 271.847161][ T5849] Bluetooth: hci0: command tx timeout [ 272.268345][ T8298] team0 (unregistering): Port device team_slave_1 removed [ 272.311687][ T8298] team0 (unregistering): Port device team_slave_0 removed [ 272.761751][T11219] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1407'. [ 272.912725][T11226] ax25_connect(): syz.4.1409 uses autobind, please contact jreuter@yaina.de [ 272.969157][T11172] chnl_net:caif_netlink_parms(): no params data found [ 273.004717][T11229] netlink: 'syz.4.1409': attribute type 21 has an invalid length. [ 273.557186][T11172] bridge0: port 1(bridge_slave_0) entered blocking state [ 273.583066][T11172] bridge0: port 1(bridge_slave_0) entered disabled state [ 273.606665][T11172] bridge_slave_0: entered allmulticast mode [ 273.634304][T11172] bridge_slave_0: entered promiscuous mode [ 273.925053][ T5849] Bluetooth: hci0: command tx timeout [ 273.935568][T11172] bridge0: port 2(bridge_slave_1) entered blocking state [ 273.965521][T11172] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.001342][T11172] bridge_slave_1: entered allmulticast mode [ 274.049000][T11172] bridge_slave_1: entered promiscuous mode [ 274.694480][T11269] openvswitch: netlink: Actions may not be safe on all matching packets [ 274.709220][T11269] netlink: 112 bytes leftover after parsing attributes in process `syz.4.1419'. [ 274.766738][T11260] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1410'. [ 274.809357][T11172] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 274.858767][T11172] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 275.273013][T11172] team0: Port device team_slave_0 added [ 275.312184][T11172] team0: Port device team_slave_1 added [ 275.545637][T11172] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 275.552642][T11172] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 275.594559][T11172] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 275.627493][T11172] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 275.634512][T11172] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 275.705196][T11172] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 275.965841][T11293] netlink: 'syz.1.1424': attribute type 10 has an invalid length. [ 276.009913][ T5849] Bluetooth: hci0: command tx timeout [ 276.083896][T11293] veth0_vlan: left promiscuous mode [ 276.109309][T11293] veth0_vlan: entered promiscuous mode [ 276.128564][T11293] team0: Device veth0_vlan failed to register rx_handler [ 276.132259][T11298] netlink: 'syz.2.1425': attribute type 1 has an invalid length. [ 276.191851][T11172] hsr_slave_0: entered promiscuous mode [ 276.279146][T11172] hsr_slave_1: entered promiscuous mode [ 276.294786][T11306] IPVS: set_ctl: invalid protocol: 136 100.1.1.0:19999 [ 276.307714][T11172] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 276.328835][T11172] Cannot create hsr debugfs directory [ 276.355809][T11308] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1429'. [ 276.427912][T11308] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1429'. [ 276.480174][T11304] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1428'. [ 276.516449][T11304] netlink: 830 bytes leftover after parsing attributes in process `syz.4.1428'. [ 276.761335][T11317] netlink: 'syz.3.1430': attribute type 1 has an invalid length. [ 276.993909][T11317] bond2: entered promiscuous mode [ 276.999853][T11317] 8021q: adding VLAN 0 to HW filter on device bond2 [ 277.042800][T11320] 8021q: adding VLAN 0 to HW filter on device bond2 [ 277.056066][T11320] bond2: (slave ip6gre1): The slave device specified does not support setting the MAC address [ 277.105245][T11320] bond2: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode [ 277.129995][T11320] bond2: (slave ip6gre1): making interface the new active one [ 277.186491][T11320] ip6gre1: entered promiscuous mode [ 277.201110][T11320] bond2: (slave ip6gre1): Enslaving as an active interface with an up link [ 277.241738][T11321] netlink: 'syz.4.1431': attribute type 21 has an invalid length. [ 277.589919][T11340] sctp: [Deprecated]: syz.2.1437 (pid 11340) Use of int in max_burst socket option deprecated. [ 277.589919][T11340] Use struct sctp_assoc_value instead [ 277.784593][T11349] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1440'. [ 278.050891][T11172] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 278.078239][T11172] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 278.094151][T11357] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1443'. [ 278.124979][ T5849] Bluetooth: hci0: command tx timeout [ 278.206227][T11172] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 278.267583][T11360] netlink: 'syz.4.1446': attribute type 21 has an invalid length. [ 278.276606][T11172] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 278.335688][T11361] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1444'. [ 278.633181][T11172] 8021q: adding VLAN 0 to HW filter on device bond0 [ 278.730753][T11172] 8021q: adding VLAN 0 to HW filter on device team0 [ 278.826332][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 278.833455][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 278.900672][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 278.907897][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 278.945889][T11391] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1454'. [ 278.975405][T11393] x_tables: duplicate underflow at hook 2 [ 279.017554][T11396] netlink: 'syz.1.1455': attribute type 10 has an invalid length. [ 279.243583][T11396] veth0_vlan: left promiscuous mode [ 279.266766][T11396] veth0_vlan: entered promiscuous mode [ 279.297077][T11396] team0: Device veth0_vlan failed to register rx_handler [ 279.935974][T11172] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 280.079937][T11172] veth0_vlan: entered promiscuous mode [ 280.131817][T11172] veth1_vlan: entered promiscuous mode [ 280.328370][T11172] veth0_macvtap: entered promiscuous mode [ 280.372871][T11172] veth1_macvtap: entered promiscuous mode [ 280.383439][T11451] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1469'. [ 280.478506][T11455] netlink: 'syz.4.1474': attribute type 10 has an invalid length. [ 280.560328][T11455] veth0_vlan: left promiscuous mode [ 280.566995][T11455] veth0_vlan: entered promiscuous mode [ 280.574496][T11455] team0: Device veth0_vlan failed to register rx_handler [ 280.618835][T11172] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 280.909423][T11471] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 280.909474][T11172] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 280.937577][T11467] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1475'. [ 281.022780][T11172] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.038569][T11172] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.058445][T11471] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1478'. [ 281.061855][T11172] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.084610][T11172] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 281.115021][T11471] netlink: 'syz.2.1478': attribute type 2 has an invalid length. [ 281.134547][T11471] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1478'. [ 281.153355][T11470] team0: No ports can be present during mode change [ 281.221753][T11483] tipc: Enabling of bearer rejected, failed to enable media [ 281.497440][ T6238] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 281.515435][ T6238] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 281.573563][T11507] netlink: 'syz.3.1485': attribute type 21 has an invalid length. [ 281.623878][ T6238] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 281.632876][ T6238] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 281.901902][T11523] netlink: 'syz.4.1490': attribute type 10 has an invalid length. [ 281.942857][T11526] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1492'. [ 282.262683][T11532] ip6tnl1: entered promiscuous mode [ 282.268279][T11532] ip6tnl1: entered allmulticast mode [ 282.275442][T11532] team0: Device ip6tnl1 is of different type [ 282.316335][T11533] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1494'. [ 282.624319][ T8298] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.798939][ T8298] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.880633][ T8298] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 282.979660][ T8298] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.080679][ T8298] bridge_slave_1: left allmulticast mode [ 283.086522][ T8298] bridge_slave_1: left promiscuous mode [ 283.092285][ T8298] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.103171][ T8298] bridge_slave_0: left allmulticast mode [ 283.109414][ T8298] bridge_slave_0: left promiscuous mode [ 283.115344][ T8298] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.526255][ T8298] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 283.539275][ T8298] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 283.550082][ T8298] bond0 (unregistering): Released all slaves [ 284.065163][ T8298] hsr_slave_0: left promiscuous mode [ 284.093738][ T8298] hsr_slave_1: left promiscuous mode [ 284.101577][ T8298] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 284.125165][ T8298] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 284.143572][ T8298] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 284.177148][ T8298] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 284.296010][ T8298] veth1_macvtap: left promiscuous mode [ 284.315134][ T8298] veth0_macvtap: left promiscuous mode [ 284.320843][ T8298] veth1_vlan: left promiscuous mode [ 284.355881][ T8298] veth0_vlan: left promiscuous mode [ 284.407318][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 284.428531][ T5834] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 284.442039][ T5834] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 284.453000][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 284.461928][ T5834] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 284.470058][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 284.814117][T11566] __nla_validate_parse: 1 callbacks suppressed [ 284.814140][T11566] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1500'. [ 285.220120][ T8298] team0 (unregistering): Port device team_slave_1 removed [ 285.271851][ T8298] team0 (unregistering): Port device team_slave_0 removed [ 285.806217][T11565] bond2: left promiscuous mode [ 285.811471][T11565] ip6gre1: left promiscuous mode [ 286.222639][T11572] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1502'. [ 286.275262][T11572] netlink: 830 bytes leftover after parsing attributes in process `syz.4.1502'. [ 286.387056][T11576] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1504'. [ 286.565110][ T5834] Bluetooth: hci0: command tx timeout [ 286.833779][T11560] chnl_net:caif_netlink_parms(): no params data found [ 286.910886][T11586] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1506'. [ 286.929366][T11574] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1503'. [ 287.130767][T11574] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 287.269282][T11581] netlink: 830 bytes leftover after parsing attributes in process `syz.1.1503'. [ 287.547230][T11560] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.554414][T11560] bridge0: port 1(bridge_slave_0) entered disabled state [ 287.622876][T11560] bridge_slave_0: entered allmulticast mode [ 287.642148][T11560] bridge_slave_0: entered promiscuous mode [ 287.663685][T11560] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.672397][T11560] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.685769][T11560] bridge_slave_1: entered allmulticast mode [ 287.703912][T11560] bridge_slave_1: entered promiscuous mode [ 287.812087][T11614] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1514'. [ 288.126137][T11560] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 288.180031][T11560] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 288.274498][T11616] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 288.285909][T11616] netlink: 830 bytes leftover after parsing attributes in process `syz.4.1515'. [ 288.308702][T11617] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1515'. [ 288.584531][T11560] team0: Port device team_slave_0 added [ 288.599966][T11560] team0: Port device team_slave_1 added [ 288.656122][ T5834] Bluetooth: hci0: command tx timeout [ 288.689254][T11560] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 288.701465][T11560] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 288.729022][T11560] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 288.757525][T11560] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 288.770926][T11560] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 288.797435][T11560] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 288.894749][T11636] sctp: [Deprecated]: syz.2.1520 (pid 11636) Use of int in max_burst socket option. [ 288.894749][T11636] Use struct sctp_assoc_value instead [ 288.944085][T11560] hsr_slave_0: entered promiscuous mode [ 288.951035][T11560] hsr_slave_1: entered promiscuous mode [ 288.957572][T11560] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 288.966255][T11560] Cannot create hsr debugfs directory [ 289.102624][ T8288] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 289.145110][ T8288] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 289.464812][T11646] netlink: 'syz.4.1525': attribute type 10 has an invalid length. [ 289.491763][T11646] veth0_vlan: left promiscuous mode [ 289.499839][T11646] veth0_vlan: entered promiscuous mode [ 289.509078][T11646] team0: Device veth0_vlan failed to register rx_handler [ 290.477401][T11560] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 290.733419][ T5834] Bluetooth: hci0: command tx timeout [ 291.245942][T11560] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 291.282973][T11662] __nla_validate_parse: 4 callbacks suppressed [ 291.282997][T11662] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1528'. [ 291.319339][T11674] netlink: 830 bytes leftover after parsing attributes in process `syz.2.1528'. [ 291.331901][T11679] sctp: [Deprecated]: syz.1.1530 (pid 11679) Use of int in max_burst socket option. [ 291.331901][T11679] Use struct sctp_assoc_value instead [ 291.372341][T11560] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 291.382934][T11679] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1530'. [ 291.424785][T11679] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1530'. [ 291.446130][T11560] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 291.892100][T11560] 8021q: adding VLAN 0 to HW filter on device bond0 [ 291.912332][T11694] SET target dimension over the limit! [ 291.932597][T11691] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 291.998021][T11691] tipc: Started in network mode [ 292.002964][T11691] tipc: Node identity 7, cluster identity 4711 [ 292.021548][T11691] tipc: Node number set to 7 [ 292.042879][T11691] tipc: Cannot configure node identity twice [ 292.117543][T11560] 8021q: adding VLAN 0 to HW filter on device team0 [ 292.168991][T11700] netlink: 'syz.3.1536': attribute type 10 has an invalid length. [ 292.219090][T11700] veth0_vlan: left promiscuous mode [ 292.241129][T11700] veth0_vlan: entered promiscuous mode [ 292.265437][T11700] team0: Device veth0_vlan failed to register rx_handler [ 292.361740][ T8281] bridge0: port 1(bridge_slave_0) entered blocking state [ 292.368994][ T8281] bridge0: port 1(bridge_slave_0) entered forwarding state [ 292.381401][ T8281] bridge0: port 2(bridge_slave_1) entered blocking state [ 292.388652][ T8281] bridge0: port 2(bridge_slave_1) entered forwarding state [ 292.677406][T11712] netlink: 'syz.4.1539': attribute type 10 has an invalid length. [ 292.686672][T11712] veth0_vlan: left promiscuous mode [ 292.692959][T11712] veth0_vlan: entered promiscuous mode [ 292.693023][T11709] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1538'. [ 292.709333][T11712] team0: Device veth0_vlan failed to register rx_handler [ 292.814317][ T5834] Bluetooth: hci0: command tx timeout [ 293.268362][T11560] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 293.561749][T11740] netlink: 'syz.4.1546': attribute type 1 has an invalid length. [ 293.663954][T11744] IPv6: sit1: Disabled Multicast RS [ 293.724707][T11747] pimreg: entered allmulticast mode [ 293.753997][T11750] pimreg: left allmulticast mode [ 293.963315][T11560] veth0_vlan: entered promiscuous mode [ 294.043610][T11560] veth1_vlan: entered promiscuous mode [ 294.166789][T11760] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1550'. [ 294.214301][T11760] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1550'. [ 294.306764][T11763] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1550'. [ 294.344357][T11763] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1550'. [ 294.409402][T11759] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1551'. [ 294.593343][T11560] veth0_macvtap: entered promiscuous mode [ 294.667677][T11560] veth1_macvtap: entered promiscuous mode [ 294.679042][T11770] netlink: 'syz.2.1552': attribute type 34 has an invalid length. [ 294.693448][T11560] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 294.828732][T11560] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 294.877316][T11560] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.915694][T11560] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.924464][T11560] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.973331][T11560] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.643734][T11793] FAULT_INJECTION: forcing a failure. [ 295.643734][T11793] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 295.657610][T11793] CPU: 1 UID: 0 PID: 11793 Comm: syz.4.1559 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0 [ 295.657639][T11793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 295.657652][T11793] Call Trace: [ 295.657660][T11793] [ 295.657668][T11793] dump_stack_lvl+0x241/0x360 [ 295.657714][T11793] ? __pfx_dump_stack_lvl+0x10/0x10 [ 295.657738][T11793] ? __pfx__printk+0x10/0x10 [ 295.657762][T11793] ? __pfx_lock_release+0x10/0x10 [ 295.657804][T11793] should_fail_ex+0x40a/0x550 [ 295.657841][T11793] _copy_from_user+0x2d/0xb0 [ 295.657870][T11793] do_sock_getsockopt+0x1d1/0x740 [ 295.657899][T11793] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 295.657920][T11793] ? __fget_files+0x2a/0x410 [ 295.657952][T11793] ? __fget_files+0x395/0x410 [ 295.657982][T11793] ? __fget_files+0x2a/0x410 [ 295.658018][T11793] __x64_sys_getsockopt+0x2a1/0x370 [ 295.658049][T11793] ? __pfx___x64_sys_getsockopt+0x10/0x10 [ 295.658072][T11793] ? do_syscall_64+0x100/0x230 [ 295.658101][T11793] ? do_syscall_64+0xb6/0x230 [ 295.658127][T11793] do_syscall_64+0xf3/0x230 [ 295.658151][T11793] ? clear_bhb_loop+0x35/0x90 [ 295.658184][T11793] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.658212][T11793] RIP: 0033:0x7f21dc38d169 [ 295.658237][T11793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 295.658255][T11793] RSP: 002b:00007f21dd128038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 295.658285][T11793] RAX: ffffffffffffffda RBX: 00007f21dc5a5fa0 RCX: 00007f21dc38d169 [ 295.658301][T11793] RDX: 000000000000001e RSI: 0000000000000084 RDI: 0000000000000003 [ 295.658314][T11793] RBP: 00007f21dd128090 R08: 0000400000000040 R09: 0000000000000000 [ 295.658328][T11793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 295.658340][T11793] R13: 0000000000000000 R14: 00007f21dc5a5fa0 R15: 00007ffded63eaa8 [ 295.658371][T11793] [ 295.877717][ T6238] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 295.935277][ T6238] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 296.338355][ T8288] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 296.355608][ T8288] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 296.450348][T11811] __nla_validate_parse: 4 callbacks suppressed [ 296.450369][T11811] netlink: 1256 bytes leftover after parsing attributes in process `syz.1.1563'. [ 296.480117][T11811] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 296.828720][T11827] netlink: 270 bytes leftover after parsing attributes in process `syz.4.1566'. [ 297.254693][ T8288] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.399070][ T8288] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.611047][ T8288] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.898840][ T8288] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.957660][T11823] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1564'. [ 298.043028][T11822] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 298.059889][ T8288] bridge_slave_1: left allmulticast mode [ 298.065701][ T8288] bridge_slave_1: left promiscuous mode [ 298.071414][ T8288] bridge0: port 2(bridge_slave_1) entered disabled state [ 298.080784][ T8288] bridge_slave_0: left allmulticast mode [ 298.087434][ T8288] bridge_slave_0: left promiscuous mode [ 298.093150][ T8288] bridge0: port 1(bridge_slave_0) entered disabled state [ 298.505624][ T8288] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 298.519356][ T8288] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 298.531309][ T8288] bond0 (unregistering): Released all slaves [ 298.541749][T11822] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1564'. [ 298.682718][T11845] FAULT_INJECTION: forcing a failure. [ 298.682718][T11845] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 298.696458][T11845] CPU: 0 UID: 0 PID: 11845 Comm: syz.4.1570 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0 [ 298.696487][T11845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 298.696501][T11845] Call Trace: [ 298.696509][T11845] [ 298.696517][T11845] dump_stack_lvl+0x241/0x360 [ 298.696549][T11845] ? __pfx_dump_stack_lvl+0x10/0x10 [ 298.696573][T11845] ? __pfx__printk+0x10/0x10 [ 298.696600][T11845] ? snprintf+0xda/0x120 [ 298.696634][T11845] should_fail_ex+0x40a/0x550 [ 298.696670][T11845] _copy_to_user+0x31/0xb0 [ 298.696700][T11845] simple_read_from_buffer+0xca/0x150 [ 298.696732][T11845] proc_fail_nth_read+0x1e9/0x250 [ 298.696764][T11845] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 298.696796][T11845] ? rw_verify_area+0x243/0x630 [ 298.696817][T11845] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 298.696848][T11845] vfs_read+0x1f8/0xb40 [ 298.696870][T11845] ? fdget_pos+0x254/0x320 [ 298.696902][T11845] ? __pfx___mutex_lock+0x10/0x10 [ 298.696928][T11845] ? __pfx_vfs_read+0x10/0x10 [ 298.696954][T11845] ? __fget_files+0x2a/0x410 [ 298.696985][T11845] ? __fget_files+0x395/0x410 [ 298.697013][T11845] ? __fget_files+0x2a/0x410 [ 298.697053][T11845] ksys_read+0x18f/0x2b0 [ 298.697077][T11845] ? __pfx_ksys_read+0x10/0x10 [ 298.697101][T11845] ? do_syscall_64+0x100/0x230 [ 298.697140][T11845] ? do_syscall_64+0xb6/0x230 [ 298.697169][T11845] do_syscall_64+0xf3/0x230 [ 298.697194][T11845] ? clear_bhb_loop+0x35/0x90 [ 298.697228][T11845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 298.697256][T11845] RIP: 0033:0x7f21dc38bb7c [ 298.697275][T11845] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 298.697292][T11845] RSP: 002b:00007f21dd128030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 298.697314][T11845] RAX: ffffffffffffffda RBX: 00007f21dc5a5fa0 RCX: 00007f21dc38bb7c [ 298.697329][T11845] RDX: 000000000000000f RSI: 00007f21dd1280a0 RDI: 0000000000000005 [ 298.697342][T11845] RBP: 00007f21dd128090 R08: 0000000000000000 R09: 0000000000000000 [ 298.697355][T11845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 298.697366][T11845] R13: 0000000000000000 R14: 00007f21dc5a5fa0 R15: 00007ffded63eaa8 [ 298.697396][T11845] [ 299.097980][T11855] netlink: 'syz.4.1572': attribute type 10 has an invalid length. [ 299.271707][T11855] veth0_vlan: left promiscuous mode [ 299.278281][T11855] veth0_vlan: entered promiscuous mode [ 299.288127][T11855] team0: Device veth0_vlan failed to register rx_handler [ 299.636275][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 299.647801][ T5849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 299.667378][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 299.678956][ T5849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 299.695519][ T5849] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 299.703712][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 299.801030][T11879] netlink: 'syz.3.1577': attribute type 10 has an invalid length. [ 299.809748][T11879] veth0_vlan: left promiscuous mode [ 299.819419][T11879] veth0_vlan: entered promiscuous mode [ 299.827206][T11879] team0: Device veth0_vlan failed to register rx_handler [ 299.943201][T11884] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 300.042333][T11886] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1578'. [ 300.076376][T11886] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1578'. [ 300.146215][ T8288] hsr_slave_0: left promiscuous mode [ 300.199243][ T8288] hsr_slave_1: left promiscuous mode [ 300.230088][ T8288] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 300.282257][ T8288] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 300.343071][ T8288] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 300.394832][ T8288] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 300.637852][ T8288] veth1_macvtap: left promiscuous mode [ 300.661560][ T8288] veth0_macvtap: left promiscuous mode [ 300.674518][ T8288] veth1_vlan: left promiscuous mode [ 300.683259][ T8288] veth0_vlan: left promiscuous mode [ 301.462804][ T8288] team0 (unregistering): Port device team_slave_1 removed [ 301.512128][ T8288] team0 (unregistering): Port device team_slave_0 removed [ 301.849009][ T5834] Bluetooth: hci0: command tx timeout [ 302.523391][T11904] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1583'. [ 302.545631][T11904] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 302.575419][T11904] netlink: 830 bytes leftover after parsing attributes in process `syz.4.1583'. [ 302.684349][T11873] chnl_net:caif_netlink_parms(): no params data found [ 302.791312][T11918] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1585'. [ 302.834898][T11918] 8021q: adding VLAN 0 to HW filter on device bond3 [ 302.883725][T11921] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1586'. [ 303.183657][T11873] bridge0: port 1(bridge_slave_0) entered blocking state [ 303.191220][T11873] bridge0: port 1(bridge_slave_0) entered disabled state [ 303.211518][T11873] bridge_slave_0: entered allmulticast mode [ 303.236288][T11873] bridge_slave_0: entered promiscuous mode [ 303.257965][T11873] bridge0: port 2(bridge_slave_1) entered blocking state [ 303.267688][T11873] bridge0: port 2(bridge_slave_1) entered disabled state [ 303.275281][T11873] bridge_slave_1: entered allmulticast mode [ 303.282954][T11873] bridge_slave_1: entered promiscuous mode [ 303.411420][T11941] xt_bpf: check failed: parse error [ 303.494569][T11873] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 303.507387][T11873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 303.928070][ T5834] Bluetooth: hci0: command tx timeout [ 304.330082][T11955] netlink: 'syz.2.1594': attribute type 10 has an invalid length. [ 304.433481][T11873] team0: Port device team_slave_0 added [ 304.475436][T11955] veth0_vlan: left promiscuous mode [ 304.769166][T11955] veth0_vlan: entered promiscuous mode [ 304.777025][T11955] team0: Device veth0_vlan failed to register rx_handler [ 304.820011][T11959] netlink: 'syz.3.1595': attribute type 1 has an invalid length. [ 304.837152][T11873] team0: Port device team_slave_1 added [ 304.952972][T11959] 8021q: adding VLAN 0 to HW filter on device bond4 [ 305.031594][T11962] bond4: (slave gretap1): making interface the new active one [ 305.043361][T11962] bond4: (slave gretap1): Enslaving as an active interface with an up link [ 305.096786][T11873] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 305.108760][T11873] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 305.139791][T11873] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 305.155408][T11873] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 305.165140][T11873] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 305.254089][T11873] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 305.518678][T11873] hsr_slave_0: entered promiscuous mode [ 305.535777][T11873] hsr_slave_1: entered promiscuous mode [ 305.541969][T11873] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 305.550995][T11873] Cannot create hsr debugfs directory [ 305.598825][T11964] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1596'. [ 305.646967][T11964] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 305.700826][T11964] netlink: 830 bytes leftover after parsing attributes in process `syz.1.1596'. [ 305.940622][T11976] xt_CT: You must specify a L4 protocol and not use inversions on it [ 306.006210][ T5834] Bluetooth: hci0: command tx timeout [ 306.224208][T11980] netlink: 144 bytes leftover after parsing attributes in process `syz.4.1600'. [ 306.422679][T11978] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1600'. [ 306.851137][T11873] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 306.887903][T11992] sch_tbf: burst 3631 is lower than device lo mtu (65550) ! [ 306.923877][T11873] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 307.050847][T11873] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 307.081685][T11873] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 307.113707][T12008] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1607'. [ 307.133683][T12008] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1607'. [ 307.194121][T12010] netlink: 'syz.4.1609': attribute type 4 has an invalid length. [ 307.521837][T12013] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 307.628064][T11873] 8021q: adding VLAN 0 to HW filter on device bond0 [ 307.729139][T11873] 8021q: adding VLAN 0 to HW filter on device team0 [ 307.814290][ T6256] bridge0: port 1(bridge_slave_0) entered blocking state [ 307.821609][ T6256] bridge0: port 1(bridge_slave_0) entered forwarding state [ 307.972814][ T6256] bridge0: port 2(bridge_slave_1) entered blocking state [ 307.980055][ T6256] bridge0: port 2(bridge_slave_1) entered forwarding state [ 308.085182][ T5834] Bluetooth: hci0: command tx timeout [ 308.170849][T11873] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 308.187787][T12025] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1613'. [ 308.238417][T12025] Bluetooth: MGMT ver 1.23 [ 308.720273][T11873] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 309.522343][T11873] veth0_vlan: entered promiscuous mode [ 309.582435][T11873] veth1_vlan: entered promiscuous mode [ 309.618272][T12021] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1611'. [ 309.647573][T12061] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1621'. [ 309.726566][T12063] syz.4.1621 uses old SIOCAX25GETINFO [ 309.746596][T12020] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 309.802271][T11873] veth0_macvtap: entered promiscuous mode [ 310.011691][T12020] netlink: 830 bytes leftover after parsing attributes in process `syz.1.1611'. [ 310.089349][T11873] veth1_macvtap: entered promiscuous mode [ 310.233251][T11873] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 310.878266][T11873] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 310.950215][T11873] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.959298][T11873] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.969549][T11873] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.979394][T11873] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.212608][T12086] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1627'. [ 311.376173][T12088] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1627'. [ 311.634181][ T6238] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 311.692325][ T6238] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 312.349433][ T8281] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 312.396652][T12106] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1632'. [ 312.426158][ T8281] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 312.895658][T12118] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1637'. [ 312.917203][T12118] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 312.929126][T12118] netlink: 830 bytes leftover after parsing attributes in process `syz.4.1637'. [ 313.147216][T12127] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1638'. [ 314.345523][T12146] openvswitch: netlink: Message has 8 unknown bytes. [ 314.413682][ T8298] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.519668][ T8298] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.646609][ T8298] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.737474][ T8298] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.826613][ T8298] bridge_slave_1: left allmulticast mode [ 314.832341][ T8298] bridge_slave_1: left promiscuous mode [ 314.838593][ T8298] bridge0: port 2(bridge_slave_1) entered disabled state [ 314.848114][ T8298] bridge_slave_0: left allmulticast mode [ 314.853816][ T8298] bridge_slave_0: left promiscuous mode [ 314.860301][ T8298] bridge0: port 1(bridge_slave_0) entered disabled state [ 315.230483][ T8298] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 315.241613][ T8298] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 315.256010][ T8298] bond0 (unregistering): Released all slaves [ 315.553665][ T8298] hsr_slave_0: left promiscuous mode [ 315.564993][ T8298] hsr_slave_1: left promiscuous mode [ 315.570976][ T8298] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 315.578581][ T8298] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 315.587001][ T8298] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 315.594467][ T8298] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 315.622615][ T8298] veth1_macvtap: left promiscuous mode [ 315.628349][ T8298] veth0_macvtap: left promiscuous mode [ 315.633933][ T8298] veth1_vlan: left promiscuous mode [ 315.640899][ T8298] veth0_vlan: left promiscuous mode [ 315.864743][T12159] netlink: 208 bytes leftover after parsing attributes in process `syz.3.1645'. [ 315.895368][T12161] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1646'. [ 316.298760][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 316.328521][ T5849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 316.338124][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 316.342928][T12177] netlink: 'syz.3.1648': attribute type 4 has an invalid length. [ 316.360359][ T5849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 316.379584][ T5849] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 316.391666][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 316.672954][ T8298] team0 (unregistering): Port device team_slave_1 removed [ 316.731962][ T8298] team0 (unregistering): Port device team_slave_0 removed [ 317.257590][T12155] macsec0: entered allmulticast mode [ 317.263419][T12162] veth1_macvtap: entered allmulticast mode [ 317.271925][T12162] macsec0: left allmulticast mode [ 317.277188][T12162] veth1_macvtap: left allmulticast mode [ 317.465499][ T1293] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.695975][T12182] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1651'. [ 317.731528][T12182] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 317.743043][T12182] netlink: 830 bytes leftover after parsing attributes in process `syz.4.1651'. [ 317.965640][T12200] atomic_op ffff8880285c5998 conn xmit_atomic 0000000000000000 [ 317.984159][T12200] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048) [ 318.046375][T12194] 8021q: adding VLAN 0 to HW filter on device bond5 [ 318.082738][T12194] bond0: (slave bond5): Enslaving as an active interface with an up link [ 318.182379][T12207] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1657'. [ 318.485681][ T5834] Bluetooth: hci0: command tx timeout [ 319.081223][T12223] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1661'. [ 319.865952][T12234] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1663'. [ 319.943087][T12235] netlink: 'syz.2.1663': attribute type 39 has an invalid length. [ 320.014829][T12234] vlan2: entered allmulticast mode [ 320.020576][T12234] bridge0: port 3(vlan2) entered blocking state [ 320.038753][T12237] Unknown options in mask 1f4 [ 320.046134][T12237] Unknown options in mask 1f4 [ 320.088811][T12234] bridge0: port 3(vlan2) entered disabled state [ 320.131580][T12175] chnl_net:caif_netlink_parms(): no params data found [ 320.306573][T12243] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1665'. [ 320.565095][ T5834] Bluetooth: hci0: command tx timeout [ 320.903202][T12175] bridge0: port 1(bridge_slave_0) entered blocking state [ 320.928871][T12175] bridge0: port 1(bridge_slave_0) entered disabled state [ 320.974303][T12175] bridge_slave_0: entered allmulticast mode [ 321.014104][T12175] bridge_slave_0: entered promiscuous mode [ 321.062146][T12175] bridge0: port 2(bridge_slave_1) entered blocking state [ 321.091751][T12175] bridge0: port 2(bridge_slave_1) entered disabled state [ 321.133397][T12175] bridge_slave_1: entered allmulticast mode [ 321.178018][T12175] bridge_slave_1: entered promiscuous mode [ 321.487428][T12175] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 321.561838][T12175] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 321.651255][ T8636] IPVS: starting estimator thread 0... [ 321.675346][T12273] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1673'. [ 321.691153][T12175] team0: Port device team_slave_0 added [ 321.755746][T12270] IPVS: using max 22 ests per chain, 52800 per kthread [ 321.757668][T12175] team0: Port device team_slave_1 added [ 322.145829][T12175] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 322.167184][T12175] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 322.256160][T12175] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 322.268002][T12282] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 322.390286][T12282] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1665'. [ 322.402573][T12175] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 322.418711][T12175] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 322.445381][T12175] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 322.523681][T12290] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1677'. [ 322.655263][ T5834] Bluetooth: hci0: command tx timeout [ 323.103973][T12175] hsr_slave_0: entered promiscuous mode [ 323.110707][T12175] hsr_slave_1: entered promiscuous mode [ 323.121144][T12175] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 323.143071][T12175] Cannot create hsr debugfs directory [ 323.249147][T12299] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1682'. [ 323.390733][T12312] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1684'. [ 323.412558][T12309] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1683'. [ 323.434683][T12314] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1681'. [ 323.576069][T12316] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1685'. [ 323.595977][T12308] syzkaller0: entered promiscuous mode [ 323.601518][T12308] syzkaller0: entered allmulticast mode [ 323.608254][T12314] syz_tun: left allmulticast mode [ 323.625432][T12314] syz_tun: left promiscuous mode [ 323.630896][T12314] bridge0: port 2(syz_tun) entered disabled state [ 323.650984][T12314] bridge_slave_0: left allmulticast mode [ 323.657253][T12314] bridge_slave_0: left promiscuous mode [ 323.663386][T12314] bridge0: port 1(bridge_slave_0) entered disabled state [ 324.734170][ T5834] Bluetooth: hci0: command tx timeout [ 326.547727][T12340] netlink: 'syz.2.1691': attribute type 4 has an invalid length. [ 326.590980][T12340] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.1691'. [ 327.834242][T12357] netlink: 'syz.3.1697': attribute type 1 has an invalid length. [ 327.842653][T12175] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 327.851822][T12357] netlink: 'syz.3.1697': attribute type 3 has an invalid length. [ 327.870177][T12357] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1697'. [ 327.889797][T12357] NCSI netlink: No device for ifindex 246 [ 327.921347][T12175] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 328.058251][T12175] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 328.166146][T12175] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 328.524088][T12175] 8021q: adding VLAN 0 to HW filter on device bond0 [ 328.551761][T12175] 8021q: adding VLAN 0 to HW filter on device team0 [ 328.623964][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 328.631237][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 328.693612][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 328.700863][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 328.867623][T12406] atomic_op ffff88807d33a198 conn xmit_atomic 0000000000000000 [ 329.336481][T12430] netlink: 'syz.4.1727': attribute type 3 has an invalid length. [ 329.369120][T12433] sctp: [Deprecated]: syz.2.1726 (pid 12433) Use of struct sctp_assoc_value in delayed_ack socket option. [ 329.369120][T12433] Use struct sctp_sack_info instead [ 329.447933][T12175] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 329.600862][T12175] veth0_vlan: entered promiscuous mode [ 329.708822][T12175] veth1_vlan: entered promiscuous mode [ 329.721615][T12443] syzkaller1: entered promiscuous mode [ 329.733664][T12443] syzkaller1: entered allmulticast mode [ 329.918247][T12175] veth0_macvtap: entered promiscuous mode [ 329.925445][T12456] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1736'. [ 329.932977][T12175] veth1_macvtap: entered promiscuous mode [ 330.021922][T12461] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000197: 0000 [#1] PREEMPT SMP KASAN PTI [ 330.034578][T12461] KASAN: null-ptr-deref in range [0x0000000000000cb8-0x0000000000000cbf] [ 330.043433][T12461] CPU: 1 UID: 0 PID: 12461 Comm: syz.4.1740 Not tainted 6.14.0-rc5-syzkaller-01096-g865eddcf0afb #0 [ 330.054292][T12461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 330.064351][T12461] RIP: 0010:ethnl_default_dumpit+0x447/0xd40 [ 330.070352][T12461] Code: 49 8b 1f 48 89 d8 48 c1 e8 03 42 80 3c 30 00 74 08 48 89 df e8 ca e6 17 f8 4c 8b 3b 49 8d 9f bd 0c 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 30 84 c0 0f 85 4b 07 00 00 0f b6 1b 31 ff 89 de e8 f0 [ 330.089969][T12461] RSP: 0018:ffffc9000396f0d8 EFLAGS: 00010203 [ 330.096046][T12461] RAX: 0000000000000197 RBX: 0000000000000cbd RCX: 0000000000000000 [ 330.104019][T12461] RDX: 0000000000000000 RSI: ffffffff8c80fdc0 RDI: 0000000000000001 [ 330.112009][T12461] RBP: ffff88805674f000 R08: ffffffff903d0b77 R09: 1ffffffff207a16e [ 330.119993][T12461] R10: dffffc0000000000 R11: fffffbfff207a16f R12: ffff88805ff3e600 [ 330.127974][T12461] R13: ffff88805be39c80 R14: dffffc0000000000 R15: 0000000000000000 [ 330.135950][T12461] FS: 00007f21dd1286c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 330.144914][T12461] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 330.151497][T12461] CR2: 00007f21dc372c20 CR3: 00000000559e6000 CR4: 00000000003526f0 [ 330.159471][T12461] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 330.167446][T12461] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 330.175420][T12461] Call Trace: [ 330.178698][T12461] [ 330.181630][T12461] ? __die_body+0x5f/0xb0 [ 330.185976][T12461] ? die_addr+0xb0/0xe0 [ 330.190172][T12461] ? exc_general_protection+0x3dd/0x5d0 [ 330.195762][T12461] ? asm_exc_general_protection+0x26/0x30 [ 330.201508][T12461] ? ethnl_default_dumpit+0x447/0xd40 [ 330.206898][T12461] ? ethnl_default_dumpit+0x402/0xd40 [ 330.212299][T12461] ? ethnl_default_dumpit+0x78/0xd40 [ 330.217606][T12461] genl_dumpit+0x10d/0x1b0 [ 330.222121][T12461] netlink_dump+0x64d/0xe10 [ 330.226640][T12461] ? __pfx_netlink_dump+0x10/0x10 [ 330.231678][T12461] ? genl_start+0x59d/0x6d0 [ 330.236188][T12461] __netlink_dump_start+0x5a2/0x790 [ 330.241396][T12461] genl_rcv_msg+0x894/0xec0 [ 330.245906][T12461] ? __pfx_genl_rcv_msg+0x10/0x10 [ 330.250934][T12461] ? __pfx_genl_start+0x10/0x10 [ 330.255787][T12461] ? __pfx_genl_dumpit+0x10/0x10 [ 330.260730][T12461] ? __pfx_genl_done+0x10/0x10 [ 330.265516][T12461] ? __pfx_lock_acquire+0x10/0x10 [ 330.270555][T12461] ? __pfx_ethnl_default_start+0x10/0x10 [ 330.276198][T12461] ? __pfx_ethnl_default_dumpit+0x10/0x10 [ 330.281932][T12461] ? __pfx_ethnl_default_done+0x10/0x10 [ 330.287508][T12461] ? __pfx___might_resched+0x10/0x10 [ 330.292812][T12461] netlink_rcv_skb+0x206/0x480 [ 330.297586][T12461] ? __pfx_genl_rcv_msg+0x10/0x10 [ 330.302643][T12461] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 330.307950][T12461] genl_rcv+0x28/0x40 [ 330.311932][T12461] netlink_unicast+0x7f6/0x990 [ 330.316714][T12461] ? __pfx_netlink_unicast+0x10/0x10 [ 330.322044][T12461] ? __virt_addr_valid+0x45f/0x530 [ 330.327182][T12461] ? __phys_addr_symbol+0x2f/0x70 [ 330.332221][T12461] ? __check_object_size+0x47a/0x730 [ 330.337533][T12461] netlink_sendmsg+0x8de/0xcb0 [ 330.342322][T12461] ? __pfx_netlink_sendmsg+0x10/0x10 [ 330.347621][T12461] ? aa_sock_msg_perm+0x91/0x160 [ 330.352754][T12461] ? __pfx_netlink_sendmsg+0x10/0x10 [ 330.358050][T12461] __sock_sendmsg+0x221/0x270 [ 330.362742][T12461] ____sys_sendmsg+0x53a/0x860 [ 330.367692][T12461] ? __pfx_____sys_sendmsg+0x10/0x10 [ 330.372983][T12461] ? __fget_files+0x2a/0x410 [ 330.377763][T12461] ? __fget_files+0x2a/0x410 [ 330.382395][T12461] __sys_sendmsg+0x269/0x350 [ 330.386995][T12461] ? __pfx___sys_sendmsg+0x10/0x10 [ 330.392137][T12461] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 330.398580][T12461] ? do_syscall_64+0x100/0x230 [ 330.403357][T12461] ? do_syscall_64+0xb6/0x230 [ 330.408053][T12461] do_syscall_64+0xf3/0x230 [ 330.412568][T12461] ? clear_bhb_loop+0x35/0x90 [ 330.417264][T12461] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.423178][T12461] RIP: 0033:0x7f21dc38d169 [ 330.427598][T12461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 330.447209][T12461] RSP: 002b:00007f21dd128038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 330.455633][T12461] RAX: ffffffffffffffda RBX: 00007f21dc5a5fa0 RCX: 00007f21dc38d169 [ 330.463606][T12461] RDX: 0000000000000000 RSI: 0000400000000780 RDI: 0000000000000003 [ 330.471586][T12461] RBP: 00007f21dc40e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 330.479564][T12461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 330.487541][T12461] R13: 0000000000000000 R14: 00007f21dc5a5fa0 R15: 00007ffded63eaa8 [ 330.495546][T12461] [ 330.498566][T12461] Modules linked in: [ 330.503556][T12461] ---[ end trace 0000000000000000 ]--- [ 330.528580][T12461] RIP: 0010:ethnl_default_dumpit+0x447/0xd40 [ 330.534652][T12461] Code: 49 8b 1f 48 89 d8 48 c1 e8 03 42 80 3c 30 00 74 08 48 89 df e8 ca e6 17 f8 4c 8b 3b 49 8d 9f bd 0c 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 30 84 c0 0f 85 4b 07 00 00 0f b6 1b 31 ff 89 de e8 f0 [ 330.560225][T12461] RSP: 0018:ffffc9000396f0d8 EFLAGS: 00010203 [ 330.567385][T12461] RAX: 0000000000000197 RBX: 0000000000000cbd RCX: 0000000000000000 [ 330.575502][T12461] RDX: 0000000000000000 RSI: ffffffff8c80fdc0 RDI: 0000000000000001 [ 330.583517][T12461] RBP: ffff88805674f000 R08: ffffffff903d0b77 R09: 1ffffffff207a16e [ 330.592050][T12461] R10: dffffc0000000000 R11: fffffbfff207a16f R12: ffff88805ff3e600 [ 330.600210][T12461] R13: ffff88805be39c80 R14: dffffc0000000000 R15: 0000000000000000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 330.625065][T12461] FS: 00007f21dd1286c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 330.634128][T12461] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 330.641249][T12461] CR2: 00007f6bd08d7d60 CR3: 00000000559e6000 CR4: 00000000003526f0 [ 330.649953][T12461] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 330.658083][T12461] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 330.666227][T12461] Kernel panic - not syncing: Fatal exception [ 330.672643][T12461] Kernel Offset: disabled [ 330.676970][T12461] Rebooting in 86400 seconds..