last executing test programs: 1m33.311527221s ago: executing program 4 (id=1580): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfe80, &(0x7f00000005c0)=[{&(0x7f0000000940)="2e00000010008188e6b62aa73772cc9f1ba1f8482e0000005e140602000000000e000a00100000000280fffe128c", 0x2e}], 0x1}, 0x0) 1m20.792257222s ago: executing program 4 (id=1580): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfe80, &(0x7f00000005c0)=[{&(0x7f0000000940)="2e00000010008188e6b62aa73772cc9f1ba1f8482e0000005e140602000000000e000a00100000000280fffe128c", 0x2e}], 0x1}, 0x0) 1m14.067060279s ago: executing program 3 (id=2904): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x12, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000003900000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x1f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="5000000003080101000000000000000000000000050003001100000006000240000000002c0004800800000800014000000000080007400000000008000240000000007cff0540000000009efc1e25e5afa6cae5234b06af08aac5e3567f33a5164465aaefd6f655159d68df5de24406838570643bb27ad7a114a179d86acbefb1aeee6ade8105815ae14f4694ce71fa4ffbd8ae5a9252772c649169f33a310bf60ca01567763a1f03543321b15c03748e6d5f10720ff82d88584cc7421f69b7b2a583ea96817225b5126f8c48785cc098f377ad1f07c3fe1ef34a7e4977"], 0x50}}, 0x0) 1m5.742074696s ago: executing program 4 (id=1580): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfe80, &(0x7f00000005c0)=[{&(0x7f0000000940)="2e00000010008188e6b62aa73772cc9f1ba1f8482e0000005e140602000000000e000a00100000000280fffe128c", 0x2e}], 0x1}, 0x0) 1m3.523334421s ago: executing program 3 (id=2904): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x12, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000003900000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x1f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="5000000003080101000000000000000000000000050003001100000006000240000000002c0004800800000800014000000000080007400000000008000240000000007cff0540000000009efc1e25e5afa6cae5234b06af08aac5e3567f33a5164465aaefd6f655159d68df5de24406838570643bb27ad7a114a179d86acbefb1aeee6ade8105815ae14f4694ce71fa4ffbd8ae5a9252772c649169f33a310bf60ca01567763a1f03543321b15c03748e6d5f10720ff82d88584cc7421f69b7b2a583ea96817225b5126f8c48785cc098f377ad1f07c3fe1ef34a7e4977"], 0x50}}, 0x0) 48.988767466s ago: executing program 4 (id=1580): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfe80, &(0x7f00000005c0)=[{&(0x7f0000000940)="2e00000010008188e6b62aa73772cc9f1ba1f8482e0000005e140602000000000e000a00100000000280fffe128c", 0x2e}], 0x1}, 0x0) 48.347660697s ago: executing program 3 (id=2904): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x12, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000003900000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x1f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="5000000003080101000000000000000000000000050003001100000006000240000000002c0004800800000800014000000000080007400000000008000240000000007cff0540000000009efc1e25e5afa6cae5234b06af08aac5e3567f33a5164465aaefd6f655159d68df5de24406838570643bb27ad7a114a179d86acbefb1aeee6ade8105815ae14f4694ce71fa4ffbd8ae5a9252772c649169f33a310bf60ca01567763a1f03543321b15c03748e6d5f10720ff82d88584cc7421f69b7b2a583ea96817225b5126f8c48785cc098f377ad1f07c3fe1ef34a7e4977"], 0x50}}, 0x0) 32.549892962s ago: executing program 3 (id=2904): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x12, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000003900000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x1f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="5000000003080101000000000000000000000000050003001100000006000240000000002c0004800800000800014000000000080007400000000008000240000000007cff0540000000009efc1e25e5afa6cae5234b06af08aac5e3567f33a5164465aaefd6f655159d68df5de24406838570643bb27ad7a114a179d86acbefb1aeee6ade8105815ae14f4694ce71fa4ffbd8ae5a9252772c649169f33a310bf60ca01567763a1f03543321b15c03748e6d5f10720ff82d88584cc7421f69b7b2a583ea96817225b5126f8c48785cc098f377ad1f07c3fe1ef34a7e4977"], 0x50}}, 0x0) 31.475810507s ago: executing program 4 (id=1580): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfe80, &(0x7f00000005c0)=[{&(0x7f0000000940)="2e00000010008188e6b62aa73772cc9f1ba1f8482e0000005e140602000000000e000a00100000000280fffe128c", 0x2e}], 0x1}, 0x0) 17.071208264s ago: executing program 3 (id=2904): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x12, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000003900000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x1f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="5000000003080101000000000000000000000000050003001100000006000240000000002c0004800800000800014000000000080007400000000008000240000000007cff0540000000009efc1e25e5afa6cae5234b06af08aac5e3567f33a5164465aaefd6f655159d68df5de24406838570643bb27ad7a114a179d86acbefb1aeee6ade8105815ae14f4694ce71fa4ffbd8ae5a9252772c649169f33a310bf60ca01567763a1f03543321b15c03748e6d5f10720ff82d88584cc7421f69b7b2a583ea96817225b5126f8c48785cc098f377ad1f07c3fe1ef34a7e4977"], 0x50}}, 0x0) 15.289024643s ago: executing program 4 (id=1580): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfe80, &(0x7f00000005c0)=[{&(0x7f0000000940)="2e00000010008188e6b62aa73772cc9f1ba1f8482e0000005e140602000000000e000a00100000000280fffe128c", 0x2e}], 0x1}, 0x0) 2.38115767s ago: executing program 0 (id=3447): r0 = socket$inet6(0xa, 0x3, 0x87) r1 = getuid() setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000280)={{{@in=@multicast2, @in=@multicast1, 0xfffd, 0xfffe, 0x4e20, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, r1}, {0x0, 0x4, 0x1, 0x0, 0x0, 0x9}, {0x1ff, 0x1000000001, 0x4053e5, 0x20}, 0x6, 0x1, 0x1, 0x0, 0x0, 0x2}, {{@in6=@dev={0xfe, 0x80, '\x00', 0x23}, 0x1, 0x32}, 0x2, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x3502, 0x4, 0x0, 0x0, 0x6, 0xfffffffd}}, 0xe8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x9df}, 0x1c) setsockopt$MRT6_DONE(r0, 0x29, 0xc9, 0x0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) syz_emit_ethernet(0x11ee, &(0x7f0000002140)=ANY=[@ANYBLOB="bbbbbbbbbbbbffffffffffff86dd6fe3b24311b821fffe8000000000000000000000000000bbff0100000000000000000000000000011d2400000000000001fd3bbd3505dd7e00eb86b8474a8b016b79ac3fe1499b7d639d8b28922eddb7659910342b2b64b15cbaeeafdc2c26fcfa162f02fc5defedf71c3aab09a7ea0a963595f1f3e2319d4ad4110ae0ea598c2e77c64b3dcc37f775995be31bf640ce946fd9fbf6a349b24321c751dece4e87d76904a64e201983c4f3941397a1752bf1a29f7ea896c59c1d442593110b9116e29c4192a4f4737031e6d50e7aa82142c1bc44e8caa894ab8a23ceaae18ac3f78fa450f539e04643a29b67d7d17b4c800c6e61010812cc5b4b2656ef3d1586871372c2d296c29e0703685e5528d1c80c4ed40dcabb39e6575622891efdfefc1eef040dffe1cbea55b42efd4fc0e8790101050000000000040103c204000000dac2040000000dc910ff02000000000000000000000000000100000e00f900000000fc02000000000000000000000000000020010000000000000000000000000001ff01000000000000000000000000000100000000000000000000000000000001ff020000000000000000000000000001fc010000000000000000000000000000fe8800000000000000000000000000014e214e2404619078400dbdd9000b7218b87624371187f89a90bc3442a7b82dd0a6fbf35a334d7e8ff695e93856cecf0eaa9063251dd94bf120e6211341c113aea4490d1256fc1e921da086e1896b047d98985ff47d7012b71f3423a712d0266c9b634d9107038b1e9cdc8285656cac2bf3a08fde28146acc6267a9a5940a33fab706798aeddf9d89fd08326544987d504b65bed56ebff7645664c178558f412694571edee18512c1d8f7bc5e83947e12450fb62ffe4c0c1de3050f28731a5aef4818b610f8c894746d8701314ed7243c0d917f617e98c5e8d456eb97ecb7c30fd0b9f902cc9a4fb8db328e42e01816b5e2c4b7634d654a091b5d564ba8f5d8abf05c86f3e9f3b1a0d94caebc31f27147715a659d672a14d7d45a726a369e7d4d5e7364d3143dadf595a6eb373e05a71bc7c2359e64da3789252b2bdb2c39006d587ea16d060733d71f97ad6d510df90a233ea4f12d4c3dec268c7a81d82db4b7c0b960b0d24bbe998e8838caf633eaa9318ef76128a879b6103f7c002efc32484837c623f034a581affea93b49897ea32b9edc87059501df4bb94d1b30ed2c28db6f3369b6f983eef4fbb4b7b135d584c82fbef6af5cd193ce3af9c47050f0ca389cfef34485d31f8fa5d7a5eb12215d58a66edfe1c1d4e2497b52bd6a352f7a5e97af7c5f7ab734ede155cd63d60d783ecd08baeb469c610e5bb88a42e23c447f05b461ea2986f910189c17b9409210b88234992a9de1b5b3abe3cda5145fac561907fa24a7212c52b86d9934cc3c84248658ce5718ae2da1eb57558a8403034eff2836e68860b233144c3c7667bbbaa11ccae70c98a5b39e1bd65929716d93214a93a57405d99ce755431b1bb6e49813a0284dbbfe4f5c98ec9a742f6d2de5f17137cbe64e55c3cbe082230490a424e92aaea7376f4cfa77d3cffd0bdcd9ac5de3fc3b26c567d012eafd5d3722ec38b0328423271f80d19bd786356ac5c13a64b0d9c8b0a32217a3c787d7a270e716c1c5fa3a7a6e7050bf5e311d7be36bc87a2708af523687384b6cb01e0cd964d1315cbf7e4ad2eb7ce09655e7857adf1d6d1e3c56de0e18ae5aaa5ca4fca1cf5cabea3ffe077459cbb93b1ec0f582533535b3adf7476aff20401031132fdb296e932c63be124f3db5dc31a4c9506d3dd5e5a21f1db62b6e99c58da31a655b3efd061a9977efc2baeef4132c62f1592b721dee8215f127f5fbfe4611ae0519cef4860b3e45454e5287591948b4638c1149357bcb3c258f58c1c6ce8a18c28ee091b905afe5c07bf541fa0ae62a3ecb53dac34d04e6315d9b77d5a40cd06a645a7b1a63eb2f12465d143e63f7f6675a60912ade7ec1104eabfa5374053bec2b7e21ea36fc98623e2b5be199fb7281d4ffde77e96e73f18aadec51ee5b6365c31a31eb6a5cad300134307495f52ec13777405836f2c05e968c39971184811061ea13872317c045d309cd650be03229c5d18e525a461191d5af52902a8b0e8b2e1e522979388117d60fd6c62c2253718782974d74ee36a15ccb8f724767d344af05ed52451cd6d1a30dc4672964b193a32847b7f16035d9fd1d727836f569a6705fe0d30818090e02409213b787a3bebd9c028db1a820fbf9f93554fe2da861b91135d08d492255d3bcfaac1d24159dc6922f90e13b956d202e285546465c91fa86f4f78d35117ed6103a93abfd3541d86fcfc5ad096035ebe2456a817f12ad4bf37432522b3abf5faa44e7ede834a91a106f922202e3e7b802f63b64bdff0226f9e9082691a5e33d8524bf21eb673f3f707815e8a6827397d2461a72f22c50ae702872dd591ae0df6727101e46ee46d19b4ec461ecc76368eaac94ede382a310db92544d95c17f01266eb1c24807f1f6f6997a31288ab79e0f5b43764a2e2cd659b3f30cf338098dd8ab26c72eec4e23cd720b8e9cfbe4ea52676ec4ce61536200d331f7ef68aa33c9d7ae96f7ebecfaa6949380ff60730d2281a244cab67fe82b2f2ff06fbb6f39afd567f9c87e169f8ef6d8efabff4ec46d828850388a70dbc3984a2a582a57280f223b82a837b6bd6da3e379a2263974d20e80a459024f0fcc7e8704f34fae88733c5fb236e29fbe9529effd8f51c9182171127205abc38aacca744108c35fdcf9fc00218efccb5601bc370d0cc3027fb55ac9ccf156cb9aba8adb0118b8c9d1ab10aa12685987b1409a06f19e6a688cdabb9b155a331ac5f28685c1f94e068fc3cc46905f6557a3ef537cc2c0864c2dee775d0d25aecb0c28e204d6df588cebcf83f038a40c66a416b2e9e6cd51cf95c670bdaa493e4e38375496224fe1ceedb7b7734ff6f72625f0532e7809813e598659023aa583190b4dcf0ecc01173682e4e8adc5973c3e017f79a41d2611173bc8211ccecc0c2e1b8ce13bf5c57ca25c88d4abec01cb2e98227a8aab5f3228759b875931ec4fa8169e40abfc82b1287906e5c5074818bfeb125a2f2f24ef48a8bec73a8d5b979bb0f465b63820e4248613ce8e3787a37155b93cabb0d776e48d044f43477e20f6514af8496d1e8b9912b94906c601332ec3168038e5614ea4ab171592292416a57b2672ec322b5eca13d0c1a8844a034d2b3585a987a4e0070886ff30038f628b508cf87a0e67a4c4d151ae98487465ed3b843ecbaa5953f05e32e9f5e265f5bad6cc898f4300ad3136bdd68f04999010e987fbb582eab24ab99a4ca557d29a0802b845a0c33a888364c8381b4a41977a10a4c7013757b9b546de275ff8f3c41298b473869756309eefe7efe94bbb1b30fb8d986fd8f0a966f4c3f7987a4e552d2e6c54727a140a65f24d4a1e511cd84a4eaa32c1aa5cf6be4bfaa92a90bec700eb1b424a9fea9428f87d26c0020c71362aa7cc5462386fa991089b1ec6c1f87e34ed046704db2f9ef3b03fd2ec7e35dd63f42d72ec9358ff6c203aed5fc95043fb429d842b3410d717e877c8c90bc4d43aa415707b83f577eb84e234ae300d8ef9f5aac7b14b03bc00058721bf005ab88d0cc40587d16a237a2c1b7a8a9e40ffa7c5603fe46322259b6fdcfb5e3ceda6fa71d27b2eae68390bf158ecea37b45503700cbcafd1f0410d86e1dc05bc293df7553507614a87b572db254541f80ca4a3f2a99ee090e3a485c9ce6003045a68294a9e5953e925c56460a49a338a0954675023babebabf971eac36478f71747a1e819bcd7bfb5263eb4b4f84c3d435e3971eb9fec3c19379a334a76fc2ccfdc98065bf6071b002cff1199af48d0f3a8cc30be3c119dedacb3265b4882092ef91a1af77b0c63603a43a7a0a71be3b274b7ca49f2af59dbcd10652e6413678893c555571cda91b7db895df22042360a675c89f5b4e9160a77b8ab9121abc51a1624736a05a9e282f91c15048cea0dff6ab0385563124126b7cddc332e17cbdcd031627fd45a13307ce3db102052074e168cc6d5d04a78c787b0acd9add36ed85df8a881a946190d8f8c70db7e56b674879caefd0436f050e580720746ebaa7e64728e1be54f7348042d76ebfb0c6f9be3034b3d9e259011a5c823befa834c39af3db6306a6a4710479326a518e192979763263225e07047fb62b23679ac55b4f45885e1ff0557c77d957cb939f6386df957ef4eb57b6a14ff1b6e103e6b0a83f361a5b7bbbb2c345cf8f29fe2fd675c01efdf621f2c4d09cf5f184985b8d968575f6ae664a86eb5c08cbb07c7700fe79745798a011b73d447536bba025109497d11c95f4bd860009398426d8d9dcb4d0d6504c9da435cdc722410122354dd5bd5aa031f742c57c12d89d17b192abcc00c845b3ac297ab20b1fb6b479cb10e4491c0ce2ddd9879c046300ed01490d437b7fd43550ccdf654dd9fe4e2e76e5c620d5868ff55715d9298884229bfe0dfaa68d0c8921a3b81a591cb2b36a1dedb4a0b9a1072e0790c23b264edb27d9e0e8189e64e820b57795b212001346564a436771cc676b83a88ebaf1915169a993d2fff23831fd00803921fca3252c97a3bdef08df1d4e3e40dc66b4525b7b3670b9fda7863e163a75725b647cc6718da04aefdea098c39cee1634874141095c30c37a1d93afac290c1964ff3c731f3f44fec7fad916f811c2ba0d368ed1b02e354b215adcff560e9c61cc3b9e39aef86bcc457285c8fc64db3972019d4b72e171742139ff405bece0814e182a8459e70a3408561eb7805544f76aa0fed9b89c2cb75a12bc67306f392f188e1d1207bd9bafa5c3b6758feff40ff60e29461dce55dc72235adcc019698156064bb70417bbdafebdb50acfc2d7c0e896cdb5b88b92ce1c6d26ff0bd694093e45f3e9b95dc765c8a3267e7d81464f8e7a1fb7f9b2be92bc32619caada88b7e7c21206bf2350791a28d3f786f534007bf86b62d6f29062ee23bbb9ffa8405b39e9ef4203b0f90badd80a8de4bbab79eb8dcece548ab71ac12242c2f7cba16dcc5faba9dccfb77f09027bb2a002a684f3bbcbd01382c5239346eec56dafb311acc41792b760d674813bb658bb09d1e2315b659d68846e2cea4268a7bac035772f648635a70078f7ea18e7658ae1d73c891ac9a7fc59e684a960eebec83893886ca15c9fffc931c38876a7b025b66f43689cb4f5ece3716c85f5105319c5bdbb31380f4c7c6aa413371254521f86967b59f41dfc49afe4bca3447062334974e2df9f4b4680c96fdceb294f04d89372986d3e32f433c6a143e49cd8774a5ce793288cc94e2ede78df6843c156f3c0b3b23f6ce5ad04cc1ef70726b1f49a3e0f8d1c2dacd680c3a6311c902ae9c1906a7b8187c4171be39812a911c02b435b505e8ceca115259ecd1f8c8e89ae45a05a5b5f5eb114526fa1b771423479b3203bc78196e0f767b740b42b73633c04ae8c1ac5fe1f93c8281ad31c0879cc92307b2c46ad21d72b09cf5d2a8bdb2c44a8d769fe71a59092d7c4f2147dc7938f97fb3c3cc68de9e64057ad7e8377e7d08bf2a1befb720ccd3414531e6576febec1173c7f07d663ed58b0b7de0bbd0cb8f5fe2fbdcf83822deddec64c3652af3eff07e494837876e453e4ed12c1fbf1b87740df82de7803e3ad80c9efa791807412c28a278a5139b2ce7646079a1268663f6cdda152d3e61c84bbea02c21f82705d410ab98a23e9c5c0a61db4bd3181b771fef824eae365611392c39e438f36c05599a9c174717d74e34960b6d0903ead89aaded9aba39ac7e4318a51ed2b3488ce57411d72647038a2e9bbdf4539bb6ee721b6c0ecf8b6e9f8192ed8e72c62e44409c503b5402243c234c8ac27955e873eaa67ba157c7661e324917f4d4dd3f7e515a3c9aa1a815f4957cdf490306796351ceef70796a06bab63ebf46c48e596839c9f65d68d296da4a9968fd5bd310790a34897e5a43ee85b849afa46b378cded6c2e9344042a83a5e4c8de349cdd91163c91fe5e2a74d0cad88d4d0080c42a4c00ad80df7d77cd157109409658b637e3552a27dc7f3d1d243afb3c17ee2c2d23fb9e15b19e4f50c197f2fd57153e0807d99afed6876c99a97c4a61251f64cb2c53de976f30632ed0ef7decee4868c932ee06e7f369a44416272efd8e47db9b941cd36aa2f9d27940c399cd12431ff43c8196ae021f683c579af1e2913ad4f97d753ee46cc27979902936be03d1eef24fc08b4dc8cc5c06dbd4ddd96d52d9b9d79d37535c2aa1142f02b02009fb9373514075017abf6df10100c90f2909e388d1fd9d85d8fefe57ab608f5e57a94c93239d629d856956528878c59e09a1506283bde9f6b9bccf47b7b98f25d572f720a5576b9f39d497024797f846a6c82b758d5378588c4710b528785610c4"], 0x0) r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000080), 0x4) setsockopt$ax25_int(r3, 0x101, 0x7, &(0x7f0000000000)=0x2, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000f400000000000000f462013c000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) setsockopt$ax25_int(r3, 0x101, 0x1, &(0x7f0000000040)=0xe53, 0x4) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x300, 0xffffffff, 0xffffffff, 0x300, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00', {}, {}, 0x0, 0x0, 0x1}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x32}}, [], [], 'wg1\x00', 'gre0\x00', {0xff}}, 0x0, 0x200, 0x230, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x430) sendmsg(r2, &(0x7f00000000c0)={0x0, 0x953a, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x5dc}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 2.24707568s ago: executing program 2 (id=3448): r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r3 = socket(0x2, 0x80805, 0x0) (rerun: 64) sendmmsg$inet_sctp(r3, &(0x7f0000001a40)=[{&(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0}], 0x1, 0x0) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) (async) r6 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f0000000100)={0x0, 0xfffffcebfff, 0x1000, 0x0, 0x1}, 0x20) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000080)=@sack_info={r5, 0x5, 0x1}, 0xc) (async) r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x5c, r7, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @ipv4={'\x00', '\xff\xff', @multicast1}}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}]}, 0x5c}, 0x1, 0x620b}, 0x0) (async, rerun: 64) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) (rerun: 64) sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002bbd7000fbdbdf253400000008000300", @ANYRES32=r8, @ANYBLOB="0a003400020202020202000014005500a1841301114e3c1a8cd7f76cf7b102b9"], 0x3c}, 0x1, 0x0, 0x0, 0x200400c0}, 0x800) 2.004424007s ago: executing program 0 (id=3450): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0xfffc, @empty}], 0x10) sendmmsg$inet6(r0, &(0x7f000000cf00), 0x0, 0x0) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, 0x0, &(0x7f0000000080)) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0x50, 0x2, 0x2, 0x101, 0x0, 0x0, {0xa}, [@CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x14, 0x4, @dev}}}]}]}, 0x50}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0xa) setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0x5, &(0x7f0000000000)=0xffffffff, 0x4) sendmsg$NL80211_CMD_LEAVE_MESH(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[], 0x33fe0}}, 0x0) sendmsg$TCPDIAG_GETSOCK(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x4c}, 0x4c}}, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newqdisc={0x44, 0x28, 0x4ee4e6a52ff56561, 0x4000, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x0, 0x6}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x0, 0xe, 0x0, 0x5}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000810) 1.823586784s ago: executing program 2 (id=3451): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c000280080003400000000c0800014000000002080001"], 0x122}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, {0xe, 0x3}, {0x6}, {0xffe0, 0x9}}}, 0x24}}, 0x40004) syz_emit_ethernet(0x3b6, &(0x7f00000003c0)={@multicast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x380, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0xf5, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000000050000000026000400"}, {0x18, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x18, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "ffffffffffff00000000000200000000000000000000000000008879e66485201a0015ca837400"/55}, {0x0, 0x14, "5e14f0e7e72d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fa632dbf04542188b196e213408c"}, {0x3, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81ed"}]}}}}}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x89f2, &(0x7f0000000200)={'bond0\x00'}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x12, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r4, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r3}, 0x20) close(r4) recvmsg(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000300)=""/256, 0x100}], 0x1, 0x0, 0x0, 0xf5ffffff}, 0x0) setsockopt$sock_int(r3, 0x1, 0x20, &(0x7f0000000080)=0x1, 0x4) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000ec0)={'ip6tnl0\x00', &(0x7f0000000e40)={'ip6_vti0\x00', 0x0, 0x2f, 0xff, 0x8, 0x3, 0x2, @mcast2, @empty, 0x7, 0x7800, 0xffffffff, 0x8}}) r5 = socket$kcm(0x10, 0x2, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r7, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028008000200ac1414bb080004"], 0x44}, 0x1, 0x2}, 0x0) sendmsg$inet(r5, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x22, &(0x7f00000008c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000852000000000000000000000000000001850000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000000000000850000008600000018f900002020732500000000002020207b1af8ff0000f33d666e25794f61100000bfa100000000000007010000f8ff88b9b7020000081a0000b7030000000000008500000006000000050000000000000018100000", @ANYRES32, @ANYBLOB="0000000000000000bf91000000000000b7020000000000008500000000000000b7000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0x7, &(0x7f0000000140)=@framed={{0x18, 0x7}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @alu={0x6}, @exit={0x95, 0x0, 0x7b00}, @call={0x85, 0x0, 0x0, 0x13}]}, &(0x7f0000000040)='GPL\x00', 0x4, 0x92, &(0x7f0000000240)=""/146, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000540)={r8, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) recvmsg(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000280)=""/66, 0x42}, {&(0x7f0000000680)=""/191, 0xbf}, {&(0x7f0000000200)}], 0x3, &(0x7f0000000780)=""/136, 0x88}, 0x10140) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) clock_gettime(0x5, &(0x7f0000000880)) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000030000000000000000000063e5e576c0b93f6300"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$NFT_MSG_GETFLOWTABLE(r9, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="f0020000170a0101000000000000000002000007540003800800024003c000000800024000000001080001400000000008000240000000060800024000000041080001400000000008000140000000000800024000000001080001400000000008000140000000000900020073797a3100000000440103800800024000000002540003801400010074756e6c3000000000000000000000001400010076657468315f746f5f6873720000000014000100626f6e645f736c6176655f30000000001400010076657468305f766c616e0000000000000800024000000009cc00038014000100627269646765300000000000000000001400010076657468305f746f5f626174616476001400010076657468315f746f5f62726964676500140001006e657464657673696d30000000000000140001006e657470636930000000000000000000140001006261746164765f736c6176655f310000140001006272696467655f736c6176655f310000140001006272696467655f736c6176655f310000140001006e69637666300000000000000000000014000100626f6e645f736c6176655f31000000000800014000000000080002400000000708000740000000020900020073797a30000000000900010073797a30000000000c01038008000240000003ff080001400000000008000240000000ce2c0003801400010069703667726530000000000000000000140001006970365f767469300000000000000000a4000380140001006e6574706369300000000000000000001400010076657468305f746f5f627269646765001400010069705f767469300000000000000000001400010065727370616e3000000000000000000014000100776c616e310000000000000000000000140001006e657464657673696d3000000000000014000100726f73653000000000000000000000001400010076657468305f746f5f6873720000000008000240fffffffe080002400000000c080001400000000008000240000000090c0005400000000000000001"], 0x2f0}, 0x1, 0x0, 0x0, 0x20040800}, 0x80) sendmsg$IPCTNL_MSG_CT_NEW(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="c0000000000101040000000000000000020000007400018014000180080001000000000008000200e00000020c00028005000100000000004300028005000100060000000c00038005000100000000000c0002"], 0xc0}}, 0x0) 1.796274829s ago: executing program 0 (id=3452): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000180)={0x1f, 0xffff, 0x3}, 0x6) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000040)) write(r0, &(0x7f0000000000)="38000000010003", 0x7) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x80049367, &(0x7f0000000140)) 1.603014485s ago: executing program 0 (id=3454): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) (fail_nth: 22) 1.368385659s ago: executing program 1 (id=3455): r0 = socket(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000000)=[{0x0, 0xdd12}], 0x1}, 0x10) 951.656029ms ago: executing program 1 (id=3456): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f00000001c0)={0x32}, 0x8) sendmmsg$inet6(r1, &(0x7f0000000c80)=[{{&(0x7f0000003e80)={0xa, 0x4e22, 0xb, @remote}, 0x1c, 0x0}}], 0x1, 0x890) unshare(0x10000000) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x1000001, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) r2 = socket$l2tp(0x2, 0x2, 0x73) sendto$l2tp(r2, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x0, @broadcast, 0x4}, 0x10) ioctl$HCIINQUIRY(r0, 0x400448dd, &(0x7f0000000240)={0x0, 0x0, "ebff00"}) 886.061171ms ago: executing program 2 (id=3457): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c00000044000701fcffffff00000000017c000038000480312d4e", @ANYBLOB='\v'], 0x4c}, 0x1, 0x0, 0x0, 0x488c0}, 0x4000080) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r3, 0x84, 0x7f, &(0x7f0000000040)="020000000980ffff", 0x8) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffce6, &(0x7f0000000780)={&(0x7f00000005c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x10, "000000000000000000000000034000dc"}}}]}, 0x48}}, 0x0) 885.211991ms ago: executing program 0 (id=3458): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="17090010000000000000010000000500070000000000080009000000000008000a0000080000060002000000000014001f00000000000040000000000000000000001400200000000000000000000000ffffac1414bb06001b004e230000050021"], 0x6c}}, 0x0) 765.124857ms ago: executing program 1 (id=3459): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071120d000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x14, 0x0, 0x9, 0x401}, 0x14}}, 0x0) (async) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000006800)={&(0x7f0000000080)={0x14, 0x0, 0x615}, 0x14}, 0x5}, 0x0) (async) r3 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) (async) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r3, 0x84, 0x16, &(0x7f00000000c0)={0x2, [0xc, 0x8]}, 0x8) (async) r4 = socket(0x840000000002, 0x3, 0xff) connect$inet(r4, &(0x7f0000000540)={0x2, 0x0, @dev}, 0x10) (async) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-asm\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) (async) r6 = accept4(r5, 0x0, 0x0, 0x0) sendmmsg$alg(r6, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@iv={0x18}], 0x18}], 0x1, 0x20000041) sendmmsg$inet(r4, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x300, 0x401eb94) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRES64=r4, @ANYRES64=r4, @ANYRES32=r1, @ANYRES8, @ANYRES8=r0, @ANYRES8=r0, @ANYRES16=r1], 0x48) (async, rerun: 32) r8 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f00000004c0), 0x2, 0x0) (rerun: 32) write$cgroup_freezer_state(r8, &(0x7f0000000500)='THAWED\x00', 0x7) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000000)={r7, &(0x7f0000000140), &(0x7f0000000200)=""/221}, 0x20) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000023000000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007d60b7030000010000006a0a00fe00000000850000000d0000009700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000000000639100000000000000000000ff7f0000292f17cee19d0001000000000000000000cb04fcbb0ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4852f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5d053bdec75dca3772be2c9d2d29db3d36dd01797bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67d4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f1b1b71b5f7ec6edc76609073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bda6f82881eb8c9cfa72b08eecc972a3fd2c46f3c1cde71a19d1a2982492aba0883783d2831210e00d2bfea3bf97ff8836d000000000000946bdb747e416b3064edb4f5aea06eba207ddab9f9baf98bc5192f23d95d33357fc55f92e5937e10995059f3348f69667b9260d504ba96446e1437af6fa875d9d32fdaaae01e6c74f192a23572ef582b7dd867c163c8cedaa2a2c5baceb37d4a40244c9bdca541cc7e65e20f5b5b735e2f33df9bd0614431d7dc5e47bb31c5b827d51733b64ddad4de1cdadce076d19d62e821b435619fb89fc07f81938200b4ebce83db57a6f5e9b1c2cf4b6ee90772d4865bf448d200e5c4e1e044d3587498128273b65670c02ff5c3c3ca633c41324fdc09e0b2621087db26bb0553612f2be27579ede2344a809e6b27d0044f2337895323357caddb54642dac82ae25deb08e111e0b9fa133c9da85dc50c3454ee0ff915331bd7f32f96fb55c7990334b1a1bc4d5d817b82f9fc278cc4858fbfa4d0f32a863c1ce050caddc5ca3b10c3e63daebba039e9f80fdef113a145ace522e8379474aa8849dcc2501df3ffcb02d29d55a1a2cbe00e836db0e6b0a7ffd680dbcf7b982a956998df3dce0e9091a4d736db69038061e"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000100), 0x237, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r9, 0x1f00, 0x18, 0x19, &(0x7f00000007c0)="9f44948721919580684010a40566", 0x0, 0x7ff, 0x0, 0xb1, 0x0, &(0x7f0000000700)="389ceff69d08b0af1cc71b6262d50660bbaf31a7f8cd6a6f911beb65d5fe6b54bf21a66489121f24fefd198059288c9b735e1898e77a7469489a249292c02a72bc193a3008ebdbf4e9dd4ee8fcceef55402c913c8dd0ebece1330aaa93ece835c5044a246a5967e3acd7c950b3b19f351830e545eb9bc3a9c6dd22ce97f1f857cfe8b68a2370b69ea336006b589368f92deb68f3dfc6f2bfee09f8342da437fce5dcdf658e453e3132bb42067575318c39", &(0x7f0000000380)="8c5911c525f5cf4c4ecf207ad2ec", 0x0, 0x0, 0xffffffff}, 0x23) (async, rerun: 32) read(r4, &(0x7f00000003c0)=""/222, 0xde) (rerun: 32) 751.363744ms ago: executing program 2 (id=3460): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2}}, 0x2e) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_GET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r3, 0x325, 0x0, 0x0, {0x8}}, 0x14}}, 0x0) (fail_nth: 1) 670.662635ms ago: executing program 0 (id=3461): r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_buf(r0, 0x0, 0x2b, &(0x7f0000000100)=""/137, &(0x7f0000000000)=0x89) r1 = socket(0xf, 0x3, 0x2) syz_init_net_socket$ax25(0x3, 0x2, 0x0) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) socket$tipc(0x1e, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)={0x38, 0x3c, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0x8, 0xfc, 0x0, 0x1, [@nested={0x4, 0x8}]}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x72}]}, @typed={0x8, 0x5, 0x0, 0x0, @fd=r2}]}, 0x38}, 0x1, 0x0, 0x0, 0xc000}, 0xc000) sendmsg$key(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x2, 0xb, 0x0, 0x7, 0x2}, 0x10}}, 0x0) r3 = socket$can_raw(0x1d, 0x3, 0x1) r4 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000700)={'veth0\x00', 0x0}) sendmsg$can_raw(r3, &(0x7f0000000400)={&(0x7f0000000300)={0x1d, r5}, 0x10, &(0x7f00000003c0)={0x0, 0x10}}, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x4}, 0x38) r7 = socket$rxrpc(0x21, 0x2, 0xa) setsockopt$IPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x41, &(0x7f00000002c0)={'raw\x00', 0x4, [{}, {}, {}, {}]}, 0x68) bind$rxrpc(r7, &(0x7f0000000080)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e24, @multicast1}}, 0x24) r8 = bpf$ITER_CREATE(0x21, &(0x7f00000001c0), 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x19, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000184f0000fdffffff00000000000000008400000000000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @cgroup_sockopt=0x16, r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f00000035c0)={0x0, 0x55, &(0x7f0000003580)={&(0x7f0000000580)=ANY=[@ANYRES32=r9, @ANYRES32=r9, @ANYRES16=r7, @ANYBLOB="1766d775d7b0feecfc5bfacee6774289f8cd464d4598af2f524eb017a0432925fc5185d031cdac3e87b0f81a20248892441cd8458f8763eb3a2ae4d554197a273acdecf939339295047bd4c47b3758"], 0x14c}, 0x1, 0x0, 0x0, 0x4004054}, 0x4000010) close(r7) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', 0x0}) sendmsg$nl_route_sched(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x100000, 0x0, {0x0, 0x0, 0x0, r11, {}, {0x0, 0xe}, {0x0, 0xffe0}}}, 0x24}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) 570.905696ms ago: executing program 1 (id=3462): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000001540)=ANY=[@ANYBLOB="6400000010003904fcffd4b05e53acecc6dd0000", @ANYRES32=r2, @ANYBLOB="00000000422200001800128008000100677265000c000280080006007f00000108000d007f0000000800230002000000140014007665746830000000000000000000000008000400"], 0x64}, 0x1, 0x0, 0x0, 0x4000}, 0x844) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x13}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) 251.919345ms ago: executing program 2 (id=3463): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000000c0)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000080)='%+9llu \x00'}, 0x20) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r2, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000080)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000000c0)={r3, @in={{0x2, 0x4e21, @empty}}, 0x0, 0x0, 0x0, 0xba, 0xce02cd}, 0x9c) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000180)={0x0, @in={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x9, 0x81, 0xffffffff, 0x6940000, 0x80, 0x9, 0x77}, &(0x7f0000000940)=0x9c) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000100)={'syztnl0\x00', &(0x7f00000002c0)={'sit0\x00', 0x0, 0x59, 0x40, 0x7, 0x5, {{0x10, 0x4, 0x0, 0x3b, 0x40, 0x67, 0x0, 0x3, 0x4, 0x0, @rand_addr=0x64010101, @remote, {[@ra={0x94, 0x4, 0x1}, @ssrr={0x89, 0x1b, 0xc5, [@remote, @multicast1, @multicast2, @rand_addr=0x64010101, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @noop, @timestamp_prespec={0x44, 0xc, 0xa2, 0x3, 0x5, [{@multicast1, 0x372}]}]}}}}}) pipe(&(0x7f0000000580)) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x8, [@restrict={0xe, 0x0, 0x0, 0xb, 0x1}, @restrict={0x10, 0x0, 0x0, 0xb, 0x1}, @var={0x3, 0x0, 0x0, 0xe, 0x3, 0x1}]}, {0x0, [0x30, 0x5f, 0x5f, 0x30, 0x0, 0x0]}}, &(0x7f00000003c0)=""/247, 0x48, 0xf7, 0x0, 0x10, 0x0, @void, @value}, 0x28) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@bloom_filter={0x1e, 0x0, 0x4, 0x2, 0x200, r1, 0x6, '\x00', r4, r5, 0x3, 0x1, 0x4, 0xb, @void, @value, @void, @value}, 0x50) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 118.892418ms ago: executing program 3 (id=2904): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x12, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000003900000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x1f, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="5000000003080101000000000000000000000000050003001100000006000240000000002c0004800800000800014000000000080007400000000008000240000000007cff0540000000009efc1e25e5afa6cae5234b06af08aac5e3567f33a5164465aaefd6f655159d68df5de24406838570643bb27ad7a114a179d86acbefb1aeee6ade8105815ae14f4694ce71fa4ffbd8ae5a9252772c649169f33a310bf60ca01567763a1f03543321b15c03748e6d5f10720ff82d88584cc7421f69b7b2a583ea96817225b5126f8c48785cc098f377ad1f07c3fe1ef34a7e4977"], 0x50}}, 0x0) 73.203748ms ago: executing program 1 (id=3464): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000018c0)={{r0}, &(0x7f0000000140), &(0x7f0000000100)='%pS \x00'}, 0x20) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r1, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x30}}, 0x10) getsockopt$inet_tcp_buf(r1, 0x6, 0x1c, 0x0, &(0x7f0000000000)) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f00000005c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000dc0)={0x654, 0x0, 0x8, 0x70bd27, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x104, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xdfa1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe30}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x40}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @multicast2}}, {0x14, 0x2, @in={0x2, 0x4e20, @private=0xa010100}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0xd, @empty}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xfff}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @private=0xa010102}}, {0x14, 0x2, @in={0x2, 0x4e22, @broadcast}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}, 0xa7}}, {0x14, 0x2, @in={0x2, 0x4e24, @rand_addr=0x64010102}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xb27f}]}, @TIPC_NLA_MEDIA={0x38, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}]}, @TIPC_NLA_MEDIA={0xe0, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xf}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xf6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x53}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}]}]}, @TIPC_NLA_BEARER={0x4}, @TIPC_NLA_LINK={0xd0, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfff}]}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7ca6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3aa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xeeed}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xf4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8001}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_NET={0x4}, @TIPC_NLA_NODE={0x230, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x6}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ID={0x98, 0x3, "19195d9055831771fd446e96ab5ff6da080d1768cfad703a1dc4c8ec8a9f18bcdc6192900e4e63fb4e89902e632cc5b53b00e15a617e23eb5b403c681ba66086c44a6bdac377c5802be93fbd020c9f8fb7c1fc8710f1c8238097c239668e187c6f3e94111f9ff782f1a2ee27c07b0de374c90aa8fc7ac0230d91b617d3182db2baea90ebf846e46a0db8a24838dbd3f1724e0d69"}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ID={0xf9, 0x3, "444e33d08528c8cbe31ff7f633c8ba22e42f293d2a5a81196d5b92c5fe02d45d91a20ba3a70b9299f074a9195d76f52c9036c77887157b57e9fac811c857a79a6ba656473203b3ccc1ebf3da78c864de3249ecbaa10dba49818f84a2503f43fbbd86689e42ad55f514774e35641791f8db80c7a876f39a75d774255757a8840ed9ed764ab71f8cd8dab7ae81ca29e7e072084788a3f0643dbf952544446c370defae2d0aa6ce0d5e4445d78910208c113d835b8263c4952747334f231f2d4cc27aaceb7bfab206743d4c632e17ed997b9531cd3cad6569de4e4d882977a33461ccde4c236b9fbefd048b007d5efa61f6106ccdc27a"}, @TIPC_NLA_NODE_ID={0x7b, 0x3, "a4ebffb0db8cabbd84f15998192475d4b7b2ed348a9875e149000338e0a55e80e2f19fd29ded0c33ad169251af73a8b2a8ddabcde310c4bdf932e276476bd54c3530ac75e3de4019a34bebb92910e47b44aa91c2dfdb05607f7d712589c405ff82f118476b38c9eb93065053b04b9453452affa1988f67"}, @TIPC_NLA_NODE_ADDR={0x8}]}, @TIPC_NLA_LINK={0x11c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffa}, @TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x486}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffff9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x38}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x16d}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xc92}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x40000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe1}]}, @TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}]}, 0x654}, 0x1, 0x0, 0x0, 0x4c010}, 0x40000) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000d40)=@newlink={0x44, 0x10, 0x437, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @local}]}, 0x44}}, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r0, 0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000300)='%-5lx \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000400)={r5}, 0x4) r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r6, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 10.129253ms ago: executing program 1 (id=3465): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_sfeatures={0x3b, 0x2, [{}, {0xfbfffffa, 0x7}]}}) 0s ago: executing program 2 (id=3466): r0 = socket(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000000)=[{0x0, 0xdd12}], 0x1}, 0x10) kernel console output (not intermixed with test programs): S: 00000246 ORIG_RAX: 000000000000002e [ 382.424034][T15480] RAX: ffffffffffffffda RBX: 00007faeff3b5fa0 RCX: 00007faeff18e929 [ 382.424046][T15480] RDX: 0000000004000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 382.424058][T15480] RBP: 00007faefff8b090 R08: 0000000000000000 R09: 0000000000000000 [ 382.424069][T15480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 382.424079][T15480] R13: 0000000000000000 R14: 00007faeff3b5fa0 R15: 00007ffc9413cac8 [ 382.424108][T15480] [ 382.750873][ T6182] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 382.791280][ T6182] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 382.920907][ T6186] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 382.932230][T15498] netlink: 'syz.3.2852': attribute type 10 has an invalid length. [ 382.936839][T15495] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 382.942206][T15498] syz_tun: entered allmulticast mode [ 382.947847][ T6186] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 382.961886][ T1053] veth0_to_bond: left promiscuous mode [ 382.972836][T15495] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 383.246880][T15512] __nla_validate_parse: 7 callbacks suppressed [ 383.246902][T15512] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2856'. [ 383.426519][T15517] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2856'. [ 383.900151][ T6186] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 383.995303][T15525] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2859'. [ 384.125668][ T6186] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.515506][ T6186] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.597437][ T6186] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.709719][ T6186] bridge_slave_1: left allmulticast mode [ 384.715398][ T6186] bridge_slave_1: left promiscuous mode [ 384.721967][ T6186] bridge0: port 2(bridge_slave_1) entered disabled state [ 384.733703][ T6186] bridge_slave_0: left allmulticast mode [ 384.740264][ T6186] bridge_slave_0: left promiscuous mode [ 384.745994][ T6186] bridge0: port 1(bridge_slave_0) entered disabled state [ 385.106719][ T6186] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 385.117576][ T6186] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 385.127998][ T6186] bond0 (unregistering): Released all slaves [ 385.364132][T15532] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2863'. [ 385.386449][T15532] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2863'. [ 385.408469][T15533] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2861'. [ 385.473667][T15535] netlink: 9 bytes leftover after parsing attributes in process `syz.1.2862'. [ 385.534053][T15539] netlink: 5 bytes leftover after parsing attributes in process `syz.1.2862'. [ 385.580177][T15535] gretap0: entered promiscuous mode [ 385.593986][T15542] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2866'. [ 385.604057][T15539] 0ªX¹¦D: renamed from gretap0 [ 385.618335][T15542] netlink: 'syz.0.2866': attribute type 7 has an invalid length. [ 385.638416][T15542] netlink: 'syz.0.2866': attribute type 8 has an invalid length. [ 385.647059][T15539] 0ªX¹¦D: left promiscuous mode [ 385.652429][T15539] 0ªX¹¦D: entered allmulticast mode [ 385.665137][T15539] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 385.671188][T15542] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2866'. [ 385.850947][T15546] bridge0: entered allmulticast mode [ 386.272326][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 386.283057][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 386.296334][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 386.306846][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 386.322417][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 386.394521][ T6186] hsr_slave_0: left promiscuous mode [ 386.408690][ T6186] hsr_slave_1: left promiscuous mode [ 386.434849][ T6186] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 386.444097][ T6186] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 386.455683][ T6186] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 386.474504][ T6186] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 386.522666][ T6186] veth1_macvtap: left promiscuous mode [ 386.529033][ T6186] veth0_macvtap: left promiscuous mode [ 386.535415][ T6186] veth1_vlan: left promiscuous mode [ 386.541795][ T6186] veth0_vlan: left promiscuous mode [ 387.136256][ T6186] team0 (unregistering): Port device team_slave_1 removed [ 387.186534][ T6186] team0 (unregistering): Port device team_slave_0 removed [ 387.687063][T15569] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 387.709601][T15569] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 387.721588][T15569] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 387.938830][T15590] netlink: 'syz.3.2883': attribute type 7 has an invalid length. [ 387.946651][T15590] netlink: 'syz.3.2883': attribute type 8 has an invalid length. [ 388.014335][T15594] xt_hashlimit: size too large, truncated to 1048576 [ 388.066731][T15594] syz.1.2885: vmalloc error: size 10485760, failed to allocated page array size 20480, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 388.152875][T15594] CPU: 1 UID: 0 PID: 15594 Comm: syz.1.2885 Not tainted 6.16.0-rc2-syzkaller-00161-g714db279942b #0 PREEMPT(full) [ 388.152907][T15594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 388.152920][T15594] Call Trace: [ 388.152928][T15594] [ 388.152938][T15594] dump_stack_lvl+0x189/0x250 [ 388.152978][T15594] ? __pfx_dump_stack_lvl+0x10/0x10 [ 388.153009][T15594] ? __pfx__printk+0x10/0x10 [ 388.153032][T15594] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 388.153054][T15594] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 388.153079][T15594] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 388.153104][T15594] warn_alloc+0x214/0x310 [ 388.153135][T15594] ? __pfx_warn_alloc+0x10/0x10 [ 388.153170][T15594] ? __get_vm_area_node+0x28f/0x300 [ 388.153192][T15594] ? htable_create+0xfc/0x7a0 [ 388.153225][T15594] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 388.153285][T15594] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 388.153316][T15594] ? rcu_is_watching+0x15/0xb0 [ 388.153347][T15594] ? htable_create+0xfc/0x7a0 [ 388.153372][T15594] ? htable_create+0xfc/0x7a0 [ 388.153396][T15594] __kvmalloc_node_noprof+0x3b8/0x5f0 [ 388.153418][T15594] ? htable_create+0xfc/0x7a0 [ 388.153442][T15594] ? hashlimit_pernet+0x23/0x240 [ 388.153477][T15594] htable_create+0xfc/0x7a0 [ 388.153514][T15594] hashlimit_mt_check_common+0x719/0xa10 [ 388.153554][T15594] xt_check_match+0x3d1/0xab0 [ 388.153581][T15594] ? __pfx___mutex_lock+0x10/0x10 [ 388.153605][T15594] ? __pfx_xt_check_match+0x10/0x10 [ 388.153635][T15594] ? pcpu_alloc_noprof+0xfdd/0x16b0 [ 388.153668][T15594] ? xt_find_match+0x1f7/0x250 [ 388.153703][T15594] translate_table+0x1553/0x2040 [ 388.153758][T15594] ? __pfx_translate_table+0x10/0x10 [ 388.153786][T15594] ? __might_fault+0xb0/0x130 [ 388.153829][T15594] ? _copy_from_user+0x94/0xb0 [ 388.153864][T15594] do_ip6t_set_ctl+0x970/0xce0 [ 388.153906][T15594] ? rcu_is_watching+0x15/0xb0 [ 388.153935][T15594] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 388.153985][T15594] ? __pfx___mutex_lock+0x10/0x10 [ 388.154005][T15594] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 388.154034][T15594] ? __pfx_futex_wait+0x10/0x10 [ 388.154072][T15594] nf_setsockopt+0x26f/0x290 [ 388.154106][T15594] rawv6_setsockopt+0x23b/0x5b0 [ 388.154133][T15594] ? __lock_acquire+0xab9/0xd20 [ 388.154163][T15594] ? __pfx_rawv6_setsockopt+0x10/0x10 [ 388.154191][T15594] ? aa_sock_opt_perm+0x74/0x110 [ 388.154218][T15594] ? sock_common_setsockopt+0x36/0xc0 [ 388.154239][T15594] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 388.154263][T15594] do_sock_setsockopt+0x257/0x3e0 [ 388.154291][T15594] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 388.154322][T15594] ? __fget_files+0x2a/0x420 [ 388.154355][T15594] __x64_sys_setsockopt+0x18b/0x220 [ 388.154388][T15594] do_syscall_64+0xfa/0x3b0 [ 388.154406][T15594] ? lockdep_hardirqs_on+0x9c/0x150 [ 388.154433][T15594] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.154452][T15594] ? clear_bhb_loop+0x60/0xb0 [ 388.154477][T15594] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 388.154496][T15594] RIP: 0033:0x7fa71c98e929 [ 388.154517][T15594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 388.154534][T15594] RSP: 002b:00007fa71d87e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 388.154557][T15594] RAX: ffffffffffffffda RBX: 00007fa71cbb5fa0 RCX: 00007fa71c98e929 [ 388.154572][T15594] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000005 [ 388.154584][T15594] RBP: 00007fa71ca10b39 R08: 00000000000005c0 R09: 0000000000000000 [ 388.154597][T15594] R10: 0000200000000580 R11: 0000000000000246 R12: 0000000000000000 [ 388.154610][T15594] R13: 0000000000000000 R14: 00007fa71cbb5fa0 R15: 00007ffe111e86a8 [ 388.154645][T15594] [ 388.156924][T15594] Mem-Info: [ 388.429089][ T5851] Bluetooth: hci3: command tx timeout [ 388.457062][T15594] active_anon:3614 inactive_anon:0 isolated_anon:0 [ 388.457062][T15594] active_file:5348 inactive_file:39970 isolated_file:0 [ 388.457062][T15594] unevictable:768 dirty:3710 writeback:0 [ 388.457062][T15594] slab_reclaimable:11325 slab_unreclaimable:108086 [ 388.457062][T15594] mapped:32899 shmem:1360 pagetables:975 [ 388.457062][T15594] sec_pagetables:0 bounce:0 [ 388.457062][T15594] kernel_misc_reclaimable:0 [ 388.457062][T15594] free:1311531 free_pcp:14905 free_cma:0 [ 388.596142][T15594] Node 0 active_anon:14456kB inactive_anon:0kB active_file:21392kB inactive_file:159680kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:131596kB dirty:14840kB writeback:0kB shmem:3904kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13552kB pagetables:3768kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 388.699038][T15594] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 388.732273][T15594] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 388.805410][T15594] lowmem_reserve[]: 0 2500 2502 2502 2502 [ 388.835754][T15612] __nla_validate_parse: 3 callbacks suppressed [ 388.835777][T15612] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2889'. [ 388.867241][T15594] Node 0 DMA32 free:1327468kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14508kB inactive_anon:0kB active_file:21392kB inactive_file:157840kB unevictable:1536kB writepending:14840kB present:3129332kB managed:2561020kB mlocked:0kB bounce:0kB free_pcp:41068kB local_pcp:16812kB free_cma:0kB [ 388.888857][T15614] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2890'. [ 388.922791][T15594] lowmem_reserve[]: 0 0 1 1 1 [ 388.935768][T15594] Node 0 Normal free:4kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1840kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 388.973171][T15594] lowmem_reserve[]: 0 0 0 0 0 [ 388.978779][T15594] Node 1 Normal free:3903676kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18628kB local_pcp:7488kB free_cma:0kB [ 389.011287][T15594] lowmem_reserve[]: 0 0 0 0 0 [ 389.016405][T15594] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 389.032952][T15614] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 389.049551][T15594] Node 0 DMA32: 1*4kB (M) 55*8kB (M) 127*16kB (UME) 110*32kB (UM) 42*64kB (UM) 39*128kB (UME) 18*256kB (UME) 25*512kB (UME) 12*1024kB (UM) 3*2048kB (U) 312*4096kB (UM) = 1327468kB [ 389.072915][T15594] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 389.084980][T15614] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 389.085034][T15614] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 389.120017][T15594] Node 1 Normal: 171*4kB (UE) 50*8kB (UME) 46*16kB (UME) 81*32kB (UME) 32*64kB (UME) 9*128kB (UME) 5*256kB (UME) 3*512kB (ME) 2*1024kB (ME) 2*2048kB (UE) 949*4096kB (M) = 3903676kB [ 389.140249][T15594] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 389.156935][T15594] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 389.167311][T15594] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 389.171499][T15621] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2891'. [ 389.180577][T15594] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 389.196906][T15594] 46677 total pagecache pages [ 389.205260][T15594] 0 pages in swap cache [ 389.210650][T15594] Free swap = 124996kB [ 389.215094][T15594] Total swap = 124996kB [ 389.219643][T15594] 2097051 pages RAM [ 389.223824][T15594] 0 pages HighMem/MovableOnly [ 389.229511][T15594] 424690 pages reserved [ 389.234009][T15594] 0 pages cma reserved [ 389.471245][T15563] chnl_net:caif_netlink_parms(): no params data found [ 389.943944][T15563] bridge0: port 1(bridge_slave_0) entered blocking state [ 389.988345][T15563] bridge0: port 1(bridge_slave_0) entered disabled state [ 389.995688][T15563] bridge_slave_0: entered allmulticast mode [ 390.054806][T15563] bridge_slave_0: entered promiscuous mode [ 390.137455][T15563] bridge0: port 2(bridge_slave_1) entered blocking state [ 390.144952][T15563] bridge0: port 2(bridge_slave_1) entered disabled state [ 390.152817][T15563] bridge_slave_1: entered allmulticast mode [ 390.161403][T15563] bridge_slave_1: entered promiscuous mode [ 390.255243][T15563] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 390.306696][T15563] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 390.365268][ T5845] bond0: (slave syz_tun): Releasing backup interface [ 390.392723][T15661] syz2: rxe_newlink: already configured on veth1_vlan [ 390.508437][ T5851] Bluetooth: hci3: command tx timeout [ 390.602187][T15666] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2903'. [ 390.634860][T15563] team0: Port device team_slave_0 added [ 390.652859][T15563] team0: Port device team_slave_1 added [ 390.746800][T15563] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 390.754583][T15563] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 390.790024][T15563] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 390.803680][T15563] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 390.810905][T15563] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 390.837593][T15563] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 391.000364][T15563] hsr_slave_0: entered promiscuous mode [ 391.027876][T15563] hsr_slave_1: entered promiscuous mode [ 391.049165][T15563] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 391.056797][T15563] Cannot create hsr debugfs directory [ 391.083287][T15676] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2906'. [ 391.618094][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 391.640812][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 391.651629][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 391.665579][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 391.676915][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 392.177937][T15720] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 392.283097][T15724] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2915'. [ 392.328614][T15724] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2915'. [ 392.438099][T15725] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 392.587888][T15731] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode balance-alb(6) [ 392.601584][T15563] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 392.618312][ T5851] Bluetooth: hci3: command tx timeout [ 392.647603][T15563] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 392.694857][T15563] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 392.733054][T15563] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 392.943647][T15742] netlink: 'syz.1.2919': attribute type 10 has an invalid length. [ 393.026409][T15742] syz_tun: left promiscuous mode [ 393.034542][T15742] syz_tun: entered allmulticast mode [ 393.165190][T15563] 8021q: adding VLAN 0 to HW filter on device bond0 [ 393.191246][T15563] 8021q: adding VLAN 0 to HW filter on device team0 [ 393.209562][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 393.216728][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 393.243273][T15746] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2920'. [ 393.254837][T15746] FAULT_INJECTION: forcing a failure. [ 393.254837][T15746] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 393.278702][T15746] CPU: 0 UID: 0 PID: 15746 Comm: syz.1.2920 Not tainted 6.16.0-rc2-syzkaller-00161-g714db279942b #0 PREEMPT(full) [ 393.278733][T15746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 393.278745][T15746] Call Trace: [ 393.278754][T15746] [ 393.278763][T15746] dump_stack_lvl+0x189/0x250 [ 393.278800][T15746] ? __pfx____ratelimit+0x10/0x10 [ 393.278830][T15746] ? __pfx_dump_stack_lvl+0x10/0x10 [ 393.278859][T15746] ? __pfx__printk+0x10/0x10 [ 393.278897][T15746] should_fail_ex+0x414/0x560 [ 393.278929][T15746] _copy_to_user+0x31/0xb0 [ 393.278953][T15746] simple_read_from_buffer+0xe1/0x170 [ 393.278981][T15746] proc_fail_nth_read+0x1df/0x250 [ 393.279010][T15746] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 393.279039][T15746] ? rw_verify_area+0x258/0x650 [ 393.279067][T15746] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 393.279092][T15746] vfs_read+0x1fd/0x980 [ 393.279138][T15746] ? __pfx___mutex_lock+0x10/0x10 [ 393.279158][T15746] ? __pfx_vfs_read+0x10/0x10 [ 393.279190][T15746] ? __fget_files+0x2a/0x420 [ 393.279218][T15746] ? __fget_files+0x3a0/0x420 [ 393.279238][T15746] ? __fget_files+0x2a/0x420 [ 393.279271][T15746] ksys_read+0x145/0x250 [ 393.279292][T15746] ? __pfx_ksys_read+0x10/0x10 [ 393.279318][T15746] ? rcu_is_watching+0x15/0xb0 [ 393.279355][T15746] ? do_syscall_64+0xbe/0x3b0 [ 393.279379][T15746] do_syscall_64+0xfa/0x3b0 [ 393.279397][T15746] ? lockdep_hardirqs_on+0x9c/0x150 [ 393.279425][T15746] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.279445][T15746] ? clear_bhb_loop+0x60/0xb0 [ 393.279471][T15746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.279490][T15746] RIP: 0033:0x7fa71c98d33c [ 393.279510][T15746] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 393.279527][T15746] RSP: 002b:00007fa71d87e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 393.279549][T15746] RAX: ffffffffffffffda RBX: 00007fa71cbb5fa0 RCX: 00007fa71c98d33c [ 393.279564][T15746] RDX: 000000000000000f RSI: 00007fa71d87e0a0 RDI: 0000000000000004 [ 393.279577][T15746] RBP: 00007fa71d87e090 R08: 0000000000000000 R09: 0000000000000000 [ 393.279589][T15746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 393.279602][T15746] R13: 0000000000000000 R14: 00007fa71cbb5fa0 R15: 00007ffe111e86a8 [ 393.279636][T15746] [ 393.515638][T15699] chnl_net:caif_netlink_parms(): no params data found [ 393.570924][ T1053] bridge0: port 2(bridge_slave_1) entered blocking state [ 393.578204][ T1053] bridge0: port 2(bridge_slave_1) entered forwarding state [ 393.675379][T15749] syz2: rxe_newlink: already configured on veth1_vlan [ 393.708390][ T5851] Bluetooth: hci4: command tx timeout [ 393.885839][T15753] netlink: 'syz.1.2922': attribute type 1 has an invalid length. [ 393.905950][T15753] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2922'. [ 393.961983][T15755] netlink: 'syz.1.2922': attribute type 1 has an invalid length. [ 394.063325][T15755] 8021q: adding VLAN 0 to HW filter on device bond16 [ 394.080289][T15699] bridge0: port 1(bridge_slave_0) entered blocking state [ 394.087632][T15699] bridge0: port 1(bridge_slave_0) entered disabled state [ 394.100211][T15699] bridge_slave_0: entered allmulticast mode [ 394.107585][T15699] bridge_slave_0: entered promiscuous mode [ 394.122824][T15699] bridge0: port 2(bridge_slave_1) entered blocking state [ 394.130158][T15699] bridge0: port 2(bridge_slave_1) entered disabled state [ 394.137538][T15699] bridge_slave_1: entered allmulticast mode [ 394.146063][T15699] bridge_slave_1: entered promiscuous mode [ 394.173331][T15753] bond15: (slave veth0_to_bond): Releasing active interface [ 394.214969][T15753] bond16: (slave veth0_to_bond): making interface the new active one [ 394.231075][T15753] bond16: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 394.443417][ T6186] veth0_to_bond: left promiscuous mode [ 394.470243][T15699] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 394.559526][T15699] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 394.672838][ T5851] Bluetooth: hci3: command tx timeout [ 394.866362][T15699] team0: Port device team_slave_0 added [ 394.886074][T15699] team0: Port device team_slave_1 added [ 395.143521][T15699] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 395.152260][T15699] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 395.221158][T15699] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 395.237462][T15789] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2932'. [ 395.267414][T15699] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 395.267984][T15789] netlink: 'syz.0.2932': attribute type 7 has an invalid length. [ 395.286781][T15699] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 395.289344][T15789] netlink: 'syz.0.2932': attribute type 8 has an invalid length. [ 395.321090][T15699] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 395.338359][T15789] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2932'. [ 395.358715][T15563] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 395.591747][T15699] hsr_slave_0: entered promiscuous mode [ 395.641136][T15699] hsr_slave_1: entered promiscuous mode [ 395.664060][T15699] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 395.688960][T15699] Cannot create hsr debugfs directory [ 395.780543][T15808] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2935'. [ 395.799970][ T5851] Bluetooth: hci4: command tx timeout [ 396.624733][T15839] netlink: 'syz.2.2943': attribute type 1 has an invalid length. [ 396.633624][T15839] netlink: 184 bytes leftover after parsing attributes in process `syz.2.2943'. [ 396.644951][T15839] netlink: 45 bytes leftover after parsing attributes in process `syz.2.2943'. [ 396.657374][T15699] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 396.784621][T15699] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 396.853844][T15845] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2945'. [ 396.861389][T15563] veth0_vlan: entered promiscuous mode [ 396.898822][T15563] veth1_vlan: entered promiscuous mode [ 396.937182][T15848] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2946'. [ 396.965426][T15699] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.003071][T15852] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2947'. [ 397.022129][T15854] xt_hashlimit: max too large, truncated to 1048576 [ 397.037942][T15854] netlink: 'syz.1.2949': attribute type 1 has an invalid length. [ 397.096930][T15699] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.167839][T15854] 8021q: adding VLAN 0 to HW filter on device bond17 [ 397.194224][T15861] bond16: (slave veth0_to_bond): Releasing active interface [ 397.215057][T15861] bond17: (slave veth0_to_bond): making interface the new active one [ 397.226044][T15861] bond17: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 397.241087][T15857] netlink: 576 bytes leftover after parsing attributes in process `syz.2.2950'. [ 397.272935][T15856] bond17: (slave veth49): Enslaving as an active interface with a down link [ 397.374678][T15563] veth0_macvtap: entered promiscuous mode [ 397.416651][T15563] veth1_macvtap: entered promiscuous mode [ 397.552721][T15563] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 397.583838][T15563] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 397.629123][T15563] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 397.639333][T15563] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 397.648801][T15563] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 397.659166][T15563] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 397.683797][T15699] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 397.722836][T15699] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 397.739797][T15874] Cannot find del_set index 17 as target [ 397.769448][T15699] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 397.782912][T15874] netlink: 'syz.2.2956': attribute type 1 has an invalid length. [ 397.798380][T15874] bond16: (slave veth0_to_bond): Releasing active interface [ 397.815951][T15699] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 397.872886][ T5851] Bluetooth: hci4: command tx timeout [ 398.185506][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 398.216412][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 398.313901][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 398.338397][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 398.367708][T15905] netlink: 'syz.1.2964': attribute type 4 has an invalid length. [ 398.472607][T15699] 8021q: adding VLAN 0 to HW filter on device bond0 [ 398.544095][T15699] 8021q: adding VLAN 0 to HW filter on device team0 [ 398.577306][ T6205] bridge0: port 1(bridge_slave_0) entered blocking state [ 398.584584][ T6205] bridge0: port 1(bridge_slave_0) entered forwarding state [ 398.664135][T15913] netlink: 'syz.2.2968': attribute type 10 has an invalid length. [ 398.677534][ T6205] bridge0: port 2(bridge_slave_1) entered blocking state [ 398.684823][ T6205] bridge0: port 2(bridge_slave_1) entered forwarding state [ 398.891254][ T78] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 398.912052][T15919] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 399.023692][ T78] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.147506][ T78] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.289232][ T78] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 399.397414][T15699] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 399.453496][T15699] veth0_vlan: entered promiscuous mode [ 399.464740][T15699] veth1_vlan: entered promiscuous mode [ 399.519651][T15699] veth0_macvtap: entered promiscuous mode [ 399.535422][T15699] veth1_macvtap: entered promiscuous mode [ 399.564168][T15699] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 399.583199][T15699] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 399.595673][T15699] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.608067][T15699] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.630182][T15699] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.639369][T15699] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.723109][ T78] bridge_slave_1: left allmulticast mode [ 399.730568][ T78] bridge_slave_1: left promiscuous mode [ 399.736329][ T78] bridge0: port 2(bridge_slave_1) entered disabled state [ 399.748952][ T78] bridge_slave_0: left allmulticast mode [ 399.754979][ T78] bridge_slave_0: left promiscuous mode [ 399.761899][ T78] bridge0: port 1(bridge_slave_0) entered disabled state [ 399.961668][ T5851] Bluetooth: hci4: command tx timeout [ 400.166277][ T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 400.178608][ T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 400.189472][ T78] bond0 (unregistering): Released all slaves [ 400.271457][ T6205] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 400.280293][ T6205] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 400.356086][ T6196] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 400.368859][ T6196] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 400.581481][T15930] __nla_validate_parse: 4 callbacks suppressed [ 400.581504][T15930] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2982'. [ 400.884904][T15934] 8021q: VLANs not supported on ip6_vti0 [ 400.905428][ T78] hsr_slave_0: left promiscuous mode [ 400.933076][ T78] hsr_slave_1: left promiscuous mode [ 400.947725][ T78] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 400.967338][ T78] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 400.994837][ T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 401.015838][ T78] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 401.049982][T15942] netlink: 168 bytes leftover after parsing attributes in process `syz.1.2974'. [ 401.142427][ T78] veth1_macvtap: left promiscuous mode [ 401.157874][ T78] veth0_macvtap: left promiscuous mode [ 401.171848][ T78] veth1_vlan: left promiscuous mode [ 401.189758][ T78] veth0_vlan: left promiscuous mode [ 401.549709][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 401.560586][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 401.569818][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 401.589974][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 401.600038][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 402.321101][ T5851] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 402.334962][ T5851] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 402.353556][ T5851] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 402.363860][ T5851] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 402.371844][ T5851] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 402.476435][ T78] team0 (unregistering): Port device team_slave_1 removed [ 402.527577][ T78] team0 (unregistering): Port device team_slave_0 removed [ 403.239456][T15972] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2980'. [ 403.279071][T15972] netlink: 'syz.2.2980': attribute type 7 has an invalid length. [ 403.286876][T15972] netlink: 'syz.2.2980': attribute type 8 has an invalid length. [ 403.338872][T15972] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2980'. [ 403.631406][ T5851] Bluetooth: hci3: command tx timeout [ 403.703607][T15991] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2989'. [ 403.795307][ T78] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.212680][T15986] rdma_rxe: rxe_newlink: failed to add veth1_vlan [ 404.334877][T15951] chnl_net:caif_netlink_parms(): no params data found [ 404.438397][ T5851] Bluetooth: hci4: command tx timeout [ 404.450386][ T78] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.610900][T16023] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2999'. [ 404.620388][T16023] netlink: 'syz.2.2999': attribute type 7 has an invalid length. [ 404.628485][T16023] netlink: 'syz.2.2999': attribute type 8 has an invalid length. [ 404.636400][T16023] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2999'. [ 404.648004][ T78] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.795707][ T78] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 404.903099][T16036] netlink: 'syz.2.3004': attribute type 10 has an invalid length. [ 404.914633][T15951] bridge0: port 1(bridge_slave_0) entered blocking state [ 404.922087][T15951] bridge0: port 1(bridge_slave_0) entered disabled state [ 404.930814][T15951] bridge_slave_0: entered allmulticast mode [ 404.938286][T15951] bridge_slave_0: entered promiscuous mode [ 404.947488][T15951] bridge0: port 2(bridge_slave_1) entered blocking state [ 404.955476][T15951] bridge0: port 2(bridge_slave_1) entered disabled state [ 404.963095][T15951] bridge_slave_1: entered allmulticast mode [ 404.971409][T15951] bridge_slave_1: entered promiscuous mode [ 405.014233][T15951] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 405.035764][T15951] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 405.139658][T16039] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3005'. [ 405.157315][T15951] team0: Port device team_slave_0 added [ 405.183231][T15951] team0: Port device team_slave_1 added [ 405.253070][T16041] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3006'. [ 405.339868][T16041] netlink: 'syz.1.3006': attribute type 1 has an invalid length. [ 405.347905][T16041] netlink: 'syz.1.3006': attribute type 2 has an invalid length. [ 405.364911][T16041] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3006'. [ 405.365382][T16051] ipt_rpfilter: unknown options [ 405.526004][T15951] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 405.560027][T15951] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 405.586449][T16059] xt_CT: No such helper "snmp" [ 405.586873][T15951] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 405.627204][T15951] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 405.640143][T15951] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 405.649727][T16065] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input7 [ 405.670353][T15951] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 405.709340][ T5851] Bluetooth: hci3: command tx timeout [ 405.813681][ T78] bridge_slave_1: left allmulticast mode [ 405.835462][ T78] bridge_slave_1: left promiscuous mode [ 405.853783][ T78] bridge0: port 2(bridge_slave_1) entered disabled state [ 405.880089][ T78] bridge_slave_0: left allmulticast mode [ 405.901167][ T78] bridge_slave_0: left promiscuous mode [ 405.907219][ T78] bridge0: port 1(bridge_slave_0) entered disabled state [ 406.355050][ T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 406.366693][ T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 406.379060][ T78] bond0 (unregistering): Released all slaves [ 406.483437][T15967] chnl_net:caif_netlink_parms(): no params data found [ 406.508824][ T5851] Bluetooth: hci4: command tx timeout [ 406.601100][T16082] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3018'. [ 406.609972][T15951] hsr_slave_0: entered promiscuous mode [ 406.625624][T15951] hsr_slave_1: entered promiscuous mode [ 406.640452][T15951] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 406.650355][T15951] Cannot create hsr debugfs directory [ 407.017453][T16102] syz2: rxe_newlink: already configured on veth1_vlan [ 407.294102][T16108] xt_CT: No such helper "snmp" [ 407.345797][T15967] bridge0: port 1(bridge_slave_0) entered blocking state [ 407.366808][T15967] bridge0: port 1(bridge_slave_0) entered disabled state [ 407.405254][T15967] bridge_slave_0: entered allmulticast mode [ 407.431420][T15967] bridge_slave_0: entered promiscuous mode [ 407.497651][T15967] bridge0: port 2(bridge_slave_1) entered blocking state [ 407.517751][T15967] bridge0: port 2(bridge_slave_1) entered disabled state [ 407.539997][T15967] bridge_slave_1: entered allmulticast mode [ 407.547453][T15967] bridge_slave_1: entered promiscuous mode [ 407.572960][ T78] hsr_slave_0: left promiscuous mode [ 407.581847][ T78] hsr_slave_1: left promiscuous mode [ 407.587927][ T78] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 407.595674][ T78] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 407.603973][ T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 407.615688][ T78] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 407.664728][ T78] veth1_macvtap: left promiscuous mode [ 407.674611][ T78] veth0_macvtap: left promiscuous mode [ 407.682915][ T78] veth1_vlan: left promiscuous mode [ 407.688929][ T78] veth0_vlan: left promiscuous mode [ 407.788807][ T5851] Bluetooth: hci3: command tx timeout [ 408.303586][ T78] team0 (unregistering): Port device team_slave_1 removed [ 408.380598][ T78] team0 (unregistering): Port device team_slave_0 removed [ 408.569689][T16129] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3033'. [ 408.589336][ T5851] Bluetooth: hci4: command tx timeout [ 408.697648][T16131] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3034'. [ 409.282731][T15967] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 409.370190][T15967] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 409.399159][T16147] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3041'. [ 409.535934][T15967] team0: Port device team_slave_0 added [ 409.548012][T15967] team0: Port device team_slave_1 added [ 409.646775][T16155] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3044'. [ 409.657668][T16157] netlink: 'syz.2.3045': attribute type 10 has an invalid length. [ 409.728029][T15967] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 409.741295][T15967] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 409.770608][T15967] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 409.798099][T16159] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3046'. [ 409.819432][T15967] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 409.826895][T15967] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 409.856824][T15967] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 409.874469][ T5851] Bluetooth: hci3: command tx timeout [ 409.891228][T16162] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3047'. [ 410.051529][T15967] hsr_slave_0: entered promiscuous mode [ 410.060785][T15967] hsr_slave_1: entered promiscuous mode [ 410.067113][T15967] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 410.071622][T16170] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3049'. [ 410.079693][T15967] Cannot create hsr debugfs directory [ 410.089568][T16170] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3049'. [ 410.094012][T16170] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3049'. [ 410.245196][T16171] xt_CT: No such helper "snmp" [ 410.577263][T15951] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 410.605574][T16189] netlink: 'syz.0.3057': attribute type 10 has an invalid length. [ 410.649840][T15951] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 410.668809][ T5851] Bluetooth: hci4: command tx timeout [ 410.697168][T15951] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 410.744614][T15951] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 411.211704][T15951] 8021q: adding VLAN 0 to HW filter on device bond0 [ 411.279834][T15951] 8021q: adding VLAN 0 to HW filter on device team0 [ 411.407708][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 411.415135][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 411.533151][ T6198] bridge0: port 2(bridge_slave_1) entered blocking state [ 411.540407][ T6198] bridge0: port 2(bridge_slave_1) entered forwarding state [ 411.613323][T15967] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 411.673827][T15967] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 411.720246][T15967] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 411.739273][T15967] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 412.086589][T15967] 8021q: adding VLAN 0 to HW filter on device bond0 [ 412.139120][T16255] __nla_validate_parse: 7 callbacks suppressed [ 412.139142][T16255] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3081'. [ 412.148673][T15967] 8021q: adding VLAN 0 to HW filter on device team0 [ 412.184429][ T78] bridge0: port 1(bridge_slave_0) entered blocking state [ 412.191755][ T78] bridge0: port 1(bridge_slave_0) entered forwarding state [ 412.255500][ T78] bridge0: port 2(bridge_slave_1) entered blocking state [ 412.262762][ T78] bridge0: port 2(bridge_slave_1) entered forwarding state [ 412.514328][T16272] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3086'. [ 412.521465][T15951] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 412.526292][T16272] netlink: 'syz.0.3086': attribute type 7 has an invalid length. [ 412.580049][T16272] netlink: 'syz.0.3086': attribute type 8 has an invalid length. [ 412.627284][T16272] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3086'. [ 412.643696][T16270] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3085'. [ 412.886585][T16284] netlink: 'syz.2.3089': attribute type 1 has an invalid length. [ 412.933008][T16288] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3090'. [ 413.075438][T16284] 8021q: adding VLAN 0 to HW filter on device bond17 [ 413.173152][T16290] bond17: (slave veth39): Enslaving as an active interface with a down link [ 413.341318][T15967] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 413.519365][T16310] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3096'. [ 413.575996][T15951] veth0_vlan: entered promiscuous mode [ 413.638727][T16306] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3104'. [ 413.681419][T16306] netlink: 5 bytes leftover after parsing attributes in process `syz.0.3104'. [ 413.706665][T16317] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3098'. [ 413.754044][T15951] veth1_vlan: entered promiscuous mode [ 413.824124][T15967] veth0_vlan: entered promiscuous mode [ 413.883927][T15967] veth1_vlan: entered promiscuous mode [ 413.975756][T15951] veth0_macvtap: entered promiscuous mode [ 413.992658][T16327] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on [ 414.064938][T15967] veth0_macvtap: entered promiscuous mode [ 414.077528][T15967] veth1_macvtap: entered promiscuous mode [ 414.094067][T15951] veth1_macvtap: entered promiscuous mode [ 414.147553][T15951] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 414.206517][T15967] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 414.231818][T15951] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 414.317082][T15951] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.345020][T15951] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.361012][T15951] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.371356][T15951] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.392613][T15967] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 414.483515][T16347] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3109'. [ 414.490796][T15967] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.512343][T15967] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.525208][T15967] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.536324][T15967] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 414.754320][ T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 414.779132][ T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 414.874706][ T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 414.887012][ T6169] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 414.923618][ T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 414.936363][ T6169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 415.053426][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 415.075166][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 415.715237][ T6174] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 415.893198][ T6174] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.122162][ T6174] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.301192][T16379] netlink: 'syz.1.3121': attribute type 7 has an invalid length. [ 416.317077][ T6174] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 416.328711][T16379] netlink: 'syz.1.3121': attribute type 8 has an invalid length. [ 416.419490][T16379] 0ªX¹¦D: entered promiscuous mode [ 416.438889][T16379] batadv_slave_1: entered promiscuous mode [ 416.454745][T16379] 0ªX¹¦D: left promiscuous mode [ 416.466065][T16379] batadv_slave_1: left promiscuous mode [ 416.520978][T16380] tipc: Enabled bearer , priority 0 [ 416.546389][T16383] +: renamed from syzkaller0 [ 416.555837][T16383] tipc: Disabling bearer [ 416.892655][ T6174] bridge_slave_1: left allmulticast mode [ 416.902401][ T6174] bridge_slave_1: left promiscuous mode [ 416.926312][ T6174] bridge0: port 2(bridge_slave_1) entered disabled state [ 416.973548][ T6174] bridge_slave_0: left allmulticast mode [ 416.987455][ T6174] bridge_slave_0: left promiscuous mode [ 417.009123][ T6174] bridge0: port 1(bridge_slave_0) entered disabled state [ 417.024441][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 417.040998][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 417.050639][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 417.064324][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 417.075582][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 417.121151][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 417.130843][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 417.139985][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 417.150262][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 417.160186][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 417.624749][ T6174] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 417.636136][ T6174] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 417.646806][ T6174] bond0 (unregistering): Released all slaves [ 417.663216][T16393] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 418.042804][T16416] FAULT_INJECTION: forcing a failure. [ 418.042804][T16416] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 418.057659][T16416] CPU: 0 UID: 0 PID: 16416 Comm: syz.0.3136 Not tainted 6.16.0-rc2-syzkaller-00161-g714db279942b #0 PREEMPT(full) [ 418.057689][T16416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 418.057701][T16416] Call Trace: [ 418.057710][T16416] [ 418.057719][T16416] dump_stack_lvl+0x189/0x250 [ 418.057755][T16416] ? __pfx____ratelimit+0x10/0x10 [ 418.057785][T16416] ? __pfx_dump_stack_lvl+0x10/0x10 [ 418.057815][T16416] ? __pfx__printk+0x10/0x10 [ 418.057837][T16416] ? __might_fault+0xb0/0x130 [ 418.057880][T16416] should_fail_ex+0x414/0x560 [ 418.057911][T16416] _copy_from_user+0x2d/0xb0 [ 418.057933][T16416] nr_rt_ioctl+0x74f/0xd50 [ 418.057953][T16416] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 418.057990][T16416] ? kasan_quarantine_put+0xdd/0x220 [ 418.058020][T16416] ? __pfx_nr_rt_ioctl+0x10/0x10 [ 418.058053][T16416] ? apparmor_capable+0x137/0x1b0 [ 418.058082][T16416] ? capable+0x89/0xe0 [ 418.058112][T16416] ? nr_ioctl+0x1b1/0x3b0 [ 418.058145][T16416] sock_do_ioctl+0xd9/0x300 [ 418.058176][T16416] ? __pfx_sock_do_ioctl+0x10/0x10 [ 418.058201][T16416] ? __lock_acquire+0xab9/0xd20 [ 418.058246][T16416] sock_ioctl+0x576/0x790 [ 418.058274][T16416] ? __pfx_sock_ioctl+0x10/0x10 [ 418.058300][T16416] ? __fget_files+0x2a/0x420 [ 418.058319][T16416] ? __fget_files+0x3a0/0x420 [ 418.058339][T16416] ? __fget_files+0x2a/0x420 [ 418.058361][T16416] ? bpf_lsm_file_ioctl+0x9/0x20 [ 418.058388][T16416] ? __pfx_sock_ioctl+0x10/0x10 [ 418.058415][T16416] __se_sys_ioctl+0xfc/0x170 [ 418.058442][T16416] do_syscall_64+0xfa/0x3b0 [ 418.058459][T16416] ? lockdep_hardirqs_on+0x9c/0x150 [ 418.058486][T16416] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.058505][T16416] ? clear_bhb_loop+0x60/0xb0 [ 418.058530][T16416] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.058549][T16416] RIP: 0033:0x7f21bd78e929 [ 418.058566][T16416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 418.058581][T16416] RSP: 002b:00007f21bb5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 418.058602][T16416] RAX: ffffffffffffffda RBX: 00007f21bd9b5fa0 RCX: 00007f21bd78e929 [ 418.058616][T16416] RDX: 0000200000000040 RSI: 000000000000890b RDI: 0000000000000004 [ 418.058629][T16416] RBP: 00007f21bb5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 418.058642][T16416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 418.058654][T16416] R13: 0000000000000000 R14: 00007f21bd9b5fa0 R15: 00007fffb85d0198 [ 418.058688][T16416] [ 418.617979][T16427] netlink: 'syz.0.3138': attribute type 10 has an invalid length. [ 418.796301][T16431] FAULT_INJECTION: forcing a failure. [ 418.796301][T16431] name failslab, interval 1, probability 0, space 0, times 0 [ 418.816089][T16431] CPU: 1 UID: 0 PID: 16431 Comm: syz.0.3140 Not tainted 6.16.0-rc2-syzkaller-00161-g714db279942b #0 PREEMPT(full) [ 418.816119][T16431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 418.816129][T16431] Call Trace: [ 418.816137][T16431] [ 418.816146][T16431] dump_stack_lvl+0x189/0x250 [ 418.816180][T16431] ? __pfx____ratelimit+0x10/0x10 [ 418.816209][T16431] ? __pfx_dump_stack_lvl+0x10/0x10 [ 418.816238][T16431] ? __pfx__printk+0x10/0x10 [ 418.816263][T16431] ? __pfx___might_resched+0x10/0x10 [ 418.816291][T16431] ? fs_reclaim_acquire+0x7d/0x100 [ 418.816319][T16431] should_fail_ex+0x414/0x560 [ 418.816352][T16431] should_failslab+0xa8/0x100 [ 418.816376][T16431] __kmalloc_noprof+0xcb/0x4f0 [ 418.816395][T16431] ? tomoyo_encode+0x28b/0x550 [ 418.816428][T16431] tomoyo_encode+0x28b/0x550 [ 418.816462][T16431] tomoyo_realpath_from_path+0x58d/0x5d0 [ 418.816491][T16431] ? tomoyo_domain+0xd9/0x130 [ 418.816526][T16431] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 418.816547][T16431] tomoyo_path_number_perm+0x1e8/0x5a0 [ 418.816573][T16431] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 418.816615][T16431] ? __lock_acquire+0xab9/0xd20 [ 418.816667][T16431] ? __fget_files+0x2a/0x420 [ 418.816693][T16431] ? __fget_files+0x2a/0x420 [ 418.816710][T16431] ? __fget_files+0x3a0/0x420 [ 418.816729][T16431] ? __fget_files+0x2a/0x420 [ 418.816755][T16431] security_file_ioctl+0xcb/0x2d0 [ 418.816780][T16431] __se_sys_ioctl+0x47/0x170 [ 418.816812][T16431] do_syscall_64+0xfa/0x3b0 [ 418.816830][T16431] ? lockdep_hardirqs_on+0x9c/0x150 [ 418.816857][T16431] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.816886][T16431] ? clear_bhb_loop+0x60/0xb0 [ 418.816911][T16431] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.816931][T16431] RIP: 0033:0x7f21bd78e929 [ 418.816950][T16431] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 418.816968][T16431] RSP: 002b:00007f21bb5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 418.816995][T16431] RAX: ffffffffffffffda RBX: 00007f21bd9b5fa0 RCX: 00007f21bd78e929 [ 418.817010][T16431] RDX: 0000200000000300 RSI: 000000000000890b RDI: 0000000000000004 [ 418.817022][T16431] RBP: 00007f21bb5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 418.817035][T16431] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 418.817047][T16431] R13: 0000000000000000 R14: 00007f21bd9b5fa0 R15: 00007fffb85d0198 [ 418.817081][T16431] [ 418.817233][T16431] ERROR: Out of memory at tomoyo_realpath_from_path. [ 419.153781][ T5851] Bluetooth: hci3: command tx timeout [ 419.239048][ T5851] Bluetooth: hci4: command tx timeout [ 419.285321][T16434] sit2: entered promiscuous mode [ 419.302668][T16434] sit2: entered allmulticast mode [ 419.457216][ T6174] hsr_slave_0: left promiscuous mode [ 419.477026][ T6174] hsr_slave_1: left promiscuous mode [ 419.494153][ T6174] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 419.517917][ T6174] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 419.537968][ T6174] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 419.558370][ T6174] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 419.605607][ T6174] veth1_macvtap: left promiscuous mode [ 419.623939][ T6174] veth0_macvtap: left promiscuous mode [ 419.630798][ T6174] veth1_vlan: left promiscuous mode [ 419.637042][ T6174] veth0_vlan: left promiscuous mode [ 419.691523][T16458] rdma_rxe: rxe_newlink: failed to add veth1_vlan [ 419.807649][T16462] __nla_validate_parse: 7 callbacks suppressed [ 419.807666][T16462] netlink: 112 bytes leftover after parsing attributes in process `syz.2.3150'. [ 420.284873][ T6174] team0 (unregistering): Port device team_slave_1 removed [ 420.343523][ T6174] team0 (unregistering): Port device team_slave_0 removed [ 421.044996][T16398] chnl_net:caif_netlink_parms(): no params data found [ 421.107105][T16468] netlink: 'syz.0.3152': attribute type 1 has an invalid length. [ 421.141026][T16471] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3151'. [ 421.144200][T16468] netlink: 'syz.0.3152': attribute type 1 has an invalid length. [ 421.159528][T16472] FAULT_INJECTION: forcing a failure. [ 421.159528][T16472] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 421.173340][T16468] netlink: 244 bytes leftover after parsing attributes in process `syz.0.3152'. [ 421.185393][T16472] CPU: 0 UID: 0 PID: 16472 Comm: syz.1.3153 Not tainted 6.16.0-rc2-syzkaller-00161-g714db279942b #0 PREEMPT(full) [ 421.185422][T16472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 421.185433][T16472] Call Trace: [ 421.185442][T16472] [ 421.185451][T16472] dump_stack_lvl+0x189/0x250 [ 421.185487][T16472] ? __pfx____ratelimit+0x10/0x10 [ 421.185515][T16472] ? __pfx_dump_stack_lvl+0x10/0x10 [ 421.185542][T16472] ? __pfx__printk+0x10/0x10 [ 421.185562][T16472] ? __might_fault+0xb0/0x130 [ 421.185603][T16472] should_fail_ex+0x414/0x560 [ 421.185634][T16472] _copy_from_user+0x2d/0xb0 [ 421.185655][T16472] nr_rt_ioctl+0x74f/0xd50 [ 421.185674][T16472] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 421.185709][T16472] ? kasan_quarantine_put+0xdd/0x220 [ 421.185737][T16472] ? __pfx_nr_rt_ioctl+0x10/0x10 [ 421.185770][T16472] ? apparmor_capable+0x137/0x1b0 [ 421.185800][T16472] ? capable+0x89/0xe0 [ 421.185829][T16472] ? nr_ioctl+0x1b1/0x3b0 [ 421.185856][T16472] sock_do_ioctl+0xd9/0x300 [ 421.185887][T16472] ? __pfx_sock_do_ioctl+0x10/0x10 [ 421.185911][T16472] ? __lock_acquire+0xab9/0xd20 [ 421.185956][T16472] sock_ioctl+0x576/0x790 [ 421.185987][T16472] ? __pfx_sock_ioctl+0x10/0x10 [ 421.186016][T16472] ? __fget_files+0x2a/0x420 [ 421.186036][T16472] ? __fget_files+0x3a0/0x420 [ 421.186057][T16472] ? __fget_files+0x2a/0x420 [ 421.186082][T16472] ? bpf_lsm_file_ioctl+0x9/0x20 [ 421.186110][T16472] ? __pfx_sock_ioctl+0x10/0x10 [ 421.186137][T16472] __se_sys_ioctl+0xfc/0x170 [ 421.186169][T16472] do_syscall_64+0xfa/0x3b0 [ 421.186186][T16472] ? lockdep_hardirqs_on+0x9c/0x150 [ 421.186214][T16472] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.186234][T16472] ? clear_bhb_loop+0x60/0xb0 [ 421.186258][T16472] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.186277][T16472] RIP: 0033:0x7fa71c98e929 [ 421.186296][T16472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 421.186312][T16472] RSP: 002b:00007fa71d87e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 421.186335][T16472] RAX: ffffffffffffffda RBX: 00007fa71cbb5fa0 RCX: 00007fa71c98e929 [ 421.186350][T16472] RDX: 0000200000000300 RSI: 000000000000890b RDI: 0000000000000004 [ 421.186363][T16472] RBP: 00007fa71d87e090 R08: 0000000000000000 R09: 0000000000000000 [ 421.186375][T16472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 421.186387][T16472] R13: 0000000000000000 R14: 00007fa71cbb5fa0 R15: 00007ffe111e86a8 [ 421.186419][T16472] [ 421.472482][ T5851] Bluetooth: hci3: command tx timeout [ 421.484225][ T5851] Bluetooth: hci4: command tx timeout [ 421.646568][T16483] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3155'. [ 421.653655][T16394] chnl_net:caif_netlink_parms(): no params data found [ 421.683700][T16485] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3154'. [ 421.822256][T16491] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3158'. [ 421.906113][T16496] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3158'. [ 421.912685][T16398] bridge0: port 1(bridge_slave_0) entered blocking state [ 421.934334][T16398] bridge0: port 1(bridge_slave_0) entered disabled state [ 421.944117][T16398] bridge_slave_0: entered allmulticast mode [ 421.954255][T16398] bridge_slave_0: entered promiscuous mode [ 421.963824][T16398] bridge0: port 2(bridge_slave_1) entered blocking state [ 421.971158][T16398] bridge0: port 2(bridge_slave_1) entered disabled state [ 421.982500][T16398] bridge_slave_1: entered allmulticast mode [ 421.991290][T16398] bridge_slave_1: entered promiscuous mode [ 422.187300][T16398] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 422.292871][T16398] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 422.385456][T16394] bridge0: port 1(bridge_slave_0) entered blocking state [ 422.395322][T16394] bridge0: port 1(bridge_slave_0) entered disabled state [ 422.415957][T16394] bridge_slave_0: entered allmulticast mode [ 422.463482][T16394] bridge_slave_0: entered promiscuous mode [ 422.464921][T16516] netlink: 596 bytes leftover after parsing attributes in process `syz.1.3164'. [ 422.478223][T16394] bridge0: port 2(bridge_slave_1) entered blocking state [ 422.486904][T16394] bridge0: port 2(bridge_slave_1) entered disabled state [ 422.501885][T16394] bridge_slave_1: entered allmulticast mode [ 422.521167][T16394] bridge_slave_1: entered promiscuous mode [ 422.609403][ T6174] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.705229][T16398] team0: Port device team_slave_0 added [ 422.761648][ T6174] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.834024][T16394] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 422.846359][T16398] team0: Port device team_slave_1 added [ 422.853751][T16521] tipc: Enabled bearer , priority 0 [ 422.881330][T16528] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.3168'. [ 422.882095][ T6174] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.903730][T16529] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.3168'. [ 422.927731][T16394] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 422.966666][T16517] tipc: Disabling bearer [ 423.193683][ T6174] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.224501][T16539] FAULT_INJECTION: forcing a failure. [ 423.224501][T16539] name failslab, interval 1, probability 0, space 0, times 0 [ 423.256006][T16539] CPU: 0 UID: 0 PID: 16539 Comm: syz.1.3173 Not tainted 6.16.0-rc2-syzkaller-00161-g714db279942b #0 PREEMPT(full) [ 423.256038][T16539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 423.256052][T16539] Call Trace: [ 423.256060][T16539] [ 423.256071][T16539] dump_stack_lvl+0x189/0x250 [ 423.256104][T16539] ? __pfx____ratelimit+0x10/0x10 [ 423.256131][T16539] ? __pfx_dump_stack_lvl+0x10/0x10 [ 423.256158][T16539] ? __pfx__printk+0x10/0x10 [ 423.256176][T16539] ? __local_bh_enable_ip+0x12d/0x1c0 [ 423.256210][T16539] should_fail_ex+0x414/0x560 [ 423.256229][T16539] should_failslab+0xa8/0x100 [ 423.256244][T16539] kmem_cache_alloc_noprof+0x73/0x3c0 [ 423.256261][T16539] ? skb_clone+0x212/0x3a0 [ 423.256280][T16539] skb_clone+0x212/0x3a0 [ 423.256297][T16539] __netlink_deliver_tap+0x404/0x850 [ 423.256320][T16539] ? netlink_deliver_tap+0x2e/0x1b0 [ 423.256335][T16539] netlink_deliver_tap+0x19c/0x1b0 [ 423.256350][T16539] netlink_dump+0x8e4/0xe20 [ 423.256371][T16539] ? __pfx_netlink_dump+0x10/0x10 [ 423.256393][T16539] ? genl_start+0x499/0x6c0 [ 423.256415][T16539] __netlink_dump_start+0x5cb/0x7e0 [ 423.256434][T16539] genl_family_rcv_msg_dumpit+0x1e7/0x2c0 [ 423.256454][T16539] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 423.256481][T16539] ? rcu_is_watching+0x15/0xb0 [ 423.256507][T16539] ? __pfx_genl_start+0x10/0x10 [ 423.256538][T16539] ? __pfx_genl_dumpit+0x10/0x10 [ 423.256561][T16539] ? __pfx_genl_done+0x10/0x10 [ 423.256592][T16539] ? bpf_lsm_capable+0x9/0x20 [ 423.256604][T16539] ? security_capable+0x7e/0x2e0 [ 423.256623][T16539] genl_rcv_msg+0x5da/0x790 [ 423.256644][T16539] ? __pfx_genl_rcv_msg+0x10/0x10 [ 423.256659][T16539] ? ref_tracker_free+0x63a/0x7d0 [ 423.256673][T16539] ? __pfx_l2tp_nl_cmd_tunnel_dump+0x10/0x10 [ 423.256687][T16539] ? __pfx_ref_tracker_free+0x10/0x10 [ 423.256709][T16539] netlink_rcv_skb+0x205/0x470 [ 423.256723][T16539] ? __pfx_genl_rcv_msg+0x10/0x10 [ 423.256741][T16539] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 423.256766][T16539] ? down_read+0x1ad/0x2e0 [ 423.256783][T16539] genl_rcv+0x28/0x40 [ 423.256799][T16539] netlink_unicast+0x758/0x8d0 [ 423.256819][T16539] netlink_sendmsg+0x805/0xb30 [ 423.256839][T16539] ? __pfx_netlink_sendmsg+0x10/0x10 [ 423.256860][T16539] ? aa_sock_msg_perm+0x94/0x160 [ 423.256877][T16539] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 423.256891][T16539] ? __pfx_netlink_sendmsg+0x10/0x10 [ 423.256905][T16539] __sock_sendmsg+0x219/0x270 [ 423.256925][T16539] ____sys_sendmsg+0x505/0x830 [ 423.256943][T16539] ? __pfx_____sys_sendmsg+0x10/0x10 [ 423.256964][T16539] ? import_iovec+0x74/0xa0 [ 423.256979][T16539] ___sys_sendmsg+0x21f/0x2a0 [ 423.256995][T16539] ? __pfx____sys_sendmsg+0x10/0x10 [ 423.257034][T16539] ? __fget_files+0x2a/0x420 [ 423.257048][T16539] ? __fget_files+0x3a0/0x420 [ 423.257068][T16539] __x64_sys_sendmsg+0x19b/0x260 [ 423.257084][T16539] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 423.257105][T16539] ? __pfx_ksys_write+0x10/0x10 [ 423.257115][T16539] ? rcu_is_watching+0x15/0xb0 [ 423.257135][T16539] ? do_syscall_64+0xbe/0x3b0 [ 423.257149][T16539] do_syscall_64+0xfa/0x3b0 [ 423.257159][T16539] ? lockdep_hardirqs_on+0x9c/0x150 [ 423.257175][T16539] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.257186][T16539] ? clear_bhb_loop+0x60/0xb0 [ 423.257200][T16539] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.257212][T16539] RIP: 0033:0x7fa71c98e929 [ 423.257224][T16539] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 423.257234][T16539] RSP: 002b:00007fa71d87e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 423.257248][T16539] RAX: ffffffffffffffda RBX: 00007fa71cbb5fa0 RCX: 00007fa71c98e929 [ 423.257257][T16539] RDX: 0000000000008000 RSI: 0000200000000940 RDI: 0000000000000003 [ 423.257264][T16539] RBP: 00007fa71d87e090 R08: 0000000000000000 R09: 0000000000000000 [ 423.257271][T16539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 423.257279][T16539] R13: 0000000000000000 R14: 00007fa71cbb5fa0 R15: 00007ffe111e86a8 [ 423.257298][T16539] [ 423.663721][ T5851] Bluetooth: hci3: command tx timeout [ 423.669744][ T5851] Bluetooth: hci4: command tx timeout [ 423.712138][T16394] team0: Port device team_slave_0 added [ 423.726547][T16394] team0: Port device team_slave_1 added [ 423.766877][T16537] xt_CT: No such helper "snmp" [ 423.787213][T16398] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 423.795233][T16398] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 423.824367][T16398] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 423.838879][T16398] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 423.846072][T16398] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 423.873577][T16398] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 424.006084][T16394] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 424.019304][T16394] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 424.046952][T16394] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 424.215888][T16398] hsr_slave_0: entered promiscuous mode [ 424.223918][T16398] hsr_slave_1: entered promiscuous mode [ 424.233612][T16398] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 424.246402][T16398] Cannot create hsr debugfs directory [ 424.253590][T16394] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 424.257030][T16566] netlink: 'syz.2.3181': attribute type 10 has an invalid length. [ 424.262975][T16394] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 424.311914][T16394] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 424.524403][T16394] hsr_slave_0: entered promiscuous mode [ 424.540678][T16394] hsr_slave_1: entered promiscuous mode [ 424.547347][T16394] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 424.558462][T16394] Cannot create hsr debugfs directory [ 424.568668][ T6174] bridge_slave_1: left allmulticast mode [ 424.574389][ T6174] bridge_slave_1: left promiscuous mode [ 424.586573][ T6174] bridge0: port 2(bridge_slave_1) entered disabled state [ 424.602473][T16573] netlink: 'syz.2.3184': attribute type 1 has an invalid length. [ 424.604359][ T6174] bridge_slave_0: left allmulticast mode [ 424.629385][ T6174] bridge_slave_0: left promiscuous mode [ 424.635204][ T6174] bridge0: port 1(bridge_slave_0) entered disabled state [ 425.135853][ T6174] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 425.154175][ T6174] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 425.165248][ T6174] bond0 (unregistering): Released all slaves [ 425.216852][T16573] 8021q: adding VLAN 0 to HW filter on device bond18 [ 425.284907][T16574] bond18: (slave veth41): Enslaving as an active interface with a down link [ 425.424507][T16580] __nla_validate_parse: 1 callbacks suppressed [ 425.424530][T16580] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3186'. [ 425.697320][T16585] xt_CT: No such helper "snmp" [ 425.708948][ T51] Bluetooth: hci4: command tx timeout [ 425.709124][ T5851] Bluetooth: hci3: command tx timeout [ 426.512301][T16609] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3197'. [ 426.595893][ T6174] hsr_slave_0: left promiscuous mode [ 426.621221][ T6174] hsr_slave_1: left promiscuous mode [ 426.627561][ T6174] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 426.650651][ T6174] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 426.665717][ T6174] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 426.675695][ T6174] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 426.703502][ T6174] veth1_macvtap: left promiscuous mode [ 426.711112][ T6174] veth0_macvtap: left promiscuous mode [ 426.717079][ T6174] veth1_vlan: left promiscuous mode [ 426.723962][ T6174] veth0_vlan: left promiscuous mode [ 426.747397][T16616] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3199'. [ 427.287157][ T6174] team0 (unregistering): Port device team_slave_1 removed [ 427.337468][ T6174] team0 (unregistering): Port device team_slave_0 removed [ 428.274798][T16629] vcan0: tx drop: invalid da for name 0x0000000000000003 [ 428.284502][T16398] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 428.357059][T16398] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 428.377380][T16398] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 428.381184][T16629] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3205'. [ 428.500135][T16638] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3208'. [ 428.633590][T16631] team0 (unregistering): Port device geneve0 removed [ 428.697201][T16398] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 428.864556][T16649] netlink: 256 bytes leftover after parsing attributes in process `syz.1.3210'. [ 428.909533][T16649] openvswitch: netlink: Flow key attr not present in new flow. [ 429.182181][T16398] 8021q: adding VLAN 0 to HW filter on device bond0 [ 429.252067][T16665] xt_CT: No such helper "snmp" [ 429.324962][T16394] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 429.347272][T16394] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 429.366419][T16394] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 429.396991][T16394] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 429.425970][T16398] 8021q: adding VLAN 0 to HW filter on device team0 [ 429.475010][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 429.482293][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 429.516208][ T6182] bridge0: port 2(bridge_slave_1) entered blocking state [ 429.523522][ T6182] bridge0: port 2(bridge_slave_1) entered forwarding state [ 429.857613][T16394] 8021q: adding VLAN 0 to HW filter on device bond0 [ 429.913177][T16394] 8021q: adding VLAN 0 to HW filter on device team0 [ 429.947068][ T6169] bridge0: port 1(bridge_slave_0) entered blocking state [ 429.954345][ T6169] bridge0: port 1(bridge_slave_0) entered forwarding state [ 430.024744][ T6205] bridge0: port 2(bridge_slave_1) entered blocking state [ 430.032056][ T6205] bridge0: port 2(bridge_slave_1) entered forwarding state [ 430.287191][T16398] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 430.472244][T16717] netlink: 13 bytes leftover after parsing attributes in process `syz.1.3230'. [ 430.485858][T16717] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3230'. [ 430.495693][T16717] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3230'. [ 430.528005][T16398] veth0_vlan: entered promiscuous mode [ 430.539056][T16717] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3230'. [ 430.619440][T16398] veth1_vlan: entered promiscuous mode [ 430.716454][T16398] veth0_macvtap: entered promiscuous mode [ 430.763200][T16398] veth1_macvtap: entered promiscuous mode [ 430.861218][T16398] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 430.916208][T16398] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 430.956946][T16398] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 430.974126][T16398] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 430.984241][T16398] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 430.994759][T16398] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 431.013221][T16394] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 431.032897][T16740] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3239'. [ 431.241840][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 431.264587][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 431.406629][ T6205] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 431.425773][ T6205] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 431.884858][T16394] veth0_vlan: entered promiscuous mode [ 431.922489][T16394] veth1_vlan: entered promiscuous mode [ 432.202050][ T78] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.288052][T16394] veth0_macvtap: entered promiscuous mode [ 432.373017][ T78] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.405711][T16394] veth1_macvtap: entered promiscuous mode [ 432.527644][ T78] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.582706][T16394] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 432.613452][T16394] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 432.633421][T16394] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.642580][T16394] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.655158][T16394] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.664457][T16394] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.696630][ T78] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.789859][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 432.797806][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 432.837856][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 432.852702][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 433.288537][ T78] bridge_slave_1: left allmulticast mode [ 433.314645][ T78] bridge_slave_1: left promiscuous mode [ 433.329621][ T78] bridge0: port 2(bridge_slave_1) entered disabled state [ 433.361504][ T78] bridge_slave_0: left allmulticast mode [ 433.367210][ T78] bridge_slave_0: left promiscuous mode [ 433.394768][ T78] bridge0: port 1(bridge_slave_0) entered disabled state [ 433.792281][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 433.802446][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 433.812929][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 433.821829][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 433.845363][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 434.125600][ T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 434.136834][ T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 434.147481][ T78] bond0 (unregistering): Released all slaves [ 434.681785][ T78] hsr_slave_0: left promiscuous mode [ 434.687938][ T78] hsr_slave_1: left promiscuous mode [ 434.694760][ T78] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 434.703935][ T78] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 434.712834][ T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 434.720922][ T78] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 434.756394][ T78] veth1_macvtap: left promiscuous mode [ 434.762104][ T78] veth0_macvtap: left promiscuous mode [ 434.767683][ T78] veth1_vlan: left promiscuous mode [ 434.773666][ T78] veth0_vlan: left promiscuous mode [ 435.463211][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 435.473535][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 435.499734][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 435.510363][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 435.530458][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 435.586301][ T78] team0 (unregistering): Port device team_slave_1 removed [ 435.635998][ T78] team0 (unregistering): Port device team_slave_0 removed [ 435.950568][ T5851] Bluetooth: hci3: command tx timeout [ 436.396217][T16795] chnl_net:caif_netlink_parms(): no params data found [ 436.949817][T16839] netlink: 'syz.0.3264': attribute type 10 has an invalid length. [ 437.024561][T16795] bridge0: port 1(bridge_slave_0) entered blocking state [ 437.037461][T16795] bridge0: port 1(bridge_slave_0) entered disabled state [ 437.057865][T16795] bridge_slave_0: entered allmulticast mode [ 437.086277][T16795] bridge_slave_0: entered promiscuous mode [ 437.136020][T16795] bridge0: port 2(bridge_slave_1) entered blocking state [ 437.167197][T16795] bridge0: port 2(bridge_slave_1) entered disabled state [ 437.190513][T16795] bridge_slave_1: entered allmulticast mode [ 437.206958][T16795] bridge_slave_1: entered promiscuous mode [ 437.227614][T16840] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3263'. [ 437.499104][T16795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 437.516529][T16795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 437.630424][ T5851] Bluetooth: hci4: command tx timeout [ 437.756681][T16866] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3270'. [ 437.780678][T16866] netlink: 'syz.2.3270': attribute type 7 has an invalid length. [ 437.801753][T16866] netlink: 'syz.2.3270': attribute type 8 has an invalid length. [ 437.814118][T16866] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3270'. [ 437.989562][T16795] team0: Port device team_slave_0 added [ 437.999959][T16795] team0: Port device team_slave_1 added [ 438.029978][ T5851] Bluetooth: hci3: command tx timeout [ 438.173646][ T78] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.207374][T16795] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 438.221013][T16795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 438.249006][T16795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 438.267942][T16795] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 438.275811][T16795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 438.302248][T16795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 438.381285][ T78] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.417589][T16876] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 438.493391][ T78] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.626661][T16884] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3277'. [ 438.650017][T16884] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3277'. [ 438.721882][ T78] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 438.813400][T16891] netlink: 666 bytes leftover after parsing attributes in process `syz.2.3280'. [ 438.947336][T16795] hsr_slave_0: entered promiscuous mode [ 438.960425][T16895] FAULT_INJECTION: forcing a failure. [ 438.960425][T16895] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 438.975783][T16795] hsr_slave_1: entered promiscuous mode [ 438.982619][T16795] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 438.991687][T16795] Cannot create hsr debugfs directory [ 439.008246][T16895] CPU: 1 UID: 0 PID: 16895 Comm: syz.1.3281 Not tainted 6.16.0-rc2-syzkaller-00161-g714db279942b #0 PREEMPT(full) [ 439.008275][T16895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 439.008287][T16895] Call Trace: [ 439.008296][T16895] [ 439.008304][T16895] dump_stack_lvl+0x189/0x250 [ 439.008339][T16895] ? __pfx____ratelimit+0x10/0x10 [ 439.008368][T16895] ? __pfx_dump_stack_lvl+0x10/0x10 [ 439.008396][T16895] ? __pfx__printk+0x10/0x10 [ 439.008417][T16895] ? __might_fault+0xb0/0x130 [ 439.008457][T16895] should_fail_ex+0x414/0x560 [ 439.008488][T16895] _copy_from_user+0x2d/0xb0 [ 439.008508][T16895] nr_rt_ioctl+0x74f/0xd50 [ 439.008528][T16895] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 439.008563][T16895] ? kasan_quarantine_put+0xdd/0x220 [ 439.008591][T16895] ? __pfx_nr_rt_ioctl+0x10/0x10 [ 439.008623][T16895] ? apparmor_capable+0x137/0x1b0 [ 439.008652][T16895] ? capable+0x89/0xe0 [ 439.008681][T16895] ? nr_ioctl+0x1b1/0x3b0 [ 439.008709][T16895] sock_do_ioctl+0xd9/0x300 [ 439.008742][T16895] ? __pfx_sock_do_ioctl+0x10/0x10 [ 439.008767][T16895] ? __lock_acquire+0xab9/0xd20 [ 439.008812][T16895] sock_ioctl+0x576/0x790 [ 439.008841][T16895] ? __pfx_sock_ioctl+0x10/0x10 [ 439.008868][T16895] ? __fget_files+0x2a/0x420 [ 439.008888][T16895] ? __fget_files+0x3a0/0x420 [ 439.008907][T16895] ? __fget_files+0x2a/0x420 [ 439.008931][T16895] ? bpf_lsm_file_ioctl+0x9/0x20 [ 439.008958][T16895] ? __pfx_sock_ioctl+0x10/0x10 [ 439.008985][T16895] __se_sys_ioctl+0xfc/0x170 [ 439.009015][T16895] do_syscall_64+0xfa/0x3b0 [ 439.009031][T16895] ? lockdep_hardirqs_on+0x9c/0x150 [ 439.009058][T16895] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.009077][T16895] ? clear_bhb_loop+0x60/0xb0 [ 439.009100][T16895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.009117][T16895] RIP: 0033:0x7fa71c98e929 [ 439.009134][T16895] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 439.009156][T16895] RSP: 002b:00007fa71d87e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 439.009178][T16895] RAX: ffffffffffffffda RBX: 00007fa71cbb5fa0 RCX: 00007fa71c98e929 [ 439.009192][T16895] RDX: 0000200000000300 RSI: 000000000000890b RDI: 0000000000000004 [ 439.009205][T16895] RBP: 00007fa71d87e090 R08: 0000000000000000 R09: 0000000000000000 [ 439.009217][T16895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 439.009228][T16895] R13: 0000000000000000 R14: 00007fa71cbb5fa0 R15: 00007ffe111e86a8 [ 439.009261][T16895] [ 439.322603][T16897] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3283'. [ 439.647055][T16810] chnl_net:caif_netlink_parms(): no params data found [ 439.714044][ T5851] Bluetooth: hci4: command tx timeout [ 439.906579][T16930] FAULT_INJECTION: forcing a failure. [ 439.906579][T16930] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 439.922162][T16928] block nbd0: Unsupported socket: shutdown callout must be supported. [ 439.965059][T16930] CPU: 0 UID: 0 PID: 16930 Comm: syz.2.3294 Not tainted 6.16.0-rc2-syzkaller-00161-g714db279942b #0 PREEMPT(full) [ 439.965091][T16930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 439.965103][T16930] Call Trace: [ 439.965113][T16930] [ 439.965122][T16930] dump_stack_lvl+0x189/0x250 [ 439.965158][T16930] ? __pfx____ratelimit+0x10/0x10 [ 439.965187][T16930] ? __pfx_dump_stack_lvl+0x10/0x10 [ 439.965216][T16930] ? __pfx__printk+0x10/0x10 [ 439.965253][T16930] should_fail_ex+0x414/0x560 [ 439.965293][T16930] _copy_to_user+0x31/0xb0 [ 439.965316][T16930] simple_read_from_buffer+0xe1/0x170 [ 439.965355][T16930] proc_fail_nth_read+0x1df/0x250 [ 439.965383][T16930] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 439.965411][T16930] ? rw_verify_area+0x258/0x650 [ 439.965439][T16930] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 439.965464][T16930] vfs_read+0x1fd/0x980 [ 439.965500][T16930] ? __pfx___mutex_lock+0x10/0x10 [ 439.965520][T16930] ? __pfx_vfs_read+0x10/0x10 [ 439.965551][T16930] ? __fget_files+0x2a/0x420 [ 439.965578][T16930] ? __fget_files+0x3a0/0x420 [ 439.965596][T16930] ? __fget_files+0x2a/0x420 [ 439.965629][T16930] ksys_read+0x145/0x250 [ 439.965646][T16930] ? __fget_files+0x3a0/0x420 [ 439.965668][T16930] ? __pfx_ksys_read+0x10/0x10 [ 439.965703][T16930] ? do_syscall_64+0xbe/0x3b0 [ 439.965726][T16930] do_syscall_64+0xfa/0x3b0 [ 439.965743][T16930] ? lockdep_hardirqs_on+0x9c/0x150 [ 439.965770][T16930] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.965790][T16930] ? clear_bhb_loop+0x60/0xb0 [ 439.965813][T16930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.965832][T16930] RIP: 0033:0x7f1e8318d33c [ 439.965850][T16930] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 439.965866][T16930] RSP: 002b:00007f1e840e1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 439.965889][T16930] RAX: ffffffffffffffda RBX: 00007f1e833b5fa0 RCX: 00007f1e8318d33c [ 439.965904][T16930] RDX: 000000000000000f RSI: 00007f1e840e10a0 RDI: 0000000000000003 [ 439.965916][T16930] RBP: 00007f1e840e1090 R08: 0000000000000000 R09: 0000000000000000 [ 439.965929][T16930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 439.965941][T16930] R13: 0000000000000000 R14: 00007f1e833b5fa0 R15: 00007ffcc95ea478 [ 439.965975][T16930] [ 440.203016][ T5851] Bluetooth: hci3: command tx timeout [ 440.283582][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.290977][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.308407][ T78] bridge_slave_1: left allmulticast mode [ 440.314102][ T78] bridge_slave_1: left promiscuous mode [ 440.320221][ T78] bridge0: port 2(bridge_slave_1) entered disabled state [ 440.354722][ T78] bridge_slave_0: left allmulticast mode [ 440.378207][ T78] bridge_slave_0: left promiscuous mode [ 440.399877][ T78] bridge0: port 1(bridge_slave_0) entered disabled state [ 440.912821][ T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 440.925078][ T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 440.936000][ T78] bond0 (unregistering): Released all slaves [ 441.132567][T16810] bridge0: port 1(bridge_slave_0) entered blocking state [ 441.146200][T16810] bridge0: port 1(bridge_slave_0) entered disabled state [ 441.171202][T16810] bridge_slave_0: entered allmulticast mode [ 441.187192][T16810] bridge_slave_0: entered promiscuous mode [ 441.286680][T16810] bridge0: port 2(bridge_slave_1) entered blocking state [ 441.296492][T16810] bridge0: port 2(bridge_slave_1) entered disabled state [ 441.315101][T16810] bridge_slave_1: entered allmulticast mode [ 441.331640][T16810] bridge_slave_1: entered promiscuous mode [ 441.641892][T16986] netlink: 'syz.2.3309': attribute type 27 has an invalid length. [ 441.643310][T16987] netlink: 'syz.2.3309': attribute type 27 has an invalid length. [ 441.670953][T16810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 441.757220][T16810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 441.789463][ T5851] Bluetooth: hci4: command tx timeout [ 442.087538][T16810] team0: Port device team_slave_0 added [ 442.100569][T16810] team0: Port device team_slave_1 added [ 442.142663][ T78] hsr_slave_0: left promiscuous mode [ 442.156643][ T78] hsr_slave_1: left promiscuous mode [ 442.173360][ T78] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 442.190593][ T78] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 442.202562][ T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 442.210498][ T78] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 442.240476][ T78] veth1_macvtap: left promiscuous mode [ 442.246068][ T78] veth0_macvtap: left promiscuous mode [ 442.251903][ T78] veth1_vlan: left promiscuous mode [ 442.257274][ T78] veth0_vlan: left promiscuous mode [ 442.268629][ T5851] Bluetooth: hci3: command tx timeout [ 442.868563][ T78] team0 (unregistering): Port device team_slave_1 removed [ 442.915978][ T78] team0 (unregistering): Port device team_slave_0 removed [ 443.545411][T16810] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 443.560959][T16810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 443.603119][T16810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 443.630193][T16810] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 443.638205][T16810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 443.681599][T16810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 443.871632][ T5851] Bluetooth: hci4: command tx timeout [ 443.873408][T16810] hsr_slave_0: entered promiscuous mode [ 443.884912][T16810] hsr_slave_1: entered promiscuous mode [ 443.894599][T16810] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 443.903527][T16810] Cannot create hsr debugfs directory [ 443.913998][T17036] IPVS: sync thread started: state = BACKUP, mcast_ifn = ip6gretap0, syncid = 6, id = 0 [ 444.143599][T16795] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 444.192765][T16795] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 444.222365][T17040] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3323'. [ 444.233127][T17040] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3323'. [ 444.262172][T16795] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 444.276152][T16795] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 444.543756][T16795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 444.590214][T16795] 8021q: adding VLAN 0 to HW filter on device team0 [ 444.611954][ T78] bridge0: port 1(bridge_slave_0) entered blocking state [ 444.619397][ T78] bridge0: port 1(bridge_slave_0) entered forwarding state [ 444.662476][ T6169] bridge0: port 2(bridge_slave_1) entered blocking state [ 444.669758][ T6169] bridge0: port 2(bridge_slave_1) entered forwarding state [ 444.993019][T16810] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 445.047526][T16810] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 445.104798][T16810] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 445.173356][T16810] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 445.476261][T16795] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 445.681883][T17099] netlink: 'syz.2.3339': attribute type 83 has an invalid length. [ 445.692829][T16810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 445.763448][T16810] 8021q: adding VLAN 0 to HW filter on device team0 [ 445.796861][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 445.804118][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 445.881320][T16795] veth0_vlan: entered promiscuous mode [ 445.897439][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 445.904699][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 446.000935][T16795] veth1_vlan: entered promiscuous mode [ 446.023486][T17114] IPVS: stopping backup sync thread 12100 ... [ 446.064770][T17116] netlink: 'syz.0.3345': attribute type 5 has an invalid length. [ 446.137298][T17118] bridge0: entered allmulticast mode [ 446.174887][T16795] veth0_macvtap: entered promiscuous mode [ 446.207069][T16795] veth1_macvtap: entered promiscuous mode [ 446.234478][T16795] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 446.275787][T17121] netlink: 666 bytes leftover after parsing attributes in process `syz.1.3347'. [ 446.307099][T16795] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 446.345302][T16795] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.354559][T16795] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.364940][T16795] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.385684][T16795] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 446.708913][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 446.716793][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 446.769471][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 446.772083][T16810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 446.804725][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 447.072733][T17148] netlink: 'syz.2.3355': attribute type 1 has an invalid length. [ 447.127073][T17150] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.3356'. [ 447.231226][T17148] 8021q: adding VLAN 0 to HW filter on device bond19 [ 447.291077][T17152] bond19: (slave veth43): Enslaving as an active interface with a down link [ 447.459947][T17160] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3358'. [ 447.568088][ T78] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 447.690077][T17145] netlink: 'syz.0.3354': attribute type 1 has an invalid length. [ 447.775884][ T78] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 447.911423][ T78] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 447.957638][T16810] veth0_vlan: entered promiscuous mode [ 447.974076][T16810] veth1_vlan: entered promiscuous mode [ 448.006509][T16810] veth0_macvtap: entered promiscuous mode [ 448.017504][T16810] veth1_macvtap: entered promiscuous mode [ 448.043084][T16810] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 448.060515][T16810] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 448.076180][T16810] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 448.085213][T16810] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 448.095018][T16810] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 448.104937][T16810] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 448.177767][ T6186] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 448.198238][ T6186] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 448.230876][ T78] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 448.264536][ T6186] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 448.275488][ T6186] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 448.439313][T17166] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3361'. [ 448.491337][T17166] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3361'. [ 448.803962][T17178] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3364'. [ 448.849310][T17178] (unnamed net_device) (uninitialized): option use_carrier: invalid value (4) [ 448.867380][ T78] bridge_slave_1: left allmulticast mode [ 448.891014][ T78] bridge_slave_1: left promiscuous mode [ 448.907125][ T78] bridge0: port 2(bridge_slave_1) entered disabled state [ 448.925874][ T78] bridge_slave_0: left allmulticast mode [ 448.939133][ T78] bridge_slave_0: left promiscuous mode [ 448.955163][ T78] bridge0: port 1(bridge_slave_0) entered disabled state [ 449.045235][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 449.055455][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 449.068064][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 449.083946][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 449.096996][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 449.528313][ T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 449.547950][ T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 449.562716][ T78] bond0 (unregistering): Released all slaves [ 450.167954][ T78] hsr_slave_0: left promiscuous mode [ 450.181322][ T78] hsr_slave_1: left promiscuous mode [ 450.187189][ T78] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 450.197205][ T78] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 450.207470][ T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 450.215019][ T78] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 450.243610][ T78] veth1_macvtap: left promiscuous mode [ 450.249330][ T78] veth0_macvtap: left promiscuous mode [ 450.254909][ T78] veth1_vlan: left promiscuous mode [ 450.260774][ T78] veth0_vlan: left promiscuous mode [ 450.756353][ T78] team0 (unregistering): Port device team_slave_1 removed [ 450.804270][ T78] team0 (unregistering): Port device team_slave_0 removed [ 451.149011][ T51] Bluetooth: hci3: command tx timeout [ 451.552815][T17214] netlink: 'syz.0.3375': attribute type 1 has an invalid length. [ 451.738379][T17208] netlink: 540 bytes leftover after parsing attributes in process `syz.2.3373'. [ 451.806118][ T5851] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 451.833464][ T5851] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 451.843870][ T5851] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 451.859588][ T5851] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 451.871866][ T5851] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 451.895408][T17214] 8021q: adding VLAN 0 to HW filter on device bond15 [ 451.917340][T17225] netlink: 'syz.1.3376': attribute type 1 has an invalid length. [ 451.931910][T17215] 8021q: adding VLAN 0 to HW filter on device bond15 [ 451.939638][T17215] bond15: (slave vxcan3): The slave device specified does not support setting the MAC address [ 451.953168][T17215] bond15: (slave vxcan3): Error -95 calling set_mac_address [ 451.985219][T17216] veth33: entered promiscuous mode [ 451.997208][T17216] bond15: (slave veth33): Enslaving as an active interface with a down link [ 452.021674][T17218] vlan0: entered allmulticast mode [ 452.026882][T17218] bond15: entered allmulticast mode [ 452.104993][T17225] 8021q: adding VLAN 0 to HW filter on device bond19 [ 452.215830][T17227] bond19: (slave veth51): Enslaving as an active interface with a down link [ 452.236402][T17228] bond17: (slave veth0_to_bond): Releasing active interface [ 452.244411][T17228] bond17: (slave veth0_to_bond): the permanent HWaddr of slave - aa:aa:aa:aa:aa:1d - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 452.271018][T17228] bond19: (slave veth0_to_bond): making interface the new active one [ 452.281682][T17228] veth0_to_bond: entered promiscuous mode [ 452.287681][T17228] bond19: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 452.309978][T17233] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 453.022903][T17261] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3386'. [ 453.065055][T17253] xt_CT: No such helper "snmp" [ 453.074942][ T78] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.157932][T17187] chnl_net:caif_netlink_parms(): no params data found [ 453.229341][ T51] Bluetooth: hci3: command tx timeout [ 453.270824][ T78] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.317304][T17271] netlink: 'syz.2.3387': attribute type 11 has an invalid length. [ 453.338241][T17271] netlink: 'syz.2.3387': attribute type 11 has an invalid length. [ 453.346213][T17271] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3387'. [ 453.418914][ T78] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.447059][T17277] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (32767) [ 453.459042][T17277] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255 [ 453.581044][T17280] sctp: [Deprecated]: syz.0.3391 (pid 17280) Use of int in max_burst socket option deprecated. [ 453.581044][T17280] Use struct sctp_assoc_value instead [ 453.620739][ T78] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.731727][T17187] bridge0: port 1(bridge_slave_0) entered blocking state [ 453.740133][T17187] bridge0: port 1(bridge_slave_0) entered disabled state [ 453.747980][T17187] bridge_slave_0: entered allmulticast mode [ 453.757678][T17187] bridge_slave_0: entered promiscuous mode [ 453.799956][T17187] bridge0: port 2(bridge_slave_1) entered blocking state [ 453.807482][T17187] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.827735][T17187] bridge_slave_1: entered allmulticast mode [ 453.836900][T17187] bridge_slave_1: entered promiscuous mode [ 453.844022][T17289] rdma_rxe: rxe_newlink: failed to add veth1_vlan [ 453.949262][T17187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 453.959292][ T51] Bluetooth: hci4: command tx timeout [ 454.075456][T17187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 454.277284][T17187] team0: Port device team_slave_0 added [ 454.297133][T17187] team0: Port device team_slave_1 added [ 454.306811][T17217] chnl_net:caif_netlink_parms(): no params data found [ 454.505619][ T78] bridge_slave_1: left allmulticast mode [ 454.528614][ T78] bridge_slave_1: left promiscuous mode [ 454.538677][ T78] bridge0: port 2(bridge_slave_1) entered disabled state [ 454.573640][ T78] bridge_slave_0: left allmulticast mode [ 454.589091][ T78] bridge_slave_0: left promiscuous mode [ 454.595781][ T78] bridge0: port 1(bridge_slave_0) entered disabled state [ 454.632440][T17317] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3402'. [ 454.641815][T17317] netlink: 244 bytes leftover after parsing attributes in process `syz.1.3402'. [ 454.770255][T17321] netlink: 'syz.1.3403': attribute type 10 has an invalid length. [ 455.127148][ T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 455.141378][ T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 455.154910][ T78] bond0 (unregistering): Released all slaves [ 455.169462][T17187] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 455.178291][T17187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 455.205827][T17187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 455.302530][T17321] syz_tun: entered promiscuous mode [ 455.318808][ T5851] Bluetooth: hci3: command tx timeout [ 455.319313][T17321] syz_tun: left allmulticast mode [ 455.359290][T17187] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 455.366530][T17187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 455.393863][T17187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 455.683267][T17187] hsr_slave_0: entered promiscuous mode [ 455.693932][T17187] hsr_slave_1: entered promiscuous mode [ 455.702623][T17187] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 455.714094][T17187] Cannot create hsr debugfs directory [ 455.725282][T17217] bridge0: port 1(bridge_slave_0) entered blocking state [ 455.743446][T17217] bridge0: port 1(bridge_slave_0) entered disabled state [ 455.759294][T17217] bridge_slave_0: entered allmulticast mode [ 455.772586][T17217] bridge_slave_0: entered promiscuous mode [ 456.031582][ T5851] Bluetooth: hci4: command tx timeout [ 456.053735][T17339] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 456.109784][T17217] bridge0: port 2(bridge_slave_1) entered blocking state [ 456.127217][T17217] bridge0: port 2(bridge_slave_1) entered disabled state [ 456.143583][T17217] bridge_slave_1: entered allmulticast mode [ 456.192587][T17217] bridge_slave_1: entered promiscuous mode [ 456.233869][T17351] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3409'. [ 456.249788][T17351] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3409'. [ 456.430132][T17339] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 456.464057][ T78] hsr_slave_0: left promiscuous mode [ 456.472611][ T78] hsr_slave_1: left promiscuous mode [ 456.483525][ T78] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 456.500066][ T78] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 456.522727][ T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 456.532054][ T78] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 456.569899][ T78] veth1_macvtap: left promiscuous mode [ 456.575558][ T78] veth0_macvtap: left promiscuous mode [ 456.581926][ T78] veth1_vlan: left promiscuous mode [ 456.587349][ T78] veth0_vlan: left promiscuous mode [ 457.210185][ T78] team0 (unregistering): Port device team_slave_1 removed [ 457.261588][ T78] team0 (unregistering): Port device team_slave_0 removed [ 457.392719][ T5851] Bluetooth: hci3: command tx timeout [ 457.824783][T17217] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 457.849139][T17339] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 457.905451][T17217] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 457.982465][T17339] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 458.077567][T17217] team0: Port device team_slave_0 added [ 458.110957][ T5851] Bluetooth: hci4: command 0x040f tx timeout [ 458.180002][T17217] team0: Port device team_slave_1 added [ 458.447437][T17339] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 458.466639][T17217] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 458.476054][T17217] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 458.505688][T17217] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 458.539979][T17339] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 458.550107][T17217] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 458.557101][T17217] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 458.586168][T17217] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 458.644268][T17339] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 458.710337][T17339] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 458.824855][T17217] hsr_slave_0: entered promiscuous mode [ 458.834004][T17217] hsr_slave_1: entered promiscuous mode [ 458.841207][T17217] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 458.849585][T17217] Cannot create hsr debugfs directory [ 459.133760][T17379] pim6reg1: entered promiscuous mode [ 459.148814][T17379] pim6reg1: entered allmulticast mode [ 459.224294][T17387] gretap0: left allmulticast mode [ 459.232923][T17387] gretap0: left promiscuous mode [ 459.242687][T17387] bridge0: port 1(gretap0) entered disabled state [ 459.267923][T17387] bridge0: port 2(0!) entered disabled state [ 459.326956][T17387] bond0: (slave wlan1): Releasing backup interface [ 459.361270][T17393] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3422'. [ 459.373793][T17393] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3422'. [ 459.381245][T17387] bond5: (slave veth29): Releasing active interface [ 459.417698][T17387] bond6: (slave veth31): Releasing active interface [ 459.455299][T17387] bond8: (slave veth33): Releasing active interface [ 459.476041][T17387] bond9: (slave veth35): Releasing active interface [ 459.495531][T17387] bond16: (slave veth37): Releasing active interface [ 459.513511][T17387] bond17: (slave veth39): Releasing active interface [ 459.532028][T17387] bond18: (slave veth41): Releasing active interface [ 459.547431][T17387] bond19: (slave veth43): Releasing active interface [ 459.876217][T17402] netlink: 'syz.2.3426': attribute type 1 has an invalid length. [ 459.955253][T17402] 8021q: adding VLAN 0 to HW filter on device bond20 [ 460.003059][T17406] bond20: (slave veth45): Enslaving as an active interface with a down link [ 460.060318][T17187] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 460.094742][T17187] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 460.188739][ T51] Bluetooth: hci4: command 0x040f tx timeout [ 460.211317][T17187] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 460.252831][T17187] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 460.374480][T17427] x_tables: duplicate underflow at hook 1 [ 460.381520][T17427] netlink: 146840 bytes leftover after parsing attributes in process `syz.1.3429'. [ 460.426512][T17429] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3433'. [ 460.457911][T17429] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3433'. [ 460.695706][T17187] 8021q: adding VLAN 0 to HW filter on device bond0 [ 460.700118][T17433] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains [ 460.803534][T17187] 8021q: adding VLAN 0 to HW filter on device team0 [ 460.839273][T17217] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 460.867398][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 460.874725][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 460.893912][T17217] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 460.932663][ T6186] bridge0: port 2(bridge_slave_1) entered blocking state [ 460.939957][ T6186] bridge0: port 2(bridge_slave_1) entered forwarding state [ 460.967236][T17442] netlink: 'syz.0.3438': attribute type 29 has an invalid length. [ 460.976801][T17217] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 461.011985][T17217] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 461.126080][T17450] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3439'. [ 461.309484][T17217] 8021q: adding VLAN 0 to HW filter on device bond0 [ 461.323978][T17453] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3440'. [ 461.401835][T17217] 8021q: adding VLAN 0 to HW filter on device team0 [ 461.455487][ T6174] bridge0: port 1(bridge_slave_0) entered blocking state [ 461.462767][ T6174] bridge0: port 1(bridge_slave_0) entered forwarding state [ 461.526401][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 461.533686][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 461.631599][T17465] netlink: 184 bytes leftover after parsing attributes in process `syz.1.3443'. [ 461.701677][T17468] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3443'. [ 461.702315][T17187] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 461.895046][T17187] veth0_vlan: entered promiscuous mode [ 461.956722][T17187] veth1_vlan: entered promiscuous mode [ 462.114488][T17187] veth0_macvtap: entered promiscuous mode [ 462.164504][T17187] veth1_macvtap: entered promiscuous mode [ 462.233574][T17187] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 462.269891][ T51] Bluetooth: hci4: command 0x040f tx timeout [ 462.284794][T17187] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 462.326176][T17187] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.340671][T17187] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.368176][T17187] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.393662][T17187] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 462.524116][T17217] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 462.687253][ T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 462.728330][ T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 462.829736][ T6169] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 462.846534][ T6169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 462.846972][T17502] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 462.975199][T17502] netlink: 'syz.2.3451': attribute type 10 has an invalid length. [ 462.983968][T17502] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3451'. [ 462.996157][T17502] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 463.041273][T17502] netlink: 'syz.2.3451': attribute type 3 has an invalid length. [ 463.055330][T17509] FAULT_INJECTION: forcing a failure. [ 463.055330][T17509] name failslab, interval 1, probability 0, space 0, times 0 [ 463.069973][T17502] netlink: 'syz.2.3451': attribute type 2 has an invalid length. [ 463.093160][T17509] CPU: 0 UID: 0 PID: 17509 Comm: syz.0.3454 Not tainted 6.16.0-rc2-syzkaller-00161-g714db279942b #0 PREEMPT(full) [ 463.093190][T17509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 463.093202][T17509] Call Trace: [ 463.093211][T17509] [ 463.093221][T17509] dump_stack_lvl+0x189/0x250 [ 463.093256][T17509] ? __pfx____ratelimit+0x10/0x10 [ 463.093286][T17509] ? __pfx_dump_stack_lvl+0x10/0x10 [ 463.093315][T17509] ? __pfx__printk+0x10/0x10 [ 463.093343][T17509] ? __pfx___might_resched+0x10/0x10 [ 463.093382][T17509] ? fs_reclaim_acquire+0x7d/0x100 [ 463.093411][T17509] should_fail_ex+0x414/0x560 [ 463.093443][T17509] should_failslab+0xa8/0x100 [ 463.093467][T17509] __kmalloc_noprof+0xcb/0x4f0 [ 463.093486][T17509] ? ethnl_default_notify+0x1cd/0x990 [ 463.093516][T17509] ethnl_default_notify+0x1cd/0x990 [ 463.093549][T17509] ? __pfx_ethnl_default_notify+0x10/0x10 [ 463.093600][T17509] ? mutex_is_locked+0x17/0x50 [ 463.093618][T17509] ? rtnl_is_locked+0x15/0x20 [ 463.093647][T17509] ethnl_netdev_event+0xe2/0x160 [ 463.093674][T17509] notifier_call_chain+0x1b3/0x3e0 [ 463.093714][T17509] netdev_change_features+0x8d/0xd0 [ 463.093741][T17509] ? __pfx_netdev_change_features+0x10/0x10 [ 463.093764][T17509] ? cfg80211_netdev_notifier_call+0x1ea/0x13c0 [ 463.093790][T17509] ? netlink_broadcast_filtered+0x10c6/0x1140 [ 463.093814][T17509] ? netif_set_tso_max_size+0x10e/0x1d0 [ 463.093842][T17509] bond_compute_features+0x615/0x680 [ 463.093882][T17509] ? __pfx_bond_compute_features+0x10/0x10 [ 463.093921][T17509] bond_netdev_event+0x72e/0xe80 [ 463.093952][T17509] ? __pfx_bond_netdev_event+0x10/0x10 [ 463.093975][T17509] ? inetdev_event+0x464/0x15b0 [ 463.094012][T17509] ? igmp_netdev_event+0x7c/0x770 [ 463.094050][T17509] notifier_call_chain+0x1b3/0x3e0 [ 463.094088][T17509] netdev_update_features+0xa3/0xe0 [ 463.094109][T17509] ? __pfx_netdev_update_features+0x10/0x10 [ 463.094141][T17509] veth_xdp+0x570/0x730 [ 463.094176][T17509] dev_xdp_propagate+0x125/0x260 [ 463.094204][T17509] bond_xdp+0x3ff/0x850 [ 463.094231][T17509] ? __pfx_bond_xdp+0x10/0x10 [ 463.094270][T17509] dev_xdp_install+0x38d/0x5d0 [ 463.094294][T17509] ? __pfx_bond_xdp+0x10/0x10 [ 463.094313][T17509] ? __pfx_dev_xdp_install+0x10/0x10 [ 463.094331][T17509] ? __local_bh_enable_ip+0x12d/0x1c0 [ 463.094380][T17509] ? __pfx_bond_xdp+0x10/0x10 [ 463.094397][T17509] dev_xdp_attach+0xbca/0x1040 [ 463.094436][T17509] bpf_xdp_link_attach+0x460/0x8c0 [ 463.094461][T17509] ? __lock_acquire+0xab9/0xd20 [ 463.094495][T17509] ? __pfx_bpf_xdp_link_attach+0x10/0x10 [ 463.094543][T17509] ? __fget_files+0x3a0/0x420 [ 463.094563][T17509] ? __fget_files+0x2a/0x420 [ 463.094587][T17509] ? attach_type_to_prog_type+0x40a/0x470 [ 463.094617][T17509] ? bpf_prog_attach_check_attach_type+0x39c/0x540 [ 463.094651][T17509] link_create+0x461/0x8a0 [ 463.094685][T17509] __sys_bpf+0x599/0x860 [ 463.094715][T17509] ? __pfx___sys_bpf+0x10/0x10 [ 463.094757][T17509] ? ksys_write+0x22a/0x250 [ 463.094779][T17509] ? __pfx_ksys_write+0x10/0x10 [ 463.094794][T17509] ? rcu_is_watching+0x15/0xb0 [ 463.094833][T17509] __x64_sys_bpf+0x7c/0x90 [ 463.094858][T17509] do_syscall_64+0xfa/0x3b0 [ 463.094875][T17509] ? lockdep_hardirqs_on+0x9c/0x150 [ 463.094903][T17509] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.094921][T17509] ? clear_bhb_loop+0x60/0xb0 [ 463.094946][T17509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.094965][T17509] RIP: 0033:0x7f21bd78e929 [ 463.094984][T17509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.095001][T17509] RSP: 002b:00007f21bb5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 463.095023][T17509] RAX: ffffffffffffffda RBX: 00007f21bd9b5fa0 RCX: 00007f21bd78e929 [ 463.095038][T17509] RDX: 0000000000000040 RSI: 0000200000000240 RDI: 000000000000001c [ 463.095051][T17509] RBP: 00007f21bb5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 463.095063][T17509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 463.095075][T17509] R13: 0000000000000000 R14: 00007f21bd9b5fa0 R15: 00007fffb85d0198 [ 463.095110][T17509] [ 463.736101][T17516] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 463.892629][T17217] veth0_vlan: entered promiscuous mode [ 463.902976][T17526] FAULT_INJECTION: forcing a failure. [ 463.902976][T17526] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 463.907496][T17217] veth1_vlan: entered promiscuous mode [ 463.956320][T17217] veth0_macvtap: entered promiscuous mode [ 463.970679][T17217] veth1_macvtap: entered promiscuous mode [ 463.985749][ T13] veth0_to_bond: left promiscuous mode [ 463.992455][T17526] CPU: 0 UID: 0 PID: 17526 Comm: syz.2.3460 Not tainted 6.16.0-rc2-syzkaller-00161-g714db279942b #0 PREEMPT(full) [ 463.992486][T17526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 463.992498][T17526] Call Trace: [ 463.992507][T17526] [ 463.992516][T17526] dump_stack_lvl+0x189/0x250 [ 463.992550][T17526] ? __pfx____ratelimit+0x10/0x10 [ 463.992577][T17526] ? __pfx_dump_stack_lvl+0x10/0x10 [ 463.992604][T17526] ? __pfx__printk+0x10/0x10 [ 463.992625][T17526] ? __might_fault+0xb0/0x130 [ 463.992655][T17526] should_fail_ex+0x414/0x560 [ 463.992684][T17526] _copy_from_user+0x2d/0xb0 [ 463.992704][T17526] ___sys_sendmsg+0x158/0x2a0 [ 463.992730][T17526] ? __pfx____sys_sendmsg+0x10/0x10 [ 463.992793][T17526] ? __fget_files+0x2a/0x420 [ 463.992814][T17526] ? __fget_files+0x3a0/0x420 [ 463.992847][T17526] __x64_sys_sendmsg+0x19b/0x260 [ 463.992875][T17526] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 463.992910][T17526] ? __pfx_ksys_write+0x10/0x10 [ 463.992926][T17526] ? rcu_is_watching+0x15/0xb0 [ 463.992960][T17526] ? do_syscall_64+0xbe/0x3b0 [ 463.992983][T17526] do_syscall_64+0xfa/0x3b0 [ 463.992999][T17526] ? lockdep_hardirqs_on+0x9c/0x150 [ 463.993026][T17526] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.993045][T17526] ? clear_bhb_loop+0x60/0xb0 [ 463.993069][T17526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 463.993087][T17526] RIP: 0033:0x7f1e8318e929 [ 463.993106][T17526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.993122][T17526] RSP: 002b:00007f1e840e1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 463.993144][T17526] RAX: ffffffffffffffda RBX: 00007f1e833b5fa0 RCX: 00007f1e8318e929 [ 463.993157][T17526] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000005 [ 463.993170][T17526] RBP: 00007f1e840e1090 R08: 0000000000000000 R09: 0000000000000000 [ 463.993182][T17526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 463.993194][T17526] R13: 0000000000000000 R14: 00007f1e833b5fa0 R15: 00007ffcc95ea478 [ 463.993226][T17526] [ 464.217020][T17217] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 464.233370][T17217] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 464.257619][T17217] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.284296][T17217] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.296691][T17217] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.311219][T17217] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.604123][ T6205] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.692838][T17542] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 464.729081][T17542] [ 464.731481][T17542] ============================================ [ 464.737643][T17542] WARNING: possible recursive locking detected [ 464.743793][T17542] 6.16.0-rc2-syzkaller-00161-g714db279942b #0 Not tainted [ 464.750923][T17542] -------------------------------------------- [ 464.757121][T17542] syz.1.3465/17542 is trying to acquire lock: [ 464.763188][T17542] ffff8880552acd30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: __netdev_update_features+0xcb1/0x1a20 [ 464.774190][T17542] [ 464.774190][T17542] but task is already holding lock: [ 464.781557][T17542] ffff8880552acd30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: dev_ethtool+0x716/0x1990 [ 464.791421][T17542] and the lock comparison function returns 0: [ 464.797482][T17542] [ 464.797482][T17542] other info that might help us debug this: [ 464.805644][T17542] Possible unsafe locking scenario: [ 464.805644][T17542] [ 464.813121][T17542] CPU0 [ 464.816421][T17542] ---- [ 464.819710][T17542] lock(&dev_instance_lock_key#20); [ 464.825021][T17542] lock(&dev_instance_lock_key#20); [ 464.830324][T17542] [ 464.830324][T17542] *** DEADLOCK *** [ 464.830324][T17542] [ 464.838562][T17542] May be due to missing lock nesting notation [ 464.838562][T17542] [ 464.846879][T17542] 2 locks held by syz.1.3465/17542: [ 464.852082][T17542] #0: ffffffff8f510348 (rtnl_mutex){+.+.}-{4:4}, at: dev_ethtool+0x1d0/0x1990 [ 464.861071][T17542] #1: ffff8880552acd30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: dev_ethtool+0x716/0x1990 [ 464.871358][T17542] [ 464.871358][T17542] stack backtrace: [ 464.877253][T17542] CPU: 1 UID: 0 PID: 17542 Comm: syz.1.3465 Not tainted 6.16.0-rc2-syzkaller-00161-g714db279942b #0 PREEMPT(full) [ 464.877273][T17542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 464.877282][T17542] Call Trace: [ 464.877290][T17542] [ 464.877299][T17542] dump_stack_lvl+0x189/0x250 [ 464.877326][T17542] ? __pfx_dump_stack_lvl+0x10/0x10 [ 464.877349][T17542] ? __pfx__printk+0x10/0x10 [ 464.877366][T17542] ? print_lock_name+0xde/0x100 [ 464.877382][T17542] print_deadlock_bug+0x28b/0x2a0 [ 464.877399][T17542] validate_chain+0x1a3f/0x2140 [ 464.877423][T17542] ? is_bpf_text_address+0x292/0x2b0 [ 464.877444][T17542] ? is_bpf_text_address+0x26/0x2b0 [ 464.877468][T17542] __lock_acquire+0xab9/0xd20 [ 464.877490][T17542] ? __netdev_update_features+0xcb1/0x1a20 [ 464.877509][T17542] lock_acquire+0x120/0x360 [ 464.877527][T17542] ? __netdev_update_features+0xcb1/0x1a20 [ 464.877551][T17542] __mutex_lock+0x182/0xe80 [ 464.877566][T17542] ? __netdev_update_features+0xcb1/0x1a20 [ 464.877584][T17542] ? kasan_save_track+0x4f/0x80 [ 464.877604][T17542] ? kasan_save_free_info+0x46/0x50 [ 464.877621][T17542] ? __kasan_slab_free+0x62/0x70 [ 464.877634][T17542] ? kmem_cache_free+0x18f/0x400 [ 464.877647][T17542] ? netlink_broadcast_filtered+0x103c/0x1140 [ 464.877661][T17542] ? ethnl_multicast+0xb6/0x100 [ 464.877677][T17542] ? ethnl_default_notify+0x7c0/0x990 [ 464.877694][T17542] ? ethnl_netdev_event+0xe2/0x160 [ 464.877713][T17542] ? __netdev_update_features+0xcb1/0x1a20 [ 464.877733][T17542] ? __lock_acquire+0xab9/0xd20 [ 464.877752][T17542] ? __pfx___mutex_lock+0x10/0x10 [ 464.877772][T17542] __netdev_update_features+0xcb1/0x1a20 [ 464.877795][T17542] ? __pfx___netdev_update_features+0x10/0x10 [ 464.877814][T17542] ? __wake_up_common_lock+0x190/0x1f0 [ 464.877832][T17542] ? cfg80211_netdev_notifier_call+0x1ea/0x13c0 [ 464.877851][T17542] ? netlink_broadcast_filtered+0x10c6/0x1140 [ 464.877866][T17542] ? __pfx_cfg80211_netdev_notifier_call+0x10/0x10 [ 464.877885][T17542] ? __lock_acquire+0xab9/0xd20 [ 464.877906][T17542] ? do_raw_spin_lock+0x121/0x290 [ 464.877924][T17542] netdev_update_features+0x6d/0xe0 [ 464.877939][T17542] ? __pfx_netdev_update_features+0x10/0x10 [ 464.877958][T17542] macsec_notify+0x2f5/0x660 [ 464.877975][T17542] ? __pfx_macsec_notify+0x10/0x10 [ 464.877992][T17542] notifier_call_chain+0x1b3/0x3e0 [ 464.878017][T17542] netdev_features_change+0x85/0xc0 [ 464.878031][T17542] ? __pfx_netdev_features_change+0x10/0x10 [ 464.878045][T17542] ? security_capable+0x7e/0x2e0 [ 464.878066][T17542] dev_ethtool+0x1520/0x1990 [ 464.878089][T17542] ? __pfx_dev_ethtool+0x10/0x10 [ 464.878115][T17542] ? dev_load+0x21/0x1f0 [ 464.878133][T17542] dev_ioctl+0x392/0x1150 [ 464.878153][T17542] sock_do_ioctl+0x22c/0x300 [ 464.878181][T17542] ? __pfx_sock_do_ioctl+0x10/0x10 [ 464.878208][T17542] ? __lock_acquire+0xab9/0xd20 [ 464.878240][T17542] sock_ioctl+0x576/0x790 [ 464.878268][T17542] ? __pfx_sock_ioctl+0x10/0x10 [ 464.878294][T17542] ? __fget_files+0x2a/0x420 [ 464.878314][T17542] ? __fget_files+0x3a0/0x420 [ 464.878334][T17542] ? __fget_files+0x2a/0x420 [ 464.878356][T17542] ? bpf_lsm_file_ioctl+0x9/0x20 [ 464.878383][T17542] ? __pfx_sock_ioctl+0x10/0x10 [ 464.878418][T17542] __se_sys_ioctl+0xfc/0x170 [ 464.878446][T17542] do_syscall_64+0xfa/0x3b0 [ 464.878464][T17542] ? lockdep_hardirqs_on+0x9c/0x150 [ 464.878493][T17542] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.878512][T17542] ? clear_bhb_loop+0x60/0xb0 [ 464.878534][T17542] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.878555][T17542] RIP: 0033:0x7fa71c98e929 [ 464.878574][T17542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 464.878591][T17542] RSP: 002b:00007fa71d87e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 464.878611][T17542] RAX: ffffffffffffffda RBX: 00007fa71cbb5fa0 RCX: 00007fa71c98e929 [ 464.878623][T17542] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000005 [ 464.878634][T17542] RBP: 00007fa71ca10b39 R08: 0000000000000000 R09: 0000000000000000 [ 464.878644][T17542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 464.878653][T17542] R13: 0000000000000000 R14: 00007fa71cbb5fa0 R15: 00007ffe111e86a8 [ 464.878670][T17542] [ 465.788321][ T51] Bluetooth: hci0: command tx timeout SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)