last executing test programs: 28.890160683s ago: executing program 3 (id=1399): r0 = socket$netlink(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_ADD(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="68020000000503000000000000000000030000005402010000000000080000000607ff000800180073797a300000000000000000000000000000000000000000000000000000000086bca39346212f86291651efda89f97eae0791a8937518b16a2af4d30592156d0200000000000000b1affc4118e64c993c59ca1f8ac4bbb9fd263d6a7335d3e804000800236f475b030000008500d60001000000070000000300060003000000030000004000010002000000090000009b1a04000200000000000004ff0006000300000006000000cde700000200000000010000020001000300000000100000030003000300000001040000b500040000030000000300000005000000010000000000000000000500010000007f000000090032790100000006000000f801040001000000400000000700070001000000018000000100ad0e03000000070000000100f1fd02000000050000000900030001000000060000000100f8ff010000008cc6000004000000030000009a0d00007f0006000100000009000000400003000000000008000000020004000300000003000000a2f33f0001000000070000000600070003000000040000004001df45000000000800000005000a00000000000200000040000400020000000900000000005b0c01000000050000000d00d38102000000c8ffffff07000a0b0100000004000000000003000000000007000000010008000200000009000000000015030300000010000000080007000200000002000000070001000300000000000100e40006000100000002000000ffff0700346ae0ba0500000006000300010000001e280000e85849350289e15d8bce78a7868a0c652da8abaa339b6a90245315a982ab2666f1d55a3b7d6ffe946ffe4553d64bca8e8c3e3f2cd3bb4776e9bf241568b46f032d3056d4"], 0x268}}, 0x840) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x2, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x39, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f0000000480)={r3, 0x0, 0x0}, 0x10) sendto$inet(r2, &(0x7f0000000100)="6b72571bede5698253628441a9f2b36cf51138dada113de18e1cac8594e0e8a35f6184d0b1065856c92930223289cc1c1a5b03acaf8834ccdbb621f9e443be75f282dc9dacd0f911c71681519877e9d5b1090884b08c060fc7aa9b9ca5e9940884b5ceee68ac593c3457e8a1cd52d4bf1328fde80ba10f05d9f4b7bc4efd8fe7172de415d0eabf5f2b10a65c0e6f6461c1ae80a7fe4df80b106b38b2776d98b00a5eed4dc1063a119fc7c51487474d86f6", 0xb1, 0x11, &(0x7f0000000000)={0x2, 0x4e24, @rand_addr=0x64010101}, 0x10) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04000a", 0x15}], 0x1}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33) write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[@ANYBLOB="563f000019"], 0xfe33) r5 = socket$pppoe(0x18, 0x1, 0x0) r6 = socket$unix(0x1, 0x7, 0x0) connect$pppoe(r5, &(0x7f0000015a00)={0x18, 0x0, {0x3, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}, 'bridge0\x00'}}, 0x1e) ioctl(r6, 0x0, &(0x7f0000000980)="5bd8a1fa031ebf7de8b2fa06cadc09f615bdd755baec7b67c84853fca92451bfafe3ad31862ba2aa81cca7a701f396fc3b083bf22a19ed0a9f47ce6adaba8927d316081d0b10de01995872e6988491c580c9c0334689443ced7bfcca7dd238607093c04a0b16934c0e9daadb88726f1aa8025ee18afa2d99f16ae5beb65e31dbac74f47f5866069ce1b0bb5b98ec807f61f35333891d040246112d67d0065d211fd1ad408ed2ed86cc7d4404a6b7a112cedb61adf5ef67beb1926baf03d07474b2caec1fec8f17922979fd4547deb8adb59ed43a45e90507d1becbc9d07d004565235653b0166e937bdfa3b5eb187f9c7a43709087c0cf5de997b2aa36d652abfe32dea02687847f07f51427932e0e8f47437c015b88ef71834009c430fbfe3b7fe2daf1b1be982bf0fc152eb3cb1d36026d599fb462c94e7a7bdd6fbd82442f7324ddedfb329e9e97a557951576562f11681f8dd3daff46aef394a73e81255e175488d35b43724fdefd80d6bf348f875e007ad878f02c6336cefcd6eb2ecf7d8a0c6320900aa12be6ea76f629ee10a8484424fede46b4c8a21cc15a235e0008c6ae79492ab799cd8f7b30fe9e48281b7d89114213f398a294265bd900d310b61158484abee984444cae909a3ddcb7599b847a6b5180a55f2371ed93c4be5b21095b143181497a48c48580c066ea52f70d2378fb782acb763baf23f65460550455a41cfac4470db8b632ccb5331834de7a77da642b33ecb128b29f48c3febe33e35cecfead82eee147de7c87332f8f6e39c535b03d7b4c25692f29e8e9fa4107f52682c1532466f77ed14f2f81bf8ec3a11f382b97a02756d12f1cd81f10ddb107b36322ac9357e8f9a8fa5e8347783b1cefaa42c0d7ab3b9831fa29fa10f33e6a0b3100031a9aad2fde75fdc9822a0a85c6ff8d3a7d154073b55551b0b316e3bf5162300fbc474e2015025adfb42380d286e1c0d26ef387488c45add0d7a998ae3ed41d58a63fa73f3f01e34b70edb8b86f3ad244eb8276ae316c46f86fb764ce8f04d3d2581d8610decd8580453ebd145c8f9d4e864bc15af2ed51c7c40c72c8ba6407ce66b198f37fb4caadf67223dfb65112e92b06bf4a21e2d085a88ce7a86697c6f343c5152b26f7e6267cab74d2b79732e7b28abf9f12a74c053474f4919018e5c7ab0fc8050ce414016997bb4b66b60a8222814f8e317b8606d46b8df57fbf5fb31b202e4be557b0072d9f24f584b4bfaa9b04db28036d2b598282f81df6e15b0158029b38ad60adf41747f6acc4aae563cd6915280d4e33800eb19e2e62b3fbc0d81bace6ca4b6ac806e2274bdede350a0f03f541b4bd40dc05133bd55a5a3d0345bdd285c96205e25f5e089829164c0d840976753c15ed121bed77c51c8fcadde617696125279635091800a8f38ee2198720c0a3d139f1e3804e046c8ea5b954e754db3d8af08c9aefdf89fbdafc77fa670946be4e58b59dbeac847c280110fb6e70536ddabb20ad3d02286b23d2e84798a2e88718babca5829db5d0e6e8187b61fb4f4520d30e37572b82180a8c901092214a7828033974576dec6067607b518fdb37825be6af9e3ab2e504d0e3eb929fcd48e0ea2d1bafc5618281e2826141997c4bb9a48aa05ae9f0bcbd53a61ed74d7e6bca619649a8361e3c1d2e86fe0ac9c4e8e6783ccff30fd152be678e4b9ce72feddc02a36a7aa5b8eadaaf018ac862f7fd9e3c13418754412f2a7f9d1a14ae8056047ff25c16d69ec913ca291a66a8323855eb3ade6f3c25723dc4a9ca47f2268a1eb676d8494bedd7520a239d9f61d540d5a52c18a60701208a4e4e7827486e9d678337c06344888ec8cff7551d3a0e4985c032a4258a7665f4b6fa46fc7de41e84da21b48f65a1d0b76ff6a440641fb2c7559e3a01e33fb2115f84369fc723554132729ad244caf33c7c115bf6c12b15ca2cf3b12fe77b4da3b27949a7584f2558642b6c572b215b4c9b97d72e58b5f96ed8d154975a3a333a19146914cb591c5e61f18fd5cede824cd5386ecae7168378af7597b33ff269a2d43808208b19531962fe43a35f9dc7d27dc74167bc167bd233b3aa971acaad6e8f6eab26cd3d1f000b676dc30a4c5f250bdb9e731649b903642de6735dcc4a8dbeb08de7cfbd5a45a41ebaed21db54d5f1c069a2639e0d5469213ede2c7339b631402eaca35717f593e6081eb942d67be58b51bde51bf366c9881a20c14c21b7de1b05d927b183859aad44bf12023b818481d82c13e64644ac7156bda7654ac34652102b6124c284004682bb50e8ac40b718d81ef3a360e031be0c8ab2cdc5cd39f40cc20007ea6323e1906fdc6cf775a4c274b817abbc001485d9aa59538d7e1e84de6fd1403c12299476d634100a19233290cb101a9e3d316f29e70051f68cd9664800ec318eac7be8eaef212c52d0034f8a98fcc29bae00119d7d5645a297b56959e13505f766004e6270f99d4c90f0f1af45a218f7c48bacc156b4c609b2cc2ab3ecf281141a99aed51d9299e97913bcba57acb8a3d2827312cabe7499bc643c5c51d2517a0ff8d39be496164ee8b7bc0890a4a0f65309d46d5c5fe96d5618ff9f003e3b1f7358269ef0bf8a60ebe0f882ad0b5f066fbf791d81e58440002b4ec9cb539e05fcba85baa2aa7eb855e6e3f27101a2fa68b018ec89bc7173fa8f3040218d900ae317f2225012409595c58e1246d0498daa96c7061ae54260ae70eabff29d36309721c8143e4c290bfc75c3c5428f840792b063965a16e6216a9d5ad158ef665cd1afcb426db1f48d739e345d0a2c01fcba9f2c18d26a6ecf04494cf7e3e7211b00da6d69c89fb1913d2e8c97b1962e74cf3755e6bdab2cd765a55a067b9ebf7658b61a8190343613dfea3af59a0275f9c3903161150ffb3cbdb11cdd4570ffd206d1c517716786471783a5a319684d23aec3a36bb6ae4485dd5663e2d5cec4a101ba769777a8be0f7931b773b54af83e84a03f9afbbc09181e9c6ee0526a66a5aa8e7a663f5d3a5a31c195f12c6960f36e1ef963e715e334e995149095c818988d4eb836a6cc93ec5885e0ee253d81f6d46b3112e39c33f774b0ca6839f754ce2758da87181d21c3e42f4817d2d9e37add087885bba496ed514f85ee2766520907d8321ee642c227d9827678c4fb4f468d90bb56f43b77c1c767aaf65d1116651f9c2f9bf53e62e473c7be050e8fa4222f85b317c21b2c30afc20cfc69f2d3409d63ae2b1bcdb545fb97352616963dfca8c7df0282e12bc3ec45333be2cc902275ac7b20824161cc3f0d3cb4d9080caed2176f436db6091efc80dd87d81e60b424fd26136453fad576cf06a885eec5882cae7bcd4b3eb271dca4e4a365375e12d832765c2c95a6822cdb56c58c0a0e39271ea04425b4f6f7be6e1de6c37de470eb42b9defafe63cbeca59ea53536be6ba161bc15969039e9045824e12c615cf44ffb0922d16efc1fd86d33787498fec38ea1755c6d9d5d22ee32f9146a71dee03562c31a303a5cebd33541f7f0c960bbb920c5bcdb57b5bcb609c398055505335e7fb20b6834d10c87557af0c6a69fc0fce7a24a81379f11545e86b0a245c03b44f79af163ec2629a572884f8cedfa65f100fa094202ef1fe355698d157cf20eab740a4cb4766f9e6120a33d68e4c84bc2a2c54d8bf11066168c04209bfb240d88408037e31f47474c89188f1d07922fec7ae3e3be902b607ad1d5814644651e3e47300c028251925b17997ea6db3122a309938b6c28d2643448b89c368cdc140aed3611ababfb0e7a6411374f11a192338ead6f8c3f8341224f887474f9d7c02518f934be54a0b21bbccbda2b24a0e0958f9505dfdb871bbb464e85e3db3ea9510808b5b9a8f88fe38323257dcb644cfe2fc6aa2f146f4580e8c6d7c00862ed0972576b886f440d4197f7e8d5874cda9e909296a89c2b45bd52beb3e81a75c618d76fbb67a3fa84419d75598985bf9d43bc7d5695f9d978792b61afb5dff6023d241fe04b0429c9a25acd2d8965c3809e66cafe882b3836060b16004f7e49e7e8f23eba8cedd5832dd49113af3f1e53933c574353104ff70a59868181f14830939aa6feb174d626f7b0f7eb1883400de51e49b3ed2d453dd78f537b4b37fea6cf1e2916cccef5117171fc92a5423aaf2c7931a4c7b5c9f88f58ebea55afc5c69059a112c38714fa1028f70d623981046fa1e6457270c67c56005f31118a3778130becc19a855eb3f6110bda90f11465c8f14c2d69b09fb6fd016ae7a3623c4f8eb70dc0a993e05beb1e8efb0e7f73034fc687edfcc25949666679244a327b9cd5a8b26405a5bb03b3f0ca334be7dd03688e33dc59c5c6e9b63ab1e0ca6865f50007d7ae90f2e5adadbb235179169ab02203e1fa3801c1e0d265f2d3838f982100517232325937c08c80fcdda7ee3e45cf8b3cc0f12cff2ae2b48533586f7b624b2d2ebb30793af56a92a9136f7b5639308da3e800a094b97b603e0d680b92ec81ef6bfe295ccca65d7bccbb5f1382c049946bb408dd340b9e7691988ec950c2efadb114c30ffc1681a7e709f1e8dfb140733d60a2eee88fcbe5aa3e51c857c04ca0ade8c7c3022293f07f050c42adda81a69758ea6dea92fcafae42666d061f53fe03f8d964be1a1b0f38baf945f56fdd3c279a002cd402aa739202f4e640991c48fa45429c7474053141a549ea13112b6aae91408cc176490176ad0e89902f0b7043ed845254aa6cda602fac2eb56325c6b107c2003865967393e35adb03a422796f69697d0f0377ca4ec85bd06937b193e71bce5e9ef5124a33e4f71cb5571d3e46a463ecb040c8570e0fb9180dbf1fc983c4b409f1b320cc415ef2667e945e4f6eefed29693714498ec7732b8c31534beef3296292d3b1747b1b39a9fb6bb2874ef8a2de6162e0308a40d8ac1de3ff46f0042413070670082969fa3918734ce671eed47915e03fc3d1c3c292d53dde96539b160c01dab1e76cca3c0ae97cf8aabd6426df7e5c03f8425384a11c329984a2caada25c4d7207f98e69bf0c85c97f4eeb221426e42ba180f53c76eaaf3a038d6db60818cb746463522f8162261d172c49179e40b88855db079e23ef5920589eac9d240852acd7c20491e87e431b32875b9aa25b2484246ea163cddf536aaa676b2cc3c6756af0ef98fad66c3fe064f7ecc18a6152e5dc7e7fcbd51f1de6501aa06a2ad5677b7938d9771e0e0ec6f77714b69ab79f6f441eba748c17a0973f4aa7f0ae093c9d061d12560c4d8c82c67e214c60221e54ad51220978efcaf6ef474024a10943166664e2b0530f68112d02207e5f087299191b99e450734900f0cf728f693291417ed13ace547f572d49947df7e2b25f557da2cbddbfcb3211645fc6415aeb1dd29591d11cd5630cdf4a9966daaab9def55a10ea7749714df907e0f1d90aa3f2cad5dfd2bd94363750e8ec5531b92aacbbf46a7095dd5ce3ccb46f16b602313c6836974274a5424357235077115c3e2361e491bb4a87575c8043cc87876ea4069717266387a367fc9b64f0a907a037cba7ab9539820de897aa8ef638798300ab535c898c095c052b8e293d9ff2bfd44241dba9e4072c8233d578fe3a14eeff4d120227789678303a1a06a9b424ffb28107ebce78e2c043ff1f6ae14d7feb5534698892493fbfd00c083d94ab2dd4e2d19a25751dfbbe122f3295f1b72a7012293eda780e0062e5d1996fdfbc9cf9a047dad04544665a86d2a21b3dbde08ab664d4d199db75d92a7eba605d01a4a3bccb") r7 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r7, &(0x7f0000015a80)={0x18, 0x0, {0x2, @random="4fe215a3c36a", 'bridge_slave_0\x00'}}, 0x1e) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, 0x0) ioctl$PPPOEIOCSFWD(r7, 0x4008b100, &(0x7f0000015e00)={0x18, 0x0, {0x4, @local, 'sit0\x00'}}) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="390000001300090468fe0700000000000000ff3f08000000480100100000000019002b000a0001000500000000000072080003000500000000", 0x39}], 0x1) 28.706279638s ago: executing program 3 (id=1401): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a010200000000000000000100fffe0900010073797a30000000000900030073797a3213000000dc000000060a010400000000000000000100000508000b4000000000b4000480200001800d00010073796e70726f7879000000000c000280060001400000000034000180080001006c6f670028000280080006400000000d110002402b24292d2d2a5d24402c2d400000000006000440000700003c0001800900010068617368000000002c0002800800074000000000080003400000001608000140000000120800024000000000080004400000000020000180080001006e61740014000280080003400000000008000540000000000900010073797a30"], 0x150}, 0x1, 0x0, 0x0, 0x4000d}, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8) syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000002c0)={'syztnl1\x00', &(0x7f0000000240)={'erspan0\x00', 0x0, 0x20, 0x40, 0x6, 0x4dd, {{0x10, 0x4, 0x0, 0x2e, 0x40, 0x68, 0x0, 0x4, 0x0, 0x0, @private=0xa010100, @loopback, {[@ssrr={0x89, 0xf, 0x5, [@remote, @multicast1, @rand_addr=0x64010101]}, @cipso={0x86, 0x1b, 0x1, [{0x7, 0x8, "de64bbf86029"}, {0x0, 0x8, "777f958f725b"}, {0x1, 0x2}, {0x1, 0x3, "ae"}]}]}}}}}) socket(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r1, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @null}, 0x1c) connect$rose(r1, &(0x7f00000000c0)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, 0x1, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, 0x1c) 28.614171419s ago: executing program 3 (id=1403): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x50) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000340)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="02"], 0x10) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@cgroup=r1, 0x2, 0x0, 0x7, &(0x7f0000000140)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_int(r3, 0x29, 0x43, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r4}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000690000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000009500000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) 28.400959811s ago: executing program 3 (id=1407): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@base={0x7, 0x4, 0x300, 0x5}, 0x48) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x1}, 0x20}}, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r0, &(0x7f0000000000), 0x0}, 0x20) syz_emit_ethernet(0x15, &(0x7f0000000540)={@random="fb57e76be621", @multicast, @val={@void, {0x8100, 0x1, 0x1, 0x3}}, {@x25={0x805, {0x3, 0x2, 0xf}}}}, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x4}, 0x50) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r3}, 0x4) r4 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000380)={0xffffffffffffffff, 0x401, 0x18}, 0xc) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x13, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x3}, [@func={0x85, 0x0, 0x1, 0x0, 0x4}, @printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xa5}}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}, @btf_id={0x18, 0x5, 0x3, 0x0, 0x2}]}, &(0x7f0000000180)='GPL\x00', 0x7f, 0xa0, &(0x7f00000001c0)=""/160, 0x41000, 0x20, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x1, 0x1}, 0x8, 0x10, &(0x7f00000004c0)={0x4000000, 0x7, 0xfff, 0x3ff}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[0x1, r2, r3, r4], 0x0, 0x10, 0x8001}, 0x94) 28.19726413s ago: executing program 3 (id=1409): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x70, 0x30, 0x0, 0x870bd2d, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x0, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x5}, @TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x8, 0x4000000, 0x0, 0x1ff, 0x80000}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x6}}}}]}]}, 0x70}}, 0x20048000) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) socket$netlink(0x10, 0x3, 0xc) r2 = socket$igmp6(0xa, 0x3, 0x2) socket$inet_mptcp(0x2, 0x1, 0x106) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) r3 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f00000001c0)="9bcd54f6551b733225", 0x9}], 0x1, 0x0, 0x0, 0x900}, 0x60) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r5, &(0x7f0000000340)={0x1d, r6, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r5, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000540)="81b651f1f3e7200923", 0x9}], 0x1}, 0x4048081) writev(r5, &(0x7f0000000100)=[{&(0x7f0000000000)="fd9a0db939d7e57b709a624c1978463e4a896e81129d488eba0d313789e8c3286176ea0f68ea7e275981d7d6a6566c20368644f719f6", 0x36}], 0x1) sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r6, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r7], 0x90}}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="740000001000210400000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa8886004000024001280090001007866726d000000001400028008000100010000000800020011000000050021000000000008000a00", @ANYRES32, @ANYBLOB='\n\x00:'], 0x74}}, 0x0) sendmsg$nl_route(r8, &(0x7f00000003c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000380)={&(0x7f0000000280)=@getstats={0x1c, 0x5e, 0x4, 0x70bd26, 0x25dfdbff, {0x0, 0x0, 0x0, r1, 0x5}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 11.658237524s ago: executing program 3 (id=1409): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x70, 0x30, 0x0, 0x870bd2d, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x0, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x5}, @TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x8, 0x4000000, 0x0, 0x1ff, 0x80000}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x6}}}}]}]}, 0x70}}, 0x20048000) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) socket$netlink(0x10, 0x3, 0xc) r2 = socket$igmp6(0xa, 0x3, 0x2) socket$inet_mptcp(0x2, 0x1, 0x106) socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) r3 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f00000001c0)="9bcd54f6551b733225", 0x9}], 0x1, 0x0, 0x0, 0x900}, 0x60) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r5, &(0x7f0000000340)={0x1d, r6, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r5, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000540)="81b651f1f3e7200923", 0x9}], 0x1}, 0x4048081) writev(r5, &(0x7f0000000100)=[{&(0x7f0000000000)="fd9a0db939d7e57b709a624c1978463e4a896e81129d488eba0d313789e8c3286176ea0f68ea7e275981d7d6a6566c20368644f719f6", 0x36}], 0x1) sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r6, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r7], 0x90}}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="740000001000210400000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa8886004000024001280090001007866726d000000001400028008000100010000000800020011000000050021000000000008000a00", @ANYRES32, @ANYBLOB='\n\x00:'], 0x74}}, 0x0) sendmsg$nl_route(r8, &(0x7f00000003c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000380)={&(0x7f0000000280)=@getstats={0x1c, 0x5e, 0x4, 0x70bd26, 0x25dfdbff, {0x0, 0x0, 0x0, r1, 0x5}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 3.660130807s ago: executing program 4 (id=1618): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm_base(ctr(aes-aesni),ghash-generic))\x00'}, 0x58) bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(serpent)\x00'}, 0x58) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x4e21, @remote}, @in6={0xa, 0x4e22, 0x7f, @private2, 0x7}], 0x2c) 3.238039728s ago: executing program 4 (id=1624): close(0x3) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x1d, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4}, 0x50) 3.061558943s ago: executing program 4 (id=1625): r0 = socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x5, 0x4}, {0x10000002, 0x5}]}, 0x94) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) close(r0) r3 = socket$kcm(0x2, 0x5, 0x84) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r5) recvmsg$unix(r4, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) socket$kcm(0xa, 0x5, 0x0) setsockopt$sock_attach_bpf(r3, 0x84, 0x64, &(0x7f0000000000)=r6, 0x10) recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) setsockopt$sock_attach_bpf(r0, 0x84, 0x6e, &(0x7f0000000000)=r7, 0x10) close(r3) 2.083653747s ago: executing program 4 (id=1641): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r0) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd7000fcdbdf253100000008000200", @ANYRES32=r2, @ANYBLOB="05003500080000000500360001000000050033"], 0x34}, 0x1, 0x0, 0x0, 0x40111}, 0x20000004) 1.897638797s ago: executing program 4 (id=1646): syz_genetlink_get_family_id$fou(&(0x7f00000002c0), 0xffffffffffffffff) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000b40)={@val={0x0, 0x86dd}, @val={0x0, 0x0, 0x12}, @mpls={[], @ipv6=@dccp_packet={0x8, 0x6, "f214c0", 0x32, 0x21, 0xff, @remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {[], {{0x4e20, 0x4e20, 0x4, 0x1, 0xd, 0x0, 0x0, 0x1, 0x3, "f8be20", 0x8, "e44751"}, "efcdd7c780a7ac0a30178129acde2b319721c802e51d5ffe8c0b4170f9a393c03e91"}}}}}, 0x68) 1.492629291s ago: executing program 4 (id=1654): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xc3490000) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, 0x0, 0x0) r1 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$inet_buf(r1, 0x0, 0x20, &(0x7f0000000040)="be9b5683", 0x4) 1.299172529s ago: executing program 0 (id=1657): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x2, 0xfe, 0x14}, @ipv4=@tcp={{0x8, 0x4, 0x0, 0x8, 0x34, 0x68, 0x0, 0x3, 0x6, 0x0, @private=0xa010100, @remote, {[@ssrr={0x89, 0x7, 0x9b, [@remote]}, @ssrr={0x89, 0x3, 0x9}]}}, {{0x4e20, 0x4e22, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0x10, 0x1, 0x0, 0x8}}}}, 0x42) 1.127214653s ago: executing program 2 (id=1660): socket(0x2a, 0x2, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) socket$inet6(0xa, 0x80003, 0xff) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6(0xa, 0x80003, 0xff) socket$inet6(0xa, 0x80003, 0xff) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000100)={0x0, 0xcc}, 0x8) socket$inet6(0xa, 0x802, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback, 0x7}], 0x1c) sendmmsg$inet6(r0, &(0x7f0000000640)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x2, @loopback, 0x3}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000300)="06", 0x1}], 0x1}}], 0x1, 0x3404c8d4) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES16=r0], 0x1000f) 979.03637ms ago: executing program 2 (id=1662): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x30, 0x16, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_FLOWTABLE_HOOK={0x4}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x78}}, 0x0) 954.387833ms ago: executing program 1 (id=1663): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{0x0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e20, 0x7, @private0, 0x4}}, 0x7ff, 0x10000, 0xa6, 0xe1ec, 0x3}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010024bd7000e8dbdf252100000008000300", @ANYRES32=r4, @ANYBLOB="08009e00"], 0x24}, 0x1, 0x0, 0x0, 0x4014001}, 0x0) 739.96338ms ago: executing program 0 (id=1664): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x26e1, 0x0) close(r0) socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="060000000010"}) 733.915149ms ago: executing program 2 (id=1665): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000340)="18000000010005", 0x7) 707.741165ms ago: executing program 1 (id=1666): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x20, 0x1411, 0x1, 0x70bd27, 0x0, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) 633.574262ms ago: executing program 2 (id=1667): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r3, 0xfffffffc) write$tun(r0, &(0x7f0000000240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x2, 0x11, 0x14}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x8, 0x28, 0x68, 0x0, 0x3, 0x6, 0x0, @private=0xa010100, @remote}, {{0x4e20, 0x4e22, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0x10, 0x1, 0x0, 0x8}}}}, 0x36) 558.91916ms ago: executing program 1 (id=1668): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) 498.025594ms ago: executing program 0 (id=1669): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001f00)=ANY=[@ANYBLOB="200000005e00250e00000000000000000c000080eec47c8e670527ab04000180"], 0x20}], 0x1}, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r0) syz_genetlink_get_family_id$ipvs(0x0, r0) 470.271728ms ago: executing program 1 (id=1670): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x10004}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000800)=""/213, 0xd5}, {&(0x7f0000000900)=""/242, 0xf2}, {&(0x7f0000003e00)=""/4098, 0x1002}, {&(0x7f00000006c0)=""/229, 0xe5}], 0x4}, 0x101}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/137, 0x89}, {&(0x7f0000001900)=""/222, 0xde}, {&(0x7f0000001a00)=""/4109, 0x100d}, {&(0x7f0000006080)=""/4085, 0xff5}, {&(0x7f0000000240)=""/111, 0x6f}], 0x5}, 0x4db}, {{0x0, 0x0, 0x0}, 0x8}], 0x7, 0x40000020, 0x0) 326.59908ms ago: executing program 0 (id=1671): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000200)=ANY=[@ANYBLOB="ec000000210001002dbd7000fedbdf25fe880000000000000000000000000101ac1414bb0000000000000500000000004e240002000700010a0080a000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="af6b6e00010000009c0011001901010000000000000000000000000020010000000000000000000000000001ac14143e0000000000c8b10000000000ac1414bb00000000000000000000000032fcff00073500000a00020000000000000000000000020000000000ac1e01010000000000000000000000000a010102000000000000000000000000fe80000000000000000000000000002f33"], 0xec}}, 0x20000000) 276.68624ms ago: executing program 1 (id=1672): bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000240)={{0x1, 0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000200)='%-5lx \x00'}, 0x20) ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, &(0x7f0000000340)={0x3, 0x24, 0xa6, &(0x7f0000000280)=""/166}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCDELDLCI(r1, 0x8981, &(0x7f0000000080)={'veth1_to_batadv\x00', 0x8001}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_lsm={0x2, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="6eaa000000000000791098000000000018090000", @ANYRES32, @ANYBLOB="000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x94) 223.81755ms ago: executing program 2 (id=1673): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f0000004cc0)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000380)="a1", 0x1}], 0x1, &(0x7f0000000a40)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r4, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r4], 0x30, 0x40400d1}}], 0x1, 0x10) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r4, 0x0, r6, 0x0, 0x400000, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f00000001c0)}, 0x20) r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xf8, 0xf8, 0xb, [@union={0xb, 0xa, 0x0, 0x5, 0x1, 0x101, [{0x6, 0x4, 0x1000}, {0x2, 0x0, 0x2}, {0xe, 0x3, 0x7ff}, {0xc, 0x0, 0x406}, {0xd, 0x0, 0x3}, {0x4, 0x1, 0x846}, {0xa, 0x2, 0x81}, {0x3, 0x5, 0x7}, {0xa, 0x0, 0x6}, {0x9, 0x2, 0x98f5}]}, @fwd={0xf}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x6, 0x3}]}, @enum64={0x6, 0x6, 0x0, 0x13, 0x1, 0x3, [{0xf, 0x0, 0x9}, {0x10, 0x1, 0xc}, {0xf, 0x9, 0x4}, {0x6, 0x9, 0x5}, {0x4, 0x0, 0x522e}, {0x4, 0x6, 0x3}]}]}, {0x0, [0x2e, 0x2e, 0x30, 0x0, 0x0, 0x5f, 0x5f, 0x0, 0x5f]}}, &(0x7f00000002c0)=""/41, 0x11b, 0x29, 0x0, 0x77, 0x10000}, 0x28) r9 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000006c0)=@generic={&(0x7f0000000680)='./file0\x00', 0x0, 0x18}, 0x18) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r11 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0xfffffffc, '\x00', r3, 0xffffffffffffffff, 0x2, 0x4}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x12, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0xc}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}, @map_val={0x18, 0x6, 0x2, 0x0, r7, 0x0, 0x0, 0x0, 0x1}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000280)='syzkaller\x00', 0x8, 0x9e, &(0x7f0000000480)=""/158, 0x41100, 0x4e, '\x00', r3, 0x0, r8, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000780)=[r9, r10, 0x1, r11], &(0x7f00000007c0)=[{0x3, 0x4, 0x6, 0x5}, {0x0, 0x3, 0x5, 0xf}, {0x3, 0x1, 0x8, 0x2}, {0x4, 0x5, 0x5, 0x7}, {0x3, 0x4, 0x0, 0x1}, {0x5, 0x1, 0x5, 0x4}, {0x2, 0x4, 0xa, 0xc}, {0x5, 0x3, 0xa, 0x9}], 0x10, 0x40}, 0x94) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x54, 0x10, 0xffffff1f, 0x0, 0x80, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x1}, @IFLA_GRE_REMOTE={0x8, 0x7, @rand_addr=0x64010101}, @IFLA_GRE_TOS={0x5, 0x9, 0xa}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x54}}, 0x0) 182.500084ms ago: executing program 0 (id=1674): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0x10, 0x0, 0xffffffff, 0x20000000, 0x8000002}}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuacct.usage_percpu\x00', 0x275a, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) sendmmsg$inet_sctp(r2, &(0x7f0000000500)=[{&(0x7f0000000040)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000200)=[{&(0x7f00000001c0)='\x00', 0x1}], 0x1, &(0x7f0000000340)=[@dstaddrv6={0x20, 0x84, 0x8, @mcast1}, @init={0x18, 0x84, 0x0, {0x803}}], 0x38}], 0x1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)={0x34, r4, 0x1, 0x70bd29, 0x4, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x18, 0x11d, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xca}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4804}, 0x20040080) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000016c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB="000013f82e"], 0x48) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000180), &(0x7f0000000280)=0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r7}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}, 0x1, 0x0, 0x0, 0x240008c4}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYRES32=r5], &(0x7f0000000140)='syzkaller\x00', 0x10000, 0x0, 0x0, 0x0, 0x6b, '\x00', 0x0, @fallback=0x2b, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, 0x94) 2.289207ms ago: executing program 1 (id=1675): pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071120900000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) sendmsg$netlink(r3, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000440)=ANY=[@ANYBLOB="140100001400210200000000fcdbdf25030100800c0002"], 0x114}], 0x1}, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x6, 'net'}]}, 0x5) splice(r0, 0x0, r2, 0x0, 0x3, 0x8) r4 = socket$rxrpc(0x21, 0x2, 0x2) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) setsockopt$sock_timeval(r4, 0x1, 0x42, &(0x7f0000000040)={r5, r6/1000+60000}, 0x10) 1.812866ms ago: executing program 2 (id=1676): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000bc000000850000000800000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, &(0x7f0000000000), &(0x7f0000000040)=r1}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="b405000000000000611068000000000020000000000000009500000000000000"], &(0x7f0000003ff6)='GPL\x00', 0xa, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x48) 0s ago: executing program 0 (id=1677): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x1c, r2, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4040}, 0x4000000) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000580)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r4}, {}, {0x85, 0x0, 0x0, 0x6a}}]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.39' (ED25519) to the list of known hosts. [ 72.509132][ T5818] cgroup: Unknown subsys name 'net' [ 72.619999][ T5818] cgroup: Unknown subsys name 'cpuset' [ 72.630164][ T5818] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 74.055469][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 77.775801][ T5846] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.783869][ T5846] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 77.791884][ T5846] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 77.800270][ T5846] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.808050][ T5846] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 77.810441][ T5847] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 77.815511][ T5846] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 77.828363][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 77.831678][ T5846] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 77.837549][ T5847] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.850915][ T5848] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 77.859621][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 77.869096][ T5847] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.877560][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 77.888335][ T5849] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 77.896656][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 77.904909][ T5849] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 77.913930][ T5849] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 77.921607][ T5849] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 77.929617][ T5849] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 77.937252][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.945675][ T5849] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 77.954242][ T5849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 77.954387][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 77.961988][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.522592][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 78.703967][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 78.726515][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 78.738336][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 78.883749][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.893145][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.900899][ T5829] bridge_slave_0: entered allmulticast mode [ 78.909295][ T5829] bridge_slave_0: entered promiscuous mode [ 78.922462][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.930456][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.938107][ T5829] bridge_slave_1: entered allmulticast mode [ 78.945868][ T5829] bridge_slave_1: entered promiscuous mode [ 78.972890][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 79.104307][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.141232][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.148608][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.155761][ T5833] bridge_slave_0: entered allmulticast mode [ 79.163825][ T5833] bridge_slave_0: entered promiscuous mode [ 79.170981][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.180164][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.187389][ T5828] bridge_slave_0: entered allmulticast mode [ 79.194336][ T5828] bridge_slave_0: entered promiscuous mode [ 79.203041][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.210453][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.217858][ T5828] bridge_slave_1: entered allmulticast mode [ 79.224998][ T5828] bridge_slave_1: entered promiscuous mode [ 79.234081][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.259503][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.266791][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.274063][ T5834] bridge_slave_0: entered allmulticast mode [ 79.281355][ T5834] bridge_slave_0: entered promiscuous mode [ 79.295631][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.303178][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.311061][ T5834] bridge_slave_1: entered allmulticast mode [ 79.318605][ T5834] bridge_slave_1: entered promiscuous mode [ 79.341693][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.349042][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.356915][ T5833] bridge_slave_1: entered allmulticast mode [ 79.364002][ T5833] bridge_slave_1: entered promiscuous mode [ 79.449361][ T5829] team0: Port device team_slave_0 added [ 79.458114][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.476394][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.489118][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.502928][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.514484][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.538362][ T5829] team0: Port device team_slave_1 added [ 79.563575][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.658110][ T5834] team0: Port device team_slave_0 added [ 79.679464][ T5828] team0: Port device team_slave_0 added [ 79.688626][ T5833] team0: Port device team_slave_0 added [ 79.704668][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.711881][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.719226][ T5840] bridge_slave_0: entered allmulticast mode [ 79.730884][ T5840] bridge_slave_0: entered promiscuous mode [ 79.739887][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.747537][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.754745][ T5840] bridge_slave_1: entered allmulticast mode [ 79.762144][ T5840] bridge_slave_1: entered promiscuous mode [ 79.771598][ T5834] team0: Port device team_slave_1 added [ 79.779788][ T5833] team0: Port device team_slave_1 added [ 79.802368][ T5828] team0: Port device team_slave_1 added [ 79.823572][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.830601][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.856938][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.903996][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 79.911086][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.938028][ T5849] Bluetooth: hci1: command tx timeout [ 79.941117][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 79.955080][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.962065][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.988295][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.017315][ T5849] Bluetooth: hci3: command tx timeout [ 80.017321][ T5835] Bluetooth: hci0: command tx timeout [ 80.027007][ T5835] Bluetooth: hci2: command tx timeout [ 80.028804][ T5151] Bluetooth: hci4: command tx timeout [ 80.054448][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.061583][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.088209][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.122929][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.135911][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.146140][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.153355][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.180481][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.192571][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.200024][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.226197][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.238851][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.245810][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.271984][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.306045][ T5829] hsr_slave_0: entered promiscuous mode [ 80.313187][ T5829] hsr_slave_1: entered promiscuous mode [ 80.333352][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.340656][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.368562][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.482543][ T5840] team0: Port device team_slave_0 added [ 80.515375][ T5828] hsr_slave_0: entered promiscuous mode [ 80.523417][ T5828] hsr_slave_1: entered promiscuous mode [ 80.529853][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.538021][ T5828] Cannot create hsr debugfs directory [ 80.547442][ T5834] hsr_slave_0: entered promiscuous mode [ 80.554003][ T5834] hsr_slave_1: entered promiscuous mode [ 80.560306][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.567920][ T5834] Cannot create hsr debugfs directory [ 80.575679][ T5840] team0: Port device team_slave_1 added [ 80.676641][ T5833] hsr_slave_0: entered promiscuous mode [ 80.683117][ T5833] hsr_slave_1: entered promiscuous mode [ 80.691747][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 80.699582][ T5833] Cannot create hsr debugfs directory [ 80.723549][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.730711][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.757247][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.799477][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.806739][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.834813][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.028465][ T5840] hsr_slave_0: entered promiscuous mode [ 81.034747][ T5840] hsr_slave_1: entered promiscuous mode [ 81.041840][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.050468][ T5840] Cannot create hsr debugfs directory [ 81.331657][ T5829] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 81.343638][ T5829] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 81.362147][ T5829] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 81.393471][ T5829] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 81.468337][ T5833] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 81.484696][ T5833] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 81.496074][ T5833] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 81.524804][ T5833] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 81.602582][ T5828] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 81.613206][ T5828] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 81.630442][ T5828] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 81.642020][ T5828] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 81.742290][ T5834] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 81.768940][ T5834] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 81.789979][ T5834] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 81.803698][ T5834] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 81.947125][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.959860][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 81.971171][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 82.004606][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 82.016782][ T5151] Bluetooth: hci1: command tx timeout [ 82.065567][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 82.080827][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 82.097017][ T5151] Bluetooth: hci3: command tx timeout [ 82.102475][ T5151] Bluetooth: hci2: command tx timeout [ 82.108149][ T5849] Bluetooth: hci0: command tx timeout [ 82.113633][ T5849] Bluetooth: hci4: command tx timeout [ 82.132646][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.170138][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.223797][ T3471] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.231509][ T3471] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.251057][ T3471] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.258271][ T3471] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.271741][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.303454][ T3471] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.310666][ T3471] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.321613][ T3471] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.328743][ T3471] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.389315][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.463848][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.471037][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.499017][ T3471] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.506199][ T3471] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.604051][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.672817][ T5828] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 82.703829][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.734244][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.768792][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.775961][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 82.818412][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.825598][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 82.874107][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 82.992258][ T3432] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.999908][ T3432] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.052643][ T3432] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.059879][ T3432] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.123989][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.254777][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.312921][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.431640][ T5833] veth0_vlan: entered promiscuous mode [ 83.484550][ T5833] veth1_vlan: entered promiscuous mode [ 83.545662][ T5829] veth0_vlan: entered promiscuous mode [ 83.605302][ T5829] veth1_vlan: entered promiscuous mode [ 83.630475][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.671185][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.751179][ T5833] veth0_macvtap: entered promiscuous mode [ 83.804804][ T5829] veth0_macvtap: entered promiscuous mode [ 83.815178][ T5833] veth1_macvtap: entered promiscuous mode [ 83.845404][ T5829] veth1_macvtap: entered promiscuous mode [ 83.864398][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.894025][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.913666][ T5833] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.923584][ T5833] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.933770][ T5833] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.946865][ T5833] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.961716][ T5834] veth0_vlan: entered promiscuous mode [ 83.994765][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.021707][ T5840] veth0_vlan: entered promiscuous mode [ 84.036055][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.064859][ T5828] veth0_vlan: entered promiscuous mode [ 84.073437][ T5834] veth1_vlan: entered promiscuous mode [ 84.081323][ T5829] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.090715][ T5829] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.097301][ T5849] Bluetooth: hci1: command tx timeout [ 84.105673][ T5829] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.114466][ T5829] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.177879][ T5849] Bluetooth: hci4: command tx timeout [ 84.183514][ T5845] Bluetooth: hci0: command tx timeout [ 84.191294][ T5835] Bluetooth: hci3: command tx timeout [ 84.194044][ T5151] Bluetooth: hci2: command tx timeout [ 84.203010][ T5840] veth1_vlan: entered promiscuous mode [ 84.212726][ T5828] veth1_vlan: entered promiscuous mode [ 84.262710][ T3471] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.275551][ T3471] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.311257][ T5834] veth0_macvtap: entered promiscuous mode [ 84.370182][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.381416][ T3471] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.386563][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.395343][ T3471] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.400800][ T5834] veth1_macvtap: entered promiscuous mode [ 84.426128][ T5840] veth0_macvtap: entered promiscuous mode [ 84.459400][ T5828] veth0_macvtap: entered promiscuous mode [ 84.477520][ T5840] veth1_macvtap: entered promiscuous mode [ 84.508891][ T5828] veth1_macvtap: entered promiscuous mode [ 84.522977][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.529652][ T5833] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 84.545209][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.558624][ T3432] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.570486][ T3432] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.607603][ T5834] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.619728][ T5834] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.633813][ T5834] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.645417][ T5834] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.682576][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.743389][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.786931][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.806588][ T5840] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.825180][ T5840] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.838521][ T5840] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.848819][ T5840] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.907280][ T5952] syz.1.2 uses obsolete (PF_INET,SOCK_PACKET) [ 84.916292][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.945486][ T5828] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.954878][ T5828] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.964257][ T5828] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.974221][ T5828] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.084181][ T3471] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.100599][ T3471] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.202935][ T3471] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.223458][ T3471] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.275311][ T1138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.296202][ T1138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.305062][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.320594][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.543993][ T2977] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.569720][ T2977] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.580499][ T2977] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.602747][ T2977] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.898034][ T5980] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3'. [ 86.176974][ T5151] Bluetooth: hci1: command tx timeout [ 86.256902][ T5151] Bluetooth: hci2: command tx timeout [ 86.259959][ T5845] Bluetooth: hci4: command tx timeout [ 86.262877][ T5151] Bluetooth: hci0: command tx timeout [ 86.269420][ T5835] Bluetooth: hci3: command tx timeout [ 86.483638][ T6005] warning: `syz.0.16' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 86.639347][ T6012] FAULT_INJECTION: forcing a failure. [ 86.639347][ T6012] name failslab, interval 1, probability 0, space 0, times 1 [ 86.653335][ T6012] CPU: 1 UID: 0 PID: 6012 Comm: syz.2.17 Not tainted 6.16.0-rc3-syzkaller-00122-g60f7f4afaf6d #0 PREEMPT(full) [ 86.653358][ T6012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 86.653374][ T6012] Call Trace: [ 86.653381][ T6012] [ 86.653387][ T6012] dump_stack_lvl+0x189/0x250 [ 86.653420][ T6012] ? __pfx____ratelimit+0x10/0x10 [ 86.653442][ T6012] ? __pfx_dump_stack_lvl+0x10/0x10 [ 86.653464][ T6012] ? __pfx__printk+0x10/0x10 [ 86.653486][ T6012] ? ref_tracker_alloc+0x318/0x460 [ 86.653509][ T6012] should_fail_ex+0x414/0x560 [ 86.653532][ T6012] should_failslab+0xa8/0x100 [ 86.653550][ T6012] kmem_cache_alloc_noprof+0x73/0x3c0 [ 86.653572][ T6012] ? skb_clone+0x212/0x3a0 [ 86.653595][ T6012] skb_clone+0x212/0x3a0 [ 86.653616][ T6012] __netlink_deliver_tap+0x404/0x850 [ 86.653646][ T6012] ? netlink_deliver_tap+0x2e/0x1b0 [ 86.653664][ T6012] netlink_deliver_tap+0x19c/0x1b0 [ 86.653682][ T6012] netlink_unicast+0x72f/0x8d0 [ 86.653708][ T6012] netlink_sendmsg+0x805/0xb30 [ 86.653734][ T6012] ? __pfx_netlink_sendmsg+0x10/0x10 [ 86.653754][ T6012] ? aa_sock_msg_perm+0x94/0x160 [ 86.653774][ T6012] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 86.653793][ T6012] ? __pfx_netlink_sendmsg+0x10/0x10 [ 86.653811][ T6012] __sock_sendmsg+0x219/0x270 [ 86.653836][ T6012] ____sys_sendmsg+0x505/0x830 [ 86.653859][ T6012] ? __pfx_____sys_sendmsg+0x10/0x10 [ 86.653892][ T6012] ? import_iovec+0x74/0xa0 [ 86.653911][ T6012] ___sys_sendmsg+0x21f/0x2a0 [ 86.653940][ T6012] ? __pfx____sys_sendmsg+0x10/0x10 [ 86.653992][ T6012] ? __fget_files+0x2a/0x420 [ 86.654008][ T6012] ? __fget_files+0x3a0/0x420 [ 86.654034][ T6012] __x64_sys_sendmsg+0x19b/0x260 [ 86.654055][ T6012] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 86.654082][ T6012] ? __pfx_ksys_write+0x10/0x10 [ 86.654095][ T6012] ? rcu_is_watching+0x15/0xb0 [ 86.654122][ T6012] ? do_syscall_64+0xbe/0x3b0 [ 86.654148][ T6012] do_syscall_64+0xfa/0x3b0 [ 86.654168][ T6012] ? lockdep_hardirqs_on+0x9c/0x150 [ 86.654188][ T6012] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.654203][ T6012] ? clear_bhb_loop+0x60/0xb0 [ 86.654222][ T6012] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.654237][ T6012] RIP: 0033:0x7f26ffd8e929 [ 86.654257][ T6012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 86.654269][ T6012] RSP: 002b:00007f2700ba6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 86.654286][ T6012] RAX: ffffffffffffffda RBX: 00007f26fffb5fa0 RCX: 00007f26ffd8e929 [ 86.654297][ T6012] RDX: 0000000000008810 RSI: 0000200000000140 RDI: 0000000000000009 [ 86.654307][ T6012] RBP: 00007f2700ba6090 R08: 0000000000000000 R09: 0000000000000000 [ 86.654316][ T6012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 86.654325][ T6012] R13: 0000000000000000 R14: 00007f26fffb5fa0 R15: 00007ffc1944f668 [ 86.654351][ T6012] [ 87.000675][ T1581] cfg80211: failed to load regulatory.db [ 87.075481][ T6012] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 87.642737][ T6039] netlink: 52 bytes leftover after parsing attributes in process `syz.4.25'. [ 88.198376][ T6050] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 88.336700][ T5845] Bluetooth: hci4: command 0x0405 tx timeout [ 88.356150][ T6059] netlink: 8 bytes leftover after parsing attributes in process `syz.0.32'. [ 88.439708][ T6066] FAULT_INJECTION: forcing a failure. [ 88.439708][ T6066] name failslab, interval 1, probability 0, space 0, times 0 [ 88.453094][ T6066] CPU: 1 UID: 0 PID: 6066 Comm: syz.2.34 Not tainted 6.16.0-rc3-syzkaller-00122-g60f7f4afaf6d #0 PREEMPT(full) [ 88.453116][ T6066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 88.453127][ T6066] Call Trace: [ 88.453134][ T6066] [ 88.453141][ T6066] dump_stack_lvl+0x189/0x250 [ 88.453170][ T6066] ? __pfx____ratelimit+0x10/0x10 [ 88.453194][ T6066] ? __pfx_dump_stack_lvl+0x10/0x10 [ 88.453218][ T6066] ? __pfx__printk+0x10/0x10 [ 88.453238][ T6066] ? __lock_acquire+0xab9/0xd20 [ 88.453268][ T6066] should_fail_ex+0x414/0x560 [ 88.453295][ T6066] should_failslab+0xa8/0x100 [ 88.453315][ T6066] kmem_cache_alloc_noprof+0x73/0x3c0 [ 88.453340][ T6066] ? skb_clone+0x212/0x3a0 [ 88.453359][ T6066] ? __pfx_skb_network_protocol+0x10/0x10 [ 88.453384][ T6066] skb_clone+0x212/0x3a0 [ 88.453403][ T6066] ? dev_queue_xmit_nit+0x25a/0xcc0 [ 88.453421][ T6066] dev_queue_xmit_nit+0x416/0xcc0 [ 88.453438][ T6066] ? dev_queue_xmit_nit+0x2d/0xcc0 [ 88.453467][ T6066] dev_hard_start_xmit+0x1be/0x830 [ 88.453508][ T6066] __dev_queue_xmit+0x1adf/0x3a70 [ 88.453530][ T6066] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 88.453555][ T6066] ? __dev_queue_xmit+0x27e/0x3a70 [ 88.453574][ T6066] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.453600][ T6066] ? __pfx___dev_queue_xmit+0x10/0x10 [ 88.453636][ T6066] ? __copy_skb_header+0xa7/0x550 [ 88.453657][ T6066] ? __asan_memcpy+0x40/0x70 [ 88.453677][ T6066] ? __skb_clone+0x63/0x7a0 [ 88.453698][ T6066] ? __skb_clone+0x483/0x7a0 [ 88.453723][ T6066] ? skb_clone+0x246/0x3a0 [ 88.453744][ T6066] __netlink_deliver_tap+0x5ad/0x850 [ 88.453773][ T6066] ? netlink_deliver_tap+0x2e/0x1b0 [ 88.453792][ T6066] netlink_deliver_tap+0x19c/0x1b0 [ 88.453811][ T6066] netlink_unicast+0x72f/0x8d0 [ 88.453840][ T6066] netlink_sendmsg+0x805/0xb30 [ 88.453869][ T6066] ? __pfx_netlink_sendmsg+0x10/0x10 [ 88.453892][ T6066] ? aa_sock_msg_perm+0x94/0x160 [ 88.453915][ T6066] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 88.453935][ T6066] ? __pfx_netlink_sendmsg+0x10/0x10 [ 88.453954][ T6066] __sock_sendmsg+0x219/0x270 [ 88.453981][ T6066] ____sys_sendmsg+0x505/0x830 [ 88.454005][ T6066] ? __pfx_____sys_sendmsg+0x10/0x10 [ 88.454034][ T6066] ? import_iovec+0x74/0xa0 [ 88.454054][ T6066] ___sys_sendmsg+0x21f/0x2a0 [ 88.454077][ T6066] ? __pfx____sys_sendmsg+0x10/0x10 [ 88.454132][ T6066] ? __fget_files+0x2a/0x420 [ 88.454147][ T6066] ? __fget_files+0x3a0/0x420 [ 88.454174][ T6066] __x64_sys_sendmsg+0x19b/0x260 [ 88.454196][ T6066] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 88.454226][ T6066] ? __pfx_ksys_write+0x10/0x10 [ 88.454240][ T6066] ? rcu_is_watching+0x15/0xb0 [ 88.454268][ T6066] ? do_syscall_64+0xbe/0x3b0 [ 88.454295][ T6066] do_syscall_64+0xfa/0x3b0 [ 88.454317][ T6066] ? lockdep_hardirqs_on+0x9c/0x150 [ 88.454340][ T6066] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.454356][ T6066] ? clear_bhb_loop+0x60/0xb0 [ 88.454378][ T6066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.454395][ T6066] RIP: 0033:0x7f26ffd8e929 [ 88.454412][ T6066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 88.454426][ T6066] RSP: 002b:00007f2700ba6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 88.454444][ T6066] RAX: ffffffffffffffda RBX: 00007f26fffb5fa0 RCX: 00007f26ffd8e929 [ 88.454456][ T6066] RDX: 0000000000008810 RSI: 0000200000000140 RDI: 0000000000000009 [ 88.454466][ T6066] RBP: 00007f2700ba6090 R08: 0000000000000000 R09: 0000000000000000 [ 88.454476][ T6066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 88.454485][ T6066] R13: 0000000000000000 R14: 00007f26fffb5fa0 R15: 00007ffc1944f668 [ 88.454521][ T6066] [ 88.455605][ T6058] xt_CT: No such helper "syz0" [ 88.557132][ T6070] netlink: 84 bytes leftover after parsing attributes in process `syz.1.35'. [ 88.874508][ T6066] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 89.082087][ T6072] team_slave_0: mtu greater than device maximum [ 89.703811][ T6083] syz.1.41 (6083) used greatest stack depth: 15736 bytes left [ 89.753156][ T6093] netlink: 'syz.4.45': attribute type 8 has an invalid length. [ 89.766626][ T6093] netlink: 8 bytes leftover after parsing attributes in process `syz.4.45'. [ 89.789273][ T6100] netlink: 84 bytes leftover after parsing attributes in process `syz.3.47'. [ 89.792001][ T6096] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 89.815894][ T6093] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.825148][ T6093] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.837139][ T6103] netlink: 88 bytes leftover after parsing attributes in process `syz.4.45'. [ 89.990941][ T6093] bridge0: entered allmulticast mode [ 90.101819][ T6108] gre1: entered promiscuous mode [ 90.114257][ T6108] gre1: entered allmulticast mode [ 90.209802][ T6114] syzkaller1: entered promiscuous mode [ 90.226084][ T6114] syzkaller1: entered allmulticast mode [ 90.530575][ T6131] netlink: 8 bytes leftover after parsing attributes in process `syz.4.57'. [ 90.551523][ T6131] netlink: 'syz.4.57': attribute type 5 has an invalid length. [ 90.577208][ T6131] netlink: 20 bytes leftover after parsing attributes in process `syz.4.57'. [ 90.577697][ T6134] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 90.698030][ T6141] netlink: 52 bytes leftover after parsing attributes in process `syz.2.61'. [ 90.752588][ T6134] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 90.774734][ T6148] Zero length message leads to an empty skb [ 90.793350][ T6138] xt_TCPMSS: Only works on TCP SYN packets [ 90.953419][ T6154] netlink: 'syz.2.65': attribute type 8 has an invalid length. [ 91.007279][ T6154] netlink: 8 bytes leftover after parsing attributes in process `syz.2.65'. [ 91.010575][ T6159] netlink: 88 bytes leftover after parsing attributes in process `syz.2.65'. [ 91.049975][ T6154] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.057967][ T6154] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.120124][ T6154] bridge0: entered allmulticast mode [ 91.564297][ T6184] netlink: 24 bytes leftover after parsing attributes in process `syz.2.77'. [ 91.829249][ T6194] netlink: 9 bytes leftover after parsing attributes in process `syz.0.81'. [ 91.884061][ T6197] netlink: 84 bytes leftover after parsing attributes in process `syz.3.82'. [ 91.982783][ T6194] gretap0: entered promiscuous mode [ 92.051445][ T6201] bond1: entered promiscuous mode [ 92.056916][ T6201] bond1: entered allmulticast mode [ 92.063177][ T6201] 8021q: adding VLAN 0 to HW filter on device bond1 [ 92.110303][ T6212] netlink: 28 bytes leftover after parsing attributes in process `syz.3.85'. [ 92.301332][ T6201] bond1 (unregistering): Released all slaves [ 92.623157][ T6219] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 92.695335][ T6228] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 92.751983][ T6230] netlink: 40 bytes leftover after parsing attributes in process `syz.2.91'. [ 93.056240][ T6241] netlink: 84 bytes leftover after parsing attributes in process `syz.4.96'. [ 93.063063][ T6243] netlink: 'syz.1.97': attribute type 15 has an invalid length. [ 93.394981][ T6254] netlink: 168 bytes leftover after parsing attributes in process `syz.3.99'. [ 93.429295][ T6257] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.437998][ T6257] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.448703][ T6257] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.456934][ T6257] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.468658][ T6257] bridge0: left allmulticast mode [ 93.483904][ T6257] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 93.497568][ T6260] netlink: 36 bytes leftover after parsing attributes in process `syz.1.102'. [ 93.606552][ T6259] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 93.876661][ T6273] netlink: 'syz.1.107': attribute type 2 has an invalid length. [ 93.933102][ T6275] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 94.074175][ T6281] netlink: 'syz.3.109': attribute type 8 has an invalid length. [ 94.082731][ T6281] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.091651][ T6281] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.124550][ T6281] bridge0: entered allmulticast mode [ 94.188520][ T6289] netlink: 'syz.1.113': attribute type 11 has an invalid length. [ 94.532317][ T6301] FAULT_INJECTION: forcing a failure. [ 94.532317][ T6301] name failslab, interval 1, probability 0, space 0, times 0 [ 94.547097][ T6301] CPU: 1 UID: 0 PID: 6301 Comm: syz.2.115 Not tainted 6.16.0-rc3-syzkaller-00122-g60f7f4afaf6d #0 PREEMPT(full) [ 94.547120][ T6301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 94.547129][ T6301] Call Trace: [ 94.547136][ T6301] [ 94.547144][ T6301] dump_stack_lvl+0x189/0x250 [ 94.547173][ T6301] ? __pfx____ratelimit+0x10/0x10 [ 94.547197][ T6301] ? __pfx_dump_stack_lvl+0x10/0x10 [ 94.547221][ T6301] ? __pfx__printk+0x10/0x10 [ 94.547250][ T6301] ? __pfx___might_resched+0x10/0x10 [ 94.547275][ T6301] ? fs_reclaim_acquire+0x7d/0x100 [ 94.547299][ T6301] should_fail_ex+0x414/0x560 [ 94.547325][ T6301] should_failslab+0xa8/0x100 [ 94.547345][ T6301] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 94.547362][ T6301] ? rtnl_prop_list_size+0x1ba/0x1e0 [ 94.547384][ T6301] ? __alloc_skb+0x112/0x2d0 [ 94.547405][ T6301] __alloc_skb+0x112/0x2d0 [ 94.547427][ T6301] rtmsg_ifinfo_build_skb+0x84/0x260 [ 94.547459][ T6301] rtmsg_ifinfo+0x8c/0x1a0 [ 94.547488][ T6301] netif_state_change+0x29e/0x3a0 [ 94.547509][ T6301] ? __pfx_netif_state_change+0x10/0x10 [ 94.547531][ T6301] ? netif_change_flags+0xe8/0x1a0 [ 94.547555][ T6301] do_setlink+0x35de/0x41c0 [ 94.547578][ T6301] ? trace_sched_exit_tp+0x38/0x120 [ 94.547609][ T6301] ? __pfx_do_setlink+0x10/0x10 [ 94.547630][ T6301] ? __lock_acquire+0xab9/0xd20 [ 94.547661][ T6301] ? do_raw_spin_lock+0x121/0x290 [ 94.547691][ T6301] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 94.547712][ T6301] ? lockdep_hardirqs_on+0x9c/0x150 [ 94.547735][ T6301] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 94.547755][ T6301] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 94.547779][ T6301] ? rcu_is_watching+0x15/0xb0 [ 94.547806][ T6301] ? __mutex_lock+0xa6d/0xe80 [ 94.547829][ T6301] ? __mutex_lock+0x51b/0xe80 [ 94.547856][ T6301] ? rtnl_newlink+0x8db/0x1c70 [ 94.547875][ T6301] ? __pfx___mutex_lock+0x10/0x10 [ 94.547907][ T6301] ? ns_capable+0x8a/0xf0 [ 94.547931][ T6301] ? rtnl_link_get_net_capable+0x16a/0x350 [ 94.547952][ T6301] rtnl_newlink+0x149f/0x1c70 [ 94.547967][ T6301] ? netlink_sendmsg+0x805/0xb30 [ 94.547995][ T6301] ? __pfx_rtnl_newlink+0x10/0x10 [ 94.548031][ T6301] ? kasan_quarantine_put+0xdd/0x220 [ 94.548054][ T6301] ? lockdep_hardirqs_on+0x9c/0x150 [ 94.548083][ T6301] ? nlmon_xmit+0xb0/0x100 [ 94.548105][ T6301] ? kmem_cache_free+0x18f/0x400 [ 94.548128][ T6301] ? __local_bh_enable_ip+0x12d/0x1c0 [ 94.548153][ T6301] ? lockdep_hardirqs_on+0x9c/0x150 [ 94.548177][ T6301] ? __local_bh_enable_ip+0x12d/0x1c0 [ 94.548199][ T6301] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 94.548227][ T6301] ? __dev_queue_xmit+0x27e/0x3a70 [ 94.548268][ T6301] ? __lock_acquire+0xab9/0xd20 [ 94.548317][ T6301] ? __pfx_rtnl_newlink+0x10/0x10 [ 94.548333][ T6301] rtnetlink_rcv_msg+0x7cc/0xb70 [ 94.548355][ T6301] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 94.548371][ T6301] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 94.548387][ T6301] ? ref_tracker_free+0x63a/0x7d0 [ 94.548406][ T6301] ? __copy_skb_header+0xa7/0x550 [ 94.548430][ T6301] ? __pfx_ref_tracker_free+0x10/0x10 [ 94.548462][ T6301] netlink_rcv_skb+0x205/0x470 [ 94.548482][ T6301] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 94.548502][ T6301] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 94.548533][ T6301] ? netlink_deliver_tap+0x2e/0x1b0 [ 94.548551][ T6301] ? netlink_deliver_tap+0x2e/0x1b0 [ 94.548576][ T6301] netlink_unicast+0x758/0x8d0 [ 94.548605][ T6301] netlink_sendmsg+0x805/0xb30 [ 94.548635][ T6301] ? __pfx_netlink_sendmsg+0x10/0x10 [ 94.548657][ T6301] ? aa_sock_msg_perm+0x94/0x160 [ 94.548681][ T6301] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 94.548699][ T6301] ? __pfx_netlink_sendmsg+0x10/0x10 [ 94.548718][ T6301] __sock_sendmsg+0x219/0x270 [ 94.548743][ T6301] ____sys_sendmsg+0x505/0x830 [ 94.548769][ T6301] ? __pfx_____sys_sendmsg+0x10/0x10 [ 94.548796][ T6301] ? import_iovec+0x74/0xa0 [ 94.548815][ T6301] ___sys_sendmsg+0x21f/0x2a0 [ 94.548836][ T6301] ? __pfx____sys_sendmsg+0x10/0x10 [ 94.548898][ T6301] ? __fget_files+0x2a/0x420 [ 94.548915][ T6301] ? __fget_files+0x3a0/0x420 [ 94.548942][ T6301] __x64_sys_sendmsg+0x19b/0x260 [ 94.548964][ T6301] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 94.548993][ T6301] ? __pfx_ksys_write+0x10/0x10 [ 94.549006][ T6301] ? rcu_is_watching+0x15/0xb0 [ 94.549033][ T6301] ? do_syscall_64+0xbe/0x3b0 [ 94.549060][ T6301] do_syscall_64+0xfa/0x3b0 [ 94.549081][ T6301] ? lockdep_hardirqs_on+0x9c/0x150 [ 94.549102][ T6301] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.549119][ T6301] ? clear_bhb_loop+0x60/0xb0 [ 94.549138][ T6301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 94.549155][ T6301] RIP: 0033:0x7f26ffd8e929 [ 94.549170][ T6301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 94.549182][ T6301] RSP: 002b:00007f2700ba6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 94.549199][ T6301] RAX: ffffffffffffffda RBX: 00007f26fffb5fa0 RCX: 00007f26ffd8e929 [ 94.549211][ T6301] RDX: 0000000000008810 RSI: 0000200000000140 RDI: 0000000000000009 [ 94.549221][ T6301] RBP: 00007f2700ba6090 R08: 0000000000000000 R09: 0000000000000000 [ 94.549231][ T6301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 94.549246][ T6301] R13: 0000000000000000 R14: 00007f26fffb5fa0 R15: 00007ffc1944f668 [ 94.549275][ T6301] [ 95.163594][ T6301] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 95.202423][ T6307] syz_tun: entered allmulticast mode [ 95.239576][ T6303] syz_tun: left allmulticast mode [ 95.674441][ T6328] netlink: 'syz.2.127': attribute type 8 has an invalid length. [ 95.707629][ T6329] netlink: 'syz.3.126': attribute type 12 has an invalid length. [ 95.747657][ T6328] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.755395][ T6328] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.807488][ T6328] bridge0: entered allmulticast mode [ 96.298314][ T6361] veth1_macvtap: left promiscuous mode [ 96.325599][ T6361] macsec0: entered promiscuous mode [ 96.350189][ T6361] macsec0: entered allmulticast mode [ 96.379277][ T6366] __nla_validate_parse: 13 callbacks suppressed [ 96.379295][ T6366] netlink: 12 bytes leftover after parsing attributes in process `syz.4.138'. [ 96.407568][ T6366] netlink: 12 bytes leftover after parsing attributes in process `syz.4.138'. [ 96.413185][ T6364] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.424565][ T6364] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.432661][ T6364] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.440901][ T6364] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.460761][ T6364] bridge0: left allmulticast mode [ 96.489105][ T6364] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 96.742576][ T6379] netlink: 4320 bytes leftover after parsing attributes in process `syz.3.145'. [ 96.927709][ T6385] netlink: 8 bytes leftover after parsing attributes in process `syz.4.148'. [ 97.492449][ T6411] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 97.811945][ T6421] netlink: 8 bytes leftover after parsing attributes in process `syz.3.158'. [ 98.044051][ T6429] FAULT_INJECTION: forcing a failure. [ 98.044051][ T6429] name failslab, interval 1, probability 0, space 0, times 0 [ 98.058521][ T6429] CPU: 1 UID: 0 PID: 6429 Comm: syz.4.161 Not tainted 6.16.0-rc3-syzkaller-00122-g60f7f4afaf6d #0 PREEMPT(full) [ 98.058544][ T6429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 98.058554][ T6429] Call Trace: [ 98.058560][ T6429] [ 98.058568][ T6429] dump_stack_lvl+0x189/0x250 [ 98.058598][ T6429] ? __pfx____ratelimit+0x10/0x10 [ 98.058623][ T6429] ? __pfx_dump_stack_lvl+0x10/0x10 [ 98.058646][ T6429] ? __pfx__printk+0x10/0x10 [ 98.058679][ T6429] should_fail_ex+0x414/0x560 [ 98.058707][ T6429] should_failslab+0xa8/0x100 [ 98.058728][ T6429] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 98.058746][ T6429] ? __alloc_skb+0x112/0x2d0 [ 98.058769][ T6429] __alloc_skb+0x112/0x2d0 [ 98.058787][ T6429] ? __neigh_notify+0x29/0x310 [ 98.058805][ T6429] __neigh_notify+0x15c/0x310 [ 98.058825][ T6429] neigh_cleanup_and_release+0xb0/0x290 [ 98.058848][ T6429] neigh_flush_dev+0x823/0x950 [ 98.058874][ T6429] ? neigh_changeaddr+0x23/0x40 [ 98.058896][ T6429] neigh_changeaddr+0x30/0x40 [ 98.058919][ T6429] ndisc_netdev_event+0x391/0x4d0 [ 98.058941][ T6429] notifier_call_chain+0x1b3/0x3e0 [ 98.058973][ T6429] __dev_notify_flags+0x21b/0x2e0 [ 98.059003][ T6429] ? __pfx___dev_notify_flags+0x10/0x10 [ 98.059019][ T6429] ? __dev_change_flags+0x4cc/0x6d0 [ 98.059036][ T6429] ? __lock_acquire+0xab9/0xd20 [ 98.059064][ T6429] ? finish_task_switch+0x18b/0x950 [ 98.059094][ T6429] netif_change_flags+0xe8/0x1a0 [ 98.059117][ T6429] do_setlink+0xc55/0x41c0 [ 98.059139][ T6429] ? trace_sched_exit_tp+0x38/0x120 [ 98.059168][ T6429] ? __pfx_do_setlink+0x10/0x10 [ 98.059187][ T6429] ? __lock_acquire+0xab9/0xd20 [ 98.059215][ T6429] ? do_raw_spin_lock+0x121/0x290 [ 98.059240][ T6429] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 98.059259][ T6429] ? lockdep_hardirqs_on+0x9c/0x150 [ 98.059280][ T6429] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 98.059298][ T6429] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 98.059325][ T6429] ? rcu_is_watching+0x15/0xb0 [ 98.059350][ T6429] ? __mutex_lock+0xa6d/0xe80 [ 98.059373][ T6429] ? __mutex_lock+0x51b/0xe80 [ 98.059401][ T6429] ? rtnl_newlink+0x8db/0x1c70 [ 98.059422][ T6429] ? __pfx___mutex_lock+0x10/0x10 [ 98.059455][ T6429] ? ns_capable+0x8a/0xf0 [ 98.059478][ T6429] ? rtnl_link_get_net_capable+0x16a/0x350 [ 98.059500][ T6429] rtnl_newlink+0x149f/0x1c70 [ 98.059515][ T6429] ? netlink_sendmsg+0x805/0xb30 [ 98.059545][ T6429] ? __pfx_rtnl_newlink+0x10/0x10 [ 98.059580][ T6429] ? kasan_quarantine_put+0xdd/0x220 [ 98.059602][ T6429] ? lockdep_hardirqs_on+0x9c/0x150 [ 98.059631][ T6429] ? nlmon_xmit+0xb0/0x100 [ 98.059652][ T6429] ? kmem_cache_free+0x18f/0x400 [ 98.059677][ T6429] ? __local_bh_enable_ip+0x12d/0x1c0 [ 98.059699][ T6429] ? lockdep_hardirqs_on+0x9c/0x150 [ 98.059720][ T6429] ? __local_bh_enable_ip+0x12d/0x1c0 [ 98.059742][ T6429] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 98.059836][ T6429] ? __dev_queue_xmit+0x27e/0x3a70 [ 98.059872][ T6429] ? __lock_acquire+0xab9/0xd20 [ 98.059922][ T6429] ? __pfx_rtnl_newlink+0x10/0x10 [ 98.059940][ T6429] rtnetlink_rcv_msg+0x7cc/0xb70 [ 98.059963][ T6429] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 98.059979][ T6429] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 98.059995][ T6429] ? ref_tracker_free+0x63a/0x7d0 [ 98.060015][ T6429] ? __copy_skb_header+0xa7/0x550 [ 98.060039][ T6429] ? __pfx_ref_tracker_free+0x10/0x10 [ 98.060072][ T6429] netlink_rcv_skb+0x205/0x470 [ 98.060093][ T6429] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 98.060114][ T6429] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 98.060147][ T6429] ? netlink_deliver_tap+0x2e/0x1b0 [ 98.060166][ T6429] ? netlink_deliver_tap+0x2e/0x1b0 [ 98.060191][ T6429] netlink_unicast+0x758/0x8d0 [ 98.060222][ T6429] netlink_sendmsg+0x805/0xb30 [ 98.060252][ T6429] ? __pfx_netlink_sendmsg+0x10/0x10 [ 98.060276][ T6429] ? aa_sock_msg_perm+0x94/0x160 [ 98.060300][ T6429] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 98.060321][ T6429] ? __pfx_netlink_sendmsg+0x10/0x10 [ 98.060341][ T6429] __sock_sendmsg+0x219/0x270 [ 98.060369][ T6429] ____sys_sendmsg+0x505/0x830 [ 98.060396][ T6429] ? __pfx_____sys_sendmsg+0x10/0x10 [ 98.060427][ T6429] ? import_iovec+0x74/0xa0 [ 98.060449][ T6429] ___sys_sendmsg+0x21f/0x2a0 [ 98.060473][ T6429] ? __pfx____sys_sendmsg+0x10/0x10 [ 98.060534][ T6429] ? __fget_files+0x2a/0x420 [ 98.060552][ T6429] ? __fget_files+0x3a0/0x420 [ 98.060582][ T6429] __x64_sys_sendmsg+0x19b/0x260 [ 98.060606][ T6429] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 98.060638][ T6429] ? __pfx_ksys_write+0x10/0x10 [ 98.060652][ T6429] ? rcu_is_watching+0x15/0xb0 [ 98.060711][ T6429] ? do_syscall_64+0xbe/0x3b0 [ 98.060740][ T6429] do_syscall_64+0xfa/0x3b0 [ 98.060764][ T6429] ? lockdep_hardirqs_on+0x9c/0x150 [ 98.060787][ T6429] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.060803][ T6429] ? clear_bhb_loop+0x60/0xb0 [ 98.060823][ T6429] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.060838][ T6429] RIP: 0033:0x7f675138e929 [ 98.060856][ T6429] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 98.060869][ T6429] RSP: 002b:00007f6752267038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 98.060888][ T6429] RAX: ffffffffffffffda RBX: 00007f67515b5fa0 RCX: 00007f675138e929 [ 98.060901][ T6429] RDX: 0000000000008810 RSI: 0000200000000140 RDI: 0000000000000009 [ 98.060912][ T6429] RBP: 00007f6752267090 R08: 0000000000000000 R09: 0000000000000000 [ 98.060923][ T6429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 98.060933][ T6429] R13: 0000000000000000 R14: 00007f67515b5fa0 R15: 00007fffb0f90518 [ 98.060963][ T6429] [ 98.728232][ T6436] Bluetooth: MGMT ver 1.23 [ 98.731344][ T6429] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.742068][ T6429] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.751213][ T6429] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.759957][ T6429] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.781711][ T6429] bridge0: left allmulticast mode [ 98.802410][ T6429] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 98.962893][ T6441] netlink: 84 bytes leftover after parsing attributes in process `syz.0.166'. [ 99.190622][ T6445] netlink: 'syz.4.168': attribute type 8 has an invalid length. [ 99.260147][ T6445] netlink: 8 bytes leftover after parsing attributes in process `syz.4.168'. [ 99.275779][ T6445] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.285092][ T6445] bridge0: port 1(bridge_slave_0) entered disabled state [ 99.294483][ T6445] bridge0: entered allmulticast mode [ 99.317175][ T6451] netlink: 88 bytes leftover after parsing attributes in process `syz.4.168'. [ 99.361960][ T6456] netlink: 48 bytes leftover after parsing attributes in process `syz.0.173'. [ 99.545444][ T6464] netlink: 20 bytes leftover after parsing attributes in process `syz.3.174'. [ 99.757147][ T6470] gretap0: left promiscuous mode [ 99.917382][ T6470] bridge0: port 2(bridge_slave_1) entered disabled state [ 99.926056][ T6470] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.155062][ T6470] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 100.172665][ T6470] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 100.258753][ T6470] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.271411][ T6470] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.280830][ T6470] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.290327][ T6470] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 100.353363][ T6475] vlan2: entered promiscuous mode [ 100.382264][ T6475] bridge0: entered promiscuous mode [ 100.497614][ T6491] netlink: 'syz.1.188': attribute type 1 has an invalid length. [ 100.529127][ T6491] netlink: 'syz.1.188': attribute type 10 has an invalid length. [ 100.553421][ T6491] netlink: 'syz.1.188': attribute type 4 has an invalid length. [ 100.575910][ T6489] bond0: (slave macvlan4): Error -98 calling set_mac_address [ 100.848842][ T6502] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 101.088504][ T6511] netlink: 'syz.4.196': attribute type 1 has an invalid length. [ 101.181228][ T6515] tipc: Enabling not permitted [ 101.202185][ T6515] tipc: Enabling of bearer rejected, failed to enable media [ 101.273820][ T6519] netlink: 'syz.2.199': attribute type 8 has an invalid length. [ 101.466728][ T6527] __nla_validate_parse: 6 callbacks suppressed [ 101.466745][ T6527] netlink: 8 bytes leftover after parsing attributes in process `syz.1.203'. [ 101.522690][ T6529] netlink: 32 bytes leftover after parsing attributes in process `syz.4.204'. [ 101.891920][ T6540] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.928583][ T6540] 8021q: adding VLAN 0 to HW filter on device team0 [ 101.974905][ T6540] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 102.063002][ T6554] netlink: 'syz.1.212': attribute type 8 has an invalid length. [ 102.072681][ T6554] netlink: 8 bytes leftover after parsing attributes in process `syz.1.212'. [ 102.103625][ T6554] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.111732][ T6554] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.143561][ T6554] bridge0: entered allmulticast mode [ 102.162928][ T6557] netlink: 88 bytes leftover after parsing attributes in process `syz.1.212'. [ 103.993276][ T6607] netlink: 4 bytes leftover after parsing attributes in process `syz.1.228'. [ 104.923527][ T6586] bridge0: port 2(bridge_slave_1) entered blocking state [ 104.932283][ T6586] bridge0: port 2(bridge_slave_1) entered forwarding state [ 104.940331][ T6586] bridge0: port 1(bridge_slave_0) entered blocking state [ 104.948339][ T6586] bridge0: port 1(bridge_slave_0) entered forwarding state [ 104.957036][ T6586] bridge0: left allmulticast mode [ 104.964505][ T6586] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 105.016477][ T6602] netlink: 8 bytes leftover after parsing attributes in process `syz.1.228'. [ 105.131720][ T6607] bridge_slave_1 (unregistering): left allmulticast mode [ 105.161626][ T6607] bridge_slave_1 (unregistering): left promiscuous mode [ 105.170342][ T6607] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.260022][ T6615] netlink: 4 bytes leftover after parsing attributes in process `syz.0.232'. [ 105.373462][ T6627] Cannot find add_set index 0 as target [ 105.542969][ T6633] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 105.629292][ T6632] netlink: 'syz.3.237': attribute type 64 has an invalid length. [ 105.660601][ T6632] netlink: 5 bytes leftover after parsing attributes in process `syz.3.237'. [ 105.717658][ T6638] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 105.743987][ T6636] sctp: failed to load transform for md5: -2 [ 105.750750][ T6642] netlink: 12 bytes leftover after parsing attributes in process `syz.1.241'. [ 106.488341][ T6673] netlink: 'syz.1.252': attribute type 8 has an invalid length. [ 106.511436][ T6673] netlink: 8 bytes leftover after parsing attributes in process `syz.1.252'. [ 106.543492][ T6673] netlink: 88 bytes leftover after parsing attributes in process `syz.1.252'. [ 107.095368][ T6707] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.108443][ T6707] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.123380][ T6712] netlink: 52 bytes leftover after parsing attributes in process `syz.1.264'. [ 107.180532][ T6707] vlan2: left promiscuous mode [ 107.193365][ T6707] bridge0: left promiscuous mode [ 107.203956][ T6717] netlink: 256 bytes leftover after parsing attributes in process `syz.1.265'. [ 107.256114][ T6718] netlink: 'syz.1.265': attribute type 1 has an invalid length. [ 107.425475][ T6724] netlink: 'syz.1.268': attribute type 8 has an invalid length. [ 107.433810][ T6724] netlink: 8 bytes leftover after parsing attributes in process `syz.1.268'. [ 107.446232][ T6724] netlink: 88 bytes leftover after parsing attributes in process `syz.1.268'. [ 107.902492][ T6744] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 108.048674][ T6747] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 108.063115][ T6749] netlink: 'syz.4.279': attribute type 8 has an invalid length. [ 108.083090][ T6749] netlink: 8 bytes leftover after parsing attributes in process `syz.4.279'. [ 108.097954][ T6747] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 108.129651][ T6749] netlink: 88 bytes leftover after parsing attributes in process `syz.4.279'. [ 108.480654][ T6770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.488354][ T6775] netlink: 8 bytes leftover after parsing attributes in process `syz.3.282'. [ 108.534954][ T6775] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 108.831238][ T6788] sctp: [Deprecated]: syz.3.289 (pid 6788) Use of struct sctp_assoc_value in delayed_ack socket option. [ 108.831238][ T6788] Use struct sctp_sack_info instead [ 108.882894][ T6792] netlink: 'syz.3.289': attribute type 1 has an invalid length. [ 108.922585][ T6792] netlink: 224 bytes leftover after parsing attributes in process `syz.3.289'. [ 109.085040][ T6799] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.103769][ T6799] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.329923][ T6809] netlink: 'syz.3.293': attribute type 8 has an invalid length. [ 109.425700][ T6809] bridge0: entered allmulticast mode [ 109.667791][ T6822] netlink: 'syz.4.299': attribute type 1 has an invalid length. [ 109.860541][ T6832] NCSI netlink: No device for ifindex 0 [ 109.936906][ T5835] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 109.943406][ T5845] Bluetooth: hci0: command 0x0c1a tx timeout [ 110.320144][ T6852] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.327870][ T6852] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.335553][ T6852] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.343332][ T6852] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.428313][ T6858] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 110.442150][ T6852] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 110.825813][ T6873] netlink: 'syz.4.311': attribute type 8 has an invalid length. [ 110.837535][ T6875] syzkaller1: entered promiscuous mode [ 110.843465][ T6875] syzkaller1: entered allmulticast mode [ 110.874784][ T6873] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.882175][ T6873] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.169220][ T6884] Illegal XDP return value 3297290658 on prog (id 52) dev N/A, expect packet loss! [ 111.320453][ T6892] netlink: 'syz.4.314': attribute type 10 has an invalid length. [ 112.085409][ T6889] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.178561][ T6892] team0: Port device geneve0 added [ 112.191428][ T6901] af_packet: tpacket_rcv: packet too big, clamped from 144 to 4294967272. macoff=96 [ 112.323284][ T6889] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.479643][ T6889] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.494035][ T6928] xt_l2tp: missing protocol rule (udp|l2tpip) [ 112.711380][ T6889] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.768452][ T6938] netlink: 'syz.0.325': attribute type 8 has an invalid length. [ 112.798226][ T6938] __nla_validate_parse: 10 callbacks suppressed [ 112.798244][ T6938] netlink: 8 bytes leftover after parsing attributes in process `syz.0.325'. [ 112.825540][ T6944] netlink: 88 bytes leftover after parsing attributes in process `syz.0.325'. [ 112.872334][ T6938] bridge0: entered allmulticast mode [ 112.981025][ T6889] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.081666][ T6889] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.164364][ T6889] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.183997][ T6956] netlink: 4 bytes leftover after parsing attributes in process `syz.2.330'. [ 113.224247][ T6955] netlink: 12 bytes leftover after parsing attributes in process `syz.0.332'. [ 113.239998][ T6889] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.265850][ T6956] netlink: 4 bytes leftover after parsing attributes in process `syz.2.330'. [ 113.316736][ T6956] netlink: 4 bytes leftover after parsing attributes in process `syz.2.330'. [ 113.339289][ T6956] netlink: 4 bytes leftover after parsing attributes in process `syz.2.330'. [ 113.396808][ T6956] netlink: 4 bytes leftover after parsing attributes in process `syz.2.330'. [ 113.500303][ T6956] netlink: 4 bytes leftover after parsing attributes in process `syz.2.330'. [ 113.516933][ T6956] netlink: 4 bytes leftover after parsing attributes in process `syz.2.330'. [ 114.483866][ T7012] netlink: 'syz.0.352': attribute type 1 has an invalid length. [ 114.572323][ T7015] sit0: entered promiscuous mode [ 114.594705][ T7015] netlink: 'syz.0.352': attribute type 1 has an invalid length. [ 114.635697][ T7012] netlink: 'syz.0.352': attribute type 1 has an invalid length. [ 114.951962][ T5958] IPVS: starting estimator thread 0... [ 114.970156][ T7031] tap0: tun_chr_ioctl cmd 1074025677 [ 115.026764][ T7031] tap0: linktype set to 65534 [ 115.033688][ T7037] netlink: 'syz.1.358': attribute type 8 has an invalid length. [ 115.069910][ T7036] IPVS: using max 27 ests per chain, 64800 per kthread [ 115.163208][ T7042] ip6gre1: entered allmulticast mode [ 115.842124][ T7069] netlink: 'syz.2.370': attribute type 4 has an invalid length. [ 116.021534][ T7079] netlink: 'syz.1.373': attribute type 8 has an invalid length. [ 116.301979][ T7094] netlink: 'syz.0.379': attribute type 4 has an invalid length. [ 116.923382][ T7122] netlink: 'syz.3.388': attribute type 8 has an invalid length. [ 117.207461][ T7137] sctp: [Deprecated]: syz.3.392 (pid 7137) Use of struct sctp_assoc_value in delayed_ack socket option. [ 117.207461][ T7137] Use struct sctp_sack_info instead [ 117.813208][ T7159] pim6reg: entered allmulticast mode [ 117.842532][ T7163] netlink: 'syz.3.403': attribute type 25 has an invalid length. [ 117.866238][ T7159] smc: net device erspan0 applied user defined pnetid SYZ0 [ 118.466576][ T7190] __nla_validate_parse: 80 callbacks suppressed [ 118.466596][ T7190] netlink: 8 bytes leftover after parsing attributes in process `syz.0.414'. [ 118.532270][ T7198] netlink: 8 bytes leftover after parsing attributes in process `syz.0.414'. [ 118.587255][ T7200] netlink: 8 bytes leftover after parsing attributes in process `syz.0.414'. [ 118.663410][ T7190] mac80211_hwsim hwsim3 wlan0: entered promiscuous mode [ 118.879926][ T7214] netlink: 'syz.4.423': attribute type 39 has an invalid length. [ 120.150116][ T7277] trusted_key: syz.3.448 sent an empty control message without MSG_MORE. [ 120.210855][ T7277] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 120.435448][ T7290] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 120.736927][ T5845] Bluetooth: hci2: command tx timeout [ 120.934104][ T7317] netlink: 2 bytes leftover after parsing attributes in process `syz.2.463'. [ 120.943419][ T7317] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 121.852080][ T7357] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 122.133428][ T7372] netlink: 'syz.0.484': attribute type 1 has an invalid length. [ 122.147150][ T7372] netlink: 17 bytes leftover after parsing attributes in process `syz.0.484'. [ 122.707155][ T7393] netlink: 'syz.3.488': attribute type 10 has an invalid length. [ 122.726135][ T7393] netlink: 40 bytes leftover after parsing attributes in process `syz.3.488'. [ 122.778895][ T7398] IPv6: NLM_F_CREATE should be specified when creating new route [ 122.844047][ T7393] team0: Port device geneve0 added [ 123.365292][ T7423] netlink: 88 bytes leftover after parsing attributes in process `syz.2.498'. [ 123.679856][ T7433] netlink: 8 bytes leftover after parsing attributes in process `syz.2.498'. [ 123.712064][ T7433] netlink: 12 bytes leftover after parsing attributes in process `syz.2.498'. [ 124.215386][ T7455] netlink: 'syz.1.506': attribute type 8 has an invalid length. [ 124.228018][ T7455] netlink: 8 bytes leftover after parsing attributes in process `syz.1.506'. [ 124.255835][ T7455] netlink: 88 bytes leftover after parsing attributes in process `syz.1.506'. [ 124.861491][ T7464] ip6tnl0: mtu less than device minimum [ 125.177687][ T7481] netlink: 204 bytes leftover after parsing attributes in process `syz.0.513'. [ 125.361002][ T7495] netlink: 12 bytes leftover after parsing attributes in process `syz.0.519'. [ 125.381980][ T7492] netlink: 'syz.1.517': attribute type 8 has an invalid length. [ 125.402238][ T7492] netlink: 8 bytes leftover after parsing attributes in process `syz.1.517'. [ 125.427511][ T7492] netlink: 88 bytes leftover after parsing attributes in process `syz.1.517'. [ 125.494745][ T7500] Cannot find add_set index 512 as target [ 125.580827][ T7504] netlink: 4 bytes leftover after parsing attributes in process `syz.2.521'. [ 125.719187][ T7509] netlink: 164 bytes leftover after parsing attributes in process `syz.3.523'. [ 126.184409][ T7539] netlink: 'syz.3.532': attribute type 8 has an invalid length. [ 126.665468][ T7558] ieee802154 phy0 wpan0: encryption failed: -22 [ 126.862208][ T7571] netlink: 'syz.0.545': attribute type 8 has an invalid length. [ 127.634705][ T7616] netlink: 'syz.3.558': attribute type 8 has an invalid length. [ 127.784027][ T7624] xt_l2tp: v2 doesn't support IP mode [ 128.598487][ T7660] netlink: 'syz.0.571': attribute type 8 has an invalid length. [ 128.715049][ T7666] __nla_validate_parse: 17 callbacks suppressed [ 128.715067][ T7666] netlink: 4 bytes leftover after parsing attributes in process `syz.1.576'. [ 128.750439][ T7666] bridge_slave_0: left allmulticast mode [ 128.756290][ T7666] bridge_slave_0: left promiscuous mode [ 128.765615][ T7666] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.814209][ T7674] x_tables: duplicate underflow at hook 3 [ 129.888893][ T7730] netlink: 144 bytes leftover after parsing attributes in process `syz.0.597'. [ 130.252443][ T7741] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 130.498086][ T7756] A link change request failed with some changes committed already. Interface xfrm0 may have been left with an inconsistent configuration, please check. [ 130.593829][ T7762] netlink: 16 bytes leftover after parsing attributes in process `syz.2.606'. [ 130.663981][ T7765] netlink: 16 bytes leftover after parsing attributes in process `syz.4.609'. [ 130.698773][ T7765] netlink: 224 bytes leftover after parsing attributes in process `syz.4.609'. [ 130.722723][ T7765] netlink: 16 bytes leftover after parsing attributes in process `syz.4.609'. [ 130.741195][ T7769] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 131.738448][ T7812] netlink: 8 bytes leftover after parsing attributes in process `syz.1.624'. [ 131.762595][ T7812] netlink: 8 bytes leftover after parsing attributes in process `syz.1.624'. [ 131.928771][ T7819] netlink: 'syz.2.626': attribute type 8 has an invalid length. [ 131.948226][ T7819] netlink: 8 bytes leftover after parsing attributes in process `syz.2.626'. [ 131.972667][ T7819] bridge0: entered allmulticast mode [ 132.006017][ T7829] netlink: 88 bytes leftover after parsing attributes in process `syz.2.626'. [ 132.172562][ T7836] raw_sendmsg: syz.4.629 forgot to set AF_INET. Fix it! [ 133.075048][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.086449][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.830488][ T7910] netlink: 'syz.3.654': attribute type 4 has an invalid length. [ 133.897688][ T7870] infiniband syz0: set down [ 133.904149][ T7870] infiniband syz0: added ipvlan1 [ 133.916291][ T7870] syz0: rxe_create_cq: returned err = -12 [ 133.924031][ T7870] infiniband syz0: Couldn't create ib_mad CQ [ 133.943774][ T7870] infiniband syz0: Couldn't open port 1 [ 133.962188][ T7913] openvswitch: netlink: Flow actions attr not present in new flow. [ 134.059401][ T7870] RDS/IB: syz0: added [ 134.064262][ T7870] smc: adding ib device syz0 with port count 1 [ 134.085895][ T7870] smc: ib device syz0 port 1 has pnetid [ 134.086998][ T7919] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 134.122212][ T7921] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 134.791000][ T7950] netlink: 'syz.4.667': attribute type 3 has an invalid length. [ 134.816301][ T7952] __nla_validate_parse: 5 callbacks suppressed [ 134.816318][ T7952] netlink: 8 bytes leftover after parsing attributes in process `syz.3.666'. [ 134.839199][ T7950] netlink: 40 bytes leftover after parsing attributes in process `syz.4.667'. [ 134.866942][ T7952] netlink: 12 bytes leftover after parsing attributes in process `syz.3.666'. [ 135.152185][ T7965] netlink: 165 bytes leftover after parsing attributes in process `syz.3.670'. [ 135.484969][ T7977] netlink: 'syz.3.678': attribute type 7 has an invalid length. [ 136.650526][ T8013] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 137.187102][ T8024] netlink: 164 bytes leftover after parsing attributes in process `syz.1.696'. [ 137.193033][ T7970] infiniband syz2: set active [ 137.218853][ T7970] infiniband syz2: added veth1_vlan [ 137.240223][ T7970] syz2: rxe_create_cq: returned err = -12 [ 137.258239][ T7970] infiniband syz2: Couldn't create ib_mad CQ [ 137.271328][ T7970] infiniband syz2: Couldn't open port 1 [ 137.323502][ T7970] RDS/IB: syz2: added [ 137.344755][ T7970] smc: adding ib device syz2 with port count 1 [ 137.357130][ T7970] smc: ib device syz2 port 1 has pnetid [ 137.842323][ T8049] netlink: 12 bytes leftover after parsing attributes in process `syz.0.704'. [ 138.478074][ T8069] netlink: 'syz.2.712': attribute type 28 has an invalid length. [ 138.485868][ T8069] netlink: 'syz.2.712': attribute type 3 has an invalid length. [ 138.525058][ T8069] netlink: 132 bytes leftover after parsing attributes in process `syz.2.712'. [ 138.605741][ T8069] netlink: 'syz.2.712': attribute type 28 has an invalid length. [ 138.682694][ T8069] netlink: 'syz.2.712': attribute type 3 has an invalid length. [ 138.706513][ T8069] netlink: 132 bytes leftover after parsing attributes in process `syz.2.712'. [ 138.822577][ T8081] tipc: Started in network mode [ 138.847699][ T8081] tipc: Node identity ac14140f, cluster identity 4711 [ 138.904502][ T8081] tipc: New replicast peer: 255.255.255.255 [ 138.919942][ T8081] tipc: Enabled bearer , priority 10 [ 139.563393][ T8113] netlink: 4 bytes leftover after parsing attributes in process `syz.0.724'. [ 140.038367][ T1581] tipc: Node number set to 2886997007 [ 140.399398][ T8146] netlink: 'syz.1.737': attribute type 1 has an invalid length. [ 140.430542][ T8146] netlink: 'syz.1.737': attribute type 2 has an invalid length. [ 140.450318][ T8146] netlink: 'syz.1.737': attribute type 1 has an invalid length. [ 140.491012][ T8146] netlink: 'syz.1.737': attribute type 2 has an invalid length. [ 140.523651][ T8153] netlink: 20 bytes leftover after parsing attributes in process `syz.1.737'. [ 140.556899][ T8153] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0 [ 140.616281][ T8157] Cannot find add_set index 0 as target [ 140.642339][ T8157] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 141.216660][ T8173] netlink: 32 bytes leftover after parsing attributes in process `syz.3.747'. [ 141.240732][ T8173] netlink: 20 bytes leftover after parsing attributes in process `syz.3.747'. [ 141.253408][ T8173] netlink: 24 bytes leftover after parsing attributes in process `syz.3.747'. [ 141.604828][ T8195] tipc: Failed to remove unknown binding: 66,1,1/2886997007:2305273654/2305273656 [ 141.628343][ T8195] tipc: Failed to remove unknown binding: 66,1,1/2886997007:2305273654/2305273656 [ 141.699116][ T8198] netlink: 36 bytes leftover after parsing attributes in process `syz.4.755'. [ 141.846149][ T8206] netlink: 64138 bytes leftover after parsing attributes in process `syz.2.757'. [ 141.857098][ T8207] netlink: 60 bytes leftover after parsing attributes in process `syz.1.758'. [ 141.870818][ T8205] netlink: 60 bytes leftover after parsing attributes in process `syz.1.758'. [ 142.129129][ T8219] netlink: 666 bytes leftover after parsing attributes in process `syz.3.763'. [ 142.452901][ T8232] netlink: 4 bytes leftover after parsing attributes in process `syz.1.767'. [ 142.846649][ T8243] openvswitch: netlink: Flow key attr not present in new flow. [ 143.521956][ T8282] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 143.929666][ T8289] 8021q: adding VLAN 0 to HW filter on device bond1 [ 143.962106][ T8289] bridge0: port 3(bond1) entered blocking state [ 143.996706][ T8289] bridge0: port 3(bond1) entered disabled state [ 144.028191][ T8289] bond1: entered allmulticast mode [ 144.053915][ T8289] bond1: entered promiscuous mode [ 144.307585][ T8307] xt_CT: You must specify a L4 protocol and not use inversions on it [ 145.215233][ T8354] No such timeout policy "syz0" [ 145.533144][ T8365] xt_l2tp: missing protocol rule (udp|l2tpip) [ 145.566839][ T8365] !: renamed from dummy0 (while UP) [ 145.749744][ T8369] __nla_validate_parse: 6 callbacks suppressed [ 145.749761][ T8369] netlink: 28 bytes leftover after parsing attributes in process `syz.1.810'. [ 145.853706][ T8378] bridge_slave_0: left allmulticast mode [ 145.876309][ T8378] bridge_slave_0: left promiscuous mode [ 145.894106][ T8378] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.903393][ T8380] netlink: 28 bytes leftover after parsing attributes in process `syz.0.814'. [ 145.929016][ T8380] netlink: 64 bytes leftover after parsing attributes in process `syz.0.814'. [ 145.955719][ T8378] bridge_slave_1: left allmulticast mode [ 145.989087][ T8378] bridge_slave_1: left promiscuous mode [ 145.999471][ T8378] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.085746][ T8378] bond0: (slave bond_slave_0): Releasing backup interface [ 146.103430][ T8378] bond0: (slave bond_slave_1): Releasing backup interface [ 146.130097][ T8378] team0: Port device team_slave_0 removed [ 146.139726][ T8378] team0: Port device team_slave_1 removed [ 146.146080][ T8378] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 146.155281][ T8378] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 146.165269][ T8380] netlink: 28 bytes leftover after parsing attributes in process `syz.0.814'. [ 146.178856][ T8382] vlan0: entered promiscuous mode [ 146.185668][ T8384] veth1_macvtap: entered promiscuous mode [ 146.249723][ T8390] veth1_macvtap (unregistering): left promiscuous mode [ 146.306446][ T8389] tipc: Started in network mode [ 146.311384][ T8389] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 146.319353][ T8389] tipc: Enabled bearer , priority 0 [ 146.505122][ T8403] netlink: 'syz.2.821': attribute type 8 has an invalid length. [ 146.513300][ T8403] netlink: 8 bytes leftover after parsing attributes in process `syz.2.821'. [ 146.525107][ T8407] netlink: 4 bytes leftover after parsing attributes in process `syz.0.823'. [ 146.556622][ T8403] netlink: 88 bytes leftover after parsing attributes in process `syz.2.821'. [ 146.859189][ T8427] bridge0: left allmulticast mode [ 146.906913][ T8427] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 147.062696][ T8430] can: request_module (can-proto-0) failed. [ 147.436445][ T5941] tipc: Node number set to 11578026 [ 147.680023][ T8466] netlink: 'syz.0.839': attribute type 8 has an invalid length. [ 147.689200][ T8466] netlink: 8 bytes leftover after parsing attributes in process `syz.0.839'. [ 147.734763][ T8470] netlink: 88 bytes leftover after parsing attributes in process `syz.0.839'. [ 149.119345][ T8482] bridge0: left allmulticast mode [ 149.159272][ T8482] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 149.232117][ T8488] netlink: 1 bytes leftover after parsing attributes in process `syz.0.845'. [ 149.284677][ T8490] netlink: zone id is out of range [ 149.305623][ T8490] netlink: zone id is out of range [ 149.323890][ T8490] netlink: zone id is out of range [ 149.360872][ T8490] netlink: zone id is out of range [ 149.366042][ T8490] netlink: zone id is out of range [ 149.434889][ T8490] netlink: zone id is out of range [ 149.462204][ T8490] netlink: zone id is out of range [ 149.482455][ T8490] netlink: zone id is out of range [ 149.495153][ T8501] netlink: 'syz.1.850': attribute type 8 has an invalid length. [ 149.503204][ T8501] bridge0: entered allmulticast mode [ 150.804495][ T8546] netlink: 'syz.1.862': attribute type 8 has an invalid length. [ 150.853071][ T8546] __nla_validate_parse: 4 callbacks suppressed [ 150.853089][ T8546] netlink: 8 bytes leftover after parsing attributes in process `syz.1.862'. [ 150.857498][ T8551] netlink: 88 bytes leftover after parsing attributes in process `syz.1.862'. [ 151.005290][ T8556] netlink: 24 bytes leftover after parsing attributes in process `syz.4.864'. [ 151.067301][ T8555] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 151.263424][ T8565] netlink: 44 bytes leftover after parsing attributes in process `syz.0.868'. [ 151.280050][ T8565] netlink: 43 bytes leftover after parsing attributes in process `syz.0.868'. [ 151.292806][ T8565] netlink: 'syz.0.868': attribute type 5 has an invalid length. [ 151.308007][ T8565] netlink: 43 bytes leftover after parsing attributes in process `syz.0.868'. [ 151.760219][ T8582] netlink: 'syz.2.873': attribute type 21 has an invalid length. [ 151.836057][ T8582] IPv6: NLM_F_CREATE should be specified when creating new route [ 151.991849][ T8582] netlink: 12 bytes leftover after parsing attributes in process `syz.2.873'. [ 152.002533][ T8582] netlink: 'syz.2.873': attribute type 2 has an invalid length. [ 152.047577][ T8582] netlink: 4 bytes leftover after parsing attributes in process `syz.2.873'. [ 152.154316][ T8598] netlink: 'syz.0.876': attribute type 8 has an invalid length. [ 152.193945][ T8598] netlink: 8 bytes leftover after parsing attributes in process `syz.0.876'. [ 152.260984][ T8598] netlink: 88 bytes leftover after parsing attributes in process `syz.0.876'. [ 153.850043][ T8643] net_ratelimit: 397 callbacks suppressed [ 153.850054][ T8643] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 153.934149][ T8644] syzkaller0: entered promiscuous mode [ 153.959603][ T8646] netlink: 'syz.3.890': attribute type 8 has an invalid length. [ 153.960922][ T8644] syzkaller0: entered allmulticast mode [ 153.983294][ T8646] bridge0: entered allmulticast mode [ 154.277256][ T8656] rdma_op ffff88807a71e9f0 conn xmit_rdma 0000000000000000 [ 154.647322][ T8671] netlink: zone id is out of range [ 154.684015][ T8671] netlink: zone id is out of range [ 154.736076][ T8671] netlink: zone id is out of range [ 154.757253][ T8671] netlink: zone id is out of range [ 154.767354][ T8671] netlink: zone id is out of range [ 154.786641][ T8671] netlink: zone id is out of range [ 154.805285][ T8671] netlink: zone id is out of range [ 154.832913][ T8671] netlink: zone id is out of range [ 154.839369][ T8671] netlink: zone id is out of range [ 154.944528][ T8678] netlink: 'syz.3.902': attribute type 1 has an invalid length. [ 154.954523][ T8678] netlink: 'syz.3.902': attribute type 1 has an invalid length. [ 155.961123][ T8719] __nla_validate_parse: 10 callbacks suppressed [ 155.961142][ T8719] netlink: 8 bytes leftover after parsing attributes in process `syz.1.914'. [ 156.163033][ T8719] netlink: 44 bytes leftover after parsing attributes in process `syz.1.914'. [ 156.541176][ T5201] udevd[5201]: worker [5852] terminated by signal 33 (Unknown signal 33) [ 156.585149][ T5201] udevd[5201]: worker [5852] failed while handling '/devices/virtual/block/loop3' [ 156.903484][ T8757] netlink: 28 bytes leftover after parsing attributes in process `syz.1.931'. [ 156.913313][ T8757] netlink: 8 bytes leftover after parsing attributes in process `syz.1.931'. [ 157.286994][ T8778] netlink: 'syz.0.938': attribute type 4 has an invalid length. [ 157.309012][ T8781] netlink: 60 bytes leftover after parsing attributes in process `syz.1.939'. [ 157.322366][ T8778] netlink: 17 bytes leftover after parsing attributes in process `syz.0.938'. [ 157.346168][ T8786] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 157.353936][ T8781] netem: change failed [ 157.366753][ T8781] netlink: 60 bytes leftover after parsing attributes in process `syz.1.939'. [ 157.586165][ T8799] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 157.595346][ T8799] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 157.604631][ T8799] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 157.613448][ T8799] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 157.628862][ T8799] vxlan0: entered promiscuous mode [ 157.643864][ T8799] vxlan0: entered allmulticast mode [ 157.671949][ T8797] netdevsim netdevsim1 netdevsim1: entered allmulticast mode [ 157.700578][ T8806] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.707848][ T8806] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.715452][ T8806] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.722711][ T8806] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.754060][ T8806] bridge0: left allmulticast mode [ 157.893341][ T8814] netlink: 8 bytes leftover after parsing attributes in process `syz.1.946'. [ 158.043828][ T8822] netlink: 28 bytes leftover after parsing attributes in process `syz.2.950'. [ 158.059095][ T8822] netlink: 'syz.2.950': attribute type 7 has an invalid length. [ 158.096041][ T8822] netlink: 'syz.2.950': attribute type 8 has an invalid length. [ 158.124405][ T8822] netlink: 4 bytes leftover after parsing attributes in process `syz.2.950'. [ 158.347143][ T8837] sctp: [Deprecated]: syz.2.954 (pid 8837) Use of int in maxseg socket option. [ 158.347143][ T8837] Use struct sctp_assoc_value instead [ 158.410380][ T8843] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 158.455753][ T8843] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 158.502702][ T8843] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 158.524448][ T8843] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 159.117873][ T8875] net_ratelimit: 268 callbacks suppressed [ 159.117891][ T8875] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 159.283246][ T8878] netlink: 'syz.2.966': attribute type 1 has an invalid length. [ 159.299291][ T8878] gretap1: entered promiscuous mode [ 160.452630][ T8914] netlink: 'syz.4.976': attribute type 10 has an invalid length. [ 160.522557][ T8914] veth0_vlan: entered allmulticast mode [ 160.574775][ T8914] veth0_vlan: left promiscuous mode [ 160.596213][ T8914] veth0_vlan: entered promiscuous mode [ 160.630895][ T8914] team0: Device veth0_vlan failed to register rx_handler [ 160.828401][ T5941] syz2: Port: 1 Link DOWN [ 160.982781][ T8941] openvswitch: netlink: Tunnel attr 303 out of range max 16 [ 161.250112][ T8952] netlink: 'syz.1.986': attribute type 10 has an invalid length. [ 161.276442][ T8952] __nla_validate_parse: 2 callbacks suppressed [ 161.276460][ T8952] netlink: 4 bytes leftover after parsing attributes in process `syz.1.986'. [ 161.630151][ T8966] netlink: 16 bytes leftover after parsing attributes in process `syz.1.990'. [ 161.832220][ T8976] netlink: 4 bytes leftover after parsing attributes in process `syz.3.995'. [ 161.874952][ T8976] netlink: 20 bytes leftover after parsing attributes in process `syz.3.995'. [ 162.045533][ T8989] netlink: 596 bytes leftover after parsing attributes in process `syz.4.999'. [ 162.291376][ T9001] netlink: 696 bytes leftover after parsing attributes in process `syz.4.1004'. [ 162.318420][ T9005] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1005'. [ 162.397054][ T9009] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 162.562790][ T9015] x_tables: duplicate underflow at hook 1 [ 162.902992][ T9034] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1016'. [ 163.507207][ T9055] x_tables: unsorted entry at hook 1 [ 163.966002][ T9079] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1031'. [ 163.978908][ T9079] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1031'. [ 164.032997][ T9081] netlink: 'syz.0.1032': attribute type 10 has an invalid length. [ 164.044645][ T9079] geneve2: entered promiscuous mode [ 164.066674][ T9079] geneve2: entered allmulticast mode [ 164.077340][ T9081] tipc: Resetting bearer [ 164.136761][ T9081] batman_adv: batadv0: Adding interface: team0 [ 164.145306][ T9081] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 164.181018][ T9081] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 164.684154][ T9110] syzkaller1: entered allmulticast mode [ 165.640604][ T9171] netlink: 'syz.1.1052': attribute type 1 has an invalid length. [ 166.698198][ T9146] xfrm1: entered promiscuous mode [ 166.703426][ T9146] xfrm1: entered allmulticast mode [ 166.759121][ T9172] veth3: entered promiscuous mode [ 166.851391][ T9174] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 166.968107][ T9174] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 167.093318][ T9196] __nla_validate_parse: 5 callbacks suppressed [ 167.093335][ T9196] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1059'. [ 167.233934][ T9199] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1060'. [ 167.378505][ T9207] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1062'. [ 167.405621][ T9207] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1062'. [ 167.523302][ T9207] bridge0: port 1(vlan2) entered blocking state [ 167.573981][ T9207] bridge0: port 1(vlan2) entered disabled state [ 167.614480][ T9207] vlan2: entered allmulticast mode [ 167.651821][ T9207] gretap0: entered allmulticast mode [ 167.677306][ T9207] vlan2: entered promiscuous mode [ 167.711778][ T9207] gretap0: entered promiscuous mode [ 167.819938][ T9233] netlink: 'syz.2.1069': attribute type 1 has an invalid length. [ 168.044999][ T9233] bond2: entered promiscuous mode [ 168.096921][ T9233] 8021q: adding VLAN 0 to HW filter on device bond2 [ 168.265086][ T9238] 8021q: adding VLAN 0 to HW filter on device bond3 [ 168.274381][ T9238] bond2: (slave bond3): making interface the new active one [ 168.285869][ T9238] bond3: entered promiscuous mode [ 168.294756][ T9238] bond2: (slave bond3): Enslaving as an active interface with an up link [ 168.838789][ T9282] netlink: 640 bytes leftover after parsing attributes in process `syz.3.1079'. [ 169.099948][ T9293] netlink: 'syz.1.1083': attribute type 5 has an invalid length. [ 169.316948][ T9312] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1089'. [ 169.346023][ T9312] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1089'. [ 169.611014][ T9324] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1093'. [ 169.815536][ T9324] 8021q: adding VLAN 0 to HW filter on device bond2 [ 169.943072][ T9339] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1096'. [ 169.997406][ T9339] netlink: 'syz.2.1096': attribute type 1 has an invalid length. [ 170.217818][ T9354] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1096'. [ 170.298333][ T9354] netlink: 'syz.2.1096': attribute type 3 has an invalid length. [ 170.321240][ T9354] netlink: 'syz.2.1096': attribute type 2 has an invalid length. [ 170.359521][ T9352] bond4: (slave bridge4): making interface the new active one [ 170.369256][ T9352] bond4: (slave bridge4): Enslaving as an active interface with an up link [ 170.390285][ T9348] netlink: 'syz.0.1097': attribute type 4 has an invalid length. [ 171.110232][ T9397] sctp: [Deprecated]: syz.3.1108 (pid 9397) Use of int in maxseg socket option. [ 171.110232][ T9397] Use struct sctp_assoc_value instead [ 172.571624][ T9469] __nla_validate_parse: 5 callbacks suppressed [ 172.571642][ T9469] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1127'. [ 172.742349][ T9475] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1129'. [ 172.774464][ T9475] openvswitch: netlink: nsh attribute has 65532 unknown bytes. [ 172.783584][ T9475] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 173.173377][ T9494] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1135'. [ 173.186232][ T9494] netlink: 'syz.3.1135': attribute type 7 has an invalid length. [ 173.195775][ T9494] netlink: 'syz.3.1135': attribute type 8 has an invalid length. [ 173.209876][ T9494] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1135'. [ 173.356129][ T9499] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1135'. [ 173.378960][ T9499] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1135'. [ 173.822182][ T9525] syzkaller1: entered promiscuous mode [ 173.842159][ T9525] syzkaller1: entered allmulticast mode [ 174.035461][ T9541] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1151'. [ 174.048049][ T9541] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1151'. [ 174.071487][ T9541] netlink: 'syz.4.1151': attribute type 20 has an invalid length. [ 174.130841][ T9547] ieee802154 phy0 wpan0: encryption failed: -22 [ 174.216145][ T9552] veth0: entered promiscuous mode [ 174.228813][ T9553] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1155'. [ 174.330318][ T9564] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1158'. [ 174.737188][ T9586] nbd: must specify at least one socket [ 174.737312][ T9587] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 175.121072][ T9608] openvswitch: netlink: IP tunnel dst address not specified [ 175.188455][ T9608] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 175.386054][ T9625] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 175.419543][ T9630] netlink: 'syz.2.1179': attribute type 11 has an invalid length. [ 175.719470][ T9641] netlink: 'syz.2.1184': attribute type 83 has an invalid length. [ 175.747201][ T9645] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 175.912823][ T9651] openvswitch: netlink: IPv4 tunnel dst address is zero [ 176.483564][ T9684] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 176.632043][ T9690] tipc: Invalid UDP bearer configuration [ 176.632097][ T9690] tipc: Enabling of bearer rejected, failed to enable media [ 176.715161][ T9697] ip6gre1: entered allmulticast mode [ 177.491607][ T9741] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 177.756991][ T9759] __nla_validate_parse: 19 callbacks suppressed [ 177.757008][ T9759] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1219'. [ 177.941374][ T9769] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1222'. [ 177.956435][ T9769] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1222'. [ 177.975068][ T9771] veth1_virt_wifi: mtu less than device minimum [ 178.524100][ T9810] block nbd0: Unsupported socket: shutdown callout must be supported. [ 178.552324][ T9807] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1230'. [ 178.829090][ T9820] netlink: 340 bytes leftover after parsing attributes in process `syz.2.1232'. [ 179.092483][ T9832] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1234'. [ 179.270961][ T9837] ieee802154 phy0 wpan0: encryption failed: -90 [ 179.470725][ T9845] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1239'. [ 179.492951][ T9847] netlink: 'syz.1.1241': attribute type 1 has an invalid length. [ 179.501899][ T9845] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1239'. [ 179.553769][ T9850] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1242'. [ 179.578390][ T9850] unsupported nlmsg_type 40 [ 179.907942][ T9869] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1247'. [ 179.971409][ T9871] netlink: 'syz.4.1249': attribute type 1 has an invalid length. [ 181.064013][ T9936] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 181.109914][ T9943] netlink: 'syz.3.1275': attribute type 27 has an invalid length. [ 181.369640][ T9958] netlink: 'syz.3.1281': attribute type 8 has an invalid length. [ 181.652884][ T9972] tipc: Failed to obtain node identity [ 181.666248][ T9972] tipc: Enabling of bearer rejected, failed to enable media [ 182.035125][ T9989] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled [ 182.323710][T10010] (unnamed net_device) (uninitialized): option use_carrier: invalid value (4) [ 182.358121][T10010] tipc: Enabling of bearer rejected, failed to enable media [ 182.383797][T10010] syzkaller0: entered promiscuous mode [ 182.401110][T10010] syzkaller0: entered allmulticast mode [ 182.449414][T10015] IPv6: sit2: Disabled Multicast RS [ 182.455951][T10015] sit2: entered allmulticast mode [ 182.743736][T10033] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 182.763679][T10033] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 183.195000][T10056] tipc: Invalid UDP bearer configuration [ 183.195194][T10056] tipc: Enabling of bearer rejected, failed to enable media [ 183.215934][T10058] __nla_validate_parse: 14 callbacks suppressed [ 183.215951][T10058] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1315'. [ 183.330707][T10063] syzkaller0: entered allmulticast mode [ 183.545806][T10085] xt_hashlimit: overflow, try lower: 4294967295/0 [ 183.551839][T10086] netlink: 'syz.4.1322': attribute type 178 has an invalid length. [ 183.718844][T10101] netlink: 'syz.3.1326': attribute type 1 has an invalid length. [ 183.726922][T10101] netlink: 220 bytes leftover after parsing attributes in process `syz.3.1326'. [ 183.739830][T10101] netlink: 'syz.3.1326': attribute type 1 has an invalid length. [ 184.379848][T10130] Cannot find del_set index 17 as target [ 184.520968][T10141] netlink: 'syz.0.1335': attribute type 10 has an invalid length. [ 184.546623][T10140] xt_CT: You must specify a L4 protocol and not use inversions on it [ 184.566563][T10141] veth0_vlan: entered allmulticast mode [ 184.584700][T10141] team0: Device veth0_vlan failed to register rx_handler [ 185.022038][T10153] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1339'. [ 185.043272][T10156] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1340'. [ 185.073653][T10157] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1340'. [ 185.170656][T10153] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 185.355238][T10162] openvswitch: netlink: IP tunnel TTL not specified. [ 185.698072][T10178] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.1345'. [ 185.730035][T10176] bridge0: port 1(batadv1) entered blocking state [ 185.775823][T10176] bridge0: port 1(batadv1) entered disabled state [ 185.783437][T10176] batadv1: entered allmulticast mode [ 185.798982][T10176] batadv1: entered promiscuous mode [ 186.043540][T10195] batman_adv: batadv0: Removing interface: team0 [ 186.070000][T10195] batadv1: left allmulticast mode [ 186.076551][T10195] batadv1: left promiscuous mode [ 186.121392][T10195] bridge0: port 1(batadv1) entered disabled state [ 186.472899][T10213] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1359'. [ 186.493805][T10211] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1358'. [ 186.741277][T10226] xt_l2tp: missing protocol rule (udp|l2tpip) [ 186.799975][T10228] batadv_slave_1: entered promiscuous mode [ 186.844284][T10231] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1365'. [ 186.854927][T10231] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1365'. [ 186.870882][T10229] ip6t_srh: unknown srh invflags 5F00 [ 187.527961][T10248] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.535233][T10248] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.546326][T10248] bridge0: entered allmulticast mode [ 187.588363][T10227] batadv_slave_1: left promiscuous mode [ 188.446092][T10294] netlink: 'syz.2.1384': attribute type 10 has an invalid length. [ 188.568780][T10296] __nla_validate_parse: 3 callbacks suppressed [ 188.568797][T10296] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1382'. [ 188.726133][T10308] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1388'. [ 188.809230][T10309] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1389'. [ 188.850041][T10309] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1389'. [ 188.879505][T10309] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1389'. [ 189.189097][T10334] (unnamed net_device) (uninitialized): up delay (5) is not a multiple of miimon (4), value rounded to 4 ms [ 189.210958][T10332] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 189.230827][T10337] netlink: 'syz.3.1399': attribute type 1 has an invalid length. [ 189.239721][T10337] netlink: 'syz.3.1399': attribute type 4 has an invalid length. [ 189.251870][T10337] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1399'. [ 189.281816][T10337] sit0: entered promiscuous mode [ 189.297504][T10337] netlink: 'syz.3.1399': attribute type 1 has an invalid length. [ 189.305458][T10337] netlink: 1 bytes leftover after parsing attributes in process `syz.3.1399'. [ 189.324906][T10338] vlan2: entered promiscuous mode [ 189.334444][T10338] vlan2: entered allmulticast mode [ 189.341269][T10338] hsr_slave_1: entered allmulticast mode [ 189.353391][T10343] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1398'. [ 189.363445][T10334] (unnamed net_device) (uninitialized): up delay (5) is not a multiple of miimon (4), value rounded to 4 ms [ 189.491287][T10341] (unnamed net_device) (uninitialized): option miimon: invalid value (18446744073709551585) [ 189.502878][T10341] (unnamed net_device) (uninitialized): option miimon: allowed values 0 - 2147483647 [ 189.697174][T10360] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1406'. [ 189.719711][T10360] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1406'. [ 190.091732][ T49] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.229858][ T49] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.350466][ T49] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.467732][T10385] sctp: [Deprecated]: syz.2.1414 (pid 10385) Use of struct sctp_assoc_value in delayed_ack socket option. [ 190.467732][T10385] Use struct sctp_sack_info instead [ 190.502089][ T49] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.509696][T10389] netlink: 'syz.4.1415': attribute type 3 has an invalid length. [ 190.536842][T10385] sctp: [Deprecated]: syz.2.1414 (pid 10385) Use of struct sctp_assoc_value in delayed_ack socket option. [ 190.536842][T10385] Use struct sctp_sack_info instead [ 190.558680][T10389] netlink: 'syz.4.1415': attribute type 3 has an invalid length. [ 190.879474][T10407] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 190.887122][T10407] IPv6: NLM_F_CREATE should be set when creating new route [ 190.894385][T10407] IPv6: NLM_F_CREATE should be set when creating new route [ 190.953044][ T49] bond1: left allmulticast mode [ 190.970608][ T49] bond1: left promiscuous mode [ 190.986827][ T49] bridge0: port 3(bond1) entered disabled state [ 191.007387][T10409] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 191.078883][ T49] bridge_slave_1: left allmulticast mode [ 191.099947][ T49] bridge_slave_1: left promiscuous mode [ 191.106048][ T5941] IPVS: starting estimator thread 0... [ 191.131743][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.258936][ T49] bridge_slave_0: left allmulticast mode [ 191.290293][ T49] bridge_slave_0: left promiscuous mode [ 191.311131][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.326533][T10419] IPVS: using max 34 ests per chain, 81600 per kthread [ 191.422670][ T5835] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 191.433229][ T5835] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 191.443099][ T5835] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 191.453143][ T5835] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 191.462476][ T5835] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 191.758097][ T49] team0: Port device geneve0 removed [ 192.056668][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 192.069999][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 192.080479][ T49] bond0 (unregistering): Released all slaves [ 192.173407][ T49] bond1 (unregistering): Released all slaves [ 192.522527][T10451] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 193.213632][T10492] xt_l2tp: invalid flags combination: 4 [ 193.420258][T10499] : entered promiscuous mode [ 193.483043][T10449] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 193.515825][T10502] erspan0: entered promiscuous mode [ 193.534063][T10502] erspan0: entered allmulticast mode [ 193.539757][ T5845] Bluetooth: hci3: command tx timeout [ 193.550018][T10449] infiniband srz1: RDMA CMA: cma_listen_on_dev, error -98 [ 193.684048][T10504] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 193.731322][T10508] __nla_validate_parse: 7 callbacks suppressed [ 193.731334][T10508] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1442'. [ 194.301412][T10538] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1449'. [ 194.421578][T10433] chnl_net:caif_netlink_parms(): no params data found [ 194.515223][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.521682][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.573533][T10433] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.582087][T10590] netlink: 'syz.2.1461': attribute type 11 has an invalid length. [ 195.582943][T10433] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.604504][T10590] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1461'. [ 195.614479][T10433] bridge_slave_0: entered allmulticast mode [ 195.627333][ T5845] Bluetooth: hci3: command tx timeout [ 195.636319][T10590] netlink: 'syz.2.1461': attribute type 4 has an invalid length. [ 195.641576][T10433] bridge_slave_0: entered promiscuous mode [ 195.759858][ T49] hsr_slave_0: left promiscuous mode [ 195.889912][ T49] hsr_slave_1: left promiscuous mode [ 195.912500][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 195.935367][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 195.954272][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 195.966638][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 196.042050][ T49] veth1_macvtap: left promiscuous mode [ 196.056976][ T49] veth0_macvtap: left promiscuous mode [ 196.067577][ T49] veth1_vlan: left promiscuous mode [ 196.073255][ T49] veth0_vlan: left promiscuous mode [ 196.563275][ T49] team0 (unregistering): Port device team_slave_1 removed [ 196.608823][ T49] team0 (unregistering): Port device team_slave_0 removed [ 196.962465][T10433] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.970342][T10433] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.983655][T10433] bridge_slave_1: entered allmulticast mode [ 196.993303][T10433] bridge_slave_1: entered promiscuous mode [ 197.062872][T10608] tc_dump_action: action bad kind [ 197.233857][T10433] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 197.252936][T10433] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 197.348900][T10613] netlink: 'syz.2.1468': attribute type 5 has an invalid length. [ 197.415306][T10616] netlink: 'syz.2.1468': attribute type 3 has an invalid length. [ 197.428838][T10616] netlink: 'syz.2.1468': attribute type 3 has an invalid length. [ 197.443175][T10616] netlink: 'syz.2.1468': attribute type 3 has an invalid length. [ 197.451491][T10616] netlink: 'syz.2.1468': attribute type 3 has an invalid length. [ 197.459807][T10616] netlink: 'syz.2.1468': attribute type 3 has an invalid length. [ 197.468043][T10616] netlink: 'syz.2.1468': attribute type 3 has an invalid length. [ 197.476152][T10616] netlink: 'syz.2.1468': attribute type 3 has an invalid length. [ 197.484507][T10616] netlink: 'syz.2.1468': attribute type 3 has an invalid length. [ 197.495323][T10630] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1471'. [ 197.505150][T10630] netlink: 88 bytes leftover after parsing attributes in process `syz.4.1471'. [ 197.566038][T10632] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1472'. [ 197.652526][T10433] team0: Port device team_slave_0 added [ 197.694529][T10433] team0: Port device team_slave_1 added [ 197.709507][ T5845] Bluetooth: hci3: command tx timeout [ 197.843352][T10433] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 197.859186][T10433] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.888516][T10649] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1476'. [ 197.898746][T10433] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 197.912386][T10651] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 197.933842][T10433] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 197.952064][T10433] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.074502][T10433] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 198.391444][T10433] hsr_slave_0: entered promiscuous mode [ 198.413678][T10433] hsr_slave_1: entered promiscuous mode [ 198.433586][T10433] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 198.487842][T10433] Cannot create hsr debugfs directory [ 198.607098][T10679] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1484'. [ 198.620995][T10679] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1484'. [ 198.631241][T10679] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 198.762317][T10687] tipc: Enabled bearer , priority 0 [ 198.879792][T10691] syzkaller0: entered promiscuous mode [ 198.885509][T10691] syzkaller0: entered allmulticast mode [ 198.914974][T10691] tipc: Resetting bearer [ 198.932496][T10698] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1489'. [ 199.115353][T10685] tipc: Resetting bearer [ 199.325612][T10706] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.1492'. [ 199.338134][T10708] netlink: 228 bytes leftover after parsing attributes in process `syz.2.1492'. [ 199.789443][ T5842] Bluetooth: hci3: command tx timeout [ 200.579145][T10685] tipc: Disabling bearer [ 201.160666][ T5941] IPVS: starting estimator thread 0... [ 201.232500][T10734] validate_nla: 49 callbacks suppressed [ 201.232518][T10734] netlink: 'syz.2.1501': attribute type 10 has an invalid length. [ 201.266505][T10740] IPVS: using max 30 ests per chain, 72000 per kthread [ 201.296250][T10734] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 201.605017][T10754] erspan0: left promiscuous mode [ 201.698766][ T5842] Bluetooth: hci0: command 0x0c1a tx timeout [ 201.704861][ T5848] Bluetooth: hci4: command 0x0405 tx timeout [ 201.704886][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 201.713102][ T5851] Bluetooth: hci1: command 0x0406 tx timeout [ 201.950183][T10762] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 202.133998][T10433] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 202.192720][T10433] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 202.200173][T10780] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1513'. [ 202.276021][T10780] bond0 (unregistering): Released all slaves [ 202.326557][T10433] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 202.345688][T10433] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 202.574712][T10794] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 202.935606][T10433] 8021q: adding VLAN 0 to HW filter on device bond0 [ 203.026288][T10433] 8021q: adding VLAN 0 to HW filter on device team0 [ 203.068640][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.075845][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.110359][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.117578][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.262555][T10433] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 203.832230][T10841] Bluetooth: MGMT ver 1.23 [ 204.004054][T10847] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1533'. [ 204.048530][T10433] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 204.087831][T10851] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1532'. [ 204.263115][T10433] veth0_vlan: entered promiscuous mode [ 204.301278][T10855] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 204.351334][T10433] veth1_vlan: entered promiscuous mode [ 204.353344][T10862] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1536'. [ 204.392816][T10862] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1536'. [ 204.441724][T10864] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1537'. [ 204.452365][T10433] veth0_macvtap: entered promiscuous mode [ 204.469540][T10433] veth1_macvtap: entered promiscuous mode [ 204.548331][T10433] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 204.590251][T10433] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 204.625041][T10433] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.635066][T10433] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.644905][T10433] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.654875][T10433] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.939796][ T2906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 204.982343][ T2906] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.084790][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.103054][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.591463][T10900] netlink: 88 bytes leftover after parsing attributes in process `syz.4.1546'. [ 206.068451][T10904] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1549'. [ 206.080145][T10906] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 206.171293][T10912] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1549'. [ 206.453944][T10917] IPVS: set_ctl: invalid protocol: 50 172.20.20.27:20000 [ 206.472970][T10917] IPVS: set_ctl: invalid protocol: 115 224.0.0.2:20002 [ 206.483438][T10917] IPVS: set_ctl: invalid protocol: 2 127.0.0.1:20003 [ 206.560899][ T2906] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.628232][ T2906] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.808984][ T2906] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.984032][T10932] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1554'. [ 207.009794][ T2906] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.083770][T10939] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1555'. [ 207.327679][ T5835] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 207.340992][ T5835] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 207.350320][ T5835] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 207.369009][ T5835] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 207.383406][ T5835] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 207.593641][ T2906] bridge_slave_1: left allmulticast mode [ 207.605177][ T2906] bridge_slave_1: left promiscuous mode [ 207.622077][ T2906] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.655205][ T2906] bridge_slave_0: left allmulticast mode [ 207.668284][ T2906] bridge_slave_0: left promiscuous mode [ 207.683413][ T2906] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.094149][ T2906] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 208.107358][ T2906] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 208.118486][ T2906] bond0 (unregistering): Released all slaves [ 208.928617][T10994] batadv_slave_1: entered promiscuous mode [ 208.993791][T10990] batadv_slave_1: left promiscuous mode [ 209.456905][ T5849] Bluetooth: hci3: command tx timeout [ 209.507937][T11025] __nla_validate_parse: 7 callbacks suppressed [ 209.507955][T11025] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1580'. [ 210.043952][T11040] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1584'. [ 210.089191][T11025] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 210.119841][T11025] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 210.134612][T11025] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 210.156058][T11025] bond0 (unregistering): Released all slaves [ 210.257562][ T2906] hsr_slave_0: left promiscuous mode [ 210.270255][ T2906] hsr_slave_1: left promiscuous mode [ 210.277628][ T2906] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 210.285180][ T2906] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 210.293472][ T2906] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 210.301500][ T2906] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 210.321573][ T2906] veth1_macvtap: left promiscuous mode [ 210.327222][ T2906] veth0_macvtap: left promiscuous mode [ 210.332833][ T2906] veth1_vlan: left promiscuous mode [ 210.338329][ T2906] veth0_vlan: left promiscuous mode [ 210.741941][ T2906] team0 (unregistering): Port device team_slave_1 removed [ 210.781863][ T2906] team0 (unregistering): Port device team_slave_0 removed [ 211.311077][T11058] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1589'. [ 211.389032][T11058] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1589'. [ 211.415299][T11065] netlink: 'syz.2.1592': attribute type 18 has an invalid length. [ 211.473859][ T36] smc: removing ib device syz0 [ 211.513052][T10944] chnl_net:caif_netlink_parms(): no params data found [ 211.536478][ T5849] Bluetooth: hci3: command tx timeout [ 211.745088][T11086] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1597'. [ 212.128762][T11103] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1598'. [ 212.357714][T10944] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.374566][T10944] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.398432][T10944] bridge_slave_0: entered allmulticast mode [ 212.430747][T10944] bridge_slave_0: entered promiscuous mode [ 212.476987][T10944] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.484234][T10944] bridge0: port 2(bridge_slave_1) entered disabled state [ 212.492328][T10944] bridge_slave_1: entered allmulticast mode [ 212.518661][T10944] bridge_slave_1: entered promiscuous mode [ 212.729691][T11114] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1601'. [ 212.787201][T10944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 212.852379][T10944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 213.108675][T10944] team0: Port device team_slave_0 added [ 213.127845][T10944] team0: Port device team_slave_1 added [ 213.333752][T10944] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 213.351658][T10944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.421540][T10944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 213.443446][T10944] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 213.454044][T10944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.520329][T10944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 213.619146][ T5849] Bluetooth: hci3: command tx timeout [ 213.822778][T10944] hsr_slave_0: entered promiscuous mode [ 213.830149][T10944] hsr_slave_1: entered promiscuous mode [ 213.841398][T10944] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 213.851673][T10944] Cannot create hsr debugfs directory [ 214.252973][T11161] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1616'. [ 214.278270][T11161] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1616'. [ 214.897177][T11187] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 215.127734][T11194] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 215.151624][T10944] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 215.230315][T10944] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 215.276113][T10944] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 215.324152][T10944] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 215.337842][T11200] sit0: entered allmulticast mode [ 215.551332][T10944] 8021q: adding VLAN 0 to HW filter on device bond0 [ 215.607955][T10944] 8021q: adding VLAN 0 to HW filter on device team0 [ 215.640962][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.648192][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.677802][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.685009][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.706055][ T5849] Bluetooth: hci3: command tx timeout [ 215.848617][T11223] dvmrp0: entered allmulticast mode [ 216.301861][T11245] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1647'. [ 216.461008][T10944] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.480733][T11253] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.1650'. [ 216.635953][T11256] syzkaller1: entered promiscuous mode [ 216.643875][T11256] syzkaller1: entered allmulticast mode [ 216.652450][T11261] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1655'. [ 216.669011][T10944] veth0_vlan: entered promiscuous mode [ 216.733089][T10944] veth1_vlan: entered promiscuous mode [ 216.819259][T10944] veth0_macvtap: entered promiscuous mode [ 216.870590][T10944] veth1_macvtap: entered promiscuous mode [ 216.889961][T11269] syzkaller1: entered promiscuous mode [ 216.895485][T11269] syzkaller1: entered allmulticast mode [ 216.931847][T10944] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 216.952074][T10944] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 217.148090][T10944] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.178731][T10944] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.193823][T10944] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.206600][T10944] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.610497][T11291] syzkaller1: entered promiscuous mode [ 217.616034][T11291] syzkaller1: entered allmulticast mode [ 217.630931][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 217.644497][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 217.755324][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 217.782338][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 217.830394][T11302] netlink: 'syz.2.1673': attribute type 1 has an invalid length. [ 217.991933][T11307] bond0: (slave gretap1): making interface the new active one [ 218.002138][T11307] bond0: (slave gretap1): Enslaving as an active interface with an up link [ 218.063215][T11309] netlink: 'syz.1.1675': attribute type 2 has an invalid length. [ 218.080730][T11309] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1675'. [ 218.139767][T10944] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN PTI [ 218.151722][T10944] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f] [ 218.160161][T10944] CPU: 1 UID: 0 PID: 10944 Comm: syz-executor Not tainted 6.16.0-rc3-syzkaller-00122-g60f7f4afaf6d #0 PREEMPT(full) [ 218.172419][T10944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 218.182582][T10944] RIP: 0010:klist_remove+0x14a/0x340 [ 218.187911][T10944] Code: 4d 89 f5 49 c1 ed 03 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 99 e9 c6 f6 4d 8b 26 49 83 e4 fe 49 8d 7c 24 58 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 74 05 e8 7a e9 c6 f6 49 8b 44 24 58 48 89 44 24 08 [ 218.207539][T10944] RSP: 0018:ffffc9001cc6f840 EFLAGS: 00010202 [ 218.213633][T10944] RAX: 000000000000000b RBX: ffff888031025a00 RCX: 0000000000000000 [ 218.221599][T10944] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000058 [ 218.229560][T10944] RBP: ffffc9001cc6f928 R08: ffffffff8f8794c3 R09: 1ffffffff1f0f298 [ 218.237519][T10944] R10: dffffc0000000000 R11: fffffbfff1f0f299 R12: 0000000000000000 [ 218.245477][T10944] R13: 1ffff1100add110c R14: ffff888056e88860 R15: dffffc0000000000 [ 218.253437][T10944] FS: 0000000000000000(0000) GS:ffff888125d50000(0000) knlGS:0000000000000000 [ 218.262357][T10944] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 218.268935][T10944] CR2: 00007fe32758ed58 CR3: 00000000544ca000 CR4: 00000000003526f0 [ 218.276921][T10944] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 218.284891][T10944] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 218.292852][T10944] Call Trace: [ 218.296123][T10944] [ 218.299049][T10944] ? __pfx_klist_remove+0x10/0x10 [ 218.304073][T10944] ? __pfx_kobject_move+0x10/0x10 [ 218.309091][T10944] ? get_device_parent+0x366/0x3a0 [ 218.314194][T10944] device_move+0x193/0x700 [ 218.318602][T10944] hci_conn_del_sysfs+0xb8/0x170 [ 218.323530][T10944] hci_conn_del+0x8ff/0xcb0 [ 218.328037][T10944] hci_conn_hash_flush+0x191/0x230 [ 218.333400][T10944] hci_dev_close_sync+0xaef/0x1330 [ 218.338522][T10944] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 218.344072][T10944] ? up_write+0x1c4/0x420 [ 218.348405][T10944] hci_unregister_dev+0x21a/0x510 [ 218.353434][T10944] vhci_release+0x80/0xd0 [ 218.357759][T10944] ? __pfx_vhci_release+0x10/0x10 [ 218.362782][T10944] __fput+0x449/0xa70 [ 218.366764][T10944] task_work_run+0x1d1/0x260 [ 218.371351][T10944] ? __pfx_task_work_run+0x10/0x10 [ 218.376457][T10944] ? kmem_cache_free+0x18f/0x400 [ 218.381383][T10944] do_exit+0x6b5/0x22e0 [ 218.385547][T10944] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 218.390934][T10944] ? __pfx_do_exit+0x10/0x10 [ 218.395527][T10944] ? _raw_spin_unlock_irq+0x23/0x50 [ 218.400724][T10944] ? lockdep_hardirqs_on+0x9c/0x150 [ 218.405920][T10944] do_group_exit+0x21c/0x2d0 [ 218.410503][T10944] __x64_sys_exit_group+0x3f/0x40 [ 218.415515][T10944] x64_sys_call+0x21ba/0x21c0 [ 218.420182][T10944] do_syscall_64+0xfa/0x3b0 [ 218.424679][T10944] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.430732][T10944] ? asm_common_interrupt+0x26/0x40 [ 218.435916][T10944] ? clear_bhb_loop+0x60/0xb0 [ 218.440580][T10944] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.446463][T10944] RIP: 0033:0x7f742158e929 [ 218.450887][T10944] Code: Unable to access opcode bytes at 0x7f742158e8ff. [ 218.457893][T10944] RSP: 002b:00007fff2a068078 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 218.466317][T10944] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f742158e929 [ 218.474294][T10944] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 218.482257][T10944] RBP: 00007f74215ee8f0 R08: 00007fff2a065e17 R09: 0000000000000003 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 218.490220][T10944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 218.498180][T10944] R13: 0000000000000003 R14: 00000000ffffffff R15: 00007fff2a068230 [ 218.506148][T10944] [ 218.509765][T10944] Modules linked in: [ 218.515275][T10944] ---[ end trace 0000000000000000 ]--- [ 218.575115][T10944] RIP: 0010:klist_remove+0x14a/0x340 [ 218.584563][T10944] Code: 4d 89 f5 49 c1 ed 03 43 80 7c 3d 00 00 74 08 4c 89 f7 e8 99 e9 c6 f6 4d 8b 26 49 83 e4 fe 49 8d 7c 24 58 48 89 f8 48 c1 e8 03 <42> 80 3c 38 00 74 05 e8 7a e9 c6 f6 49 8b 44 24 58 48 89 44 24 08 [ 218.669472][T10944] RSP: 0018:ffffc9001cc6f840 EFLAGS: 00010202 [ 218.677284][T10944] RAX: 000000000000000b RBX: ffff888031025a00 RCX: 0000000000000000 [ 218.685303][T10944] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000058 [ 218.700200][T10944] RBP: ffffc9001cc6f928 R08: ffffffff8f8794c3 R09: 1ffffffff1f0f298 [ 218.709444][T10944] R10: dffffc0000000000 R11: fffffbfff1f0f299 R12: 0000000000000000 [ 218.767579][T10944] R13: 1ffff1100add110c R14: ffff888056e88860 R15: dffffc0000000000 [ 218.806453][T10944] FS: 0000000000000000(0000) GS:ffff888125c50000(0000) knlGS:0000000000000000 [ 218.815450][T10944] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 218.847383][T10944] CR2: 00007f2700b84f98 CR3: 0000000033f5a000 CR4: 00000000003526f0 [ 218.855415][T10944] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 218.867367][T10944] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 218.875641][T10944] Kernel panic - not syncing: Fatal exception [ 218.881961][T10944] Kernel Offset: disabled [ 218.886277][T10944] Rebooting in 86400 seconds..