last executing test programs: 6.542878552s ago: executing program 2 (id=109): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000840)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800c0001006d6163766c616e0014000280"], 0x44}}, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_devices(r0, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd) 5.48340197s ago: executing program 1 (id=113): mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x3000005, 0x0) chroot(&(0x7f0000000200)='./file0\x00') umount2(&(0x7f0000000000)='./file0\x00', 0x0) 5.030505663s ago: executing program 4 (id=114): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x6, 0x4, 0x3, 0x7}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007baaf8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r2}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="58000000100001"], 0x58}}, 0x0) 4.823915419s ago: executing program 0 (id=115): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000)) ioctl$sock_netrom_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={0x0, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bpq0, 0x4, 'syz1\x00', @default, 0x1, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x22, 0x0, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) r3 = socket$kcm(0x10, 0x2, 0x10) readv(r3, 0x0, 0x0) 4.793067549s ago: executing program 1 (id=116): bpf$ENABLE_STATS(0x20, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) socket(0x10, 0x80003, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x2efb, 0x4) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) sendmmsg$inet(r0, &(0x7f0000001200)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8800) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_rdma(0x10, 0x3, 0x14) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0x24, 0x0, 0xffffffffffffffff}, 0x0, &(0x7f00000002c0)={0x3ff, 0x80000001, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 4.668165578s ago: executing program 2 (id=118): sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) r0 = socket$netlink(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x38, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10048047}, 0x4000050) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 4.058420647s ago: executing program 0 (id=119): socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000380), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x1c}}, 0x0) 4.055571062s ago: executing program 4 (id=120): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000000100)={'syzkaller0\x00', @random}) 3.924120311s ago: executing program 2 (id=121): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2008002, &(0x7f0000000080), 0x4, 0x54c, &(0x7f0000000fc0)="$eJzs3UFvI1cdAPD/TJJNut02u9ADVMAuUFjQau2Nt11VvbR7AaGqEqLigDhsQ+JEIXYcYqc0IRLpZwAJJE7wETggcUDqiQMXxIEDEgeEVA5IC0SgDRJIRjN2EjdxuiZ27Db+/aTJvJnnmf97ssfv+dmZF8DYujFxlH4jImbb6aS95F6JuBERj/Z2Fvb3dhaSaDZf/3uS52f7ouOYzJMRsRsRMxHxtS9HfCs5Gbe+tb06X6mUN9rbxUZ1vVjf2r69Up1fLi+X10qle3P37rx494XSwOp6vfrzh19aefXrv/rlJ9/93e4Xv5cV60o7r7Meg9Sq+tRhnMxkRLx6HsFG4ODlc2nE5eBs0oj4SER8Jr/+Z2Mif3UCABdZszkbzdnObQDgokvzMbAkLUREmrY7AYXWGN4zcTmt1OqNW0u1zbXF1ljZ1ZhKl1Yq5TvXpv/4nfzBU0m2PZfn5fn5dunY9t2IuBYRP5x+It8uLNQqi6Pp8gDA2Huys/2PiH9Np2mh0NOhXb7VAwA+NGZGXQAAYOi0/wAwfrT/ADB+emj/21/27557WQCA4fD5HwDGj/YfAMaP9h8AxspXX3stW5r77ftfL765tblae/P2Yrm+WqhuLhQWahvrheVabTm/Z0/1ceer1Grrc8/H5lvFRrneKNa3th9Ua5trjQf5fb0flKeGUisA4P1cu/7OH5KI2H3piXyJjrkctNVwsaWjLgAwMhP9HKyDAB9qZvuC8dVTE553En5z7mUBRqPrzbxnuibf68f/RxC/M4IPlJsf73383xzPcLEcH/93gw8YH2cb/3954OUAhs/4P4yvZjM5Puf/pcMsAOBC6uMnfM3vD6oTAozU4ybzHsj3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDBXImIb0eSFvK5wNPsb1ooRDwVEVdjKllaqZTvRMTTcT0ipqaXViq//f2oCw0A9Cn9a9Ke/+vm7HNXjudeSv49na8j4rs/ef1Hb803Ghtz2f5/HO6fPpg+rHR0XB/zCgIAA5a336X2eu5o/6O9nYWDZZjleXg//tueinhhf28nX1o5k5HtjJjJ+xKX/5nEZPuYmYh4NiImBhB/9+2I+Fi3+if52MjV9synnfGjHfupocZP3xM/zfNa66zz9dEBlAXGzTv3I+KVbtdfGjfydffrfyZ/h+rfw/utkx289+13xJ9sR5roEj+75m/0GuP5X3/lxM7mbCvv7YhnJ7vFTw7jJ6fEf67H+H/6xKd+8PIpec2fRtyM7vE7YxUb1fVifWv79kp1frm8XF4rle7N3bvz4t0XSsV8jLp4MFJ90t9euvX0aWXL6n/5lPgzXet/6fDYz/VY/5/9541vfvpoc/p4/C98tvvz/0zX+C1Zm/j5HuPPX/7FqdN3Z/EXT6n/457/Wz3Gf/cv24s9PhQAGIL61vbqfKVS3ugrkX0KHcR5TiSyIvb24IPuYn9B/xznUYszJqbyruLIi3GGxORhX3GwZ/5GdsaBFjUfRHnfl0068Fr0lXg0rFgjekMChubooh91SQAAAAAAAAAAAAAAgNMM41+XRl1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALq7/BQAA//8NTcl+") fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0) write$binfmt_aout(r0, &(0x7f00000003c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x40000000, 0x0, 0x0, 0x83, "00000000000000000000ffff00"}) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000080)={0x0, 0xfffffffd, 0x0, 0x6, 0x1, "e315bc1cc24ff7b7cdb242e1ff0aa6905446b3"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) read$FUSE(r2, &(0x7f0000003f80)={0x2020}, 0x2020) read$usbmon(r2, &(0x7f0000000340)=""/126, 0x7e) 3.92394234s ago: executing program 3 (id=122): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021300000001e0a05010000000000000000070000000900020073796831000000000900010073797a30"], 0xb4}}, 0x0) 3.351494312s ago: executing program 3 (id=123): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100962c7fa981eac10e170000004c0006803c00040067636d2861657329000000000000000000000000000000000000000000000000145e080000d23d7b4cd07ec3ee777de774fc7987cca4198904000500080006"], 0x60}, 0x1, 0x0, 0x0, 0x4}, 0x4000004) 3.218843134s ago: executing program 0 (id=124): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan1\x00', 0x0}) connect$can_bcm(r0, &(0x7f0000000300)={0x1d, r1}, 0x10) sendmsg$can_bcm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="050000000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB], 0x48}, 0x1, 0x0, 0x0, 0x8040}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x4a, &(0x7f0000000040)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r4, {0x1}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) close(0x4) 3.131956991s ago: executing program 1 (id=125): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000380)={0x0, 0x8c}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r1, &(0x7f0000000480)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000140)="03", 0x1}], 0x1}}], 0x1, 0x34000811) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRESHEX=r0], 0x1000f) 3.00131005s ago: executing program 4 (id=126): mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x3000005, 0x0) chroot(&(0x7f0000000200)='./file0\x00') umount2(&(0x7f0000000000)='./file0\x00', 0x0) 2.464654521s ago: executing program 3 (id=127): r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x482, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0xfffffffc, 0xb, 0x0, 0xfffffffc, 0x7f, "db8f2d2b3b7596160c6981acf8805944823a7f"}) write$binfmt_aout(r0, &(0x7f00000003c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x40000000, 0x0, 0x0, 0x83, "00000000000000000000ffff00"}) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000080)={0x0, 0xfffffffd, 0x0, 0x6, 0x1, "e315bc1cc24ff7b7cdb242e1ff0aa6905446b3"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) read$FUSE(r2, &(0x7f0000003f80)={0x2020}, 0x2020) 2.391881599s ago: executing program 2 (id=128): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040), 0x6) ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000200)='Yb') 2.23499709s ago: executing program 1 (id=129): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x8c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0xffff}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x64, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x2c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xf4}}, 0x0) 2.13559671s ago: executing program 0 (id=130): openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000080)="1c0000006d0081044e81f782db1f4cb9041c1d08", 0x14}], 0x1}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0) sendmsg$kcm(r0, &(0x7f00000001c0)={&(0x7f0000000100)=@phonet={0x23, 0x0, 0x0, 0xd}, 0x80, &(0x7f00000018c0)=[{&(0x7f0000000080)="27050200160014000600002f86dd", 0x5ea}], 0x1}, 0x0) 2.105479863s ago: executing program 4 (id=131): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10) ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000)) setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xe5a01e6e238456fc) setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f00000000c0)=@bpq0, 0x10) 1.712257217s ago: executing program 3 (id=132): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f00000015c0)={0x1}, 0x2) 1.512155202s ago: executing program 2 (id=133): r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000000f40)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x6, @ipv4={'\x00', '\xff\xff', @empty}, 0xffffffff}, 0x1c, 0x0}}, {{&(0x7f0000000d00)={0xa, 0x4e23, 0x9, @rand_addr=' \x01\x00', 0x10001}, 0x1c, 0x0}}], 0x2, 0x40000) 1.27940582s ago: executing program 1 (id=134): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r1, @ANYBLOB="0800260090150003080057"], 0x2c}}, 0x0) 1.183630022s ago: executing program 0 (id=135): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r1 = socket$packet(0x11, 0x3, 0x300) preadv(r0, &(0x7f0000000700)=[{&(0x7f0000000340)=""/195, 0xc3}], 0x1, 0x7, 0x7) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'rose0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r2], 0x20}}, 0x0) 1.18343609s ago: executing program 4 (id=136): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000001300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a38000000030a03000000000000000000020000020900030073797a32000000000c00048007e0014000fe00020900010073797a310000"], 0x60}}, 0x4000) 1.027798729s ago: executing program 3 (id=137): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40004}, 0x4000) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r6, {0x0, 0xffe0}, {}, {0xfff3, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}]}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) 751.888053ms ago: executing program 2 (id=138): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2008002, &(0x7f0000000080), 0x4, 0x54c, &(0x7f0000000fc0)="$eJzs3UFvI1cdAPD/TJJNut02u9ADVMAuUFjQau2Nt11VvbR7AaGqEqLigDhsQ+JEIXYcYqc0IRLpZwAJJE7wETggcUDqiQMXxIEDEgeEVA5IC0SgDRJIRjN2EjdxuiZ27Db+/aTJvJnnmf97ssfv+dmZF8DYujFxlH4jImbb6aS95F6JuBERj/Z2Fvb3dhaSaDZf/3uS52f7ouOYzJMRsRsRMxHxtS9HfCs5Gbe+tb06X6mUN9rbxUZ1vVjf2r69Up1fLi+X10qle3P37rx494XSwOp6vfrzh19aefXrv/rlJ9/93e4Xv5cV60o7r7Meg9Sq+tRhnMxkRLx6HsFG4ODlc2nE5eBs0oj4SER8Jr/+Z2Mif3UCABdZszkbzdnObQDgokvzMbAkLUREmrY7AYXWGN4zcTmt1OqNW0u1zbXF1ljZ1ZhKl1Yq5TvXpv/4nfzBU0m2PZfn5fn5dunY9t2IuBYRP5x+It8uLNQqi6Pp8gDA2Huys/2PiH9Np2mh0NOhXb7VAwA+NGZGXQAAYOi0/wAwfrT/ADB+emj/21/27557WQCA4fD5HwDGj/YfAMaP9h8AxspXX3stW5r77ftfL765tblae/P2Yrm+WqhuLhQWahvrheVabTm/Z0/1ceer1Grrc8/H5lvFRrneKNa3th9Ua5trjQf5fb0flKeGUisA4P1cu/7OH5KI2H3piXyJjrkctNVwsaWjLgAwMhP9HKyDAB9qZvuC8dVTE553En5z7mUBRqPrzbxnuibf68f/RxC/M4IPlJsf73383xzPcLEcH/93gw8YH2cb/3954OUAhs/4P4yvZjM5Puf/pcMsAOBC6uMnfM3vD6oTAozU4ybzHsj3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDBXImIb0eSFvK5wNPsb1ooRDwVEVdjKllaqZTvRMTTcT0ipqaXViq//f2oCw0A9Cn9a9Ke/+vm7HNXjudeSv49na8j4rs/ef1Hb803Ghtz2f5/HO6fPpg+rHR0XB/zCgIAA5a336X2eu5o/6O9nYWDZZjleXg//tueinhhf28nX1o5k5HtjJjJ+xKX/5nEZPuYmYh4NiImBhB/9+2I+Fi3+if52MjV9synnfGjHfupocZP3xM/zfNa66zz9dEBlAXGzTv3I+KVbtdfGjfydffrfyZ/h+rfw/utkx289+13xJ9sR5roEj+75m/0GuP5X3/lxM7mbCvv7YhnJ7vFTw7jJ6fEf67H+H/6xKd+8PIpec2fRtyM7vE7YxUb1fVifWv79kp1frm8XF4rle7N3bvz4t0XSsV8jLp4MFJ90t9euvX0aWXL6n/5lPgzXet/6fDYz/VY/5/9541vfvpoc/p4/C98tvvz/0zX+C1Zm/j5HuPPX/7FqdN3Z/EXT6n/457/Wz3Gf/cv24s9PhQAGIL61vbqfKVS3ugrkX0KHcR5TiSyIvb24IPuYn9B/xznUYszJqbyruLIi3GGxORhX3GwZ/5GdsaBFjUfRHnfl0068Fr0lXg0rFgjekMChubooh91SQAAAAAAAAAAAAAAgNMM41+XRl1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALq7/BQAA//8NTcl+") fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0) write$binfmt_aout(r0, &(0x7f00000003c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x40000000, 0x0, 0x0, 0x83, "00000000000000000000ffff00"}) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000080)={0x0, 0xfffffffd, 0x0, 0x6, 0x1, "e315bc1cc24ff7b7cdb242e1ff0aa6905446b3"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) read$FUSE(r2, &(0x7f0000003f80)={0x2020}, 0x2020) read$usbmon(r2, &(0x7f0000000340)=""/126, 0x7e) 447.772225ms ago: executing program 1 (id=139): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [], {0x14}}, 0x28}}, 0x0) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a3000000000400003802c00038004000100766c616e31000000000000000000000014000100776c616e3100000000000000000000000800014000000000080002"], 0xfc}}, 0x0) write$tun(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="12008864"], 0xfce) 396.373551ms ago: executing program 4 (id=140): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="44000000010101010000000000000000020000000400018018000a8014000180080001007f00000108000200ac1414aa14001980080001"], 0x44}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000000906010800000001000000000200ffff0900020073797a310000000008000940000000390600010007000000100008"], 0x40}, 0x1, 0x0, 0x0, 0x10000082}, 0x0) 182.846602ms ago: executing program 0 (id=141): mkdir(0x0, 0x10) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x3000005, 0x0) chroot(&(0x7f0000000200)='./file0\x00') umount2(&(0x7f0000000000)='./file0\x00', 0x0) 0s ago: executing program 3 (id=142): r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x482, 0x0) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000000)={0xfffffffc, 0xb, 0x0, 0xfffffffc, 0x7f, "db8f2d2b3b7596160c6981acf8805944823a7f"}) write$binfmt_aout(r0, &(0x7f00000003c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x40000000, 0x0, 0x0, 0x83, "00000000000000000000ffff00"}) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000080)={0x0, 0xfffffffd, 0x0, 0x6, 0x1, "e315bc1cc24ff7b7cdb242e1ff0aa6905446b3"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) read$FUSE(r2, &(0x7f0000003f80)={0x2020}, 0x2020) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.196' (ED25519) to the list of known hosts. [ 196.412296][ T5791] cgroup: Unknown subsys name 'net' [ 196.549579][ T5791] cgroup: Unknown subsys name 'cpuset' [ 196.566427][ T5791] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 229.638739][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 229.645968][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 249.299439][ T5791] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 253.652960][ T5816] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 253.661441][ T5816] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 253.670954][ T5816] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 253.691182][ T5818] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 253.700116][ T5818] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 253.711776][ T5818] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 253.723646][ T5818] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 253.736281][ T5821] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 253.746472][ T5821] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 253.755651][ T5821] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 253.775248][ T5826] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 253.796883][ T5826] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 253.840151][ T5823] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 253.848945][ T5823] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 253.858736][ T5823] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 253.874381][ T5823] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 253.889441][ T5823] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 253.899268][ T5823] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 253.912798][ T5823] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 253.929443][ T5823] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 254.010724][ T5816] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 254.023003][ T5109] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 254.042045][ T5816] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 254.056218][ T5816] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 254.069766][ T5816] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 255.127672][ T5815] chnl_net:caif_netlink_parms(): no params data found [ 255.486623][ T5820] chnl_net:caif_netlink_parms(): no params data found [ 255.858539][ T5818] Bluetooth: hci0: command tx timeout [ 255.864248][ T5818] Bluetooth: hci1: command tx timeout [ 256.005809][ T5824] chnl_net:caif_netlink_parms(): no params data found [ 256.018483][ T5818] Bluetooth: hci3: command tx timeout [ 256.133090][ T5818] Bluetooth: hci2: command tx timeout [ 256.178609][ T5818] Bluetooth: hci4: command tx timeout [ 256.374423][ T5815] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.383136][ T5815] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.391192][ T5815] bridge_slave_0: entered allmulticast mode [ 256.401083][ T5815] bridge_slave_0: entered promiscuous mode [ 256.440234][ T5813] chnl_net:caif_netlink_parms(): no params data found [ 256.469070][ T5815] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.476743][ T5815] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.486982][ T5815] bridge_slave_1: entered allmulticast mode [ 256.497510][ T5815] bridge_slave_1: entered promiscuous mode [ 256.847969][ T5815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 256.874211][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 256.905975][ T5815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 257.033647][ T5820] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.045133][ T5820] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.053524][ T5820] bridge_slave_0: entered allmulticast mode [ 257.063547][ T5820] bridge_slave_0: entered promiscuous mode [ 257.163887][ T5820] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.174881][ T5820] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.182809][ T5820] bridge_slave_1: entered allmulticast mode [ 257.192581][ T5820] bridge_slave_1: entered promiscuous mode [ 257.261067][ T5815] team0: Port device team_slave_0 added [ 257.469614][ T5815] team0: Port device team_slave_1 added [ 257.536092][ T5820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 257.706149][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.714140][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.723840][ T5824] bridge_slave_0: entered allmulticast mode [ 257.733736][ T5824] bridge_slave_0: entered promiscuous mode [ 257.757611][ T5820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 257.816817][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 257.824335][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 257.850925][ T5815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 257.900811][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.908697][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.916303][ T5824] bridge_slave_1: entered allmulticast mode [ 257.925563][ T5824] bridge_slave_1: entered promiscuous mode [ 257.938918][ T5818] Bluetooth: hci1: command tx timeout [ 257.944611][ T5818] Bluetooth: hci0: command tx timeout [ 257.977759][ T5813] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.985541][ T5813] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.993736][ T5813] bridge_slave_0: entered allmulticast mode [ 258.003204][ T5813] bridge_slave_0: entered promiscuous mode [ 258.019929][ T5815] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 258.027156][ T5815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 258.053739][ T5815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 258.066356][ T5813] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.074102][ T5813] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.081979][ T5813] bridge_slave_1: entered allmulticast mode [ 258.091715][ T5813] bridge_slave_1: entered promiscuous mode [ 258.101786][ T5818] Bluetooth: hci3: command tx timeout [ 258.178818][ T5818] Bluetooth: hci2: command tx timeout [ 258.259164][ T5818] Bluetooth: hci4: command tx timeout [ 258.282694][ T5820] team0: Port device team_slave_0 added [ 258.326193][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.333992][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 258.341942][ T5828] bridge_slave_0: entered allmulticast mode [ 258.351608][ T5828] bridge_slave_0: entered promiscuous mode [ 258.413175][ T5820] team0: Port device team_slave_1 added [ 258.432302][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 258.443814][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.451870][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.459851][ T5828] bridge_slave_1: entered allmulticast mode [ 258.469622][ T5828] bridge_slave_1: entered promiscuous mode [ 258.490479][ T5813] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 258.513733][ T5813] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 258.533146][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 258.758311][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 258.765553][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 258.792186][ T5820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 258.852909][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 258.974959][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 258.982449][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 259.009828][ T5820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 259.052137][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 259.070125][ T5813] team0: Port device team_slave_0 added [ 259.093476][ T5815] hsr_slave_0: entered promiscuous mode [ 259.102700][ T5815] hsr_slave_1: entered promiscuous mode [ 259.121769][ T5824] team0: Port device team_slave_0 added [ 259.143920][ T5824] team0: Port device team_slave_1 added [ 259.194782][ T5813] team0: Port device team_slave_1 added [ 259.331900][ T5828] team0: Port device team_slave_0 added [ 259.471625][ T5828] team0: Port device team_slave_1 added [ 259.566399][ T5820] hsr_slave_0: entered promiscuous mode [ 259.576840][ T5820] hsr_slave_1: entered promiscuous mode [ 259.585882][ T5820] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 259.593830][ T5820] Cannot create hsr debugfs directory [ 259.603484][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 259.611040][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 259.637572][ T5813] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 259.651847][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 259.659506][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 259.685923][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 259.795848][ T5813] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 259.804681][ T5813] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 259.831524][ T5813] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 259.846978][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 259.854505][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 259.881124][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 260.024015][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 260.031453][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 260.046871][ T5818] Bluetooth: hci0: command tx timeout [ 260.058916][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 260.063679][ T5818] Bluetooth: hci1: command tx timeout [ 260.176564][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 260.184063][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 260.206288][ T5818] Bluetooth: hci3: command tx timeout [ 260.210449][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 260.265858][ T5818] Bluetooth: hci2: command tx timeout [ 260.338744][ T5818] Bluetooth: hci4: command tx timeout [ 260.492748][ T5813] hsr_slave_0: entered promiscuous mode [ 260.503279][ T5813] hsr_slave_1: entered promiscuous mode [ 260.512333][ T5813] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 260.520269][ T5813] Cannot create hsr debugfs directory [ 260.739750][ T5824] hsr_slave_0: entered promiscuous mode [ 260.750319][ T5824] hsr_slave_1: entered promiscuous mode [ 260.759869][ T5824] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 260.767656][ T5824] Cannot create hsr debugfs directory [ 260.884267][ T5828] hsr_slave_0: entered promiscuous mode [ 260.895263][ T5828] hsr_slave_1: entered promiscuous mode [ 260.904389][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 260.912328][ T5828] Cannot create hsr debugfs directory [ 261.603178][ T5815] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 261.717010][ T5815] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 261.828000][ T5815] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 261.940618][ T5815] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 262.075504][ T5820] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 262.103329][ T5818] Bluetooth: hci0: command tx timeout [ 262.110002][ T5816] Bluetooth: hci1: command tx timeout [ 262.220578][ T5820] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 262.262929][ T5820] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 262.268723][ T5818] Bluetooth: hci3: command tx timeout [ 262.293414][ T5820] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 262.349530][ T5818] Bluetooth: hci2: command tx timeout [ 262.422594][ T5818] Bluetooth: hci4: command tx timeout [ 262.616825][ T5813] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 262.669903][ T5813] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 262.725375][ T5813] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 262.794587][ T5813] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 263.012190][ T5828] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 263.130231][ T5828] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 263.156527][ T5828] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 263.182998][ T5828] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 263.322982][ T5824] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 263.383713][ T5824] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 263.432711][ T5815] 8021q: adding VLAN 0 to HW filter on device bond0 [ 263.463171][ T5824] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 263.514946][ T5824] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 263.653936][ T5820] 8021q: adding VLAN 0 to HW filter on device bond0 [ 263.724031][ T5815] 8021q: adding VLAN 0 to HW filter on device team0 [ 263.811118][ T4714] bridge0: port 1(bridge_slave_0) entered blocking state [ 263.818897][ T4714] bridge0: port 1(bridge_slave_0) entered forwarding state [ 263.929433][ T4714] bridge0: port 2(bridge_slave_1) entered blocking state [ 263.937021][ T4714] bridge0: port 2(bridge_slave_1) entered forwarding state [ 264.015319][ T5820] 8021q: adding VLAN 0 to HW filter on device team0 [ 264.225700][ T4714] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.233533][ T4714] bridge0: port 1(bridge_slave_0) entered forwarding state [ 264.262593][ T4714] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.270322][ T4714] bridge0: port 2(bridge_slave_1) entered forwarding state [ 264.499026][ T5813] 8021q: adding VLAN 0 to HW filter on device bond0 [ 264.641137][ T5813] 8021q: adding VLAN 0 to HW filter on device team0 [ 264.722191][ T3689] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.730069][ T3689] bridge0: port 1(bridge_slave_0) entered forwarding state [ 264.846876][ T3689] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.854573][ T3689] bridge0: port 2(bridge_slave_1) entered forwarding state [ 265.049872][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 265.280798][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 265.374320][ T3007] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.382202][ T3007] bridge0: port 1(bridge_slave_0) entered forwarding state [ 265.416368][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 265.513458][ T3007] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.521365][ T3007] bridge0: port 2(bridge_slave_1) entered forwarding state [ 265.755177][ T5824] 8021q: adding VLAN 0 to HW filter on device team0 [ 265.890938][ T3904] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.898721][ T3904] bridge0: port 1(bridge_slave_0) entered forwarding state [ 265.986024][ T3904] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.993807][ T3904] bridge0: port 2(bridge_slave_1) entered forwarding state [ 266.835638][ T5815] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 267.054635][ T5820] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 267.400744][ T5815] veth0_vlan: entered promiscuous mode [ 267.525647][ T5815] veth1_vlan: entered promiscuous mode [ 267.687936][ T5813] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 267.920248][ T5815] veth0_macvtap: entered promiscuous mode [ 268.022689][ T5815] veth1_macvtap: entered promiscuous mode [ 268.214607][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 268.239694][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 268.336774][ T5813] veth0_vlan: entered promiscuous mode [ 268.364610][ T5815] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 268.479660][ T5813] veth1_vlan: entered promiscuous mode [ 268.506243][ T5815] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.515583][ T5815] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.524778][ T5815] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.534076][ T5815] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 268.652952][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 268.939435][ T5813] veth0_macvtap: entered promiscuous mode [ 269.055103][ T5828] veth0_vlan: entered promiscuous mode [ 269.074414][ T5813] veth1_macvtap: entered promiscuous mode [ 269.229836][ T5828] veth1_vlan: entered promiscuous mode [ 269.362053][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 269.411784][ T5824] veth0_vlan: entered promiscuous mode [ 269.444492][ T5813] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 269.595655][ T5824] veth1_vlan: entered promiscuous mode [ 269.623319][ T5813] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.632611][ T5813] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.641990][ T5813] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.651244][ T5813] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 269.680957][ T5828] veth0_macvtap: entered promiscuous mode [ 269.776301][ T5828] veth1_macvtap: entered promiscuous mode [ 270.056995][ T5824] veth0_macvtap: entered promiscuous mode [ 270.130239][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 270.185679][ T5824] veth1_macvtap: entered promiscuous mode [ 270.234437][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 270.393106][ T5828] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.402518][ T5828] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.411784][ T5828] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.424028][ T5828] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.505606][ T5820] veth0_vlan: entered promiscuous mode [ 270.582811][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 270.693085][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 270.720957][ T5820] veth1_vlan: entered promiscuous mode [ 270.800017][ T5824] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.810086][ T5824] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.823413][ T5824] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.833116][ T5824] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.080061][ T5820] veth0_macvtap: entered promiscuous mode [ 271.162796][ T5820] veth1_macvtap: entered promiscuous mode [ 271.446804][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 271.552169][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 271.662889][ T5820] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.672391][ T5820] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.681627][ T5820] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 271.690800][ T5820] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.950069][ T3904] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 275.958764][ T3904] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 276.212726][ T3718] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 276.222662][ T3718] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 276.754596][ T5815] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 277.259343][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.269363][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 277.541981][ T3007] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.551418][ T3007] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 277.947962][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.956377][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 278.173702][ T4189] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 278.184907][ T4189] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 278.351472][ T4189] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 278.360564][ T4189] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 278.643817][ T4714] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 278.652179][ T4714] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 278.741178][ T5995] netlink: 'syz.0.6': attribute type 12 has an invalid length. [ 278.749298][ T5995] netlink: 132 bytes leftover after parsing attributes in process `syz.0.6'. [ 278.870222][ T3718] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 278.878566][ T3718] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 279.225049][ T3623] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 279.233577][ T3623] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 279.768104][ T6001] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 279.778051][ T6001] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 279.788555][ T6001] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 279.797616][ T6001] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 279.987916][ T6001] Zero length message leads to an empty skb [ 280.003772][ T6003] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3'. [ 280.364376][ T6008] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5'. [ 280.412753][ T6009] loop3: detected capacity change from 0 to 512 [ 280.421463][ T6008] netlink: 'syz.4.5': attribute type 39 has an invalid length. [ 280.457935][ T6008] bridge0: port 1(bridge_slave_0) entered disabled state [ 280.528643][ T6008] bridge_slave_0 (unregistering): left allmulticast mode [ 280.536027][ T6008] bridge_slave_0 (unregistering): left promiscuous mode [ 280.555060][ T6008] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.002759][ T6038] syz.4.17 uses obsolete (PF_INET,SOCK_PACKET) [ 284.262675][ T6051] loop1: detected capacity change from 0 to 512 [ 286.816463][ T6085] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.826707][ T6085] bridge0: port 1(bridge_slave_0) entered disabled state [ 287.574735][ T6094] netlink: 28 bytes leftover after parsing attributes in process `syz.2.39'. [ 287.585113][ T6094] sit0: entered promiscuous mode [ 287.590652][ T6094] sit0: entered allmulticast mode [ 288.108955][ T6098] blkio.reset_stats is deprecated [ 288.236679][ T6101] loop4: detected capacity change from 0 to 512 [ 288.770841][ T6107] netlink: 4 bytes leftover after parsing attributes in process `syz.2.45'. [ 288.826503][ T6107] netlink: 4 bytes leftover after parsing attributes in process `syz.2.45'. [ 288.910694][ T6107] netlink: 4 bytes leftover after parsing attributes in process `syz.2.45'. [ 288.997886][ T6107] netlink: 4 bytes leftover after parsing attributes in process `syz.2.45'. [ 289.910267][ T6120] netlink: 8 bytes leftover after parsing attributes in process `syz.2.51'. [ 290.074714][ T5870] hid-generic 0005:0458:0004.0001: collection stack underflow [ 290.082932][ T5870] hid-generic 0005:0458:0004.0001: item 0 0 0 12 parsing failed [ 290.272673][ T5870] hid-generic 0005:0458:0004.0001: probe with driver hid-generic failed with error -22 [ 291.101557][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 291.108636][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 292.224416][ T6147] loop2: detected capacity change from 0 to 512 [ 293.190060][ T6160] ieee802154 phy0 wpan0: encryption failed: -22 [ 295.882663][ T6187] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.892829][ T6187] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.332166][ T6187] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 296.360965][ T6187] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 297.606798][ T6202] loop1: detected capacity change from 0 to 512 [ 297.970763][ T6187] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.980368][ T6187] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.990300][ T6187] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 297.999687][ T6187] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 298.312941][ T6204] netlink: 24 bytes leftover after parsing attributes in process `syz.4.80'. [ 299.471863][ T6187] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 299.481665][ T6187] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 299.495255][ T6187] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 299.504643][ T6187] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 299.749762][ T6204] netlink: 'syz.4.80': attribute type 2 has an invalid length. [ 299.757887][ T6204] netlink: 8 bytes leftover after parsing attributes in process `syz.4.80'. [ 300.903494][ T5818] block nbd0: Receive control failed (result -32) [ 302.806582][ T6178] Set syz1 is full, maxelem 65536 reached [ 303.150260][ T6229] loop1: detected capacity change from 0 to 512 [ 304.679485][ T6244] netlink: 12 bytes leftover after parsing attributes in process `syz.4.97'. [ 305.458526][ T6246] veth3: entered promiscuous mode [ 307.237328][ T6269] loop0: detected capacity change from 0 to 512 [ 308.146456][ T6277] netlink: 16 bytes leftover after parsing attributes in process `syz.2.109'. [ 308.316082][ T6278] pim6reg1: entered promiscuous mode [ 308.322035][ T6278] pim6reg1: entered allmulticast mode [ 309.563669][ T6290] netlink: 56 bytes leftover after parsing attributes in process `syz.4.114'. [ 310.380176][ T6300] netlink: 4 bytes leftover after parsing attributes in process `syz.3.122'. [ 310.452224][ T6302] loop2: detected capacity change from 0 to 512 [ 310.466761][ T6301] syzkaller0: entered promiscuous mode [ 310.473201][ T6301] syzkaller0: entered allmulticast mode [ 311.303589][ T6312] netlink: 4 bytes leftover after parsing attributes in process `syz.0.124'. [ 313.741000][ T6341] loop2: detected capacity change from 0 to 512 [ 314.098810][ T6346] netlink: 8 bytes leftover after parsing attributes in process `syz.4.140'. [ 314.119213][ T6346] netlink: 'syz.4.140': attribute type 1 has an invalid length. [ 314.135101][ T6348] ===================================================== [ 314.142713][ T6348] BUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x7e4/0x940 [ 314.151210][ T6348] nf_flow_offload_inet_hook+0x7e4/0x940 [ 314.157108][ T6348] nf_hook_slow+0xde/0x3d0 [ 314.161917][ T6348] __netif_receive_skb_core+0x4aff/0x70c0 [ 314.167924][ T6348] __netif_receive_skb+0xcc/0xac0 [ 314.173371][ T6348] netif_receive_skb+0x57/0x630 [ 314.178627][ T6348] tun_rx_batched+0x1df/0x980 [ 314.183533][ T6348] tun_get_user+0x4ee0/0x6b40 [ 314.188599][ T6348] tun_chr_write_iter+0x3e9/0x5c0 [ 314.193851][ T6348] vfs_write+0xb48/0x1580 [ 314.198703][ T6348] __ia32_sys_write+0x1f9/0x4d0 [ 314.203858][ T6348] ia32_sys_call+0x30f2/0x42c0 [ 314.209170][ T6348] __do_fast_syscall_32+0xb0/0x150 [ 314.214586][ T6348] do_fast_syscall_32+0x38/0x80 [ 314.219891][ T6348] do_SYSENTER_32+0x1f/0x30 [ 314.224789][ T6348] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 314.231549][ T6348] [ 314.234008][ T6348] Uninit was created at: [ 314.238679][ T6348] kmem_cache_alloc_node_noprof+0x818/0xf00 [ 314.244916][ T6348] kmalloc_reserve+0x13c/0x4b0 [ 314.250116][ T6348] __alloc_skb+0x347/0x7d0 [ 314.254788][ T6348] alloc_skb_with_frags+0xc5/0xa60 [ 314.260370][ T6348] sock_alloc_send_pskb+0xad8/0xc70 [ 314.265882][ T6348] tun_get_user+0x1019/0x6b40 [ 314.270981][ T6348] tun_chr_write_iter+0x3e9/0x5c0 [ 314.276245][ T6348] vfs_write+0xb48/0x1580 [ 314.281033][ T6348] __ia32_sys_write+0x1f9/0x4d0 [ 314.286194][ T6348] ia32_sys_call+0x30f2/0x42c0 [ 314.291389][ T6348] __do_fast_syscall_32+0xb0/0x150 [ 314.296793][ T6348] do_fast_syscall_32+0x38/0x80 [ 314.302142][ T6348] do_SYSENTER_32+0x1f/0x30 [ 314.306940][ T6348] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 314.313752][ T6348] [ 314.316277][ T6348] CPU: 0 UID: 0 PID: 6348 Comm: syz.1.139 Not tainted 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(none) [ 314.328585][ T6348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 314.339008][ T6348] ===================================================== [ 314.346111][ T6348] Disabling lock debugging due to kernel taint [ 314.352625][ T6348] Kernel panic - not syncing: kmsan.panic set ... [ 314.359250][ T6348] CPU: 0 UID: 0 PID: 6348 Comm: syz.1.139 Tainted: G B 6.16.0-rc5-syzkaller-00025-gd006330be3f7 #0 PREEMPT(none) [ 314.372965][ T6348] Tainted: [B]=BAD_PAGE [ 314.377254][ T6348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 314.387502][ T6348] Call Trace: [ 314.390933][ T6348] [ 314.394002][ T6348] __dump_stack+0x26/0x30 [ 314.398567][ T6348] dump_stack_lvl+0x53/0x270 [ 314.403392][ T6348] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 314.409462][ T6348] dump_stack+0x1e/0x25 [ 314.413832][ T6348] panic+0x4bd/0xd50 [ 314.418001][ T6348] kmsan_report+0x31c/0x320 [ 314.422745][ T6348] ? __msan_warning+0x1b/0x30 [ 314.427644][ T6348] ? nf_flow_offload_inet_hook+0x7e4/0x940 [ 314.433696][ T6348] ? nf_hook_slow+0xde/0x3d0 [ 314.438551][ T6348] ? __netif_receive_skb_core+0x4aff/0x70c0 [ 314.444750][ T6348] ? __netif_receive_skb+0xcc/0xac0 [ 314.450370][ T6348] ? netif_receive_skb+0x57/0x630 [ 314.455641][ T6348] ? tun_rx_batched+0x1df/0x980 [ 314.460704][ T6348] ? tun_get_user+0x4ee0/0x6b40 [ 314.465773][ T6348] ? tun_chr_write_iter+0x3e9/0x5c0 [ 314.471172][ T6348] ? vfs_write+0xb48/0x1580 [ 314.475920][ T6348] ? __ia32_sys_write+0x1f9/0x4d0 [ 314.481198][ T6348] ? ia32_sys_call+0x30f2/0x42c0 [ 314.486331][ T6348] ? __do_fast_syscall_32+0xb0/0x150 [ 314.491862][ T6348] ? do_fast_syscall_32+0x38/0x80 [ 314.497115][ T6348] ? do_SYSENTER_32+0x1f/0x30 [ 314.502024][ T6348] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 314.508787][ T6348] ? kmsan_get_metadata+0xfb/0x160 [ 314.514174][ T6348] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 314.520249][ T6348] ? __pskb_pull_tail+0x1779/0x2660 [ 314.525723][ T6348] ? kmsan_get_metadata+0xfb/0x160 [ 314.531091][ T6348] __msan_warning+0x1b/0x30 [ 314.535830][ T6348] nf_flow_offload_inet_hook+0x7e4/0x940 [ 314.541724][ T6348] ? kmsan_get_metadata+0xfb/0x160 [ 314.547093][ T6348] ? __pfx_nf_flow_offload_inet_hook+0x10/0x10 [ 314.553491][ T6348] ? __pfx_nf_flow_offload_inet_hook+0x10/0x10 [ 314.559883][ T6348] nf_hook_slow+0xde/0x3d0 [ 314.564564][ T6348] __netif_receive_skb_core+0x4aff/0x70c0 [ 314.570556][ T6348] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 314.576630][ T6348] ? filter_irq_stacks+0x49/0x190 [ 314.581914][ T6348] __netif_receive_skb+0xcc/0xac0 [ 314.587228][ T6348] netif_receive_skb+0x57/0x630 [ 314.592326][ T6348] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 314.598392][ T6348] ? tun_rx_batched+0x16c/0x980 [ 314.603460][ T6348] tun_rx_batched+0x1df/0x980 [ 314.608357][ T6348] ? kmsan_get_metadata+0xfb/0x160 [ 314.613739][ T6348] tun_get_user+0x4ee0/0x6b40 [ 314.618626][ T6348] ? stack_depot_save_flags+0x35/0x7b0 [ 314.624296][ T6348] ? __rcu_read_unlock+0x6d/0xd0 [ 314.629500][ T6348] ? kmsan_get_metadata+0xfb/0x160 [ 314.634843][ T6348] ? kmsan_get_metadata+0xfb/0x160 [ 314.640202][ T6348] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 314.646773][ T6348] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 314.653144][ T6348] tun_chr_write_iter+0x3e9/0x5c0 [ 314.658423][ T6348] vfs_write+0xb48/0x1580 [ 314.663043][ T6348] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 314.668828][ T6348] __ia32_sys_write+0x1f9/0x4d0 [ 314.673942][ T6348] ia32_sys_call+0x30f2/0x42c0 [ 314.678902][ T6348] __do_fast_syscall_32+0xb0/0x150 [ 314.684278][ T6348] do_fast_syscall_32+0x38/0x80 [ 314.689480][ T6348] do_SYSENTER_32+0x1f/0x30 [ 314.694241][ T6348] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 314.700826][ T6348] RIP: 0023:0xf707e539 [ 314.705079][ T6348] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 314.724919][ T6348] RSP: 002b:00000000f504d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 314.733560][ T6348] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800003c0 [ 314.741707][ T6348] RDX: 0000000000000fce RSI: 0000000000000000 RDI: 0000000000000000 [ 314.749861][ T6348] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 314.758020][ T6348] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 314.766272][ T6348] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 314.774586][ T6348] [ 314.778208][ T6348] Kernel Offset: disabled [ 314.782649][ T6348] Rebooting in 86400 seconds..