last executing test programs: 1m13.252452312s ago: executing program 3 (id=447): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="000e000000000000240012800b0001006d616373656300001400028005000c000100010005000b"], 0x44}}, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000001400)=0x0) sendmsg$AUDIT_SET(r0, &(0x7f00000014c0)={&(0x7f00000013c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001480)={&(0x7f0000001440)={0x3c, 0x3e9, 0x202, 0x70bd2b, 0x25dfdbff, {0x9, 0x1, 0x2, r1, 0xfffffffb, 0x1, 0x3, 0xdec, 0x0, 0x761, 0x9487}, ["", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x40080}, 0x20000000) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x0, @vifc_lcl_addr=@rand_addr=0xc0586300, @private=0xffffffff}, 0x10) r3 = socket$kcm(0x10, 0x2, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$PPPIOCATTACH(r4, 0x4004743d, 0x0) sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300090004000600eab556a705251e618294ff938037e786a6d0001000000e4509c5bbcd72c6c953", 0x54}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x80c1) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x11, 0xf, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x39f9, 0x0, 0x0, 0x0, 0x3ff}, [@printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}, @jmp={0x5, 0x1, 0xd, 0x5, 0x4, 0xfffffffffffffff4, 0x10}, @alu={0x4, 0x1, 0x5, 0xa, 0x1, 0x30}, @ldst={0x1, 0xf4deea9d14c30525, 0x2, 0xb, 0x5, 0x20, 0x1}, @call={0x85, 0x0, 0x0, 0xa8}]}, &(0x7f00000001c0)='syzkaller\x00', 0xfff, 0x1000, &(0x7f0000000280)=""/4096, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0xa, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000001280)=[{0x3, 0x2, 0x5, 0xf}, {0x5, 0x1, 0x1, 0x4}, {0x2, 0x4, 0x10, 0xc}], 0x10, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001380)={&(0x7f0000000000)='rpcgss_svc_seqno_low\x00', r5, 0x0, 0x1}, 0x18) 1m1.97190467s ago: executing program 2 (id=1326): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_DEL_MIF(r2, 0x29, 0xc8, 0x0, 0xc000000) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000030700ff02"], 0xfdef) 1m0.684280727s ago: executing program 3 (id=447): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="000e000000000000240012800b0001006d616373656300001400028005000c000100010005000b"], 0x44}}, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000001400)=0x0) sendmsg$AUDIT_SET(r0, &(0x7f00000014c0)={&(0x7f00000013c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001480)={&(0x7f0000001440)={0x3c, 0x3e9, 0x202, 0x70bd2b, 0x25dfdbff, {0x9, 0x1, 0x2, r1, 0xfffffffb, 0x1, 0x3, 0xdec, 0x0, 0x761, 0x9487}, ["", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x40080}, 0x20000000) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x0, @vifc_lcl_addr=@rand_addr=0xc0586300, @private=0xffffffff}, 0x10) r3 = socket$kcm(0x10, 0x2, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$PPPIOCATTACH(r4, 0x4004743d, 0x0) sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300090004000600eab556a705251e618294ff938037e786a6d0001000000e4509c5bbcd72c6c953", 0x54}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x80c1) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x11, 0xf, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x39f9, 0x0, 0x0, 0x0, 0x3ff}, [@printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}, @jmp={0x5, 0x1, 0xd, 0x5, 0x4, 0xfffffffffffffff4, 0x10}, @alu={0x4, 0x1, 0x5, 0xa, 0x1, 0x30}, @ldst={0x1, 0xf4deea9d14c30525, 0x2, 0xb, 0x5, 0x20, 0x1}, @call={0x85, 0x0, 0x0, 0xa8}]}, &(0x7f00000001c0)='syzkaller\x00', 0xfff, 0x1000, &(0x7f0000000280)=""/4096, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0xa, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000001280)=[{0x3, 0x2, 0x5, 0xf}, {0x5, 0x1, 0x1, 0x4}, {0x2, 0x4, 0x10, 0xc}], 0x10, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001380)={&(0x7f0000000000)='rpcgss_svc_seqno_low\x00', r5, 0x0, 0x1}, 0x18) 49.722478738s ago: executing program 2 (id=1326): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_DEL_MIF(r2, 0x29, 0xc8, 0x0, 0xc000000) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000030700ff02"], 0xfdef) 47.811202995s ago: executing program 3 (id=447): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="000e000000000000240012800b0001006d616373656300001400028005000c000100010005000b"], 0x44}}, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000001400)=0x0) sendmsg$AUDIT_SET(r0, &(0x7f00000014c0)={&(0x7f00000013c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001480)={&(0x7f0000001440)={0x3c, 0x3e9, 0x202, 0x70bd2b, 0x25dfdbff, {0x9, 0x1, 0x2, r1, 0xfffffffb, 0x1, 0x3, 0xdec, 0x0, 0x761, 0x9487}, ["", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x40080}, 0x20000000) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x0, @vifc_lcl_addr=@rand_addr=0xc0586300, @private=0xffffffff}, 0x10) r3 = socket$kcm(0x10, 0x2, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$PPPIOCATTACH(r4, 0x4004743d, 0x0) sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300090004000600eab556a705251e618294ff938037e786a6d0001000000e4509c5bbcd72c6c953", 0x54}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x80c1) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x11, 0xf, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x39f9, 0x0, 0x0, 0x0, 0x3ff}, [@printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}, @jmp={0x5, 0x1, 0xd, 0x5, 0x4, 0xfffffffffffffff4, 0x10}, @alu={0x4, 0x1, 0x5, 0xa, 0x1, 0x30}, @ldst={0x1, 0xf4deea9d14c30525, 0x2, 0xb, 0x5, 0x20, 0x1}, @call={0x85, 0x0, 0x0, 0xa8}]}, &(0x7f00000001c0)='syzkaller\x00', 0xfff, 0x1000, &(0x7f0000000280)=""/4096, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0xa, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000001280)=[{0x3, 0x2, 0x5, 0xf}, {0x5, 0x1, 0x1, 0x4}, {0x2, 0x4, 0x10, 0xc}], 0x10, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001380)={&(0x7f0000000000)='rpcgss_svc_seqno_low\x00', r5, 0x0, 0x1}, 0x18) 38.872983904s ago: executing program 2 (id=1326): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_DEL_MIF(r2, 0x29, 0xc8, 0x0, 0xc000000) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000030700ff02"], 0xfdef) 37.136442926s ago: executing program 3 (id=447): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="000e000000000000240012800b0001006d616373656300001400028005000c000100010005000b"], 0x44}}, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000001400)=0x0) sendmsg$AUDIT_SET(r0, &(0x7f00000014c0)={&(0x7f00000013c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001480)={&(0x7f0000001440)={0x3c, 0x3e9, 0x202, 0x70bd2b, 0x25dfdbff, {0x9, 0x1, 0x2, r1, 0xfffffffb, 0x1, 0x3, 0xdec, 0x0, 0x761, 0x9487}, ["", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x40080}, 0x20000000) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x0, @vifc_lcl_addr=@rand_addr=0xc0586300, @private=0xffffffff}, 0x10) r3 = socket$kcm(0x10, 0x2, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$PPPIOCATTACH(r4, 0x4004743d, 0x0) sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300090004000600eab556a705251e618294ff938037e786a6d0001000000e4509c5bbcd72c6c953", 0x54}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x80c1) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x11, 0xf, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x39f9, 0x0, 0x0, 0x0, 0x3ff}, [@printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}, @jmp={0x5, 0x1, 0xd, 0x5, 0x4, 0xfffffffffffffff4, 0x10}, @alu={0x4, 0x1, 0x5, 0xa, 0x1, 0x30}, @ldst={0x1, 0xf4deea9d14c30525, 0x2, 0xb, 0x5, 0x20, 0x1}, @call={0x85, 0x0, 0x0, 0xa8}]}, &(0x7f00000001c0)='syzkaller\x00', 0xfff, 0x1000, &(0x7f0000000280)=""/4096, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0xa, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000001280)=[{0x3, 0x2, 0x5, 0xf}, {0x5, 0x1, 0x1, 0x4}, {0x2, 0x4, 0x10, 0xc}], 0x10, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001380)={&(0x7f0000000000)='rpcgss_svc_seqno_low\x00', r5, 0x0, 0x1}, 0x18) 26.908210575s ago: executing program 2 (id=1326): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_DEL_MIF(r2, 0x29, 0xc8, 0x0, 0xc000000) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000030700ff02"], 0xfdef) 24.350993242s ago: executing program 3 (id=447): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="000e000000000000240012800b0001006d616373656300001400028005000c000100010005000b"], 0x44}}, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000001400)=0x0) sendmsg$AUDIT_SET(r0, &(0x7f00000014c0)={&(0x7f00000013c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001480)={&(0x7f0000001440)={0x3c, 0x3e9, 0x202, 0x70bd2b, 0x25dfdbff, {0x9, 0x1, 0x2, r1, 0xfffffffb, 0x1, 0x3, 0xdec, 0x0, 0x761, 0x9487}, ["", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x40080}, 0x20000000) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x0, @vifc_lcl_addr=@rand_addr=0xc0586300, @private=0xffffffff}, 0x10) r3 = socket$kcm(0x10, 0x2, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$PPPIOCATTACH(r4, 0x4004743d, 0x0) sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300090004000600eab556a705251e618294ff938037e786a6d0001000000e4509c5bbcd72c6c953", 0x54}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x80c1) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x11, 0xf, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x39f9, 0x0, 0x0, 0x0, 0x3ff}, [@printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}, @jmp={0x5, 0x1, 0xd, 0x5, 0x4, 0xfffffffffffffff4, 0x10}, @alu={0x4, 0x1, 0x5, 0xa, 0x1, 0x30}, @ldst={0x1, 0xf4deea9d14c30525, 0x2, 0xb, 0x5, 0x20, 0x1}, @call={0x85, 0x0, 0x0, 0xa8}]}, &(0x7f00000001c0)='syzkaller\x00', 0xfff, 0x1000, &(0x7f0000000280)=""/4096, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0xa, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000001280)=[{0x3, 0x2, 0x5, 0xf}, {0x5, 0x1, 0x1, 0x4}, {0x2, 0x4, 0x10, 0xc}], 0x10, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001380)={&(0x7f0000000000)='rpcgss_svc_seqno_low\x00', r5, 0x0, 0x1}, 0x18) 17.858496392s ago: executing program 2 (id=1326): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_DEL_MIF(r2, 0x29, 0xc8, 0x0, 0xc000000) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000030700ff02"], 0xfdef) 11.287358272s ago: executing program 3 (id=447): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="000e000000000000240012800b0001006d616373656300001400028005000c000100010005000b"], 0x44}}, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000001400)=0x0) sendmsg$AUDIT_SET(r0, &(0x7f00000014c0)={&(0x7f00000013c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001480)={&(0x7f0000001440)={0x3c, 0x3e9, 0x202, 0x70bd2b, 0x25dfdbff, {0x9, 0x1, 0x2, r1, 0xfffffffb, 0x1, 0x3, 0xdec, 0x0, 0x761, 0x9487}, ["", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x40080}, 0x20000000) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x0, @vifc_lcl_addr=@rand_addr=0xc0586300, @private=0xffffffff}, 0x10) r3 = socket$kcm(0x10, 0x2, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$PPPIOCATTACH(r4, 0x4004743d, 0x0) sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300090004000600eab556a705251e618294ff938037e786a6d0001000000e4509c5bbcd72c6c953", 0x54}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x80c1) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x11, 0xf, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x39f9, 0x0, 0x0, 0x0, 0x3ff}, [@printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}, @jmp={0x5, 0x1, 0xd, 0x5, 0x4, 0xfffffffffffffff4, 0x10}, @alu={0x4, 0x1, 0x5, 0xa, 0x1, 0x30}, @ldst={0x1, 0xf4deea9d14c30525, 0x2, 0xb, 0x5, 0x20, 0x1}, @call={0x85, 0x0, 0x0, 0xa8}]}, &(0x7f00000001c0)='syzkaller\x00', 0xfff, 0x1000, &(0x7f0000000280)=""/4096, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0xa, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000001280)=[{0x3, 0x2, 0x5, 0xf}, {0x5, 0x1, 0x1, 0x4}, {0x2, 0x4, 0x10, 0xc}], 0x10, 0x4, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001380)={&(0x7f0000000000)='rpcgss_svc_seqno_low\x00', r5, 0x0, 0x1}, 0x18) 6.49682983s ago: executing program 4 (id=2438): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @private1}, 0x1c) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r1, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x4e22, 0x0, @private1}, 0x1c) r2 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r2, &(0x7f0000000040)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e24, 0x800, @dev={0xfe, 0x80, '\x00', 0x19}, 0x1c4}}, 0x24) setsockopt$RXRPC_SECURITY_KEY(r2, 0x110, 0x1, &(0x7f0000000100)='\x00', 0x1) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@multicast, @random="5bd4106c8772", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x3, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010300, @local}, @info_reply={0xd, 0x0, 0x0, 0xfffe}}}}}, 0x0) 6.249974053s ago: executing program 2 (id=1326): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_DEL_MIF(r2, 0x29, 0xc8, 0x0, 0xc000000) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000030700ff02"], 0xfdef) 4.523547692s ago: executing program 4 (id=2444): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'virt_wifi0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'hsr0\x00', 0x0}) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000040), &(0x7f0000000000)=0x8) r5 = socket$rds(0x15, 0x5, 0x0) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) r7 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000040)=@assoc_value={r8, 0x200}, 0x8) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r4, 0x84, 0x6c, &(0x7f0000000380)={r8, 0xb2, "bc7f40aab4a45d66be316a48235fe87fac0c9a993796dabd56c33b0400c78a0789bc1b05672f6c9711f62b1965bde1a1eafda2c63df5e6b3a87328c088bb766c7860da3402ad1c10a0eb09596c85356a11ee9c7d89d748d0793c4db61c40fba0e8d123e8b87dd36c1b82b65db0792a1a662a8e8999b6d7e6ee69778caa70981b431f78e611f84aed68851951a871502ba5c8fc392ee9db820bbf59209fdbc2c31c182f5efe0d4cfeb5cbabaf10429ae8e5af"}, &(0x7f0000000440)=0xba) bind$rds(r5, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r5, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000180)=[@mask_cswp={0x58, 0x114, 0x9, {{}, &(0x7f0000000080), 0x0}}, @mask_cswp={0x58, 0x114, 0x9, {{0x5, 0x9}, 0x0, 0x0, 0x2, 0x100000000, 0x9, 0xff, 0x1, 0x4}}], 0xb0}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r2}, @IFLA_HSR_SLAVE1={0x8, 0x1, r3}]}}}]}, 0x40}}, 0x0) r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180), r0) sendmsg$DEVLINK_CMD_SB_PORT_POOL_SET(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x108, r9, 0x300, 0x70bd25, 0x25dfdbfb, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0xfff7}, {0x8, 0x15, 0x7}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xce}, {0x6}, {0x8, 0x15, 0x400}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x4}, {0x6, 0x11, 0x7}, {0x8, 0x15, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x80000000}, {0x6, 0x11, 0x8000}, {0x8, 0x15, 0x8}}]}, 0x108}, 0x1, 0x0, 0x0, 0x24040800}, 0x20) 3.540082044s ago: executing program 4 (id=2448): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) writev(r2, &(0x7f0000000040)=[{&(0x7f0000000100)="89e7ee2c78dad9b4b473fec90806", 0xe}, {&(0x7f00000006c0)="9c74dfbf77572856c809ff86bb648daf351a32add8d0d5198377e7af19", 0x1d}], 0x2) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev}, 0x14) r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r6, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) recvmsg$kcm(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000640)=""/225, 0xe1}, {&(0x7f0000000740)=""/233, 0xe9}, {&(0x7f0000002180)=""/4090, 0xffa}, {&(0x7f0000000000)=""/120, 0x78}, {&(0x7f0000000400)=""/261, 0x105}, {&(0x7f00000020c0)=""/155, 0x9b}, {&(0x7f0000000300)=""/194, 0xc2}, {&(0x7f0000000a00)=""/196, 0xc4}], 0x8}, 0x40002002) close(r5) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000ff00000000"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) socket$inet6_sctp(0xa, 0x5, 0x84) socket$kcm(0x10, 0x2, 0x0) r7 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000380)={'bond0\x00'}) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r9, &(0x7f0000000280)="ca", &(0x7f0000000000)=""/3, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r9, &(0x7f0000000140), &(0x7f0000000000)=""/6, 0x2}, 0x20) 1.595624351s ago: executing program 0 (id=2456): r0 = accept$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @remote}, &(0x7f0000000040)=0x10) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000080)="03d42606ba3a4bd2c06e5131f3aabc8a41da014373c246b54050811138256fa7f33fe1d9a57461c345c9936caea0e474a6439ea715408bc8c44827f16aba622e0a1863a47ce75a09e83d9d9e0a89090095caf8da79e09974876b433708aad9de22e7ee0bbb", 0x65) 1.529496045s ago: executing program 0 (id=2458): setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, 0x0, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r0, &(0x7f0000000280)='7', 0x1, 0x0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket(0x2a, 0x2, 0x0) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0x8, 0x9}}, [@filter_kind_options=@f_u32={{0x8}, {0x14, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x100}, @TCA_U32_FLAGS={0x8, 0xb, 0x2}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4010}, 0x4000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x4004}, 0x800) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000480)=[@in6={0xa, 0x4e20, 0x0, @loopback}], 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e20, @loopback}]}, &(0x7f00000002c0)=0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) 1.526155823s ago: executing program 4 (id=2459): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000)) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f00000000c0)={0xffffffffffffffff, 0x4b7, 0x9, 0x31}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000200)={'syztnl2\x00', &(0x7f0000000280)={'syztnl2\x00', r0, 0x2f, 0x6f, 0x13, 0x5, 0x5d, @remote, @mcast1, 0x700, 0x80, 0x6}}) ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f0000000140)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x8, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bpq0, 0x2, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @bcast]}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=@ipv4_newroute={0x28, 0x18, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@RTA_METRICS={0x4}, @RTA_NH_ID={0x8, 0x1e, 0x3}]}, 0x28}}, 0x0) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r4, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r5, 0x0, 0x7, &(0x7f0000000000)=0x714, 0x4) syz_emit_ethernet(0x52, &(0x7f0000000100)={@broadcast, @dev, @void, {@ipv4={0x800, @icmp={{0xc, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, {[@timestamp_addr={0x44, 0x1c, 0xe, 0x1, 0x0, [{@dev}, {@multicast2}, {@local}]}]}}, @timestamp}}}}, 0x0) readv(r5, &(0x7f00000007c0)=[{&(0x7f0000000080)=""/92, 0x5c}], 0x1) r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r6, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @null}, 0x1c) syz_init_net_socket$ax25(0x3, 0x2, 0xce) connect$rose(r6, &(0x7f0000000240)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, 0x1, @null}, 0x1c) setsockopt$rose(r2, 0x104, 0x2, &(0x7f00000001c0)=0x1, 0x4) socket(0x18, 0x0, 0xc18895e) socket$nl_netfilter(0x10, 0x3, 0xc) 1.270191874s ago: executing program 1 (id=2460): socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x15e, &(0x7f00000003c0)={@random="e33110495bfd", @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x128, 0x3a, 0xff, @dev, @local, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @rand_addr=' \x01\x00', @private1, [{0x4, 0x20, "9595f429ae08a565c9a41d413a70a44d2e6f790a3872d50bb14d25344dc5b3a281f175f5ee04aab21301b94d966c72c15a143c69205625466855101cf44d89d9f6ee47d77c0d4e53e34b67c542fc6f6f6c60139c43b78286f5bb8f4f11d164af24e2633a45bf4ed944b0ef6a7b7167f73cf54e78686ac09402659c29eb0ce380654c1bb0f61d255b1556b7a311096b7aab867396997ffab76abca01185b08d1e29ee14d8fe61245487104b1c5205c6adc794ba413b92d2d208b86f40983c4819c33b59c1abe2a4b0aa661fcb54e0855d6bb5dd267878ff59bcfc6079e7a5e0135118be22dc6c97e730f7053d6ec34ca11b5c7c3830af6b26868600f042ff"}]}}}}}}, 0x0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES16=r0, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32, @ANYBLOB="04005b000600650040000000f132a6af0a9cc9154290f26d917c4fc6b2310aec846ec82e7480decaa26c244fb23940bc435c"], 0x28}}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$kcm(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r2, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xdd86, r4}, 0x80, &(0x7f00000004c0)=[{&(0x7f00000000c0)="0007651418074527f383b008e589483581680af78ee43bf434222a85898f243cd2ae74beffd66e5e2d0fd007a19decaaca5223206d0818b50f1e8cee8f889f0b16402040e6f82c460c479217d2fcfc2d3dd8a73c148a4dee27b2cda1cefe1a45092bf7aa7efa93b4f7109ffc9d36507aa62257edd455d2a6deb1b874ddf1bcb8c30f7a622392ed5b506d5fd7057b7e6252a05e51d299b5dc4d75d2350ebd0d9b4a40ff2cc8d59804fa6390824143cb649ef7b2faaacad8883197f16a1d017a8a5c90e1a95a455cab5f1d2a26747ec5b60fbee4aa95f4", 0xd6}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x0) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(0xffffffffffffffff, 0x4008941a, &(0x7f00000005c0)) 1.239070432s ago: executing program 1 (id=2461): r0 = socket$inet_sctp(0x2, 0x1, 0x84) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f00000020c0)={{0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x306, @multicast}, 0x2, {0x2, 0x4e20, @multicast2}, 'netpci0\x00'}) 1.17006589s ago: executing program 1 (id=2462): setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x6, 0x2, 0xff, 0xc, 0x10}, 0x20) (async, rerun: 32) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) (rerun: 32) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl(r0, 0x8b32, &(0x7f0000000040)) (async) r1 = socket$netlink(0x10, 0x3, 0x0) (async) r2 = socket$netlink(0x10, 0x3, 0x0) (async) r3 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) (async) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) (async) socket(0x15, 0x80000, 0x37d8) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0xffffff1f, 0xfffffffc, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x40}}, 0x0) 1.026182457s ago: executing program 1 (id=2463): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x1e000000, &(0x7f0000000780)={&(0x7f0000000f00)=ANY=[@ANYBLOB="300000001800dd8d0088a80000000000020000000000000900000000060015000a0000000c00168008000100bc"], 0x30}}, 0x0) 931.758758ms ago: executing program 1 (id=2464): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @none}, 0xe) socket(0x40000000015, 0x5, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x9323, 0xfffffffffffffffe, 0x0, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x7dc48146, 0x7fffffff, 0x5539e0cf}, 0x0, 0x0) (fail_nth: 3) listen(r0, 0x0) 612.99003ms ago: executing program 4 (id=2465): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb5d07081196f37538e486dd6372ce22667f2b00dbf6e97158b33d4fec877f1b6d76745b686158bbcfe8875afdef00010000000029"], 0x66) 562.672266ms ago: executing program 0 (id=2466): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, 0x0, 0x20, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4040814}, 0xc1) 509.956292ms ago: executing program 0 (id=2467): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r1, &(0x7f0000000580)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x47}, 0x80, &(0x7f0000000d80)=[{&(0x7f0000000000)="5a5a5718fb956db600000000888e", 0xe}], 0x1}, 0x90) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="480000001400010000000000000000000a000000", @ANYRES32, @ANYBLOB="14000100ff010000000000400000000000000001140006000000000065000000000000000000000008000b"], 0x48}}, 0x0) 301.28481ms ago: executing program 4 (id=2468): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000000600000083000000bf0000000000000055090100000000009500000000000000b7080000000000007b8af8ff000080fbb70800000b000010000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7", @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYBLOB="00000000000001018510000007", @ANYRES32=0x1, @ANYBLOB="0000000000000000b70200000000000085000000860000001840000006"], 0x0, 0xe, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x169a0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x1, @void, @value}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r6) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a0001007678"], 0x50}}, 0x4000000) syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @link_local, @void, {@ipv4={0x8035, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) r9 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r9, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffb}]}, &(0x7f0000000140)=0x10) syz_emit_ethernet(0x3b6, &(0x7f00000003c0)=ANY=[@ANYBLOB="bbbbbbbbbbbb"], 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000003c0), 0x4f) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r9, 0x84, 0x7a, &(0x7f0000000340)={r10, @in6={{0xa, 0x3, 0x0, @dev={0xfe, 0x80, '\x00', 0x36}}}}, &(0x7f0000000040)=0x84) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=ANY=[@ANYBLOB="98030000", @ANYRES16=r7, @ANYBLOB="010028057000fcdbdf253b00000008000300208ed6fe7179462b5d271351910792cf8091df0c7a68cc9d3039b2457b81146300a9cc0afec40f81076e266e9babddc798baed86e9d03d577dc8b4315295da7fdb33c070e371f09427c7ae2c1db50f9606964e67ed8eaf15f6f18abebc91b5e3ea474c9e0e532844931027e40e7521656241411c142d88a2944919c7f6457189f4537991b926c1bcf4bf46160dd7584d5615363c8f867441db74a80cea2cff62eb21e86c9aa7d07c219ce753a972058b111f0177c092cb0192e636011759004e09e75900", @ANYRES32=r8, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0) 246.436005ms ago: executing program 0 (id=2469): syz_emit_ethernet(0x2a, &(0x7f0000000000)={@multicast, @random="5bd4106c8772", @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x8, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xb}, @remote, @multicast, @multicast2}}}}, 0x0) 103.163076ms ago: executing program 0 (id=2470): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) shutdown(r1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000340)={0x1d, r4, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000340)={0x1d, r5, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) setsockopt$SO_J1939_FILTER(r3, 0x6b, 0x1, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r5, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850) setsockopt$inet6_int(r0, 0x29, 0x43, &(0x7f0000000140)=0x9, 0x4) sendto$inet6(r0, &(0x7f0000000040)='H', 0xffe0, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x9, @loopback}, 0x1c) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2400005}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x24, r8, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x24040000) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newtaction={0x48, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0x34, 0x1, [@m_ctinfo={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4, 0x2, 0x0, 0x0}, {0x4}, {0xc}, {0xc}}}]}]}, 0x48}}, 0x0) 0s ago: executing program 1 (id=2471): socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x15e, &(0x7f00000003c0)={@random="e33110495bfd", @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x128, 0x3a, 0xff, @dev, @local, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @rand_addr=' \x01\x00', @private1, [{0x4, 0x20, "9595f429ae08a565c9a41d413a70a44d2e6f790a3872d50bb14d25344dc5b3a281f175f5ee04aab21301b94d966c72c15a143c69205625466855101cf44d89d9f6ee47d77c0d4e53e34b67c542fc6f6f6c60139c43b78286f5bb8f4f11d164af24e2633a45bf4ed944b0ef6a7b7167f73cf54e78686ac09402659c29eb0ce380654c1bb0f61d255b1556b7a311096b7aab867396997ffab76abca01185b08d1e29ee14d8fe61245487104b1c5205c6adc794ba413b92d2d208b86f40983c4819c33b59c1abe2a4b0aa661fcb54e0855d6bb5dd267878ff59bcfc6079e7a5e0135118be22dc6c97e730f7053d6ec34ca11b5c7c3830af6b26868600f042ff"}]}}}}}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES16, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32, @ANYBLOB="04005b000600650040000000f132a6af0a9cc9154290f26d917c4fc6b2310aec846ec82e7480decaa26c244fb23940bc435c"], 0x28}}, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$kcm(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r1, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xdd86, r3}, 0x80, &(0x7f00000004c0)=[{&(0x7f00000000c0)="0007651418074527f383b008e589483581680af78ee43bf434222a85898f243cd2ae74beffd66e5e2d0fd007a19decaaca5223206d0818b50f1e8cee8f889f0b16402040e6f82c460c479217d2fcfc2d3dd8a73c148a4dee27b2cda1cefe1a45092bf7aa7efa93b4f7109ffc9d36507aa62257edd455d2a6deb1b874ddf1bcb8c30f7a622392ed5b506d5fd7057b7e6252a05e51d299b5dc4d75d2350ebd0d9b4a40ff2cc8d59804fa6390824143cb649ef7b2faaacad8883197f16a1d017a8a5c90e1a95a455cab5f1d2a26747ec5b60fbee4aa95f4", 0xd6}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x0) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(0xffffffffffffffff, 0x4008941a, &(0x7f00000005c0)) kernel console output (not intermixed with test programs): slave_1 [ 307.927414][T12929] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 307.949013][T12929] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 307.981072][T12929] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.982661][T13194] netlink: 'syz.0.1968': attribute type 10 has an invalid length. [ 308.001681][T12929] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.014973][T13194] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1968'. [ 308.027559][T12929] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.041373][T12929] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 308.085902][T13194] dummy0: entered promiscuous mode [ 308.095020][T13194] bridge0: port 1(dummy0) entered blocking state [ 308.111507][T13194] bridge0: port 1(dummy0) entered disabled state [ 308.124447][T13194] dummy0: entered allmulticast mode [ 308.141176][T13199] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1970'. [ 308.379803][ T4570] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 308.407647][ T4570] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 308.439722][T13213] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1971'. [ 308.561611][ T4570] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 308.589209][ T4570] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 308.654502][T13220] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1975'. [ 308.693909][T12965] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 308.850852][T12965] veth0_vlan: entered promiscuous mode [ 308.868206][T12965] veth1_vlan: entered promiscuous mode [ 308.884953][T13226] No such timeout policy "syz0" [ 308.959439][T12965] veth0_macvtap: entered promiscuous mode [ 308.976326][T12965] veth1_macvtap: entered promiscuous mode [ 309.009817][T12965] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 309.022679][T12965] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.035290][T12965] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 309.057721][T12965] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.080574][T12965] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 309.176931][ T5835] Bluetooth: hci2: command tx timeout [ 309.219678][T12965] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 309.261965][T12965] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.272406][T12965] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 309.283391][T12965] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 309.295174][T12965] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 309.351666][ T36] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 309.382654][T12965] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.397631][T12965] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.406402][T12965] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.425172][T12965] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 309.465228][ T36] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 309.554456][ T36] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 309.577647][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 309.585523][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 309.621160][ T36] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 309.654914][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 309.663581][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 309.802259][ T36] bridge_slave_1: left allmulticast mode [ 309.808257][ T36] bridge_slave_1: left promiscuous mode [ 309.813994][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 309.823905][ T36] bridge_slave_0: left allmulticast mode [ 309.830826][ T36] bridge_slave_0: left promiscuous mode [ 309.836589][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 310.137184][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 310.149047][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 310.159235][ T36] bond0 (unregistering): Released all slaves [ 310.672234][ T36] hsr_slave_0: left promiscuous mode [ 310.691746][ T36] hsr_slave_1: left promiscuous mode [ 310.708602][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 310.716097][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 310.742590][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 310.757757][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 310.798060][ T5140] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 310.807521][ T5140] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 310.816384][ T5140] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 310.816886][ T36] veth1_macvtap: left promiscuous mode [ 310.825985][ T5140] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 310.833772][ T36] veth0_macvtap: left promiscuous mode [ 310.836769][ T5140] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 310.843688][ T36] veth1_vlan: left promiscuous mode [ 310.858879][ T36] veth0_vlan: left promiscuous mode [ 311.266399][ T36] team0 (unregistering): Port device team_slave_1 removed [ 311.305817][ T36] team0 (unregistering): Port device team_slave_0 removed [ 311.862897][T13242] chnl_net:caif_netlink_parms(): no params data found [ 311.972029][T13242] bridge0: port 1(bridge_slave_0) entered blocking state [ 311.981104][T13242] bridge0: port 1(bridge_slave_0) entered disabled state [ 311.988682][T13242] bridge_slave_0: entered allmulticast mode [ 311.995866][T13242] bridge_slave_0: entered promiscuous mode [ 312.004782][T13242] bridge0: port 2(bridge_slave_1) entered blocking state [ 312.012342][T13242] bridge0: port 2(bridge_slave_1) entered disabled state [ 312.019842][T13242] bridge_slave_1: entered allmulticast mode [ 312.027072][T13242] bridge_slave_1: entered promiscuous mode [ 312.067095][T13242] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 312.079712][T13242] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 312.119454][T13242] team0: Port device team_slave_0 added [ 312.134443][T13242] team0: Port device team_slave_1 added [ 312.164030][ T36] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.206938][T13242] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 312.214354][T13242] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 312.246530][T13242] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 312.259673][T13242] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 312.266664][T13242] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 312.293885][T13242] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 312.339034][ T36] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.368390][T13252] netlink: 'syz.4.1985': attribute type 18 has an invalid length. [ 312.466852][T13252] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 312.476289][T13252] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 312.485483][T13252] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 312.494343][T13252] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 312.508407][T13259] __nla_validate_parse: 1 callbacks suppressed [ 312.508426][T13259] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1983'. [ 312.560537][T13258] xt_TPROXY: Can be used only with -p tcp or -p udp [ 312.591462][ T36] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.652556][T13266] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1987'. [ 312.664882][T13242] hsr_slave_0: entered promiscuous mode [ 312.675385][T13242] hsr_slave_1: entered promiscuous mode [ 312.736861][ T36] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.870606][T13272] FAULT_INJECTION: forcing a failure. [ 312.870606][T13272] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 312.902800][T13272] CPU: 0 UID: 0 PID: 13272 Comm: syz.1.1988 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 312.902832][T13272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 312.902845][T13272] Call Trace: [ 312.902852][T13272] [ 312.902861][T13272] dump_stack_lvl+0x189/0x250 [ 312.902900][T13272] ? __pfx_dump_stack_lvl+0x10/0x10 [ 312.902929][T13272] ? __pfx__printk+0x10/0x10 [ 312.902964][T13272] should_fail_ex+0x414/0x560 [ 312.903001][T13272] _copy_from_user+0x2d/0xb0 [ 312.903030][T13272] bpf_test_init+0xf8/0x170 [ 312.903055][T13272] bpf_prog_test_run_skb+0x1e9/0x1560 [ 312.903075][T13272] ? __fget_files+0x2a/0x420 [ 312.903104][T13272] ? __fget_files+0x2a/0x420 [ 312.903139][T13272] ? __pfx_bpf_prog_test_run_skb+0x10/0x10 [ 312.903160][T13272] bpf_prog_test_run+0x2a9/0x340 [ 312.903190][T13272] __sys_bpf+0x4a4/0x860 [ 312.903217][T13272] ? __pfx___sys_bpf+0x10/0x10 [ 312.903255][T13272] ? ksys_write+0x1f0/0x250 [ 312.903276][T13272] ? rcu_is_watching+0x15/0xb0 [ 312.903318][T13272] __x64_sys_bpf+0x7c/0x90 [ 312.903340][T13272] do_syscall_64+0xf6/0x210 [ 312.903365][T13272] ? clear_bhb_loop+0x45/0xa0 [ 312.903389][T13272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 312.903408][T13272] RIP: 0033:0x7f51df58e969 [ 312.903425][T13272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 312.903442][T13272] RSP: 002b:00007f51e0428038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 312.903463][T13272] RAX: ffffffffffffffda RBX: 00007f51df7b6160 RCX: 00007f51df58e969 [ 312.903477][T13272] RDX: 0000000000000048 RSI: 0000200000000080 RDI: 000000000000000a [ 312.903490][T13272] RBP: 00007f51e0428090 R08: 0000000000000000 R09: 0000000000000000 [ 312.903502][T13272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 312.903514][T13272] R13: 0000000000000000 R14: 00007f51df7b6160 R15: 00007ffe800b4518 [ 312.903546][T13272] [ 313.142004][ T5140] Bluetooth: hci0: command tx timeout [ 313.166976][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 313.189426][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 313.214198][ T5835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 313.282277][ T5835] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 313.289977][ T36] bridge_slave_1: left allmulticast mode [ 313.296069][ T36] bridge_slave_1: left promiscuous mode [ 313.302438][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.314226][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 313.355184][ T36] bridge_slave_0: left allmulticast mode [ 313.366928][ T36] bridge_slave_0: left promiscuous mode [ 313.376757][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 313.401245][T13283] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1991'. [ 313.796842][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 313.808426][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 313.819079][ T36] bond0 (unregistering): Released all slaves [ 313.854747][T13283] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1991'. [ 313.887446][T13283] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check. [ 314.315821][T13310] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1999'. [ 314.363942][ T36] hsr_slave_0: left promiscuous mode [ 314.379114][ T36] hsr_slave_1: left promiscuous mode [ 314.385692][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 314.393364][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 314.401563][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 314.412616][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 314.440862][ T36] veth1_macvtap: left promiscuous mode [ 314.451295][T13309] netlink: zone id is out of range [ 314.458379][ T36] veth0_macvtap: left promiscuous mode [ 314.474296][ T36] veth1_vlan: left promiscuous mode [ 314.490851][ T36] veth0_vlan: left promiscuous mode [ 314.990318][ T36] team0 (unregistering): Port device team_slave_1 removed [ 315.030113][ T36] team0 (unregistering): Port device team_slave_0 removed [ 315.247548][ T5835] Bluetooth: hci0: command tx timeout [ 315.395547][T13312] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR [ 315.397702][ T5835] Bluetooth: hci2: command tx timeout [ 315.552162][T13334] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2004'. [ 315.693276][T13341] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2005'. [ 315.716719][T13242] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 315.731113][T13341] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2005'. [ 315.787057][T13345] netlink: 'syz.4.2007': attribute type 1 has an invalid length. [ 315.822682][T13341] gretap1: entered promiscuous mode [ 315.829713][T13341] gretap1: entered allmulticast mode [ 315.837064][T13242] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 315.916883][T13274] chnl_net:caif_netlink_parms(): no params data found [ 315.955439][T13242] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 316.006525][T13242] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 316.142576][T13274] bridge0: port 1(bridge_slave_0) entered blocking state [ 316.150268][T13274] bridge0: port 1(bridge_slave_0) entered disabled state [ 316.159162][T13274] bridge_slave_0: entered allmulticast mode [ 316.166485][T13274] bridge_slave_0: entered promiscuous mode [ 316.203043][T13274] bridge0: port 2(bridge_slave_1) entered blocking state [ 316.210966][T13274] bridge0: port 2(bridge_slave_1) entered disabled state [ 316.218266][T13274] bridge_slave_1: entered allmulticast mode [ 316.225523][T13274] bridge_slave_1: entered promiscuous mode [ 316.253253][T13364] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2012'. [ 316.304739][T13274] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 316.322939][T13274] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 316.376372][T13274] team0: Port device team_slave_0 added [ 316.407100][T13274] team0: Port device team_slave_1 added [ 316.469359][T13274] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 316.477013][T13274] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 316.503845][T13274] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 316.524929][T13274] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 316.532240][T13274] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 316.559166][T13274] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 316.667131][T13274] hsr_slave_0: entered promiscuous mode [ 316.675565][T13274] hsr_slave_1: entered promiscuous mode [ 316.684315][T13274] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 316.692295][T13274] Cannot create hsr debugfs directory [ 316.730860][T13242] 8021q: adding VLAN 0 to HW filter on device bond0 [ 316.861625][T13242] 8021q: adding VLAN 0 to HW filter on device team0 [ 316.932789][ T4570] bridge0: port 1(bridge_slave_0) entered blocking state [ 316.940035][ T4570] bridge0: port 1(bridge_slave_0) entered forwarding state [ 316.985347][T13379] FAULT_INJECTION: forcing a failure. [ 316.985347][T13379] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 316.999492][T13379] CPU: 1 UID: 0 PID: 13379 Comm: syz.1.2018 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 316.999522][T13379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 316.999534][T13379] Call Trace: [ 316.999542][T13379] [ 316.999552][T13379] dump_stack_lvl+0x189/0x250 [ 316.999584][T13379] ? __lock_acquire+0xaac/0xd20 [ 316.999615][T13379] ? __pfx_dump_stack_lvl+0x10/0x10 [ 316.999644][T13379] ? __pfx__printk+0x10/0x10 [ 316.999664][T13379] ? __might_fault+0xb0/0x130 [ 316.999702][T13379] should_fail_ex+0x414/0x560 [ 316.999739][T13379] _copy_from_user+0x2d/0xb0 [ 316.999766][T13379] ___sys_sendmsg+0x158/0x2a0 [ 316.999795][T13379] ? __pfx____sys_sendmsg+0x10/0x10 [ 316.999861][T13379] ? __fget_files+0x2a/0x420 [ 316.999886][T13379] ? __fget_files+0x3a0/0x420 [ 316.999921][T13379] __x64_sys_sendmsg+0x19b/0x260 [ 316.999950][T13379] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 316.999992][T13379] ? do_syscall_64+0xba/0x210 [ 317.000015][T13379] do_syscall_64+0xf6/0x210 [ 317.000036][T13379] ? clear_bhb_loop+0x45/0xa0 [ 317.000056][T13379] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.000073][T13379] RIP: 0033:0x7f51df58e969 [ 317.000089][T13379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 317.000104][T13379] RSP: 002b:00007f51e046a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 317.000133][T13379] RAX: ffffffffffffffda RBX: 00007f51df7b5fa0 RCX: 00007f51df58e969 [ 317.000147][T13379] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 317.000158][T13379] RBP: 00007f51e046a090 R08: 0000000000000000 R09: 0000000000000000 [ 317.000170][T13379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 317.000181][T13379] R13: 0000000000000000 R14: 00007f51df7b5fa0 R15: 00007ffe800b4518 [ 317.000209][T13379] [ 317.212628][ T1307] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.219880][ T1307] bridge0: port 2(bridge_slave_1) entered forwarding state [ 317.270900][T13384] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2020'. [ 317.280648][T13384] openvswitch: netlink: nsh attr 0 has unexpected len 32764 expected 0 [ 317.289394][T13384] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 317.320713][ T5835] Bluetooth: hci0: command tx timeout [ 317.378340][T13386] netlink: 'syz.1.2021': attribute type 4 has an invalid length. [ 317.486696][ T5835] Bluetooth: hci2: command tx timeout [ 317.900530][T13274] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 317.932619][T13274] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 317.967498][T13274] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 317.981414][T13274] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 318.005051][T13242] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 318.148660][T13242] veth0_vlan: entered promiscuous mode [ 318.190721][T13242] veth1_vlan: entered promiscuous mode [ 318.287848][T13274] 8021q: adding VLAN 0 to HW filter on device bond0 [ 318.326180][T13426] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2034'. [ 318.336692][T13242] veth0_macvtap: entered promiscuous mode [ 318.366784][T13242] veth1_macvtap: entered promiscuous mode [ 318.370525][T13426] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2034'. [ 318.395230][T13274] 8021q: adding VLAN 0 to HW filter on device team0 [ 318.403551][T13428] tipc: Started in network mode [ 318.409976][T13428] tipc: Node identity 4, cluster identity 4711 [ 318.416337][T13428] tipc: Node number set to 4 [ 318.425112][ T9353] tipc: Subscription rejected, illegal request [ 318.434506][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.441857][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 318.499633][T13242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 318.525316][T13242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.540177][T13242] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 318.554000][ T4570] bridge0: port 2(bridge_slave_1) entered blocking state [ 318.561229][ T4570] bridge0: port 2(bridge_slave_1) entered forwarding state [ 318.614447][T13242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 318.657402][T13242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 318.688175][T13242] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 318.758617][T13242] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.768712][T13242] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.781777][T13242] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.792040][T13242] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 318.824386][T13441] netlink: 'syz.1.2039': attribute type 1 has an invalid length. [ 318.842127][T13441] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.2039'. [ 319.173481][ T1307] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 319.178344][T13462] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2043'. [ 319.194567][ T1307] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 319.195744][T13462] openvswitch: netlink: nsh attr 0 has unexpected len 32764 expected 0 [ 319.211270][T13462] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 319.407547][ T5835] Bluetooth: hci0: command tx timeout [ 319.567803][ T5835] Bluetooth: hci2: command tx timeout [ 320.626696][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 320.637370][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 320.681330][T13274] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 320.779313][T13473] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2047'. [ 320.788481][T13476] FAULT_INJECTION: forcing a failure. [ 320.788481][T13476] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 320.822504][T13473] netlink: 'syz.0.2047': attribute type 1 has an invalid length. [ 320.844125][T13476] CPU: 0 UID: 0 PID: 13476 Comm: syz.4.2048 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 320.844155][T13476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 320.844167][T13476] Call Trace: [ 320.844175][T13476] [ 320.844184][T13476] dump_stack_lvl+0x189/0x250 [ 320.844215][T13476] ? __lock_acquire+0xaac/0xd20 [ 320.844245][T13476] ? __pfx_dump_stack_lvl+0x10/0x10 [ 320.844273][T13476] ? __pfx__printk+0x10/0x10 [ 320.844292][T13476] ? __might_fault+0xb0/0x130 [ 320.844328][T13476] should_fail_ex+0x414/0x560 [ 320.844364][T13476] _copy_from_user+0x2d/0xb0 [ 320.844390][T13476] __sys_connect+0x123/0x440 [ 320.844411][T13476] ? __fget_files+0x3a0/0x420 [ 320.844437][T13476] ? __pfx___sys_connect+0x10/0x10 [ 320.844481][T13476] __x64_sys_connect+0x7a/0x90 [ 320.844503][T13476] do_syscall_64+0xf6/0x210 [ 320.844527][T13476] ? clear_bhb_loop+0x45/0xa0 [ 320.844551][T13476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.844570][T13476] RIP: 0033:0x7f4eecf8e969 [ 320.844586][T13476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.844602][T13476] RSP: 002b:00007f4eeddb0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 320.844622][T13476] RAX: ffffffffffffffda RBX: 00007f4eed1b5fa0 RCX: 00007f4eecf8e969 [ 320.844636][T13476] RDX: 000000000000001c RSI: 00002000000001c0 RDI: 0000000000000003 [ 320.844647][T13476] RBP: 00007f4eeddb0090 R08: 0000000000000000 R09: 0000000000000000 [ 320.844659][T13476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 320.844670][T13476] R13: 0000000000000000 R14: 00007f4eed1b5fa0 R15: 00007ffdc798a778 [ 320.844699][T13476] [ 320.860669][T13473] netlink: 'syz.0.2047': attribute type 1 has an invalid length. [ 320.982274][T13274] veth0_vlan: entered promiscuous mode [ 321.023410][T13473] netlink: 'syz.0.2047': attribute type 2 has an invalid length. [ 321.047139][T13473] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2047'. [ 321.092621][T13274] veth1_vlan: entered promiscuous mode [ 321.200833][T13484] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2051'. [ 321.230371][T13274] veth0_macvtap: entered promiscuous mode [ 321.261604][T13274] veth1_macvtap: entered promiscuous mode [ 321.269047][T13490] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2051'. [ 321.310829][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 321.337361][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 321.356355][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 321.370754][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 321.383394][T13274] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 321.446037][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 321.459310][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 321.469776][T13274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 321.483759][T13274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 321.495409][T13274] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 321.514280][T13274] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.530159][T13274] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.542579][T13274] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.554013][T13274] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 321.637879][ T5835] Bluetooth: hci2: command tx timeout [ 321.753724][ T36] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.854927][ T1315] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 321.882377][ T1315] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 321.933123][ T36] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.996613][ T1315] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 322.004906][ T1315] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 322.070604][ T36] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.146031][ T36] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.263107][ T36] bridge_slave_1: left allmulticast mode [ 322.271889][ T36] bridge_slave_1: left promiscuous mode [ 322.278380][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 322.290352][ T36] bridge_slave_0: left allmulticast mode [ 322.296037][ T36] bridge_slave_0: left promiscuous mode [ 322.302373][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 322.609094][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 322.620952][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 322.631976][ T36] bond0 (unregistering): Released all slaves [ 322.766247][ C0] vxcan0: j1939_tp_rxtimer: 0xffff888020b7f800: rx timeout, send abort [ 322.774913][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff888020b7f800: 0x3ff01: (3) A timeout occurred and this is the connection abort to close the session. [ 322.959905][ T36] hsr_slave_0: left promiscuous mode [ 322.967025][ T36] hsr_slave_1: left promiscuous mode [ 322.976857][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 322.985324][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 322.993796][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 323.002263][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 323.072176][ T36] veth1_macvtap: left promiscuous mode [ 323.097828][ T36] veth0_macvtap: left promiscuous mode [ 323.103565][ T36] veth1_vlan: left promiscuous mode [ 323.112793][ T36] veth0_vlan: left promiscuous mode [ 323.402989][ T5140] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 323.417165][ T5140] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 323.435343][ T5140] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 323.443603][ T5140] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 323.452925][ T5140] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 323.743116][ T36] team0 (unregistering): Port device team_slave_1 removed [ 323.780255][ T36] team0 (unregistering): Port device team_slave_0 removed [ 324.364471][T13513] chnl_net:caif_netlink_parms(): no params data found [ 324.475270][T13513] bridge0: port 1(bridge_slave_0) entered blocking state [ 324.483231][T13513] bridge0: port 1(bridge_slave_0) entered disabled state [ 324.491040][T13513] bridge_slave_0: entered allmulticast mode [ 324.499529][T13513] bridge_slave_0: entered promiscuous mode [ 324.507724][T13513] bridge0: port 2(bridge_slave_1) entered blocking state [ 324.516129][T13513] bridge0: port 2(bridge_slave_1) entered disabled state [ 324.530390][T13513] bridge_slave_1: entered allmulticast mode [ 324.538456][T13513] bridge_slave_1: entered promiscuous mode [ 324.616559][T13526] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2062'. [ 324.637106][T13527] FAULT_INJECTION: forcing a failure. [ 324.637106][T13527] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 324.637952][T13526] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2062'. [ 324.671692][T13513] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 324.687456][T13527] CPU: 0 UID: 0 PID: 13527 Comm: syz.4.2060 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 324.687485][T13527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 324.687497][T13527] Call Trace: [ 324.687504][T13527] [ 324.687512][T13527] dump_stack_lvl+0x189/0x250 [ 324.687547][T13527] ? __pfx_dump_stack_lvl+0x10/0x10 [ 324.687572][T13527] ? __pfx__printk+0x10/0x10 [ 324.687603][T13527] should_fail_ex+0x414/0x560 [ 324.687639][T13527] _copy_to_user+0x31/0xb0 [ 324.687669][T13527] simple_read_from_buffer+0xe1/0x170 [ 324.687699][T13527] proc_fail_nth_read+0x1df/0x250 [ 324.687730][T13527] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 324.687760][T13527] ? rw_verify_area+0x258/0x650 [ 324.687781][T13527] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 324.687810][T13527] vfs_read+0x1fd/0x980 [ 324.687837][T13527] ? __pfx___mutex_lock+0x10/0x10 [ 324.687867][T13527] ? __pfx_vfs_read+0x10/0x10 [ 324.687888][T13527] ? __fget_files+0x2a/0x420 [ 324.687914][T13527] ? __fget_files+0x3a0/0x420 [ 324.687935][T13527] ? __fget_files+0x2a/0x420 [ 324.687966][T13527] ksys_read+0x145/0x250 [ 324.687987][T13527] ? __pfx_ksys_read+0x10/0x10 [ 324.688010][T13527] ? do_syscall_64+0xba/0x210 [ 324.688034][T13527] do_syscall_64+0xf6/0x210 [ 324.688055][T13527] ? clear_bhb_loop+0x45/0xa0 [ 324.688077][T13527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.688094][T13527] RIP: 0033:0x7f4eecf8d37c [ 324.688110][T13527] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 324.688125][T13527] RSP: 002b:00007f4eeddb0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 324.688143][T13527] RAX: ffffffffffffffda RBX: 00007f4eed1b5fa0 RCX: 00007f4eecf8d37c [ 324.688156][T13527] RDX: 000000000000000f RSI: 00007f4eeddb00a0 RDI: 0000000000000004 [ 324.688167][T13527] RBP: 00007f4eeddb0090 R08: 0000000000000000 R09: 0000000000000000 [ 324.688177][T13527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 324.688187][T13527] R13: 0000000000000000 R14: 00007f4eed1b5fa0 R15: 00007ffdc798a778 [ 324.688216][T13527] [ 324.931366][T13531] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2061'. [ 324.955817][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 324.964771][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 324.973340][ T5835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 324.982625][ T5835] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 324.993527][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 325.024387][T13536] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2064'. [ 325.035572][T13536] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2064'. [ 325.098248][ T36] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.121748][T13513] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 325.194972][T13536] gretap2: entered promiscuous mode [ 325.200586][T13536] gretap2: entered allmulticast mode [ 325.308706][ T36] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.429791][ T36] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.478688][ T5835] Bluetooth: hci0: command tx timeout [ 325.522248][T13513] team0: Port device team_slave_0 added [ 325.558792][T13513] team0: Port device team_slave_1 added [ 325.594347][ T36] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.686239][T13513] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 325.698028][T13513] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 325.728035][T13513] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 325.739828][T13567] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2071'. [ 325.753482][T13567] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2071'. [ 325.764833][T13513] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 325.788954][T13513] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 325.816633][T13571] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2073'. [ 325.841982][T13513] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 325.852064][T13571] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2073'. [ 326.070166][T13583] netlink: 900 bytes leftover after parsing attributes in process `syz.0.2076'. [ 326.082523][T13581] IPVS: set_ctl: invalid protocol: 255 0.0.0.0:20002 [ 326.105170][T13513] hsr_slave_0: entered promiscuous mode [ 326.128794][T13513] hsr_slave_1: entered promiscuous mode [ 326.383415][ T36] bridge_slave_1: left allmulticast mode [ 326.392041][ T36] bridge_slave_1: left promiscuous mode [ 326.398050][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 326.446683][ T36] bridge_slave_0: left allmulticast mode [ 326.452887][ T36] bridge_slave_0: left promiscuous mode [ 326.465885][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 326.953738][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 326.965072][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 326.978764][ T36] bond0 (unregistering): Released all slaves [ 327.096708][ T5835] Bluetooth: hci2: command tx timeout [ 327.307949][T13529] chnl_net:caif_netlink_parms(): no params data found [ 327.420401][ T36] hsr_slave_0: left promiscuous mode [ 327.426916][ T36] hsr_slave_1: left promiscuous mode [ 327.433963][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 327.442802][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 327.452365][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 327.460219][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 327.496856][ T36] veth1_macvtap: left promiscuous mode [ 327.510141][ T36] veth0_macvtap: left promiscuous mode [ 327.535070][ T36] veth1_vlan: left promiscuous mode [ 327.550787][ T36] veth0_vlan: left promiscuous mode [ 327.558653][ T5835] Bluetooth: hci0: command tx timeout [ 328.210192][ T36] team0 (unregistering): Port device team_slave_1 removed [ 328.252047][ T36] team0 (unregistering): Port device team_slave_0 removed [ 329.014164][T13529] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.033038][T13529] bridge0: port 1(bridge_slave_0) entered disabled state [ 329.053484][T13529] bridge_slave_0: entered allmulticast mode [ 329.069540][T13529] bridge_slave_0: entered promiscuous mode [ 329.134668][T13529] bridge0: port 2(bridge_slave_1) entered blocking state [ 329.157575][ T5835] Bluetooth: hci2: command tx timeout [ 329.162590][T13529] bridge0: port 2(bridge_slave_1) entered disabled state [ 329.173571][T13529] bridge_slave_1: entered allmulticast mode [ 329.183483][T13529] bridge_slave_1: entered promiscuous mode [ 329.193840][T13674] (unnamed net_device) (uninitialized): option packets_per_slave: mode dependency failed, not supported in mode active-backup(1) [ 329.271775][T13529] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 329.348098][T13529] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 329.505694][T13529] team0: Port device team_slave_0 added [ 329.530281][T13529] team0: Port device team_slave_1 added [ 329.613122][T13529] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 329.630699][T13529] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 329.667338][ T5835] Bluetooth: hci0: command tx timeout [ 329.687375][T13529] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 329.707980][T13513] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 329.784695][T13529] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 329.794131][T13529] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 329.826646][T13529] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 329.851068][T13513] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 329.932067][T13513] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 330.024177][T13513] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 330.035154][T13712] sctp: [Deprecated]: syz.4.2115 (pid 13712) Use of struct sctp_assoc_value in delayed_ack socket option. [ 330.035154][T13712] Use struct sctp_sack_info instead [ 330.130334][T13529] hsr_slave_0: entered promiscuous mode [ 330.146585][T13529] hsr_slave_1: entered promiscuous mode [ 330.160257][T13529] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 330.164636][T13718] IPVS: set_ctl: invalid protocol: 94 224.0.0.2:20001 [ 330.185635][T13529] Cannot create hsr debugfs directory [ 330.265361][T13718] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 330.661607][T13513] 8021q: adding VLAN 0 to HW filter on device bond0 [ 330.686161][T13513] 8021q: adding VLAN 0 to HW filter on device team0 [ 330.722613][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.729941][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 330.754371][T13739] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 330.841008][T13746] set match dimension is over the limit! [ 330.869094][ T1307] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.876679][ T1307] bridge0: port 2(bridge_slave_1) entered forwarding state [ 331.122766][T13752] __nla_validate_parse: 8 callbacks suppressed [ 331.122785][T13752] netlink: 277 bytes leftover after parsing attributes in process `syz.4.2126'. [ 331.188472][T13756] netlink: 277 bytes leftover after parsing attributes in process `syz.4.2126'. [ 331.222154][T13752] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2126'. [ 331.227863][T13759] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2128'. [ 331.244275][ T5835] Bluetooth: hci2: command tx timeout [ 331.255967][T13752] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2126'. [ 331.342174][T13752] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 331.382635][T13752] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 331.394945][T13752] gretap1: entered promiscuous mode [ 331.403139][T13752] gretap1: entered allmulticast mode [ 331.482561][T13529] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 331.540500][T13768] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2130'. [ 331.555758][T13768] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2130'. [ 331.566206][T13529] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 331.600604][T13513] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 331.612222][T13529] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 331.686169][T13529] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 331.718906][ T5835] Bluetooth: hci0: command tx timeout [ 331.765576][T13780] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2133'. [ 331.886271][T13784] openvswitch: netlink: IP tunnel TTL not specified. [ 331.898295][T13513] veth0_vlan: entered promiscuous mode [ 331.955530][T13513] veth1_vlan: entered promiscuous mode [ 332.116287][T13513] veth0_macvtap: entered promiscuous mode [ 332.171853][T13529] 8021q: adding VLAN 0 to HW filter on device bond0 [ 332.194592][T13513] veth1_macvtap: entered promiscuous mode [ 332.287758][T13513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 332.321590][T13513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.344228][T13513] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 332.391525][T13513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 332.422745][T13513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.447243][T13813] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2144'. [ 332.451980][T13513] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 332.467213][T13813] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2144'. [ 332.498092][T13529] 8021q: adding VLAN 0 to HW filter on device team0 [ 332.525890][T13513] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.541411][T13513] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.567458][T13513] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.576454][T13513] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.632506][ T1307] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.639727][ T1307] bridge0: port 1(bridge_slave_0) entered forwarding state [ 332.725109][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.732354][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 332.904647][T13829] netlink: 'syz.4.2149': attribute type 6 has an invalid length. [ 332.974984][T13834] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 333.201551][ T1315] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 333.247570][ T1315] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 333.318432][ T5835] Bluetooth: hci2: command tx timeout [ 333.410760][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 333.451502][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 333.831865][T13529] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 333.862718][T13866] netlink: 'syz.0.2155': attribute type 1 has an invalid length. [ 333.892048][T13868] netlink: 'syz.0.2155': attribute type 1 has an invalid length. [ 334.030495][ T1307] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.175457][ T1307] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.254412][T13529] veth0_vlan: entered promiscuous mode [ 334.303992][T13529] veth1_vlan: entered promiscuous mode [ 334.355924][ T1307] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.402076][T13529] veth0_macvtap: entered promiscuous mode [ 334.413342][T13529] veth1_macvtap: entered promiscuous mode [ 334.446150][ T1307] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.474595][T13529] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 334.485847][T13529] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.496082][T13529] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 334.506693][T13529] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.518786][T13529] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 334.544379][T13529] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 334.556514][T13529] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.567647][T13529] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 334.578975][T13529] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 334.590705][T13529] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 334.622831][T13529] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.632155][T13529] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.641068][T13529] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.649978][T13529] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 334.686366][ T1307] bridge_slave_1: left allmulticast mode [ 334.692313][ T1307] bridge_slave_1: left promiscuous mode [ 334.700286][ T1307] bridge0: port 2(bridge_slave_1) entered disabled state [ 334.711703][ T1307] bridge_slave_0: left allmulticast mode [ 334.717493][ T1307] bridge_slave_0: left promiscuous mode [ 334.723207][ T1307] bridge0: port 1(bridge_slave_0) entered disabled state [ 335.035167][ T1307] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 335.046524][ T1307] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 335.057696][ T1307] bond0 (unregistering): Released all slaves [ 335.163202][ T1315] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 335.174576][ T1315] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 335.228257][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 335.236167][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 335.439986][ T5882] IPVS: starting estimator thread 0... [ 335.470410][ T1307] hsr_slave_0: left promiscuous mode [ 335.490590][ T1307] hsr_slave_1: left promiscuous mode [ 335.504119][ T1307] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 335.529047][ T1307] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 335.537988][T13884] IPVS: using max 29 ests per chain, 69600 per kthread [ 335.552659][ T1307] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 335.567760][ T1307] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 335.616911][ T1307] veth1_macvtap: left promiscuous mode [ 335.631422][ T1307] veth0_macvtap: left promiscuous mode [ 335.641631][ T1307] veth1_vlan: left promiscuous mode [ 335.657536][ T1307] veth0_vlan: left promiscuous mode [ 336.025058][ T5140] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 336.034383][ T5140] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 336.052626][ T5140] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 336.067588][ T5140] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 336.078595][ T5140] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 336.397472][ T1307] team0 (unregistering): Port device team_slave_1 removed [ 336.436201][ T1307] team0 (unregistering): Port device team_slave_0 removed [ 337.060763][T13890] chnl_net:caif_netlink_parms(): no params data found [ 337.165130][T13890] bridge0: port 1(bridge_slave_0) entered blocking state [ 337.172385][T13890] bridge0: port 1(bridge_slave_0) entered disabled state [ 337.180110][T13890] bridge_slave_0: entered allmulticast mode [ 337.190306][T13890] bridge_slave_0: entered promiscuous mode [ 337.200598][T13890] bridge0: port 2(bridge_slave_1) entered blocking state [ 337.208194][T13890] bridge0: port 2(bridge_slave_1) entered disabled state [ 337.215392][T13890] bridge_slave_1: entered allmulticast mode [ 337.223464][T13890] bridge_slave_1: entered promiscuous mode [ 337.280051][ T1307] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.307083][T13890] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 337.321517][T13890] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 337.359009][T13890] team0: Port device team_slave_0 added [ 337.368257][T13890] team0: Port device team_slave_1 added [ 337.401296][T13890] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 337.409851][T13890] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 337.436102][T13890] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 337.451154][T13890] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 337.458530][T13890] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 337.484918][T13890] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 337.517720][ T1307] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.565353][T13890] hsr_slave_0: entered promiscuous mode [ 337.572549][T13890] hsr_slave_1: entered promiscuous mode [ 337.594825][ T1307] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.676952][ T1307] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.804535][ T1307] bridge_slave_1: left allmulticast mode [ 337.811935][ T1307] bridge_slave_1: left promiscuous mode [ 337.818948][ T1307] bridge0: port 2(bridge_slave_1) entered disabled state [ 337.829461][ T1307] bridge_slave_0: left allmulticast mode [ 337.835116][ T1307] bridge_slave_0: left promiscuous mode [ 337.841107][ T1307] bridge0: port 1(bridge_slave_0) entered disabled state [ 338.035121][T13903] __nla_validate_parse: 6 callbacks suppressed [ 338.035139][T13903] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2161'. [ 338.068304][T13903] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2161'. [ 338.119207][ T5835] Bluetooth: hci0: command tx timeout [ 338.418569][ T5140] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 338.433049][ T5140] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 338.443513][ T5140] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 338.452715][ T5140] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 338.461547][ T5140] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 338.461828][ T1307] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 338.485285][ T1307] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 338.495825][ T1307] bond0 (unregistering): Released all slaves [ 338.724303][T13918] pim6reg: entered allmulticast mode [ 338.744141][T13920] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2167'. [ 338.755268][T13920] netlink: 'syz.4.2167': attribute type 10 has an invalid length. [ 338.769799][T13920] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2167'. [ 338.815585][T13920] dummy0: entered promiscuous mode [ 338.826314][T13920] bridge0: port 3(dummy0) entered blocking state [ 338.834928][T13920] bridge0: port 3(dummy0) entered disabled state [ 338.846582][T13920] dummy0: entered allmulticast mode [ 338.957961][T13922] netlink: 'syz.1.2169': attribute type 1 has an invalid length. [ 338.979948][T13922] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2169'. [ 339.078080][ T1307] hsr_slave_0: left promiscuous mode [ 339.103274][ T1307] hsr_slave_1: left promiscuous mode [ 339.114980][ T1307] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 339.125780][ T1307] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 339.141035][ T1307] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 339.152144][ T1307] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 339.191559][T13941] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2175'. [ 339.198975][ T1307] veth1_macvtap: left promiscuous mode [ 339.206458][ T1307] veth0_macvtap: left promiscuous mode [ 339.212415][ T1307] veth1_vlan: left promiscuous mode [ 339.218349][ T1307] veth0_vlan: left promiscuous mode [ 339.410547][T13951] sock: sock_timestamping_bind_phc: sock not bind to device [ 339.865846][ T1307] team0 (unregistering): Port device team_slave_1 removed [ 339.912383][ T1307] team0 (unregistering): Port device team_slave_0 removed [ 340.200686][ T5140] Bluetooth: hci0: command tx timeout [ 340.517534][ T5140] Bluetooth: hci2: command tx timeout [ 340.596000][T13890] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 340.636634][T13890] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 340.702186][T13890] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 340.756023][T13890] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 340.786493][T13913] chnl_net:caif_netlink_parms(): no params data found [ 340.936654][T13991] x_tables: duplicate underflow at hook 2 [ 341.148048][T13913] bridge0: port 1(bridge_slave_0) entered blocking state [ 341.153762][T14006] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2195'. [ 341.160954][T13913] bridge0: port 1(bridge_slave_0) entered disabled state [ 341.173196][T13913] bridge_slave_0: entered allmulticast mode [ 341.181291][T13913] bridge_slave_0: entered promiscuous mode [ 341.211526][T13913] bridge0: port 2(bridge_slave_1) entered blocking state [ 341.230697][T13913] bridge0: port 2(bridge_slave_1) entered disabled state [ 341.240617][T13913] bridge_slave_1: entered allmulticast mode [ 341.249417][T13913] bridge_slave_1: entered promiscuous mode [ 341.279404][T13890] 8021q: adding VLAN 0 to HW filter on device bond0 [ 341.286933][T14008] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2196'. [ 341.345825][T13913] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 341.373008][T13890] 8021q: adding VLAN 0 to HW filter on device team0 [ 341.390616][T13913] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 341.464842][ T1307] bridge0: port 1(bridge_slave_0) entered blocking state [ 341.472110][ T1307] bridge0: port 1(bridge_slave_0) entered forwarding state [ 341.495162][T13913] team0: Port device team_slave_0 added [ 341.510838][T13913] team0: Port device team_slave_1 added [ 341.617728][ T1307] bridge0: port 2(bridge_slave_1) entered blocking state [ 341.624919][ T1307] bridge0: port 2(bridge_slave_1) entered forwarding state [ 341.625094][T14021] openvswitch: netlink: Actions may not be safe on all matching packets [ 341.649252][T14017] (unnamed net_device) (uninitialized): peer notification delay (1164) is not a multiple of miimon (100), value rounded to 1100 ms [ 341.714446][T14017] bond7: entered promiscuous mode [ 341.732000][T14017] bond7: entered allmulticast mode [ 341.740582][T14017] 8021q: adding VLAN 0 to HW filter on device bond7 [ 341.752234][T13913] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 341.766067][T13913] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 341.792714][T13913] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 341.810276][T13913] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 341.817456][T13913] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 341.843716][T13913] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 342.035682][T13913] hsr_slave_0: entered promiscuous mode [ 342.050632][T13913] hsr_slave_1: entered promiscuous mode [ 342.057110][T13913] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 342.067913][T13913] Cannot create hsr debugfs directory [ 342.114408][T14035] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 342.121804][T14035] IPv6: NLM_F_CREATE should be set when creating new route [ 342.282299][ T5140] Bluetooth: hci0: command tx timeout [ 342.465280][T14051] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2210'. [ 342.469251][T14054] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 342.609910][ T5140] Bluetooth: hci2: command tx timeout [ 342.743351][T13890] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 342.981729][T13890] veth0_vlan: entered promiscuous mode [ 343.025937][T13890] veth1_vlan: entered promiscuous mode [ 343.109758][T13890] veth0_macvtap: entered promiscuous mode [ 343.147034][T13890] veth1_macvtap: entered promiscuous mode [ 343.249419][T13890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 343.263215][T13890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.284838][T13890] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 343.316891][T13890] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 343.335675][T13890] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.358779][T13890] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 343.376877][T13913] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 343.393741][T14089] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2220'. [ 343.406596][T14089] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2220'. [ 343.420061][T13890] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.429961][T13890] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.456332][T13890] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.465533][T13890] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.529610][T13913] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 343.564476][T13913] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 343.612255][T13913] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 343.632489][T14101] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2224'. [ 343.818978][T14105] nbd1: detected capacity change from 0 to 4096 [ 343.823043][T13913] 8021q: adding VLAN 0 to HW filter on device bond0 [ 343.939886][ T1315] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 343.953663][ T1315] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 343.976525][ T5140] block nbd1: Receive control failed (result -32) [ 344.003512][T13913] 8021q: adding VLAN 0 to HW filter on device team0 [ 344.035190][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 344.077881][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 344.093420][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.100681][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 344.138788][ T1315] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.145963][ T1315] bridge0: port 2(bridge_slave_1) entered forwarding state [ 344.677797][ T5140] Bluetooth: hci2: command tx timeout [ 344.684206][T14146] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2237'. [ 344.941212][ T1307] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 345.060562][ T1307] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 345.102352][T13913] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 345.195243][ T1307] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 345.222596][T13913] veth0_vlan: entered promiscuous mode [ 345.235523][T13913] veth1_vlan: entered promiscuous mode [ 345.270574][T13913] veth0_macvtap: entered promiscuous mode [ 345.281560][T13913] veth1_macvtap: entered promiscuous mode [ 345.298336][T13913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 345.309370][T13913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 345.319903][T13913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 345.330947][T13913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 345.342716][T13913] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 345.356018][T13913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 345.367290][T13913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 345.377640][T13913] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 345.388186][T13913] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 345.399903][T13913] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 345.414738][T13913] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 345.423528][T13913] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 345.432325][T13913] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 345.441959][T13913] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 345.502766][ T1307] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 345.543851][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 345.551897][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 345.599972][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 345.609660][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 345.668324][ T1307] bridge_slave_1: left allmulticast mode [ 345.674035][ T1307] bridge_slave_1: left promiscuous mode [ 345.680921][ T1307] bridge0: port 2(bridge_slave_1) entered disabled state [ 345.699985][ T1307] bridge_slave_0: left allmulticast mode [ 345.705694][ T1307] bridge_slave_0: left promiscuous mode [ 345.711705][ T1307] bridge0: port 1(bridge_slave_0) entered disabled state [ 346.040969][ T1307] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 346.053473][ T1307] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 346.063777][ T1307] bond0 (unregistering): Released all slaves [ 346.375503][ T1307] hsr_slave_0: left promiscuous mode [ 346.400396][ T1307] hsr_slave_1: left promiscuous mode [ 346.419702][ T1307] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 346.427923][ T1307] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 346.443278][ T1307] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 346.463796][ T1307] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 346.555275][ T1307] veth1_macvtap: left promiscuous mode [ 346.589593][ T1307] veth0_macvtap: left promiscuous mode [ 346.595423][ T1307] veth1_vlan: left promiscuous mode [ 346.618842][ T1307] veth0_vlan: left promiscuous mode [ 346.984444][ T5835] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 347.005333][ T5835] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 347.014886][ T5835] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 347.041936][ T5835] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 347.060382][ T5835] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 347.405714][ T1307] team0 (unregistering): Port device team_slave_1 removed [ 347.451875][ T1307] team0 (unregistering): Port device team_slave_0 removed [ 348.055058][T14173] chnl_net:caif_netlink_parms(): no params data found [ 348.164888][T14173] bridge0: port 1(bridge_slave_0) entered blocking state [ 348.173547][T14173] bridge0: port 1(bridge_slave_0) entered disabled state [ 348.181019][T14173] bridge_slave_0: entered allmulticast mode [ 348.190255][T14173] bridge_slave_0: entered promiscuous mode [ 348.201492][T14173] bridge0: port 2(bridge_slave_1) entered blocking state [ 348.210124][T14173] bridge0: port 2(bridge_slave_1) entered disabled state [ 348.217742][T14173] bridge_slave_1: entered allmulticast mode [ 348.225048][T14173] bridge_slave_1: entered promiscuous mode [ 348.254877][ T1307] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.300915][T14173] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 348.313045][T14173] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 348.352183][T14173] team0: Port device team_slave_0 added [ 348.361622][T14173] team0: Port device team_slave_1 added [ 348.394167][T14173] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 348.401867][T14173] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 348.428445][T14173] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 348.441657][T14173] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 348.449415][T14173] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 348.475744][T14173] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 348.526460][T14173] hsr_slave_0: entered promiscuous mode [ 348.533927][T14173] hsr_slave_1: entered promiscuous mode [ 348.600349][ T1307] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.680139][ T1307] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.751583][ T1307] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.861562][T14189] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2246'. [ 349.163089][ T5140] Bluetooth: hci0: command tx timeout [ 349.332639][ T1307] bridge_slave_1: left allmulticast mode [ 349.349359][ T1307] bridge_slave_1: left promiscuous mode [ 349.357503][ T1307] bridge0: port 2(bridge_slave_1) entered disabled state [ 349.469624][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 349.480372][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 349.491096][ T5835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 349.500000][ T5835] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 349.507864][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 349.516969][ T1307] bridge_slave_0: left allmulticast mode [ 349.531766][ T1307] bridge_slave_0: left promiscuous mode [ 349.538815][ T1307] bridge0: port 1(bridge_slave_0) entered disabled state [ 349.682765][T14224] netlink: 'syz.0.2258': attribute type 4 has an invalid length. [ 349.933453][ T1307] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 349.944769][ T1307] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 349.956319][ T1307] bond0 (unregistering): Released all slaves [ 350.308861][T14232] netlink: 830 bytes leftover after parsing attributes in process `syz.4.2259'. [ 350.400519][T14173] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 350.522114][T14173] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 350.560774][T14173] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 350.594011][T14173] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 350.788050][T14263] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2265'. [ 350.902114][T14272] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2268'. [ 350.944099][T14273] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2265'. [ 351.118967][ T1307] hsr_slave_0: left promiscuous mode [ 351.154656][ T1307] hsr_slave_1: left promiscuous mode [ 351.167093][ T1307] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 351.174825][ T1307] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 351.183206][ T1307] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 351.191279][ T1307] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 351.214093][ T1307] veth1_macvtap: left promiscuous mode [ 351.219845][ T1307] veth0_macvtap: left promiscuous mode [ 351.225553][ T1307] veth1_vlan: left promiscuous mode [ 351.230947][ T1307] veth0_vlan: left promiscuous mode [ 351.237350][ T5835] Bluetooth: hci0: command tx timeout [ 351.559369][ T5835] Bluetooth: hci2: command tx timeout [ 351.717105][ T1307] team0 (unregistering): Port device team_slave_1 removed [ 351.756803][ T1307] team0 (unregistering): Port device team_slave_0 removed [ 352.410419][T14289] netlink: 'syz.1.2271': attribute type 39 has an invalid length. [ 352.423666][T14217] chnl_net:caif_netlink_parms(): no params data found [ 352.651263][T14294] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2272'. [ 352.916176][T14217] bridge0: port 1(bridge_slave_0) entered blocking state [ 352.956529][T14217] bridge0: port 1(bridge_slave_0) entered disabled state [ 352.973431][T14217] bridge_slave_0: entered allmulticast mode [ 353.001599][T14217] bridge_slave_0: entered promiscuous mode [ 353.018514][T14318] openvswitch: netlink: Missing valid actions attribute. [ 353.025667][T14318] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 353.036557][T14217] bridge0: port 2(bridge_slave_1) entered blocking state [ 353.051565][T14217] bridge0: port 2(bridge_slave_1) entered disabled state [ 353.064525][T14217] bridge_slave_1: entered allmulticast mode [ 353.074813][T14321] openvswitch: netlink: Missing valid actions attribute. [ 353.084312][T14217] bridge_slave_1: entered promiscuous mode [ 353.091377][T14321] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 353.139003][T14328] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2281'. [ 353.156556][T14328] openvswitch: netlink: nsh attr 0 has unexpected len 32764 expected 0 [ 353.193620][T14217] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 353.210857][T14328] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 353.225414][T14217] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 353.315183][T14332] netlink: 'syz.4.2282': attribute type 1 has an invalid length. [ 353.323144][ T5835] Bluetooth: hci0: command tx timeout [ 353.328429][T14332] netlink: 244 bytes leftover after parsing attributes in process `syz.4.2282'. [ 353.435415][T14217] team0: Port device team_slave_0 added [ 353.475568][T14217] team0: Port device team_slave_1 added [ 353.642611][ T5835] Bluetooth: hci2: command tx timeout [ 353.672883][T14173] 8021q: adding VLAN 0 to HW filter on device bond0 [ 353.719443][T14358] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2287'. [ 353.738494][T14217] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 353.745505][T14217] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 353.822079][T14217] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 353.846980][T14217] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 353.859613][T14363] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2287'. [ 353.870353][T14367] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2289'. [ 353.870914][T14217] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 353.906155][T14217] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 353.973214][T14173] 8021q: adding VLAN 0 to HW filter on device team0 [ 354.004611][ T9353] bridge0: port 1(bridge_slave_0) entered blocking state [ 354.011834][ T9353] bridge0: port 1(bridge_slave_0) entered forwarding state [ 354.059931][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 354.067125][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 354.244248][T14217] hsr_slave_0: entered promiscuous mode [ 354.264682][T14217] hsr_slave_1: entered promiscuous mode [ 354.272091][T14379] netlink: 'syz.4.2294': attribute type 4 has an invalid length. [ 354.286083][T14217] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 354.310057][T14217] Cannot create hsr debugfs directory [ 354.392269][T14387] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2295'. [ 354.414719][T14389] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2296'. [ 354.442396][T14389] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2296'. [ 354.526416][T14395] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2297'. [ 354.687102][T14399] netlink: 'syz.0.2298': attribute type 5 has an invalid length. [ 354.719767][T14399] netlink: 'syz.0.2298': attribute type 17 has an invalid length. [ 354.772370][T14405] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2301'. [ 354.936237][T14411] netlink: 144 bytes leftover after parsing attributes in process `syz.0.2302'. [ 355.014406][T14413] netlink: 'syz.4.2303': attribute type 4 has an invalid length. [ 355.203916][T14173] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 355.261530][T14424] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2307'. [ 355.375299][T14173] veth0_vlan: entered promiscuous mode [ 355.421710][T14173] veth1_vlan: entered promiscuous mode [ 355.497109][T14173] veth0_macvtap: entered promiscuous mode [ 355.596974][T14441] 8021q: VLANs not supported on lo [ 355.604441][T14439] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2311'. [ 355.622939][T14173] veth1_macvtap: entered promiscuous mode [ 355.683958][T14173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 355.718276][ T5835] Bluetooth: hci2: command tx timeout [ 355.726062][T14173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.749061][T14173] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 355.804925][T14173] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 355.815818][T14173] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.828547][T14173] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 355.876664][T14173] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.908715][T14173] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.919905][T14173] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.929072][T14173] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.966714][T14217] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 356.020581][T14217] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 356.045606][T14217] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 356.074093][T14217] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 356.198605][T14464] netlink: 'syz.4.2319': attribute type 2 has an invalid length. [ 356.206843][T14468] netlink: 'syz.0.2320': attribute type 10 has an invalid length. [ 356.217696][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 356.231576][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 356.253718][T14468] vlan0: entered allmulticast mode [ 356.260991][T14468] veth0_vlan: entered allmulticast mode [ 356.315055][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 356.343080][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 356.452055][T14472] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2322'. [ 356.468221][T14217] 8021q: adding VLAN 0 to HW filter on device bond0 [ 356.572156][T14217] 8021q: adding VLAN 0 to HW filter on device team0 [ 356.603295][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 356.610602][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 356.635545][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 356.642781][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 356.862345][ T9353] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.996352][ T9353] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.076302][ T9353] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.165256][T14217] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 357.212421][ T9353] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.250126][T14217] veth0_vlan: entered promiscuous mode [ 357.263826][T14217] veth1_vlan: entered promiscuous mode [ 357.295078][T14217] veth0_macvtap: entered promiscuous mode [ 357.305598][T14217] veth1_macvtap: entered promiscuous mode [ 357.327055][T14217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 357.338624][T14217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.351515][T14217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 357.362349][T14217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.374080][T14217] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 357.385617][T14217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 357.403496][T14217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.413874][T14217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 357.424444][T14217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.435572][T14217] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 357.456586][T14217] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.466385][T14217] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.475963][T14217] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.486026][T14217] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.596193][ T9353] bridge_slave_1: left allmulticast mode [ 357.602719][ T9353] bridge_slave_1: left promiscuous mode [ 357.608646][ T9353] bridge0: port 2(bridge_slave_1) entered disabled state [ 357.619566][ T9353] bridge_slave_0: left allmulticast mode [ 357.625222][ T9353] bridge_slave_0: left promiscuous mode [ 357.631168][ T9353] bridge0: port 1(bridge_slave_0) entered disabled state [ 357.797771][ T5835] Bluetooth: hci2: command tx timeout [ 357.962863][ T9353] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 357.974927][ T9353] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 357.986357][ T9353] bond0 (unregistering): Released all slaves [ 358.007427][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 358.015275][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 358.055499][ T4570] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 358.063853][ T4570] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 358.340331][ T9353] hsr_slave_0: left promiscuous mode [ 358.356932][ T9353] hsr_slave_1: left promiscuous mode [ 358.374743][ T9353] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 358.392810][ T9353] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 358.414131][ T9353] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 358.427649][ T9353] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 358.474183][ T9353] veth1_macvtap: left promiscuous mode [ 358.497429][ T9353] veth0_macvtap: left promiscuous mode [ 358.503271][ T9353] veth1_vlan: left promiscuous mode [ 358.518604][ T9353] veth0_vlan: left promiscuous mode [ 358.758890][ T5140] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 358.774161][ T5140] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 358.783114][ T5140] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 358.807048][ T5140] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 358.814937][ T5140] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 359.100708][ T9353] team0 (unregistering): Port device team_slave_1 removed [ 359.141303][ T9353] team0 (unregistering): Port device team_slave_0 removed [ 359.977598][T14503] chnl_net:caif_netlink_parms(): no params data found [ 360.093793][ T9353] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.112956][T14503] bridge0: port 1(bridge_slave_0) entered blocking state [ 360.121374][T14503] bridge0: port 1(bridge_slave_0) entered disabled state [ 360.128954][T14503] bridge_slave_0: entered allmulticast mode [ 360.136159][T14503] bridge_slave_0: entered promiscuous mode [ 360.144391][T14503] bridge0: port 2(bridge_slave_1) entered blocking state [ 360.152031][T14503] bridge0: port 2(bridge_slave_1) entered disabled state [ 360.161901][T14503] bridge_slave_1: entered allmulticast mode [ 360.169749][T14503] bridge_slave_1: entered promiscuous mode [ 360.205010][T14503] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 360.217645][T14503] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 360.258495][T14503] team0: Port device team_slave_0 added [ 360.266653][T14503] team0: Port device team_slave_1 added [ 360.302416][T14503] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 360.309809][T14503] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 360.336304][T14503] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 360.349708][T14503] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 360.356706][T14503] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 360.383697][T14503] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 360.434116][T14503] hsr_slave_0: entered promiscuous mode [ 360.441334][T14503] hsr_slave_1: entered promiscuous mode [ 360.811063][T14503] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 360.822132][T14503] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 360.832556][T14503] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 360.843649][T14503] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 360.848030][ T5140] Bluetooth: hci0: command tx timeout [ 360.942936][ T9353] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 360.966819][T14503] 8021q: adding VLAN 0 to HW filter on device bond0 [ 360.988943][T14503] 8021q: adding VLAN 0 to HW filter on device team0 [ 361.016645][ T9353] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.035666][ T1307] bridge0: port 1(bridge_slave_0) entered blocking state [ 361.042851][ T1307] bridge0: port 1(bridge_slave_0) entered forwarding state [ 361.055963][ T4570] bridge0: port 2(bridge_slave_1) entered blocking state [ 361.063157][ T4570] bridge0: port 2(bridge_slave_1) entered forwarding state [ 361.112904][ T9353] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 361.263319][ T9353] bridge_slave_1: left allmulticast mode [ 361.269206][ T9353] bridge_slave_1: left promiscuous mode [ 361.275020][ T9353] bridge0: port 2(bridge_slave_1) entered disabled state [ 361.290196][ T9353] bridge_slave_0: left allmulticast mode [ 361.295895][ T9353] bridge_slave_0: left promiscuous mode [ 361.304128][ T9353] bridge0: port 1(bridge_slave_0) entered disabled state [ 361.837560][ T9353] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 361.853800][ T9353] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 361.875076][ T9353] bond0 (unregistering): Released all slaves [ 361.990572][T14503] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 362.120319][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 362.129826][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 362.137795][ T5835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 362.146847][ T5835] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 362.155233][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 362.391326][T14503] veth0_vlan: entered promiscuous mode [ 362.410540][T14503] veth1_vlan: entered promiscuous mode [ 362.484454][T14554] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.530789][T14559] __nla_validate_parse: 4 callbacks suppressed [ 362.530807][T14559] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2342'. [ 362.666964][T14554] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.719704][T14503] veth0_macvtap: entered promiscuous mode [ 362.735706][ T9353] hsr_slave_0: left promiscuous mode [ 362.748221][ T9353] hsr_slave_1: left promiscuous mode [ 362.754109][ T9353] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 362.770123][ T9353] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 362.780108][ T9353] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 362.794046][ T9353] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 362.804367][ T5983] IPVS: starting estimator thread 0... [ 362.823486][ T9353] veth1_macvtap: left promiscuous mode [ 362.829218][ T9353] veth0_macvtap: left promiscuous mode [ 362.834828][ T9353] veth1_vlan: left promiscuous mode [ 362.840579][ T9353] veth0_vlan: left promiscuous mode [ 362.856620][T14571] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2346'. [ 362.919601][ T5140] Bluetooth: hci0: command tx timeout [ 362.925383][T14570] IPVS: using max 39 ests per chain, 93600 per kthread [ 363.314721][ T9353] team0 (unregistering): Port device team_slave_1 removed [ 363.354925][ T9353] team0 (unregistering): Port device team_slave_0 removed [ 363.782138][T14503] veth1_macvtap: entered promiscuous mode [ 363.895357][T14554] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.995884][T14554] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 364.014562][T14503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 364.027952][T14503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.040307][T14503] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 364.069301][T14503] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 364.080026][T14503] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 364.082554][T14577] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2347'. [ 364.091964][T14503] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 364.118343][T14503] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.127089][T14503] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.139424][T14503] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.149224][T14503] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.149529][T14577] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2347'. [ 364.197551][ T5140] Bluetooth: hci2: command tx timeout [ 364.474592][T14554] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.498291][T14554] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.565425][T14554] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.585525][T14542] chnl_net:caif_netlink_parms(): no params data found [ 364.631843][T14594] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2352'. [ 364.636103][T14554] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 364.749770][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 364.762476][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 365.007524][ T5140] Bluetooth: hci0: command tx timeout [ 365.015450][T14614] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2358'. [ 365.040008][T14542] bridge0: port 1(bridge_slave_0) entered blocking state [ 365.054001][T14542] bridge0: port 1(bridge_slave_0) entered disabled state [ 365.074873][T14542] bridge_slave_0: entered allmulticast mode [ 365.091142][T14542] bridge_slave_0: entered promiscuous mode [ 365.101012][T14542] bridge0: port 2(bridge_slave_1) entered blocking state [ 365.110213][T14542] bridge0: port 2(bridge_slave_1) entered disabled state [ 365.118507][T14542] bridge_slave_1: entered allmulticast mode [ 365.126502][T14542] bridge_slave_1: entered promiscuous mode [ 365.222248][T14542] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 365.223344][ T4570] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 365.246692][T14542] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 365.256683][ T4570] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 365.283373][T14617] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 365.298199][T14617] team0: Device ipvlan2 is already an upper device of the team interface [ 365.539180][T14542] team0: Port device team_slave_0 added [ 365.661893][T14542] team0: Port device team_slave_1 added [ 365.677160][T14637] netlink: 14528 bytes leftover after parsing attributes in process `syz.4.2364'. [ 365.746485][T14644] tipc: Enabled bearer , priority 10 [ 365.895032][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 365.918892][T14542] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 365.925876][T14542] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 365.952638][T14542] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 365.973874][T14542] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 365.981420][T14542] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 366.011397][T14542] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 366.056833][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.113480][T14542] hsr_slave_0: entered promiscuous mode [ 366.120160][T14542] hsr_slave_1: entered promiscuous mode [ 366.126312][T14542] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 366.134969][T14542] Cannot create hsr debugfs directory [ 366.250565][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.277987][ T5140] Bluetooth: hci2: command tx timeout [ 366.353241][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.474541][ T13] bridge_slave_1: left allmulticast mode [ 366.480536][ T13] bridge_slave_1: left promiscuous mode [ 366.486343][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 366.495619][ T13] bridge_slave_0: left allmulticast mode [ 366.502933][ T13] bridge_slave_0: left promiscuous mode [ 366.509051][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 366.821766][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 366.833088][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 366.843612][ T13] bond0 (unregistering): Released all slaves [ 366.993121][T14542] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 367.008907][T14542] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 367.048506][T14542] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 367.058518][T14542] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 367.126141][ T13] hsr_slave_0: left promiscuous mode [ 367.134645][ T13] hsr_slave_1: left promiscuous mode [ 367.141090][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 367.149067][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 367.156885][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 367.165029][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 367.185767][ T13] veth1_macvtap: left promiscuous mode [ 367.191523][ T13] veth0_macvtap: left promiscuous mode [ 367.197267][ T13] veth1_vlan: left promiscuous mode [ 367.202852][ T13] veth0_vlan: left promiscuous mode [ 367.555380][T14658] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2368'. [ 367.619219][T14661] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2372'. [ 367.669459][T14662] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2372'. [ 367.884330][ T5835] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 367.894264][ T5835] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 367.905708][ T5835] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 367.914758][ T5835] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 367.934663][ T5835] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 368.061905][ T13] team0 (unregistering): Port device team_slave_1 removed [ 368.104130][ T13] team0 (unregistering): Port device team_slave_0 removed [ 368.321255][T14674] netlink: 'syz.0.2373': attribute type 27 has an invalid length. [ 368.372410][ T5140] Bluetooth: hci2: command tx timeout [ 368.649935][T14542] 8021q: adding VLAN 0 to HW filter on device bond0 [ 368.717812][T14679] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2375'. [ 368.746993][T14679] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2375'. [ 368.774251][T14542] 8021q: adding VLAN 0 to HW filter on device team0 [ 368.820228][T14685] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2376'. [ 368.859298][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 368.866467][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 368.954689][ T1307] bridge0: port 2(bridge_slave_1) entered blocking state [ 368.961977][ T1307] bridge0: port 2(bridge_slave_1) entered forwarding state [ 369.078827][T14695] netlink: 'syz.1.2380': attribute type 1 has an invalid length. [ 369.196900][T14703] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2381'. [ 369.346774][T14670] chnl_net:caif_netlink_parms(): no params data found [ 369.432091][T14708] ip6t_REJECT: ECHOREPLY is not supported [ 369.611776][T14670] bridge0: port 1(bridge_slave_0) entered blocking state [ 369.621246][T14670] bridge0: port 1(bridge_slave_0) entered disabled state [ 369.633936][T14670] bridge_slave_0: entered allmulticast mode [ 369.645844][T14670] bridge_slave_0: entered promiscuous mode [ 369.660642][T14721] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2384'. [ 369.686886][T14670] bridge0: port 2(bridge_slave_1) entered blocking state [ 369.705112][T14670] bridge0: port 2(bridge_slave_1) entered disabled state [ 369.723691][T14670] bridge_slave_1: entered allmulticast mode [ 369.733819][T14670] bridge_slave_1: entered promiscuous mode [ 369.741374][T14720] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2384'. [ 369.766101][T14542] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 369.782960][T14723] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2383'. [ 369.792999][T14723] openvswitch: netlink: nsh attribute has 5276 unknown bytes. [ 369.801060][T14723] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 369.908699][T14670] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 369.933431][T14670] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 370.037642][ T5140] Bluetooth: hci0: command tx timeout [ 370.090919][T14670] team0: Port device team_slave_0 added [ 370.118724][T14735] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 370.136238][T14670] team0: Port device team_slave_1 added [ 370.184588][T14744] netlink: 'syz.1.2387': attribute type 1 has an invalid length. [ 370.312880][T14744] 8021q: adding VLAN 0 to HW filter on device bond9 [ 370.421041][T14670] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 370.437637][ T5140] Bluetooth: hci2: command tx timeout [ 370.444306][T14670] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 370.477214][T14670] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 370.524844][T14670] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 370.535017][T14670] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 370.562426][T14670] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 370.804333][T14670] hsr_slave_0: entered promiscuous mode [ 370.829838][T14670] hsr_slave_1: entered promiscuous mode [ 370.871716][T14542] veth0_vlan: entered promiscuous mode [ 371.025179][T14542] veth1_vlan: entered promiscuous mode [ 371.241511][T14542] veth0_macvtap: entered promiscuous mode [ 371.252463][T14542] veth1_macvtap: entered promiscuous mode [ 371.291143][T14789] openvswitch: netlink: nsh attr 0 has unexpected len 32764 expected 0 [ 371.299578][T14789] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 371.304480][T14542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 371.325580][T14542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.339179][T14542] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 371.355334][T14542] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 371.366628][T14542] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 371.381152][T14542] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 371.409606][T14542] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.422407][T14542] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.432102][T14542] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.442128][T14542] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 371.453230][T14791] netlink: 'syz.0.2402': attribute type 30 has an invalid length. [ 371.473433][T14792] netlink: 'syz.0.2402': attribute type 1 has an invalid length. [ 371.493135][T14792] netlink: 'syz.0.2402': attribute type 3 has an invalid length. [ 371.493765][T14791] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 371.502694][T14792] NCSI netlink: No device for ifindex 0 [ 371.509447][T14791] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 371.509481][T14791] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 371.531610][T14791] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 371.545630][T14791] netdevsim netdevsim0 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 371.554114][T14791] netdevsim netdevsim0 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 371.562787][T14791] netdevsim netdevsim0 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 371.571325][T14791] netdevsim netdevsim0 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 371.730855][ T1315] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 371.764958][ T1315] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 371.804437][ T4570] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 371.805256][T14670] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 371.823665][ T4570] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 371.887106][T14670] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 371.948063][T14670] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 372.006472][T14670] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 372.127568][ T5140] Bluetooth: hci0: command tx timeout [ 372.273338][T14815] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 372.521349][T14825] netlink: 'syz.4.2412': attribute type 15 has an invalid length. [ 372.592008][T14826] __nla_validate_parse: 12 callbacks suppressed [ 372.592038][T14826] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2412'. [ 372.623494][ T1307] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.804286][ T1307] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.862575][T14670] 8021q: adding VLAN 0 to HW filter on device bond0 [ 372.882938][T14670] 8021q: adding VLAN 0 to HW filter on device team0 [ 372.903044][T12077] bridge0: port 1(bridge_slave_0) entered blocking state [ 372.910233][T12077] bridge0: port 1(bridge_slave_0) entered forwarding state [ 372.925698][T12077] bridge0: port 2(bridge_slave_1) entered blocking state [ 372.932875][T12077] bridge0: port 2(bridge_slave_1) entered forwarding state [ 373.056360][ T1307] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 373.143990][ T1307] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 373.175881][T14670] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 373.221449][T14670] veth0_vlan: entered promiscuous mode [ 373.235242][T14670] veth1_vlan: entered promiscuous mode [ 373.273047][T14670] veth0_macvtap: entered promiscuous mode [ 373.293575][T14670] veth1_macvtap: entered promiscuous mode [ 373.338927][T14670] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 373.349529][T14670] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 373.360508][T14670] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 373.371035][T14670] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 373.382440][T14670] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 373.391738][ T1307] bridge_slave_1: left allmulticast mode [ 373.397811][ T1307] bridge_slave_1: left promiscuous mode [ 373.403538][ T1307] bridge0: port 2(bridge_slave_1) entered disabled state [ 373.412929][ T1307] bridge_slave_0: left allmulticast mode [ 373.419270][ T1307] bridge_slave_0: left promiscuous mode [ 373.424969][ T1307] bridge0: port 1(bridge_slave_0) entered disabled state [ 373.783172][ T1307] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 373.795024][ T1307] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 373.805391][ T1307] bond0 (unregistering): Released all slaves [ 373.831730][T14670] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 373.843113][T14670] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 373.855599][T14670] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 373.866328][T14670] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 373.888709][T14670] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 373.925480][T14670] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 373.936112][T14670] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 373.945319][T14670] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 373.955207][T14670] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 374.096383][ T1315] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 374.112259][ T1315] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 374.151842][ T1307] hsr_slave_0: left promiscuous mode [ 374.161624][ T1307] hsr_slave_1: left promiscuous mode [ 374.167913][ T1307] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 374.175332][ T1307] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 374.184938][ T1307] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 374.192869][ T1307] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 374.207905][ T5140] Bluetooth: hci0: command tx timeout [ 374.217207][ T1307] veth1_macvtap: left promiscuous mode [ 374.223064][ T1307] veth0_macvtap: left promiscuous mode [ 374.229101][ T1307] veth1_vlan: left promiscuous mode [ 374.234379][ T1307] veth0_vlan: left promiscuous mode [ 374.672307][ T1307] team0 (unregistering): Port device team_slave_1 removed [ 374.711935][ T1307] team0 (unregistering): Port device team_slave_0 removed [ 374.968833][T14845] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2415'. [ 375.246043][T14852] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2419'. [ 375.326339][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 375.354826][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 375.364342][ T5835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 375.378036][ T5835] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 375.386273][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 375.520407][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 375.570179][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 375.907042][T14866] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 375.980293][T14870] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2424'. [ 375.991905][T14870] openvswitch: netlink: nsh attr 0 has unexpected len 32764 expected 0 [ 376.000359][T14870] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 376.101572][T14876] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2425'. [ 376.133755][T14873] (unnamed net_device) (uninitialized): (slave bond_slave_1): Device is not our slave [ 376.147675][T14873] (unnamed net_device) (uninitialized): option active_slave: invalid value (bond_slave_1) [ 376.277159][T14853] chnl_net:caif_netlink_parms(): no params data found [ 376.437162][T14896] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2431'. [ 376.515712][T14902] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2432'. [ 376.520391][T14853] bridge0: port 1(bridge_slave_0) entered blocking state [ 376.538645][T14853] bridge0: port 1(bridge_slave_0) entered disabled state [ 376.545940][T14853] bridge_slave_0: entered allmulticast mode [ 376.555296][T14853] bridge_slave_0: entered promiscuous mode [ 376.578837][T14853] bridge0: port 2(bridge_slave_1) entered blocking state [ 376.583054][T14907] FAULT_INJECTION: forcing a failure. [ 376.583054][T14907] name failslab, interval 1, probability 0, space 0, times 0 [ 376.599360][T14853] bridge0: port 2(bridge_slave_1) entered disabled state [ 376.599601][T14853] bridge_slave_1: entered allmulticast mode [ 376.613722][T14907] CPU: 0 UID: 0 PID: 14907 Comm: syz.4.2434 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 376.613765][T14907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 376.613785][T14907] Call Trace: [ 376.613794][T14907] [ 376.613803][T14907] dump_stack_lvl+0x189/0x250 [ 376.613842][T14907] ? __pfx_dump_stack_lvl+0x10/0x10 [ 376.613870][T14907] ? __pfx__printk+0x10/0x10 [ 376.613906][T14907] ? __pfx___might_resched+0x10/0x10 [ 376.613924][T14907] ? fs_reclaim_acquire+0x7d/0x100 [ 376.613959][T14907] should_fail_ex+0x414/0x560 [ 376.613997][T14907] should_failslab+0xa8/0x100 [ 376.614025][T14907] __kmalloc_noprof+0xcb/0x4f0 [ 376.614048][T14907] ? kfree+0x4d/0x440 [ 376.614066][T14907] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 376.614097][T14907] tomoyo_realpath_from_path+0xe3/0x5d0 [ 376.614122][T14907] ? tomoyo_domain+0xda/0x130 [ 376.614152][T14907] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 376.614183][T14907] tomoyo_path_number_perm+0x1e8/0x5a0 [ 376.614217][T14907] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 376.614268][T14907] ? __lock_acquire+0xaac/0xd20 [ 376.614317][T14907] ? __fget_files+0x2a/0x420 [ 376.614347][T14907] ? __fget_files+0x3a0/0x420 [ 376.614371][T14907] ? __fget_files+0x2a/0x420 [ 376.614401][T14907] security_file_ioctl+0xcb/0x2d0 [ 376.614433][T14907] __se_sys_ioctl+0x47/0x170 [ 376.614457][T14907] do_syscall_64+0xf6/0x210 [ 376.614481][T14907] ? clear_bhb_loop+0x45/0xa0 [ 376.614506][T14907] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 376.614525][T14907] RIP: 0033:0x7f4eecf8e969 [ 376.614543][T14907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 376.614561][T14907] RSP: 002b:00007f4eeddb0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 376.614583][T14907] RAX: ffffffffffffffda RBX: 00007f4eed1b5fa0 RCX: 00007f4eecf8e969 [ 376.614597][T14907] RDX: 00002000000020c0 RSI: 0000000000008954 RDI: 0000000000000003 [ 376.614610][T14907] RBP: 00007f4eeddb0090 R08: 0000000000000000 R09: 0000000000000000 [ 376.614622][T14907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 376.614634][T14907] R13: 0000000000000000 R14: 00007f4eed1b5fa0 R15: 00007ffdc798a778 [ 376.614667][T14907] [ 376.637155][T14853] bridge_slave_1: entered promiscuous mode [ 376.641292][T14907] ERROR: Out of memory at tomoyo_realpath_from_path. [ 376.931848][T14853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 376.964371][T14853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 377.020893][T14914] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2436'. [ 377.054582][T14853] team0: Port device team_slave_0 added [ 377.077017][T14916] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2437'. [ 377.091942][T14853] team0: Port device team_slave_1 added [ 377.095657][T14916] openvswitch: netlink: nsh attr 0 has unexpected len 32764 expected 0 [ 377.109958][T14916] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 377.194399][T14920] netlink: 344 bytes leftover after parsing attributes in process `syz.0.2439'. [ 377.195053][T14853] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 377.211762][T14853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 377.239430][T14853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 377.259160][T14853] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 377.266324][T14853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 377.293507][T14853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 377.421133][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.477468][ T5140] Bluetooth: hci2: command tx timeout [ 377.544800][T14853] hsr_slave_0: entered promiscuous mode [ 377.551634][T14853] hsr_slave_1: entered promiscuous mode [ 377.559034][T14853] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 377.572558][T14853] Cannot create hsr debugfs directory [ 377.630658][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.703691][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.763650][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 377.902623][ T13] bridge_slave_1: left allmulticast mode [ 377.908496][ T13] bridge_slave_1: left promiscuous mode [ 377.914219][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 377.928601][ T13] bridge_slave_0: left allmulticast mode [ 377.934285][ T13] bridge_slave_0: left promiscuous mode [ 377.942961][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 378.301049][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 378.312574][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 378.322946][ T13] bond0 (unregistering): Released all slaves [ 378.537755][ T13] hsr_slave_0: left promiscuous mode [ 378.543769][ T13] hsr_slave_1: left promiscuous mode [ 378.552940][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 378.561125][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 378.569494][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 378.576926][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 378.607580][ T13] veth1_macvtap: left promiscuous mode [ 378.613168][ T13] veth0_macvtap: left promiscuous mode [ 378.619298][ T13] veth1_vlan: left promiscuous mode [ 378.624714][ T13] veth0_vlan: left promiscuous mode [ 379.045649][ T13] team0 (unregistering): Port device team_slave_1 removed [ 379.168994][ T13] team0 (unregistering): Port device team_slave_0 removed [ 379.291734][T14942] __nla_validate_parse: 3 callbacks suppressed [ 379.291754][T14942] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2445'. [ 379.557845][ T5829] Bluetooth: hci2: command tx timeout [ 379.572593][ T5829] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 379.582643][ T5829] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 379.596440][ T5829] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 379.615327][ T5829] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 379.634533][ T5829] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 379.937270][T14949] FAULT_INJECTION: forcing a failure. [ 379.937270][T14949] name failslab, interval 1, probability 0, space 0, times 0 [ 379.972710][T14949] CPU: 1 UID: 0 PID: 14949 Comm: syz.1.2446 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 379.972744][T14949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 379.972773][T14949] Call Trace: [ 379.972781][T14949] [ 379.972789][T14949] dump_stack_lvl+0x189/0x250 [ 379.972824][T14949] ? __pfx_dump_stack_lvl+0x10/0x10 [ 379.972852][T14949] ? __pfx__printk+0x10/0x10 [ 379.972874][T14949] ? __pfx___might_resched+0x10/0x10 [ 379.972893][T14949] ? fs_reclaim_acquire+0x7d/0x100 [ 379.972928][T14949] should_fail_ex+0x414/0x560 [ 379.972966][T14949] should_failslab+0xa8/0x100 [ 379.972995][T14949] __kmalloc_noprof+0xcb/0x4f0 [ 379.973018][T14949] ? tomoyo_encode+0x28b/0x550 [ 379.973046][T14949] tomoyo_encode+0x28b/0x550 [ 379.973075][T14949] tomoyo_realpath_from_path+0x58d/0x5d0 [ 379.973101][T14949] ? tomoyo_domain+0xda/0x130 [ 379.973131][T14949] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 379.973162][T14949] tomoyo_path_number_perm+0x1e8/0x5a0 [ 379.973197][T14949] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 379.973248][T14949] ? __lock_acquire+0xaac/0xd20 [ 379.973297][T14949] ? __fget_files+0x2a/0x420 [ 379.973329][T14949] ? __fget_files+0x3a0/0x420 [ 379.973352][T14949] ? __fget_files+0x2a/0x420 [ 379.973391][T14949] security_file_ioctl+0xcb/0x2d0 [ 379.973422][T14949] __se_sys_ioctl+0x47/0x170 [ 379.973446][T14949] do_syscall_64+0xf6/0x210 [ 379.973471][T14949] ? clear_bhb_loop+0x45/0xa0 [ 379.973497][T14949] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.973516][T14949] RIP: 0033:0x7f51df58e969 [ 379.973533][T14949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 379.973551][T14949] RSP: 002b:00007f51e046a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 379.973572][T14949] RAX: ffffffffffffffda RBX: 00007f51df7b5fa0 RCX: 00007f51df58e969 [ 379.973587][T14949] RDX: 00002000000020c0 RSI: 0000000000008954 RDI: 0000000000000003 [ 379.973600][T14949] RBP: 00007f51e046a090 R08: 0000000000000000 R09: 0000000000000000 [ 379.973612][T14949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 379.973624][T14949] R13: 0000000000000000 R14: 00007f51df7b5fa0 R15: 00007ffe800b4518 [ 379.973657][T14949] [ 379.973678][T14949] ERROR: Out of memory at tomoyo_realpath_from_path. [ 380.091373][T14853] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 380.269845][T14853] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 380.310591][T14956] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2449'. [ 380.389138][T14960] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2449'. [ 380.415503][T14853] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 380.444649][T14959] netlink: 'syz.4.2448': attribute type 29 has an invalid length. [ 380.460376][T14954] netlink: 'syz.4.2448': attribute type 29 has an invalid length. [ 380.509713][T14853] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 381.652363][ T5829] Bluetooth: hci2: command tx timeout [ 381.718032][ T5829] Bluetooth: hci0: command tx timeout [ 382.204798][T14992] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2457'. [ 382.316862][T14946] chnl_net:caif_netlink_parms(): no params data found [ 382.461360][T14853] 8021q: adding VLAN 0 to HW filter on device bond0 [ 382.493641][T14946] bridge0: port 1(bridge_slave_0) entered blocking state [ 382.502229][T14946] bridge0: port 1(bridge_slave_0) entered disabled state [ 382.510264][T14946] bridge_slave_0: entered allmulticast mode [ 382.519634][T14946] bridge_slave_0: entered promiscuous mode [ 382.542323][T14853] 8021q: adding VLAN 0 to HW filter on device team0 [ 382.561112][T14946] bridge0: port 2(bridge_slave_1) entered blocking state [ 382.569455][T14946] bridge0: port 2(bridge_slave_1) entered disabled state [ 382.578910][T14946] bridge_slave_1: entered allmulticast mode [ 382.587039][T14946] bridge_slave_1: entered promiscuous mode [ 382.629054][ T1307] bridge0: port 1(bridge_slave_0) entered blocking state [ 382.636297][ T1307] bridge0: port 1(bridge_slave_0) entered forwarding state [ 382.661264][T14946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 382.681239][ T1307] bridge0: port 2(bridge_slave_1) entered blocking state [ 382.688443][ T1307] bridge0: port 2(bridge_slave_1) entered forwarding state [ 382.707481][T14946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 382.772819][T14946] team0: Port device team_slave_0 added [ 382.791156][T14946] team0: Port device team_slave_1 added [ 382.833468][T14946] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 382.842208][T14946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 382.868916][T14946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 382.890644][T14946] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 382.902396][T14946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 382.934023][T14946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 382.964396][T14853] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 383.193586][T15023] netlink: 'syz.0.2467': attribute type 11 has an invalid length. [ 383.214835][T14946] hsr_slave_0: entered promiscuous mode [ 383.232619][T14946] hsr_slave_1: entered promiscuous mode [ 383.531147][T15027] netlink: 892 bytes leftover after parsing attributes in process `syz.4.2468'. [ 383.677032][T15041] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2470'. [ 383.718452][ C1] ================================================================== [ 383.718730][ T5829] Bluetooth: hci2: command tx timeout [ 383.726570][ C1] BUG: KASAN: slab-use-after-free in rose_timer_expiry+0x471/0x4b0 [ 383.726610][ C1] Read of size 2 at addr ffff88807bb6ac2a by task syz.4.2468/15026 [ 383.747819][ C1] [ 383.750172][ C1] CPU: 1 UID: 0 PID: 15026 Comm: syz.4.2468 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 383.750203][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 383.750217][ C1] Call Trace: [ 383.750225][ C1] [ 383.750234][ C1] dump_stack_lvl+0x189/0x250 [ 383.750269][ C1] ? __virt_addr_valid+0x18c/0x540 [ 383.750295][ C1] ? rcu_is_watching+0x15/0xb0 [ 383.750326][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 383.750354][ C1] ? rcu_is_watching+0x15/0xb0 [ 383.750384][ C1] ? lock_release+0x4b/0x3e0 [ 383.750414][ C1] ? __virt_addr_valid+0x18c/0x540 [ 383.750440][ C1] ? __virt_addr_valid+0x469/0x540 [ 383.750467][ C1] print_report+0xb4/0x290 [ 383.750492][ C1] ? rose_timer_expiry+0x471/0x4b0 [ 383.750520][ C1] kasan_report+0x118/0x150 [ 383.750546][ C1] ? rose_timer_expiry+0x471/0x4b0 [ 383.750579][ C1] rose_timer_expiry+0x471/0x4b0 [ 383.750610][ C1] call_timer_fn+0x17b/0x5f0 [ 383.750636][ C1] ? __pfx_rose_timer_expiry+0x10/0x10 [ 383.750663][ C1] ? call_timer_fn+0xbe/0x5f0 [ 383.750689][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 383.750720][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 383.750739][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 383.750759][ C1] ? __pfx_rose_timer_expiry+0x10/0x10 [ 383.750789][ C1] __run_timer_base+0x61a/0x860 [ 383.750813][ C1] ? ktime_get+0x3e/0x1f0 [ 383.750840][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 383.750880][ C1] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 383.750912][ C1] run_timer_softirq+0xb7/0x180 [ 383.750938][ C1] handle_softirqs+0x283/0x870 [ 383.750973][ C1] ? __irq_exit_rcu+0xca/0x1f0 [ 383.750993][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 383.751032][ C1] __irq_exit_rcu+0xca/0x1f0 [ 383.751050][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 383.751074][ C1] irq_exit_rcu+0x9/0x30 [ 383.751089][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 383.751118][ C1] [ 383.751125][ C1] [ 383.751134][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 383.751169][ C1] RIP: 0010:folios_put_refs+0x125/0x640 [ 383.751191][ C1] Code: 64 24 18 4d 8d 77 ff bf 1f 00 00 00 4c 89 f6 e8 41 ee c4 ff 49 83 fe 1e 0f 87 2e 03 00 00 e8 52 e9 c4 ff 4c 89 e8 48 c1 e8 03 <80> 3c 18 00 74 08 4c 89 ef e8 3d de 26 00 4c 89 6c 24 10 4f 8b 2c [ 383.751209][ C1] RSP: 0018:ffffc90003f77620 EFLAGS: 00000a06 [ 383.751228][ C1] RAX: 1ffff920007eef0f RBX: dffffc0000000000 RCX: ffff888051b5bc00 [ 383.751244][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 000000000000001f [ 383.751257][ C1] RBP: ffffc90003f77710 R08: ffffea0001b14a37 R09: 1ffffd4000362946 [ 383.751272][ C1] R10: dffffc0000000000 R11: fffff94000362947 R12: ffffc90003f77780 [ 383.751288][ C1] R13: ffffc90003f77878 R14: 000000000000001e R15: 000000000000001f [ 383.751319][ C1] ? __pfx_folios_put_refs+0x10/0x10 [ 383.751338][ C1] ? __lock_acquire+0xaac/0xd20 [ 383.751367][ C1] ? free_swap_cache+0x9b/0x300 [ 383.751400][ C1] free_pages_and_swap_cache+0x277/0x520 [ 383.751436][ C1] ? __pfx_free_pages_and_swap_cache+0x10/0x10 [ 383.751495][ C1] ? tlb_table_flush+0x36d/0x410 [ 383.751530][ C1] tlb_flush_mmu+0x3a0/0x680 [ 383.751560][ C1] ? __pfx_down_write+0x10/0x10 [ 383.751587][ C1] tlb_finish_mmu+0xc3/0x1d0 [ 383.751638][ C1] exit_mmap+0x474/0xba0 [ 383.751667][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 383.751692][ C1] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 383.751724][ C1] ? __pfx_exit_aio+0x10/0x10 [ 383.751753][ C1] ? uprobe_clear_state+0x274/0x290 [ 383.751780][ C1] __mmput+0x118/0x420 [ 383.751813][ C1] exit_mm+0x1da/0x2c0 [ 383.751840][ C1] ? __pfx_exit_mm+0x10/0x10 [ 383.751864][ C1] ? taskstats_exit+0x43c/0xa30 [ 383.751899][ C1] ? tty_audit_exit+0x153/0x200 [ 383.751920][ C1] do_exit+0x859/0x2550 [ 383.751947][ C1] ? preempt_schedule_common+0x83/0xd0 [ 383.751969][ C1] ? preempt_schedule+0xae/0xc0 [ 383.751988][ C1] ? __pfx_do_exit+0x10/0x10 [ 383.752036][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 383.752064][ C1] do_group_exit+0x21c/0x2d0 [ 383.752094][ C1] __x64_sys_exit_group+0x3f/0x40 [ 383.752126][ C1] x64_sys_call+0x21ba/0x21c0 [ 383.752146][ C1] do_syscall_64+0xf6/0x210 [ 383.752171][ C1] ? clear_bhb_loop+0x45/0xa0 [ 383.752195][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.752228][ C1] RIP: 0033:0x7f4eecf8e969 [ 383.752245][ C1] Code: Unable to access opcode bytes at 0x7f4eecf8e93f. [ 383.752257][ C1] RSP: 002b:00007ffdc798aad8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 383.752278][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4eecf8e969 [ 383.752293][ C1] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 383.752306][ C1] RBP: 00007ffdc798ab3c R08: 0000001bc798abcf R09: 00000000000927c0 [ 383.752320][ C1] R10: 00000000000001dc R11: 0000000000000246 R12: 00000000000002b6 [ 383.752333][ C1] R13: 00000000000927c0 R14: 000000000005d8f7 R15: 00007ffdc798ab90 [ 383.752358][ C1] [ 383.752366][ C1] [ 383.790010][T14853] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 383.790458][ C1] Allocated by task 9404: [ 383.828380][ T5829] Bluetooth: hci0: command tx timeout [ 383.829507][ C1] kasan_save_track+0x3e/0x80 [ 384.255122][ C1] __kasan_kmalloc+0x93/0xb0 [ 384.259725][ C1] __kmalloc_cache_noprof+0x230/0x3d0 [ 384.265098][ C1] rose_add_node+0x23a/0xde0 [ 384.269690][ C1] rose_rt_ioctl+0xa48/0xfb0 [ 384.274319][ C1] rose_ioctl+0x3ce/0x8b0 [ 384.278647][ C1] sock_do_ioctl+0xd9/0x300 [ 384.283162][ C1] sock_ioctl+0x576/0x790 [ 384.287499][ C1] __se_sys_ioctl+0xf9/0x170 [ 384.292088][ C1] do_syscall_64+0xf6/0x210 [ 384.296590][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.302519][ C1] [ 384.304845][ C1] Freed by task 14985: [ 384.308908][ C1] kasan_save_track+0x3e/0x80 [ 384.313582][ C1] kasan_save_free_info+0x46/0x50 [ 384.318615][ C1] __kasan_slab_free+0x62/0x70 [ 384.323467][ C1] kfree+0x193/0x440 [ 384.327369][ C1] rose_rt_device_down+0x66d/0x6c0 [ 384.332486][ C1] rose_device_event+0x603/0x6a0 [ 384.337427][ C1] notifier_call_chain+0x1b3/0x3e0 [ 384.342623][ C1] __dev_notify_flags+0x18d/0x2e0 [ 384.347648][ C1] netif_change_flags+0xe8/0x1a0 [ 384.352583][ C1] dev_change_flags+0x130/0x260 [ 384.357432][ C1] dev_ioctl+0x7b4/0x1150 [ 384.361756][ C1] sock_do_ioctl+0x22c/0x300 [ 384.366351][ C1] sock_ioctl+0x576/0x790 [ 384.370685][ C1] __se_sys_ioctl+0xf9/0x170 [ 384.375279][ C1] do_syscall_64+0xf6/0x210 [ 384.379787][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.385680][ C1] [ 384.388004][ C1] The buggy address belongs to the object at ffff88807bb6ac00 [ 384.388004][ C1] which belongs to the cache kmalloc-512 of size 512 [ 384.402062][ C1] The buggy address is located 42 bytes inside of [ 384.402062][ C1] freed 512-byte region [ffff88807bb6ac00, ffff88807bb6ae00) [ 384.415770][ C1] [ 384.418096][ C1] The buggy address belongs to the physical page: [ 384.424888][ C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807bb68400 pfn:0x7bb68 [ 384.434950][ C1] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 384.443449][ C1] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 384.451984][ C1] page_type: f5(slab) [ 384.455987][ C1] raw: 00fff00000000240 ffff88801a041c80 ffffea0001fcaa10 ffffea000093ca10 [ 384.464593][ C1] raw: ffff88807bb68400 000000000010000a 00000000f5000000 0000000000000000 [ 384.473183][ C1] head: 00fff00000000240 ffff88801a041c80 ffffea0001fcaa10 ffffea000093ca10 [ 384.481856][ C1] head: ffff88807bb68400 000000000010000a 00000000f5000000 0000000000000000 [ 384.490546][ C1] head: 00fff00000000002 ffffea0001eeda01 00000000ffffffff 00000000ffffffff [ 384.499218][ C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 384.507881][ C1] page dumped because: kasan: bad access detected [ 384.514304][ C1] page_owner tracks the page as allocated [ 384.520018][ C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5878, tgid 5878 (udevd), ts 145773741679, free_ts 142931788022 [ 384.539121][ C1] post_alloc_hook+0x1d8/0x230 [ 384.543900][ C1] get_page_from_freelist+0x21ce/0x22b0 [ 384.549559][ C1] __alloc_frozen_pages_noprof+0x181/0x370 [ 384.555459][ C1] allocate_slab+0x65/0x3b0 [ 384.559966][ C1] ___slab_alloc+0xbfc/0x1480 [ 384.564655][ C1] __kmalloc_node_noprof+0x2fd/0x4e0 [ 384.569941][ C1] allocate_slab+0x17c/0x3b0 [ 384.574529][ C1] ___slab_alloc+0xbfc/0x1480 [ 384.579214][ C1] kmem_cache_alloc_noprof+0x283/0x3c0 [ 384.584680][ C1] __send_signal_locked+0x22a/0xeb0 [ 384.589968][ C1] group_send_sig_info+0x1fd/0x260 [ 384.595107][ C1] do_bpf_send_signal+0xa9/0x1e0 [ 384.600048][ C1] irq_work_single+0xde/0x240 [ 384.604726][ C1] irq_work_run+0x155/0x2f0 [ 384.609232][ C1] __sysvec_irq_work+0xa8/0x3d0 [ 384.614081][ C1] sysvec_irq_work+0x9e/0xc0 [ 384.618687][ C1] page last free pid 6041 tgid 6041 stack trace: [ 384.625006][ C1] __free_frozen_pages+0xb0e/0xcd0 [ 384.630127][ C1] __slab_free+0x326/0x400 [ 384.634539][ C1] qlist_free_all+0x9a/0x140 [ 384.639131][ C1] kasan_quarantine_reduce+0x148/0x160 [ 384.644590][ C1] __kasan_slab_alloc+0x22/0x80 [ 384.649444][ C1] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 384.654910][ C1] getname_flags+0xb8/0x540 [ 384.659415][ C1] vfs_fstatat+0x43/0x160 [ 384.663746][ C1] __x64_sys_newfstatat+0x11c/0x1a0 [ 384.668948][ C1] do_syscall_64+0xf6/0x210 [ 384.673451][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.679435][ C1] [ 384.681754][ C1] Memory state around the buggy address: [ 384.687379][ C1] ffff88807bb6ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 384.695442][ C1] ffff88807bb6ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 384.703523][ C1] >ffff88807bb6ac00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 384.711583][ C1] ^ [ 384.716954][ C1] ffff88807bb6ac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 384.725018][ C1] ffff88807bb6ad00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 384.733077][ C1] ================================================================== [ 384.741215][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 384.748441][ C1] CPU: 1 UID: 0 PID: 15026 Comm: syz.4.2468 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) [ 384.760538][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025 [ 384.770628][ C1] Call Trace: [ 384.773926][ C1] [ 384.776774][ C1] dump_stack_lvl+0x99/0x250 [ 384.781382][ C1] ? __asan_memcpy+0x40/0x70 [ 384.785978][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 384.791207][ C1] ? __pfx__printk+0x10/0x10 [ 384.795807][ C1] panic+0x2db/0x790 [ 384.799714][ C1] ? __pfx_panic+0x10/0x10 [ 384.804142][ C1] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 384.810033][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 384.815926][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 384.822256][ C1] ? print_memory_metadata+0x314/0x400 [ 384.827724][ C1] ? rose_timer_expiry+0x471/0x4b0 [ 384.832872][ C1] check_panic_on_warn+0x89/0xb0 [ 384.837925][ C1] ? rose_timer_expiry+0x471/0x4b0 [ 384.843248][ C1] end_report+0x78/0x160 [ 384.847518][ C1] kasan_report+0x129/0x150 [ 384.852045][ C1] ? rose_timer_expiry+0x471/0x4b0 [ 384.857172][ C1] rose_timer_expiry+0x471/0x4b0 [ 384.862124][ C1] call_timer_fn+0x17b/0x5f0 [ 384.866722][ C1] ? __pfx_rose_timer_expiry+0x10/0x10 [ 384.872213][ C1] ? call_timer_fn+0xbe/0x5f0 [ 384.876921][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 384.882062][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 384.887270][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 384.892670][ C1] ? __pfx_rose_timer_expiry+0x10/0x10 [ 384.898167][ C1] __run_timer_base+0x61a/0x860 [ 384.903129][ C1] ? ktime_get+0x3e/0x1f0 [ 384.907478][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 384.912863][ C1] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 384.919126][ C1] run_timer_softirq+0xb7/0x180 [ 384.924015][ C1] handle_softirqs+0x283/0x870 [ 384.928821][ C1] ? __irq_exit_rcu+0xca/0x1f0 [ 384.933598][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 384.938900][ C1] __irq_exit_rcu+0xca/0x1f0 [ 384.943491][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 384.948697][ C1] irq_exit_rcu+0x9/0x30 [ 384.952940][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 384.958589][ C1] [ 384.961545][ C1] [ 384.964498][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 384.970501][ C1] RIP: 0010:folios_put_refs+0x125/0x640 [ 384.976066][ C1] Code: 64 24 18 4d 8d 77 ff bf 1f 00 00 00 4c 89 f6 e8 41 ee c4 ff 49 83 fe 1e 0f 87 2e 03 00 00 e8 52 e9 c4 ff 4c 89 e8 48 c1 e8 03 <80> 3c 18 00 74 08 4c 89 ef e8 3d de 26 00 4c 89 6c 24 10 4f 8b 2c [ 384.995697][ C1] RSP: 0018:ffffc90003f77620 EFLAGS: 00000a06 [ 385.001805][ C1] RAX: 1ffff920007eef0f RBX: dffffc0000000000 RCX: ffff888051b5bc00 [ 385.009791][ C1] RDX: 0000000000000000 RSI: 000000000000001e RDI: 000000000000001f [ 385.017778][ C1] RBP: ffffc90003f77710 R08: ffffea0001b14a37 R09: 1ffffd4000362946 [ 385.025759][ C1] R10: dffffc0000000000 R11: fffff94000362947 R12: ffffc90003f77780 [ 385.033734][ C1] R13: ffffc90003f77878 R14: 000000000000001e R15: 000000000000001f [ 385.041724][ C1] ? __pfx_folios_put_refs+0x10/0x10 [ 385.047019][ C1] ? __lock_acquire+0xaac/0xd20 [ 385.051890][ C1] ? free_swap_cache+0x9b/0x300 [ 385.056752][ C1] free_pages_and_swap_cache+0x277/0x520 [ 385.062400][ C1] ? __pfx_free_pages_and_swap_cache+0x10/0x10 [ 385.068583][ C1] ? tlb_table_flush+0x36d/0x410 [ 385.073533][ C1] tlb_flush_mmu+0x3a0/0x680 [ 385.078135][ C1] ? __pfx_down_write+0x10/0x10 [ 385.082999][ C1] tlb_finish_mmu+0xc3/0x1d0 [ 385.087602][ C1] exit_mmap+0x474/0xba0 [ 385.091854][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 385.096624][ C1] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 385.102265][ C1] ? __pfx_exit_aio+0x10/0x10 [ 385.106952][ C1] ? uprobe_clear_state+0x274/0x290 [ 385.112164][ C1] __mmput+0x118/0x420 [ 385.116252][ C1] exit_mm+0x1da/0x2c0 [ 385.120334][ C1] ? __pfx_exit_mm+0x10/0x10 [ 385.124931][ C1] ? taskstats_exit+0x43c/0xa30 [ 385.129784][ C1] ? tty_audit_exit+0x153/0x200 [ 385.134642][ C1] do_exit+0x859/0x2550 [ 385.138891][ C1] ? preempt_schedule_common+0x83/0xd0 [ 385.144352][ C1] ? preempt_schedule+0xae/0xc0 [ 385.149212][ C1] ? __pfx_do_exit+0x10/0x10 [ 385.153814][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 385.159198][ C1] do_group_exit+0x21c/0x2d0 [ 385.163805][ C1] __x64_sys_exit_group+0x3f/0x40 [ 385.168833][ C1] x64_sys_call+0x21ba/0x21c0 [ 385.173514][ C1] do_syscall_64+0xf6/0x210 [ 385.178059][ C1] ? clear_bhb_loop+0x45/0xa0 [ 385.182742][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.188637][ C1] RIP: 0033:0x7f4eecf8e969 [ 385.193052][ C1] Code: Unable to access opcode bytes at 0x7f4eecf8e93f. [ 385.200069][ C1] RSP: 002b:00007ffdc798aad8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 385.208510][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4eecf8e969 [ 385.216492][ C1] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 385.224487][ C1] RBP: 00007ffdc798ab3c R08: 0000001bc798abcf R09: 00000000000927c0 [ 385.232456][ C1] R10: 00000000000001dc R11: 0000000000000246 R12: 00000000000002b6 [ 385.240424][ C1] R13: 00000000000927c0 R14: 000000000005d8f7 R15: 00007ffdc798ab90 [ 385.248407][ C1] [ 385.251712][ C1] Kernel Offset: disabled [ 385.256040][ C1] Rebooting in 86400 seconds..