last executing test programs: 1m13.714638132s ago: executing program 2 (id=1281): sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x14, 0x0, 0x200, 0x70bd25, 0x25dfcbfb}, 0x14}}, 0x4145) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socket$pptp(0x18, 0x1, 0x2) write$tun(r2, 0x0, 0x0) ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket(0x10, 0x80002, 0x0) unshare(0x480) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x9, &(0x7f0000000340)=0xffffffff, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "c4915c7f49541ce8", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "be0ea450d5a50003"}, 0x38) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0xa00}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 1m1.027628213s ago: executing program 2 (id=1281): sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x14, 0x0, 0x200, 0x70bd25, 0x25dfcbfb}, 0x14}}, 0x4145) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socket$pptp(0x18, 0x1, 0x2) write$tun(r2, 0x0, 0x0) ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket(0x10, 0x80002, 0x0) unshare(0x480) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x9, &(0x7f0000000340)=0xffffffff, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "c4915c7f49541ce8", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "be0ea450d5a50003"}, 0x38) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0xa00}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 47.713611049s ago: executing program 2 (id=1281): sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x14, 0x0, 0x200, 0x70bd25, 0x25dfcbfb}, 0x14}}, 0x4145) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socket$pptp(0x18, 0x1, 0x2) write$tun(r2, 0x0, 0x0) ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket(0x10, 0x80002, 0x0) unshare(0x480) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x9, &(0x7f0000000340)=0xffffffff, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "c4915c7f49541ce8", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "be0ea450d5a50003"}, 0x38) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0xa00}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 34.643347224s ago: executing program 2 (id=1281): sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x14, 0x0, 0x200, 0x70bd25, 0x25dfcbfb}, 0x14}}, 0x4145) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socket$pptp(0x18, 0x1, 0x2) write$tun(r2, 0x0, 0x0) ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket(0x10, 0x80002, 0x0) unshare(0x480) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x9, &(0x7f0000000340)=0xffffffff, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "c4915c7f49541ce8", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "be0ea450d5a50003"}, 0x38) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0xa00}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 21.073549465s ago: executing program 2 (id=1281): sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x14, 0x0, 0x200, 0x70bd25, 0x25dfcbfb}, 0x14}}, 0x4145) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socket$pptp(0x18, 0x1, 0x2) write$tun(r2, 0x0, 0x0) ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket(0x10, 0x80002, 0x0) unshare(0x480) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x9, &(0x7f0000000340)=0xffffffff, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "c4915c7f49541ce8", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "be0ea450d5a50003"}, 0x38) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0xa00}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 8.180039133s ago: executing program 0 (id=1954): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b8000000190001000000000000000030e00000020000000000000000000000000000000000000000000000000000000000000000000000000a00000029"], 0xb8}}, 0x4004) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b800000019000100000000000300000000000000000000000000000000000000fe8000000000000000000000000000bb0000fffd000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="f8ffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff0000000080000000000000ffe500000000000000008c43734d0355b78c00000000000002000000000000040000000000"], 0xb8}}, 0x4040000) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, &(0x7f0000000700)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000740)={0x80, 0x0, 0x500, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x0, 0x29}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0xb}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x63}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0xe}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x26}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x5f}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x4000000073}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x77}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x43}]}, 0x80}, 0x1, 0x0, 0x0, 0x40100}, 0x20000800) r5 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000980)={0x6}, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={0x1c, 0x52, 0x1, 0x70bd05, 0x4, {0x2}, [@typed={0x8, 0x1, 0x0, 0x0, @uid}]}, 0x1c}}, 0x800) sendmsg$NFNL_MSG_ACCT_DEL(r5, &(0x7f0000000440)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000030701080000000000030000000000000000054000000003"], 0x1c}, 0x1, 0x0, 0x0, 0xd}, 0x1) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x7}}, 0xb8}}, 0x10) sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000feffffff170000004800068008000600ffffffff3c00040067636d285dd1"], 0x5c}, 0x1, 0x0, 0x0, 0xd0}, 0x20000080) syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000001300)) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020200600000000000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58) r9 = accept4(r8, 0x0, 0x0, 0x0) sendmsg$alg(r9, &(0x7f0000008dc0)={0x0, 0x0, &(0x7f0000008cc0)=[{&(0x7f0000008a40)="7c72bf03f7d9c0fd0826786ffcfb99e55c1272594d5be5c7f1de9562bbf652", 0x1f}, {&(0x7f0000008c80)="9d", 0x7fffefe1}], 0x2}, 0x0) 7.449228515s ago: executing program 0 (id=1960): sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000001a40)=[{&(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0, 0x1}], 0x1, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000280)={'syzkaller0\x00', 0xca02}) close(r0) socket$netlink(0x10, 0x3, 0x0) preadv(r1, &(0x7f0000001300), 0x0, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) 7.265732454s ago: executing program 0 (id=1962): socket$inet6_udplite(0xa, 0x2, 0x88) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x5, 0x84) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) ppoll(&(0x7f0000000500)=[{r1}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x1000000000000000}, 0x0, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0xe429, @none, 0x401}, 0xe) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000009, 0x200000006c832, 0xffffffffffffffff, 0x0) 6.428916792s ago: executing program 2 (id=1281): sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x14, 0x0, 0x200, 0x70bd25, 0x25dfcbfb}, 0x14}}, 0x4145) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x41, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) socket$pptp(0x18, 0x1, 0x2) write$tun(r2, 0x0, 0x0) ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket(0x10, 0x80002, 0x0) unshare(0x480) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x9, &(0x7f0000000340)=0xffffffff, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "c4915c7f49541ce8", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "be0ea450d5a50003"}, 0x38) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0xa00}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 6.355796603s ago: executing program 0 (id=1969): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0f000000040000000800000008"], 0x48) (async) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) (async) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) (async) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x8, 0x7, 0x1, 0x0, "cf200073"}]}], {0x14}}, 0x70}}, 0x0) (async) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_SET_FLAGS(r3, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000440)={0x64, r1, 0x800, 0x70bd29, 0x25dfdbfb, {}, [@MPTCP_PM_ATTR_ADDR={0x34, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x10}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x4}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x14, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}]}]}, 0x64}}, 0x24000000) r4 = socket$packet(0x11, 0x2, 0x300) r5 = socket$packet(0x11, 0x3, 0x300) (async) r6 = socket$packet(0x11, 0x2, 0x300) (async) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000000)={0x0, 0xe, 0x80000000, 0x2e8a}, 0x10) setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000000), 0x8) (async) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000)={0x200}, 0x4) (async) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000), 0x8) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000004, 0x100010, 0xffffffffffffffff, 0x28c05000) (async) socketpair(0x18, 0x80000, 0x10001, &(0x7f0000000180)={0xffffffffffffffff}) (async) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000f00000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000085000000a000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async) r9 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r9, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x3000c085) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='xen_mc_callback\x00', r8, 0x0, 0x1}, 0x18) (async) r10 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r10, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8) (async) sendto$inet6(r10, &(0x7f00000004c0)='W', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback, 0x8}, 0x1c) (async) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r10, 0x84, 0x65, 0x0, 0x0) (async) r11 = socket$alg(0x26, 0x5, 0x0) bind$alg(r11, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58) accept4(r7, 0x0, 0x0, 0x800) 4.989956487s ago: executing program 0 (id=1970): unshare(0x68040200) socket$inet(0x2, 0x3, 0x7) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) epoll_create1(0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000200)=ANY=[@ANYBLOB="cd12429dc9ea00000000faf1d12149000040000400000001907864010102ffffffff019404010094040000940400000000000308901855bad372259c7977bf65b9f9f5290008ac1e0001ac14140454d802080748890df196d334715d8e1f1bc72798fde366118d1c891bcb14514c303b185e1784147529d5e8765045963ae6b7fdc9053f148acfe0676424be8783ba1ccfde872b3f7c9d7c350d5493db101ad1e1ad9200000000"], 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) close(0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfffff000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x1) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, 0x0, &(0x7f0000000100)=0x28) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r3, 0x0) syz_emit_ethernet(0x8f, &(0x7f0000000840)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x59, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0xc2, 0x0, 0x0, 0x0, {[@window={0x3, 0x3, 0xec}, @mss={0x2, 0x4}, @eol]}}, {"337e5a9dab4fa88f71114bfcba3e876ba3f00101bd5e6d9693d7308a48f0534ed8e446f1bb165a1bac6753cf871a29be1b1a3a37f09da18866ec8db405"}}}}}}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) writev(r4, &(0x7f0000000040)=[{&(0x7f0000000100)="290000002000190f00003fffffffda060200000000e80001dd0000040d000600ea1100000005000000", 0x29}], 0x1) 2.575706495s ago: executing program 4 (id=1999): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmsg$IPSET_CMD_LIST(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000001c00)={0x0, 0x60}, 0x1, 0x0, 0x0, 0x80}, 0x240400d5) recvmmsg(r1, &(0x7f0000002e80)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000200)=""/74, 0x4a}], 0x1}, 0xff}], 0x1, 0xa1, 0x0) 2.002666948s ago: executing program 3 (id=2004): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=r1, @ANYBLOB="00001700000000001c0037800b0001006970768a616e08000c0002"], 0x44}, 0x1, 0x0, 0x0, 0x4008010}, 0x8040) 1.976717795s ago: executing program 4 (id=2005): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) 1.127940411s ago: executing program 1 (id=2018): r0 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x2) listen(r0, 0x80) r1 = socket$inet(0x2, 0x80001, 0x84) socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_WOWLAN(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x28}}, 0x0) getsockname$packet(r3, 0x0, 0x0) r4 = socket(0x10, 0x803, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x40, 0x0, 0x0, r6}, [@IFA_LOCAL={0x14, 0x2, @ipv4}]}, 0x2c}}, 0x0) r7 = socket(0x10, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r8}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x681}]}, 0x34}}, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4) bind$inet(r1, 0x0, 0x0) listen(r1, 0x3a5) socket$nl_generic(0x10, 0x3, 0x10) 636.692875ms ago: executing program 3 (id=2019): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) mmap(&(0x7f000000d000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="b4000000000700007910480000000000c3020000000000009500000c0000000002ea3bd6b6dd680837c7ec21354889dd77ea007b18053803331f37503bdad7cabc7b3dd33dab322cc44e6ae9c5ae5b825c17"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48) 636.213202ms ago: executing program 1 (id=2020): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000009380)={&(0x7f0000009300)={0x30, 0x7, 0x6, 0x801, 0x0, 0x0, {0x5, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x2}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004884) 597.387974ms ago: executing program 1 (id=2021): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x88a8}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x600}, 0x0) 555.212851ms ago: executing program 4 (id=2022): syz_emit_ethernet(0x86, &(0x7f0000000000)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x1b59, 0x64, 0x0, @wg=@response={0x2, 0x0, 0xe0, "00ab086539040304010100e000000000000000efffffffff00", "9384bbeb3018ad591b661fe808b21b77", {"694c875dfb1be5d2a0057a62022a1564", "a329d3a13bd5b6cc6a9471314a1d8c69"}}}}}}}, 0x0) 476.721402ms ago: executing program 3 (id=2023): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmsg$IPSET_CMD_LIST(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000001c00)={0x0, 0x60}, 0x1, 0x0, 0x0, 0x80}, 0x240400d5) syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r1) 476.382732ms ago: executing program 1 (id=2024): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x5c, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x3}]}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x5c}}, 0x0) 444.363816ms ago: executing program 4 (id=2025): r0 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x48}}, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="2800000014002101000000000000000002200000", @ANYRES32=r1, @ANYBLOB="08000400ffffffff08000200e0"], 0x28}}, 0x4048001) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="280000001400212100000000000000000200"], 0x28}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@ipv4_newaddr={0x20, 0x14, 0x121, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r5}, [@IFA_LOCAL={0x8, 0x2, @dev}]}, 0x20}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x1f00, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv4_deladdr={0x18, 0x15, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r5}}, 0x18}}, 0x0) 351.920745ms ago: executing program 3 (id=2026): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) listen(r0, 0x7) connect$x25(r0, 0x0, 0x0) 256.606383ms ago: executing program 1 (id=2027): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f0000000280)=[{0x2, 0x5, {0x1, 0x1, 0x4}, {0x0, 0x0, 0x4}, 0xfe, 0xfe}], 0x20) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r2, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850) 164.691312ms ago: executing program 3 (id=2028): syz_emit_ethernet(0x3e, &(0x7f0000000400)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x20}, @void, {@ipv4={0x88e5, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @dev={0xac, 0x14, 0x14, 0x22}, @local}, @time_exceeded={0xb, 0x1, 0x0, 0x0, 0x4, 0x0, {0x5, 0x4, 0x3, 0x30, 0xe, 0x64, 0x650, 0xf9, 0x4, 0x7ff, @empty, @loopback}}}}}}, 0x0) 135.749977ms ago: executing program 4 (id=2029): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={0x48, r1, 0x1, 0x70ad29, 0x3, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x24, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5}, {0x5}, {0x5, 0x3, 0x6}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x48}}, 0x0) 125.687211ms ago: executing program 0 (id=2030): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000006c0)={0x30, r0, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0xf4, 0x2e}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x177f}]]}, 0x30}, 0x1, 0x0, 0x0, 0xd37697ff28093c0e}, 0x0) 16.686997ms ago: executing program 3 (id=2031): syz_emit_ethernet(0x86, &(0x7f0000000000)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x1b59, 0x64, 0x0, @wg=@response={0x2, 0x0, 0xe0, "00ab08653904030401010000000009c5000000efffffffff00", "9384bbeb3018ad591b661fe808b21b77", {"694c875dfb1be5d2a0057a62022a1564", "a329d3a13bd5b6cc6a9471314a1d8c69"}}}}}}}, 0x0) 16.424008ms ago: executing program 4 (id=2032): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) r1 = socket$inet6(0xa, 0x3, 0x2f) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000003c0)={{{@in=@remote, @in6=@loopback, 0x0, 0x0, 0xffff, 0x0, 0xa}, {0xc3e, 0x0, 0x0, 0x0, 0x40}, {}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {{@in=@private=0xa010102, 0x4d3, 0x33}, 0x0, @in=@local, 0x0, 0x0, 0x2, 0x3, 0x0, 0x6}}, 0xe8) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x1, @loopback, 0x3}, 0x1c) 0s ago: executing program 1 (id=2033): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0xf0) ioctl$sock_ax25_SIOCADDRT(r0, 0x890b, 0x0) ioctl$sock_ax25_SIOCADDRT(r0, 0x890b, &(0x7f0000000280)={@default, @null, 0x7, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast]}) ioctl$sock_ax25_SIOCADDRT(r0, 0x890b, &(0x7f00000000c0)={@default, @default, 0x0, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null]}) kernel console output (not intermixed with test programs): st mode [ 224.533171][T10496] veth1_macvtap: left allmulticast mode [ 224.540099][T10496] geneve0: left allmulticast mode [ 224.547177][T10496] geneve1: left allmulticast mode [ 224.557210][T10496] mac80211_hwsim hwsim5 wlan1: left allmulticast mode [ 224.566328][T10496] vlan2: left allmulticast mode [ 224.571187][T10496] syz_tun: left allmulticast mode [ 224.578329][T10496] macvlan2: left allmulticast mode [ 224.585385][T10496] bridge1: left allmulticast mode [ 224.594625][T10496] bond1: left allmulticast mode [ 224.599760][T10496] 8021q: adding VLAN 0 to HW filter on device bond1 [ 224.607712][T10496] gre1: left allmulticast mode [ 224.614870][T10496] bond2: left allmulticast mode [ 224.620035][T10496] 8021q: adding VLAN 0 to HW filter on device bond2 [ 224.628039][T10496] gretap1: left allmulticast mode [ 224.640701][T10496] bridge2: left allmulticast mode [ 224.647604][T10496] netdevsim netdevsim3 eth0: left allmulticast mode [ 224.656663][T10496] netdevsim netdevsim3 eth1: left allmulticast mode [ 224.665032][T10496] netdevsim netdevsim3 eth2: left allmulticast mode [ 224.674958][T10496] netdevsim netdevsim3 eth3: left allmulticast mode [ 224.683463][T10496] bond3: left allmulticast mode [ 224.688587][T10496] 8021q: adding VLAN 0 to HW filter on device bond3 [ 224.699634][T10496] bridge3: left allmulticast mode [ 224.706225][T10496] macvlan3: left allmulticast mode [ 224.719816][T10496] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 224.730003][T10496] 8021q: adding VLAN 0 to HW filter on device bond4 [ 224.743719][T10496] macvlan4: left allmulticast mode [ 224.748939][T10496] mac80211_hwsim hwsim4 wlan0: left allmulticast mode [ 224.781296][ T36] mac80211_hwsim hwsim10 wlan0 (unregistering): left allmulticast mode [ 224.824554][T10514] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 224.830741][T10520] gretap1: entered promiscuous mode [ 224.914270][T10527] syzkaller0: entered promiscuous mode [ 224.919774][T10527] syzkaller0: entered allmulticast mode [ 224.998719][T10543] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 225.042839][ T51] Bluetooth: hci4: command tx timeout [ 226.178617][ T5909] syz!: Port: 1 Link ACTIVE [ 226.183967][ T3543] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 226.193582][ T3543] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 226.203184][ T3543] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 226.308988][T10546] gretap1: entered promiscuous mode [ 226.331629][ T3543] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 226.349004][T10435] chnl_net:caif_netlink_parms(): no params data found [ 226.379522][T10554] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1320'. [ 226.521283][ T66] ip6_tunnel: syztnl2 xmit: Local address not yet configured! [ 226.683511][T10562] xt_hashlimit: size too large, truncated to 1048576 [ 226.730208][T10567] netlink: 'syz.3.1322': attribute type 1 has an invalid length. [ 226.752804][T10567] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1322'. [ 226.781214][T10572] netlink: 5 bytes leftover after parsing attributes in process `syz.4.1323'. [ 226.897388][T10567] xt_CT: No such helper "snmp" [ 226.971513][ T36] hsr_slave_0: left promiscuous mode [ 227.022355][ T36] hsr_slave_1: left promiscuous mode [ 227.035327][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 227.125759][ T51] Bluetooth: hci4: command tx timeout [ 227.134998][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 227.147687][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 227.188233][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 227.192895][T10585] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1326'. [ 227.225605][ T36] veth1_vlan: left promiscuous mode [ 227.231221][ T36] veth0_vlan: left promiscuous mode [ 227.356468][ T36] pim6reg (unregistering): left allmulticast mode [ 227.604808][T10595] netlink: 'syz.1.1327': attribute type 1 has an invalid length. [ 227.709927][T10597] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 227.936497][T10602] netlink: 'syz.3.1329': attribute type 13 has an invalid length. [ 227.949918][T10602] netlink: 'syz.3.1329': attribute type 17 has an invalid length. [ 228.182770][ T36] team0 (unregistering): Port device team_slave_1 removed [ 228.224234][ T36] team0 (unregistering): Port device team_slave_0 removed [ 228.239488][T10607] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 228.304121][T10607] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 228.368331][T10607] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 228.667764][T10595] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 228.677226][T10594] gretap1: entered promiscuous mode [ 228.790468][T10435] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.798458][T10435] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.807736][T10435] bridge_slave_0: entered allmulticast mode [ 228.815840][T10435] bridge_slave_0: entered promiscuous mode [ 228.857901][T10435] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.882718][T10435] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.889995][T10435] bridge_slave_1: entered allmulticast mode [ 228.916490][T10435] bridge_slave_1: entered promiscuous mode [ 228.979566][T10435] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 228.997530][T10435] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 229.085461][T10618] gretap1: entered promiscuous mode [ 229.192825][ T51] Bluetooth: hci4: command tx timeout [ 229.216710][T10621] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1332'. [ 229.243877][T10435] team0: Port device team_slave_0 added [ 229.250872][T10621] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1332'. [ 229.264785][T10435] team0: Port device team_slave_1 added [ 229.408814][ T36] IPVS: stop unused estimator thread 0... [ 229.438960][T10435] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 229.460493][T10435] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 229.518165][T10435] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 229.625701][T10627] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1335'. [ 229.637744][T10435] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 229.650246][T10435] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 229.680296][T10435] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 229.698532][T10631] (unnamed net_device) (uninitialized): option min_links: invalid value (18446744073709551604) [ 229.720032][T10631] (unnamed net_device) (uninitialized): option min_links: allowed values 0 - 2147483647 [ 230.060201][T10638] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1337'. [ 230.097867][T10435] hsr_slave_0: entered promiscuous mode [ 230.108212][T10435] hsr_slave_1: entered promiscuous mode [ 230.116777][T10435] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 230.127158][T10435] Cannot create hsr debugfs directory [ 230.360345][T10647] netlink: 'syz.1.1341': attribute type 1 has an invalid length. [ 230.564557][T10647] 8021q: adding VLAN 0 to HW filter on device bond1 [ 230.579634][T10648] gretap1: entered promiscuous mode [ 230.588144][T10648] bond1: (slave gretap1): making interface the new active one [ 230.596968][T10648] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 230.623013][T10650] macvlan5: entered promiscuous mode [ 230.628342][T10650] macvlan5: entered allmulticast mode [ 230.642276][T10650] bond1: entered promiscuous mode [ 230.651053][T10650] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 230.665296][T10650] bond1: (slave macvlan5): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 230.686628][T10650] bond1: left promiscuous mode [ 230.711719][ C1] ip6_tunnel: syztnl2 xmit: Local address not yet configured! [ 231.590579][T10681] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1346'. [ 231.647939][T10684] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1349'. [ 231.682512][T10684] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1349'. [ 232.101969][T10694] xt_hashlimit: size too large, truncated to 1048576 [ 232.341600][T10435] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 232.376319][T10435] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 232.395885][T10435] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 232.441169][T10435] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 232.643375][T10435] 8021q: adding VLAN 0 to HW filter on device bond0 [ 232.659236][T10720] netlink: 240 bytes leftover after parsing attributes in process `syz.3.1361'. [ 232.692874][T10725] netlink: 'syz.4.1362': attribute type 10 has an invalid length. [ 232.705476][T10435] 8021q: adding VLAN 0 to HW filter on device team0 [ 232.723649][T10725] netlink: 'syz.4.1362': attribute type 10 has an invalid length. [ 232.743284][ T66] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.750422][ T66] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.794916][T10725] !: left allmulticast mode [ 232.804014][T10725] team0: Port device 0! removed [ 232.837242][ T66] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.844434][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.565955][T10761] netlink: 'syz.4.1373': attribute type 1 has an invalid length. [ 233.701202][T10761] 8021q: adding VLAN 0 to HW filter on device bond7 [ 233.770610][T10765] 8021q: adding VLAN 0 to HW filter on device bond7 [ 233.773724][T10755] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1371'. [ 233.788095][T10765] bond7: (slave vxcan11): The slave device specified does not support setting the MAC address [ 233.799614][T10765] bond7: (slave vxcan11): Error -95 calling set_mac_address [ 233.904778][T10435] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 234.145935][T10435] veth0_vlan: entered promiscuous mode [ 234.160592][T10773] xt_CT: No such helper "pptp" [ 234.214612][T10435] veth1_vlan: entered promiscuous mode [ 234.297984][T10778] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1377'. [ 234.316999][T10435] veth0_macvtap: entered promiscuous mode [ 234.339545][T10435] veth1_macvtap: entered promiscuous mode [ 234.366165][T10435] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 234.398674][T10435] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 234.428178][T10782] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1378'. [ 234.446931][ T66] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.502105][ T66] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.524863][ T66] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.546404][ T66] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.699351][T10787] netlink: 88 bytes leftover after parsing attributes in process `syz.4.1380'. [ 234.703753][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.715592][T10787] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1380'. [ 234.725340][T10789] netlink: 'syz.0.1381': attribute type 10 has an invalid length. [ 234.739097][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.746713][T10787] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1380'. [ 234.746736][T10787] netlink: 88 bytes leftover after parsing attributes in process `syz.4.1380'. [ 234.821031][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.833936][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 235.103668][T10801] netlink: 'syz.0.1386': attribute type 13 has an invalid length. [ 235.151763][T10801] netlink: 'syz.0.1386': attribute type 17 has an invalid length. [ 235.160419][T10801] lo: left allmulticast mode [ 235.192180][T10795] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1384'. [ 235.247883][T10801] tunl0: left allmulticast mode [ 235.269800][T10801] gre0: left allmulticast mode [ 235.283644][T10811] xt_hashlimit: size too large, truncated to 1048576 [ 235.289795][T10801] gretap0: left allmulticast mode [ 235.312260][T10801] erspan0: left allmulticast mode [ 235.355813][T10801] ip_vti0: left allmulticast mode [ 235.383571][T10801] ip6_vti0: left allmulticast mode [ 235.409146][T10801] sit0: left allmulticast mode [ 235.421265][T10817] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 235.467699][T10801] ip6tnl0: left allmulticast mode [ 235.499537][T10801] ip6gre0: left allmulticast mode [ 235.523909][T10801] syz_tun: left allmulticast mode [ 235.552219][T10801] ip6gretap0: left allmulticast mode [ 235.573177][T10801] bridge0: left allmulticast mode [ 235.588575][T10817] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 235.623146][T10801] vcan0: left allmulticast mode [ 235.632601][T10801] bond0: left allmulticast mode [ 235.639147][T10801] 8021q: adding VLAN 0 to HW filter on device bond0 [ 235.656615][T10801] team0: left allmulticast mode [ 235.679332][T10801] 8021q: adding VLAN 0 to HW filter on device team0 [ 235.692881][T10817] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 235.714765][T10801] nlmon0: left allmulticast mode [ 235.727020][T10801] caif0: left allmulticast mode [ 235.734326][T10801] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 235.983405][ T36] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.105305][T10823] netlink: 'syz.4.1389': attribute type 1 has an invalid length. [ 236.217502][ T36] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.339537][T10823] 8021q: adding VLAN 0 to HW filter on device bond8 [ 236.400905][T10827] 8021q: adding VLAN 0 to HW filter on device bond8 [ 236.418942][T10827] bond8: (slave vxcan11): The slave device specified does not support setting the MAC address [ 236.466413][T10827] bond8: (slave vxcan11): Error -95 calling set_mac_address [ 236.564915][ T5855] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 236.576892][ T5855] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 236.585522][ T5855] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 236.605716][ T36] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.608555][ T5855] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 236.632635][ T5855] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 236.759475][ T36] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.798919][T10843] netlink: 'syz.3.1394': attribute type 1 has an invalid length. [ 236.834293][T10843] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1394'. [ 236.977383][T10843] xt_CT: No such helper "snmp" [ 237.415524][ T36] bridge_slave_1: left allmulticast mode [ 237.430569][ T36] bridge_slave_1: left promiscuous mode [ 237.454636][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.487781][ T36] bridge_slave_0: left allmulticast mode [ 237.504921][ T36] bridge_slave_0: left promiscuous mode [ 237.521070][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.793778][T10861] netlink: 'syz.3.1398': attribute type 1 has an invalid length. [ 238.030521][T10868] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1399'. [ 238.255198][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 238.297505][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 238.323507][ T36] bond0 (unregistering): Released all slaves [ 238.430425][T10861] 8021q: adding VLAN 0 to HW filter on device bond6 [ 238.487911][T10863] macvlan5: entered promiscuous mode [ 238.493448][T10863] macvlan5: entered allmulticast mode [ 238.500110][T10863] bond6: entered promiscuous mode [ 238.512734][T10863] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 238.556799][T10863] bond6: left promiscuous mode [ 238.581544][T10885] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1404'. [ 238.711708][ T5855] Bluetooth: hci4: command tx timeout [ 238.954621][T10894] netlink: 'syz.4.1407': attribute type 1 has an invalid length. [ 239.132074][T10894] 8021q: adding VLAN 0 to HW filter on device bond9 [ 239.265868][T10898] 8021q: adding VLAN 0 to HW filter on device bond9 [ 239.277065][T10898] bond9: (slave vxcan11): The slave device specified does not support setting the MAC address [ 239.296341][T10898] bond9: (slave vxcan11): Error -95 calling set_mac_address [ 239.570705][T10836] chnl_net:caif_netlink_parms(): no params data found [ 239.752099][ C1] ip6_tunnel: syztnl2 xmit: Local address not yet configured! [ 239.901677][T10920] __nla_validate_parse: 1 callbacks suppressed [ 239.901695][T10920] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1412'. [ 239.931011][T10920] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1412'. [ 239.952800][T10920] netlink: 'syz.4.1412': attribute type 14 has an invalid length. [ 240.020372][T10836] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.029466][T10836] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.053149][T10836] bridge_slave_0: entered allmulticast mode [ 240.061150][T10836] bridge_slave_0: entered promiscuous mode [ 240.116919][ T36] hsr_slave_0: left promiscuous mode [ 240.143673][ T36] hsr_slave_1: left promiscuous mode [ 240.149840][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 240.176412][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 240.216153][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 240.241944][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 240.314359][T10941] netlink: 'syz.0.1416': attribute type 1 has an invalid length. [ 240.341303][ T36] veth1_macvtap: left promiscuous mode [ 240.391474][ T36] veth0_macvtap: left promiscuous mode [ 240.397190][ T36] veth1_vlan: left promiscuous mode [ 240.415596][ T36] veth0_vlan: left promiscuous mode [ 240.697917][T10925] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1414'. [ 240.765906][T10943] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1414'. [ 240.802240][ T5855] Bluetooth: hci4: command tx timeout [ 240.998938][ T36] team0 (unregistering): Port device team_slave_1 removed [ 241.040864][ T36] team0 (unregistering): Port device team_slave_0 removed [ 241.373497][T10836] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.380729][T10836] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.390943][T10836] bridge_slave_1: entered allmulticast mode [ 241.407175][T10836] bridge_slave_1: entered promiscuous mode [ 241.459894][T10941] 8021q: adding VLAN 0 to HW filter on device bond6 [ 241.483473][T10947] macvlan4: entered promiscuous mode [ 241.488873][T10947] macvlan4: entered allmulticast mode [ 241.495651][T10947] bond6: entered promiscuous mode [ 241.501150][T10947] 8021q: adding VLAN 0 to HW filter on device macvlan4 [ 241.510509][T10947] bond6: left promiscuous mode [ 241.623385][T10836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 241.648248][T10836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 241.808361][T10958] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1418'. [ 241.842599][T10953] xt_hashlimit: size too large, truncated to 1048576 [ 242.084514][T10836] team0: Port device team_slave_0 added [ 242.181131][T10836] team0: Port device team_slave_1 added [ 242.341432][T10970] netlink: 'syz.0.1419': attribute type 1 has an invalid length. [ 242.349291][T10970] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1419'. [ 242.500923][T10970] xt_CT: No such helper "snmp" [ 242.529681][T10977] netlink: 'syz.3.1420': attribute type 1 has an invalid length. [ 242.544885][T10977] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1420'. [ 242.562272][T10836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 242.569251][T10836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 242.601152][T10836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 242.647826][T10836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 242.661374][T10836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 242.690007][T10836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 242.720009][T10977] xt_CT: No such helper "snmp" [ 242.827326][T10836] hsr_slave_0: entered promiscuous mode [ 242.842779][T10836] hsr_slave_1: entered promiscuous mode [ 242.849377][T10836] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 242.862626][T10836] Cannot create hsr debugfs directory [ 242.874362][ T5855] Bluetooth: hci4: command tx timeout [ 243.474891][T10997] FAULT_INJECTION: forcing a failure. [ 243.474891][T10997] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 243.488341][T10997] CPU: 1 UID: 0 PID: 10997 Comm: syz.3.1426 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) [ 243.488370][T10997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 243.488393][T10997] Call Trace: [ 243.488401][T10997] [ 243.488409][T10997] dump_stack_lvl+0x189/0x250 [ 243.488439][T10997] ? __pfx____ratelimit+0x10/0x10 [ 243.488464][T10997] ? __pfx_dump_stack_lvl+0x10/0x10 [ 243.488487][T10997] ? __pfx__printk+0x10/0x10 [ 243.488514][T10997] ? __might_fault+0xb0/0x130 [ 243.488549][T10997] should_fail_ex+0x414/0x560 [ 243.488582][T10997] _copy_from_user+0x2d/0xb0 [ 243.488606][T10997] ___sys_sendmsg+0x158/0x2a0 [ 243.488638][T10997] ? __pfx____sys_sendmsg+0x10/0x10 [ 243.488705][T10997] ? __fget_files+0x2a/0x420 [ 243.488730][T10997] ? __fget_files+0x3a0/0x420 [ 243.488767][T10997] __x64_sys_sendmsg+0x19b/0x260 [ 243.488789][T10997] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 243.488828][T10997] ? __pfx_ksys_write+0x10/0x10 [ 243.488848][T10997] ? rcu_is_watching+0x15/0xb0 [ 243.488877][T10997] ? do_syscall_64+0xbe/0x3b0 [ 243.488907][T10997] do_syscall_64+0xfa/0x3b0 [ 243.488930][T10997] ? lockdep_hardirqs_on+0x9c/0x150 [ 243.488954][T10997] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.488973][T10997] ? clear_bhb_loop+0x60/0xb0 [ 243.488997][T10997] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.489016][T10997] RIP: 0033:0x7f2936f8e929 [ 243.489033][T10997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.489050][T10997] RSP: 002b:00007f2937eb1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 243.489071][T10997] RAX: ffffffffffffffda RBX: 00007f29371b5fa0 RCX: 00007f2936f8e929 [ 243.489086][T10997] RDX: 0000000004040040 RSI: 0000200000000000 RDI: 0000000000000003 [ 243.489099][T10997] RBP: 00007f2937eb1090 R08: 0000000000000000 R09: 0000000000000000 [ 243.489111][T10997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 243.489123][T10997] R13: 0000000000000000 R14: 00007f29371b5fa0 R15: 00007fff033d89e8 [ 243.489155][T10997] [ 243.716982][T11001] netlink: 'syz.0.1427': attribute type 1 has an invalid length. [ 243.794167][T11001] 8021q: adding VLAN 0 to HW filter on device bond7 [ 243.872100][T11001] macvlan4: entered promiscuous mode [ 243.877502][T11001] macvlan4: entered allmulticast mode [ 243.885402][T11001] bond7: entered promiscuous mode [ 243.891072][T11001] 8021q: adding VLAN 0 to HW filter on device macvlan4 [ 243.956446][T11001] bond7: left promiscuous mode [ 244.010542][T11003] netlink: 'syz.1.1428': attribute type 10 has an invalid length. [ 244.502977][T11030] netlink: 'syz.1.1435': attribute type 10 has an invalid length. [ 244.529796][T11030] veth0_vlan: left promiscuous mode [ 244.537618][T11032] netlink: 'syz.0.1434': attribute type 1 has an invalid length. [ 244.547311][T11030] veth0_vlan: entered promiscuous mode [ 244.553011][T11032] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1434'. [ 244.565180][T11030] team0: Device veth0_vlan failed to register rx_handler [ 244.646331][T10836] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 244.701021][T10836] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 244.740592][T11032] xt_CT: No such helper "snmp" [ 244.836099][T10836] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 244.850474][T10836] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 244.912564][T11041] netlink: 17 bytes leftover after parsing attributes in process `syz.1.1437'. [ 244.951476][ T5855] Bluetooth: hci4: command tx timeout [ 245.516779][T10836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.571490][T11051] pim6reg1: entered promiscuous mode [ 245.576825][T11051] pim6reg1: entered allmulticast mode [ 245.770021][T10836] 8021q: adding VLAN 0 to HW filter on device team0 [ 245.792108][ T1145] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.799354][ T1145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 245.834045][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.841278][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 245.984910][T10836] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 246.023262][T10836] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 246.105107][T11058] syzkaller0: entered promiscuous mode [ 246.121566][T11058] syzkaller0: entered allmulticast mode [ 246.668760][T11065] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1441'. [ 247.587607][T11065] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 247.616051][T11065] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 247.627413][T11065] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 247.769116][T10836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 247.807369][T11069] FAULT_INJECTION: forcing a failure. [ 247.807369][T11069] name failslab, interval 1, probability 0, space 0, times 0 [ 247.825564][T11072] netlink: 'syz.1.1443': attribute type 1 has an invalid length. [ 247.833929][T11069] CPU: 0 UID: 0 PID: 11069 Comm: syz.4.1444 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) [ 247.833957][T11069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 247.833969][T11069] Call Trace: [ 247.833976][T11069] [ 247.833984][T11069] dump_stack_lvl+0x189/0x250 [ 247.834010][T11069] ? __pfx____ratelimit+0x10/0x10 [ 247.834034][T11069] ? __pfx_dump_stack_lvl+0x10/0x10 [ 247.834058][T11069] ? __pfx__printk+0x10/0x10 [ 247.834086][T11069] ? __pfx___might_resched+0x10/0x10 [ 247.834108][T11069] ? fs_reclaim_acquire+0x7d/0x100 [ 247.834139][T11069] should_fail_ex+0x414/0x560 [ 247.834172][T11069] should_failslab+0xa8/0x100 [ 247.834198][T11069] __kmalloc_noprof+0xcb/0x4f0 [ 247.834220][T11069] ? tomoyo_encode+0x28b/0x550 [ 247.834243][T11069] tomoyo_encode+0x28b/0x550 [ 247.834267][T11069] tomoyo_realpath_from_path+0x58d/0x5d0 [ 247.834296][T11069] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 247.834322][T11069] tomoyo_path_number_perm+0x1e8/0x5a0 [ 247.834348][T11069] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 247.834389][T11069] ? __lock_acquire+0xab9/0xd20 [ 247.834429][T11069] ? __fget_files+0x2a/0x420 [ 247.834456][T11069] ? __fget_files+0x2a/0x420 [ 247.834479][T11069] ? __fget_files+0x3a0/0x420 [ 247.834502][T11069] ? __fget_files+0x2a/0x420 [ 247.834557][T11069] security_file_ioctl+0xcb/0x2d0 [ 247.834583][T11069] __se_sys_ioctl+0x47/0x170 [ 247.834604][T11069] do_syscall_64+0xfa/0x3b0 [ 247.834626][T11069] ? lockdep_hardirqs_on+0x9c/0x150 [ 247.834650][T11069] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.834669][T11069] ? clear_bhb_loop+0x60/0xb0 [ 247.834690][T11069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.834708][T11069] RIP: 0033:0x7f3b05b8e929 [ 247.834725][T11069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.834742][T11069] RSP: 002b:00007f3b069e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 247.834762][T11069] RAX: ffffffffffffffda RBX: 00007f3b05db5fa0 RCX: 00007f3b05b8e929 [ 247.834774][T11069] RDX: 0000000000000000 RSI: 000000000000541b RDI: 0000000000000003 [ 247.834786][T11069] RBP: 00007f3b069e5090 R08: 0000000000000000 R09: 0000000000000000 [ 247.834798][T11069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 247.834808][T11069] R13: 0000000000000000 R14: 00007f3b05db5fa0 R15: 00007ffcb15714c8 [ 247.834839][T11069] [ 247.835031][T11069] ERROR: Out of memory at tomoyo_realpath_from_path. [ 248.108010][T11072] 8021q: adding VLAN 0 to HW filter on device bond2 [ 248.133559][T10836] veth0_vlan: entered promiscuous mode [ 248.170053][T11073] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1442'. [ 248.198413][T11076] macvlan5: entered promiscuous mode [ 248.204530][T11076] macvlan5: entered allmulticast mode [ 248.212647][T11076] bond2: entered promiscuous mode [ 248.218590][T11076] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 248.233768][T11076] bond2: left promiscuous mode [ 248.286876][T10836] veth1_vlan: entered promiscuous mode [ 248.407226][T10836] veth0_macvtap: entered promiscuous mode [ 248.473250][T10836] veth1_macvtap: entered promiscuous mode [ 248.550131][T10836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 248.595353][T10836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 248.629947][T11082] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1446'. [ 248.662923][ T3519] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.690398][ T3519] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.745705][ T3519] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.769809][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.839875][T11086] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1447'. [ 249.022899][ T3519] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 249.041377][ T3519] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 249.096296][T11106] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1449'. [ 249.103907][T11108] netlink: 844 bytes leftover after parsing attributes in process `syz.3.1449'. [ 249.118224][T11104] tipc: Enabled bearer , priority 0 [ 249.137773][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 249.152087][T11104] syzkaller0: entered promiscuous mode [ 249.159100][T11104] syzkaller0: entered allmulticast mode [ 249.165144][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 249.258114][T11104] tipc: Resetting bearer [ 249.313252][T11102] tipc: Resetting bearer [ 249.357094][T11102] tipc: Disabling bearer [ 249.382389][T11121] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1456'. [ 249.393647][T11121] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1456'. [ 249.461575][T11115] pim6reg1: entered promiscuous mode [ 249.466926][T11115] pim6reg1: entered allmulticast mode [ 249.610483][T11126] netlink: 'syz.0.1457': attribute type 13 has an invalid length. [ 249.632266][T11126] netlink: 'syz.0.1457': attribute type 17 has an invalid length. [ 249.663775][T11126] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 249.829001][T11133] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 249.928624][T11133] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 250.000360][ T1145] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.055609][T11146] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 250.166105][T11148] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1461'. [ 250.274482][ T1145] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.550889][T11153] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1462'. [ 250.577262][ T1145] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.795980][ T1145] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.938929][T11164] netlink: 'syz.3.1465': attribute type 5 has an invalid length. [ 251.116215][T11168] netlink: 240 bytes leftover after parsing attributes in process `syz.4.1466'. [ 251.128502][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 251.137431][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 251.146278][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 251.155822][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 251.163834][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 251.350900][T11167] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1467'. [ 251.377338][T11183] xt_hashlimit: size too large, truncated to 1048576 [ 251.451523][ T1145] bridge_slave_1: left allmulticast mode [ 251.457224][ T1145] bridge_slave_1: left promiscuous mode [ 251.501705][ T1145] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.529835][ T1145] bridge_slave_0: left allmulticast mode [ 251.555049][ T1145] bridge_slave_0: left promiscuous mode [ 251.561061][ T1145] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.660309][T11190] netlink: 'syz.1.1472': attribute type 1 has an invalid length. [ 251.683643][T11190] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1472'. [ 251.845193][T11190] xt_CT: No such helper "snmp" [ 252.134573][ T1145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 252.145955][ T1145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 252.160426][ T1145] bond0 (unregistering): Released all slaves [ 252.420402][T11209] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 252.962041][T11228] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1483'. [ 253.200174][ T51] Bluetooth: hci4: command tx timeout [ 253.281624][T11234] wireguard0: entered promiscuous mode [ 253.287146][T11234] wireguard0: entered allmulticast mode [ 253.567199][ T1145] hsr_slave_0: left promiscuous mode [ 253.584343][ T1145] hsr_slave_1: left promiscuous mode [ 253.590469][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 253.604425][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 253.632982][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 253.640531][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 253.665354][T11250] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1487'. [ 253.677144][ T1145] veth1_macvtap: left promiscuous mode [ 253.683197][ T1145] veth0_macvtap: left promiscuous mode [ 253.688827][ T1145] veth1_vlan: left promiscuous mode [ 253.694596][ T1145] veth0_vlan: left promiscuous mode [ 254.226943][ T1145] team0 (unregistering): Port device team_slave_1 removed [ 254.267758][ T1145] team0 (unregistering): Port device team_slave_0 removed [ 254.671703][T11256] pim6reg1: entered promiscuous mode [ 254.677036][T11256] pim6reg1: entered allmulticast mode [ 254.805714][T11269] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 254.813006][T11269] IPv6: NLM_F_CREATE should be set when creating new route [ 254.857565][T11269] lo: entered allmulticast mode [ 254.882619][T11269] tunl0: entered allmulticast mode [ 254.905177][T11269] gre0: entered allmulticast mode [ 254.946653][T11269] gretap0: entered allmulticast mode [ 254.972446][T11269] erspan0: entered allmulticast mode [ 254.992106][T11269] ip_vti0: entered allmulticast mode [ 255.009388][T11269] ip6_vti0: entered allmulticast mode [ 255.030247][T11269] sit0: entered allmulticast mode [ 255.041543][T11269] ip6tnl0: entered allmulticast mode [ 255.058840][T11269] ip6gre0: entered allmulticast mode [ 255.078585][T11269] syz_tun: entered allmulticast mode [ 255.086548][T11269] ip6gretap0: entered allmulticast mode [ 255.106585][T11269] bridge0: entered allmulticast mode [ 255.127092][T11269] vcan0: entered allmulticast mode [ 255.148878][T11269] bond0: entered allmulticast mode [ 255.189242][T11269] team0: entered allmulticast mode [ 255.205720][T11276] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1491'. [ 255.213865][T11269] !: entered allmulticast mode [ 255.226834][T11269] nlmon0: entered allmulticast mode [ 255.240171][T11269] caif0: entered allmulticast mode [ 255.249565][T11269] syztnl0: entered allmulticast mode [ 255.255962][T11269] batadv0.1: entered allmulticast mode [ 255.273947][T11269] ip6tnl1: entered allmulticast mode [ 255.279617][T11269] bond3: entered allmulticast mode [ 255.285028][ T51] Bluetooth: hci4: command tx timeout [ 255.294467][T11269] vxcan4: entered allmulticast mode [ 255.299819][T11269] vxcan5: entered allmulticast mode [ 255.306091][T11269] bond4: entered allmulticast mode [ 255.319642][T11269] vxlan0: entered allmulticast mode [ 255.327575][T11269] bond5: entered allmulticast mode [ 255.335385][T11269] bridge5: entered allmulticast mode [ 255.343635][T11269] bond6: entered allmulticast mode [ 255.349869][T11269] vxcan6: entered allmulticast mode [ 255.356253][T11269] vxcan7: entered allmulticast mode [ 255.362919][T11269] bond7: entered allmulticast mode [ 255.368928][T11269] vxcan8: entered allmulticast mode [ 255.374787][T11269] vxcan9: entered allmulticast mode [ 255.409375][ T12] netdevsim netdevsim0 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 255.442787][ T12] netdevsim netdevsim0 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 255.509242][ T12] netdevsim netdevsim0 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 255.571558][ T12] netdevsim netdevsim0 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 255.637779][T11294] xt_hashlimit: size too large, truncated to 1048576 [ 256.018333][T11171] chnl_net:caif_netlink_parms(): no params data found [ 256.080927][T11305] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1500'. [ 256.382455][T11317] netlink: 88 bytes leftover after parsing attributes in process `syz.4.1503'. [ 256.402798][T11317] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1503'. [ 256.425608][T11317] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1503'. [ 256.438632][T11317] netlink: 88 bytes leftover after parsing attributes in process `syz.4.1503'. [ 256.499047][T11171] bridge0: port 1(bridge_slave_0) entered blocking state [ 256.516514][T11171] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.529225][T11171] bridge_slave_0: entered allmulticast mode [ 256.537571][T11171] bridge_slave_0: entered promiscuous mode [ 256.546743][T11171] bridge0: port 2(bridge_slave_1) entered blocking state [ 256.554202][T11171] bridge0: port 2(bridge_slave_1) entered disabled state [ 256.564633][T11171] bridge_slave_1: entered allmulticast mode [ 256.573097][T11171] bridge_slave_1: entered promiscuous mode [ 256.644951][T11171] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 256.664166][T11171] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 256.720445][T11171] team0: Port device team_slave_0 added [ 256.741284][T11171] team0: Port device team_slave_1 added [ 256.758374][T11329] netlink: 'syz.0.1506': attribute type 1 has an invalid length. [ 256.839158][T11329] 8021q: adding VLAN 0 to HW filter on device bond8 [ 256.978387][T11329] macvlan4: entered promiscuous mode [ 256.984139][T11329] macvlan4: entered allmulticast mode [ 256.996232][T11329] bond8: entered promiscuous mode [ 257.007321][T11329] 8021q: adding VLAN 0 to HW filter on device macvlan4 [ 257.031993][ C1] ip6_tunnel: syztnl2 xmit: Local address not yet configured! [ 257.050333][T11329] bond8: left promiscuous mode [ 257.138139][T11171] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 257.154843][T11171] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 257.243773][T11171] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 257.300583][T11171] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 257.341437][T11171] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 257.374155][ T51] Bluetooth: hci4: command tx timeout [ 257.399565][T11171] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 257.608174][T11171] hsr_slave_0: entered promiscuous mode [ 257.642237][T11171] hsr_slave_1: entered promiscuous mode [ 257.664757][T11171] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 257.688469][T11171] Cannot create hsr debugfs directory [ 257.895380][T11375] tipc: Enabled bearer , priority 0 [ 258.042055][T11384] xt_hashlimit: size too large, truncated to 1048576 [ 258.050206][T11384] xt_hashlimit: overflow, try lower: 3/0 [ 258.058673][T11375] tipc: Resetting bearer [ 258.102616][T11367] tipc: Disabling bearer [ 258.844159][T11397] netlink: 'syz.1.1522': attribute type 10 has an invalid length. [ 258.942315][T11397] bond0: (slave 0!): Enslaving as an active interface with an up link [ 259.431712][ T51] Bluetooth: hci4: command tx timeout [ 259.613793][T11171] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 259.628639][T11171] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 259.645449][T11171] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 259.660182][T11171] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 260.147241][T11171] 8021q: adding VLAN 0 to HW filter on device bond0 [ 260.213404][T11171] 8021q: adding VLAN 0 to HW filter on device team0 [ 260.238119][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.245371][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 260.338057][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.345321][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 260.496220][T11421] FAULT_INJECTION: forcing a failure. [ 260.496220][T11421] name failslab, interval 1, probability 0, space 0, times 0 [ 260.552467][T11421] CPU: 1 UID: 0 PID: 11421 Comm: syz.1.1526 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) [ 260.552497][T11421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 260.552509][T11421] Call Trace: [ 260.552516][T11421] [ 260.552524][T11421] dump_stack_lvl+0x189/0x250 [ 260.552552][T11421] ? __pfx____ratelimit+0x10/0x10 [ 260.552577][T11421] ? __pfx_dump_stack_lvl+0x10/0x10 [ 260.552601][T11421] ? __pfx__printk+0x10/0x10 [ 260.552634][T11421] ? __pfx___might_resched+0x10/0x10 [ 260.552656][T11421] ? fs_reclaim_acquire+0x7d/0x100 [ 260.552689][T11421] should_fail_ex+0x414/0x560 [ 260.552723][T11421] should_failslab+0xa8/0x100 [ 260.552750][T11421] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 260.552775][T11421] ? __alloc_skb+0x112/0x2d0 [ 260.552807][T11421] __alloc_skb+0x112/0x2d0 [ 260.552839][T11421] netlink_ack+0x146/0xa50 [ 260.552862][T11421] ? __pfx_genl_rcv_msg+0x10/0x10 [ 260.552880][T11421] ? __pfx_ethnl_tunnel_info_start+0x10/0x10 [ 260.552927][T11421] netlink_rcv_skb+0x28c/0x470 [ 260.552953][T11421] ? __pfx_genl_rcv_msg+0x10/0x10 [ 260.552975][T11421] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 260.553019][T11421] ? down_read+0x1ad/0x2e0 [ 260.553049][T11421] genl_rcv+0x28/0x40 [ 260.553066][T11421] netlink_unicast+0x758/0x8d0 [ 260.553101][T11421] netlink_sendmsg+0x805/0xb30 [ 260.553137][T11421] ? __pfx_netlink_sendmsg+0x10/0x10 [ 260.553192][T11421] ? aa_sock_msg_perm+0x94/0x160 [ 260.553223][T11421] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 260.553241][T11421] ? __pfx_netlink_sendmsg+0x10/0x10 [ 260.553268][T11421] __sock_sendmsg+0x219/0x270 [ 260.553296][T11421] ____sys_sendmsg+0x505/0x830 [ 260.553332][T11421] ? __pfx_____sys_sendmsg+0x10/0x10 [ 260.553372][T11421] ? import_iovec+0x74/0xa0 [ 260.553400][T11421] ___sys_sendmsg+0x21f/0x2a0 [ 260.553437][T11421] ? __pfx____sys_sendmsg+0x10/0x10 [ 260.553509][T11421] ? __fget_files+0x2a/0x420 [ 260.553533][T11421] ? __fget_files+0x3a0/0x420 [ 260.553572][T11421] __x64_sys_sendmsg+0x19b/0x260 [ 260.553594][T11421] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 260.553635][T11421] ? __pfx_ksys_write+0x10/0x10 [ 260.553655][T11421] ? rcu_is_watching+0x15/0xb0 [ 260.553684][T11421] ? do_syscall_64+0xbe/0x3b0 [ 260.553713][T11421] do_syscall_64+0xfa/0x3b0 [ 260.553736][T11421] ? lockdep_hardirqs_on+0x9c/0x150 [ 260.553760][T11421] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.553779][T11421] ? clear_bhb_loop+0x60/0xb0 [ 260.553802][T11421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.553821][T11421] RIP: 0033:0x7fcdb2d8e929 [ 260.553839][T11421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 260.553855][T11421] RSP: 002b:00007fcdb3ba3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 260.553876][T11421] RAX: ffffffffffffffda RBX: 00007fcdb2fb6080 RCX: 00007fcdb2d8e929 [ 260.553891][T11421] RDX: 0000000000040040 RSI: 0000200000000240 RDI: 0000000000000005 [ 260.553904][T11421] RBP: 00007fcdb3ba3090 R08: 0000000000000000 R09: 0000000000000000 [ 260.553917][T11421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 260.553929][T11421] R13: 0000000000000000 R14: 00007fcdb2fb6080 R15: 00007ffe0fad41f8 [ 260.553961][T11421] [ 261.477511][T11171] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 261.581260][T11449] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1535'. [ 261.591881][T11449] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1535'. [ 261.616451][T11171] veth0_vlan: entered promiscuous mode [ 261.671367][T11171] veth1_vlan: entered promiscuous mode [ 261.757518][T11171] veth0_macvtap: entered promiscuous mode [ 261.786312][T11171] veth1_macvtap: entered promiscuous mode [ 261.835493][T11171] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 261.882312][T11171] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 261.957109][ T6120] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.970072][ T6120] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 261.994306][ T6120] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.012453][ T6120] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 262.332580][ T6120] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 262.367288][ T6120] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 262.418648][T11477] netlink: 'syz.0.1545': attribute type 1 has an invalid length. [ 262.439236][T11477] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1545'. [ 262.451795][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 262.481653][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 262.912433][T11500] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1554'. [ 263.088719][T11502] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1555'. [ 263.122045][T11511] netlink: 'syz.3.1557': attribute type 13 has an invalid length. [ 263.129909][T11511] netlink: 'syz.3.1557': attribute type 17 has an invalid length. [ 263.214235][T11511] 8021q: adding VLAN 0 to HW filter on device bond7 [ 263.316717][T11511] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 263.405512][T11511] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 263.505962][T11511] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 263.720605][T11529] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1563'. [ 263.797238][T11536] 8021q: VLANs not supported on sit0 [ 264.215502][ T49] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.987696][T11562] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1572'. [ 265.014375][ T49] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.256497][ T49] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.284125][T11567] tipc: Enabling of bearer rejected, failed to enable media [ 265.325387][T11572] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1575'. [ 265.371543][T11572] netlink: 'syz.0.1575': attribute type 9 has an invalid length. [ 265.400923][ T5855] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 265.413404][ T5855] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 265.421728][ T5855] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 265.439933][ T5855] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 265.448418][ T5855] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 265.459257][ T49] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 265.507076][T11572] macvlan4: entered allmulticast mode [ 265.619543][T11581] netlink: 'syz.4.1579': attribute type 1 has an invalid length. [ 265.693075][T11586] netlink: 'syz.1.1580': attribute type 1 has an invalid length. [ 265.706243][T11581] 8021q: adding VLAN 0 to HW filter on device bond10 [ 265.783079][T11586] 8021q: adding VLAN 0 to HW filter on device bond4 [ 265.855107][T11590] 8021q: adding VLAN 0 to HW filter on device bond4 [ 265.893163][T11590] bond4: (slave vxcan5): The slave device specified does not support setting the MAC address [ 265.934214][T11590] bond4: (slave vxcan5): Error -95 calling set_mac_address [ 266.038393][T11581] macvlan3: entered promiscuous mode [ 266.052904][T11581] macvlan3: entered allmulticast mode [ 266.065889][T11581] bond10: entered promiscuous mode [ 266.085090][T11581] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 266.099728][T11581] bond10: left promiscuous mode [ 266.158064][T11591] macvlan5: entered promiscuous mode [ 266.164026][T11591] macvlan5: entered allmulticast mode [ 266.170880][T11591] bond4: entered promiscuous mode [ 266.180497][T11591] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 266.218244][T11591] bond4: left promiscuous mode [ 266.263945][T11595] macvlan5: entered allmulticast mode [ 266.273958][T11595] veth1_vlan: entered allmulticast mode [ 266.330048][T11595] veth1_vlan: left allmulticast mode [ 266.739580][ T49] bridge_slave_1: left allmulticast mode [ 266.771570][ T49] bridge_slave_1: left promiscuous mode [ 266.777370][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.861638][ T49] bridge_slave_0: left allmulticast mode [ 266.877359][ T49] bridge_slave_0: left promiscuous mode [ 266.893151][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.514191][ T5855] Bluetooth: hci4: command tx timeout [ 267.730221][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 267.763470][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 267.792492][ T49] bond0 (unregistering): Released all slaves [ 267.948626][T11635] netlink: 'syz.3.1588': attribute type 10 has an invalid length. [ 267.998939][T11635] team0: Port device 0! added [ 268.004812][T11638] netlink: 'syz.3.1588': attribute type 10 has an invalid length. [ 268.078119][T11638] team0: Port device 0! removed [ 268.909803][T11661] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1594'. [ 268.999946][T11573] chnl_net:caif_netlink_parms(): no params data found [ 269.029873][T11665] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1595'. [ 269.525719][T11681] netlink: 'syz.0.1598': attribute type 1 has an invalid length. [ 269.545026][T11681] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1598'. [ 269.592161][ T5855] Bluetooth: hci4: command tx timeout [ 269.597684][ T49] hsr_slave_0: left promiscuous mode [ 269.623993][ T49] hsr_slave_1: left promiscuous mode [ 269.630115][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 269.637947][T11678] xt_CT: No such helper "snmp" [ 269.657176][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 269.665846][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 269.673486][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 269.699721][ T49] veth1_macvtap: left promiscuous mode [ 269.705570][ T49] veth0_macvtap: left promiscuous mode [ 269.712145][ T49] veth1_vlan: left promiscuous mode [ 269.717588][ T49] veth0_vlan: left promiscuous mode [ 270.139776][ T49] team0 (unregistering): Port device team_slave_1 removed [ 270.181429][ T49] team0 (unregistering): Port device team_slave_0 removed [ 270.452355][T11693] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.1603'. [ 270.610581][T11573] bridge0: port 1(bridge_slave_0) entered blocking state [ 270.628241][T11573] bridge0: port 1(bridge_slave_0) entered disabled state [ 270.638938][T11573] bridge_slave_0: entered allmulticast mode [ 270.648230][T11573] bridge_slave_0: entered promiscuous mode [ 270.662000][T11573] bridge0: port 2(bridge_slave_1) entered blocking state [ 270.669300][T11573] bridge0: port 2(bridge_slave_1) entered disabled state [ 270.678999][T11573] bridge_slave_1: entered allmulticast mode [ 270.687923][T11573] bridge_slave_1: entered promiscuous mode [ 270.863421][T11573] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 270.996813][T11573] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 271.216923][T11712] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1607'. [ 271.370783][T11573] team0: Port device team_slave_0 added [ 271.402671][T11573] team0: Port device team_slave_1 added [ 271.467892][T11573] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 271.476450][T11573] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 271.506934][T11573] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 271.513014][T11725] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1610'. [ 271.529859][T11573] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 271.537636][T11573] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 271.564011][T11573] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 271.589119][T11725] macvtap1: entered promiscuous mode [ 271.594969][T11725] team0: entered promiscuous mode [ 271.600143][T11725] macvtap1: entered allmulticast mode [ 271.605563][T11725] team0: entered allmulticast mode [ 271.611006][T11725] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 271.625330][T11726] team0: left allmulticast mode [ 271.630218][T11726] team0: left promiscuous mode [ 271.671457][ T5855] Bluetooth: hci4: command tx timeout [ 271.716952][T11573] hsr_slave_0: entered promiscuous mode [ 271.725193][T11573] hsr_slave_1: entered promiscuous mode [ 271.731836][T11573] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 271.740878][T11573] Cannot create hsr debugfs directory [ 271.853830][T11731] x_tables: unsorted underflow at hook 4 [ 272.162039][T11733] xt_hashlimit: size too large, truncated to 1048576 [ 272.469968][T11747] netlink: zone id is out of range [ 272.489667][T11747] netlink: zone id is out of range [ 272.504281][T11747] netlink: zone id is out of range [ 272.519773][T11747] netlink: zone id is out of range [ 272.555952][T11747] netlink: zone id is out of range [ 272.585761][T11747] netlink: zone id is out of range [ 272.595916][T11747] netlink: zone id is out of range [ 272.601202][T11747] netlink: zone id is out of range [ 272.621153][T11747] netlink: zone id is out of range [ 272.640250][T11747] netlink: zone id is out of range [ 272.723362][T11750] netlink: 592 bytes leftover after parsing attributes in process `syz.4.1617'. [ 272.754624][T11750] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6 [ 273.009121][T11756] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1619'. [ 273.044219][T11739] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1615'. [ 273.155310][T11739] ip6gretap0: entered promiscuous mode [ 273.218408][T11762] netlink: 'syz.3.1620': attribute type 10 has an invalid length. [ 273.276674][T11762] bond0: (slave 0!): Enslaving as an active interface with an up link [ 273.398594][T11769] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1623'. [ 273.576975][T11573] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 273.611272][T11573] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 273.646037][T11573] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 273.698325][T11573] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 273.752272][ T5855] Bluetooth: hci4: command tx timeout [ 273.908379][T11573] 8021q: adding VLAN 0 to HW filter on device bond0 [ 273.943914][T11573] 8021q: adding VLAN 0 to HW filter on device team0 [ 273.959126][T11784] __nla_validate_parse: 1 callbacks suppressed [ 273.959144][T11784] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1626'. [ 273.963572][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 273.981358][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 274.007059][ T5978] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.014283][ T5978] bridge0: port 2(bridge_slave_1) entered forwarding state [ 274.088842][T11573] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 274.458099][T11795] xt_CT: No such helper "snmp" [ 274.518040][T11573] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 274.588893][T11804] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1632'. [ 274.642960][T11804] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1632'. [ 274.688333][T11573] veth0_vlan: entered promiscuous mode [ 274.844585][T11806] 8021q: adding VLAN 0 to HW filter on device bond5 [ 274.925652][T11573] veth1_vlan: entered promiscuous mode [ 274.976190][T11806] macvlan5: entered promiscuous mode [ 274.991556][T11806] macvlan5: entered allmulticast mode [ 275.004455][T11806] bond5: entered promiscuous mode [ 275.014904][T11806] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 275.044648][T11806] bond5: left promiscuous mode [ 275.164733][T11573] veth0_macvtap: entered promiscuous mode [ 275.318023][T11573] veth1_macvtap: entered promiscuous mode [ 275.356585][T11816] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1628'. [ 275.405365][T11573] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 275.450691][T11573] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 275.474496][ T6120] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.488618][T11833] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1639'. [ 275.520742][ T6120] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.536211][ T6120] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.554248][ T6120] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.824184][ T5978] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 275.873606][ T5978] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 275.873844][T11841] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1641'. [ 275.904222][T11841] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1641'. [ 275.943030][ T3543] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 275.950849][ T3543] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 276.449378][T11848] netlink: 'syz.1.1644': attribute type 3 has an invalid length. [ 276.479097][T11850] netlink: 'syz.0.1645': attribute type 1 has an invalid length. [ 276.524711][T11850] 8021q: adding VLAN 0 to HW filter on device bond9 [ 276.533326][T11848] macvlan0: left allmulticast mode [ 276.538738][T11848] netlink: 'syz.1.1644': attribute type 2 has an invalid length. [ 276.596359][T11839] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1640'. [ 276.618786][T11855] 8021q: adding VLAN 0 to HW filter on device bond9 [ 276.626117][T11855] bond9: (slave vxcan11): The slave device specified does not support setting the MAC address [ 276.648109][T11855] bond9: (slave vxcan11): Error -95 calling set_mac_address [ 276.711273][T11848] bond0: entered promiscuous mode [ 276.724874][T11848] bond_slave_0: entered promiscuous mode [ 276.730796][T11848] bond_slave_1: entered promiscuous mode [ 276.748360][T11848] mac80211_hwsim hwsim8 wlan1: entered promiscuous mode [ 276.762988][T11848] !: entered promiscuous mode [ 276.770794][T11848] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 276.795520][T11859] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1646'. [ 276.798032][T11848] bond0: left promiscuous mode [ 276.820196][T11848] bond_slave_0: left promiscuous mode [ 276.836257][T11848] bond_slave_1: left promiscuous mode [ 276.877698][T11848] mac80211_hwsim hwsim8 wlan1: left promiscuous mode [ 276.900725][T11848] !: left promiscuous mode [ 276.985643][T11856] macvlan6: entered promiscuous mode [ 276.992052][T11856] macvlan6: entered allmulticast mode [ 277.000487][T11856] bond9: entered promiscuous mode [ 277.011253][T11856] 8021q: adding VLAN 0 to HW filter on device macvlan6 [ 277.074968][T11856] bond9: left promiscuous mode [ 277.203754][T11862] 8021q: adding VLAN 0 to HW filter on device bond11 [ 277.231840][T11863] 8021q: adding VLAN 0 to HW filter on device bond11 [ 277.238833][T11863] bond11: (slave vxcan11): The slave device specified does not support setting the MAC address [ 277.251644][T11863] bond11: (slave vxcan11): Error -95 calling set_mac_address [ 277.273128][T11865] macvlan3: entered promiscuous mode [ 277.278475][T11865] macvlan3: entered allmulticast mode [ 277.284954][T11865] bond11: entered promiscuous mode [ 277.290518][T11865] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 277.304201][T11865] bond11: left promiscuous mode [ 277.510762][ T49] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 277.800667][T11875] netlink: 'syz.1.1649': attribute type 1 has an invalid length. [ 277.888250][T11875] 8021q: adding VLAN 0 to HW filter on device bond6 [ 278.015499][ T49] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.129879][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 278.138919][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 278.140429][T11881] 8021q: adding VLAN 0 to HW filter on device bond6 [ 278.154738][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 278.172874][T11881] bond6: (slave vxcan5): The slave device specified does not support setting the MAC address [ 278.184203][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 278.193771][T11881] bond6: (slave vxcan5): Error -95 calling set_mac_address [ 278.202960][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 278.248226][T11885] macvlan5: entered promiscuous mode [ 278.253747][T11885] macvlan5: entered allmulticast mode [ 278.259715][T11885] bond6: entered promiscuous mode [ 278.267422][T11885] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 278.277551][T11885] bond6: left promiscuous mode [ 278.319730][ T49] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.481003][ T49] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.817479][ T49] bridge_slave_1: left allmulticast mode [ 278.856449][ T49] bridge_slave_1: left promiscuous mode [ 278.873110][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 278.947626][ T49] bridge_slave_0: left allmulticast mode [ 278.969032][ T49] bridge_slave_0: left promiscuous mode [ 278.996553][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 279.230264][T11918] netlink: 'syz.0.1659': attribute type 1 has an invalid length. [ 280.092169][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 280.120324][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 280.138593][ T49] bond0 (unregistering): Released all slaves [ 280.186366][T11918] workqueue: Failed to create a rescuer kthread for wq "bond10": -EINTR [ 280.232235][ T5855] Bluetooth: hci4: command tx timeout [ 280.366545][T11937] 8021q: adding VLAN 0 to HW filter on device bond12 [ 280.434694][T11939] 8021q: adding VLAN 0 to HW filter on device bond12 [ 280.472990][T11939] bond12: (slave vxcan11): The slave device specified does not support setting the MAC address [ 280.519451][T11939] bond12: (slave vxcan11): Error -95 calling set_mac_address [ 280.594305][T11942] macvlan3: entered promiscuous mode [ 280.615316][T11942] macvlan3: entered allmulticast mode [ 280.621506][T11942] bond12: entered promiscuous mode [ 280.627144][T11942] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 280.641196][T11942] bond12: left promiscuous mode [ 281.177462][T11965] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1667'. [ 281.305501][T11975] netlink: 'syz.3.1669': attribute type 1 has an invalid length. [ 281.421049][T11975] 8021q: adding VLAN 0 to HW filter on device bond8 [ 281.496557][T11978] 8021q: adding VLAN 0 to HW filter on device bond8 [ 281.506451][T11978] bond8: (slave vxcan5): The slave device specified does not support setting the MAC address [ 281.519076][T11978] bond8: (slave vxcan5): Error -95 calling set_mac_address [ 281.578453][T11979] macvlan5: entered promiscuous mode [ 281.584804][T11979] macvlan5: entered allmulticast mode [ 281.601235][T11979] bond8: entered promiscuous mode [ 281.612599][T11979] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 281.645481][T11979] bond8: left promiscuous mode [ 281.770798][ T49] hsr_slave_0: left promiscuous mode [ 281.801597][ T49] hsr_slave_1: left promiscuous mode [ 281.810025][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 281.819221][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 281.833483][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 281.851283][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 281.917574][ T49] veth1_macvtap: left promiscuous mode [ 281.941543][ T49] veth0_macvtap: left promiscuous mode [ 281.953353][ T49] veth1_vlan: left promiscuous mode [ 281.961541][ T49] veth0_vlan: left promiscuous mode [ 282.003731][T11998] xt_hashlimit: size too large, truncated to 1048576 [ 282.311634][ T5855] Bluetooth: hci4: command tx timeout [ 282.568933][ T49] team0 (unregistering): Port device team_slave_1 removed [ 282.605003][ T49] team0 (unregistering): Port device team_slave_0 removed [ 282.930772][T11888] chnl_net:caif_netlink_parms(): no params data found [ 282.960016][T11986] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 282.976433][T11986] workqueue: Failed to create a rescuer kthread for wq "bond7": -EINTR [ 282.977289][T11987] pim6reg1: entered promiscuous mode [ 282.997243][T11987] pim6reg1: entered allmulticast mode [ 283.181255][T12007] ¾x9ÿ: renamed from bridge_slave_0 (while UP) [ 283.251633][T12009] 8021q: adding VLAN 0 to HW filter on device bond7 [ 283.298294][T12011] 8021q: adding VLAN 0 to HW filter on device bond7 [ 283.305687][T12011] bond7: (slave vxcan5): The slave device specified does not support setting the MAC address [ 283.317878][T12011] bond7: (slave vxcan5): Error -95 calling set_mac_address [ 283.394444][T12016] macvlan5: entered promiscuous mode [ 283.399830][T12016] macvlan5: entered allmulticast mode [ 283.406492][T12016] bond7: entered promiscuous mode [ 283.412668][T12016] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 283.442040][T12016] bond7: left promiscuous mode [ 283.783948][T11888] bridge0: port 1(bridge_slave_0) entered blocking state [ 283.801703][T11888] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.808956][T11888] bridge_slave_0: entered allmulticast mode [ 283.827081][T11888] bridge_slave_0: entered promiscuous mode [ 283.886271][T11888] bridge0: port 2(bridge_slave_1) entered blocking state [ 283.902467][T11888] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.923115][T11888] bridge_slave_1: entered allmulticast mode [ 283.952734][T11888] bridge_slave_1: entered promiscuous mode [ 284.391729][ T5855] Bluetooth: hci4: command tx timeout [ 284.527578][T11888] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 284.547409][T11888] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 284.740939][T11888] team0: Port device team_slave_0 added [ 284.748743][T12059] netlink: 'syz.1.1685': attribute type 1 has an invalid length. [ 284.760788][T11888] team0: Port device team_slave_1 added [ 284.846593][T12059] 8021q: adding VLAN 0 to HW filter on device bond8 [ 285.032568][T12064] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1686'. [ 285.101017][T11888] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 285.109924][T11888] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.150429][T11888] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 285.209496][T12061] 8021q: adding VLAN 0 to HW filter on device bond8 [ 285.217904][T12061] bond8: (slave vxcan5): The slave device specified does not support setting the MAC address [ 285.233858][T12061] bond8: (slave vxcan5): Error -95 calling set_mac_address [ 285.253711][T12059] macvlan5: entered promiscuous mode [ 285.259048][T12059] macvlan5: entered allmulticast mode [ 285.267441][T12059] bond8: entered promiscuous mode [ 285.273115][T12059] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 285.282876][T12059] bond8: left promiscuous mode [ 285.328342][T11888] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 285.351788][T11888] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 285.379072][T11888] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 285.592469][T11888] hsr_slave_0: entered promiscuous mode [ 285.611162][T11888] hsr_slave_1: entered promiscuous mode [ 285.619234][T11888] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 285.630866][T11888] Cannot create hsr debugfs directory [ 285.800169][T12075] syzkaller1: entered promiscuous mode [ 285.807272][T12075] syzkaller1: entered allmulticast mode [ 286.109111][T12080] pim6reg1: entered promiscuous mode [ 286.123586][T12080] pim6reg1: entered allmulticast mode [ 286.305337][T12090] netlink: 2 bytes leftover after parsing attributes in process `syz.1.1693'. [ 286.333300][T12082] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1691'. [ 286.478228][ T5855] Bluetooth: hci4: command tx timeout [ 286.855689][T12099] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1696'. [ 286.890944][T11888] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 286.924042][T11888] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 286.938559][T11888] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 286.950010][T11888] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 287.306339][T11888] 8021q: adding VLAN 0 to HW filter on device bond0 [ 287.347674][T12120] netlink: 'syz.0.1699': attribute type 4 has an invalid length. [ 287.390773][T11888] 8021q: adding VLAN 0 to HW filter on device team0 [ 287.399254][T12116] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1697'. [ 287.413795][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.420954][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 287.484932][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.492245][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 288.170565][T12154] netlink: 'syz.1.1705': attribute type 10 has an invalid length. [ 288.254870][T11888] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 288.426623][T11888] veth0_vlan: entered promiscuous mode [ 288.464352][T11888] veth1_vlan: entered promiscuous mode [ 288.607052][T11888] veth0_macvtap: entered promiscuous mode [ 288.654273][T11888] veth1_macvtap: entered promiscuous mode [ 288.719764][T11888] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 288.768225][T11888] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 288.879939][ T66] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.917302][ T66] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 288.953125][ T1145] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.045532][ T1145] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 289.272123][ T6120] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 289.298448][ T6120] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 289.375805][ T6120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 289.390230][ T6120] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 289.523315][T12184] macvlan5: entered allmulticast mode [ 289.643166][T12176] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1709'. [ 289.788632][T12191] xt_hashlimit: size too large, truncated to 1048576 [ 290.265775][ T1145] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.548115][ T1145] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.627868][ T1145] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.727639][ T1145] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.951546][ C1] ip6_tunnel: syztnl2 xmit: Local address not yet configured! [ 290.962975][ T1145] bridge_slave_1: left allmulticast mode [ 290.968657][ T1145] bridge_slave_1: left promiscuous mode [ 290.975186][ T1145] bridge0: port 2(bridge_slave_1) entered disabled state [ 290.984465][ T1145] bridge_slave_0: left allmulticast mode [ 290.990286][ T1145] bridge_slave_0: left promiscuous mode [ 290.996474][ T1145] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.220915][T12201] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1716'. [ 291.616530][ T1145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 291.636244][ T1145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 291.646349][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 291.656139][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 291.663194][ T1145] bond0 (unregistering): Released all slaves [ 291.670688][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 291.682193][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 291.690899][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 291.737950][T12222] netlink: 'syz.0.1720': attribute type 1 has an invalid length. [ 291.809534][T12222] 8021q: adding VLAN 0 to HW filter on device bond10 [ 291.944876][T12224] 8021q: adding VLAN 0 to HW filter on device bond10 [ 291.964343][T12224] bond10: (slave vxcan11): The slave device specified does not support setting the MAC address [ 291.997008][T12224] bond10: (slave vxcan11): Error -95 calling set_mac_address [ 292.069437][T12222] macvlan6: entered promiscuous mode [ 292.121465][T12222] macvlan6: entered allmulticast mode [ 292.159418][T12222] bond10: entered promiscuous mode [ 292.186981][T12222] 8021q: adding VLAN 0 to HW filter on device macvlan6 [ 292.230082][T12222] bond10: left promiscuous mode [ 292.337977][T12241] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1724'. [ 292.443077][T12245] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1724'. [ 293.337127][ T1145] hsr_slave_0: left promiscuous mode [ 293.350998][T12271] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1732'. [ 293.391629][ T1145] hsr_slave_1: left promiscuous mode [ 293.400114][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 293.418248][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 293.437242][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 293.456589][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 293.553061][ T1145] veth1_macvtap: left promiscuous mode [ 293.574784][ T1145] veth0_macvtap: left promiscuous mode [ 293.583034][ T1145] veth1_vlan: left promiscuous mode [ 293.598493][ T1145] veth0_vlan: left promiscuous mode [ 293.607963][T12284] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1735'. [ 293.635174][T12284] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1735'. [ 293.762238][ T5855] Bluetooth: hci4: command tx timeout [ 294.089424][ T1145] team0 (unregistering): Port device team_slave_1 removed [ 294.128252][ T1145] team0 (unregistering): Port device team_slave_0 removed [ 294.501134][T12271] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 294.545867][T12271] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 294.594630][T12271] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 294.700271][T12288] syzkaller0: entered promiscuous mode [ 294.728065][T12288] syzkaller0: entered allmulticast mode [ 294.752329][T12219] chnl_net:caif_netlink_parms(): no params data found [ 294.920345][T12296] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1738'. [ 294.929731][T12296] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1738'. [ 294.939315][T12296] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1738'. [ 295.841690][ T5855] Bluetooth: hci4: command tx timeout [ 296.424997][T12315] netlink: 'syz.3.1743': attribute type 1 has an invalid length. [ 296.459269][T12315] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1743'. [ 296.480139][T12219] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.496421][T12219] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.511723][T12219] bridge_slave_0: entered allmulticast mode [ 296.523804][T12219] bridge_slave_0: entered promiscuous mode [ 296.570425][T12219] bridge0: port 2(bridge_slave_1) entered blocking state [ 296.581694][T12219] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.589002][T12219] bridge_slave_1: entered allmulticast mode [ 296.624986][T12219] bridge_slave_1: entered promiscuous mode [ 296.641269][T12315] xt_CT: No such helper "snmp" [ 296.763351][T12219] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 296.798786][T12219] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 297.046493][T12219] team0: Port device team_slave_0 added [ 297.065314][T12219] team0: Port device team_slave_1 added [ 297.165617][T12219] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 297.173565][T12349] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1754'. [ 297.182861][T12219] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 297.209975][T12219] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 297.249585][T12219] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 297.256979][T12219] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 297.344253][T12219] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 297.518532][T12357] netlink: 'syz.3.1757': attribute type 1 has an invalid length. [ 297.571858][T12357] 8021q: adding VLAN 0 to HW filter on device bond9 [ 297.586377][T12219] hsr_slave_0: entered promiscuous mode [ 297.599986][T12219] hsr_slave_1: entered promiscuous mode [ 297.615959][T12219] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 297.627646][T12219] Cannot create hsr debugfs directory [ 297.667072][T12357] 8021q: adding VLAN 0 to HW filter on device bond9 [ 297.676215][T12357] bond9: (slave vxcan5): The slave device specified does not support setting the MAC address [ 297.688889][T12357] bond9: (slave vxcan5): Error -95 calling set_mac_address [ 297.764199][T12366] macvlan5: entered promiscuous mode [ 297.777588][T12366] macvlan5: entered allmulticast mode [ 297.802322][T12366] bond9: entered promiscuous mode [ 297.808594][T12366] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 297.819413][T12366] bond9: left promiscuous mode [ 297.922827][ T5855] Bluetooth: hci4: command tx timeout [ 298.042261][T12377] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1761'. [ 298.071564][T12377] netlink: 'syz.4.1761': attribute type 9 has an invalid length. [ 298.139109][T12377] macvlan0: entered allmulticast mode [ 298.310278][T12393] netlink: 'syz.4.1766': attribute type 1 has an invalid length. [ 298.321904][T12393] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1766'. [ 298.420023][T12393] xt_CT: No such helper "snmp" [ 298.469779][T12397] netlink: 'syz.0.1768': attribute type 13 has an invalid length. [ 298.482512][T12397] netlink: 'syz.0.1768': attribute type 17 has an invalid length. [ 298.504755][T12397] lo: left allmulticast mode [ 298.518439][T12397] tunl0: left allmulticast mode [ 298.545499][T12397] gre0: left allmulticast mode [ 298.560992][T12397] gretap0: left allmulticast mode [ 298.573330][T12397] erspan0: left allmulticast mode [ 298.582988][T12397] ip_vti0: left allmulticast mode [ 298.593937][T12397] ip6_vti0: left allmulticast mode [ 298.602256][T12397] sit0: left allmulticast mode [ 298.617158][T12397] ip6tnl0: left allmulticast mode [ 298.629283][T12397] ip6gre0: left allmulticast mode [ 298.638297][T12397] syz_tun: left allmulticast mode [ 298.645692][T12397] ip6gretap0: left allmulticast mode [ 298.656233][T12397] bridge0: left allmulticast mode [ 298.664522][T12397] vcan0: left allmulticast mode [ 298.674134][T12397] bond0: left allmulticast mode [ 298.684698][T12397] 8021q: adding VLAN 0 to HW filter on device bond0 [ 298.699377][T12397] team0: left allmulticast mode [ 298.707020][T12397] 8021q: adding VLAN 0 to HW filter on device team0 [ 298.717687][T12397] !: left allmulticast mode [ 298.725723][T12397] nlmon0: left allmulticast mode [ 298.733955][T12397] caif0: left allmulticast mode [ 298.739311][T12397] net_ratelimit: 367 callbacks suppressed [ 298.739327][T12397] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 298.776515][T12402] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 298.864808][T12397] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 298.961669][T12399] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 299.112800][T12219] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 299.141627][T12219] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 299.192794][T12219] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 299.231042][T12406] xt_CT: No such helper "pptp" [ 299.235837][T12219] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 299.300133][T12411] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1771'. [ 299.618914][T12219] 8021q: adding VLAN 0 to HW filter on device bond0 [ 299.647980][T12219] 8021q: adding VLAN 0 to HW filter on device team0 [ 299.669636][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.676843][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 299.690563][T12432] ip6gretap0: left promiscuous mode [ 299.697430][T12432] macvlan0: entered allmulticast mode [ 299.725622][T12432] bond1: entered allmulticast mode [ 299.730827][T12432] gretap1: entered allmulticast mode [ 299.740485][T12432] gretap1: left promiscuous mode [ 299.750763][T12432] veth2: entered allmulticast mode [ 299.756664][T12432] veth3: entered allmulticast mode [ 299.763713][T12432] bridge3: entered allmulticast mode [ 299.770943][T12432] ip6tnl1: entered allmulticast mode [ 299.777506][T12432] bond2: entered allmulticast mode [ 299.783813][T12432] vxcan2: entered allmulticast mode [ 299.789239][T12432] vxcan3: entered allmulticast mode [ 299.794886][T12432] bond3: entered allmulticast mode [ 299.800255][T12432] bond4: entered allmulticast mode [ 299.806149][T12432] bond5: entered allmulticast mode [ 299.812950][T12432] bond6: entered allmulticast mode [ 299.818383][T12432] bond7: entered allmulticast mode [ 299.824002][T12432] bond8: entered allmulticast mode [ 299.963357][T12436] netlink: 'syz.1.1779': attribute type 1 has an invalid length. [ 299.985175][ T6120] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.992378][ T6120] bridge0: port 2(bridge_slave_1) entered forwarding state [ 300.000456][ T5855] Bluetooth: hci4: command tx timeout [ 300.047576][T12436] 8021q: adding VLAN 0 to HW filter on device bond9 [ 300.080363][T12440] 8021q: adding VLAN 0 to HW filter on device bond9 [ 300.089316][T12440] bond9: (slave vxcan5): The slave device specified does not support setting the MAC address [ 300.104014][T12440] bond9: (slave vxcan5): Error -95 calling set_mac_address [ 300.256035][T12436] macvlan5: entered promiscuous mode [ 300.267710][T12436] macvlan5: entered allmulticast mode [ 300.297325][T12436] bond9: entered promiscuous mode [ 300.305458][T12436] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 300.382403][T12436] bond9: left promiscuous mode [ 300.496429][T12456] netlink: 'syz.0.1782': attribute type 1 has an invalid length. [ 300.512644][T12456] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1782'. [ 300.663882][T12455] xt_CT: No such helper "snmp" [ 300.850489][T12470] netlink: 'syz.3.1786': attribute type 1 has an invalid length. [ 300.904515][T12470] 8021q: adding VLAN 0 to HW filter on device bond10 [ 300.983221][T12470] 8021q: adding VLAN 0 to HW filter on device bond10 [ 301.012786][T12470] bond10: (slave vxcan5): The slave device specified does not support setting the MAC address [ 301.053337][T12470] bond10: (slave vxcan5): Error -95 calling set_mac_address [ 301.158971][T12477] macvlan5: entered promiscuous mode [ 301.169150][T12477] macvlan5: entered allmulticast mode [ 301.177154][T12477] bond10: entered promiscuous mode [ 301.192635][T12477] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 301.224084][T12477] bond10: left promiscuous mode [ 301.305813][T12219] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 301.445849][T12219] veth0_vlan: entered promiscuous mode [ 301.478197][T12219] veth1_vlan: entered promiscuous mode [ 301.583396][T12491] vlan1: entered promiscuous mode [ 301.662932][T12219] veth0_macvtap: entered promiscuous mode [ 301.670310][T12494] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1791'. [ 301.702967][T12219] veth1_macvtap: entered promiscuous mode [ 301.829331][T12219] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 301.874776][T12219] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 301.925195][ T6120] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.955304][ T6120] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.978733][ T6120] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 301.996425][ T6120] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 302.199974][ T3543] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 302.224991][ T3543] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 302.266090][T12517] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1798'. [ 302.288655][T12517] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1798'. [ 302.299662][ T6120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 302.300448][T12517] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1798'. [ 302.327947][ T6120] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 302.377147][T12517] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1798'. [ 302.515786][T12523] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 302.665925][T12533] FAULT_INJECTION: forcing a failure. [ 302.665925][T12533] name failslab, interval 1, probability 0, space 0, times 0 [ 302.682825][T12533] CPU: 0 UID: 0 PID: 12533 Comm: syz.0.1803 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) [ 302.682854][T12533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 302.682867][T12533] Call Trace: [ 302.682875][T12533] [ 302.682883][T12533] dump_stack_lvl+0x189/0x250 [ 302.682920][T12533] ? __pfx____ratelimit+0x10/0x10 [ 302.682946][T12533] ? __pfx_dump_stack_lvl+0x10/0x10 [ 302.682969][T12533] ? __pfx__printk+0x10/0x10 [ 302.683003][T12533] ? ref_tracker_alloc+0x318/0x460 [ 302.683026][T12533] should_fail_ex+0x414/0x560 [ 302.683058][T12533] should_failslab+0xa8/0x100 [ 302.683086][T12533] kmem_cache_alloc_noprof+0x73/0x3c0 [ 302.683108][T12533] ? skb_clone+0x212/0x3a0 [ 302.683134][T12533] skb_clone+0x212/0x3a0 [ 302.683157][T12533] __netlink_deliver_tap+0x404/0x850 [ 302.683197][T12533] ? netlink_deliver_tap+0x2e/0x1b0 [ 302.683224][T12533] netlink_deliver_tap+0x19c/0x1b0 [ 302.683251][T12533] netlink_unicast+0x72f/0x8d0 [ 302.683287][T12533] netlink_sendmsg+0x805/0xb30 [ 302.683323][T12533] ? __pfx_netlink_sendmsg+0x10/0x10 [ 302.683352][T12533] ? aa_sock_msg_perm+0x94/0x160 [ 302.683383][T12533] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 302.683401][T12533] ? __pfx_netlink_sendmsg+0x10/0x10 [ 302.683428][T12533] __sock_sendmsg+0x219/0x270 [ 302.683455][T12533] ____sys_sendmsg+0x505/0x830 [ 302.683491][T12533] ? __pfx_____sys_sendmsg+0x10/0x10 [ 302.683530][T12533] ? import_iovec+0x74/0xa0 [ 302.683558][T12533] ___sys_sendmsg+0x21f/0x2a0 [ 302.683590][T12533] ? __pfx____sys_sendmsg+0x10/0x10 [ 302.683660][T12533] ? __fget_files+0x2a/0x420 [ 302.683686][T12533] ? __fget_files+0x3a0/0x420 [ 302.683723][T12533] __x64_sys_sendmsg+0x19b/0x260 [ 302.683745][T12533] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 302.683786][T12533] ? __pfx_ksys_write+0x10/0x10 [ 302.683806][T12533] ? rcu_is_watching+0x15/0xb0 [ 302.683835][T12533] ? do_syscall_64+0xbe/0x3b0 [ 302.683864][T12533] do_syscall_64+0xfa/0x3b0 [ 302.683888][T12533] ? lockdep_hardirqs_on+0x9c/0x150 [ 302.683916][T12533] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.683935][T12533] ? clear_bhb_loop+0x60/0xb0 [ 302.683959][T12533] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.683978][T12533] RIP: 0033:0x7f7fac38e929 [ 302.683994][T12533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 302.684011][T12533] RSP: 002b:00007f7fad26a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 302.684032][T12533] RAX: ffffffffffffffda RBX: 00007f7fac5b5fa0 RCX: 00007f7fac38e929 [ 302.684046][T12533] RDX: 0000000004040040 RSI: 0000200000000000 RDI: 0000000000000003 [ 302.684059][T12533] RBP: 00007f7fad26a090 R08: 0000000000000000 R09: 0000000000000000 [ 302.684071][T12533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 302.684083][T12533] R13: 0000000000000000 R14: 00007f7fac5b5fa0 R15: 00007ffcba5900a8 [ 302.684115][T12533] [ 303.345541][T12534] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1801'. [ 303.425043][ T6120] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.493165][T12534] ip6gretap0: left allmulticast mode [ 303.556050][ T6120] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.754447][ T6120] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.845058][ T6120] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.975224][ T6120] bridge_slave_1: left allmulticast mode [ 303.980917][ T6120] bridge_slave_1: left promiscuous mode [ 303.986828][ T6120] bridge0: port 2(bridge_slave_1) entered disabled state [ 303.997014][ T6120] bridge_slave_0: left allmulticast mode [ 304.003341][ T6120] bridge_slave_0: left promiscuous mode [ 304.009014][ T6120] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.310802][ T6120] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 304.341722][ T6120] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 304.374433][ T6120] bond0 (unregistering): Released all slaves [ 304.426825][T12549] netlink: 'syz.0.1806': attribute type 39 has an invalid length. [ 305.020787][T12567] netlink: 'syz.1.1813': attribute type 1 has an invalid length. [ 305.055979][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 305.067268][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 305.078451][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 305.087641][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 305.096278][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 305.142790][T12575] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1814'. [ 305.251009][T12567] 8021q: adding VLAN 0 to HW filter on device bond10 [ 305.355063][T12573] 8021q: adding VLAN 0 to HW filter on device bond10 [ 305.368953][T12573] bond10: (slave vxcan5): The slave device specified does not support setting the MAC address [ 305.380805][T12585] tipc: Failed to remove unknown binding: 66,3,3/0:853201377/853201378 [ 305.403230][T12573] bond10: (slave vxcan5): Error -95 calling set_mac_address [ 305.468241][T12579] macvlan5: entered promiscuous mode [ 305.475358][T12579] macvlan5: entered allmulticast mode [ 305.491000][T12579] bond10: entered promiscuous mode [ 305.509924][T12579] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 305.552965][T12579] bond10: left promiscuous mode [ 305.662198][T12582] netlink: 'syz.4.1816': attribute type 10 has an invalid length. [ 305.670284][ T6120] hsr_slave_0: left promiscuous mode [ 305.687672][T12582] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1816'. [ 305.720611][ T6120] hsr_slave_1: left promiscuous mode [ 305.734403][ T6120] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 305.743019][ T6120] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 305.751115][ T6120] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 305.759621][ T6120] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 305.799227][ T6120] veth1_macvtap: left promiscuous mode [ 305.805844][ T6120] veth0_macvtap: left promiscuous mode [ 305.821426][ T6120] veth1_vlan: left promiscuous mode [ 305.827931][ T6120] veth0_vlan: left promiscuous mode [ 306.339994][ T6120] team0 (unregistering): Port device team_slave_1 removed [ 306.376714][ T6120] team0 (unregistering): Port device team_slave_0 removed [ 306.737377][T12585] netlink: 'syz.0.1817': attribute type 15 has an invalid length. [ 306.775503][T12615] x_tables: unsorted underflow at hook 4 [ 306.823833][T12589] syzkaller0: entered promiscuous mode [ 306.829728][T12589] syzkaller0: entered allmulticast mode [ 306.836622][T12582] batadv0: entered promiscuous mode [ 306.842428][T12582] bridge0: port 3(batadv0) entered blocking state [ 306.849054][T12582] bridge0: port 3(batadv0) entered disabled state [ 307.142930][T12625] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1824'. [ 307.152170][ T36] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 307.161811][ T36] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 307.191615][ T5855] Bluetooth: hci4: command tx timeout [ 308.342666][T12625] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 308.361410][T12625] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 308.374883][T12625] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 308.576718][T12637] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1827'. [ 308.587998][T12636] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 308.619740][T12638] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1826'. [ 308.776415][T12642] netlink: 'syz.3.1829': attribute type 1 has an invalid length. [ 308.857126][T12647] netlink: 'syz.4.1830': attribute type 1 has an invalid length. [ 308.864429][T12642] 8021q: adding VLAN 0 to HW filter on device bond11 [ 308.914698][T12648] 8021q: adding VLAN 0 to HW filter on device bond11 [ 308.924083][T12648] bond11: (slave vxcan5): The slave device specified does not support setting the MAC address [ 308.940629][T12648] bond11: (slave vxcan5): Error -95 calling set_mac_address [ 309.047053][T12647] 8021q: adding VLAN 0 to HW filter on device bond13 [ 309.113854][T12650] 8021q: adding VLAN 0 to HW filter on device bond13 [ 309.124965][T12650] bond13: (slave vxcan11): The slave device specified does not support setting the MAC address [ 309.141800][T12650] bond13: (slave vxcan11): Error -95 calling set_mac_address [ 309.179132][T12653] macvlan5: entered promiscuous mode [ 309.184535][T12653] macvlan5: entered allmulticast mode [ 309.190865][T12653] bond11: entered promiscuous mode [ 309.200303][T12653] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 309.210328][T12653] bond11: left promiscuous mode [ 309.240080][T12654] macvlan1: entered promiscuous mode [ 309.245875][T12654] macvlan1: entered allmulticast mode [ 309.253456][T12654] bond13: entered promiscuous mode [ 309.259091][T12654] 8021q: adding VLAN 0 to HW filter on device macvlan1 [ 309.269237][T12654] bond13: left promiscuous mode [ 309.274251][ T5855] Bluetooth: hci4: command tx timeout [ 309.431114][T12658] pim6reg1: entered promiscuous mode [ 309.439654][T12658] pim6reg1: entered allmulticast mode [ 309.962906][T12568] chnl_net:caif_netlink_parms(): no params data found [ 309.972705][T12678] netlink: 'syz.3.1836': attribute type 1 has an invalid length. [ 309.980460][T12678] netlink: 600 bytes leftover after parsing attributes in process `syz.3.1836'. [ 310.091840][T12676] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1837'. [ 310.095780][T12687] netlink: 'syz.0.1838': attribute type 4 has an invalid length. [ 310.296270][T12568] bridge0: port 1(bridge_slave_0) entered blocking state [ 310.305997][T12568] bridge0: port 1(bridge_slave_0) entered disabled state [ 310.315356][T12568] bridge_slave_0: entered allmulticast mode [ 310.326405][T12568] bridge_slave_0: entered promiscuous mode [ 310.337593][T12568] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.377866][T12568] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.386607][T12568] bridge_slave_1: entered allmulticast mode [ 310.399851][T12568] bridge_slave_1: entered promiscuous mode [ 310.479362][T12568] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 310.519915][T12568] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 310.623086][T12568] team0: Port device team_slave_0 added [ 310.635220][T12568] team0: Port device team_slave_1 added [ 310.702596][T12702] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1842'. [ 310.772809][T12568] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 310.783316][T12568] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 310.818987][T12568] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 310.839155][T12568] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 310.846718][T12568] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 310.874027][T12568] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 310.952873][T12710] netlink: 'syz.4.1845': attribute type 10 has an invalid length. [ 310.984545][T12568] hsr_slave_0: entered promiscuous mode [ 311.001508][T12568] hsr_slave_1: entered promiscuous mode [ 311.019089][T12568] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 311.035956][T12568] Cannot create hsr debugfs directory [ 311.069154][T12710] !: entered allmulticast mode [ 311.083596][T12710] bond0: (slave 0!): Enslaving as an active interface with an up link [ 311.167862][T12717] pim6reg1: entered promiscuous mode [ 311.175425][T12717] pim6reg1: entered allmulticast mode [ 311.351452][ T5855] Bluetooth: hci4: command tx timeout [ 311.675868][T12737] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1850'. [ 311.723511][T12734] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1849'. [ 312.133121][T12749] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1851'. [ 312.167541][T12752] netlink: 'syz.0.1853': attribute type 1 has an invalid length. [ 312.181450][T12752] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1853'. [ 312.261496][T12752] xt_CT: No such helper "snmp" [ 312.316522][T12757] xt_recent: hitcount (1073741824) is larger than allowed maximum (65535) [ 312.448913][T12760] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1856'. [ 312.736153][T12766] netlink: 'syz.1.1857': attribute type 1 has an invalid length. [ 313.016064][T12568] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 313.135559][T12568] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 313.152543][T12770] sock: sock_timestamping_bind_phc: sock not bind to device [ 313.187326][T12770] netlink: 'syz.0.1859': attribute type 11 has an invalid length. [ 313.229890][T12568] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 313.268714][T12568] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 313.431558][ T5855] Bluetooth: hci4: command tx timeout [ 313.657727][T12568] 8021q: adding VLAN 0 to HW filter on device bond0 [ 313.815105][T12568] 8021q: adding VLAN 0 to HW filter on device team0 [ 313.848948][ T6120] bridge0: port 1(bridge_slave_0) entered blocking state [ 313.856200][ T6120] bridge0: port 1(bridge_slave_0) entered forwarding state [ 313.982988][ T66] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.990211][ T66] bridge0: port 2(bridge_slave_1) entered forwarding state [ 314.257141][T12801] __nla_validate_parse: 1 callbacks suppressed [ 314.257160][T12801] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1864'. [ 314.320497][T12801] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1864'. [ 314.653316][T12568] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 314.809321][T12568] veth0_vlan: entered promiscuous mode [ 314.847846][T12568] veth1_vlan: entered promiscuous mode [ 314.937588][T12568] veth0_macvtap: entered promiscuous mode [ 314.968192][T12568] veth1_macvtap: entered promiscuous mode [ 315.021047][T12568] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 315.089502][T12568] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 315.192977][ T3543] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.233980][ T3543] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.296957][T12822] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1867'. [ 315.324333][T12824] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1866'. [ 315.356299][ T3543] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.389350][ T3543] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.739839][ T3543] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 315.774391][ T3543] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.897939][T12836] netlink: 'syz.1.1869': attribute type 1 has an invalid length. [ 315.906825][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 315.917835][T12836] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1869'. [ 315.932124][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.990430][T12836] xt_CT: No such helper "snmp" [ 316.422532][T12853] pim6reg1: entered promiscuous mode [ 316.434922][T12853] pim6reg1: entered allmulticast mode [ 316.927614][ T5978] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.145023][ T5978] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.470325][ T5978] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.567823][ T5978] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.640673][ T5978] bridge_slave_1: left allmulticast mode [ 317.646568][ T5978] bridge_slave_1: left promiscuous mode [ 317.652800][ T5978] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.662276][ T5978] bridge_slave_0: left allmulticast mode [ 317.667932][ T5978] bridge_slave_0: left promiscuous mode [ 317.679283][ T5978] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.975193][ T5978] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 317.986481][ T5978] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 317.997661][ T5978] bond0 (unregistering): Released all slaves [ 318.149676][T12867] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1879'. [ 318.444913][T12884] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1880'. [ 318.897352][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 318.907740][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 318.917758][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 318.926253][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 318.938152][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 319.107169][ T5978] hsr_slave_0: left promiscuous mode [ 319.117005][ T5978] hsr_slave_1: left promiscuous mode [ 319.142508][ T5978] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 319.149964][ T5978] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 319.186332][ T5978] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 319.215021][ T5978] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 319.293388][ T5978] veth1_macvtap: left promiscuous mode [ 319.298974][ T5978] veth0_macvtap: left promiscuous mode [ 319.312024][ T5978] veth1_vlan: left promiscuous mode [ 319.320844][ T5978] veth0_vlan: left promiscuous mode [ 320.020078][ T5978] team0 (unregistering): Port device team_slave_1 removed [ 320.059633][ T5978] team0 (unregistering): Port device team_slave_0 removed [ 320.478931][T12901] pim6reg1: entered promiscuous mode [ 320.487076][T12901] pim6reg1: entered allmulticast mode [ 320.898999][T12936] trusted_key: syz.0.1893 sent an empty control message without MSG_MORE. [ 320.912858][T12937] pim6reg1: entered promiscuous mode [ 320.946499][T12937] pim6reg1: entered allmulticast mode [ 321.031559][ T51] Bluetooth: hci4: command tx timeout [ 321.113969][T12942] netlink: 'syz.3.1894': attribute type 1 has an invalid length. [ 321.405311][T12942] 8021q: adding VLAN 0 to HW filter on device bond12 [ 321.484775][T12950] 8021q: adding VLAN 0 to HW filter on device bond12 [ 321.503084][T12950] bond12: (slave vxcan5): The slave device specified does not support setting the MAC address [ 321.553558][T12950] bond12: (slave vxcan5): Error -95 calling set_mac_address [ 321.608613][T12956] macvlan5: entered promiscuous mode [ 321.615208][T12956] macvlan5: entered allmulticast mode [ 321.640436][T12956] bond12: entered promiscuous mode [ 321.654442][T12956] 8021q: adding VLAN 0 to HW filter on device macvlan5 [ 321.673742][T12956] bond12: left promiscuous mode [ 322.079488][T12974] netlink: 'syz.3.1898': attribute type 1 has an invalid length. [ 322.141543][T12977] netlink: 'syz.0.1899': attribute type 1 has an invalid length. [ 322.202444][T12974] 8021q: adding VLAN 0 to HW filter on device bond13 [ 322.309480][T12977] 8021q: adding VLAN 0 to HW filter on device bond11 [ 322.429874][T12982] 8021q: adding VLAN 0 to HW filter on device bond11 [ 322.437608][T12982] bond11: (slave vxcan11): The slave device specified does not support setting the MAC address [ 322.450359][T12982] bond11: (slave vxcan11): Error -95 calling set_mac_address [ 322.596473][T12977] macvlan6: entered promiscuous mode [ 322.615613][T12977] macvlan6: entered allmulticast mode [ 322.631025][T12977] bond11: entered promiscuous mode [ 322.637523][T12977] 8021q: adding VLAN 0 to HW filter on device macvlan6 [ 322.667761][T12977] bond11: left promiscuous mode [ 322.949819][T12898] chnl_net:caif_netlink_parms(): no params data found [ 323.112436][ T51] Bluetooth: hci4: command tx timeout [ 323.188634][T13005] vlan1: entered promiscuous mode [ 323.442169][T12898] bridge0: port 1(bridge_slave_0) entered blocking state [ 323.475287][T12898] bridge0: port 1(bridge_slave_0) entered disabled state [ 323.502176][T12898] bridge_slave_0: entered allmulticast mode [ 323.526983][T12898] bridge_slave_0: entered promiscuous mode [ 323.547207][T12898] bridge0: port 2(bridge_slave_1) entered blocking state [ 323.558641][T12898] bridge0: port 2(bridge_slave_1) entered disabled state [ 323.567482][T12898] bridge_slave_1: entered allmulticast mode [ 323.579599][T12898] bridge_slave_1: entered promiscuous mode [ 323.754413][T12898] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 323.785105][T12898] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 323.998042][T12898] team0: Port device team_slave_0 added [ 324.023088][T12898] team0: Port device team_slave_1 added [ 324.247202][T13029] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1911'. [ 324.274841][T12898] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 324.292853][T12898] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.323942][T12898] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 324.340787][T12898] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 324.350413][T12898] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.381514][T12898] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 324.508604][T13046] netlink: 'syz.4.1914': attribute type 1 has an invalid length. [ 324.593956][T13046] 8021q: adding VLAN 0 to HW filter on device bond14 [ 324.618270][T12898] hsr_slave_0: entered promiscuous mode [ 324.625490][T12898] hsr_slave_1: entered promiscuous mode [ 324.632426][T12898] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 324.640130][T12898] Cannot create hsr debugfs directory [ 324.748133][T13054] netlink: 'syz.3.1917': attribute type 10 has an invalid length. [ 324.774685][T13052] syzkaller0: entered promiscuous mode [ 324.780422][T13052] syzkaller0: entered allmulticast mode [ 324.818092][T13054] veth0_vlan: left promiscuous mode [ 324.827421][T13054] veth0_vlan: entered promiscuous mode [ 324.840182][T13054] team0: Device veth0_vlan failed to register rx_handler [ 325.139094][T13063] x_tables: unsorted underflow at hook 4 [ 325.192755][ T51] Bluetooth: hci4: command tx timeout [ 325.719692][T13079] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1923'. [ 326.242232][T13088] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1926'. [ 327.263695][T13088] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 327.276099][ T51] Bluetooth: hci4: command tx timeout [ 327.278880][T13088] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 327.295674][T13088] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 327.325869][T13094] netlink: 'syz.3.1928': attribute type 1 has an invalid length. [ 327.461015][T13094] 8021q: adding VLAN 0 to HW filter on device bond14 [ 327.585802][T13104] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1931'. [ 327.632769][T13096] 8021q: adding VLAN 0 to HW filter on device bond14 [ 327.665546][T13096] bond14: (slave vxcan5): The slave device specified does not support setting the MAC address [ 327.693180][T13096] bond14: (slave vxcan5): Error -95 calling set_mac_address [ 327.901578][T13109] netlink: 'syz.0.1931': attribute type 2 has an invalid length. [ 328.224611][T13125] FAULT_INJECTION: forcing a failure. [ 328.224611][T13125] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 328.237864][T13125] CPU: 1 UID: 0 PID: 13125 Comm: syz.4.1935 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) [ 328.237893][T13125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 328.237905][T13125] Call Trace: [ 328.237913][T13125] [ 328.237922][T13125] dump_stack_lvl+0x189/0x250 [ 328.237958][T13125] ? __pfx____ratelimit+0x10/0x10 [ 328.237983][T13125] ? __pfx_dump_stack_lvl+0x10/0x10 [ 328.238006][T13125] ? __pfx__printk+0x10/0x10 [ 328.238033][T13125] ? __might_fault+0xb0/0x130 [ 328.238068][T13125] should_fail_ex+0x414/0x560 [ 328.238101][T13125] _copy_from_user+0x2d/0xb0 [ 328.238126][T13125] __sys_bpf+0x1ed/0x860 [ 328.238148][T13125] ? __pfx___sys_bpf+0x10/0x10 [ 328.238179][T13125] ? ksys_write+0x22a/0x250 [ 328.238204][T13125] ? __pfx_ksys_write+0x10/0x10 [ 328.238224][T13125] ? rcu_is_watching+0x15/0xb0 [ 328.238256][T13125] __x64_sys_bpf+0x7c/0x90 [ 328.238284][T13125] do_syscall_64+0xfa/0x3b0 [ 328.238308][T13125] ? lockdep_hardirqs_on+0x9c/0x150 [ 328.238332][T13125] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.238351][T13125] ? clear_bhb_loop+0x60/0xb0 [ 328.238375][T13125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.238394][T13125] RIP: 0033:0x7f3b05b8e929 [ 328.238411][T13125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 328.238429][T13125] RSP: 002b:00007f3b069c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 328.238449][T13125] RAX: ffffffffffffffda RBX: 00007f3b05db6080 RCX: 00007f3b05b8e929 [ 328.238464][T13125] RDX: 0000000000000050 RSI: 0000200000000280 RDI: 000000000000000a [ 328.238477][T13125] RBP: 00007f3b069c4090 R08: 0000000000000000 R09: 0000000000000000 [ 328.238489][T13125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 328.238500][T13125] R13: 0000000000000000 R14: 00007f3b05db6080 R15: 00007ffcb15714c8 [ 328.238531][T13125] [ 328.435751][T12898] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 328.465020][T12898] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 328.505504][T12898] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 328.545442][T12898] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 328.781788][T13140] netlink: 'syz.0.1940': attribute type 10 has an invalid length. [ 328.931742][T12898] 8021q: adding VLAN 0 to HW filter on device bond0 [ 328.987708][T13147] IPv6: sit1: Disabled Multicast RS [ 329.040183][T12898] 8021q: adding VLAN 0 to HW filter on device team0 [ 329.134495][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.141697][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 329.172279][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 329.179444][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 329.208145][T13155] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1947'. [ 329.234724][T13155] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1947'. [ 329.543650][T13168] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1950'. [ 329.614692][T13170] IPVS: set_ctl: invalid protocol: 2 0.0.0.0:20004 [ 329.830276][T12898] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 329.987250][T12898] veth0_vlan: entered promiscuous mode [ 329.997633][T13184] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1955'. [ 330.027488][T12898] veth1_vlan: entered promiscuous mode [ 330.154324][T12898] veth0_macvtap: entered promiscuous mode [ 330.218242][T12898] veth1_macvtap: entered promiscuous mode [ 330.273717][T12898] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 330.297037][T12898] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 330.313220][T13192] netlink: 'syz.3.1958': attribute type 1 has an invalid length. [ 330.319564][ T36] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.385398][T13192] 8021q: adding VLAN 0 to HW filter on device bond15 [ 330.395550][ T36] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.405202][ T36] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.426214][ T36] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 330.524700][T13201] netlink: 'syz.1.1961': attribute type 1 has an invalid length. [ 330.532857][T13201] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1961'. [ 330.597417][T13201] xt_CT: No such helper "snmp" [ 330.633257][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 330.641107][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 330.683432][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 330.693160][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 331.537614][T13224] xt_hashlimit: size too large, truncated to 1048576 [ 331.551096][ T36] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 331.565953][T13223] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1968'. [ 331.974892][ T36] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.227025][ T36] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.497259][ T36] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 332.601291][ T36] bridge_slave_1: left allmulticast mode [ 332.607754][ T36] bridge_slave_1: left promiscuous mode [ 332.615270][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.624300][ T36] bridge_slave_0: left allmulticast mode [ 332.629945][ T36] bridge_slave_0: left promiscuous mode [ 332.636640][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 332.983093][T13242] netlink: 'syz.4.1973': attribute type 1 has an invalid length. [ 333.019654][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 333.037640][T13246] netlink: 'syz.1.1974': attribute type 1 has an invalid length. [ 333.049509][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 333.084426][ T36] bond0 (unregistering): Released all slaves [ 333.342622][T13242] 8021q: adding VLAN 0 to HW filter on device bond15 [ 333.477408][T13247] 8021q: adding VLAN 0 to HW filter on device bond15 [ 333.489060][T13247] bond15: (slave vxcan11): The slave device specified does not support setting the MAC address [ 333.509443][ T5855] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 333.510149][T13247] bond15: (slave vxcan11): Error -95 calling set_mac_address [ 333.528724][ T5855] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 333.537388][ T5855] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 333.548686][ T5855] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 333.556874][ T5855] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 333.617962][T13246] 8021q: adding VLAN 0 to HW filter on device bond11 [ 333.684144][T13256] netlink: 'syz.0.1970': attribute type 6 has an invalid length. [ 334.232692][T13283] pim6reg1: entered promiscuous mode [ 334.238110][T13283] pim6reg1: entered allmulticast mode [ 334.265766][T13286] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1983'. [ 334.541540][T13301] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1985'. [ 335.132095][T13320] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1994'. [ 335.591853][ T51] Bluetooth: hci4: command tx timeout [ 335.763325][ T36] hsr_slave_0: left promiscuous mode [ 335.783947][ T36] hsr_slave_1: left promiscuous mode [ 335.790759][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 335.806755][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 335.820788][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 335.861795][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 335.930585][T13353] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2004'. [ 335.971661][ T36] veth1_macvtap: left promiscuous mode [ 335.980370][ T36] veth0_macvtap: left promiscuous mode [ 335.986323][ T36] veth1_vlan: left promiscuous mode [ 335.992234][ T36] veth0_vlan: left promiscuous mode [ 336.535409][T13377] x_tables: ip6_tables: dccp match: only valid for protocol 33 [ 336.598906][T13379] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2015'. [ 336.695069][ T36] team0 (unregistering): Port device team_slave_1 removed [ 336.747704][ T36] team0 (unregistering): Port device team_slave_0 removed [ 337.144941][T13353] netlink: 'syz.3.2004': attribute type 1 has an invalid length. [ 337.159306][T13353] netlink: 'syz.3.2004': attribute type 2 has an invalid length. [ 337.502322][T13262] chnl_net:caif_netlink_parms(): no params data found [ 337.673277][ T51] Bluetooth: hci4: command tx timeout [ 337.673785][T13409] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2027'. [ 337.857647][T13262] bridge0: port 1(bridge_slave_0) entered blocking state [ 337.877529][T13262] bridge0: port 1(bridge_slave_0) entered disabled state [ 337.895245][T13262] bridge_slave_0: entered allmulticast mode [ 337.905821][T13262] bridge_slave_0: entered promiscuous mode [ 337.914691][ T5866] ------------[ cut here ]------------ [ 337.920429][ T5866] WARNING: CPU: 1 PID: 5866 at kernel/softirq.c:387 __local_bh_enable_ip+0x180/0x1c0 [ 337.929905][ T5866] Modules linked in: [ 337.933974][ T5866] CPU: 1 UID: 0 PID: 5866 Comm: krxrpcio/7001 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) [ 337.946201][ T5866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 337.956419][ T5866] RIP: 0010:__local_bh_enable_ip+0x180/0x1c0 [ 337.962400][ T5866] Code: 48 3b 44 24 48 75 57 48 8d 65 e0 5b 41 5c 41 5e 41 5f 5d e9 92 a0 ed 09 cc 90 0f 0b 90 e9 f9 fe ff ff e8 53 00 00 00 eb 9f 90 <0f> 0b 90 e9 24 ff ff ff 48 c7 c1 30 37 a2 8f 80 e1 07 80 c1 03 38 [ 337.982003][ T5866] RSP: 0018:ffffc90003fcf4c0 EFLAGS: 00010046 [ 337.988065][ T5866] RAX: 0000000000000000 RBX: 0000000000000201 RCX: 0000000000000001 [ 337.996028][ T5866] RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff89de8d33 [ 338.003988][ T5866] RBP: ffffc90003fcf548 R08: ffff8880b873bf03 R09: 1ffff110170e77e0 [ 338.011956][ T5866] R10: dffffc0000000000 R11: ffffed10170e77e1 R12: ffff8880b873bf00 [ 338.019931][ T5866] R13: ffff888044920e70 R14: dffffc0000000000 R15: 1ffff920007f9e98 [ 338.027898][ T5866] FS: 0000000000000000(0000) GS:ffff888125d16000(0000) knlGS:0000000000000000 [ 338.036819][ T5866] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 338.043391][ T5866] CR2: 00007f2937eb0f98 CR3: 000000002f378000 CR4: 00000000003526f0 [ 338.051357][ T5866] Call Trace: [ 338.054625][ T5866] [ 338.057545][ T5866] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 338.063260][ T5866] ? do_raw_spin_unlock+0x122/0x240 [ 338.068457][ T5866] ? rt_set_nexthop+0x693/0xa80 [ 338.073311][ T5866] rt_set_nexthop+0x693/0xa80 [ 338.077986][ T5866] ip_route_output_key_hash_rcu+0x18f6/0x23a0 [ 338.084055][ T5866] ? ip_route_output_key_hash+0xde/0x2e0 [ 338.089692][ T5866] ip_route_output_key_hash+0x1b9/0x2e0 [ 338.095229][ T5866] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 338.101287][ T5866] ? make_kuid+0x1d9/0x680 [ 338.105692][ T5866] ? lockdep_unlock+0x89/0x120 [ 338.110442][ T5866] ? __pfx_make_kuid+0x10/0x10 [ 338.115204][ T5866] ip_route_output_flow+0x2a/0x150 [ 338.120317][ T5866] rxrpc_init_peer+0x50a/0xc60 [ 338.125082][ T5866] ? __pfx_rxrpc_init_peer+0x10/0x10 [ 338.130357][ T5866] ? __lock_acquire+0xab9/0xd20 [ 338.135203][ T5866] ? do_raw_spin_lock+0x121/0x290 [ 338.140225][ T5866] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 338.146027][ T5866] rxrpc_new_incoming_peer+0x281/0x5a0 [ 338.151486][ T5866] rxrpc_new_incoming_call+0x612/0x14f0 [ 338.157053][ T5866] rxrpc_io_thread+0x18b2/0x2cd0 [ 338.161984][ T5866] ? rxrpc_io_thread+0x1171/0x2cd0 [ 338.167118][ T5866] ? __pfx_rxrpc_io_thread+0x10/0x10 [ 338.172428][ T5866] ? do_raw_spin_lock+0x121/0x290 [ 338.177460][ T5866] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 338.183361][ T5866] ? __kthread_parkme+0x1a1/0x200 [ 338.188381][ T5866] kthread+0x70e/0x8a0 [ 338.192445][ T5866] ? __pfx_rxrpc_io_thread+0x10/0x10 [ 338.197729][ T5866] ? __pfx_kthread+0x10/0x10 [ 338.202315][ T5866] ? _raw_spin_unlock_irq+0x23/0x50 [ 338.207514][ T5866] ? lockdep_hardirqs_on+0x9c/0x150 [ 338.212701][ T5866] ? __pfx_kthread+0x10/0x10 [ 338.217289][ T5866] ret_from_fork+0x3fc/0x770 [ 338.221985][ T5866] ? __pfx_ret_from_fork+0x10/0x10 [ 338.227092][ T5866] ? __switch_to_asm+0x39/0x70 [ 338.231855][ T5866] ? __switch_to_asm+0x33/0x70 [ 338.236610][ T5866] ? __pfx_kthread+0x10/0x10 [ 338.241195][ T5866] ret_from_fork_asm+0x1a/0x30 [ 338.245967][ T5866] [ 338.248984][ T5866] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 338.256281][ T5866] CPU: 1 UID: 0 PID: 5866 Comm: krxrpcio/7001 Not tainted 6.16.0-rc4-syzkaller-00993-g59f44c9ccc3b #0 PREEMPT(full) [ 338.268515][ T5866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 338.278557][ T5866] Call Trace: [ 338.281833][ T5866] [ 338.284752][ T5866] dump_stack_lvl+0x99/0x250 [ 338.289341][ T5866] ? __asan_memcpy+0x40/0x70 [ 338.294354][ T5866] ? __pfx_dump_stack_lvl+0x10/0x10 [ 338.299541][ T5866] ? __pfx__printk+0x10/0x10 [ 338.304135][ T5866] panic+0x2db/0x790 [ 338.308025][ T5866] ? __pfx_panic+0x10/0x10 [ 338.312429][ T5866] ? show_trace_log_lvl+0x4fb/0x550 [ 338.317636][ T5866] ? ret_from_fork_asm+0x1a/0x30 [ 338.322573][ T5866] __warn+0x31b/0x4b0 [ 338.326541][ T5866] ? __local_bh_enable_ip+0x180/0x1c0 [ 338.331903][ T5866] ? __local_bh_enable_ip+0x180/0x1c0 [ 338.337293][ T5866] report_bug+0x2be/0x4f0 [ 338.341635][ T5866] ? __local_bh_enable_ip+0x180/0x1c0 [ 338.347015][ T5866] ? __local_bh_enable_ip+0x180/0x1c0 [ 338.352385][ T5866] ? __local_bh_enable_ip+0x182/0x1c0 [ 338.357749][ T5866] handle_bug+0x84/0x160 [ 338.362077][ T5866] exc_invalid_op+0x1a/0x50 [ 338.366579][ T5866] asm_exc_invalid_op+0x1a/0x20 [ 338.371460][ T5866] RIP: 0010:__local_bh_enable_ip+0x180/0x1c0 [ 338.377430][ T5866] Code: 48 3b 44 24 48 75 57 48 8d 65 e0 5b 41 5c 41 5e 41 5f 5d e9 92 a0 ed 09 cc 90 0f 0b 90 e9 f9 fe ff ff e8 53 00 00 00 eb 9f 90 <0f> 0b 90 e9 24 ff ff ff 48 c7 c1 30 37 a2 8f 80 e1 07 80 c1 03 38 [ 338.397074][ T5866] RSP: 0018:ffffc90003fcf4c0 EFLAGS: 00010046 [ 338.403149][ T5866] RAX: 0000000000000000 RBX: 0000000000000201 RCX: 0000000000000001 [ 338.411121][ T5866] RDX: 0000000000000000 RSI: 0000000000000201 RDI: ffffffff89de8d33 [ 338.419086][ T5866] RBP: ffffc90003fcf548 R08: ffff8880b873bf03 R09: 1ffff110170e77e0 [ 338.427054][ T5866] R10: dffffc0000000000 R11: ffffed10170e77e1 R12: ffff8880b873bf00 [ 338.435036][ T5866] R13: ffff888044920e70 R14: dffffc0000000000 R15: 1ffff920007f9e98 [ 338.443027][ T5866] ? rt_set_nexthop+0x693/0xa80 [ 338.447894][ T5866] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 338.453609][ T5866] ? do_raw_spin_unlock+0x122/0x240 [ 338.458818][ T5866] ? rt_set_nexthop+0x693/0xa80 [ 338.463667][ T5866] rt_set_nexthop+0x693/0xa80 [ 338.468344][ T5866] ip_route_output_key_hash_rcu+0x18f6/0x23a0 [ 338.474409][ T5866] ? ip_route_output_key_hash+0xde/0x2e0 [ 338.480034][ T5866] ip_route_output_key_hash+0x1b9/0x2e0 [ 338.485575][ T5866] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 338.491646][ T5866] ? make_kuid+0x1d9/0x680 [ 338.496133][ T5866] ? lockdep_unlock+0x89/0x120 [ 338.500886][ T5866] ? __pfx_make_kuid+0x10/0x10 [ 338.505647][ T5866] ip_route_output_flow+0x2a/0x150 [ 338.510758][ T5866] rxrpc_init_peer+0x50a/0xc60 [ 338.515520][ T5866] ? __pfx_rxrpc_init_peer+0x10/0x10 [ 338.520792][ T5866] ? __lock_acquire+0xab9/0xd20 [ 338.525640][ T5866] ? do_raw_spin_lock+0x121/0x290 [ 338.530680][ T5866] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 338.536073][ T5866] rxrpc_new_incoming_peer+0x281/0x5a0 [ 338.541546][ T5866] rxrpc_new_incoming_call+0x612/0x14f0 [ 338.547108][ T5866] rxrpc_io_thread+0x18b2/0x2cd0 [ 338.552049][ T5866] ? rxrpc_io_thread+0x1171/0x2cd0 [ 338.557190][ T5866] ? __pfx_rxrpc_io_thread+0x10/0x10 [ 338.562566][ T5866] ? do_raw_spin_lock+0x121/0x290 [ 338.567596][ T5866] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 338.573515][ T5866] ? __kthread_parkme+0x1a1/0x200 [ 338.578623][ T5866] kthread+0x70e/0x8a0 [ 338.582688][ T5866] ? __pfx_rxrpc_io_thread+0x10/0x10 [ 338.587970][ T5866] ? __pfx_kthread+0x10/0x10 [ 338.592559][ T5866] ? _raw_spin_unlock_irq+0x23/0x50 [ 338.597748][ T5866] ? lockdep_hardirqs_on+0x9c/0x150 [ 338.602948][ T5866] ? __pfx_kthread+0x10/0x10 [ 338.607535][ T5866] ret_from_fork+0x3fc/0x770 [ 338.612136][ T5866] ? __pfx_ret_from_fork+0x10/0x10 [ 338.617243][ T5866] ? __switch_to_asm+0x39/0x70 [ 338.622005][ T5866] ? __switch_to_asm+0x33/0x70 [ 338.626767][ T5866] ? __pfx_kthread+0x10/0x10 [ 338.631354][ T5866] ret_from_fork_asm+0x1a/0x30 [ 338.636130][ T5866] [ 338.639397][ T5866] Kernel Offset: disabled [ 338.643708][ T5866] Rebooting in 86400 seconds..