last executing test programs: 1m49.01729649s ago: executing program 4 (id=121): r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='blkio.bfq.io_queued_recursive\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x131a, 0x6, 0xfffffffe, 0xa82, r0, 0xffff4f9d, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x3, 0xa, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x57}}]}, &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 1m35.683033675s ago: executing program 2 (id=187): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, 0x0, 0x0) setsockopt$IP_VS_SO_SET_EDITDEST(r2, 0x0, 0x489, &(0x7f0000000380)={{0x84, @multicast1, 0x4e20, 0x3, 'sh\x00', 0x0, 0x60000000, 0xc}, {@rand_addr=0x64010102, 0x4e26, 0x12002, 0x0, 0x8001, 0x1}}, 0x44) ioctl$FIOCLEX(r1, 0x5451) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0000000203030000000000000052c2000000000800010001000000"], 0x1c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="3000000010000100525c00"/20, @ANYRES32=0x0, @ANYBLOB="0000000021000400080004000006000008001b00"], 0x30}}, 0x0) 1m35.400848773s ago: executing program 2 (id=188): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB="38611f709ee27c0f1900000000000000020000002003081c00000000060015000400006b0c0003800800020000000190"], 0x38}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e22}, @IFLA_GENEVE_UDP_CSUM={0x5, 0x8, 0x1}, @IFLA_GENEVE_COLLECT_METADATA={0x4}, @IFLA_GENEVE_DF={0x5}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb0014"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) (async) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb0014"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000041c0), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000004000000140001800d0001007564703a7379b390b3"], 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x40004) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x68, r3, 0xc373368b0a425fe9, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x54, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_MEDIA_PROP={0x4}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x40000) (async) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x68, r3, 0xc373368b0a425fe9, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x54, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_MEDIA_PROP={0x4}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x40000) 1m22.793307978s ago: executing program 4 (id=121): r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='blkio.bfq.io_queued_recursive\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x131a, 0x6, 0xfffffffe, 0xa82, r0, 0xffff4f9d, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x3, 0xa, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x57}}]}, &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 1m14.29494857s ago: executing program 2 (id=188): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB="38611f709ee27c0f1900000000000000020000002003081c00000000060015000400006b0c0003800800020000000190"], 0x38}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e22}, @IFLA_GENEVE_UDP_CSUM={0x5, 0x8, 0x1}, @IFLA_GENEVE_COLLECT_METADATA={0x4}, @IFLA_GENEVE_DF={0x5}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb0014"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) (async) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb0014"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000041c0), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000004000000140001800d0001007564703a7379b390b3"], 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x40004) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x68, r3, 0xc373368b0a425fe9, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x54, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_MEDIA_PROP={0x4}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x40000) (async) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x68, r3, 0xc373368b0a425fe9, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x54, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_MEDIA_PROP={0x4}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x40000) 1m2.261395161s ago: executing program 4 (id=121): r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='blkio.bfq.io_queued_recursive\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x131a, 0x6, 0xfffffffe, 0xa82, r0, 0xffff4f9d, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x3, 0xa, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x57}}]}, &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 54.679399791s ago: executing program 2 (id=188): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB="38611f709ee27c0f1900000000000000020000002003081c00000000060015000400006b0c0003800800020000000190"], 0x38}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e22}, @IFLA_GENEVE_UDP_CSUM={0x5, 0x8, 0x1}, @IFLA_GENEVE_COLLECT_METADATA={0x4}, @IFLA_GENEVE_DF={0x5}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb0014"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) (async) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb0014"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000041c0), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000004000000140001800d0001007564703a7379b390b3"], 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x40004) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x68, r3, 0xc373368b0a425fe9, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x54, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_MEDIA_PROP={0x4}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x40000) (async) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x68, r3, 0xc373368b0a425fe9, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x54, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_MEDIA_PROP={0x4}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x40000) 42.762709173s ago: executing program 4 (id=121): r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='blkio.bfq.io_queued_recursive\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x131a, 0x6, 0xfffffffe, 0xa82, r0, 0xffff4f9d, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x3, 0xa, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x57}}]}, &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 35.532887002s ago: executing program 2 (id=188): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB="38611f709ee27c0f1900000000000000020000002003081c00000000060015000400006b0c0003800800020000000190"], 0x38}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e22}, @IFLA_GENEVE_UDP_CSUM={0x5, 0x8, 0x1}, @IFLA_GENEVE_COLLECT_METADATA={0x4}, @IFLA_GENEVE_DF={0x5}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb0014"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) (async) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb0014"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000041c0), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000004000000140001800d0001007564703a7379b390b3"], 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x40004) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x68, r3, 0xc373368b0a425fe9, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x54, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_MEDIA_PROP={0x4}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x40000) (async) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x68, r3, 0xc373368b0a425fe9, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x54, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_MEDIA_PROP={0x4}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x40000) 25.328913934s ago: executing program 4 (id=121): r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='blkio.bfq.io_queued_recursive\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x131a, 0x6, 0xfffffffe, 0xa82, r0, 0xffff4f9d, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x3, 0xa, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x57}}]}, &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 17.075733476s ago: executing program 2 (id=188): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB="38611f709ee27c0f1900000000000000020000002003081c00000000060015000400006b0c0003800800020000000190"], 0x38}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e22}, @IFLA_GENEVE_UDP_CSUM={0x5, 0x8, 0x1}, @IFLA_GENEVE_COLLECT_METADATA={0x4}, @IFLA_GENEVE_DF={0x5}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb0014"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) (async) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb0014"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000041c0), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000004000000140001800d0001007564703a7379b390b3"], 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x40004) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x68, r3, 0xc373368b0a425fe9, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x54, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_MEDIA_PROP={0x4}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x40000) (async) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x68, r3, 0xc373368b0a425fe9, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x54, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_MEDIA_PROP={0x4}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x40000) 5.532447317s ago: executing program 4 (id=121): r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='blkio.bfq.io_queued_recursive\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x131a, 0x6, 0xfffffffe, 0xa82, r0, 0xffff4f9d, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x3, 0xa, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x57}}]}, &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) 2.845345855s ago: executing program 0 (id=755): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x9, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2}}, @volatile={0x0, 0x0, 0x0, 0x9, 0x5}, @func={0x7}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e]}}, 0x0, 0x51, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) (async) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) (async) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000002c0)=0x7b73, 0x4) (async) recvmmsg(r0, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}, 0xffffffff}], 0x1, 0x0, 0x0) 2.553213815s ago: executing program 0 (id=757): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000200), 0x806000) ioctl$FS_IOC_RESVSP(r0, 0x40305829, &(0x7f0000000740)={0x0, 0x2, 0x2, 0x8000000000400}) writev(r0, &(0x7f0000000080)=[{0x0}], 0x1) r1 = epoll_create1(0x0) ioctl$FIONCLEX(r0, 0x5450) r2 = socket$xdp(0x2c, 0x3, 0x0) mmap(&(0x7f000000b000/0x4000)=nil, 0x4000, 0x1000005, 0x8012, r2, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r4 = socket(0x1d, 0x2, 0x6) bind$can_j1939(r4, 0x0, 0x0) syz_emit_ethernet(0x93, &(0x7f00000006c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000186dd6dafc4c900002f01fe800000000000000000000000000019ff020000000000000000000000000001"], 0x0) writev(r1, &(0x7f0000000500)=[{&(0x7f0000000780)="c48f07426f845bd6b183fe813ea4915542831c489bc19a41f414ed9a4616a264236d88ecb86afab51b1cc37a079c4434519abb34236e98b428aefb42334eb1223373ba6451341930d9cdb5c32f4a71fec42315f4e243341104db598b8203ed70e19a2eabab152ce389dc7271f3c6027c0f59fe65c5df98f851dfdf7886c8c04aa4e8c3a1f35bbf062461d5d0b7e0c4de6c021bbf8694a9828cf4d37134c0a8292fc6235deb55e4bce375d7978a2dcbd166a9e4397c932856334c952f36a9a9cdeb6327682daca6923372ea4258370c501e22b41dc72ecfe487432976fd421237a86f9cb1f9121393279100fe22287922ac8856abf1e71dc234716c9eb46b5716e751accee4a92b5f66eadd30b5ffe7f74dc09b07ba52d9dae48b5dd51bcf175787e9e0f9704620d285b864a8d598e16dd3916bb25459fd1fb0a143b24a608f11ff62c07f934827b5a7a0ea5cea4cc7c003ffe62c4b050c79d023083c6576819f317649d2bcb3ee84cecdc0a257b5cab0bc83f7467ad0af48c1d5cf5a76fb5f00a205736ad1d72f69406f48fb6435814a82dee5244547fc62108fdae111129909b9ae875c51ae94a79e000ef8bfe79b8b466f4731537b4ad5d9ed2f25e93d866f04e5c7f9cec524f1aed0f1c00b212fbae1b4b0c88771dd586f9773431165394e95568d3a0346c7577ff63aaa15a0624199033ec6811d379bcb30750ac47068ccd418ba226e6ed27014e89a301371328fbd3cdaa766c4c2cec8703ee371eba2b45a650c8f3083e6190db59bc88dc46848b32c9c48ca0c2036f77ff7c887641384128dbe3ee21042a8d5a4dfabb3a21c7b35ba7202e021d4a5861a706d93c9628c4f0a4156b1a6dcbdfdcea447e1f6ccc3234dbee59356f4e398bb6707b8fa1aed1e446fafb07585ca658450d6f6bb2fb19a5d3a97d96a8b58173bb27c491657b5bd3d4337585e78d530c5530a2b83105e2ccfa26a9f85bf9983f88c90fcad577c26751af347805ed3b14b5e23ebecb995c9024b8cd866be75d18d487889cc6cd4a3a556a424477702b945672b24d544a551b01614ceadc9534b53676e6bbeca9108bc61291c65da1b10a3c7ff379042ce76b95237b696c405bcaa18d0dabd3f1df2e5a407540d56f540b3b3961a7d3bc0d70e82d3beff676e5d362b990aa0fc10b850de965bdda047c8f87e1af00086bf0d6839af2600d3761a414393170ab803cce18857ab0b813a90634b266d7bc0af4ceb12fba88a81c1495aa4bf17f84e53ad03472f2cb4297a9cfc633da09a68ed7f89f7c309ae94366ca8379b3686cd2f135bddcddf011f33f801989cc811d65bb4a46a8e3d65d848f93902b880ad2341d476a15f1d8e098d66439ae446c65e13001dbb95c3f6c81fa981a6d51e4bec5c9b3d6d1c6307cffee51a88adad0b16efb389c99bec20aa87929426793dbedffe53d80c68c263546754594b27560649110050eeb5a5663ab30840c8b13cbdff46b43db220fdda8872d6ad6b23f20a7820d2a2ae2c793265c68cb4f7c4fc53ccd0176448861a8557e76497e1413a6ce29513f6175fb393786b773d02428b58cc5bd8c88ba71ef971e75fb471570549997640a689ee1c6dda4aabce47bd110f301a15587b427e8fa38e76e523328480410180494c113c4cea21f993c4eaa2b31e7a7b3dc8d9d44c566adb4b54ea3d530102e9865dbdefb3a6a64e696f2b652a9d2666f6fa1b351a22d6179d81e3af4d71468f935c35b51272a249ce4b53de60b47c586fcd6c0a49c12ea4fa589c904efd87b9d6d44786ef60e73a9796d2c304c0d32cf7c022fa64f6da4de59f52fd4e1c0bcdf543acee81fcd85fe1ea48d4ae8370861b433535033aecff6763b49df653c849ffc98b86bb5059001f25f4ef5ede1cc52846d274f0341f0bf4df1b9a41f91d812d791733e3d9a33acb064cff04feeb51752033c58eae890f3f3c39d2cd2742152a00413de2ff2d9277844b1444668c5be5aedefb72631bfd5e65613b4dcf0728972c3942e6fd00c5a27e2dd28090f9525edfa7efdc94b31978adb5eb28732ce2b4edefdaa7c370ab1edf6cf5f656cee371de09c870ee3609998fdca626daea1178f1a2a6b7db6c31bc5d98dbfda01e4ad6c388eadf8d0e9ead0bebed464e33064f33d71a9f7f2dd6dc958f235d7d11e296a3b348a62358e9d2335fe39a6075789786fe87d3adef144f9e20ff2090f1826f54613bf80f631bfac5300e33c1838e42b0072cfe22e46da53d82008952ee06b71b2d9356ba357389ccd2ff064d92a58fc432f21e77c6b4326d1cd979404cf68e963b7b884a2dfd86f35d534916ff3c402ac59aff42b7c9d8f078f6d213db7fc84bfd1cc555d5dbfd9b76558c65392e091127106138f0cff42362b5071ee76c711e46be9acd6298a6e4b99ab416a4f069bd933a68480cf01bbb390eb7844bf46e5b0be84b8f22241d75e5b58f6c97756d60fa76a3bb99055156a1ecd740f0438cba70314a46525154eee1181cff206897e8ffd5d50086a26397ad9e0bc1c970ce29072371095a792bc7d3e22560679840539367ef4c71c258fe998a80c0c66b72b2bb18a9aac58d95334d6d71671f85dea50a73ad9a5832674da491c2af1af35caebb50ed2cc7dfc542ced1fe110bc4dafea21df33df5cc0a5b90d7bfd97a8966b1be97e8f8c5ac53846b6af6850d42393b84bd7860aa0ee7cec70bd7ba9c1a80755fc9d5ec411f2c8d8e6f499b5dda4853d1b96c1f56f501f28bd534a82b6175db8518458144e4ae10bda4ae25a015e589522a973d082e9ff3e4be999f6819109d8221e9f1584c2c558d0636fa9a76f4b099eee779229aa9698a2a1c1bc87c244b5c6ddabeb8f76bb391efbcde69876fc5fd572f4a0bf5d082c161a916517e473ed8dc6a881aff4f1983d61137a47e5ebe03afe6e1b5785897bcc939f443d877491c045526560b5135a5bf646ad13e5d155973f415dc81ea2e0f4b0d8fb2f548678fea00bb38053d523aebdff6b5692633c95acf1a03a37455662c4f0ff3a2688d4649404c27c700693f2a383552110f64389244d80d154a73848bfbe7087d979b767ccddc7ca4d418dcfacd5a48dfcb87a15decb959e75caf8d18c138a114f676e72873a193dfc2d4f19122c74eba25a8cea3900b357652cbea37e4fb1c2eab2105db75c53a8e21fc462ed498dba843d6378263a1bb303ca54b601a117a62c1f1cc5f44bd551f351fbf178f554ad18e4c5bbda6ca8dad1acd68990da34bdba6b684972591e3b2d9891d75774e06bb3cdb794025767836ba89273b5b5d2c12da69a74f3e0906d2ee3e4d4c36d069b03971c0c0bfee2ba761f2227c0054ad5ef9cd47a3b947673070cb472c4b2ef749de483d65eb875d9c9debf146aca96784932e573b6429932e6a48378b8cb6a833f6fcf53595b10e80c599f3bfeaffa0c4c4cb7de23d0a66a24898e0f5f31a6ce722a10e2316260ee4f178a99faae74ea48e86d78e89b3981f292a808c29cdfd7b129893db65686e9d3a52acb16b9d50b46be440b79c55b888fbbd36e0bdf13d566a2fdf7d3c1fd4225ce9071de870b35b1da3a00c6ea5c0e8bdcb1495fb77ecc3b693ab387e9ab25611c0f5f3bfbbb6c0ad1464a03eeaae3cbed87117beaeb83165f8e01bd52dc082a5bd47b615df681758bffc62327dc2a58b488f5e35f5d420c273588fc960a3af3b78686968fe4d8efb95df9a7e78e6965af3e1de5b6adc1d24f72576eec53c37b3312df1429dad3f88b624a7ed0586adb621c2037d5027c54297dd3e1d19a2ecc52711707fcf8f1f7d13004a5cecbc5fb56b59582abc3dfdda1d3e72f8198c50d157e3ee85a510b54eb28c0fdf4f2c4c362c638896605175d857e1a7a98c570d748f56d09c1d6f660959e1d3278c306e07797de4e6bdae6019a476858fa96a02fc7f4931c8c56fd4f1e0abac59b9c3a83b39e4d47830507fe3bf018cc6c88c1d974be3d6cd9d8ce2399ebb1eda1179752b035218bb0e76dc697bb8f4ac74610108a80f5512dadd63526ad455e110bbe17eeceb1b4ff187abee8f426004edadff4bd7a8a96faf5896128ed29c4c1e80d9cffa8ff8bfb3d0dbda575386640c250164c38def81a64683d3a88f4a08d17715c0d0a7a53f4958ea1a01f7491e663c4136de5c1e61a962012feae61c4723eb912a13744741e980c8913dd3bf3988941e52d7e75aadd81b37cb21c1f8b95f4afc1c18842e1d7cefeefd8b1877973debca3828720f31fde4e4a42f9345d13dbbc255ac1be28644516662fe8f7785360df607fb3968e38782732c9686b38ff64cb29adc753c4c35ac9276ff04c1d2689db520e5d98ebcc7d5de05bb4d8b3f5ee8b64718d70ca3cb189e7bcc79218748afb4c7d7b5bdb50bc2e1c0a932544a64fc5cbe3f89cd475030479232e81075b53318cb860ad48c034da54f8e9cb106c4d66aca606da4215c730e29bdc75136ff74929ac4ee4fb376737def3ef792701349e4d9d5db4c9d3ad7ac7cb4c46477c9541cd30887bc85a761b0a9176429c6e00cc789c63c921336ca24758779af7debd3270a937cdc468e777c5e71d75137201fef1234b642c58af53f2ef098afbdf596fd2d4909c6cbcabc77a52133057d1deba2ebfa2bef5f59c2277b816eb05f742a81e9671d9ab21664ce796249eb644296c2616154642521845c906b087ecd1b461d0a7ecbfae15ceafb45020fe311feb4d4e1846e6fee0e3cad36e762f718976c5d469ee8732a133122f85da0a0aeb7b6b72e45bc9b7b646cdc85372ec2feb467f8db07705292b62421273ede42c9395d6e51af5a8305dc823064501a627a93e26db6ae363a41ad3facace5dca263b074a096ecdca95e2952ddf9a733a406d114518ce92bee277a9d2a17500aa57433aad209bf23d7ae0d534f40ec77681774e0579f3170ab426cccddb34824c6cdfdc4a3229a8b3c8f166a52d3b1f73c5e5d2183b2a02437e90b0ec9e8bd3ba180340b57ced5ef481023b4d6789c6b516cb95f228047188d99c25bf212629eb6d34b0555945daf5e8433dff50b4d228373f861e89a48bb023c4059507e5263c2dd171863358eade877d14be8865d79a621fdc8ecfc5394a06cd3f2e0ddc92c3334d359c20a61816fb87b79932187d525d7bbadbeb368aea022fdd798730cebbeb84b6702d55143bd873e499a212b00b1aa67ee7e532b3d174adabb87ecb2dc5ac1634929868ebbd9065a4cbb79260663ea13643c774baa92b5200b13872cfc7d09032ed39016b6723e58c1305cff607f5ba74b76581393b0dafcb2a2dedc9d7d2deedfabb70cd69108b57af69a7b995ac542905e6711ea3fb203945990cb44684fa742fb598eecc171c1b88a7ead22b26ad451df5f569174f071d45eedddc632327881e8e8bcd92cc364e7d0798b111ca1a67210e8113af5ecfcaf3d67e39f5aa392e7741d508b818d32808841170121b7741446ad3f5578b33348f00aba63f6c30c9fb3e72843f4f92ffb6e624c798ca85f55432927fc34851c49f3f56a723a686d7e0f2008ccd3c1a75a68037c8ab8d9ff687281a14b251972398e9d300f11af5f3bd002c19b2c258688f16f4eaaf4f22dc090c86e01e5ec377d441819c6b51aa1cb928234e625f622fd914ab6eefb3271fc0ada01684929637ae96e3b422ab8b8169d25b396988d5c2c17f3f83e18100f5b9559ed47173e476127db771dfd0b3ae2264b44bb486904e08d01c46f4a3a64f8cee4857c133c0feccfda885297e515a75a9e832d408143c0144b6546dea612d0201a58681b988f41", 0x1000}, {&(0x7f0000000240)="51df1a654995aa744dc90c564e82ef5e1ffdb7c4169a144188758c9bfb68457cb88256c3cbe31b9c88659c680ac18d750bcfb0222f1ffbffb5ddb654210dd101024dd7aeb4e9a1d98581676512554017eee632c9561958dc0a08131af8d8ba673e67cff1629e002e8ac3f6655ac0eb17d6310e784b372496620700186766ba9b82dec84bf0cbf24adeba6066ca9ecbee3f9e70c8607efa30d40922cdbb70", 0x9e}, {&(0x7f0000000300)="a7469974d25b1ebeef8772fe9b156feced91a7376ac962cbe17348e419c9cf53007b5a39e22315c74d728b02da4de2da08106f775a71f5d77169751868b9fe42794e683789e59bf8bb6bfe3f49ce3b08ae3f318b006e3233073c34e69ff1e8e373cc85be872cf0ea70d01386dc16b2f91722aac4", 0x74}, {&(0x7f0000000380)="b4ffcda0b0df4d33c66fa4f9c06f280003fa3744267915682e2357a8a22a39ad1178d770c6f89e53a73d48310b17dbd52c78419d259b99e31da3f34abe9cfbdbce727d16a27939df7291791a3d736ae35d973a94a339efbb88f5dce4380fde56a63df73f56657a4e0d9a3ead2c3260688a5b37fc87c9b234282a3e1d8f1af2ef7e64d6aa59c0083e28a70beed88086c70496b17c35", 0x95}, {&(0x7f0000000000)="ee4ea7af0bf573a744d862c1009bcc25809c4ccc78392c648ff067fb39536774c4452d3cea025025", 0x28}, {&(0x7f0000000440)="efcf1bf41497f5a9db02fa8e581acd936606621ea8fa74ea4a72128a4de4211ee5e7ae841166c16655ceb0b405cbc064694cd9983001f483281b1875740829b8323a625333b0045205d10ff662dd1d04ae2db2a3bd7e00d49dc8a4f4a5133f092314010268ff1438fe0341ae66ed92bb9885125de5324e501851257043f1c50883383e3a", 0x84}], 0x6) 2.281252799s ago: executing program 0 (id=761): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000006c0)={0x14, 0x3, 0x7, 0x101, 0x0, 0x0, {0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x84) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'geneve1\x00', 0x0}) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000002ec0)={'netdevsim0\x00', &(0x7f0000002e40)=@ethtool_coalesce={0x50, 0x3169, 0x9, 0x1, 0x6, 0x9, 0x8, 0x2, 0xfff, 0x10000, 0x4, 0x7, 0x4, 0x5, 0x4, 0x1, 0x5, 0x1, 0x2400, 0x3, 0x9, 0xede, 0x80000000}}) (async, rerun: 64) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="38000000100001002bbd7000fcdbdf2500000000", @ANYRES32=r2, @ANYBLOB="0000000004000000180012800b00010067656e65766500000800028004000e00"], 0x38}}, 0x0) (rerun: 64) 1.873277478s ago: executing program 3 (id=764): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) r1 = epoll_create1(0x0) r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000000)={0x30000011}) r3 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet(r3, &(0x7f0000002380)=[{{&(0x7f0000000080)={0x2, 0x4e24, @remote}, 0x10, 0x0}}, {{&(0x7f0000001940)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000002580)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x8d0}}], 0x18}}], 0x2, 0x4800) 1.852947728s ago: executing program 3 (id=765): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a300000000034000000030a010100000000000000000100000209000b0073797a31000000000900010073797a300000025008000a4000000004"], 0x250}}, 0x0) 1.762436901s ago: executing program 3 (id=766): bind$alg(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) (async) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2b, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4) (async) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) (async) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r1, 0x84, 0x81, 0x0, 0x0) (async, rerun: 32) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 32) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000080)=ANY=[], 0x7c}}, 0x20000000) (async) r3 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) ioctl$sock_ax25_SIOCADDRT(r3, 0x890b, &(0x7f0000004800)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, 0x40, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) (async) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000061c7c5778828f5510270fbd446a12aa73265700000002000000400004803c0001800b00010065787468647200002c00028008000540000000000500020094000000080004400000009a080001400000000c08000340000000030900010073797a3000000000090002007379013200000000140000001100010000000000000000000000000abffda843996716517b9c9124406c5bffb3f682b4ae62d6dbdf31beb2a65e47bb76f967d6e3cb39a68129dda18f55ba0a3d3736945d07d021f30d4c47ea10375e54df412531995347522a174be374765caae003adce3134fb1da8c10af44359f96390030c61fdf6ecfc"], 0x94}}, 0x2e58d4b13e6fccb4) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x418, 0x0, 0x268, 0x311, 0x0, 0x268, 0x348, 0x460, 0x460, 0x348, 0x460, 0x9, 0x0, {[{{@uncond, 0x160, 0x230, 0x258, 0x0, {0x9401}, [@common=@inet=@hashlimit2={{0x150}, {'hsr0\x00', {0x0, 0x9, 0x0, 0x0, 0x0, 0x5, 0x9}}}, @common=@unspec=@time={{0x38}, {0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x3}}]}, @common=@unspec=@NFQUEUE2={0x28}}, {{@ipv6={@local, @private1={0xfc, 0x1, '\x00', 0x1}, [0xffffffff, 0xff, 0xff000000, 0xffffffff], [0xffffff00, 0xffffffff, 0xff000000], 'nicvf0\x00', 'veth0_to_bridge\x00', {0xff}, {}, 0x3a, 0x8, 0x0, 0x2}, 0x0, 0xd0, 0xf0, 0xe4030000, {}, [@common=@ipv6header={{0x28}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x478) r6 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) (async) getsockname$packet(r6, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x1}}}}]}, 0x44}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000840)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0x0, 0x9}, {0x0, 0xfffe}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_bpf={{0x8}, {0x1c, 0x2, [@TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x2}, @TCA_BPF_FLAGS_GEN={0x8}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x4}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000041}, 0x8c000) (async) r8 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0) (async) ioctl$SIOCAX25DELUID(r2, 0x89e2, &(0x7f0000000640)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}) (async) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xb}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) (async, rerun: 32) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000007111ad00000000008510000002000000850000000500000095000000000000009500a505000000005160b53d4aaf0ecda3e967683918fabfc90ec1e06c5f48cb9ce64e815b7b74d0c3e9365f188f6a00591b"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) (rerun: 32) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r9, 0xe0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd8a, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, 0x0, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x8, 0x0, 0x0}}, 0x10) (async) unshare(0x20000400) socket$netlink(0x10, 0x3, 0x10) 1.568647165s ago: executing program 1 (id=767): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt(r0, 0xb, 0xfffffffe, &(0x7f0000000000)="78b6ac65b6e790db64017c732928ce27c7c6f447b4d5b95b440472994662002a7afe5eb88f14eab819ba20e30c33d491d0ef90bff8cad6563d062c78e0a14cd696d13d4c6a2a514eb57ded602e2bf34bce43c1d5bdd195c31ff4c6be409f60d1ccafd422ca59f4be8c7e6c3457376b903c3dbb03fb5b46ec43241771351782e3bb0140864704e0818f67471d2c57f9fb3376dc587a0c33d93920d341efa60d4e0225f6b011ba6ea6c736899bb14eac90", 0xb0) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000380)=ANY=[], 0x9) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x15, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002021692500000000002020207b1a00fe00000000bfa100000000000047010000f8ffffffb702000008000000b703000000000000850000000600000085100000010000009500000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 1.496449295s ago: executing program 3 (id=768): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000f40), 0x48a41, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) (async) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) (async) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) (async) r9 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000000)={@val, @void, @eth={@broadcast, @remote, @val={@void, {0x8100, 0x5, 0x0, 0x1}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x6558, 0x18, 0x0, @wg=@data={0x4, 0x0, 0x5865}}}}}}}, 0x42) 1.414629273s ago: executing program 1 (id=769): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x80) 1.241182535s ago: executing program 1 (id=770): r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r2) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xfffffffffffffd2d) sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r3, @ANYBLOB="0000400000000002280012000c00010076657468"], 0x48}}, 0x0) getsockopt(r1, 0x5, 0x9, &(0x7f0000000180)=""/17, &(0x7f0000000240)=0x11) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="2800000014002101000000000000000002200000", @ANYRES32=r3, @ANYBLOB="08000400ffffffff08000200e0"], 0x28}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_DEL(r6, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)={0x14, r5, 0x1, 0x70bd25, 0x25dfdbff}, 0x14}}, 0x40010) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000780)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="180000190000000002000000000000001840000002000000000000000000000095000000000000009500000000000200"], &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r8, 0x8, 0x0, 0x0, 0x14, &(0x7f0000000600), 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) setsockopt$pppl2tp_PPPOL2TP_SO_REORDERTO(r2, 0x111, 0x5, 0x2, 0x4) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="280000001400212100000000000000000200"], 0x28}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000017c0)=@ipv4_deladdr={0x20, 0x15, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r9}, [@IFA_ADDRESS={0x8, 0x1, @local}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000840}, 0x0) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000000)={{r0}}) 599.412177ms ago: executing program 0 (id=771): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = epoll_create1(0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40088a01, &(0x7f0000000000)=0x100) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000400)) syz_emit_ethernet(0x7e, &(0x7f0000000240)=ANY=[@ANYBLOB="bbbbbbbbbbbbffffffffffff86"], 0x0) write$tun(r0, &(0x7f0000000240)=ANY=[], 0xfdef) 559.857404ms ago: executing program 1 (id=772): sendmsg$NLBL_MGMT_C_ADD(0xffffffffffffffff, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c80)={0x34, 0x0, 0x1, 0x70bd25, 0x0, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast1}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @private=0xa010101}, @NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000010}, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000780), r0) sendmsg$NLBL_MGMT_C_ADD(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000c80)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000cbca00000000010001000800d7c30a01010108000000"], 0x34}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="4800000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="000000001028000028001280090001007665746800000000180002801400010000000000", @ANYRES32], 0x48}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r5) sendmsg$NFC_CMD_GET_TARGET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r6, 0x1}, 0x14}}, 0x0) syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r5) r7 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r5) sendmsg$NBD_CMD_RECONFIGURE(r4, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01000000001200000000060000e808000100000000000c000d"], 0x28}}, 0x0) sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="300077e2", @ANYRES16=r7, @ANYBLOB="00032cbd7000ffdbdf25030000000c00020001000000010000000e000a004e4c424c5f4d474d54000000"], 0x30}, 0x1, 0x0, 0x0, 0x4044010}, 0x4004800) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3) sendmsg$NL80211_CMD_VENDOR(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x40, r9, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x1, 0x3c}, @val={0x8, 0x3, r8}, @val={0xc}}}, [@NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x1374}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x1}]}, 0x40}}, 0x0) 400.311739ms ago: executing program 3 (id=773): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000400)={'batadv0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_TP_METER(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000500)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="fd8d00000000000001000200000008000300", @ANYRES32=r2], 0x30}}, 0x0) 349.51899ms ago: executing program 1 (id=774): r0 = socket(0x840000000002, 0x3, 0x7) getpeername$unix(r0, &(0x7f0000000100), &(0x7f0000000180)=0x6e) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000900)=@raw={'raw\x00', 0x2c8, 0x3, 0x398, 0x208, 0x229, 0x240, 0x0, 0x4c000000, 0x300, 0x328, 0x328, 0x300, 0x328, 0x3, 0x0, {[{{@ip={@broadcast, @local, 0x0, 0x0, 'veth0_virt_wifi\x00', 'bridge0\x00'}, 0x0, 0x1e8, 0x208, 0x0, {0x0, 0x700}, [@common=@inet=@hashlimit2={{0x150}, {'veth1_to_team\x00', {0x0, 0x100000007, 0x0, 0x0, 0x0, 0x8000, 0xffff}}}, @common=@inet=@ecn={{0x28}, {0x11}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0x98, 0xf8, 0x0, {}, [@common=@icmp={{0x28}, {0x0, "41e9"}}]}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3f8) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b400000000000000dd0a0000000000f659e7ae1d3281a0abcb4a7f0073016200000000009500000000000000a6692aae1a43fa0bf68bbf0c19b1e9020b3ed65b5d9fdfc2ca5fe8966d8b6e8212a5c72a2c32d3e821d446355e043be398137c9733d3925e4280e1224bd05ba6f04f93f5ac29bc54caed1fc7f417b74304197b062f10950ce043bf3bddf4d824304dbe407b281b030f592f85bc23d29dd493b9003386"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 273.268398ms ago: executing program 0 (id=775): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)={0x28, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0x10}]}]}, 0x28}}, 0x0) setsockopt$inet6_int(r0, 0x29, 0x43, &(0x7f0000000000)=0x6, 0x4) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r5, 0x6, 0x1d, &(0x7f00000000c0), &(0x7f0000000100)=0x14) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000080)=ANY=[@ANYRESOCT=r4, @ANYRES32=r4, @ANYRES8=r4], &(0x7f0000000980)='GPL\x00', 0xff800000, 0x0, 0x0, 0x0, 0x16, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$inet6_tcp(0xa, 0x1, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) (async) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)={0x28, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0x10}]}]}, 0x28}}, 0x0) (async) setsockopt$inet6_int(r0, 0x29, 0x43, &(0x7f0000000000)=0x6, 0x4) (async) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async) socket$inet6_tcp(0xa, 0x1, 0x0) (async) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r5, 0x6, 0x1d, &(0x7f00000000c0), &(0x7f0000000100)=0x14) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x10, &(0x7f0000000080)=ANY=[@ANYRESOCT=r4, @ANYRES32=r4, @ANYRES8=r4], &(0x7f0000000980)='GPL\x00', 0xff800000, 0x0, 0x0, 0x0, 0x16, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) 133.20165ms ago: executing program 1 (id=776): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a300000000034000000030a010100000000000000000100000209000b0073797a31000000000900010073797a300000006008000a4000000004"], 0x250}}, 0x0) 121.471053ms ago: executing program 3 (id=777): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010002000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000058000000090a010400000000000000000100000008000a40000000000900020073797a31000000001200010073797a300000000008000540000000041c000980100002800c00018008000140000000020800014000000003"], 0x364}}, 0x0) 0s ago: executing program 0 (id=778): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@ipv6_getaddrlabel={0x24, 0x18, 0x1, 0x0, 0x0, {0xa, 0x0, 0x80}, [@IFAL_LABEL={0x8}]}, 0x24}}, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@can_delroute={0x14c, 0x19, 0x1, 0x0, 0x0, {}, [@CGW_CS_CRC8={0x11e, 0x6, {0x47, 0x0, 0x0, 0x0, 0x0, "e520043f593ec7e217fca22551bf518a103c21127694a923126b01f7576fd01d5a58f799e22be3ca84f32a95d37609e21c24a2f5467ea3232437f6ea56885246fe904c518de7c87f4ef7e4be8881f8c68a68e6be8752bee10849efee53f02ad9e57b13cce241c2bce7cedb98c7a0864bc99d99d59276b74ecc359020d8adcbed21b54d64b468164ea88c84fc2d5bc5716a91216467534baae2ef35eaf299241096748df577f56e4f2566ae4e9a80bba4b2fb2cbdf7c58715e6316ebe8e916728b692387a6fc8a2b06ab352344a4dc169092066fa74315e4f44c059c7e187cff96c7798cd7223d4a6df8c3062d84690b79c8ecf0c5c6982d322ffcd66a866d2fc", 0x0, "56e89243dad36ae9dc7283425f986bbfe5349c4e"}}, @CGW_MOD_OR={0x15, 0x2, {{{}, 0x0, 0x0, 0x0, 0x0, "80deae486c1a0221"}, 0x6}}]}, 0x14c}}, 0x0) kernel console output (not intermixed with test programs): and tx timeout [ 95.103887][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.119957][ T5829] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.129281][ T5829] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.139190][ T5829] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.148712][ T5829] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.157463][ T52] Bluetooth: hci4: command tx timeout [ 95.184087][ T5830] veth0_vlan: entered promiscuous mode [ 95.227814][ T5830] veth1_vlan: entered promiscuous mode [ 95.273891][ T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.278740][ T5844] veth0_macvtap: entered promiscuous mode [ 95.282626][ T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.325778][ T5844] veth1_macvtap: entered promiscuous mode [ 95.378294][ T5842] veth0_vlan: entered promiscuous mode [ 95.393022][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.402757][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.433323][ T5830] veth0_macvtap: entered promiscuous mode [ 95.448746][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.472757][ T5830] veth1_macvtap: entered promiscuous mode [ 95.490975][ T5842] veth1_vlan: entered promiscuous mode [ 95.526457][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.548474][ T1040] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.557652][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.567934][ T1040] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.568140][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.578828][ T5844] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.601233][ T5844] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.610693][ T5844] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.620020][ T5844] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.655201][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.693489][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.727361][ T5830] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.741196][ T5830] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.747942][ T5829] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 95.751489][ T5830] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.774848][ T5830] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.819121][ T5842] veth0_macvtap: entered promiscuous mode [ 95.902583][ T5842] veth1_macvtap: entered promiscuous mode [ 96.051271][ T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.070857][ T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.096682][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.220284][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.286874][ T5842] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.321462][ T5842] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.334803][ T5842] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.343955][ T5842] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.389151][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.418661][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.441965][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.474642][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.667568][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.687366][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.806041][ T5933] warning: `syz.3.9' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 96.826169][ T52] Bluetooth: hci0: command tx timeout [ 96.832094][ T52] Bluetooth: hci1: command tx timeout [ 96.841585][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.868883][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.923384][ T5935] batadv1: entered allmulticast mode [ 97.078390][ T1155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.137704][ T1155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.161602][ T52] Bluetooth: hci2: command tx timeout [ 97.161756][ T5831] Bluetooth: hci3: command tx timeout [ 97.181879][ T5940] netlink: 80 bytes leftover after parsing attributes in process `syz.3.10'. [ 97.226121][ T5831] Bluetooth: hci4: command tx timeout [ 97.240842][ T5943] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 97.361685][ T5945] Zero length message leads to an empty skb [ 97.437923][ T5948] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 97.533547][ T5948] netlink: 20 bytes leftover after parsing attributes in process `syz.2.11'. [ 97.592055][ T5948] x_tables: ip6_tables: REDIRECT target: used from hooks INPUT, but only usable from PREROUTING/OUTPUT [ 97.697854][ T5956] netlink: 'syz.1.2': attribute type 29 has an invalid length. [ 97.741524][ T5956] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'. [ 97.781690][ T5957] netlink: 'syz.1.2': attribute type 29 has an invalid length. [ 97.806809][ T5957] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'. [ 97.836300][ T5961] netlink: 4 bytes leftover after parsing attributes in process `syz.3.14'. [ 98.079533][ T30] audit: type=1107 audit(1748875991.588:2): pid=5965 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='ً5%UA٠0ltݕ/ 6򊨊' [ 98.324068][ T5972] netlink: 'syz.2.18': attribute type 1 has an invalid length. [ 98.544319][ T5982] syz_tun: entered allmulticast mode [ 98.610347][ T5981] syz_tun: left allmulticast mode [ 98.845111][ T5997] netlink: 16 bytes leftover after parsing attributes in process `syz.1.27'. [ 98.930696][ T6003] netlink: 4 bytes leftover after parsing attributes in process `syz.3.28'. [ 99.011525][ T6003] vcan1: entered promiscuous mode [ 99.175245][ T6014] netlink: 58 bytes leftover after parsing attributes in process `syz.1.32'. [ 99.341166][ T6022] syz.2.30 uses obsolete (PF_INET,SOCK_PACKET) [ 99.764106][ T6032] netlink: 8 bytes leftover after parsing attributes in process `syz.4.35'. [ 99.813857][ T5883] IPVS: starting estimator thread 0... [ 99.904622][ T6035] IPVS: using max 24 ests per chain, 57600 per kthread [ 99.981175][ T6033] veth3: entered allmulticast mode [ 100.185160][ T6043] Cannot find add_set index 0 as target [ 100.224633][ T6043] netlink: 20 bytes leftover after parsing attributes in process `syz.4.38'. [ 101.001021][ T6078] Bluetooth: MGMT ver 1.23 [ 101.048126][ T6072] Bluetooth: MGMT ver 1.23 [ 101.468538][ C1] Unknown status report in ack skb [ 101.621815][ T6099] netlink: 'syz.4.54': attribute type 39 has an invalid length. [ 101.646187][ T6093] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 101.679597][ T5883] IPVS: starting estimator thread 0... [ 101.815138][ T6104] IPVS: using max 24 ests per chain, 57600 per kthread [ 102.145009][ T6118] virt_wifi0 speed is unknown, defaulting to 1000 [ 102.151708][ T6118] virt_wifi0 speed is unknown, defaulting to 1000 [ 102.323157][ T6118] virt_wifi0 speed is unknown, defaulting to 1000 [ 102.384087][ T6118] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 102.447634][ T6118] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 102.552937][ T6126] netlink: 'syz.2.58': attribute type 11 has an invalid length. [ 102.561809][ T6126] netlink: 'syz.2.58': attribute type 11 has an invalid length. [ 102.593635][ T6126] __nla_validate_parse: 1 callbacks suppressed [ 102.593652][ T6126] netlink: 224 bytes leftover after parsing attributes in process `syz.2.58'. [ 102.622271][ T6118] virt_wifi0 speed is unknown, defaulting to 1000 [ 102.676608][ T6118] virt_wifi0 speed is unknown, defaulting to 1000 [ 102.701830][ T6118] virt_wifi0 speed is unknown, defaulting to 1000 [ 102.743860][ T6118] virt_wifi0 speed is unknown, defaulting to 1000 [ 102.790501][ T6118] virt_wifi0 speed is unknown, defaulting to 1000 [ 103.262024][ T6160] netlink: 8 bytes leftover after parsing attributes in process `syz.3.64'. [ 103.614093][ T6180] netlink: 16 bytes leftover after parsing attributes in process `syz.0.76'. [ 103.755330][ T6189] netlink: 244 bytes leftover after parsing attributes in process `syz.1.77'. [ 103.765685][ T6185] dvmrp1: entered allmulticast mode [ 103.892857][ T6192] netlink: 'syz.3.80': attribute type 10 has an invalid length. [ 104.064940][ T6206] netlink: 8 bytes leftover after parsing attributes in process `syz.1.82'. [ 104.092390][ T6206] netlink: 24 bytes leftover after parsing attributes in process `syz.1.82'. [ 104.138104][ T6206] netlink: 24 bytes leftover after parsing attributes in process `syz.1.82'. [ 104.586801][ T6219] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.87'. [ 104.609777][ T6219] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.87'. [ 104.708740][ T6226] netlink: 16 bytes leftover after parsing attributes in process `syz.3.90'. [ 104.733915][ T6228] netlink: 'syz.3.90': attribute type 1 has an invalid length. [ 104.752191][ T6226] netlink: 'syz.3.90': attribute type 1 has an invalid length. [ 104.903547][ T6234] netlink: 'syz.0.93': attribute type 11 has an invalid length. [ 105.784174][ T6276] netlink: 'syz.4.105': attribute type 29 has an invalid length. [ 107.325449][ T6309] netlink: 'syz.2.118': attribute type 33 has an invalid length. [ 107.397074][ T49] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.583248][ T49] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.673459][ T49] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.733630][ T6318] syzkaller1: entered promiscuous mode [ 107.742117][ T6318] syzkaller1: entered allmulticast mode [ 107.796540][ T6325] netlink: 'syz.2.123': attribute type 1 has an invalid length. [ 107.824917][ T49] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.269052][ T49] bridge_slave_1: left allmulticast mode [ 108.296036][ T49] bridge_slave_1: left promiscuous mode [ 108.329019][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.378210][ T49] bridge_slave_0: left allmulticast mode [ 108.394134][ T49] bridge_slave_0: left promiscuous mode [ 108.435610][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.842982][ T52] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 108.851755][ T52] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 108.863173][ T52] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 108.871496][ T52] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 108.881124][ T52] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 109.065788][ T6367] __nla_validate_parse: 4 callbacks suppressed [ 109.065808][ T6367] netlink: 8 bytes leftover after parsing attributes in process `syz.1.132'. [ 109.675604][ T6387] openvswitch: netlink: IP tunnel dst address not specified [ 109.745236][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 109.758629][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 109.769021][ T49] bond0 (unregistering): Released all slaves [ 109.783255][ T49] bond1 (unregistering): Released all slaves [ 109.798526][ T6389] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 109.874273][ T6343] syzkaller0: entered promiscuous mode [ 109.883508][ T6343] syzkaller0: entered allmulticast mode [ 110.984853][ T5831] Bluetooth: hci1: command tx timeout [ 112.367788][ T6360] virt_wifi0 speed is unknown, defaulting to 1000 [ 112.670001][ T6402] netlink: 64 bytes leftover after parsing attributes in process `syz.2.139'. [ 112.679505][ T6402] netlink: 64 bytes leftover after parsing attributes in process `syz.2.139'. [ 112.813861][ T6407] netlink: 64 bytes leftover after parsing attributes in process `syz.3.141'. [ 112.949961][ T49] hsr_slave_0: left promiscuous mode [ 112.961555][ T49] hsr_slave_1: left promiscuous mode [ 112.977633][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 113.001668][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 113.038623][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 113.065289][ T5831] Bluetooth: hci1: command tx timeout [ 113.087813][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 113.166987][ T49] veth1_macvtap: left promiscuous mode [ 113.180212][ T49] veth0_macvtap: left promiscuous mode [ 113.221379][ T49] veth1_vlan: left promiscuous mode [ 113.278241][ T49] veth0_vlan: left promiscuous mode [ 113.433356][ T6429] Unknown options in mask 1f4 [ 114.820700][ T49] team0 (unregistering): Port device team_slave_1 removed [ 114.878353][ T49] team0 (unregistering): Port device team_slave_0 removed [ 115.144759][ T5831] Bluetooth: hci1: command tx timeout [ 115.463222][ T6393] Set syz1 is full, maxelem 65536 reached [ 116.118023][ T6478] netlink: 24 bytes leftover after parsing attributes in process `syz.1.152'. [ 116.281070][ T6360] chnl_net:caif_netlink_parms(): no params data found [ 116.292298][ T6487] netlink: 12 bytes leftover after parsing attributes in process `syz.2.155'. [ 116.830129][ T6507] xt_HMARK: proto mask must be zero with L3 mode [ 117.036312][ T6516] netlink: 'syz.3.161': attribute type 1 has an invalid length. [ 117.154973][ T6518] netlink: 8 bytes leftover after parsing attributes in process `syz.3.161'. [ 117.237022][ T5831] Bluetooth: hci1: command tx timeout [ 118.041324][ T6516] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 118.089911][ T6517] veth3: entered promiscuous mode [ 118.154113][ T6518] ip6gretap1: entered allmulticast mode [ 118.334309][ T6537] netlink: 'syz.0.163': attribute type 3 has an invalid length. [ 118.374948][ T6360] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.432618][ T6360] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.453007][ T6360] bridge_slave_0: entered allmulticast mode [ 118.481872][ T6360] bridge_slave_0: entered promiscuous mode [ 118.518176][ T6360] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.553465][ T6360] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.574010][ T6360] bridge_slave_1: entered allmulticast mode [ 118.614263][ T6360] bridge_slave_1: entered promiscuous mode [ 118.708557][ T6546] netlink: 48 bytes leftover after parsing attributes in process `syz.1.167'. [ 118.853413][ T6549] veth3: entered allmulticast mode [ 118.952671][ T6360] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 118.998649][ T6558] netlink: 'syz.3.172': attribute type 11 has an invalid length. [ 119.020545][ T6360] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 119.213950][ T6561] vlan2: entered promiscuous mode [ 119.219428][ T6561] bridge0: entered promiscuous mode [ 119.228306][ T6561] vlan2: entered allmulticast mode [ 119.233526][ T6561] bridge0: entered allmulticast mode [ 119.373916][ T6572] netlink: 'syz.3.175': attribute type 13 has an invalid length. [ 119.460004][ T6581] netlink: 8 bytes leftover after parsing attributes in process `syz.1.176'. [ 119.474816][ T6360] team0: Port device team_slave_0 added [ 119.506152][ T6360] team0: Port device team_slave_1 added [ 119.550177][ T6575] infiniband srz1: RDMA CMA: cma_listen_on_dev, error -98 [ 119.568060][ T6576] netlink: 8 bytes leftover after parsing attributes in process `syz.1.176'. [ 119.601084][ T6576] netlink: 8 bytes leftover after parsing attributes in process `syz.1.176'. [ 119.624078][ T6576] netlink: 8 bytes leftover after parsing attributes in process `syz.1.176'. [ 119.645482][ T6581] netlink: 8 bytes leftover after parsing attributes in process `syz.1.176'. [ 119.654475][ T6581] netlink: 8 bytes leftover after parsing attributes in process `syz.1.176'. [ 119.730495][ T6360] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 119.749340][ T6360] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 119.796461][ T6360] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 119.832167][ T6360] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 119.858585][ T6360] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 119.976026][ T6360] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 120.343604][ T6360] hsr_slave_0: entered promiscuous mode [ 120.375727][ T6360] hsr_slave_1: entered promiscuous mode [ 120.395833][ T6360] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 120.424957][ T6360] Cannot create hsr debugfs directory [ 120.481156][ T6615] netlink: 'syz.1.186': attribute type 1 has an invalid length. [ 120.490451][ T6615] netlink: 'syz.1.186': attribute type 11 has an invalid length. [ 121.807300][ T6360] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 121.822406][ T6645] __nla_validate_parse: 1 callbacks suppressed [ 121.822424][ T6645] netlink: 108 bytes leftover after parsing attributes in process `syz.1.193'. [ 121.855480][ T6645] netlink: 108 bytes leftover after parsing attributes in process `syz.1.193'. [ 121.885773][ T6360] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 121.899639][ T6645] netlink: 108 bytes leftover after parsing attributes in process `syz.1.193'. [ 121.916291][ T6647] xt_CT: You must specify a L4 protocol and not use inversions on it [ 121.961543][ T6360] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 122.104626][ T6360] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 122.185772][ T6655] netlink: 'syz.3.195': attribute type 13 has an invalid length. [ 122.369638][ T52] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 122.380845][ T52] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 122.388991][ T52] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 122.441133][ T52] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 122.465479][ T52] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 122.654188][ T6677] FAULT_INJECTION: forcing a failure. [ 122.654188][ T6677] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 122.689855][ T6360] 8021q: adding VLAN 0 to HW filter on device bond0 [ 122.705171][ T6677] CPU: 0 UID: 0 PID: 6677 Comm: syz.0.197 Not tainted 6.15.0-syzkaller-07803-g3382a1ed7f77 #0 PREEMPT(full) [ 122.705201][ T6677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 122.705222][ T6677] Call Trace: [ 122.705231][ T6677] [ 122.705240][ T6677] dump_stack_lvl+0x189/0x250 [ 122.705287][ T6677] ? __pfx____ratelimit+0x10/0x10 [ 122.705314][ T6677] ? __pfx_dump_stack_lvl+0x10/0x10 [ 122.705346][ T6677] ? __pfx__printk+0x10/0x10 [ 122.705389][ T6677] should_fail_ex+0x414/0x560 [ 122.705423][ T6677] _copy_to_user+0x31/0xb0 [ 122.705448][ T6677] simple_read_from_buffer+0xe1/0x170 [ 122.705485][ T6677] proc_fail_nth_read+0x1df/0x250 [ 122.705511][ T6677] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 122.705536][ T6677] ? rw_verify_area+0x258/0x650 [ 122.705562][ T6677] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 122.705585][ T6677] vfs_read+0x200/0x980 [ 122.705618][ T6677] ? __pfx___mutex_lock+0x10/0x10 [ 122.705645][ T6677] ? __pfx_vfs_read+0x10/0x10 [ 122.705674][ T6677] ? __fget_files+0x2a/0x420 [ 122.705711][ T6677] ? __fget_files+0x3a0/0x420 [ 122.705741][ T6677] ? __fget_files+0x2a/0x420 [ 122.705782][ T6677] ksys_read+0x145/0x250 [ 122.705812][ T6677] ? __pfx_ksys_read+0x10/0x10 [ 122.705846][ T6677] ? do_syscall_64+0xbe/0x3b0 [ 122.705877][ T6677] do_syscall_64+0xfa/0x3b0 [ 122.705902][ T6677] ? lockdep_hardirqs_on+0x9c/0x150 [ 122.705927][ T6677] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.705948][ T6677] ? clear_bhb_loop+0x60/0xb0 [ 122.705974][ T6677] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 122.705994][ T6677] RIP: 0033:0x7f5262f8d37c [ 122.706017][ T6677] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 122.706034][ T6677] RSP: 002b:00007f5263e2d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 122.706056][ T6677] RAX: ffffffffffffffda RBX: 00007f52631b6080 RCX: 00007f5262f8d37c [ 122.706072][ T6677] RDX: 000000000000000f RSI: 00007f5263e2d0a0 RDI: 0000000000000003 [ 122.706085][ T6677] RBP: 00007f5263e2d090 R08: 0000000000000000 R09: 0000000000000000 [ 122.706097][ T6677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.706121][ T6677] R13: 0000000000000001 R14: 00007f52631b6080 R15: 00007ffd679d83e8 [ 122.706153][ T6677] [ 122.771026][ T6360] 8021q: adding VLAN 0 to HW filter on device team0 [ 123.041160][ T6685] netlink: 8 bytes leftover after parsing attributes in process `syz.0.201'. [ 123.125397][ T6685] macsec0: entered promiscuous mode [ 123.144241][ T79] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.151432][ T79] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.358322][ T6695] Cannot find set identified by id 0 to match [ 123.395439][ T2988] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.402660][ T2988] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.463876][ T1342] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.580124][ T6697] netlink: 8 bytes leftover after parsing attributes in process `syz.0.205'. [ 124.050405][ T1342] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.098587][ T6719] netlink: 'syz.1.210': attribute type 18 has an invalid length. [ 124.303992][ T1342] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.431387][ T6360] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 124.509700][ T5831] Bluetooth: hci4: command tx timeout [ 124.547140][ T1342] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.694968][ T6742] netlink: 24 bytes leftover after parsing attributes in process `syz.0.214'. [ 124.707610][ T6736] bond2: entered promiscuous mode [ 124.712706][ T6736] bond2: entered allmulticast mode [ 124.723888][ T6736] 8021q: adding VLAN 0 to HW filter on device bond2 [ 124.883209][ T6664] chnl_net:caif_netlink_parms(): no params data found [ 125.042891][ T6751] netlink: 24 bytes leftover after parsing attributes in process `syz.3.217'. [ 125.280327][ T6764] bridge0: port 3(vlan3) entered blocking state [ 125.286959][ T6764] bridge0: port 3(vlan3) entered disabled state [ 125.312108][ T6764] vlan3: entered allmulticast mode [ 125.388200][ T6764] vlan3: left allmulticast mode [ 125.472897][ T6760] bridge0: port 3(vlan3) entered blocking state [ 125.504645][ T6760] bridge0: port 3(vlan3) entered disabled state [ 125.511329][ T6760] vlan3: entered allmulticast mode [ 125.529551][ T6760] vlan3: left allmulticast mode [ 125.585228][ T1342] bridge_slave_1: left allmulticast mode [ 125.591619][ T1342] bridge_slave_1: left promiscuous mode [ 125.603818][ T1342] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.622318][ T1342] bridge_slave_0: left allmulticast mode [ 125.632141][ T1342] bridge_slave_0: left promiscuous mode [ 125.639353][ T1342] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.994912][ T1342] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 126.009561][ T1342] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 126.020504][ T1342] bond0 (unregistering): Released all slaves [ 126.071706][ T6783] (unnamed net_device) (uninitialized): option all_slaves_active: invalid value (132) [ 126.251911][ T6664] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.260366][ T6664] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.273042][ T6664] bridge_slave_0: entered allmulticast mode [ 126.283954][ T6664] bridge_slave_0: entered promiscuous mode [ 126.293995][ T6664] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.301697][ T6664] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.309342][ T6664] bridge_slave_1: entered allmulticast mode [ 126.319745][ T6664] bridge_slave_1: entered promiscuous mode [ 126.410048][ T6795] netlink: 8 bytes leftover after parsing attributes in process `syz.0.225'. [ 126.469835][ T6797] netlink: 'syz.1.226': attribute type 1 has an invalid length. [ 126.478047][ T6797] netlink: 244 bytes leftover after parsing attributes in process `syz.1.226'. [ 126.585007][ T5831] Bluetooth: hci4: command tx timeout [ 126.619007][ T6664] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 126.679640][ T6360] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 126.743520][ T6664] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 127.142338][ T6824] IPVS: ip_vs_edit_dest(): server weight less than zero [ 127.149781][ T1211] IPVS: starting estimator thread 0... [ 127.163106][ T6664] team0: Port device team_slave_0 added [ 127.198025][ T6664] team0: Port device team_slave_1 added [ 127.264864][ T6826] IPVS: using max 24 ests per chain, 57600 per kthread [ 127.363416][ T1342] hsr_slave_0: left promiscuous mode [ 127.397556][ T1342] hsr_slave_1: left promiscuous mode [ 127.415873][ T1342] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 127.433664][ T1342] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 127.449900][ T1342] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 127.465911][ T1342] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 127.508658][ T1342] veth1_macvtap: left promiscuous mode [ 127.521070][ T1342] veth0_macvtap: left promiscuous mode [ 127.547309][ T1342] veth1_vlan: left promiscuous mode [ 127.562724][ T1342] veth0_vlan: left promiscuous mode [ 128.639357][ T1342] team0 (unregistering): Port device team_slave_1 removed [ 128.665006][ T5831] Bluetooth: hci4: command tx timeout [ 128.733771][ T1342] team0 (unregistering): Port device team_slave_0 removed [ 129.632585][ T6664] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 129.692399][ T6664] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.815212][ T6664] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 129.833049][ T6896] netlink: 'syz.1.236': attribute type 11 has an invalid length. [ 129.883542][ T6664] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 129.896003][ T6664] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.947587][ T6664] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 130.397787][ T6664] hsr_slave_0: entered promiscuous mode [ 130.409234][ T6664] hsr_slave_1: entered promiscuous mode [ 130.419147][ T6664] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 130.436070][ T6664] Cannot create hsr debugfs directory [ 130.744964][ T5831] Bluetooth: hci4: command tx timeout [ 131.052450][ T6360] veth0_vlan: entered promiscuous mode [ 131.231087][ T6360] veth1_vlan: entered promiscuous mode [ 131.378173][ T30] audit: type=1107 audit(1748876024.898:3): pid=6945 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 131.452222][ T6360] veth0_macvtap: entered promiscuous mode [ 131.647668][ T6360] veth1_macvtap: entered promiscuous mode [ 131.703742][ T6952] netlink: 12 bytes leftover after parsing attributes in process `syz.1.246'. [ 131.805843][ T6360] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 131.974230][ T6360] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 132.137840][ T6360] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.178262][ T6360] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.204570][ T6360] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.213340][ T6360] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.822543][ T1155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.849300][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.851893][ T1155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.001725][ T6664] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 133.053117][ T1332] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.065288][ T1332] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.085425][ T6664] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 133.102518][ T6664] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 133.156840][ T6664] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 133.606965][ T1155] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.652188][ T7019] netlink: 52 bytes leftover after parsing attributes in process `syz.1.260'. [ 133.691306][ T6664] 8021q: adding VLAN 0 to HW filter on device bond0 [ 133.800681][ T1155] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.873564][ T6664] 8021q: adding VLAN 0 to HW filter on device team0 [ 133.928269][ T1155] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.008076][ T7027] netlink: 'syz.1.262': attribute type 1 has an invalid length. [ 134.027201][ T2988] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.034465][ T2988] bridge0: port 1(bridge_slave_0) entered forwarding state [ 134.052125][ T7027] netlink: 232 bytes leftover after parsing attributes in process `syz.1.262'. [ 134.085703][ T7027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.262'. [ 134.177413][ T1155] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.337854][ T7037] netlink: 4 bytes leftover after parsing attributes in process `syz.0.261'. [ 134.592182][ T7039] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 134.605426][ T1342] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.612730][ T1342] bridge0: port 2(bridge_slave_1) entered forwarding state [ 134.618748][ T7039] netlink: 20 bytes leftover after parsing attributes in process `syz.1.265'. [ 134.669211][ T52] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 134.679288][ T52] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 134.688636][ T52] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 134.701178][ T52] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 134.710591][ T52] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 134.829354][ T7047] netlink: 76 bytes leftover after parsing attributes in process `syz.3.266'. [ 134.854497][ T7047] nbd: illegal input index -8454144 [ 134.935714][ T7049] netlink: 'syz.1.267': attribute type 39 has an invalid length. [ 134.953994][ T7048] netlink: 'syz.1.267': attribute type 39 has an invalid length. [ 135.409704][ T1155] bridge_slave_1: left allmulticast mode [ 135.427353][ T1155] bridge_slave_1: left promiscuous mode [ 135.433211][ T1155] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.478383][ T1155] bridge_slave_0: left allmulticast mode [ 135.484098][ T1155] bridge_slave_0: left promiscuous mode [ 135.516578][ T1155] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.923888][ T1155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 135.940962][ T1155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 135.953035][ T1155] bond0 (unregistering): Released all slaves [ 136.380920][ T7093] netlink: 180 bytes leftover after parsing attributes in process `syz.0.278'. [ 136.570991][ T7099] netlink: 12 bytes leftover after parsing attributes in process `syz.1.279'. [ 136.685004][ T7105] netlink: 52 bytes leftover after parsing attributes in process `syz.1.279'. [ 136.744802][ T52] Bluetooth: hci1: command tx timeout [ 136.748112][ T7105] netlink: 12 bytes leftover after parsing attributes in process `syz.1.279'. [ 136.760082][ T7040] chnl_net:caif_netlink_parms(): no params data found [ 136.785488][ T7105] netlink: 8 bytes leftover after parsing attributes in process `syz.1.279'. [ 136.891857][ T6664] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 137.033503][ T1155] hsr_slave_0: left promiscuous mode [ 137.042861][ T1155] hsr_slave_1: left promiscuous mode [ 137.049261][ T1155] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 137.059002][ T1155] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 137.069159][ T7120] netlink: 8 bytes leftover after parsing attributes in process `syz.0.285'. [ 137.081460][ T1155] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 137.090260][ T1155] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 137.124861][ T1155] veth1_macvtap: left promiscuous mode [ 137.130474][ T1155] veth0_macvtap: left promiscuous mode [ 137.137569][ T1155] veth1_vlan: left promiscuous mode [ 137.142961][ T1155] veth0_vlan: left promiscuous mode [ 137.571949][ T1155] team0 (unregistering): Port device team_slave_1 removed [ 137.608397][ T1155] team0 (unregistering): Port device team_slave_0 removed [ 138.046629][ T7127] netlink: 44 bytes leftover after parsing attributes in process `syz.1.286'. [ 138.055889][ T7127] netlink: 43 bytes leftover after parsing attributes in process `syz.1.286'. [ 138.065223][ T7127] netlink: 'syz.1.286': attribute type 6 has an invalid length. [ 138.077911][ T7127] netlink: 'syz.1.286': attribute type 5 has an invalid length. [ 138.086018][ T7127] netlink: 43 bytes leftover after parsing attributes in process `syz.1.286'. [ 138.110053][ T7127] netlink: 12 bytes leftover after parsing attributes in process `syz.1.286'. [ 138.326447][ T7040] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.333615][ T7040] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.355394][ T7040] bridge_slave_0: entered allmulticast mode [ 138.372808][ T7040] bridge_slave_0: entered promiscuous mode [ 138.380424][ T7137] IPVS: ip_vs_edit_dest(): server weight less than zero [ 138.411836][ T7136] netlink: 8 bytes leftover after parsing attributes in process `syz.1.290'. [ 138.421123][ T7040] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.436630][ T7040] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.438574][ T5886] hid-generic 0005:16BF:0006.0001: unknown main item tag 0x0 [ 138.461358][ T7040] bridge_slave_1: entered allmulticast mode [ 138.496159][ T7040] bridge_slave_1: entered promiscuous mode [ 138.503601][ T5886] hid-generic 0005:16BF:0006.0001: hidraw0: BLUETOOTH HID vc3.b8 Device [syz1] on aa:aa:aa:aa:aa:aa [ 138.677199][ T7040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 138.719527][ T7040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 138.746589][ T7149] netlink: 'syz.1.292': attribute type 11 has an invalid length. [ 138.784665][ T7149] netlink: 20 bytes leftover after parsing attributes in process `syz.1.292'. [ 138.833119][ T7142] fido_id[7142]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci1/hci1:200/report_descriptor': No such file or directory [ 138.834445][ T52] Bluetooth: hci1: command tx timeout [ 138.883682][ T7153] netlink: 100 bytes leftover after parsing attributes in process `syz.3.293'. [ 138.933785][ T6664] veth0_vlan: entered promiscuous mode [ 138.952037][ T7155] netlink: 'syz.0.294': attribute type 21 has an invalid length. [ 139.048828][ T7040] team0: Port device team_slave_0 added [ 139.080441][ T7040] team0: Port device team_slave_1 added [ 139.260746][ T7166] xt_l2tp: missing protocol rule (udp|l2tpip) [ 139.272641][ T7040] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 139.280150][ T7040] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.394402][ T7040] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 139.457413][ T7040] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 139.479398][ T7040] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.532191][ T7040] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 139.579060][ T6664] veth1_vlan: entered promiscuous mode [ 139.798381][ T7040] hsr_slave_0: entered promiscuous mode [ 139.809692][ T7040] hsr_slave_1: entered promiscuous mode [ 139.818257][ T7040] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 139.829928][ T7188] netlink: 'syz.1.303': attribute type 21 has an invalid length. [ 139.831686][ T7040] Cannot create hsr debugfs directory [ 140.071235][ T6664] veth0_macvtap: entered promiscuous mode [ 140.179445][ T6664] veth1_macvtap: entered promiscuous mode [ 140.279805][ T6664] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 140.406157][ T6664] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 140.581017][ T6664] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.609441][ T6664] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.623010][ T6664] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.656856][ T6664] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.667424][ T7211] trusted_key: syz.3.307 sent an empty control message without MSG_MORE. [ 140.904659][ T52] Bluetooth: hci1: command tx timeout [ 141.305457][ T2988] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 141.313337][ T2988] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 141.515485][ T1155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 141.523375][ T1155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 141.769184][ T7040] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 141.849277][ T7040] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 141.913728][ T7040] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 141.956327][ T7040] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 142.147900][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.340453][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.446867][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.555261][ T7273] netlink: 'syz.1.322': attribute type 24 has an invalid length. [ 142.585562][ T7273] __nla_validate_parse: 1 callbacks suppressed [ 142.585580][ T7273] netlink: 20 bytes leftover after parsing attributes in process `syz.1.322'. [ 142.667153][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.730801][ T7277] netlink: 100 bytes leftover after parsing attributes in process `syz.0.321'. [ 142.783224][ T7277] netlink: 'syz.0.321': attribute type 1 has an invalid length. [ 142.808292][ T7040] 8021q: adding VLAN 0 to HW filter on device bond0 [ 142.823063][ T7277] netlink: 228 bytes leftover after parsing attributes in process `syz.0.321'. [ 142.968916][ T7040] 8021q: adding VLAN 0 to HW filter on device team0 [ 142.984631][ T52] Bluetooth: hci1: command tx timeout [ 143.050907][ T1155] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.058135][ T1155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 143.183425][ T1155] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.190667][ T1155] bridge0: port 2(bridge_slave_1) entered forwarding state [ 143.523582][ T5831] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 143.540271][ T5831] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 143.551695][ T5831] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 143.559894][ T5831] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 143.568348][ T5831] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 143.650987][ T12] bridge_slave_1: left allmulticast mode [ 143.679129][ T12] bridge_slave_1: left promiscuous mode [ 143.685495][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.743939][ T12] bridge_slave_0: left allmulticast mode [ 143.754444][ T12] bridge_slave_0: left promiscuous mode [ 143.760311][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.086231][ T7335] netlink: 12 bytes leftover after parsing attributes in process `syz.3.336'. [ 144.368947][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 144.381059][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 144.393125][ T12] bond0 (unregistering): Released all slaves [ 145.266723][ T7363] syzkaller0: entered promiscuous mode [ 145.272618][ T7363] syzkaller0: entered allmulticast mode [ 145.292479][ T7378] netlink: 'syz.1.339': attribute type 3 has an invalid length. [ 145.309883][ T7378] netlink: 666 bytes leftover after parsing attributes in process `syz.1.339'. [ 145.353834][ T7381] gtp0: entered promiscuous mode [ 145.509876][ T7388] mac80211_hwsim hwsim3 wlan0: entered promiscuous mode [ 145.522078][ T7388] macsec2: entered allmulticast mode [ 145.537839][ T7388] mac80211_hwsim hwsim3 wlan0: entered allmulticast mode [ 145.570024][ T7388] mac80211_hwsim hwsim3 wlan0: left allmulticast mode [ 145.580499][ T7388] mac80211_hwsim hwsim3 wlan0: left promiscuous mode [ 145.635121][ T5831] Bluetooth: hci4: command tx timeout [ 145.805370][ T12] hsr_slave_0: left promiscuous mode [ 145.821179][ T12] hsr_slave_1: left promiscuous mode [ 145.832429][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 145.841002][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 145.856684][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 145.876601][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 145.901662][ T12] veth1_macvtap: left promiscuous mode [ 145.910203][ T12] veth0_macvtap: left promiscuous mode [ 145.916440][ T12] veth1_vlan: left promiscuous mode [ 145.921917][ T12] veth0_vlan: left promiscuous mode [ 146.701048][ T12] team0 (unregistering): Port device team_slave_1 removed [ 146.761017][ T12] team0 (unregistering): Port device team_slave_0 removed [ 147.304046][ T7403] pimreg: entered allmulticast mode [ 147.310253][ T7405] pimreg: left allmulticast mode [ 147.389160][ T7040] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 147.399909][ T7310] chnl_net:caif_netlink_parms(): no params data found [ 147.666133][ T7439] netlink: 8 bytes leftover after parsing attributes in process `syz.3.349'. [ 147.717076][ T5831] Bluetooth: hci4: command tx timeout [ 147.746284][ T7448] netlink: 24 bytes leftover after parsing attributes in process `syz.3.349'. [ 147.988919][ T7310] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.016918][ T7310] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.048313][ T7310] bridge_slave_0: entered allmulticast mode [ 148.060213][ T7310] bridge_slave_0: entered promiscuous mode [ 148.120321][ T7310] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.144650][ T7310] bridge0: port 2(bridge_slave_1) entered disabled state [ 148.156996][ T7310] bridge_slave_1: entered allmulticast mode [ 148.178839][ T7310] bridge_slave_1: entered promiscuous mode [ 148.434573][ T7310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 148.527327][ T7310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 148.579694][ T7484] FAULT_INJECTION: forcing a failure. [ 148.579694][ T7484] name failslab, interval 1, probability 0, space 0, times 1 [ 148.637444][ T7484] CPU: 0 UID: 0 PID: 7484 Comm: syz.3.358 Not tainted 6.15.0-syzkaller-07803-g3382a1ed7f77 #0 PREEMPT(full) [ 148.637472][ T7484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 148.637485][ T7484] Call Trace: [ 148.637493][ T7484] [ 148.637502][ T7484] dump_stack_lvl+0x189/0x250 [ 148.637541][ T7484] ? __pfx____ratelimit+0x10/0x10 [ 148.637568][ T7484] ? __pfx_dump_stack_lvl+0x10/0x10 [ 148.637599][ T7484] ? __pfx__printk+0x10/0x10 [ 148.637628][ T7484] ? __pfx___might_resched+0x10/0x10 [ 148.637663][ T7484] should_fail_ex+0x414/0x560 [ 148.637695][ T7484] should_failslab+0xa8/0x100 [ 148.637729][ T7484] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 148.637786][ T7484] ? __alloc_skb+0x112/0x2d0 [ 148.637822][ T7484] __alloc_skb+0x112/0x2d0 [ 148.637857][ T7484] tcp_stream_alloc_skb+0x3d/0x340 [ 148.637891][ T7484] tcp_sendmsg_locked+0x1fa8/0x56f0 [ 148.637921][ T7484] ? aa_label_sk_perm+0x413/0x560 [ 148.638003][ T7484] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 148.638029][ T7484] ? __local_bh_enable_ip+0x12d/0x1c0 [ 148.638062][ T7484] ? __local_bh_enable_ip+0x12d/0x1c0 [ 148.638103][ T7484] tcp_sendmsg+0x2f/0x50 [ 148.638130][ T7484] __sock_sendmsg+0xe5/0x270 [ 148.638158][ T7484] ____sys_sendmsg+0x505/0x830 [ 148.638184][ T7484] ? __pfx_____sys_sendmsg+0x10/0x10 [ 148.638215][ T7484] ? import_iovec+0x74/0xa0 [ 148.638239][ T7484] ___sys_sendmsg+0x21f/0x2a0 [ 148.638261][ T7484] ? __pfx____sys_sendmsg+0x10/0x10 [ 148.638323][ T7484] ? __fget_files+0x2a/0x420 [ 148.638352][ T7484] ? __fget_files+0x3a0/0x420 [ 148.638394][ T7484] __x64_sys_sendmsg+0x19b/0x260 [ 148.638418][ T7484] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 148.638448][ T7484] ? __pfx_ksys_write+0x10/0x10 [ 148.638473][ T7484] ? rcu_is_watching+0x15/0xb0 [ 148.638508][ T7484] ? do_syscall_64+0xbe/0x3b0 [ 148.638538][ T7484] do_syscall_64+0xfa/0x3b0 [ 148.638563][ T7484] ? lockdep_hardirqs_on+0x9c/0x150 [ 148.638586][ T7484] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.638606][ T7484] ? clear_bhb_loop+0x60/0xb0 [ 148.638632][ T7484] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 148.638651][ T7484] RIP: 0033:0x7f51b858e969 [ 148.638669][ T7484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 148.638686][ T7484] RSP: 002b:00007f51b9381038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 148.638707][ T7484] RAX: ffffffffffffffda RBX: 00007f51b87b5fa0 RCX: 00007f51b858e969 [ 148.638722][ T7484] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 148.638735][ T7484] RBP: 00007f51b9381090 R08: 0000000000000000 R09: 0000000000000000 [ 148.638755][ T7484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 148.638766][ T7484] R13: 0000000000000000 R14: 00007f51b87b5fa0 R15: 00007ffcfab32ad8 [ 148.638799][ T7484] [ 149.232630][ T7502] netlink: 'syz.3.360': attribute type 1 has an invalid length. [ 149.246793][ T7502] netlink: 'syz.3.360': attribute type 2 has an invalid length. [ 149.254572][ T7502] netlink: 'syz.3.360': attribute type 2 has an invalid length. [ 149.735663][ T7310] team0: Port device team_slave_0 added [ 149.766689][ T7485] syzkaller1: entered promiscuous mode [ 149.772301][ T7485] syzkaller1: entered allmulticast mode [ 149.786917][ T5831] Bluetooth: hci4: command tx timeout [ 150.039950][ T7509] netlink: 'syz.1.362': attribute type 1 has an invalid length. [ 150.071997][ T7310] team0: Port device team_slave_1 added [ 150.206124][ T7511] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 150.217225][ T7511] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 150.231968][ T7511] bond1: (slave vcan1): making interface the new active one [ 150.241265][ T7511] bond1: (slave vcan1): Enslaving as an active interface with an up link [ 150.241608][ T7518] netlink: 8 bytes leftover after parsing attributes in process `syz.0.363'. [ 150.395232][ T7310] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 150.414847][ T7310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 150.447898][ T7310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 150.569523][ T7040] veth0_vlan: entered promiscuous mode [ 150.589563][ T7522] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 150.675093][ T7310] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 150.700527][ T7310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 150.803972][ T7310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 150.839708][ T7525] IPv6: sit1: Disabled Multicast RS [ 151.040818][ T7310] hsr_slave_0: entered promiscuous mode [ 151.066022][ T7310] hsr_slave_1: entered promiscuous mode [ 151.092953][ T7310] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 151.122523][ T7310] Cannot create hsr debugfs directory [ 151.143501][ T7040] veth1_vlan: entered promiscuous mode [ 151.841727][ T7040] veth0_macvtap: entered promiscuous mode [ 151.866253][ T52] Bluetooth: hci4: command tx timeout [ 152.061644][ T7583] netem: incorrect ge model size [ 152.080764][ T7583] netem: change failed [ 152.139474][ T7040] veth1_macvtap: entered promiscuous mode [ 152.292370][ T7592] netlink: 4 bytes leftover after parsing attributes in process `syz.3.378'. [ 152.312411][ T7040] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 152.344516][ T52] Bluetooth: hci0: command 0x0c1a tx timeout [ 152.348167][ T5831] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 152.419025][ T7040] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 152.498463][ T7597] netlink: 12 bytes leftover after parsing attributes in process `syz.3.378'. [ 152.520359][ T7597] netlink: 'syz.3.378': attribute type 7 has an invalid length. [ 152.531044][ T7040] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.545569][ T7040] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.550607][ T7597] netlink: 8 bytes leftover after parsing attributes in process `syz.3.378'. [ 152.565585][ T7040] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.575248][ T7040] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.609474][ T7602] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 152.863303][ T7604] netlink: 12 bytes leftover after parsing attributes in process `syz.3.381'. [ 152.878653][ T1332] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 152.911171][ T1332] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 152.932049][ T7611] FAULT_INJECTION: forcing a failure. [ 152.932049][ T7611] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 152.963257][ T7611] CPU: 1 UID: 0 PID: 7611 Comm: syz.1.383 Not tainted 6.15.0-syzkaller-07803-g3382a1ed7f77 #0 PREEMPT(full) [ 152.963287][ T7611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 152.963307][ T7611] Call Trace: [ 152.963315][ T7611] [ 152.963324][ T7611] dump_stack_lvl+0x189/0x250 [ 152.963361][ T7611] ? __pfx____ratelimit+0x10/0x10 [ 152.963387][ T7611] ? __pfx_dump_stack_lvl+0x10/0x10 [ 152.963418][ T7611] ? __pfx__printk+0x10/0x10 [ 152.963439][ T7611] ? __might_fault+0xb0/0x130 [ 152.963480][ T7611] should_fail_ex+0x414/0x560 [ 152.963513][ T7611] _copy_from_user+0x2d/0xb0 [ 152.963534][ T7611] ___sys_sendmsg+0x158/0x2a0 [ 152.963558][ T7611] ? __pfx____sys_sendmsg+0x10/0x10 [ 152.963619][ T7611] ? __fget_files+0x2a/0x420 [ 152.963649][ T7611] ? __fget_files+0x3a0/0x420 [ 152.963689][ T7611] __x64_sys_sendmsg+0x19b/0x260 [ 152.963713][ T7611] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 152.963744][ T7611] ? __pfx_ksys_write+0x10/0x10 [ 152.963777][ T7611] ? do_syscall_64+0xbe/0x3b0 [ 152.963806][ T7611] do_syscall_64+0xfa/0x3b0 [ 152.963829][ T7611] ? lockdep_hardirqs_on+0x9c/0x150 [ 152.963854][ T7611] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.963874][ T7611] ? clear_bhb_loop+0x60/0xb0 [ 152.963899][ T7611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.963919][ T7611] RIP: 0033:0x7fe3d878e969 [ 152.963938][ T7611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.963955][ T7611] RSP: 002b:00007fe3d96cc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 152.963977][ T7611] RAX: ffffffffffffffda RBX: 00007fe3d89b5fa0 RCX: 00007fe3d878e969 [ 152.963991][ T7611] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 152.964004][ T7611] RBP: 00007fe3d96cc090 R08: 0000000000000000 R09: 0000000000000000 [ 152.964016][ T7611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 152.964027][ T7611] R13: 0000000000000000 R14: 00007fe3d89b5fa0 R15: 00007ffec0e25238 [ 152.964059][ T7611] [ 153.173802][ T7595] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 153.382903][ T7310] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 153.400025][ T7310] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 153.449034][ T2988] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 153.458872][ T7310] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 153.465865][ T2988] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 153.490858][ T7310] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 153.540642][ T7627] netlink: 27 bytes leftover after parsing attributes in process `syz.1.387'. [ 153.584101][ T7622] IPv6: sit2: Disabled Multicast RS [ 153.592182][ T7622] sit2: entered allmulticast mode [ 153.678958][ T7625] IPv6: sit2: Disabled Multicast RS [ 153.687735][ T7625] sit2: entered allmulticast mode [ 153.776342][ T7627] IPv6: sit2: Disabled Multicast RS [ 153.787910][ T7627] sit2: entered allmulticast mode [ 153.811240][ T7629] netlink: 'syz.3.388': attribute type 12 has an invalid length. [ 153.819280][ T7629] netlink: 132 bytes leftover after parsing attributes in process `syz.3.388'. [ 154.050261][ T7643] netlink: 108 bytes leftover after parsing attributes in process `syz.1.390'. [ 154.104204][ T1155] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.310711][ T7310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 154.424975][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 154.472205][ T1155] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.591909][ T7310] 8021q: adding VLAN 0 to HW filter on device team0 [ 154.679257][ T1155] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.793015][ T1332] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.800317][ T1332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.848260][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.855526][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.015370][ T7669] netlink: 40 bytes leftover after parsing attributes in process `syz.3.394'. [ 155.126463][ T1155] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.259686][ T7678] wlan1 speed is unknown, defaulting to 1000 [ 155.270877][ T7678] wlan1 speed is unknown, defaulting to 1000 [ 155.319795][ T7678] wlan1 speed is unknown, defaulting to 1000 [ 155.404172][ T7310] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 155.453910][ T52] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 155.462993][ T52] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 155.471684][ T52] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 155.479840][ T7310] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 155.491262][ T52] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 155.505848][ T52] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 155.910895][ T1155] bridge_slave_1: left allmulticast mode [ 155.934472][ T1155] bridge_slave_1: left promiscuous mode [ 155.952858][ T1155] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.977973][ T1155] bridge_slave_0: left allmulticast mode [ 155.990125][ T1155] bridge_slave_0: left promiscuous mode [ 156.001286][ T1155] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.357484][ T1155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 156.369597][ T1155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 156.380363][ T1155] bond0 (unregistering): Released all slaves [ 156.418442][ T7678] infiniband syz2: set down [ 156.423164][ T7678] infiniband syz2: added wlan1 [ 156.450640][ T7678] syz2: rxe_create_cq: returned err = -12 [ 156.457245][ T7678] infiniband syz2: Couldn't create ib_mad CQ [ 156.464099][ T7678] infiniband syz2: Couldn't open port 1 [ 156.490062][ T5886] wlan1 speed is unknown, defaulting to 1000 [ 156.571755][ T7678] RDS/IB: syz2: added [ 156.586567][ T7678] smc: adding ib device syz2 with port count 1 [ 156.593280][ T7678] smc: ib device syz2 port 1 has pnetid [ 156.667074][ T5886] wlan1 speed is unknown, defaulting to 1000 [ 156.685991][ T7678] wlan1 speed is unknown, defaulting to 1000 [ 156.690450][ T7715] sch_tbf: burst 0 is lower than device lo mtu (80) ! [ 156.765166][ T7310] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.285551][ T7738] netlink: 'syz.3.405': attribute type 1 has an invalid length. [ 157.479699][ T7738] 8021q: adding VLAN 0 to HW filter on device bond1 [ 157.539826][ T7741] bond1: (slave veth0_to_bond): making interface the new active one [ 157.555585][ T5831] Bluetooth: hci1: command tx timeout [ 157.563537][ T7741] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 157.618814][ T7685] chnl_net:caif_netlink_parms(): no params data found [ 157.671368][ T7745] vlan2: entered allmulticast mode [ 157.676675][ T7745] veth1: entered allmulticast mode [ 157.683482][ T7745] veth1: entered promiscuous mode [ 157.689587][ T7745] veth1: left promiscuous mode [ 157.697484][ T7745] bond1: (slave vlan2): Enslaving as an active interface with an up link [ 157.721606][ T7678] wlan1 speed is unknown, defaulting to 1000 [ 157.853428][ T7310] veth0_vlan: entered promiscuous mode [ 157.959946][ T7310] veth1_vlan: entered promiscuous mode [ 158.275472][ T7685] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.282735][ T7685] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.291554][ T7685] bridge_slave_0: entered allmulticast mode [ 158.300989][ T7685] bridge_slave_0: entered promiscuous mode [ 158.316954][ T7678] wlan1 speed is unknown, defaulting to 1000 [ 158.319155][ T7685] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.330907][ T7685] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.339379][ T7685] bridge_slave_1: entered allmulticast mode [ 158.347754][ T7685] bridge_slave_1: entered promiscuous mode [ 158.604512][ T7685] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 158.639731][ T7310] veth0_macvtap: entered promiscuous mode [ 158.669251][ T7685] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 158.787988][ T7781] syzkaller0: entered promiscuous mode [ 158.799072][ T7781] syzkaller0: entered allmulticast mode [ 158.829100][ T7685] team0: Port device team_slave_0 added [ 158.879107][ T7685] team0: Port device team_slave_1 added [ 158.910095][ T7310] veth1_macvtap: entered promiscuous mode [ 159.155000][ T7678] wlan1 speed is unknown, defaulting to 1000 [ 159.162044][ T7685] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 159.192555][ T7685] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 159.279324][ T7685] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 159.336757][ T7685] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 159.343760][ T7685] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 159.434643][ T7685] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 159.624862][ T5831] Bluetooth: hci1: command tx timeout [ 159.625107][ T7310] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 159.675518][ T7310] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 159.802319][ T7808] netlink: 788 bytes leftover after parsing attributes in process `syz.3.416'. [ 159.839466][ T7685] hsr_slave_0: entered promiscuous mode [ 159.846817][ T7685] hsr_slave_1: entered promiscuous mode [ 159.853507][ T7685] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 159.861796][ T7685] Cannot create hsr debugfs directory [ 159.912043][ T7310] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.922099][ T7310] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.931239][ T7310] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.943244][ T7310] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.005436][ T7678] wlan1 speed is unknown, defaulting to 1000 [ 160.271606][ T7816] Cannot find set identified by id 0 to match [ 160.380439][ T2988] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 160.411099][ T2988] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.632253][ T7826] netlink: 'syz.0.421': attribute type 39 has an invalid length. [ 160.662448][ T7823] netlink: 40 bytes leftover after parsing attributes in process `syz.3.420'. [ 160.752809][ T1332] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 160.785858][ T1332] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 160.914102][ T7826] netlink: 40 bytes leftover after parsing attributes in process `syz.0.421'. [ 161.083313][ T7678] wlan1 speed is unknown, defaulting to 1000 [ 161.352105][ T7850] netlink: 12 bytes leftover after parsing attributes in process `syz.3.424'. [ 161.388721][ T7850] netlink: 24 bytes leftover after parsing attributes in process `syz.3.424'. [ 161.569591][ T7854] netlink: 4 bytes leftover after parsing attributes in process `syz.0.426'. [ 161.673534][ T7854] vcan1: entered promiscuous mode [ 161.709320][ T5831] Bluetooth: hci1: command tx timeout [ 161.982613][ T7685] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 162.027016][ T7685] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 162.051635][ T7685] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 162.112375][ T7685] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 162.361933][ T1155] hsr_slave_0: left promiscuous mode [ 162.389193][ T1155] hsr_slave_1: left promiscuous mode [ 162.405508][ T1155] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 162.425989][ T1155] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 162.455344][ T1155] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 162.462888][ T1155] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 162.531263][ T1155] veth1_macvtap: left promiscuous mode [ 162.574516][ T1155] veth0_macvtap: left promiscuous mode [ 162.580371][ T1155] veth1_vlan: left promiscuous mode [ 162.624825][ T1155] veth0_vlan: left promiscuous mode [ 163.048202][ T52] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 163.063101][ T52] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 163.081975][ T52] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 163.091744][ T52] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 163.100451][ T52] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 163.770826][ T1155] team0 (unregistering): Port device team_slave_1 removed [ 163.796148][ T52] Bluetooth: hci1: command tx timeout [ 163.880739][ T1155] team0 (unregistering): Port device team_slave_0 removed [ 164.538325][ T7910] pim6reg: entered allmulticast mode [ 164.655920][ T7934] netlink: 16 bytes leftover after parsing attributes in process `syz.1.434'. [ 164.757970][ T7897] wlan1 speed is unknown, defaulting to 1000 [ 164.850893][ T7685] 8021q: adding VLAN 0 to HW filter on device bond0 [ 164.980817][ T7685] 8021q: adding VLAN 0 to HW filter on device team0 [ 165.032978][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.040236][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 165.100150][ T1332] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.107435][ T1332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 165.151811][ T52] Bluetooth: hci4: command tx timeout [ 165.198776][ T7949] netlink: 4 bytes leftover after parsing attributes in process `syz.1.438'. [ 165.232423][ T7685] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 165.290986][ T7949] vcan2: entered promiscuous mode [ 165.449064][ T1155] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.586535][ T7955] netlink: 20 bytes leftover after parsing attributes in process `syz.1.439'. [ 165.628461][ T1155] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.696046][ T7957] veth0: entered promiscuous mode [ 165.770326][ T7959] netlink: 'syz.0.440': attribute type 11 has an invalid length. [ 165.771533][ T1155] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.779588][ T7959] netlink: 'syz.0.440': attribute type 11 has an invalid length. [ 165.798373][ T7959] netlink: 224 bytes leftover after parsing attributes in process `syz.0.440'. [ 165.823738][ T7954] veth0: left promiscuous mode [ 165.908249][ T1155] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 166.101593][ T7685] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 166.219755][ T7970] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 166.277581][ T7970] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 166.295784][ T7970] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 166.339523][ T7970] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 166.507194][ T7897] chnl_net:caif_netlink_parms(): no params data found [ 166.662890][ T7991] netlink: 44 bytes leftover after parsing attributes in process `syz.3.447'. [ 166.750336][ T7991] netlink: 43 bytes leftover after parsing attributes in process `syz.3.447'. [ 166.769514][ T7991] netlink: 'syz.3.447': attribute type 5 has an invalid length. [ 166.784397][ T7991] netlink: 43 bytes leftover after parsing attributes in process `syz.3.447'. [ 166.862954][ T7999] FAULT_INJECTION: forcing a failure. [ 166.862954][ T7999] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 166.922793][ T7999] CPU: 1 UID: 0 PID: 7999 Comm: syz.0.448 Not tainted 6.15.0-syzkaller-07803-g3382a1ed7f77 #0 PREEMPT(full) [ 166.922823][ T7999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 166.922836][ T7999] Call Trace: [ 166.922845][ T7999] [ 166.922854][ T7999] dump_stack_lvl+0x189/0x250 [ 166.922893][ T7999] ? __pfx____ratelimit+0x10/0x10 [ 166.922919][ T7999] ? __pfx_dump_stack_lvl+0x10/0x10 [ 166.922952][ T7999] ? __pfx__printk+0x10/0x10 [ 166.922990][ T7999] should_fail_ex+0x414/0x560 [ 166.923024][ T7999] _copy_to_user+0x31/0xb0 [ 166.923048][ T7999] simple_read_from_buffer+0xe1/0x170 [ 166.923085][ T7999] proc_fail_nth_read+0x1df/0x250 [ 166.923110][ T7999] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 166.923135][ T7999] ? rw_verify_area+0x258/0x650 [ 166.923161][ T7999] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 166.923183][ T7999] vfs_read+0x200/0x980 [ 166.923215][ T7999] ? __pfx___mutex_lock+0x10/0x10 [ 166.923243][ T7999] ? __pfx_vfs_read+0x10/0x10 [ 166.923278][ T7999] ? __fget_files+0x2a/0x420 [ 166.923314][ T7999] ? __fget_files+0x3a0/0x420 [ 166.923345][ T7999] ? __fget_files+0x2a/0x420 [ 166.923399][ T7999] ksys_read+0x145/0x250 [ 166.923428][ T7999] ? __pfx_ksys_read+0x10/0x10 [ 166.923452][ T7999] ? rcu_is_watching+0x15/0xb0 [ 166.923487][ T7999] ? do_syscall_64+0xbe/0x3b0 [ 166.923518][ T7999] do_syscall_64+0xfa/0x3b0 [ 166.923542][ T7999] ? lockdep_hardirqs_on+0x9c/0x150 [ 166.923566][ T7999] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.923586][ T7999] ? clear_bhb_loop+0x60/0xb0 [ 166.923612][ T7999] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.923631][ T7999] RIP: 0033:0x7f5262f8d37c [ 166.923649][ T7999] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 166.923666][ T7999] RSP: 002b:00007f5263e4e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 166.923688][ T7999] RAX: ffffffffffffffda RBX: 00007f52631b5fa0 RCX: 00007f5262f8d37c [ 166.923703][ T7999] RDX: 000000000000000f RSI: 00007f5263e4e0a0 RDI: 0000000000000004 [ 166.923715][ T7999] RBP: 00007f5263e4e090 R08: 0000000000000000 R09: 0000000000000000 [ 166.923727][ T7999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 166.923739][ T7999] R13: 0000000000000000 R14: 00007f52631b5fa0 R15: 00007ffd679d83e8 [ 166.923769][ T7999] [ 167.237977][ T52] Bluetooth: hci4: command tx timeout [ 167.350206][ T7897] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.357548][ T7897] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.370468][ T7897] bridge_slave_0: entered allmulticast mode [ 167.378668][ T7897] bridge_slave_0: entered promiscuous mode [ 167.435778][ T8017] netlink: 12 bytes leftover after parsing attributes in process `syz.1.452'. [ 167.448578][ T7897] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.463539][ T7897] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.485797][ T7897] bridge_slave_1: entered allmulticast mode [ 167.505040][ T7897] bridge_slave_1: entered promiscuous mode [ 167.692966][ T8018] tipc: Started in network mode [ 167.699605][ T8018] tipc: Node identity ea71cc32584a, cluster identity 4711 [ 167.720338][ T8030] sctp: [Deprecated]: syz.1.453 (pid 8030) Use of int in maxseg socket option. [ 167.720338][ T8030] Use struct sctp_assoc_value instead [ 167.739767][ T8018] tipc: Enabled bearer , priority 0 [ 167.749492][ T8024] syzkaller0: entered promiscuous mode [ 167.766004][ T8024] syzkaller0: entered allmulticast mode [ 167.812833][ T7897] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.855297][ T8029] tipc: Resetting bearer [ 167.913389][ T8029] tipc: Disabling bearer [ 167.981841][ T7897] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.996308][ T8034] netlink: 'syz.0.454': attribute type 29 has an invalid length. [ 168.023621][ T8036] netlink: 'syz.0.454': attribute type 29 has an invalid length. [ 168.058229][ T1155] bridge_slave_1: left allmulticast mode [ 168.069956][ T1155] bridge_slave_1: left promiscuous mode [ 168.080075][ T1155] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.112664][ T1155] bridge_slave_0: left allmulticast mode [ 168.145384][ T1155] bridge_slave_0: left promiscuous mode [ 168.151208][ T1155] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.648218][ T1155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 168.659418][ T1155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 168.670894][ T1155] bond0 (unregistering): Released all slaves [ 168.744967][ T8060] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 168.877549][ T7897] team0: Port device team_slave_0 added [ 168.885428][ T8064] 8021q: VLANs not supported on gre0 [ 168.911692][ T8066] netlink: 12 bytes leftover after parsing attributes in process `syz.0.463'. [ 168.929837][ T7897] team0: Port device team_slave_1 added [ 169.023259][ T7897] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 169.034067][ T8070] xt_time: unknown flags 0x4 [ 169.044851][ T7897] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.100915][ T7897] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 169.164506][ T8074] netlink: 72 bytes leftover after parsing attributes in process `syz.0.465'. [ 169.170665][ T7897] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 169.189303][ T7897] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.207379][ T8074] netlink: 256 bytes leftover after parsing attributes in process `syz.0.465'. [ 169.216366][ T7897] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.236222][ T8074] xt_NFQUEUE: number of total queues is 0 [ 169.304620][ T52] Bluetooth: hci4: command tx timeout [ 169.499420][ T7685] veth0_vlan: entered promiscuous mode [ 169.586577][ T7897] hsr_slave_0: entered promiscuous mode [ 169.619369][ T7897] hsr_slave_1: entered promiscuous mode [ 169.665028][ T7897] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 169.684162][ T7897] Cannot create hsr debugfs directory [ 169.703392][ T8088] (unnamed net_device) (uninitialized): option xmit_hash_policy: invalid value (64) [ 169.986672][ T8089] (unnamed net_device) (uninitialized): option xmit_hash_policy: invalid value (64) [ 170.067686][ T1155] hsr_slave_0: left promiscuous mode [ 170.089295][ T1155] hsr_slave_1: left promiscuous mode [ 170.115274][ T1155] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 170.123009][ T1155] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 170.140676][ T1155] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 170.153567][ T1155] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 170.215647][ T1155] veth1_macvtap: left promiscuous mode [ 170.221352][ T1155] veth0_macvtap: left promiscuous mode [ 170.231679][ T1155] veth1_vlan: left promiscuous mode [ 170.244696][ T1155] veth0_vlan: left promiscuous mode [ 170.759233][ T1155] team0 (unregistering): Port device team_slave_1 removed [ 170.799974][ T1155] team0 (unregistering): Port device team_slave_0 removed [ 171.184056][ T8106] netlink: 'syz.3.472': attribute type 4 has an invalid length. [ 171.196196][ T8107] syzkaller1: entered promiscuous mode [ 171.201797][ T8107] syzkaller1: entered allmulticast mode [ 171.231039][ T7685] veth1_vlan: entered promiscuous mode [ 171.273638][ T8087] wlan1 speed is unknown, defaulting to 1000 [ 171.387625][ T52] Bluetooth: hci4: command tx timeout [ 171.546873][ T7685] veth0_macvtap: entered promiscuous mode [ 171.548595][ T8119] __nla_validate_parse: 4 callbacks suppressed [ 171.548614][ T8119] netlink: 12 bytes leftover after parsing attributes in process `syz.0.474'. [ 171.592853][ T7685] veth1_macvtap: entered promiscuous mode [ 171.798644][ T7685] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 171.846740][ T7685] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 171.926887][ T7685] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.955236][ T7685] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.974864][ T7685] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 171.992020][ T7685] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.428907][ T8153] af_packet: tpacket_rcv: packet too big, clamped from 50 to 4294967286. macoff=82 [ 172.487918][ T8156] netlink: 16 bytes leftover after parsing attributes in process `syz.0.482'. [ 172.728495][ T8166] openvswitch: netlink: Key 6 has unexpected len 16 expected 2 [ 172.755732][ T8167] openvswitch: netlink: Key 6 has unexpected len 16 expected 2 [ 172.891100][ T8169] netlink: 84 bytes leftover after parsing attributes in process `syz.0.485'. [ 172.905538][ T8162] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 172.962261][ T1155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 172.972550][ T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 172.980940][ T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 172.983777][ T1155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 173.095736][ T8171] netlink: 12 bytes leftover after parsing attributes in process `syz.0.486'. [ 173.133290][ T7897] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 173.160826][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 173.178247][ T7897] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 173.186518][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 173.213262][ T7897] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 173.245172][ T7897] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 173.649562][ T8187] netlink: 'syz.3.491': attribute type 11 has an invalid length. [ 173.742414][ T79] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.890434][ T79] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.118326][ T79] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.173502][ T7897] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.218749][ T79] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.246197][ T7897] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.259578][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.266807][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.290646][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.297954][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.473803][ T79] bridge_slave_1: left allmulticast mode [ 174.483361][ T79] bridge_slave_1: left promiscuous mode [ 174.494598][ T79] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.509891][ T79] bridge_slave_0: left allmulticast mode [ 174.517634][ T79] bridge_slave_0: left promiscuous mode [ 174.523445][ T79] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.052998][ T5831] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 175.075804][ T5831] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 175.088535][ T5831] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 175.103122][ T5831] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 175.126107][ T5831] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 175.133768][ T79] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 175.159938][ T79] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 175.170286][ T79] bond0 (unregistering): Released all slaves [ 175.281412][ T8212] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.290102][ T8212] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.568408][ T8212] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.578705][ T8212] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.592240][ T8212] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.601654][ T8212] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.674760][ T8212] bond2: left promiscuous mode [ 175.679628][ T8212] bond2: left allmulticast mode [ 175.701551][ T8220] netlink: 'syz.1.493': attribute type 12 has an invalid length. [ 175.721810][ T8223] batman_adv: batadv0: Adding interface: gretap1 [ 175.739329][ T8223] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active [ 175.923568][ T8240] netlink: 'syz.3.496': attribute type 7 has an invalid length. [ 176.041091][ T8244] netlink: 12 bytes leftover after parsing attributes in process `syz.1.497'. [ 176.083342][ T7897] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 176.102763][ T8221] wlan1 speed is unknown, defaulting to 1000 [ 176.492312][ T8264] bridge_slave_1: left allmulticast mode [ 176.514210][ T8264] bridge_slave_1: left promiscuous mode [ 176.540022][ T8264] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.604577][ T8264] bridge_slave_0: left allmulticast mode [ 176.610699][ T8264] bridge_slave_0: left promiscuous mode [ 176.631881][ T8264] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.690691][ T8273] netlink: 'syz.1.504': attribute type 11 has an invalid length. [ 176.771687][ T8275] netlink: 'syz.3.505': attribute type 1 has an invalid length. [ 176.782898][ T8275] netlink: 220 bytes leftover after parsing attributes in process `syz.3.505'. [ 176.803835][ T8275] netlink: 'syz.3.505': attribute type 1 has an invalid length. [ 177.112225][ T7897] veth0_vlan: entered promiscuous mode [ 177.179014][ T8287] netlink: 'syz.1.509': attribute type 11 has an invalid length. [ 177.211399][ T8287] netlink: 224 bytes leftover after parsing attributes in process `syz.1.509'. [ 177.227793][ T52] Bluetooth: hci1: command tx timeout [ 177.312135][ T8292] netlink: 12 bytes leftover after parsing attributes in process `syz.3.510'. [ 177.374231][ T7897] veth1_vlan: entered promiscuous mode [ 177.543731][ T8297] netlink: 20 bytes leftover after parsing attributes in process `syz.3.512'. [ 177.605300][ T79] hsr_slave_0: left promiscuous mode [ 177.614079][ T79] hsr_slave_1: left promiscuous mode [ 177.640400][ T79] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 177.649961][ T79] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 177.660069][ T79] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 177.668040][ T79] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 177.713708][ T79] veth1_macvtap: left promiscuous mode [ 177.719878][ T79] veth0_macvtap: left promiscuous mode [ 177.726967][ T79] veth1_vlan: left promiscuous mode [ 177.733607][ T79] veth0_vlan: left promiscuous mode [ 177.807240][ T8312] netlink: 'syz.1.516': attribute type 11 has an invalid length. [ 178.261251][ T79] team0 (unregistering): Port device team_slave_1 removed [ 178.300735][ T79] team0 (unregistering): Port device team_slave_0 removed [ 178.693980][ T7897] veth0_macvtap: entered promiscuous mode [ 178.802521][ T7897] veth1_macvtap: entered promiscuous mode [ 178.927994][ T8323] netlink: 'syz.0.519': attribute type 11 has an invalid length. [ 178.957665][ T7897] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 178.997408][ T8329] netlink: 12 bytes leftover after parsing attributes in process `syz.3.522'. [ 179.086257][ T7897] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 179.100913][ T8331] netlink: 96 bytes leftover after parsing attributes in process `syz.1.523'. [ 179.124603][ T8331] 8021q: VLANs not supported on ip_vti0 [ 179.162328][ T7897] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.186936][ T7897] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.210472][ T7897] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.222007][ T7897] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.304878][ T52] Bluetooth: hci1: command tx timeout [ 179.313922][ T8221] chnl_net:caif_netlink_parms(): no params data found [ 179.497148][ T8346] netlink: 64138 bytes leftover after parsing attributes in process `syz.1.526'. [ 179.834450][ T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 179.842532][ T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 179.897054][ T8363] netlink: 4 bytes leftover after parsing attributes in process `syz.3.530'. [ 179.908967][ T8221] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.919770][ T8363] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 179.929406][ T8221] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.942834][ T8221] bridge_slave_0: entered allmulticast mode [ 179.959154][ T8221] bridge_slave_0: entered promiscuous mode [ 179.983093][ T8221] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.001728][ T8221] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.016833][ T8221] bridge_slave_1: entered allmulticast mode [ 180.033805][ T8221] bridge_slave_1: entered promiscuous mode [ 180.224577][ T8221] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 180.296811][ T8221] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 180.316210][ T1155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 180.327324][ T1155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 180.452827][ T8221] team0: Port device team_slave_0 added [ 180.471940][ T8221] team0: Port device team_slave_1 added [ 180.611252][ T8221] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 180.618601][ T8221] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.657152][ T8221] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 180.677872][ T8221] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 180.696515][ T8221] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.754957][ T8221] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 180.911201][ T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.129962][ T8221] hsr_slave_0: entered promiscuous mode [ 181.146548][ T8221] hsr_slave_1: entered promiscuous mode [ 181.156160][ T8221] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 181.173980][ T8221] Cannot create hsr debugfs directory [ 181.242863][ T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.377176][ T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.387629][ T52] Bluetooth: hci1: command tx timeout [ 181.482478][ T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.754695][ T13] bridge_slave_1: left allmulticast mode [ 181.760421][ T13] bridge_slave_1: left promiscuous mode [ 181.784526][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.815610][ T13] bridge_slave_0: left allmulticast mode [ 181.821320][ T13] bridge_slave_0: left promiscuous mode [ 181.855398][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.206964][ T5831] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 182.219964][ T5831] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 182.236637][ T5831] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 182.259076][ T5831] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 182.275897][ T5831] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 182.291276][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 182.309502][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 182.320125][ T13] bond0 (unregistering): Released all slaves [ 182.343746][ T8416] netlink: 'syz.1.540': attribute type 33 has an invalid length. [ 182.363271][ T8417] bridge0: port 3(vlan1) entered blocking state [ 182.377993][ T8417] bridge0: port 3(vlan1) entered disabled state [ 182.384725][ T8417] vlan1: entered allmulticast mode [ 182.415872][ T8417] vlan1: left allmulticast mode [ 182.713617][ T8433] x_tables: duplicate underflow at hook 3 [ 182.935411][ T8442] netlink: 128 bytes leftover after parsing attributes in process `syz.1.547'. [ 182.947305][ T8442] netlink: 128 bytes leftover after parsing attributes in process `syz.1.547'. [ 183.113952][ T8418] wlan1 speed is unknown, defaulting to 1000 [ 183.181256][ T8454] raw_sendmsg: syz.0.549 forgot to set AF_INET. Fix it! [ 183.337858][ T8221] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 183.359832][ T8463] netlink: 8 bytes leftover after parsing attributes in process `syz.3.552'. [ 183.421486][ T8221] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 183.465196][ T5831] Bluetooth: hci1: command tx timeout [ 183.538278][ T8221] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 183.609355][ T8221] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 183.985959][ T8221] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.190474][ T8497] netlink: 132 bytes leftover after parsing attributes in process `syz.0.557'. [ 184.225965][ T8500] netlink: 12 bytes leftover after parsing attributes in process `syz.3.559'. [ 184.343443][ T8221] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.350344][ T5831] Bluetooth: hci4: command tx timeout [ 184.571229][ T1342] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.578578][ T1342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.631989][ T8510] netlink: 8 bytes leftover after parsing attributes in process `syz.1.563'. [ 184.643146][ T1342] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.650409][ T1342] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.695356][ T8510] netlink: 4 bytes leftover after parsing attributes in process `syz.1.563'. [ 184.727427][ T13] hsr_slave_0: left promiscuous mode [ 184.739196][ T13] hsr_slave_1: left promiscuous mode [ 184.751287][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 184.760907][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 184.769586][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 184.777729][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 184.799107][ T13] veth1_macvtap: left promiscuous mode [ 184.805014][ T13] veth0_macvtap: left promiscuous mode [ 184.810644][ T13] veth1_vlan: left promiscuous mode [ 184.816067][ T13] veth0_vlan: left promiscuous mode [ 185.201787][ T13] team0 (unregistering): Port device team_slave_1 removed [ 185.238283][ T13] team0 (unregistering): Port device team_slave_0 removed [ 185.587919][ T8510] vcan2: entered promiscuous mode [ 185.612442][ T8515] wg2: entered promiscuous mode [ 185.639336][ T8515] wg2: entered allmulticast mode [ 185.847324][ T8529] netlink: 256 bytes leftover after parsing attributes in process `syz.3.567'. [ 186.168718][ T8538] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 186.249537][ T8418] chnl_net:caif_netlink_parms(): no params data found [ 186.430723][ T5831] Bluetooth: hci4: command tx timeout [ 186.618184][ T8566] netlink: 8 bytes leftover after parsing attributes in process `syz.1.576'. [ 186.650301][ T8566] netlink: 4 bytes leftover after parsing attributes in process `syz.1.576'. [ 186.718475][ T8573] sctp: [Deprecated]: syz.0.578 (pid 8573) Use of int in maxseg socket option. [ 186.718475][ T8573] Use struct sctp_assoc_value instead [ 186.742812][ T8566] vcan3: entered promiscuous mode [ 186.765251][ T8418] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.778778][ T8418] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.795206][ T8418] bridge_slave_0: entered allmulticast mode [ 186.806949][ T8418] bridge_slave_0: entered promiscuous mode [ 186.874580][ T8418] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.881775][ T8418] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.907674][ T8418] bridge_slave_1: entered allmulticast mode [ 186.918438][ T8418] bridge_slave_1: entered promiscuous mode [ 186.960531][ T8580] sctp: [Deprecated]: syz.1.579 (pid 8580) Use of struct sctp_assoc_value in delayed_ack socket option. [ 186.960531][ T8580] Use struct sctp_sack_info instead [ 187.092064][ T8221] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.118972][ T8418] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 187.151325][ T8418] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 187.324136][ T8418] team0: Port device team_slave_0 added [ 187.333818][ T8596] netlink: 'syz.3.583': attribute type 1 has an invalid length. [ 187.350866][ T8418] team0: Port device team_slave_1 added [ 187.365072][ T8596] netlink: 'syz.3.583': attribute type 11 has an invalid length. [ 187.499979][ T8418] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 187.509188][ T8418] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.550740][ T8418] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 187.571517][ T8604] Driver unsupported XDP return value 0 on prog (id 115) dev N/A, expect packet loss! [ 187.589073][ T8418] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 187.596362][ T8418] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 187.657470][ T8418] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 187.991869][ T8622] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 188.062114][ T8418] hsr_slave_0: entered promiscuous mode [ 188.069027][ T8418] hsr_slave_1: entered promiscuous mode [ 188.077303][ T8418] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 188.087296][ T8418] Cannot create hsr debugfs directory [ 188.185907][ T8628] veth5: entered promiscuous mode [ 188.482249][ T8645] __nla_validate_parse: 2 callbacks suppressed [ 188.482269][ T8645] netlink: 512 bytes leftover after parsing attributes in process `syz.3.595'. [ 188.509051][ T5831] Bluetooth: hci4: command tx timeout [ 188.616067][ T8645] bridge2: the hash_elasticity option has been deprecated and is always 16 [ 188.698677][ T8221] veth0_vlan: entered promiscuous mode [ 188.780112][ T8221] veth1_vlan: entered promiscuous mode [ 188.813947][ T8653] netlink: 76 bytes leftover after parsing attributes in process `syz.3.596'. [ 188.869058][ T8657] netlink: 'syz.0.598': attribute type 11 has an invalid length. [ 188.920658][ T8659] IPVS: set_ctl: invalid protocol: 58 224.0.0.2:20000 [ 189.106570][ T8221] veth0_macvtap: entered promiscuous mode [ 189.198428][ T8221] veth1_macvtap: entered promiscuous mode [ 189.243380][ T8671] netlink: 'syz.3.602': attribute type 1 has an invalid length. [ 189.269296][ T8674] netlink: 'syz.3.602': attribute type 1 has an invalid length. [ 189.422143][ T8221] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 189.448233][ T8221] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 189.525120][ T8221] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.564698][ T8221] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.573471][ T8221] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.608729][ T8684] netlink: 8 bytes leftover after parsing attributes in process `syz.0.606'. [ 189.612692][ T8221] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.624504][ T8684] netlink: 4 bytes leftover after parsing attributes in process `syz.0.606'. [ 189.664169][ T8684] vcan1: entered promiscuous mode [ 189.866761][ T8697] netlink: 16 bytes leftover after parsing attributes in process `syz.3.609'. [ 190.016114][ T8418] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 190.044654][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.052525][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.095631][ T8418] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 190.138507][ T8708] IPVS: set_ctl: invalid protocol: 108 224.0.0.2:20001 [ 190.138525][ T8418] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 190.282536][ T8717] netlink: 96 bytes leftover after parsing attributes in process `syz.3.614'. [ 190.315226][ T8711] netlink: 12 bytes leftover after parsing attributes in process `syz.0.611'. [ 190.330699][ T8418] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 190.336139][ T8717] netlink: 96 bytes leftover after parsing attributes in process `syz.3.614'. [ 190.368013][ T2988] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.394017][ T2988] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.589459][ T52] Bluetooth: hci4: command tx timeout [ 190.636892][ T8418] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.155208][ T49] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.210030][ T8418] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.299031][ T1332] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.306362][ T1332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.343145][ T1332] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.350379][ T1332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.430057][ T49] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.587435][ T49] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.691865][ T49] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.922010][ T49] bridge_slave_1: left allmulticast mode [ 191.928058][ T49] bridge_slave_1: left promiscuous mode [ 191.935035][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.960451][ T49] bridge_slave_0: left allmulticast mode [ 191.976296][ T49] bridge_slave_0: left promiscuous mode [ 192.004267][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.051939][ T8753] netlink: 44 bytes leftover after parsing attributes in process `syz.3.620'. [ 192.669790][ T52] Bluetooth: hci4: command 0x0405 tx timeout [ 192.744286][ T52] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 192.759591][ T52] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 192.780811][ T52] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 192.799043][ T52] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 192.821858][ T52] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 192.978068][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 192.991398][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 193.003236][ T49] bond0 (unregistering): Released all slaves [ 193.031547][ T8418] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.214029][ T8773] wlan1 speed is unknown, defaulting to 1000 [ 193.443946][ T8418] veth0_vlan: entered promiscuous mode [ 193.535492][ T8418] veth1_vlan: entered promiscuous mode [ 193.778831][ T8798] netlink: 'syz.3.627': attribute type 1 has an invalid length. [ 193.789005][ T8799] netlink: 'syz.1.625': attribute type 1 has an invalid length. [ 193.874149][ T8799] 8021q: adding VLAN 0 to HW filter on device bond3 [ 193.950074][ T8798] 8021q: adding VLAN 0 to HW filter on device bond2 [ 193.970201][ T8796] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 194.060700][ T8804] bond1: (slave veth0_to_bond): Releasing active interface [ 194.085920][ T8804] bond1: (slave veth0_to_bond): the permanent HWaddr of slave - aa:aa:aa:aa:aa:1d - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 194.149056][ T8804] bond1: (slave vlan2): making interface the new active one [ 194.169347][ T8804] veth1: entered promiscuous mode [ 194.188127][ T8804] bond2: (slave veth0_to_bond): making interface the new active one [ 194.201028][ T8804] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 194.249342][ T8824] netlink: 12 bytes leftover after parsing attributes in process `syz.1.629'. [ 194.269672][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.309986][ T8801] veth3: entered promiscuous mode [ 194.358026][ T8810] erspan0: entered allmulticast mode [ 194.515409][ T8833] netlink: 4 bytes leftover after parsing attributes in process `syz.3.632'. [ 194.550418][ T8835] xt_cluster: node mask cannot exceed total number of nodes [ 194.573600][ T8836] netlink: 'syz.1.633': attribute type 1 has an invalid length. [ 194.588502][ T8836] netlink: 12 bytes leftover after parsing attributes in process `syz.1.633'. [ 194.602543][ T8836] netlink: 'syz.1.633': attribute type 1 has an invalid length. [ 194.614629][ T8836] netlink: 220 bytes leftover after parsing attributes in process `syz.1.633'. [ 194.623868][ T8836] netlink: 'syz.1.633': attribute type 1 has an invalid length. [ 194.676107][ T8833] vcan1: entered promiscuous mode [ 194.857748][ T8418] veth0_macvtap: entered promiscuous mode [ 194.905424][ T52] Bluetooth: hci1: command tx timeout [ 194.979518][ T49] hsr_slave_0: left promiscuous mode [ 194.993190][ T49] hsr_slave_1: left promiscuous mode [ 195.012779][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 195.031940][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 195.052560][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 195.071749][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 195.127389][ T49] veth1_macvtap: left promiscuous mode [ 195.140880][ T49] veth0_macvtap: left promiscuous mode [ 195.163215][ T49] veth1_vlan: left promiscuous mode [ 195.173025][ T49] veth0_vlan: left promiscuous mode [ 195.703425][ T8873] xt_TPROXY: Can be used only with -p tcp or -p udp [ 195.902204][ T49] team0 (unregistering): Port device team_slave_1 removed [ 195.941653][ T49] team0 (unregistering): Port device team_slave_0 removed [ 196.331601][ T8418] veth1_macvtap: entered promiscuous mode [ 196.588067][ T8884] netlink: 'syz.0.642': attribute type 11 has an invalid length. [ 196.680438][ T8418] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 196.788708][ T8888] 8021q: adding VLAN 0 to HW filter on device bond4 [ 196.845564][ T8895] bridge0: entered promiscuous mode [ 196.884535][ T8895] bridge0: entered allmulticast mode [ 196.933834][ T8418] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.976455][ T8773] chnl_net:caif_netlink_parms(): no params data found [ 196.986308][ T52] Bluetooth: hci1: command tx timeout [ 197.011070][ T8418] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.027999][ T8418] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.041386][ T8418] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.052107][ T8418] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.319223][ T8915] netlink: 16 bytes leftover after parsing attributes in process `syz.3.649'. [ 197.687245][ T8773] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.712531][ T8938] netlink: 'syz.1.655': attribute type 11 has an invalid length. [ 197.714724][ T8773] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.748341][ T8773] bridge_slave_0: entered allmulticast mode [ 197.767596][ T8773] bridge_slave_0: entered promiscuous mode [ 197.837129][ T8773] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.859230][ T8773] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.880467][ T8773] bridge_slave_1: entered allmulticast mode [ 197.889715][ T8773] bridge_slave_1: entered promiscuous mode [ 197.971829][ T8948] netlink: 48 bytes leftover after parsing attributes in process `syz.0.657'. [ 198.003160][ T8773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.017593][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.038599][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.104026][ T8773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.328776][ T8773] team0: Port device team_slave_0 added [ 198.357580][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.366432][ T8773] team0: Port device team_slave_1 added [ 198.379844][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.656463][ T8773] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 198.674381][ T8773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.737897][ T8773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 198.783134][ T8773] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 198.832685][ T8773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.895983][ T8773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 199.065733][ T52] Bluetooth: hci1: command tx timeout [ 199.205015][ T9008] netlink: 16 bytes leftover after parsing attributes in process `syz.0.670'. [ 199.223170][ T9009] netlink: 'syz.1.671': attribute type 1 has an invalid length. [ 199.257635][ T9011] IPVS: length: 157 != 24 [ 199.262674][ T8773] hsr_slave_0: entered promiscuous mode [ 199.280386][ T8773] hsr_slave_1: entered promiscuous mode [ 199.296146][ T8773] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 199.303759][ T8773] Cannot create hsr debugfs directory [ 199.639063][ T9014] 8021q: adding VLAN 0 to HW filter on device bond6 [ 199.685931][ T9014] bond5: (slave bond6): making interface the new active one [ 199.708603][ T9014] bond5: (slave bond6): Enslaving as an active interface with an up link [ 199.847368][ T1342] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.976104][ T1342] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.077657][ T1342] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.163644][ T1342] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.457300][ T1342] bridge_slave_1: left allmulticast mode [ 200.463017][ T1342] bridge_slave_1: left promiscuous mode [ 200.489828][ T1342] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.507224][ T1342] bridge_slave_0: left allmulticast mode [ 200.512932][ T1342] bridge_slave_0: left promiscuous mode [ 200.544386][ T1342] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.052256][ T5831] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 201.063377][ T5831] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 201.072538][ T5831] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 201.081772][ T5831] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 201.091266][ T5831] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 201.148199][ T52] Bluetooth: hci1: command tx timeout [ 201.272483][ T1342] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 201.288385][ T1342] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 201.311393][ T1342] bond0 (unregistering): Released all slaves [ 201.643074][ T9046] wlan1 speed is unknown, defaulting to 1000 [ 201.809226][ T9077] netlink: 'syz.1.681': attribute type 13 has an invalid length. [ 201.861281][ T8773] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 201.872446][ T9077] netlink: 'syz.1.681': attribute type 58 has an invalid length. [ 201.902891][ T9077] netlink: 152 bytes leftover after parsing attributes in process `syz.1.681'. [ 201.987218][ T9082] netlink: 16 bytes leftover after parsing attributes in process `syz.3.683'. [ 202.067228][ T8773] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 202.108193][ T8773] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 202.211173][ T8773] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 202.356105][ T9095] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 202.403665][ T9055] wlan1 speed is unknown, defaulting to 1000 [ 202.769919][ T8773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.828467][ T8773] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.860169][ T79] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.867426][ T79] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.911241][ T79] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.918603][ T79] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.145768][ T52] Bluetooth: hci4: command tx timeout [ 203.394218][ T9117] netlink: 20 bytes leftover after parsing attributes in process `syz.3.688'. [ 203.824079][ T1342] hsr_slave_0: left promiscuous mode [ 203.843035][ T1342] hsr_slave_1: left promiscuous mode [ 203.849857][ T1342] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 203.865647][ T1342] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 203.884287][ T1342] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 203.896873][ T1342] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 203.964185][ T1342] veth1_macvtap: left promiscuous mode [ 203.979019][ T1342] veth0_macvtap: left promiscuous mode [ 203.986002][ T1342] veth1_vlan: left promiscuous mode [ 203.991465][ T1342] veth0_vlan: left promiscuous mode [ 204.529465][ T1342] team0 (unregistering): Port device team_slave_1 removed [ 204.567677][ T1342] team0 (unregistering): Port device team_slave_0 removed [ 205.231328][ T52] Bluetooth: hci4: command tx timeout [ 205.290867][ T8773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 205.349895][ T9055] chnl_net:caif_netlink_parms(): no params data found [ 205.398583][ T9158] tun0: tun_chr_ioctl cmd 1074025675 [ 205.403959][ T9158] tun0: persist disabled [ 205.452086][ T9158] veth0: entered promiscuous mode [ 205.667489][ T9155] veth0: left promiscuous mode [ 205.969306][ T9055] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.991512][ T9055] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.008942][ T9055] bridge_slave_0: entered allmulticast mode [ 206.034217][ T9055] bridge_slave_0: entered promiscuous mode [ 206.057911][ T9055] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.077615][ T9055] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.098453][ T9055] bridge_slave_1: entered allmulticast mode [ 206.120700][ T9055] bridge_slave_1: entered promiscuous mode [ 206.316622][ T9055] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.368083][ T9055] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 206.526684][ T9207] netlink: 'syz.1.703': attribute type 39 has an invalid length. [ 206.572609][ T9207] netlink: 24 bytes leftover after parsing attributes in process `syz.1.703'. [ 206.587201][ T9055] team0: Port device team_slave_0 added [ 206.606737][ T9055] team0: Port device team_slave_1 added [ 206.653273][ T9214] netlink: 'syz.0.706': attribute type 11 has an invalid length. [ 206.711029][ T9055] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 206.738868][ T9055] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.822039][ T9055] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 206.842187][ T9217] netlink: 'syz.3.707': attribute type 21 has an invalid length. [ 206.852370][ T9055] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 206.865504][ T9220] netlink: 24 bytes leftover after parsing attributes in process `syz.1.709'. [ 206.879419][ T9055] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.906755][ T9055] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 206.921185][ T9217] netlink: 'syz.3.707': attribute type 1 has an invalid length. [ 207.024589][ T9230] netlink: 16 bytes leftover after parsing attributes in process `syz.1.709'. [ 207.082522][ T8773] veth0_vlan: entered promiscuous mode [ 207.273542][ T9055] hsr_slave_0: entered promiscuous mode [ 207.288296][ T9055] hsr_slave_1: entered promiscuous mode [ 207.303990][ T9055] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 207.315002][ T52] Bluetooth: hci4: command tx timeout [ 207.323055][ T9055] Cannot create hsr debugfs directory [ 207.347377][ T8773] veth1_vlan: entered promiscuous mode [ 207.952522][ T9274] netlink: 8 bytes leftover after parsing attributes in process `syz.3.717'. [ 208.013554][ T9275] netlink: 'syz.3.717': attribute type 1 has an invalid length. [ 208.104032][ T9281] netlink: 'syz.1.718': attribute type 11 has an invalid length. [ 208.177138][ T9275] 8021q: adding VLAN 0 to HW filter on device bond3 [ 208.221507][ T8773] veth0_macvtap: entered promiscuous mode [ 208.319434][ T8773] veth1_macvtap: entered promiscuous mode [ 208.680213][ T8773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 208.744617][ T9311] netlink: 20 bytes leftover after parsing attributes in process `syz.0.723'. [ 208.767789][ T9311] FAULT_INJECTION: forcing a failure. [ 208.767789][ T9311] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 208.793739][ T9311] CPU: 1 UID: 0 PID: 9311 Comm: syz.0.723 Not tainted 6.15.0-syzkaller-07803-g3382a1ed7f77 #0 PREEMPT(full) [ 208.793770][ T9311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 208.793783][ T9311] Call Trace: [ 208.793792][ T9311] [ 208.793802][ T9311] dump_stack_lvl+0x189/0x250 [ 208.793852][ T9311] ? __pfx____ratelimit+0x10/0x10 [ 208.793883][ T9311] ? __pfx_dump_stack_lvl+0x10/0x10 [ 208.793915][ T9311] ? __pfx__printk+0x10/0x10 [ 208.793951][ T9311] should_fail_ex+0x414/0x560 [ 208.793984][ T9311] _copy_to_user+0x31/0xb0 [ 208.794008][ T9311] simple_read_from_buffer+0xe1/0x170 [ 208.794044][ T9311] proc_fail_nth_read+0x1df/0x250 [ 208.794069][ T9311] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 208.794094][ T9311] ? rw_verify_area+0x258/0x650 [ 208.794119][ T9311] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 208.794142][ T9311] vfs_read+0x200/0x980 [ 208.794174][ T9311] ? __pfx___mutex_lock+0x10/0x10 [ 208.794201][ T9311] ? __pfx_vfs_read+0x10/0x10 [ 208.794229][ T9311] ? __fget_files+0x2a/0x420 [ 208.794266][ T9311] ? __fget_files+0x3a0/0x420 [ 208.794295][ T9311] ? __fget_files+0x2a/0x420 [ 208.794336][ T9311] ksys_read+0x145/0x250 [ 208.794366][ T9311] ? __pfx_ksys_read+0x10/0x10 [ 208.794389][ T9311] ? rcu_is_watching+0x15/0xb0 [ 208.794440][ T9311] ? do_syscall_64+0xbe/0x3b0 [ 208.794471][ T9311] do_syscall_64+0xfa/0x3b0 [ 208.794496][ T9311] ? lockdep_hardirqs_on+0x9c/0x150 [ 208.794520][ T9311] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.794541][ T9311] ? clear_bhb_loop+0x60/0xb0 [ 208.794566][ T9311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.794586][ T9311] RIP: 0033:0x7f5262f8d37c [ 208.794611][ T9311] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 208.794628][ T9311] RSP: 002b:00007f5263e2d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 208.794654][ T9311] RAX: ffffffffffffffda RBX: 00007f52631b6080 RCX: 00007f5262f8d37c [ 208.794669][ T9311] RDX: 000000000000000f RSI: 00007f5263e2d0a0 RDI: 0000000000000005 [ 208.794682][ T9311] RBP: 00007f5263e2d090 R08: 0000000000000000 R09: 0000000000000000 [ 208.794695][ T9311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 208.794707][ T9311] R13: 0000000000000000 R14: 00007f52631b6080 R15: 00007ffd679d83e8 [ 208.794739][ T9311] [ 209.063900][ T8773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 209.384540][ T52] Bluetooth: hci4: command tx timeout [ 209.464779][ T8773] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.504399][ T8773] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.530047][ T8773] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.548545][ T8773] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.989516][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 210.020417][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 210.179051][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 210.205148][ T9055] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 210.212416][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 210.261235][ T9055] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 210.337343][ T9055] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 210.393243][ T9055] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 210.623418][ T9372] netlink: 'syz.1.739': attribute type 11 has an invalid length. [ 210.766149][ T9377] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 210.809126][ T9384] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 210.888341][ T49] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 210.936953][ T9376] mac80211_hwsim hwsim5 wlan1: left allmulticast mode [ 211.007170][ T49] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.125674][ T49] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.209756][ T9055] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.299138][ T49] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 211.330331][ T9055] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.349978][ T1155] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.357244][ T1155] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.397605][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.404810][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.568723][ T49] bridge_slave_1: left allmulticast mode [ 211.575491][ T49] bridge_slave_1: left promiscuous mode [ 211.582557][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.599669][ T49] bridge_slave_0: left allmulticast mode [ 211.607127][ T49] bridge_slave_0: left promiscuous mode [ 211.612984][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.716055][ T5834] Bluetooth: hci3: command 0x0406 tx timeout [ 211.722444][ T5152] Bluetooth: hci2: command 0x0406 tx timeout [ 211.991003][ T9408] netlink: 8 bytes leftover after parsing attributes in process `syz.1.744'. [ 212.058525][ T9408] xt_HMARK: proto mask must be zero with L3 mode [ 212.207294][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 212.234962][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 212.256451][ T49] bond0 (unregistering): Released all slaves [ 212.437079][ T5831] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 212.455910][ T5831] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 212.465268][ T5831] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 212.474202][ T5831] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 212.484130][ T5831] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 212.933588][ T9415] wlan1 speed is unknown, defaulting to 1000 [ 213.025064][ T9435] netlink: 12 bytes leftover after parsing attributes in process `syz.0.749'. [ 213.054051][ T9055] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 213.166179][ T9440] tipc: Cannot configure node identity twice [ 213.237786][ T9055] veth0_vlan: entered promiscuous mode [ 213.311081][ T9055] veth1_vlan: entered promiscuous mode [ 213.350934][ T9449] netlink: 'syz.0.752': attribute type 11 has an invalid length. [ 213.426999][ T9452] xt_hashlimit: max too large, truncated to 1048576 [ 213.463424][ T9055] veth0_macvtap: entered promiscuous mode [ 213.493956][ T9055] veth1_macvtap: entered promiscuous mode [ 213.534982][ T9456] netlink: 48 bytes leftover after parsing attributes in process `syz.1.754'. [ 213.583328][ T9055] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 213.642993][ T9055] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 213.687877][ T9055] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.705092][ T9055] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.713859][ T9055] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.754991][ T9055] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.258970][ T9479] netlink: 20 bytes leftover after parsing attributes in process `syz.3.762'. [ 214.356537][ T49] hsr_slave_0: left promiscuous mode [ 214.372142][ T49] hsr_slave_1: left promiscuous mode [ 214.389005][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 214.410599][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 214.433397][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 214.453193][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 214.501151][ T9488] netlink: 'syz.3.765': attribute type 11 has an invalid length. [ 214.519322][ T49] veth1_macvtap: left promiscuous mode [ 214.528635][ T49] veth0_macvtap: left promiscuous mode [ 214.535865][ T49] veth1_vlan: left promiscuous mode [ 214.541369][ T49] veth0_vlan: left promiscuous mode [ 214.587473][ T52] Bluetooth: hci1: command tx timeout [ 214.697059][ T9490] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 215.154475][ T9504] netlink: 24 bytes leftover after parsing attributes in process `syz.1.770'. [ 215.232455][ T49] team0 (unregistering): Port device team_slave_1 removed [ 215.278768][ T49] team0 (unregistering): Port device team_slave_0 removed [ 215.668977][ T79] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.689888][ T79] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 215.887271][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.899448][ T9513] netlink: 'syz.1.772': attribute type 13 has an invalid length. [ 215.932445][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 216.004731][ T9516] netlink: 20 bytes leftover after parsing attributes in process `syz.3.773'. [ 216.095952][ T9519] xt_ecn: cannot match TCP bits for non-tcp packets [ 216.299006][ T9529] netlink: 'syz.1.776': attribute type 11 has an invalid length. [ 216.382888][ T9253] ------------[ cut here ]------------ [ 216.388962][ T9253] refcount_t: underflow; use-after-free. [ 216.395472][ T9253] WARNING: CPU: 0 PID: 9253 at lib/refcount.c:28 refcount_warn_saturate+0x11a/0x1d0 [ 216.404886][ T9253] Modules linked in: [ 216.408956][ T9253] CPU: 0 UID: 0 PID: 9253 Comm: kbnepd bnep0 Not tainted 6.15.0-syzkaller-07803-g3382a1ed7f77 #0 PREEMPT(full) [ 216.420778][ T9253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 216.430865][ T9253] RIP: 0010:refcount_warn_saturate+0x11a/0x1d0 [ 216.437227][ T9253] Code: 80 19 e2 8b e8 17 5f c4 fc 90 0f 0b 90 90 eb d7 e8 ab 72 00 fd c6 05 48 23 cb 0a 01 90 48 c7 c7 e0 19 e2 8b e8 f7 5e c4 fc 90 <0f> 0b 90 90 eb b7 e8 8b 72 00 fd c6 05 25 23 cb 0a 01 90 48 c7 c7 [ 216.457248][ T9253] RSP: 0018:ffffc90003def6a0 EFLAGS: 00010246 [ 216.463319][ T9253] RAX: 0a054b9d4c3cc100 RBX: 0000000000000003 RCX: ffff88804de55a00 [ 216.471314][ T9253] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 216.479301][ T9253] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004 [ 216.487334][ T9253] R10: dffffc0000000000 R11: fffffbfff1bfa66c R12: dffffc0000000000 [ 216.495692][ T9253] R13: ffff88805de73060 R14: ffff88805de73078 R15: ffffffff85f4b820 [ 216.503675][ T9253] FS: 0000000000000000(0000) GS:ffff888125c66000(0000) knlGS:0000000000000000 [ 216.512710][ T9253] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 216.519317][ T9253] CR2: 00005555826f5808 CR3: 000000005e7f2000 CR4: 00000000003526f0 [ 216.527308][ T9253] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 216.535293][ T9253] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 216.543289][ T9253] Call Trace: [ 216.546699][ T9253] [ 216.549653][ T9253] klist_dec_and_del+0x3c7/0x3d0 [ 216.554624][ T9253] ? __pfx_klist_children_put+0x10/0x10 [ 216.560199][ T9253] klist_del+0xa6/0x110 [ 216.564395][ T9253] device_del+0x280/0x8e0 [ 216.568743][ T9253] ? _raw_spin_unlock_irq+0x2e/0x50 [ 216.573960][ T9253] ? pm_runtime_set_memalloc_noio+0x1f4/0x260 [ 216.580046][ T9253] ? __pfx_device_del+0x10/0x10 [ 216.584912][ T9253] ? netdev_unregister_kobject+0x344/0x450 [ 216.590741][ T9253] unregister_netdevice_many_notify+0x1d52/0x2320 [ 216.597342][ T9253] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 216.604108][ T9253] ? rcu_is_watching+0x15/0xb0 [ 216.609003][ T9253] ? trace_contention_end+0x39/0x120 [ 216.614335][ T9253] ? __mutex_lock+0x330/0xe80 [ 216.619013][ T9253] ? __lock_acquire+0xab9/0xd20 [ 216.623872][ T9253] ? __lock_acquire+0xab9/0xd20 [ 216.628750][ T9253] unregister_netdevice_queue+0x33c/0x380 [ 216.634495][ T9253] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 216.640747][ T9253] ? rtnl_net_dev_lock+0x36/0x2f0 [ 216.645851][ T9253] ? rtnl_net_dev_lock+0x2de/0x2f0 [ 216.650967][ T9253] unregister_netdev+0x1f/0x60 [ 216.655757][ T9253] bnep_session+0x294d/0x2b40 [ 216.660442][ T9253] ? trace_sched_exit_tp+0x38/0x120 [ 216.665662][ T9253] ? __lock_acquire+0xab9/0xd20 [ 216.670536][ T9253] ? __pfx_bnep_session+0x10/0x10 [ 216.675579][ T9253] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 216.681469][ T9253] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 216.687812][ T9253] ? __pfx_woken_wake_function+0x10/0x10 [ 216.693449][ T9253] ? __kthread_parkme+0x7b/0x200 [ 216.698663][ T9253] ? __kthread_parkme+0x1a1/0x200 [ 216.703806][ T9253] kthread+0x70e/0x8a0 [ 216.707906][ T9253] ? __pfx_bnep_session+0x10/0x10 [ 216.712931][ T9253] ? __pfx_kthread+0x10/0x10 [ 216.717597][ T9253] ? _raw_spin_unlock_irq+0x23/0x50 [ 216.722795][ T9253] ? lockdep_hardirqs_on+0x9c/0x150 [ 216.728010][ T9253] ? __pfx_kthread+0x10/0x10 [ 216.732612][ T9253] ret_from_fork+0x3fc/0x770 [ 216.737223][ T9253] ? __pfx_ret_from_fork+0x10/0x10 [ 216.742345][ T9253] ? __switch_to_asm+0x39/0x70 [ 216.747403][ T9253] ? __switch_to_asm+0x33/0x70 [ 216.752188][ T9253] ? __pfx_kthread+0x10/0x10 [ 216.756808][ T9253] ret_from_fork_asm+0x1a/0x30 [ 216.761584][ T9253] [ 216.764634][ T9253] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 216.771912][ T9253] CPU: 0 UID: 0 PID: 9253 Comm: kbnepd bnep0 Not tainted 6.15.0-syzkaller-07803-g3382a1ed7f77 #0 PREEMPT(full) [ 216.783705][ T9253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 216.793756][ T9253] Call Trace: [ 216.797051][ T9253] [ 216.799979][ T9253] dump_stack_lvl+0x99/0x250 [ 216.804577][ T9253] ? __asan_memcpy+0x40/0x70 [ 216.809165][ T9253] ? __pfx_dump_stack_lvl+0x10/0x10 [ 216.814365][ T9253] ? __pfx__printk+0x10/0x10 [ 216.818964][ T9253] panic+0x2db/0x790 [ 216.822869][ T9253] ? __pfx_panic+0x10/0x10 [ 216.827381][ T9253] ? show_trace_log_lvl+0x4fb/0x550 [ 216.832649][ T9253] ? ret_from_fork_asm+0x1a/0x30 [ 216.837587][ T9253] __warn+0x31b/0x4b0 [ 216.841569][ T9253] ? refcount_warn_saturate+0x11a/0x1d0 [ 216.847111][ T9253] ? refcount_warn_saturate+0x11a/0x1d0 [ 216.852652][ T9253] report_bug+0x2be/0x4f0 [ 216.856980][ T9253] ? refcount_warn_saturate+0x11a/0x1d0 [ 216.862572][ T9253] ? refcount_warn_saturate+0x11a/0x1d0 [ 216.868122][ T9253] ? refcount_warn_saturate+0x11c/0x1d0 [ 216.873687][ T9253] handle_bug+0x84/0x160 [ 216.877939][ T9253] exc_invalid_op+0x1a/0x50 [ 216.882442][ T9253] asm_exc_invalid_op+0x1a/0x20 [ 216.887287][ T9253] RIP: 0010:refcount_warn_saturate+0x11a/0x1d0 [ 216.893438][ T9253] Code: 80 19 e2 8b e8 17 5f c4 fc 90 0f 0b 90 90 eb d7 e8 ab 72 00 fd c6 05 48 23 cb 0a 01 90 48 c7 c7 e0 19 e2 8b e8 f7 5e c4 fc 90 <0f> 0b 90 90 eb b7 e8 8b 72 00 fd c6 05 25 23 cb 0a 01 90 48 c7 c7 [ 216.913211][ T9253] RSP: 0018:ffffc90003def6a0 EFLAGS: 00010246 [ 216.919364][ T9253] RAX: 0a054b9d4c3cc100 RBX: 0000000000000003 RCX: ffff88804de55a00 [ 216.927330][ T9253] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 216.935312][ T9253] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004 [ 216.943276][ T9253] R10: dffffc0000000000 R11: fffffbfff1bfa66c R12: dffffc0000000000 [ 216.951243][ T9253] R13: ffff88805de73060 R14: ffff88805de73078 R15: ffffffff85f4b820 [ 216.959213][ T9253] ? __pfx_klist_children_put+0x10/0x10 [ 216.964779][ T9253] klist_dec_and_del+0x3c7/0x3d0 [ 216.969722][ T9253] ? __pfx_klist_children_put+0x10/0x10 [ 216.975267][ T9253] klist_del+0xa6/0x110 [ 216.979429][ T9253] device_del+0x280/0x8e0 [ 216.983761][ T9253] ? _raw_spin_unlock_irq+0x2e/0x50 [ 216.988955][ T9253] ? pm_runtime_set_memalloc_noio+0x1f4/0x260 [ 216.995041][ T9253] ? __pfx_device_del+0x10/0x10 [ 216.999892][ T9253] ? netdev_unregister_kobject+0x344/0x450 [ 217.005702][ T9253] unregister_netdevice_many_notify+0x1d52/0x2320 [ 217.012126][ T9253] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 217.018882][ T9253] ? rcu_is_watching+0x15/0xb0 [ 217.023646][ T9253] ? trace_contention_end+0x39/0x120 [ 217.028934][ T9253] ? __mutex_lock+0x330/0xe80 [ 217.033609][ T9253] ? __lock_acquire+0xab9/0xd20 [ 217.038463][ T9253] ? __lock_acquire+0xab9/0xd20 [ 217.043321][ T9253] unregister_netdevice_queue+0x33c/0x380 [ 217.049039][ T9253] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 217.055282][ T9253] ? rtnl_net_dev_lock+0x36/0x2f0 [ 217.060308][ T9253] ? rtnl_net_dev_lock+0x2de/0x2f0 [ 217.065426][ T9253] unregister_netdev+0x1f/0x60 [ 217.070206][ T9253] bnep_session+0x294d/0x2b40 [ 217.074881][ T9253] ? trace_sched_exit_tp+0x38/0x120 [ 217.080079][ T9253] ? __lock_acquire+0xab9/0xd20 [ 217.084947][ T9253] ? __pfx_bnep_session+0x10/0x10 [ 217.089971][ T9253] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 217.095871][ T9253] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 217.102197][ T9253] ? __pfx_woken_wake_function+0x10/0x10 [ 217.107832][ T9253] ? __kthread_parkme+0x7b/0x200 [ 217.112794][ T9253] ? __kthread_parkme+0x1a1/0x200 [ 217.117853][ T9253] kthread+0x70e/0x8a0 [ 217.121927][ T9253] ? __pfx_bnep_session+0x10/0x10 [ 217.126951][ T9253] ? __pfx_kthread+0x10/0x10 [ 217.131542][ T9253] ? _raw_spin_unlock_irq+0x23/0x50 [ 217.136739][ T9253] ? lockdep_hardirqs_on+0x9c/0x150 [ 217.141936][ T9253] ? __pfx_kthread+0x10/0x10 [ 217.146522][ T9253] ret_from_fork+0x3fc/0x770 [ 217.151116][ T9253] ? __pfx_ret_from_fork+0x10/0x10 [ 217.156235][ T9253] ? __switch_to_asm+0x39/0x70 [ 217.160998][ T9253] ? __switch_to_asm+0x33/0x70 [ 217.165757][ T9253] ? __pfx_kthread+0x10/0x10 [ 217.170348][ T9253] ret_from_fork_asm+0x1a/0x30 [ 217.175127][ T9253] [ 218.319046][ T9253] Shutting down cpus with NMI [ 218.324197][ T9253] Kernel Offset: disabled [ 218.328566][ T9253] Rebooting in 86400 seconds..