last executing test programs: 1m50.111716288s ago: executing program 3 (id=114): r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macsec0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x1, 0xe, 0x25dfdbff, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_INC_SCI={0x5, 0xf}]}}}]}, 0x3c}}, 0x0) 1m35.156920625s ago: executing program 3 (id=114): r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macsec0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x1, 0xe, 0x25dfdbff, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_INC_SCI={0x5, 0xf}]}}}]}, 0x3c}}, 0x0) 1m22.92060651s ago: executing program 3 (id=114): r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macsec0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x1, 0xe, 0x25dfdbff, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_INC_SCI={0x5, 0xf}]}}}]}, 0x3c}}, 0x0) 1m11.731492787s ago: executing program 3 (id=114): r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macsec0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x1, 0xe, 0x25dfdbff, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_INC_SCI={0x5, 0xf}]}}}]}, 0x3c}}, 0x0) 1m1.574283648s ago: executing program 3 (id=114): r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macsec0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x1, 0xe, 0x25dfdbff, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_INC_SCI={0x5, 0xf}]}}}]}, 0x3c}}, 0x0) 49.856202108s ago: executing program 3 (id=114): r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macsec0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x1, 0xe, 0x25dfdbff, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_INC_SCI={0x5, 0xf}]}}}]}, 0x3c}}, 0x0) 37.429382996s ago: executing program 1 (id=845): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000014001280090001007665746800000000040002800800200001"], 0x3c}}, 0x0) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) unshare(0x64000600) (async) r2 = socket$inet6_sctp(0xa, 0x0, 0x84) unshare(0x50700) (async) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000), 0x48) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) (async) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="180200000000040000000061c0a8de00000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x3d52, 0x0, 0x0, 0x41000, 0x26, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) (async) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) (async) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00') sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) (async) unshare(0x6a040000) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$kcm(0x21, 0x2, 0x2) setsockopt$sock_attach_bpf(r5, 0x110, 0x2, 0x0, 0x3d) (async) sendmsg$NL80211_CMD_DEL_STATION(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00', @ANYBLOB="21012cbd70000000000014000000", @ANYBLOB="060036", @ANYRES32=0x0], 0x2c}}, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000cdd000/0x2000)=nil, 0x2000, 0x2000000, 0x1b0110, 0xffffffffffffffff, 0xe2c52000) (async) socket$inet(0x2, 0x5, 0x800) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={0x0, 0x0, 0x18, 0x0, 0x8}, 0x28) (async) setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000000080)=ANY=[], 0x18) (async) sendmmsg$inet6(r2, &(0x7f0000003a00), 0x0, 0x4c040) (async) unshare(0x2c020400) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$NLBL_CIPSOV4_C_LIST(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="6800000024d9a9988afb0443d0585fe50b9c779a52b6368fb699e66ac01af6438bbb6705986bebc7bbf2346f9d0f0983d82341b69eb5fd3a81559c3de70058d4dddd23eb6fd51277003d801e46757c7c3fdff2b6fada8502c3b9bf70e87476dbf7d36ed5ac18b9b7a646a659908f45418632650b5c260b256107a086f64659580c6a5aa00170c0f3694e7c5bba7fcbf56412e90c22fde28e7d41621a75dc159e36289720f44e710735cf8f9423496f1a7c", @ANYRES16=0x0, @ANYBLOB="000429bd7000fcdbdf25030000000c000480050003000500000008000100020000000800010002000000100008800c00078008000600ec00000008000100010000000800020001000000080002000200000008000200020000000800020001000000"], 0x68}, 0x1, 0x0, 0x0, 0x8800}, 0x4000000) 37.003841316s ago: executing program 1 (id=847): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580), &(0x7f00000004c0), 0x1000, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r1}, 0x18) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0) 28.775493395s ago: executing program 1 (id=847): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580), &(0x7f00000004c0), 0x1000, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r1}, 0x18) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0) 19.743858438s ago: executing program 1 (id=847): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580), &(0x7f00000004c0), 0x1000, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r1}, 0x18) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0) 10.85929935s ago: executing program 1 (id=847): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580), &(0x7f00000004c0), 0x1000, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r1}, 0x18) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0) 3.232103048s ago: executing program 0 (id=1125): poll(&(0x7f0000000040)=[{}], 0x20000000000002d6, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6(0xa, 0x80003, 0xff) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f0000000700)={0xa1, 0x1, 0x10000, 0x8000, 0x8, 0xa25, 0x1ff, 0x1ff, r4}, &(0x7f0000000740)=0x20) setsockopt$inet6_int(r2, 0x29, 0x16, &(0x7f0000fcb000), 0x4) close(r2) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x4}, 0x1c) setsockopt$SO_BINDTODEVICE_wg(r1, 0x1, 0x19, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_128={{0x303}, "cfc86a00", "4617a9f6040839230fb7fead776dd8dc", "c6db0872", "a44a883fca4400"}, 0x28) sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000440)=ANY=[@ANYBLOB="480100001000010028bd7000ffdbdf25ac1414aa0000000000000000000000007f0000010000000000000000000000004e230000200080000a0020000c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="64010100000000000000000000000000000000206c000000fe800000000000000000000000000023feffffffffffffff000000000000000000000000000000000100000000000008c802000000000100060000000800000000000000000000000000000000000000ffffffffff1f0000080000000000000000000000000000000400000000000000000000000900000000000000000000000000000002000100030000000000000008001f0004000000480003006465666c6174650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008001d"], 0x148}, 0x1, 0x0, 0x0, 0x4075}, 0x4800) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPSET_CMD_TEST(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="2c0000000b0601080000000000000000060000020500010000"], 0x2c}}, 0x4800) 2.824793034s ago: executing program 2 (id=1128): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x109942, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000580)) ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f00000001c0)={0x1, &(0x7f0000000100)=[{0x6, 0x4, 0xe, 0x7}]}) close(0x3) 2.643138242s ago: executing program 2 (id=1130): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000200)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000140)=@assoc_value={r3, 0xa}, 0x8) 2.617799608s ago: executing program 4 (id=1131): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @broadcast}, 0x10) (async) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) (async) sendto$inet(r0, &(0x7f0000000340)='\x00', 0x1, 0x4040005, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000100), 0x0, 0x12, 0x0, 0x0) (async) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100114, 0x0, 0xfffffffffffffd25) (async) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000cc0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/233, 0xe9}], 0x1, &(0x7f0000001d00)=""/4080, 0xff0}, 0x40000100) close(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0) 2.526267488s ago: executing program 2 (id=1132): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xc3490000) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0x1, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70f923, 0x80000, {0x0, 0x0, 0x0, r8, {}, {0x2, 0xb}, {0xd, 0xb}}, [@qdisc_kind_options=@q_pfifo={{0xa}, {0x8, 0x2, 0x6}}]}, 0x38}, 0x1, 0x0, 0x0, 0xc061}, 0x4008000) sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000240)={0x38, r1, 0x1, 0x2, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "a6a802ac50"}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}]}, 0x38}, 0x1, 0x0, 0x0, 0x8004}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000016c0)=ANY=[@ANYBLOB="900000001000370400000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="8b04040000000000700012800b00010067656e657665000060000280050004000100000014000700000000000000000000000800000000010800010002000000050009000100000005000c"], 0x90}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000600), 0x4) sendmsg$IPSET_CMD_SAVE(r0, &(0x7f0000001880)={&(0x7f0000001600)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000001840)={&(0x7f0000001640)={0x4c, 0x8, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0xaaed926871653b7d}, 0x8041) r10 = accept(0xffffffffffffffff, &(0x7f0000000140)=@nfc_llcp, &(0x7f0000000080)=0x80) pipe(&(0x7f0000001400)={0xffffffffffffffff}) r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_WIPHY(r10, &(0x7f00000005c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x34, r12, 0x20, 0x70bd2c, 0x25dfdbfe, {}, [@NL80211_ATTR_TXQ_MEMORY_LIMIT={0x8, 0x10b, 0x6}, @NL80211_ATTR_WIPHY_DYN_ACK={0x4}, @NL80211_ATTR_WIPHY_NAME={0x14, 0x2, 'pim6reg1\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x4008091}, 0x4051000) write(0xffffffffffffffff, 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) connect$unix(r11, &(0x7f00000018c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) r13 = socket$kcm(0x10, 0x3, 0x10) epoll_create1(0x0) sendmsg$kcm(r13, &(0x7f0000000000)={0x0, 0xffffffffffffffb3, &(0x7f0000000040)=[{&(0x7f00000000c0)="1400000016000b63d25a8064000000000124fc60", 0x14}], 0x1}, 0x8c4) 2.244431162s ago: executing program 0 (id=1133): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0xfffc}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0xa}, @NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_PROTO_MIN={0x8, 0x5, 0x1, 0x0, 0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xc8}, 0x1, 0x0, 0x0, 0x4008040}, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), r0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYBLOB="30fff900", @ANYRES16=r3, @ANYBLOB='IS\x00\x00\x00\x00\x00\x00\x00\x00g\x00\x00\x00', @ANYRES32=r4], 0x30}}, 0x0) r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r6) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r6, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB='\'4\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000000600000914000200000000000000000000000000000000010f000700756e636f6e66696e6564000014000300fe880000000000000000000000000001"], 0x4c}, 0x2, 0x34005}, 0x0) unshare(0x400) r8 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/time\x00') ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r8, 0x8004b706, 0x0) sendmsg$NBD_CMD_CONNECT(r1, 0x0, 0x0) sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x1c, r5, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8004}, 0xc0) r9 = socket$inet6(0xa, 0x2, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)=@newtaction={0x68, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0xfffffffffffffde4, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x2}}}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x10}, 0x0) bind$inet6(r9, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) syz_emit_ethernet(0x149, &(0x7f00000006c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x1e, 0x4, 0x2, 0x6, 0x13b, 0x67, 0x0, 0x2, 0x6, 0x0, @rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp={0x44, 0x8, 0x2d, 0x0, 0xc, [0x1]}, @ssrr={0x89, 0x17, 0x5b, [@local, @remote, @dev={0xac, 0x14, 0x14, 0x23}, @loopback, @multicast1]}, @ssrr={0x89, 0x1f, 0xfb, [@multicast1, @dev={0xac, 0x14, 0x14, 0xc}, @rand_addr=0x64010101, @broadcast, @loopback, @empty, @loopback]}, @rr={0x7, 0x7, 0xaa, [@broadcast]}, @timestamp_prespec={0x44, 0x1c, 0x13, 0x3, 0x8, [{@multicast2, 0xff}, {@remote, 0x8001}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0xc}]}]}}, {{0x4e21, 0x4e23, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0x2, 0xc, 0x0, 0xfffb}, {"fa672385164b134639a0cbb1d6c0ffff1329ca9ab7f8cf2ac8f92d57ff011e3727f948a89352899b99065915776caef36f4c51e748cd7e37548a7b56464da68dc5fc9fb3bfbc19e2e825d539ff1904a35aee3175d6ecb9f36905c9fee766b0238b7862193e9c74675084c32e8b7b1de5f0bfd67f49e74a4b25a079937289104774b7b1b100b22c37d8fb6add40fea7923dc9956f87259f8c0f0d587b3770ee91e5d188c40dc8d436e50b8a38a37087"}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) r11 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r11, 0x0, 0x20000000) syz_genetlink_get_family_id$nl80211(0x0, r11) 2.084156564s ago: executing program 0 (id=1134): unshare(0x68040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = socket$inet(0x2, 0x5, 0xfffffffa) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000000)=ANY=[@ANYBLOB="73656375726974790000000000000000000000000000ddffffffffffffff000002"], 0x48) 1.546346501s ago: executing program 4 (id=1135): r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) (async) openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) (async) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') (async) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) (async, rerun: 32) close(0x3) (async, rerun: 32) close(0x4) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) close(r2) (async) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') (async) r3 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) (async, rerun: 32) close(0x4) (async, rerun: 32) r4 = accept4$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast1}, &(0x7f0000000100)=0x10, 0x800) getsockopt$inet_mreqsrc(r4, 0x0, 0x38, &(0x7f00000001c0)={@empty, @multicast1}, &(0x7f0000000240)=0xc) (async) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) (async, rerun: 64) sendmsg$NFT_BATCH(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a30000000180a3f6d6f578dbe9c8b000002000000040003800900020073797a30000000000900010073797a300000000014000000020a010100000000000000000000000614000000110001"], 0x6c}}, 0x880) (rerun: 64) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_DEL(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x38, 0x2, 0x9, 0x5, 0x0, 0x0, {0x0, 0x0, 0x3}, [@NFCTH_TUPLE={0x24, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @remote}}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x20010000) 1.384305566s ago: executing program 4 (id=1136): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000040)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x1, 0x2}, 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={r0, &(0x7f00000000c0)="70cad52e21ff8a5624e4ccc1d0290721222bfab28810bba6ff6b708519df0cc82a2d9e0e3bcea95454df44e40798af501718d52eb14620ec618fb3085c301a7b7f626b", &(0x7f0000000ac0)=""/4096, 0x4}, 0x20) write(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000a40)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000a000000080000000200000fffffffff0e00000000000000030000000700000003000000fdffff3500000000000000002e"], 0x0, 0x46}, 0x28) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'vlan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x20000c1) sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4dc1}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r4}, @IFLA_HSR_SLAVE1={0x8, 0x1, r3}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r1, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x7c, 0x0, 0x200, 0x70bd2c, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0x9}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5}, @ETHTOOL_A_LINKINFO_HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6tnl0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x8080) pipe(&(0x7f0000000000)) 1.279708838s ago: executing program 1 (id=847): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000580), &(0x7f00000004c0), 0x1000, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r1}, 0x18) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0) 413.07638ms ago: executing program 0 (id=1137): r0 = socket(0xa, 0x3, 0x87) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000b40)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r4, 0x0, 0x0) sendmsg$NL80211_CMD_SET_STATION(r1, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010029bd6c45fcdbdf25923d110308000300", @ANYRES32=r2, @ANYBLOB="0a0006"], 0x38}, 0x1, 0x0, 0x0, 0x68040}, 0x4) sendmmsg$unix(r0, &(0x7f0000004380)=[{{&(0x7f0000000100)=@file={0x0, './file2\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x844}}], 0x1, 0x20000000) syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, 0x0, 0x0) syz_emit_ethernet(0x86, &(0x7f00000000c0)={@link_local, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @multicast1}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "306720a65ecadd8f8d4096edd3a616a0c3491e3bea200200", "8e6dbc6bc4b02931a149e80581e14a2c", {"a65651e8000000fffd00007f96141e51", "dac60bebefc50000000000000200"}}}}}}}, 0x0) 402.135796ms ago: executing program 2 (id=1138): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = epoll_create1(0x80000) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000008c0)=0x20000000) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000008000040850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x2, 0x3, 0x6}, 0x10) bind$alg(r3, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts-cbc-aes-aesni\x00'}, 0x58) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x0, 0x0, 0x23000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 401.491229ms ago: executing program 4 (id=1139): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x2000000, 0x12, r0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x8, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000b4321f00000000000a00630018000000", @ANYRES32=r0, @ANYBLOB="0000000000200000b706000014000000b703000000060000850000002f000000bf0920000000000055090100000000009500000000000000bf91000000000000b7020020000000008500000085000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x9, 0x1000, &(0x7f0000001e40)=""/4096, 0x41000, 0x2, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xf}, 0x94) 326.522115ms ago: executing program 4 (id=1140): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x109942, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000580)) ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f00000001c0)={0x1, &(0x7f0000000100)=[{0x6, 0x4, 0xe, 0x7}]}) close(0x3) 260.313675ms ago: executing program 2 (id=1141): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000340)="a6", 0x58) setsockopt$inet_buf(r0, 0x0, 0x9, 0x0, 0x0) 254.080124ms ago: executing program 0 (id=1142): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000200)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000140)=@assoc_value={r3, 0xa}, 0x8) 91.878628ms ago: executing program 4 (id=1143): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c40)={0x18, 0x1e, &(0x7f0000000ac0)=@raw=[@map_val={0x18, 0xb, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2}, @jmp={0x5, 0x1, 0x0, 0xb, 0x6, 0xffffffffffffffa4, 0x8}, @jmp={0x5, 0x0, 0x7, 0x5, 0x9, 0x30, 0x1e}, @exit, @printk={@i, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}, @map_val={0x18, 0x5, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x401}, @ldst={0x0, 0x0, 0x0, 0x1, 0x6, 0xfffffffffffffffe, 0x4}, @jmp={0x5, 0x1, 0x8, 0x0, 0xa, 0x40}, @printk={@li}, @tail_call], &(0x7f0000000200)='GPL\x00', 0x8000, 0x0, 0x0, 0x40f00, 0x18, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x5, 0x1, 0x0, 0xfffffffb}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000bc0)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000c00)=[{0x1, 0x2, 0x4, 0xb}], 0x10, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) syz_init_net_socket$llc(0x1a, 0x1, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$llc_int(r3, 0x10c, 0x7, 0x0, 0x0) connect$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r1, r1, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, 0x0, 0x0) shutdown(r1, 0x1) ioctl$sock_bt_hidp_HIDPCONNDEL(r4, 0x400448c9, &(0x7f0000000000)={@none}) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_kcm_SIOCKCMUNATTACH(r2, 0x89e1, &(0x7f0000000100)={r6}) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r7 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r7, 0x6, 0x21, &(0x7f0000000040)="5766b1b827f600333b09d3748ee7d700", 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000300), 0x4) openat$cgroup_ro(r3, &(0x7f0000000d00)='freezer.state\x00', 0x0, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000040)=0x1800, 0x4) r8 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0xe, 0x4, 0x4, 0x20002, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) sendmsg$TIPC_NL_LINK_GET(r8, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2040}, 0xc, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYRESDEC, @ANYRES16=0x0, @ANYBLOB="00022dbd7000ffdbdf25080000004800048044000780080003004000000008000300070000000800040000080000080002000400000008000300ff7f00000800010010000000080004000700000008000300530e0000700004801c000780080001000100000008000300bec00000080001000f0000003400078008000300050000000800020006000000080003000d0000000800030009000000080004000600000008000100020000001c00078008000400010000000800030007000000080003005ea7ffff3c0002800400040008000200010000000800010072000000040004001400038008000200050000000800020001000000080002000900000004000400bc0506800800060000000000ad050300271a3b40572754e80f26bc161a51c40f7bc3d089c8b64fc1cd19428bdb8ec161477faa5b91a045087a0467e5d34efcd05007a24c2aed077d2997ce6e519a4907a49819cff65773bea28fe6445c532c18bc888b2a1a6ccd3b3613a6bfd544bc53db5c2f342500e8ff6c3eb409986b2b78a5ad79ee234afe44ab416590b1f139bf7c95fe45d7668c8c598b99eb6058abe3176f8f81106a15cacb90c5668787d13bb9055f1a4603a6777e0da2c6a88b65369bed7578ea3e805eed38724a5daca3694c0461203f8b1cfff40a92cfabda7125ae4efbddf154b153414ac7c17095033bdfc98d384063b99f0a97856726c5d630779918bdad734c2e4f96e710727ce3add0a4cd8f6786a4d94182814048e7adb55189783ef37be2e4c2814234133b254c42b92d79d3274ce6ef314d8caa98fc3f1a11364206f7da08bb0efc30d195547078d70fabd7efcfdec9afe8d88295880db5dd0d1dd96a7ef53af411f712e769dc1b41e8e65c8818a5f9526f60a3e9f72444a6678c730d80c6805c39e19cfde0ad13c3c50913692a8d9c13ba87216be394dcd7419c32ac9e4806f60e835b1f8c707c0670cf2f30f222abd80f0d119f9437729427583f8cb481ea2ab09a798d8fcf6f9874e4763b3c8115453fcce6373b42b272d514786f77876ee254d3c970f6aa17be1f5a3ee88ed99f2bd6790e6def2dd93787048081e9d62c654524be879d0f8b61198d21fa24d57065685cd33f1274f46f3d84c605dbc92342a9b03dcbae3254cda8924fcbae78231291101f21f72d989f9a19fee9ef24f5f2c7aba1c779048852994a07b9a60b89cd15b6792fa7dd9da2238267ed6dc1686cf0214d6813b028f11d64452e528e1bf70a2b48d7f6e4a0ebcab09cab49e5be3bdd4aee654a3fa4ef02f92cb916facae8420d2f98cd31b4b60ff0f71be753256a810c216b73872cf5a637f3a66a40d8ec3a6bd7873849f807308a3cfc6c29355297e552cdf36f93a1c84d59288c21c09e344805a405357ce887982f7580e8c27bd6f1be1ff7b7d7b1b7ac7a04fbd11308ceb52b74530e19a73f30c554b3596a65925d01dfa9a8323951cd0726f968e4cf2cedb024be39fd01da04cca158120de2b0c60876a85f78558f7d10e205d0d4b512548baef05d8150aa99e6011ef0c3ebd402a6225cd7f625d8db7db789f9bc7a59ee7077f8f09da01046be54e7f5a271de88335ddc77816a328a090cc7ae43e9ad3808fb1d653aa12f10e0271315105d2b1d666e24399ecd659ed7e89239170cc887e2eba46550da3108f006c2d209c71913a384094508c361e6dfc6f9b1030d4304a1aa7928643a1380a2729ba534e9e44d524064538ae1ee8c1255a2657ba4b23bce4af23816fb2d3c5bd9ee0c7dfa80d045e65119f841f29a025a021dfb7d02f85ca1b4d38f194de959194d01c7228b29d4b8e4d01489766e61b7765f327973a3fd96161b3c5a919159bca8e3939469a67b40f42ed272e6504008226e584daf97fe44b95bd14e6a07ec876973b22988dbc48159081ba1abe98275dabe1b9965e26f964f360e7e29595c678eb65f019f18760e878352b72e3140e229585b0bcdb1c846d2d0e7bfeff890e4d5ebf1ec9aea04b72e7232e3337fdb8ea03628a26e4a3e5d9cbdd939e66388c60c882bdeb7694f5cef2cb8e92539c296114b9f1f7e92434a61a6e82b46c9d44c87621df42e916db55ba219829f58aff401b79c3f142d254925043f54928a385c3a60a158efa1a01989962718f45af571d4b9f5bf07b069131806cf0731eab5eaae28887d892363d029e1c83650408fc35a26ee018d63b10c01ddd84414b36bcde0acb1c95fc671f006aabd04a7eabae5dd6982c7dc6f4a80757016590a15c5c1f0e5e92e3e6db7f5fc900c88fbe50ce8597d7c80deb450189072af5bd2703d35cf4524adf667c2193e826f604b317f56cf72858cef503d354784852cbbfad398f5373a0cd1d52870a54a26763cffda95b4aaa003412599f414afc3dc7d1a81fa7e6422fca4156d9b3492e3b114631b11c0c902"], 0x6c4}, 0x1, 0x0, 0x0, 0x20004005}, 0x2000c800) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000002d00010026bd7000fcdbdf2504"], 0x2c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20008010) 53.505148ms ago: executing program 0 (id=1144): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) writev(r2, &(0x7f0000003500)=[{&(0x7f00000035c0)='4', 0x1}, {&(0x7f0000000080)='C', 0x1900}], 0x2) connect$802154_dgram(r1, &(0x7f0000000000)={0x24, @short={0x2, 0xffff, 0xaaa1}}, 0x14) sendmsg$nl_route_sched(r0, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000680)=@newtaction={0x168, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x154, 0x1, [@m_connmark={0x50, 0x2, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0xd, 0x5, 0x0, 0x40000005}, 0x8}}]}, {0x4}, {0xc}, {0xc}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe6, 0x0, 0x3}}]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0xbc, 0x3, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x2, 0xea3, 0xffffffffffffffff}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x1d28}}, @TCA_GACT_PARMS={0x18, 0x2, {0xb66, 0xb3, 0x10000000, 0x34e, 0xffff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x16fc, 0x1}}]}, {0x52, 0x6, "a06b1d1931f3579c6d7c5159238a286074602c3726c701f3c0d5382de62a6e8c4fb714fcd674c66cd306a4f78d3d05530609c9b04b7483bd084d70df8e77e6fbd503917aa0a6c737cef0ed021b60"}, {0xc}, {0xc, 0x8, {0x5, 0x2}}}}]}]}, 0x168}}, 0x0) 0s ago: executing program 2 (id=1145): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000008000000000000000000069faffff00000000000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000002840)=ANY=[@ANYBLOB="b7000000810003c3bfa300000000000007030000f0ffffff720af1fff8ffffff71a4f0ff0000000065040200000000ff2d400400000000003400000001ede4ff7b1300ff000000001d440100000000007a0a00fe00ffffffdb03000040000000b500f7ff350900009500000000000000023bc065b78111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4fc2495f74baaa876156de9078d687348ef1e50becb19bc461e94f4061cff1db39271a7168e51815548000000000000000275dff00000001b6bf01c8e8b19aa0d7f300c095199fe3ff3128e599b0eaebbdbd732c9cd90eec36574a8f6456e2ccae25ea21714eca8cf5d803e04d83b46e21557c0afc646cb7790b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845b9f75dd08d123deda8ebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987af1714e72ba7616536fd9aa58f2477184b6a89adaf17b0baf587aef370a2d426a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d64364c82770c8204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee7d26b34381fcb59b854e9d5a17f4720082f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67051d355d84ce97bb0c6b4a595e487efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599ddd71063be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d96c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d38df9ba60248d9a0d61282dfb15eb6841bb64a1b3045024a982f3c48153baae2c4e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c3560811ea6c3560a43364d402ccdd9069bd50b994fd6a34ee18022a579dfc0229cc0dc9881610270928eaeb883418f562ae00003ea96d10f172c0374d6eed826407000000000000004a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a950812d7aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea52acb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d851680f6f2f9a6a8906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f4ca2195234648e0a1ca50db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031bc2f52c8785fe0721719b3d654026c6ea08b83b123145eb6dc5f6a9037d2283c42efc54fa84323a3304f41ff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f928ba7554ba583fef3ec7932f5954f31a878e2fae6691df8b4b7ecd27ce82f7df3e7d1daac43738612e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d040000000000000090205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e96735600000554f327a353511ccedde99493c31ac05a7b57f03ca91a01ba2c60ca99e8ebc15ecb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d40460780000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120968308c31db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd0000000069ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a003fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9e0600f86909bc90addb7b9aee813df534aac4b32fd691b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d86047f601fa88a000000000000000000000000000006acc19808d7cf29bc974b0ea92499a419aa095e203c1bafbb9b9a7c2bca3f0a18ee4952f2d325a56390578f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa84feda91f3edb32231ec75300000000000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b88b5e7885e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035ab63de71a30f1240de52536941242d23886ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db1829f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2744c46570e8f46da1ab990ca053cbfe801000000000000000000000000000000d55d7182af2ea5f8d0ad495e3eb9421963a5a683c3dcb2d300aa3b2cfe946d2348c35f5d67d68ac07c8f84b3679e77c2e629ecec7c12c35d6b6971b8ae13cc00956d2227db60c0a461ed2b3ecfb16d19037c8c88c91dda1f904fbbc864e95ad43d6dd6d5eadbcea25682ba4b91e14c3fbfdfd1d680aa1af102d97681656bf56ff0674237ce097d39008cc3257778de878bcd37467386f993be6d20c93a7791e7f2a155ce379b4cda2500108052aeb9bd03ff6d4c5dbda9ff485d6576a492d436d52edcd420e7deaa4343a0add3941ae7c5f58af43866ca64750f43e583ca1ceb3a805e46beef9dca77a4edcbb42aa0caf0bbd6cec72d85540293cb4849b0610800000000000000000000000000000000f9814d5f6c8673c143ff2f901e71b8818665b56f7a03afe3d900007656859db4cb06aaaf9f02cfab5b9e61cc00e8e19429921b8df4c4c53bddea4cc48737842952ff08aeac15685df194ca89da8cf6d29a2be9779181fd5d105af5786094d9130f5826b18b9667b971a994f3fd069629a1052f441e96884f90c91f4a97429ca27955b5c90f0bd9a46ed044272383d3768871a9c8cfd7948aea445c55684351002ed4a4af45341de8e5e1f33624bd2ec1591dd00bbe05000000f89a928662e9b9449db34394fc5e946fadaee576e28ac0feab4e3585ed43d206218f524083840a78b7236bb7f5e42b5376642f8ad4028d4ead407240e7467d1b37afe20690d7672c7e926fded95cf805516ad836eb730619a05af36fb28329d6feb33219cc9164461a8ba3afd5949b9a6046c53663df30a049414089c1ae8f3476236b05dde8dda4843a62c591f8d2b1a62d0db8dc826219bd87398b33e140792297d023ef52de2e75b9dbbfb8712ccc15c69cfb4c6c1bc2ae74621e536b9d3f09a15dada1561a8192d65cc59d7ed5a6bd61000000000000000000000000000000000000000000000000000000000000000000000000f637782e317d492b2392fd0ea81397a80227f271bad21d688af35a2bd02c15d20f3d62a50e20260642c25f304c8034a5f4d8e45e701dbd84294d1096e715662b8223e10ef454c7702c98c4c38451fc5c702084e3fa9b184e0d0fba44acf3bb8a846cf680dfbf312cddfdb2043288fa6b67fa762c8b75d4478756ef240f2b314e4d77a3afb4fcec92248327004d1dac7ac87a6f8cb04d82acc307d60e4713bd9a8f29091d3048c669a5f5439e0a906ce098d177b9579882586511cfe6a23e57c44d1654899f077b5636e4181f3de6b814bedcac5290ad801800"/3222], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffec2}, 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000008bf80564090006f3f890925067562802a7ae000000000000"], 0x48) ioctl$sock_ax25_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000040)={@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x7, [@default, @bcast, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @null]}) r2 = socket(0x21, 0x2, 0xf) syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000200), r3) syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r2) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x8, 0x1c, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bca90000000000003509010000000000950000000000000075090200020000007b9a00fe00000000b509000000000000c39a04fe41000000bf8700000000000007080000f8ffffffbfa4000000000000070400000b00ffffb7020000080000001829000036cc35c8e05cd9f3a25109e3561d51d2f1ca65e6a4c795464484936ee1617a0776623645cfcce91ae0be2e2a7b4c31560500000df7876037f2ee87b6813b32829a52341c5b554d0084ec1e97282d3010dc4ff5aa8278a25f289ee1131d21d53980a32d860c308cdf404e9a", @ANYRES64=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) kernel console output (not intermixed with test programs): with parent 'hsr' already present! [ 109.081250][ T6508] Cannot create hsr debugfs directory [ 109.530528][ T6706] netlink: 8 bytes leftover after parsing attributes in process `syz.2.185'. [ 109.571350][ T6706] netlink: 8 bytes leftover after parsing attributes in process `syz.2.185'. [ 109.581677][ T6706] netlink: 8 bytes leftover after parsing attributes in process `syz.2.185'. [ 109.601165][ T6706] netlink: 8 bytes leftover after parsing attributes in process `syz.2.185'. [ 109.621287][ T6706] netlink: 8 bytes leftover after parsing attributes in process `syz.2.185'. [ 109.641103][ T6706] netlink: 8 bytes leftover after parsing attributes in process `syz.2.185'. [ 109.658064][ T6706] netlink: 8 bytes leftover after parsing attributes in process `syz.2.185'. [ 109.688780][ T6706] netlink: 8 bytes leftover after parsing attributes in process `syz.2.185'. [ 110.940563][ T5858] Bluetooth: hci2: command tx timeout [ 111.105258][ T6508] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 111.144355][ T6508] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 111.215271][ T6508] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 111.241747][ T6508] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 111.506521][ T6508] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.547437][ T6765] dvmrp0: entered allmulticast mode [ 111.675359][ T6508] 8021q: adding VLAN 0 to HW filter on device team0 [ 111.733014][ T3542] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.740254][ T3542] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.754793][ T3542] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.762037][ T3542] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.366491][ T6803] netlink: 'syz.1.214': attribute type 3 has an invalid length. [ 112.378973][ T6803] netlink: 'syz.1.214': attribute type 2 has an invalid length. [ 112.395954][ T6803] netlink: 'syz.1.214': attribute type 2 has an invalid length. [ 112.483530][ T6805] netlink: 'syz.1.214': attribute type 1 has an invalid length. [ 112.525864][ T6508] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 112.677040][ T6508] veth0_vlan: entered promiscuous mode [ 112.741007][ T6508] veth1_vlan: entered promiscuous mode [ 112.865397][ T6508] veth0_macvtap: entered promiscuous mode [ 112.898279][ T6508] veth1_macvtap: entered promiscuous mode [ 113.024798][ T6508] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 113.071482][ T6508] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 113.109954][ T3542] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.128125][ T3542] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.176264][ T3542] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.199979][ T3542] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 113.298628][ T6824] __nla_validate_parse: 70 callbacks suppressed [ 113.298646][ T6824] netlink: 36 bytes leftover after parsing attributes in process `syz.4.222'. [ 113.418954][ T3554] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.433041][ T3554] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.596762][ T3554] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 113.608336][ T3554] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 113.623574][ T6828] xt_l2tp: invalid flags combination: c [ 113.662878][ T5858] Bluetooth: hci2: command tx timeout [ 113.799254][ T6843] netlink: 'syz.0.227': attribute type 10 has an invalid length. [ 113.877208][ T6843] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 114.081293][ T6852] raw_sendmsg: syz.1.231 forgot to set AF_INET. Fix it! [ 114.472807][ T6871] gretap1: entered allmulticast mode [ 114.654717][ T994] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.695545][ T6871] netlink: 'syz.2.236': attribute type 12 has an invalid length. [ 114.713277][ T6871] netlink: 'syz.2.236': attribute type 29 has an invalid length. [ 114.722286][ T6871] netlink: 148 bytes leftover after parsing attributes in process `syz.2.236'. [ 114.733071][ T6871] netlink: 51 bytes leftover after parsing attributes in process `syz.2.236'. [ 114.811738][ T994] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.979016][ T6882] netlink: 'syz.2.239': attribute type 1 has an invalid length. [ 114.995365][ T994] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.164635][ T6888] gretap2: entered promiscuous mode [ 115.264421][ T6882] 8021q: adding VLAN 0 to HW filter on device bond1 [ 115.413259][ T994] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.504788][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 115.522542][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 115.542528][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 115.556893][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 115.567218][ T5857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 116.165756][ T994] bridge_slave_1: left allmulticast mode [ 116.179343][ T994] bridge_slave_1: left promiscuous mode [ 116.189127][ T994] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.236719][ T994] bridge_slave_0: left allmulticast mode [ 116.257685][ T994] bridge_slave_0: left promiscuous mode [ 116.274484][ T994] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.481261][ T6927] netlink: 104 bytes leftover after parsing attributes in process `syz.4.251'. [ 116.836360][ T994] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 116.850383][ T994] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 116.861450][ T994] bond0 (unregistering): Released all slaves [ 116.875073][ T6912] netlink: 8 bytes leftover after parsing attributes in process `syz.0.246'. [ 116.901519][ T6921] netlink: 44 bytes leftover after parsing attributes in process `syz.1.249'. [ 117.661068][ T5858] Bluetooth: hci2: command tx timeout [ 117.779556][ T994] hsr_slave_0: left promiscuous mode [ 117.815195][ T994] hsr_slave_1: left promiscuous mode [ 117.823149][ T994] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 117.843316][ T994] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 117.864870][ T994] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 117.877547][ T994] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 117.933886][ T994] veth1_macvtap: left promiscuous mode [ 117.947398][ T994] veth0_macvtap: left promiscuous mode [ 117.954101][ T994] veth1_vlan: left promiscuous mode [ 117.959552][ T994] veth0_vlan: left promiscuous mode [ 118.659308][ T994] team0 (unregistering): Port device team_slave_1 removed [ 118.702044][ T994] team0 (unregistering): Port device team_slave_0 removed [ 119.125623][ T6901] chnl_net:caif_netlink_parms(): no params data found [ 119.330867][ T6993] netlink: 8 bytes leftover after parsing attributes in process `syz.4.271'. [ 119.369495][ T6995] netlink: 4 bytes leftover after parsing attributes in process `syz.1.270'. [ 119.393527][ T6998] netlink: 12 bytes leftover after parsing attributes in process `syz.4.271'. [ 119.605253][ T7001] netlink: 4 bytes leftover after parsing attributes in process `syz.4.271'. [ 119.698725][ T7013] netlink: 4 bytes leftover after parsing attributes in process `syz.0.275'. [ 119.740913][ T5858] Bluetooth: hci2: command tx timeout [ 120.002376][ T6901] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.033746][ T6901] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.046360][ T6901] bridge_slave_0: entered allmulticast mode [ 120.056911][ T6901] bridge_slave_0: entered promiscuous mode [ 120.085428][ T6901] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.092868][ T6901] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.100481][ T6901] bridge_slave_1: entered allmulticast mode [ 120.145903][ T7029] netlink: 'syz.0.280': attribute type 4 has an invalid length. [ 120.168976][ T6901] bridge_slave_1: entered promiscuous mode [ 120.243871][ T7033] netlink: 16 bytes leftover after parsing attributes in process `syz.1.282'. [ 120.325702][ T7037] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 120.498488][ T6901] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 120.641901][ T7050] netlink: 4 bytes leftover after parsing attributes in process `syz.1.288'. [ 120.684525][ T6901] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 120.887034][ T6901] team0: Port device team_slave_0 added [ 120.946986][ T7055] syzkaller0: entered promiscuous mode [ 120.953605][ T7055] syzkaller0: entered allmulticast mode [ 120.978207][ T6901] team0: Port device team_slave_1 added [ 121.049564][ T6901] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 121.057805][ T6901] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.104375][ T6901] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 121.128126][ T6901] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 121.157047][ T6901] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.193719][ T7055] netlink: 12 bytes leftover after parsing attributes in process `syz.2.290'. [ 121.194142][ T6901] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 121.535331][ T7074] netlink: 4 bytes leftover after parsing attributes in process `syz.1.297'. [ 121.666083][ T6901] hsr_slave_0: entered promiscuous mode [ 121.691406][ T6901] hsr_slave_1: entered promiscuous mode [ 121.697922][ T6901] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 121.770341][ T6901] Cannot create hsr debugfs directory [ 121.815864][ T7085] netlink: 36 bytes leftover after parsing attributes in process `syz.4.301'. [ 121.825570][ T5858] Bluetooth: hci2: command tx timeout [ 121.893322][ T7084] syz.0.300: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 121.919747][ T7084] CPU: 0 UID: 0 PID: 7084 Comm: syz.0.300 Not tainted 6.16.0-rc5-syzkaller-01231-g96698d1898bc #0 PREEMPT(full) [ 121.919787][ T7084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 121.919811][ T7084] Call Trace: [ 121.919820][ T7084] [ 121.919829][ T7084] dump_stack_lvl+0x189/0x250 [ 121.919860][ T7084] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 121.919883][ T7084] ? __pfx_dump_stack_lvl+0x10/0x10 [ 121.919900][ T7084] ? __pfx__printk+0x10/0x10 [ 121.919920][ T7084] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 121.919938][ T7084] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 121.919964][ T7084] warn_alloc+0x214/0x310 [ 121.919983][ T7084] ? stack_depot_save_flags+0x40/0x900 [ 121.920007][ T7084] ? __pfx_warn_alloc+0x10/0x10 [ 121.920027][ T7084] ? kasan_save_track+0x4f/0x80 [ 121.920045][ T7084] ? xskq_create+0x56/0x170 [ 121.920060][ T7084] ? xsk_init_queue+0xb0/0x110 [ 121.920075][ T7084] ? xsk_setsockopt+0x4dc/0x8d0 [ 121.920089][ T7084] ? do_sock_setsockopt+0x25a/0x3e0 [ 121.920108][ T7084] ? __x64_sys_setsockopt+0x18b/0x220 [ 121.920126][ T7084] ? do_syscall_64+0xfa/0x3b0 [ 121.920143][ T7084] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.920171][ T7084] __vmalloc_node_range_noprof+0x125/0x12f0 [ 121.920221][ T7084] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 121.920246][ T7084] ? __kasan_kmalloc+0x93/0xb0 [ 121.920266][ T7084] vmalloc_user_noprof+0xad/0xf0 [ 121.920284][ T7084] ? xskq_create+0xbf/0x170 [ 121.920302][ T7084] xskq_create+0xbf/0x170 [ 121.920323][ T7084] xsk_init_queue+0xb0/0x110 [ 121.920343][ T7084] xsk_setsockopt+0x4dc/0x8d0 [ 121.920363][ T7084] ? __pfx_xsk_setsockopt+0x10/0x10 [ 121.920380][ T7084] ? __pfx_aa_sk_perm+0x10/0x10 [ 121.920397][ T7084] ? __lock_acquire+0xab9/0xd20 [ 121.920418][ T7084] ? aa_sock_opt_perm+0x74/0x110 [ 121.920440][ T7084] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 121.920459][ T7084] ? __pfx_xsk_setsockopt+0x10/0x10 [ 121.920478][ T7084] do_sock_setsockopt+0x25a/0x3e0 [ 121.920502][ T7084] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 121.920527][ T7084] ? __fget_files+0x2a/0x420 [ 121.920554][ T7084] __x64_sys_setsockopt+0x18b/0x220 [ 121.920591][ T7084] do_syscall_64+0xfa/0x3b0 [ 121.920610][ T7084] ? lockdep_hardirqs_on+0x9c/0x150 [ 121.920628][ T7084] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.920642][ T7084] ? clear_bhb_loop+0x60/0xb0 [ 121.920662][ T7084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.920676][ T7084] RIP: 0033:0x7f26e458e929 [ 121.920698][ T7084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 121.920710][ T7084] RSP: 002b:00007f26e5362038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 121.920726][ T7084] RAX: ffffffffffffffda RBX: 00007f26e47b6080 RCX: 00007f26e458e929 [ 121.920737][ T7084] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000009 [ 121.920746][ T7084] RBP: 00007f26e4610b39 R08: 0000000000000004 R09: 0000000000000000 [ 121.920755][ T7084] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 121.920764][ T7084] R13: 0000000000000000 R14: 00007f26e47b6080 R15: 00007ffd59e25cc8 [ 121.920791][ T7084] [ 122.233390][ T7084] Mem-Info: [ 122.236535][ T7084] active_anon:8932 inactive_anon:0 isolated_anon:0 [ 122.236535][ T7084] active_file:1439 inactive_file:39841 isolated_file:0 [ 122.236535][ T7084] unevictable:768 dirty:143 writeback:0 [ 122.236535][ T7084] slab_reclaimable:10536 slab_unreclaimable:110773 [ 122.236535][ T7084] mapped:31339 shmem:5460 pagetables:1050 [ 122.236535][ T7084] sec_pagetables:0 bounce:0 [ 122.236535][ T7084] kernel_misc_reclaimable:0 [ 122.236535][ T7084] free:1307302 free_pcp:20631 free_cma:0 [ 122.282425][ T7084] Node 0 active_anon:35728kB inactive_anon:0kB active_file:5756kB inactive_file:159160kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:125356kB dirty:568kB writeback:0kB shmem:20304kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11636kB pagetables:4064kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 122.316962][ T7084] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 122.348773][ T7084] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 122.378116][ T7084] lowmem_reserve[]: 0 2498 2499 2499 2499 [ 122.384634][ T7084] Node 0 DMA32 free:1316300kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:35684kB inactive_anon:0kB active_file:5756kB inactive_file:157568kB unevictable:1536kB writepending:564kB present:3129332kB managed:2558264kB mlocked:0kB bounce:0kB free_pcp:62736kB local_pcp:38296kB free_cma:0kB [ 122.417034][ T7084] lowmem_reserve[]: 0 0 1 1 1 [ 122.423465][ T7084] Node 0 Normal free:0kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1592kB unevictable:0kB writepending:4kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 122.452739][ T7084] lowmem_reserve[]: 0 0 0 0 0 [ 122.457800][ T7084] Node 1 Normal free:3897748kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:19848kB local_pcp:5184kB free_cma:0kB [ 122.494830][ T7084] lowmem_reserve[]: 0 0 0 0 0 [ 122.499626][ T7084] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 122.512792][ T7084] Node 0 DMA32: 576*4kB (UM) 95*8kB (UME) 15*16kB (UM) 80*32kB (UM) 5*64kB (UM) 2*128kB (ME) 34*256kB (ME) 28*512kB (UME) 15*1024kB (UM) 3*2048kB (U) 309*4096kB (UM) = 1316648kB [ 122.532471][ T7084] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 122.545526][ T7084] Node 1 Normal: 129*4kB (UME) 44*8kB (UME) 23*16kB (UME) 68*32kB (UME) 23*64kB (UME) 3*128kB (UME) 3*256kB (UM) 3*512kB (ME) 3*1024kB (UME) 2*2048kB (UE) 948*4096kB (M) = 3897748kB [ 122.564129][ T7084] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 122.576899][ T7084] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 122.587430][ T7084] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 122.597748][ T7084] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 122.608474][ T7084] 46737 total pagecache pages [ 122.617650][ T7084] 0 pages in swap cache [ 122.646939][ T7084] Free swap = 124996kB [ 122.659968][ T7084] Total swap = 124996kB [ 122.666096][ T7084] 2097051 pages RAM [ 122.669958][ T7084] 0 pages HighMem/MovableOnly [ 122.677276][ T7084] 425443 pages reserved [ 122.682066][ T7084] 0 pages cma reserved [ 123.774292][ T7096] netlink: 'syz.1.302': attribute type 13 has an invalid length. [ 123.911240][ T5858] Bluetooth: hci2: command tx timeout [ 124.296472][ T7121] netlink: 'syz.0.307': attribute type 5 has an invalid length. [ 124.497089][ T7127] __nla_validate_parse: 1 callbacks suppressed [ 124.497108][ T7127] netlink: 24 bytes leftover after parsing attributes in process `syz.2.309'. [ 124.514914][ T7124] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.542763][ T7126] netlink: 'syz.4.310': attribute type 4 has an invalid length. [ 124.665688][ T7124] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.755295][ T7124] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.914397][ T7138] Bluetooth: MGMT ver 1.23 [ 124.925683][ T7138] netlink: 4 bytes leftover after parsing attributes in process `syz.0.314'. [ 125.037671][ T7124] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.114866][ T7143] bridge0: entered allmulticast mode [ 125.144574][ T7144] pim6reg: entered allmulticast mode [ 125.333955][ T3495] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.375720][ T60] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.449720][ T6901] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 125.532683][ T36] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.558196][ T6901] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 125.638203][ T994] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 125.673517][ T6901] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 125.729370][ T6901] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 125.768003][ T7159] netlink: 12 bytes leftover after parsing attributes in process `syz.0.321'. [ 126.102289][ T6901] 8021q: adding VLAN 0 to HW filter on device bond0 [ 126.178002][ T6901] 8021q: adding VLAN 0 to HW filter on device team0 [ 126.219170][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.226397][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 126.287289][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.294514][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 126.602717][ T7195] netlink: 452 bytes leftover after parsing attributes in process `syz.4.331'. [ 126.759283][ T7205] netlink: 'syz.0.333': attribute type 1 has an invalid length. [ 127.115116][ T7222] netlink: 4 bytes leftover after parsing attributes in process `syz.1.339'. [ 127.128794][ T7222] netlink: 4 bytes leftover after parsing attributes in process `syz.1.339'. [ 127.225802][ T6901] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 127.246893][ T7226] netlink: 'syz.2.340': attribute type 3 has an invalid length. [ 127.283422][ T7226] netlink: 132 bytes leftover after parsing attributes in process `syz.2.340'. [ 127.337573][ T7226] netlink: 4 bytes leftover after parsing attributes in process `syz.2.340'. [ 127.347123][ T6901] veth0_vlan: entered promiscuous mode [ 127.368331][ T6901] veth1_vlan: entered promiscuous mode [ 127.547761][ T6901] veth0_macvtap: entered promiscuous mode [ 127.615002][ T6901] veth1_macvtap: entered promiscuous mode [ 127.685949][ T6901] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 127.718919][ T6901] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 127.767027][ T3542] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.792814][ T3542] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.826350][ T3542] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.849669][ T3542] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 128.057657][ T3542] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.090890][ T3542] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.208832][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.222299][ T7258] netlink: 16 bytes leftover after parsing attributes in process `syz.2.353'. [ 128.252574][ T7258] netlink: 64 bytes leftover after parsing attributes in process `syz.2.353'. [ 128.260237][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.357554][ T7263] netlink: 'syz.4.355': attribute type 2 has an invalid length. [ 128.391810][ T7264] bridge0: port 1(gretap0) entered blocking state [ 128.413116][ T7264] bridge0: port 1(gretap0) entered disabled state [ 128.444482][ T7264] gretap0: entered allmulticast mode [ 128.470092][ T7264] gretap0: entered promiscuous mode [ 128.495665][ T7264] bridge0: port 1(gretap0) entered blocking state [ 128.502320][ T7264] bridge0: port 1(gretap0) entered forwarding state [ 128.767723][ T7279] ip6t_rpfilter: unknown options [ 129.522160][ T3495] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.642862][ T3495] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 129.869406][ T3495] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.133509][ T7314] __nla_validate_parse: 2 callbacks suppressed [ 130.133527][ T7314] netlink: 24 bytes leftover after parsing attributes in process `syz.4.370'. [ 130.223400][ T3495] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.390663][ T7313] netlink: 4 bytes leftover after parsing attributes in process `syz.4.370'. [ 130.855779][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 130.868867][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 130.880681][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 130.893704][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 130.904662][ T5857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 131.014837][ T7340] IPVS: set_ctl: invalid protocol: 59 172.20.20.32:20003 [ 131.089888][ T3495] bridge_slave_1: left allmulticast mode [ 131.108664][ T3495] bridge_slave_1: left promiscuous mode [ 131.123160][ T3495] bridge0: port 2(bridge_slave_1) entered disabled state [ 131.193233][ T3495] bridge_slave_0: left allmulticast mode [ 131.201929][ T3495] bridge_slave_0: left promiscuous mode [ 131.207820][ T3495] bridge0: port 1(bridge_slave_0) entered disabled state [ 131.963619][ T3495] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 131.976091][ T3495] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 131.989243][ T3495] bond0 (unregistering): Released all slaves [ 132.819525][ T7391] netlink: 16 bytes leftover after parsing attributes in process `syz.0.390'. [ 132.854372][ T7394] netlink: 8 bytes leftover after parsing attributes in process `syz.1.392'. [ 132.945420][ T5857] Bluetooth: hci2: command tx timeout [ 132.953309][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.959812][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.094560][ T7404] netlink: 28 bytes leftover after parsing attributes in process `syz.0.395'. [ 133.163430][ T3495] hsr_slave_0: left promiscuous mode [ 133.176175][ T3495] hsr_slave_1: left promiscuous mode [ 133.194193][ T3495] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 133.207117][ T3495] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 133.253021][ T3495] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 133.298242][ T3495] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 133.362994][ T3495] veth1_macvtap: left promiscuous mode [ 133.374104][ T3495] veth0_macvtap: left promiscuous mode [ 133.390033][ T3495] veth1_vlan: left promiscuous mode [ 133.406325][ T3495] veth0_vlan: left promiscuous mode [ 134.169795][ T3495] team0 (unregistering): Port device team_slave_1 removed [ 134.217139][ T3495] team0 (unregistering): Port device team_slave_0 removed [ 134.303855][ T7435] netlink: 'syz.4.402': attribute type 1 has an invalid length. [ 134.803401][ T7455] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 134.829962][ T7436] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 134.849425][ T7436] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 134.889531][ T7439] gretap2: entered promiscuous mode [ 134.897549][ T7457] netlink: 44 bytes leftover after parsing attributes in process `syz.1.403'. [ 134.929104][ T7331] chnl_net:caif_netlink_parms(): no params data found [ 135.020850][ T5857] Bluetooth: hci2: command tx timeout [ 135.500112][ T7331] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.525953][ T7331] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.547862][ T7331] bridge_slave_0: entered allmulticast mode [ 135.562821][ T7331] bridge_slave_0: entered promiscuous mode [ 135.605050][ T7331] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.613764][ T7331] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.643605][ T7331] bridge_slave_1: entered allmulticast mode [ 135.653117][ T7331] bridge_slave_1: entered promiscuous mode [ 135.727107][ T7493] netlink: 4 bytes leftover after parsing attributes in process `syz.4.414'. [ 135.845909][ T7331] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 135.887319][ T7331] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 136.049716][ T7508] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input5 [ 136.475848][ T7331] team0: Port device team_slave_0 added [ 136.503986][ T7331] team0: Port device team_slave_1 added [ 136.598784][ T7331] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 136.614100][ T7331] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 136.641606][ T7331] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 136.671367][ T7331] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 136.696036][ T7331] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 136.795203][ T7331] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 136.990018][ T7547] netlink: 14568 bytes leftover after parsing attributes in process `syz.2.426'. [ 137.002648][ T7541] team0: Port device gtp0 added [ 137.033515][ T7331] hsr_slave_0: entered promiscuous mode [ 137.044497][ T7549] netlink: 3 bytes leftover after parsing attributes in process `syz.2.426'. [ 137.055653][ T7331] hsr_slave_1: entered promiscuous mode [ 137.063460][ T7331] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 137.072619][ T7331] Cannot create hsr debugfs directory [ 137.101098][ T5857] Bluetooth: hci2: command tx timeout [ 137.279455][ T7562] netlink: 8 bytes leftover after parsing attributes in process `syz.2.431'. [ 138.290018][ T7331] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 138.451730][ T7331] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 138.494277][ T7331] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 138.536869][ T7331] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 138.996419][ T7331] 8021q: adding VLAN 0 to HW filter on device bond0 [ 139.069283][ T7625] sctp: failed to load transform for md5: -2 [ 139.077766][ T7621] sctp: failed to load transform for md5: -2 [ 139.187507][ T5857] Bluetooth: hci2: command tx timeout [ 139.319839][ T7331] 8021q: adding VLAN 0 to HW filter on device team0 [ 139.404746][ T3542] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.412008][ T3542] bridge0: port 1(bridge_slave_0) entered forwarding state [ 139.476731][ T3542] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.483937][ T3542] bridge0: port 2(bridge_slave_1) entered forwarding state [ 139.718302][ T7647] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 140.086776][ T7331] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 140.314495][ T7331] veth0_vlan: entered promiscuous mode [ 140.383137][ T7331] veth1_vlan: entered promiscuous mode [ 140.468606][ T7678] netlink: 16 bytes leftover after parsing attributes in process `syz.4.458'. [ 140.484829][ T7331] veth0_macvtap: entered promiscuous mode [ 140.523719][ T7331] veth1_macvtap: entered promiscuous mode [ 140.590711][ T7673] syz.0.457 (7673) used greatest stack depth: 18584 bytes left [ 140.592016][ T7331] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 140.640022][ T7331] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 140.661930][ T7641] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.677539][ T7641] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.695590][ T7641] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.748756][ T7641] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 140.825936][ T3542] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 140.850916][ T3542] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 140.939703][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 140.989093][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 141.131647][ T7704] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 141.321699][ T7704] netlink: 'syz.2.464': attribute type 10 has an invalid length. [ 141.327900][ T7707] bridge_slave_0: left allmulticast mode [ 141.346096][ T7707] bridge_slave_0: left promiscuous mode [ 141.362639][ T7707] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.405318][ T7707] bridge_slave_1: left allmulticast mode [ 141.412003][ T7707] bridge_slave_1: left promiscuous mode [ 141.419654][ T7707] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.448892][ T7707] team0: Port device veth0_to_bond removed [ 141.458150][ T7707] bond0: (slave bond_slave_0): Releasing backup interface [ 141.472270][ T7707] bond0: (slave bond_slave_1): Releasing backup interface [ 141.488712][ T7707] team0: Port device team_slave_0 removed [ 141.504584][ T7707] team0: Port device team_slave_1 removed [ 141.518009][ T7707] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 141.528483][ T7707] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 141.544493][ T7707] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 141.554070][ T7707] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 141.578957][ T7707] team0: Port device veth3 removed [ 141.596851][ T7704] mac80211_hwsim hwsim5 wlan1: left allmulticast mode [ 141.622922][ T7704] 8021q: adding VLAN 0 to HW filter on device bond0 [ 141.637594][ T7704] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 141.727544][ T36] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.881185][ T36] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.433632][ T7723] _ÐZ`Ô€@: entered promiscuous mode [ 142.608415][ T7730] netlink: 8 bytes leftover after parsing attributes in process `syz.4.469'. [ 142.655461][ T7731] netlink: 16 bytes leftover after parsing attributes in process `syz.1.471'. [ 142.948509][ T36] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.210915][ T36] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.283340][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 143.305661][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 143.317747][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 143.337856][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 143.348818][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 143.550939][ T7766] netlink: 4 bytes leftover after parsing attributes in process `syz.0.476'. [ 143.665578][ T7766] ip6gretap0: entered promiscuous mode [ 143.673187][ T7766] macvtap1: entered promiscuous mode [ 143.678838][ T7766] macvtap1: entered allmulticast mode [ 143.694938][ T7766] ip6gretap0: entered allmulticast mode [ 143.868061][ T36] bridge_slave_1: left allmulticast mode [ 143.903331][ T36] bridge_slave_1: left promiscuous mode [ 143.909184][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.936249][ T36] bridge_slave_0: left allmulticast mode [ 143.950844][ T36] bridge_slave_0: left promiscuous mode [ 143.957052][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.605886][ T7792] netlink: 24 bytes leftover after parsing attributes in process `syz.2.482'. [ 144.628618][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 144.645795][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 144.657062][ T36] bond0 (unregistering): Released all slaves [ 144.945169][ T7804] netlink: 8 bytes leftover after parsing attributes in process `syz.1.483'. [ 144.964391][ T7805] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) ! [ 145.001640][ T7805] netlink: 4 bytes leftover after parsing attributes in process `syz.4.485'. [ 145.069804][ T7811] netlink: 28 bytes leftover after parsing attributes in process `syz.2.488'. [ 145.278665][ T7754] chnl_net:caif_netlink_parms(): no params data found [ 145.355744][ T7818] netlink: 28 bytes leftover after parsing attributes in process `syz.2.489'. [ 145.424160][ T1162] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 145.433151][ T5858] Bluetooth: hci2: command tx timeout [ 145.452936][ T36] hsr_slave_0: left promiscuous mode [ 145.466568][ T36] hsr_slave_1: left promiscuous mode [ 145.478869][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 145.487986][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 145.513315][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 145.521164][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 145.543861][ T36] veth1_macvtap: left promiscuous mode [ 145.549424][ T36] veth0_macvtap: left promiscuous mode [ 145.557907][ T36] veth1_vlan: left promiscuous mode [ 145.568251][ T36] veth0_vlan: left promiscuous mode [ 146.362279][ T36] team0 (unregistering): Port device team_slave_1 removed [ 146.402416][ T36] team0 (unregistering): Port device team_slave_0 removed [ 146.784260][ T7818] kthread_run failed with err -4 [ 146.816868][ T7642] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 146.837253][ T7642] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 146.877374][ T7642] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 146.937733][ T7843] netlink: 16 bytes leftover after parsing attributes in process `syz.2.494'. [ 146.992192][ T7754] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.999663][ T7754] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.007658][ T7754] bridge_slave_0: entered allmulticast mode [ 147.016234][ T7754] bridge_slave_0: entered promiscuous mode [ 147.039339][ T7754] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.047068][ T7754] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.077021][ T7754] bridge_slave_1: entered allmulticast mode [ 147.101795][ T7754] bridge_slave_1: entered promiscuous mode [ 147.240319][ T7852] pimreg3: entered allmulticast mode [ 147.325905][ T7754] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 147.354511][ T7846] pimreg3: left allmulticast mode [ 147.487358][ T7754] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 147.511231][ T5858] Bluetooth: hci2: command 0x041b tx timeout [ 147.586230][ T7754] team0: Port device team_slave_0 added [ 147.596720][ T7754] team0: Port device team_slave_1 added [ 147.669983][ T7754] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 147.688818][ T7754] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.720371][ T7754] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 147.747246][ T7754] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 147.754666][ T7754] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 147.758338][ T7876] netlink: 92 bytes leftover after parsing attributes in process `syz.1.500'. [ 147.797186][ T7876] netlink: 92 bytes leftover after parsing attributes in process `syz.1.500'. [ 147.808058][ T7754] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 147.974896][ T7885] netlink: 32 bytes leftover after parsing attributes in process `syz.1.504'. [ 148.138513][ T7886] netlink: 16 bytes leftover after parsing attributes in process `syz.0.503'. [ 148.355151][ T7754] hsr_slave_0: entered promiscuous mode [ 148.370047][ T7754] hsr_slave_1: entered promiscuous mode [ 148.380934][ T7904] netlink: 16 bytes leftover after parsing attributes in process `syz.2.508'. [ 148.384744][ T7754] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 148.400647][ T7754] Cannot create hsr debugfs directory [ 148.716495][ T7909] wireguard0: entered promiscuous mode [ 148.723032][ T7909] wireguard0: entered allmulticast mode [ 149.048036][ T7919] mac80211_hwsim hwsim5 syzkaller0: entered allmulticast mode [ 149.074376][ T7919] netlink: 16 bytes leftover after parsing attributes in process `syz.2.512'. [ 149.582885][ T5857] Bluetooth: hci2: command 0x041b tx timeout [ 149.843999][ T7754] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 149.869471][ T7754] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 149.896720][ T7754] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 149.928501][ T7754] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 150.219100][ T7754] 8021q: adding VLAN 0 to HW filter on device bond0 [ 150.303411][ T7754] 8021q: adding VLAN 0 to HW filter on device team0 [ 150.340028][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 150.347291][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 150.404407][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 150.411608][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 150.438176][ T7991] netlink: 100 bytes leftover after parsing attributes in process `syz.1.527'. [ 150.998356][ T7754] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 151.109502][ T8020] netlink: 12 bytes leftover after parsing attributes in process `syz.1.535'. [ 151.129929][ T7754] veth0_vlan: entered promiscuous mode [ 151.146008][ T8023] netlink: 44 bytes leftover after parsing attributes in process `syz.2.536'. [ 151.194916][ T7754] veth1_vlan: entered promiscuous mode [ 151.221493][ T8020] netlink: 'syz.1.535': attribute type 2 has an invalid length. [ 151.264923][ T7754] veth0_macvtap: entered promiscuous mode [ 151.275381][ T8027] netlink: 240 bytes leftover after parsing attributes in process `syz.4.537'. [ 151.295949][ T7754] veth1_macvtap: entered promiscuous mode [ 151.345773][ T7754] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 151.374527][ T7754] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 151.402110][ T36] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.437865][ T36] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.447848][ T36] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.460059][ T36] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.639233][ T3554] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 151.662216][ T5857] Bluetooth: hci2: command 0x041b tx timeout [ 151.680869][ T3554] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 151.711186][ T994] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 151.723767][ T994] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 152.869820][ T994] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.445515][ T994] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 153.739142][ T8085] __nla_validate_parse: 1 callbacks suppressed [ 153.739161][ T8085] netlink: 60 bytes leftover after parsing attributes in process `syz.0.549'. [ 153.768609][ T8078] sctp: [Deprecated]: syz.1.550 (pid 8078) Use of struct sctp_assoc_value in delayed_ack socket option. [ 153.768609][ T8078] Use struct sctp_sack_info instead [ 153.947897][ T994] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.042750][ T8101] netlink: 8 bytes leftover after parsing attributes in process `syz.2.558'. [ 154.071549][ T8104] netlink: 'syz.2.558': attribute type 1 has an invalid length. [ 154.096690][ T8104] netlink: 224 bytes leftover after parsing attributes in process `syz.2.558'. [ 154.134710][ T994] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 154.210998][ T8103] netlink: 'syz.2.558': attribute type 1 has an invalid length. [ 154.233328][ T8103] netlink: 224 bytes leftover after parsing attributes in process `syz.2.558'. [ 154.404888][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 154.414776][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 154.424232][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 154.435197][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 154.444726][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 154.501974][ T994] bridge_slave_1: left allmulticast mode [ 154.507796][ T994] bridge_slave_1: left promiscuous mode [ 154.514222][ T994] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.526626][ T994] bridge_slave_0: left allmulticast mode [ 154.532782][ T994] bridge_slave_0: left promiscuous mode [ 154.544262][ T994] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.715265][ T8123] netlink: 4 bytes leftover after parsing attributes in process `syz.0.563'. [ 154.987964][ T994] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 155.000417][ T994] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 155.011163][ T994] bond0 (unregistering): Released all slaves [ 155.346527][ T8143] Cannot find set identified by id 2 to match [ 155.693379][ T8161] IPVS: set_ctl: invalid protocol: 0 172.20.20.170:20002 [ 155.765880][ T994] hsr_slave_0: left promiscuous mode [ 155.777862][ T994] hsr_slave_1: left promiscuous mode [ 155.791409][ T994] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 155.813395][ T994] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 155.827788][ T994] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 155.845696][ T994] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 155.866156][ T994] veth1_macvtap: left promiscuous mode [ 155.871932][ T994] veth0_macvtap: left promiscuous mode [ 155.877526][ T994] veth1_vlan: left promiscuous mode [ 155.883471][ T994] veth0_vlan: left promiscuous mode [ 156.305022][ T994] team0 (unregistering): Port device team_slave_1 removed [ 156.345806][ T994] team0 (unregistering): Port device team_slave_0 removed [ 156.510095][ T8175] netlink: 56 bytes leftover after parsing attributes in process `syz.1.573'. [ 156.521812][ T8176] netlink: 16 bytes leftover after parsing attributes in process `syz.1.573'. [ 156.541289][ T5858] Bluetooth: hci2: command tx timeout [ 156.947976][ T8114] chnl_net:caif_netlink_parms(): no params data found [ 156.985971][ T8169] batadv_slave_0: entered promiscuous mode [ 157.333525][ T8114] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.354666][ T8114] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.376385][ T8114] bridge_slave_0: entered allmulticast mode [ 157.386772][ T8114] bridge_slave_0: entered promiscuous mode [ 157.400130][ T8114] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.415239][ T8114] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.424624][ T8114] bridge_slave_1: entered allmulticast mode [ 157.429082][ T8205] netlink: 44 bytes leftover after parsing attributes in process `syz.0.579'. [ 157.433396][ T8114] bridge_slave_1: entered promiscuous mode [ 157.481719][ T8202] delete_channel: no stack [ 157.628250][ T8210] netlink: 8 bytes leftover after parsing attributes in process `syz.2.581'. [ 157.641284][ T8208] netlink: 8 bytes leftover after parsing attributes in process `syz.0.582'. [ 157.651037][ T8114] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 157.664350][ T8114] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 157.676147][ T8212] x_tables: duplicate underflow at hook 4 [ 157.829683][ T8114] team0: Port device team_slave_0 added [ 157.853234][ T8225] macvtap1: entered allmulticast mode [ 157.858666][ T8225] veth0_macvtap: entered allmulticast mode [ 157.883329][ T8114] team0: Port device team_slave_1 added [ 157.899805][ T8218] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 157.963208][ T8218] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 158.018071][ T8114] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 158.042059][ T8114] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 158.095777][ T8114] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 158.195561][ T8114] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 158.203484][ T8114] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 158.247749][ T8114] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 158.482902][ T8114] hsr_slave_0: entered promiscuous mode [ 158.489583][ T8114] hsr_slave_1: entered promiscuous mode [ 158.500393][ T8114] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 158.509574][ T8114] Cannot create hsr debugfs directory [ 158.620746][ T5858] Bluetooth: hci2: command tx timeout [ 158.895356][ T8272] __nla_validate_parse: 3 callbacks suppressed [ 158.895374][ T8272] netlink: 16 bytes leftover after parsing attributes in process `syz.4.598'. [ 158.952086][ T8274] Unsupported ieee802154 address type: 0 [ 159.193288][ T8281] sctp: [Deprecated]: syz.4.601 (pid 8281) Use of struct sctp_assoc_value in delayed_ack socket option. [ 159.193288][ T8281] Use struct sctp_sack_info instead [ 159.313536][ T8285] netlink: 24 bytes leftover after parsing attributes in process `syz.1.603'. [ 159.364634][ T8286] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 159.405091][ T8289] netlink: 4 bytes leftover after parsing attributes in process `syz.1.605'. [ 159.508832][ T8292] netlink: 96 bytes leftover after parsing attributes in process `syz.2.606'. [ 159.551188][ T8114] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 159.562965][ T8114] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 159.577352][ T8114] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 159.589104][ T8114] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 159.782651][ T8114] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.828769][ T8114] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.875689][ T1162] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.882990][ T1162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 159.949519][ T7642] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.956792][ T7642] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.267463][ T8311] netlink: 16 bytes leftover after parsing attributes in process `syz.0.610'. [ 160.505896][ T8317] sctp: [Deprecated]: syz.4.612 (pid 8317) Use of struct sctp_assoc_value in delayed_ack socket option. [ 160.505896][ T8317] Use struct sctp_sack_info instead [ 160.701249][ T5858] Bluetooth: hci2: command tx timeout [ 160.709031][ T8328] netlink: 24 bytes leftover after parsing attributes in process `syz.2.615'. [ 160.716844][ T8114] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.873327][ T8114] veth0_vlan: entered promiscuous mode [ 160.939280][ T8114] veth1_vlan: entered promiscuous mode [ 161.057566][ T8114] veth0_macvtap: entered promiscuous mode [ 161.074729][ T8114] veth1_macvtap: entered promiscuous mode [ 161.139763][ T8114] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 161.189158][ T8114] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 161.236474][ T3554] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.245882][ T3554] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.276351][ T3554] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.299986][ T3554] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 161.343954][ T8329] netlink: 8 bytes leftover after parsing attributes in process `syz.1.614'. [ 161.487787][ T7641] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 161.537122][ T7641] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 161.643974][ T7641] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 161.664587][ T7641] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 161.863977][ T8357] Illegal XDP return value 4294967262 on prog (id 212) dev N/A, expect packet loss! [ 161.927085][ T8361] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.621'. [ 162.084103][ T8363] netlink: 12 bytes leftover after parsing attributes in process `syz.0.622'. [ 162.131156][ T8365] netlink: 16 bytes leftover after parsing attributes in process `syz.4.623'. [ 162.299704][ T8368] sctp: [Deprecated]: syz.4.626 (pid 8368) Use of struct sctp_assoc_value in delayed_ack socket option. [ 162.299704][ T8368] Use struct sctp_sack_info instead [ 162.499712][ T8379] sctp: [Deprecated]: syz.4.628 (pid 8379) Use of struct sctp_assoc_value in delayed_ack socket option. [ 162.499712][ T8379] Use struct sctp_sack_info instead [ 162.958888][ T3495] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.568327][ T3495] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.845348][ T3495] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.903242][ T3495] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.991775][ T8418] __nla_validate_parse: 2 callbacks suppressed [ 163.991793][ T8418] netlink: 96 bytes leftover after parsing attributes in process `syz.1.637'. [ 164.093722][ T8425] sctp: [Deprecated]: syz.2.638 (pid 8425) Use of struct sctp_assoc_value in delayed_ack socket option. [ 164.093722][ T8425] Use struct sctp_sack_info instead [ 164.119897][ T8427] netlink: 'syz.0.636': attribute type 3 has an invalid length. [ 164.262911][ T3495] bridge_slave_1: left allmulticast mode [ 164.268597][ T3495] bridge_slave_1: left promiscuous mode [ 164.284000][ T8432] netlink: 24 bytes leftover after parsing attributes in process `syz.4.641'. [ 164.284059][ T3495] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.317545][ T8435] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input6 [ 164.331790][ T3495] bridge_slave_0: left allmulticast mode [ 164.348580][ T3495] bridge_slave_0: left promiscuous mode [ 164.366625][ T3495] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.379675][ T8442] netlink: 128 bytes leftover after parsing attributes in process `syz.1.644'. [ 164.470104][ T8445] netlink: 24 bytes leftover after parsing attributes in process `syz.2.643'. [ 164.736467][ T8442] netlink: 'syz.1.644': attribute type 2 has an invalid length. [ 164.753458][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 164.766909][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 164.772136][ T8442] xt_CT: You must specify a L4 protocol and not use inversions on it [ 164.783454][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 164.791730][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 164.799833][ T5857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 164.827673][ T8442] netlink: 'syz.1.644': attribute type 4 has an invalid length. [ 165.126719][ T8461] netlink: 60 bytes leftover after parsing attributes in process `syz.1.647'. [ 165.255476][ T3495] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 165.270876][ T3495] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 165.284410][ T3495] bond0 (unregistering): Released all slaves [ 165.680883][ T8475] netlink: 48 bytes leftover after parsing attributes in process `syz.4.649'. [ 165.786097][ T3495] hsr_slave_0: left promiscuous mode [ 165.795415][ T3495] hsr_slave_1: left promiscuous mode [ 165.801793][ T3495] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 165.809428][ T3495] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 165.820431][ T3495] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 165.827938][ T3495] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 165.869457][ T3495] veth1_macvtap: left promiscuous mode [ 165.882153][ T3495] veth0_macvtap: left promiscuous mode [ 165.896941][ T3495] veth1_vlan: left promiscuous mode [ 165.911722][ T3495] veth0_vlan: left promiscuous mode [ 166.018646][ T8488] sctp: [Deprecated]: syz.0.653 (pid 8488) Use of struct sctp_assoc_value in delayed_ack socket option. [ 166.018646][ T8488] Use struct sctp_sack_info instead [ 166.512358][ T8507] netlink: 24 bytes leftover after parsing attributes in process `syz.4.660'. [ 166.572380][ T8510] netlink: 72 bytes leftover after parsing attributes in process `syz.0.661'. [ 166.589981][ T8510] netlink: 8 bytes leftover after parsing attributes in process `syz.0.661'. [ 166.696052][ T3495] team0 (unregistering): Port device team_slave_1 removed [ 166.735619][ T3495] team0 (unregistering): Port device team_slave_0 removed [ 166.860866][ T5858] Bluetooth: hci2: command tx timeout [ 167.271978][ T8520] sctp: [Deprecated]: syz.2.664 (pid 8520) Use of struct sctp_assoc_value in delayed_ack socket option. [ 167.271978][ T8520] Use struct sctp_sack_info instead [ 167.400867][ T8526] netlink: 36 bytes leftover after parsing attributes in process `syz.4.662'. [ 167.461294][ T8532] dvmrp0: left allmulticast mode [ 167.641398][ T8449] chnl_net:caif_netlink_parms(): no params data found [ 168.083438][ T8449] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.110351][ T8449] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.117700][ T8449] bridge_slave_0: entered allmulticast mode [ 168.152905][ T8449] bridge_slave_0: entered promiscuous mode [ 168.165998][ T8449] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.184269][ T8449] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.192646][ T8449] bridge_slave_1: entered allmulticast mode [ 168.202427][ T8449] bridge_slave_1: entered promiscuous mode [ 168.210883][ T8556] netlink: 'syz.0.673': attribute type 1 has an invalid length. [ 168.344200][ T8554] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 168.360458][ T8554] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.391170][ T8554] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 168.433166][ T8449] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.448780][ T8449] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.503835][ T8554] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 168.518645][ T8554] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.529341][ T8554] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 168.619412][ T8449] team0: Port device team_slave_0 added [ 168.645322][ T8568] sctp: [Deprecated]: syz.1.676 (pid 8568) Use of struct sctp_assoc_value in delayed_ack socket option. [ 168.645322][ T8568] Use struct sctp_sack_info instead [ 168.667724][ T8449] team0: Port device team_slave_1 added [ 168.713879][ T8554] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 168.744153][ T8554] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.757315][ T8554] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 168.897829][ T8554] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 168.909807][ T8554] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 168.939527][ T8554] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 168.946277][ T5858] Bluetooth: hci2: command tx timeout [ 168.981845][ T8449] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 168.988816][ T8449] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.017762][ T8580] ipt_ECN: cannot use operation on non-tcp rule [ 169.028936][ T8449] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 169.121889][ T8449] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 169.128886][ T8449] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.190243][ T8449] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.378449][ T8449] hsr_slave_0: entered promiscuous mode [ 169.385335][ T8449] hsr_slave_1: entered promiscuous mode [ 169.392470][ T8449] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 169.400043][ T8449] Cannot create hsr debugfs directory [ 169.406124][ T3554] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 169.437009][ T3554] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 169.448088][ T3554] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 169.719542][ T8586] hsr0: left promiscuous mode [ 169.732852][ T8595] xt_CT: No such helper "snmp" [ 169.824731][ T3554] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 169.836817][ T3554] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 169.845430][ T3554] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 169.854150][ T3554] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.891786][ T3554] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.903517][ T3554] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.924938][ T3554] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 169.935871][ T3554] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 169.946439][ T3554] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 169.956363][ T3554] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 169.997750][ T3554] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 170.012315][ T3554] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 170.030845][ T3554] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 170.054953][ T8602] __nla_validate_parse: 3 callbacks suppressed [ 170.054969][ T8602] netlink: 24 bytes leftover after parsing attributes in process `syz.0.685'. [ 170.336134][ T8609] sctp: [Deprecated]: syz.0.687 (pid 8609) Use of struct sctp_assoc_value in delayed_ack socket option. [ 170.336134][ T8609] Use struct sctp_sack_info instead [ 170.613979][ T8449] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 170.629654][ T8449] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 170.683157][ T8449] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 170.742315][ T8449] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 170.956999][ T8449] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.977328][ T8641] netlink: 24 bytes leftover after parsing attributes in process `syz.2.696'. [ 171.021040][ T5858] Bluetooth: hci2: command tx timeout [ 171.026631][ T8449] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.071693][ T3554] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.078901][ T3554] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.105618][ T3495] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.112825][ T3495] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.436839][ T8656] Unsupported ieee802154 address type: 0 [ 171.453977][ T8658] syzkaller0: entered allmulticast mode [ 171.705575][ T8670] IPVS: set_ctl: invalid protocol: 33 100.1.1.0:20002 [ 171.841752][ T8667] netlink: 20 bytes leftover after parsing attributes in process `syz.2.700'. [ 171.875570][ T8449] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.084048][ T8681] netlink: 12 bytes leftover after parsing attributes in process `syz.1.703'. [ 172.127869][ T8681] netlink: 'syz.1.703': attribute type 39 has an invalid length. [ 172.433781][ T8449] veth0_vlan: entered promiscuous mode [ 172.468003][ T8449] veth1_vlan: entered promiscuous mode [ 172.778846][ T8449] veth0_macvtap: entered promiscuous mode [ 173.004526][ T8449] veth1_macvtap: entered promiscuous mode [ 173.104438][ T5858] Bluetooth: hci2: command tx timeout [ 173.297074][ T8449] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 173.325139][ T8449] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 173.394137][ T3554] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.501074][ T3554] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.515834][ T3554] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.545326][ T3554] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.662653][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 173.723038][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 173.984813][ T8745] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 174.046386][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.057295][ T8742] netlink: 24 bytes leftover after parsing attributes in process `syz.0.713'. [ 174.058381][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.344123][ T8755] netlink: 4 bytes leftover after parsing attributes in process `syz.2.715'. [ 174.727967][ T7642] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 174.743706][ T8778] netlink: 16 bytes leftover after parsing attributes in process `syz.4.724'. [ 175.028931][ T7642] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.245074][ T8780] syz.2.725 (8780) used greatest stack depth: 15224 bytes left [ 175.264661][ T7642] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.334549][ T7642] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.473177][ T7642] bridge_slave_1: left allmulticast mode [ 175.478937][ T7642] bridge_slave_1: left promiscuous mode [ 175.490651][ T7642] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.505928][ T7642] bridge_slave_0: left allmulticast mode [ 175.512216][ T7642] bridge_slave_0: left promiscuous mode [ 175.519003][ T7642] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.849486][ T7642] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 175.860342][ T7642] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 175.870777][ T7642] bond0 (unregistering): Released all slaves [ 176.506623][ T8829] bridge0: port 3(vlan2) entered blocking state [ 176.530718][ T8829] bridge0: port 3(vlan2) entered disabled state [ 176.537352][ T8829] vlan2: entered allmulticast mode [ 176.560335][ T8829] bridge0: entered allmulticast mode [ 176.602502][ T8829] vlan2: left allmulticast mode [ 176.607557][ T8829] bridge0: left allmulticast mode [ 176.759894][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 176.769367][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 176.780412][ T8826] vlan2: entered promiscuous mode [ 176.780485][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 176.785469][ T8826] bridge0: entered promiscuous mode [ 176.806512][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 176.815916][ T5857] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 176.893073][ T8852] netlink: 24 bytes leftover after parsing attributes in process `syz.2.743'. [ 176.935113][ T7642] hsr_slave_0: left promiscuous mode [ 176.958354][ T7642] hsr_slave_1: left promiscuous mode [ 176.975447][ T7642] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 176.996773][ T7642] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 177.011683][ T7642] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 177.034536][ T7642] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 177.075469][ T7642] veth1_macvtap: left promiscuous mode [ 177.081573][ T7642] veth0_macvtap: left promiscuous mode [ 177.087436][ T7642] veth1_vlan: left promiscuous mode [ 177.096057][ T7642] veth0_vlan: left promiscuous mode [ 177.110109][ T8863] IPv6: Can't replace route, no match found [ 177.117138][ T8865] IPv6: Can't replace route, no match found [ 177.519558][ T7642] team0 (unregistering): Port device team_slave_1 removed [ 177.561938][ T7642] team0 (unregistering): Port device team_slave_0 removed [ 178.168378][ T8872] sctp: [Deprecated]: syz.1.748 (pid 8872) Use of struct sctp_assoc_value in delayed_ack socket option. [ 178.168378][ T8872] Use struct sctp_sack_info instead [ 178.215027][ T8874] netlink: 20 bytes leftover after parsing attributes in process `syz.0.749'. [ 178.426285][ T8888] netlink: 'syz.4.751': attribute type 27 has an invalid length. [ 178.563742][ T8841] chnl_net:caif_netlink_parms(): no params data found [ 178.573142][ T8893] netlink: 4 bytes leftover after parsing attributes in process `syz.2.753'. [ 178.868658][ T5858] Bluetooth: hci2: command tx timeout [ 179.196350][ T8903] netlink: 16 bytes leftover after parsing attributes in process `syz.0.755'. [ 179.383741][ T8841] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.400470][ T8841] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.418904][ T8841] bridge_slave_0: entered allmulticast mode [ 179.437851][ T8841] bridge_slave_0: entered promiscuous mode [ 179.535650][ T8841] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.545333][ T8841] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.557792][ T8841] bridge_slave_1: entered allmulticast mode [ 179.566646][ T8841] bridge_slave_1: entered promiscuous mode [ 179.631661][ T8913] netlink: 'syz.4.760': attribute type 4 has an invalid length. [ 179.716928][ T8927] netlink: 8 bytes leftover after parsing attributes in process `syz.2.761'. [ 179.766988][ T8927] netlink: 8 bytes leftover after parsing attributes in process `syz.2.761'. [ 179.788824][ T8930] sctp: [Deprecated]: syz.1.762 (pid 8930) Use of struct sctp_assoc_value in delayed_ack socket option. [ 179.788824][ T8930] Use struct sctp_sack_info instead [ 179.815669][ T8841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 179.838295][ T8841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 179.858376][ T8935] netlink: 36 bytes leftover after parsing attributes in process `syz.4.763'. [ 179.985942][ T8841] team0: Port device team_slave_0 added [ 179.995770][ T8841] team0: Port device team_slave_1 added [ 180.053381][ T8940] netlink: 'syz.4.765': attribute type 7 has an invalid length. [ 180.139866][ T8940] : entered promiscuous mode [ 180.146975][ T8841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 180.154240][ T8841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.183161][ T8841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 180.203589][ T8946] ipt_ECN: cannot use operation on non-tcp rule [ 180.229745][ T8841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 180.248156][ T8841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.301240][ T8841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 180.426702][ T8955] netlink: 'syz.4.770': attribute type 1 has an invalid length. [ 180.439834][ T8955] netlink: 'syz.4.770': attribute type 2 has an invalid length. [ 180.553938][ T5984] IPVS: starting estimator thread 0... [ 180.596731][ T8841] hsr_slave_0: entered promiscuous mode [ 180.618290][ T8841] hsr_slave_1: entered promiscuous mode [ 180.638252][ T8841] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 180.660015][ T8841] Cannot create hsr debugfs directory [ 180.789752][ T8959] IPVS: using max 38 ests per chain, 91200 per kthread [ 180.827555][ T8969] sctp: [Deprecated]: syz.2.774 (pid 8969) Use of struct sctp_assoc_value in delayed_ack socket option. [ 180.827555][ T8969] Use struct sctp_sack_info instead [ 180.941485][ T5858] Bluetooth: hci2: command tx timeout [ 181.052740][ T8979] netlink: 16 bytes leftover after parsing attributes in process `syz.1.777'. [ 181.206389][ T8980] pimreg: entered allmulticast mode [ 181.266371][ T8980] pimreg: left allmulticast mode [ 181.655215][ T9010] batman_adv: batadv0: Adding interface: macvlan2 [ 181.682373][ T9010] batman_adv: batadv0: The MTU of interface macvlan2 is too small (1450) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 181.709376][ T9010] batman_adv: batadv0: Interface activated: macvlan2 [ 181.837632][ T9015] netlink: 24 bytes leftover after parsing attributes in process `syz.2.786'. [ 181.934697][ T8841] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 181.957880][ T9020] sctp: [Deprecated]: syz.4.788 (pid 9020) Use of struct sctp_assoc_value in delayed_ack socket option. [ 181.957880][ T9020] Use struct sctp_sack_info instead [ 181.962857][ T8841] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 182.034229][ T8841] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 182.056671][ T8841] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 182.186678][ T9035] netlink: 16 bytes leftover after parsing attributes in process `syz.4.791'. [ 182.338761][ T8841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 182.366007][ T9039] netlink: 'syz.4.793': attribute type 23 has an invalid length. [ 182.435446][ T8841] 8021q: adding VLAN 0 to HW filter on device team0 [ 182.466548][ T3554] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.473793][ T3554] bridge0: port 1(bridge_slave_0) entered forwarding state [ 182.502953][ T9043] netlink: 40 bytes leftover after parsing attributes in process `syz.2.795'. [ 182.514278][ T9041] netlink: 216 bytes leftover after parsing attributes in process `syz.0.794'. [ 182.526998][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.534233][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 182.560899][ T9041] netlink: 24 bytes leftover after parsing attributes in process `syz.0.794'. [ 182.569804][ T9041] netlink: 16 bytes leftover after parsing attributes in process `syz.0.794'. [ 182.852341][ T9061] netlink: 24 bytes leftover after parsing attributes in process `syz.2.800'. [ 182.861809][ T9058] netlink: 8 bytes leftover after parsing attributes in process `syz.4.798'. [ 182.998501][ T9067] sctp: [Deprecated]: syz.0.801 (pid 9067) Use of struct sctp_assoc_value in delayed_ack socket option. [ 182.998501][ T9067] Use struct sctp_sack_info instead [ 183.024739][ T5858] Bluetooth: hci2: command tx timeout [ 183.169090][ T8841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 183.262435][ T9078] batman_adv: batadv0: Adding interface: dummy0 [ 183.262482][ T9056] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 183.268823][ T9078] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 183.306250][ T9078] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 183.408160][ T8841] veth0_vlan: entered promiscuous mode [ 183.422222][ T8841] veth1_vlan: entered promiscuous mode [ 183.467828][ T8841] veth0_macvtap: entered promiscuous mode [ 183.479682][ T8841] veth1_macvtap: entered promiscuous mode [ 183.505393][ T8841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 183.526491][ T8841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 183.556290][ T1162] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.567188][ T1162] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.577751][ T1162] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.589770][ T1162] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 183.778738][ T9083] netlink: 16 bytes leftover after parsing attributes in process `syz.2.804'. [ 183.892217][ T3495] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 183.919564][ T3495] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.005092][ T3495] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 184.047032][ T3495] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 184.195356][ T9102] netlink: 56 bytes leftover after parsing attributes in process `syz.0.810'. [ 184.432824][ T9110] netlink: 24 bytes leftover after parsing attributes in process `syz.2.812'. [ 184.483011][ T9112] sctp: [Deprecated]: syz.0.813 (pid 9112) Use of struct sctp_assoc_value in delayed_ack socket option. [ 184.483011][ T9112] Use struct sctp_sack_info instead [ 184.579318][ T9119] netlink: 'syz.2.815': attribute type 30 has an invalid length. [ 185.109453][ T5857] Bluetooth: hci2: command tx timeout [ 186.259683][ T9171] bridge3: port 1(ip6gretap1) entered blocking state [ 186.288784][ T9171] bridge3: port 1(ip6gretap1) entered disabled state [ 186.307134][ T9171] ip6gretap1: entered allmulticast mode [ 186.315721][ T9171] ip6gretap1: entered promiscuous mode [ 186.435372][ T9181] 8021q: VLANs not supported on bond0 [ 186.585935][ T9186] tipc: Started in network mode [ 186.604893][ T9186] tipc: Node identity 080211000001, cluster identity 4711 [ 186.627658][ T9186] tipc: Enabled bearer , priority 0 [ 186.680689][ T9188] mac80211_hwsim hwsim5 syzkaller0: entered promiscuous mode [ 187.053850][ T9209] netlink: 'syz.2.844': attribute type 1 has an invalid length. [ 187.199381][ T9209] 8021q: adding VLAN 0 to HW filter on device bond3 [ 187.265030][ T9213] 8021q: adding VLAN 0 to HW filter on device bond3 [ 187.283648][ T9213] bond3: (slave vxcan5): The slave device specified does not support setting the MAC address [ 187.312213][ T9213] bond3: (slave vxcan5): Error -95 calling set_mac_address [ 187.508308][ T9217] __nla_validate_parse: 10 callbacks suppressed [ 187.508328][ T9217] netlink: 9275 bytes leftover after parsing attributes in process `syz.2.846'. [ 187.741730][ T5927] tipc: Node number set to 134418688 [ 187.883151][ T1162] bridge_slave_1: left allmulticast mode [ 187.888838][ T1162] bridge_slave_1: left promiscuous mode [ 187.914127][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.949142][ T1162] bridge_slave_0: left allmulticast mode [ 187.960747][ T1162] bridge_slave_0: left promiscuous mode [ 187.971684][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.243925][ T9230] netlink: 12 bytes leftover after parsing attributes in process `syz.2.851'. [ 188.265999][ T1162] batman_adv: batadv0: Interface deactivated: macvlan2 [ 188.306145][ T1162] batman_adv: batadv0: Removing interface: macvlan2 [ 188.437139][ T5854] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 188.456303][ T5854] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 188.465509][ T5854] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 188.482685][ T5854] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 188.492007][ T5854] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 188.531905][ T1162] bridge0 (unregistering): left allmulticast mode [ 188.938560][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 188.956226][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 188.971895][ T1162] bond0 (unregistering): Released all slaves [ 188.992083][ T1162] bond1 (unregistering): Released all slaves [ 189.067873][ T9226] netlink: 'syz.2.851': attribute type 2 has an invalid length. [ 189.468079][ T1162] hsr_slave_0: left promiscuous mode [ 189.482371][ T1162] hsr_slave_1: left promiscuous mode [ 189.504265][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 189.525633][ T1162] pim6reg (unregistering): left allmulticast mode [ 189.910893][ T1162] team0 (unregistering): Port device team_slave_1 removed [ 189.948418][ T1162] team0 (unregistering): Port device team_slave_0 removed [ 190.541204][ T5857] Bluetooth: hci1: command tx timeout [ 190.573150][ T9272] netlink: 20 bytes leftover after parsing attributes in process `syz.4.864'. [ 190.612201][ T9231] chnl_net:caif_netlink_parms(): no params data found [ 190.897347][ T9231] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.905320][ T9231] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.913224][ T9231] bridge_slave_0: entered allmulticast mode [ 190.921142][ T9231] bridge_slave_0: entered promiscuous mode [ 190.938591][ T9231] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.946349][ T9231] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.955817][ T9231] bridge_slave_1: entered allmulticast mode [ 190.963163][ T9231] bridge_slave_1: entered promiscuous mode [ 191.016602][ T9231] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 191.044576][ T9231] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.134452][ T9231] team0: Port device team_slave_0 added [ 191.150593][ T9231] team0: Port device team_slave_1 added [ 191.222821][ T9231] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 191.229780][ T9231] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.266767][ T9231] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 191.292848][ T9231] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 191.299841][ T9231] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.328753][ T9231] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 191.408515][ T9231] hsr_slave_0: entered promiscuous mode [ 191.418192][ T9231] hsr_slave_1: entered promiscuous mode [ 191.427154][ T9231] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 191.444877][ T9231] Cannot create hsr debugfs directory [ 191.549869][ T9297] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 191.578541][ T9300] netlink: 16 bytes leftover after parsing attributes in process `syz.2.871'. [ 192.188902][ T9325] bridge_slave_0: entered promiscuous mode [ 192.343447][ T9231] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 192.364446][ T9231] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 192.393779][ T9231] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 192.422813][ T9231] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 192.609552][ T9231] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.621107][ T5857] Bluetooth: hci1: command tx timeout [ 192.657030][ T9231] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.696116][ T7642] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.703371][ T7642] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.749183][ T3554] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.756442][ T3554] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.756787][ T9357] netlink: 32 bytes leftover after parsing attributes in process `syz.4.887'. [ 192.796428][ T9357] netlink: 32 bytes leftover after parsing attributes in process `syz.4.887'. [ 193.227142][ T9231] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.315296][ T9231] veth0_vlan: entered promiscuous mode [ 193.435296][ T9391] IPv6: syztnl1: Disabled Multicast RS [ 193.460744][ T9231] veth1_vlan: entered promiscuous mode [ 193.573322][ T9231] veth0_macvtap: entered promiscuous mode [ 193.627644][ T9231] veth1_macvtap: entered promiscuous mode [ 193.748105][ T9231] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 193.807234][ T9231] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 193.868310][ T9409] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 193.887454][ T9409] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 193.899653][ T9398] netlink: 32 bytes leftover after parsing attributes in process `syz.2.899'. [ 193.900974][ T9409] netdevsim netdevsim0 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 193.928068][ T9398] No such timeout policy "syz1" [ 193.934791][ T3554] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.947361][ T3554] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.968472][ T9398] geneve2: entered promiscuous mode [ 193.974399][ T9398] geneve2: entered allmulticast mode [ 193.985216][ T3554] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 193.994519][ T3554] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.017059][ T9409] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 194.033532][ T9409] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 194.046892][ T9409] netdevsim netdevsim0 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 194.082184][ T3554] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 194.173157][ T9416] netlink: 52 bytes leftover after parsing attributes in process `syz.4.905'. [ 194.207487][ T3554] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 194.232523][ T3554] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 194.278367][ T9409] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 194.320799][ T9409] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 194.335013][ T9409] netdevsim netdevsim0 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 194.364068][ T3554] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 194.376910][ T9423] netlink: 40 bytes leftover after parsing attributes in process `syz.4.908'. [ 194.389026][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.389117][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.400580][ T9422] netlink: 40 bytes leftover after parsing attributes in process `syz.4.908'. [ 194.432171][ T9409] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 194.442285][ T9409] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 194.454829][ T9409] netdevsim netdevsim0 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 194.589448][ T7642] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 194.608235][ T7642] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 194.655799][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 194.674394][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 194.698920][ T3554] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 194.710491][ T5857] Bluetooth: hci1: command tx timeout [ 194.713847][ T3554] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 194.736262][ T3554] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 194.821248][ T3554] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 194.829483][ T3554] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 194.838963][ T9434] DRBG: could not allocate digest TFM handle: hmac(sha384) [ 194.848838][ T3554] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 194.933181][ T3554] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 194.951344][ T3554] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 194.960656][ T3554] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 194.981861][ T3554] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 194.990084][ T3554] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 195.005503][ T3554] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 195.017087][ T9443] netlink: 508 bytes leftover after parsing attributes in process `syz.0.913'. [ 195.029019][ T9441] netlink: 12 bytes leftover after parsing attributes in process `syz.4.912'. [ 195.122969][ T9450] netlink: 207228 bytes leftover after parsing attributes in process `syz.4.915'. [ 195.232978][ T9459] netlink: 8 bytes leftover after parsing attributes in process `syz.4.917'. [ 195.494789][ T9474] netlink: 'syz.2.922': attribute type 21 has an invalid length. [ 195.504948][ T9474] netlink: 'syz.2.922': attribute type 6 has an invalid length. [ 196.060857][ T3554] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.110537][ T3495] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 196.127553][ T3495] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 196.154563][ T3495] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 196.172769][ T3495] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 196.558398][ T5854] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 196.578307][ T5854] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 196.586770][ T5854] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 196.596983][ T5854] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 196.608204][ T5854] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 196.664790][ T3554] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.697752][ T9515] netdevsim netdevsim0 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 196.720855][ T9515] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 196.742760][ T9515] netdevsim netdevsim0 eth3 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 196.787784][ T3554] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.815865][ T9515] netdevsim netdevsim0 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 196.843291][ T9515] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 196.861848][ T9515] netdevsim netdevsim0 eth2 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 196.956548][ T3554] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.995839][ T9515] netdevsim netdevsim0 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 197.005998][ T9515] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 197.019661][ T9515] netdevsim netdevsim0 eth1 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 197.097195][ T9515] netdevsim netdevsim0 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 197.119019][ T9515] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20000 - 0 [ 197.132565][ T9515] netdevsim netdevsim0 eth0 (unregistering): unset [1, 1] type 2 family 0 port 6081 - 0 [ 197.176973][ T9524] bridge0: entered promiscuous mode [ 197.187148][ T9524] bridge0: left promiscuous mode [ 197.218701][ T9528] lo speed is unknown, defaulting to 1000 [ 197.240598][ T9528] lo speed is unknown, defaulting to 1000 [ 197.269678][ T9528] lo speed is unknown, defaulting to 1000 [ 197.315970][ T9528] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 197.403789][ T3554] bridge_slave_1: left allmulticast mode [ 197.409523][ T9528] lo speed is unknown, defaulting to 1000 [ 197.417601][ T3554] bridge_slave_1: left promiscuous mode [ 197.425688][ T3554] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.436505][ T3554] bridge_slave_0: left allmulticast mode [ 197.442690][ T3554] bridge_slave_0: left promiscuous mode [ 197.449605][ T3554] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.797841][ T3554] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 197.809113][ T3554] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 197.819154][ T3554] bond0 (unregistering): Released all slaves [ 197.837827][ T9528] lo speed is unknown, defaulting to 1000 [ 197.886660][ T9528] lo speed is unknown, defaulting to 1000 [ 197.923735][ T9510] chnl_net:caif_netlink_parms(): no params data found [ 197.960201][ T9528] lo speed is unknown, defaulting to 1000 [ 198.024857][ T9528] lo speed is unknown, defaulting to 1000 [ 198.033206][ T9538] tipc: Resetting bearer [ 198.085074][ T9528] lo speed is unknown, defaulting to 1000 [ 198.093662][ T13] netdevsim netdevsim2 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 198.102598][ T13] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 20000 - 0 [ 198.118045][ T13] netdevsim netdevsim2 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 198.140207][ T13] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 20000 - 0 [ 198.166287][ T13] netdevsim netdevsim2 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 198.175457][ T13] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 20000 - 0 [ 198.184650][ T13] netdevsim netdevsim2 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 198.193792][ T13] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 20000 - 0 [ 198.249740][ T9547] __nla_validate_parse: 10 callbacks suppressed [ 198.249759][ T9547] netlink: 104 bytes leftover after parsing attributes in process `syz.2.939'. [ 198.270814][ T9528] lo speed is unknown, defaulting to 1000 [ 198.338207][ T9510] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.345884][ T9510] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.353652][ T9510] bridge_slave_0: entered allmulticast mode [ 198.361627][ T9510] bridge_slave_0: entered promiscuous mode [ 198.368728][ T9528] lo speed is unknown, defaulting to 1000 [ 198.369642][ T9510] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.384878][ T9510] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.394464][ T9510] bridge_slave_1: entered allmulticast mode [ 198.405496][ T9510] bridge_slave_1: entered promiscuous mode [ 198.448162][ T3554] hsr_slave_0: left promiscuous mode [ 198.455799][ T3554] hsr_slave_1: left promiscuous mode [ 198.467900][ T3554] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 198.475592][ T9552] netlink: 16 bytes leftover after parsing attributes in process `syz.4.941'. [ 198.479644][ T3554] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 198.493141][ T3554] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 198.500675][ T3554] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 198.520382][ T3554] veth1_macvtap: left promiscuous mode [ 198.525937][ T3554] veth0_macvtap: left promiscuous mode [ 198.532566][ T3554] veth1_vlan: left promiscuous mode [ 198.538349][ T3554] veth0_vlan: left promiscuous mode [ 198.714612][ T5857] Bluetooth: hci1: command tx timeout [ 199.013807][ T3554] team0 (unregistering): Port device team_slave_1 removed [ 199.055536][ T3554] team0 (unregistering): Port device team_slave_0 removed [ 199.530816][ T9510] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 199.572066][ T9555] netlink: 'syz.4.942': attribute type 3 has an invalid length. [ 199.586581][ T1162] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 199.590027][ T9555] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.942'. [ 199.601535][ T1162] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 20000 - 0 [ 199.618091][ T1162] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 6081 - 0 [ 199.629297][ T9510] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 199.715490][ T7642] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 199.724384][ T7642] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 20000 - 0 [ 199.736266][ T7642] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 6081 - 0 [ 199.810882][ T1162] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 199.819120][ T1162] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 20000 - 0 [ 199.828955][ T1162] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 6081 - 0 [ 199.847462][ T7642] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 199.856078][ T7642] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 20000 - 0 [ 199.865086][ T7642] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 6081 - 0 [ 199.875165][ T9510] team0: Port device team_slave_0 added [ 199.884889][ T9510] team0: Port device team_slave_1 added [ 199.992899][ T9510] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 200.020217][ T9510] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.051354][ T9510] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 200.064499][ T9510] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 200.071726][ T9510] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.108464][ T9510] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 200.246532][ T9584] netlink: 16 bytes leftover after parsing attributes in process `syz.4.951'. [ 200.268764][ T9510] hsr_slave_0: entered promiscuous mode [ 200.286179][ T9510] hsr_slave_1: entered promiscuous mode [ 200.304272][ T9510] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 200.324493][ T9510] Cannot create hsr debugfs directory [ 200.528913][ T9595] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 200.694568][ T9602] netlink: 'syz.2.956': attribute type 3 has an invalid length. [ 200.780780][ T5854] Bluetooth: hci1: command tx timeout [ 201.143021][ T9617] lo speed is unknown, defaulting to 1000 [ 201.219104][ T9627] netlink: 4 bytes leftover after parsing attributes in process `syz.0.964'. [ 201.473454][ T9638] netlink: 28 bytes leftover after parsing attributes in process `syz.2.969'. [ 201.518989][ T9510] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 201.537266][ T9510] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 201.548969][ T9510] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 201.577566][ T9510] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 201.584997][ T5854] Bluetooth: hci3: command 0x0406 tx timeout [ 201.667600][ T9643] netlink: 16 bytes leftover after parsing attributes in process `syz.2.969'. [ 201.823717][ T9657] netlink: 8 bytes leftover after parsing attributes in process `syz.4.973'. [ 201.828642][ T9510] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.871132][ T9510] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.891677][ T3554] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.898926][ T3554] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.926281][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.933588][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.092537][ T9667] lo speed is unknown, defaulting to 1000 [ 202.094188][ T9670] (unnamed net_device) (uninitialized): peer notification delay (9) is not a multiple of miimon (100), value rounded to 0 ms [ 202.116006][ T9670] (unnamed net_device) (uninitialized): option use_carrier: invalid value (5) [ 202.242147][ T9674] netlink: 8 bytes leftover after parsing attributes in process `syz.4.977'. [ 202.429364][ T9510] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.447865][ T9681] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 202.457799][ T5942] IPVS: starting estimator thread 0... [ 202.576150][ T9684] IPVS: using max 25 ests per chain, 60000 per kthread [ 202.592845][ T9689] netlink: 16 bytes leftover after parsing attributes in process `syz.2.981'. [ 202.629343][ T9510] veth0_vlan: entered promiscuous mode [ 202.665513][ T9510] veth1_vlan: entered promiscuous mode [ 202.756491][ T9510] veth0_macvtap: entered promiscuous mode [ 202.785608][ T9510] veth1_macvtap: entered promiscuous mode [ 202.824603][ T9510] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 202.847802][ T9702] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 202.860953][ T5857] Bluetooth: hci1: command tx timeout [ 202.886870][ T9510] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 202.949550][ T9707] IPVS: sync thread started: state = BACKUP, mcast_ifn = wg0, syncid = 4, id = 0 [ 202.949728][ T7642] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.973310][ T7642] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.011372][ T7642] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.041327][ T7642] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 203.136257][ T9706] lo speed is unknown, defaulting to 1000 [ 203.245837][ T3554] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.264838][ T3554] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.348018][ T9719] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1340 [ 203.401410][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.411829][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.827044][ T9739] FAULT_INJECTION: forcing a failure. [ 203.827044][ T9739] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 203.860768][ T9739] CPU: 1 UID: 0 PID: 9739 Comm: syz.0.999 Not tainted 6.16.0-rc5-syzkaller-01231-g96698d1898bc #0 PREEMPT(full) [ 203.860796][ T9739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 203.860807][ T9739] Call Trace: [ 203.860814][ T9739] [ 203.860822][ T9739] dump_stack_lvl+0x189/0x250 [ 203.860848][ T9739] ? __pfx____ratelimit+0x10/0x10 [ 203.860870][ T9739] ? __pfx_dump_stack_lvl+0x10/0x10 [ 203.860889][ T9739] ? __pfx__printk+0x10/0x10 [ 203.860911][ T9739] ? __might_fault+0xb0/0x130 [ 203.860943][ T9739] should_fail_ex+0x414/0x560 [ 203.860971][ T9739] _copy_from_user+0x2d/0xb0 [ 203.860991][ T9739] __cgroup_bpf_run_filter_setsockopt+0x2ef/0xc70 [ 203.861020][ T9739] ? vfs_write+0x8d8/0xa90 [ 203.861042][ T9739] ? __pfx___cgroup_bpf_run_filter_setsockopt+0x10/0x10 [ 203.861062][ T9739] ? aa_sk_perm+0x81e/0x950 [ 203.861088][ T9739] ? __pfx_aa_sk_perm+0x10/0x10 [ 203.861115][ T9739] ? aa_sock_opt_perm+0x74/0x110 [ 203.861144][ T9739] do_sock_setsockopt+0x37a/0x3e0 [ 203.861171][ T9739] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 203.861199][ T9739] ? __fget_files+0x2a/0x420 [ 203.861227][ T9739] __x64_sys_setsockopt+0x18b/0x220 [ 203.861257][ T9739] do_syscall_64+0xfa/0x3b0 [ 203.861277][ T9739] ? lockdep_hardirqs_on+0x9c/0x150 [ 203.861297][ T9739] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.861314][ T9739] ? clear_bhb_loop+0x60/0xb0 [ 203.861336][ T9739] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 203.861352][ T9739] RIP: 0033:0x7f26e458e929 [ 203.861368][ T9739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 203.861383][ T9739] RSP: 002b:00007f26e5383038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 203.861402][ T9739] RAX: ffffffffffffffda RBX: 00007f26e47b5fa0 RCX: 00007f26e458e929 [ 203.861415][ T9739] RDX: 0000000000000030 RSI: 0000000000000000 RDI: 0000000000000006 [ 203.861426][ T9739] RBP: 00007f26e5383090 R08: 0000000000000090 R09: 0000000000000000 [ 203.861443][ T9739] R10: 00002000000007c0 R11: 0000000000000246 R12: 0000000000000001 [ 203.861454][ T9739] R13: 0000000000000000 R14: 00007f26e47b5fa0 R15: 00007ffd59e25cc8 [ 203.861484][ T9739] [ 204.125976][ T9742] __nla_validate_parse: 2 callbacks suppressed [ 204.125995][ T9742] netlink: 248 bytes leftover after parsing attributes in process `syz.2.1000'. [ 204.321148][ T9750] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1004'. [ 204.444461][ T9756] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 204.457599][ T9743] infiniband syz0: set down [ 204.462645][ T9743] infiniband syz0: added ipvlan1 [ 204.514239][ T9743] RDS/IB: syz0: added [ 204.518804][ T9743] smc: adding ib device syz0 with port count 1 [ 204.527620][ T9743] smc: ib device syz0 port 1 has pnetid [ 205.064939][ T3495] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.502465][ T3495] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.543812][ T9770] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1011'. [ 205.762493][ T3495] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.806104][ T5854] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 205.815132][ T5854] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 205.829380][ T5854] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 205.862351][ T5854] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 205.880758][ T5854] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 205.935250][ T3495] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.044708][ T9783] lo speed is unknown, defaulting to 1000 [ 206.151304][ T9782] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1014'. [ 206.192868][ T3495] bridge_slave_1: left allmulticast mode [ 206.198561][ T3495] bridge_slave_1: left promiscuous mode [ 206.210499][ T3495] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.222405][ T3495] bridge_slave_0: left allmulticast mode [ 206.228081][ T3495] bridge_slave_0: left promiscuous mode [ 206.251061][ T3495] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.815351][ T3495] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 206.826808][ T3495] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 206.837855][ T3495] bond0 (unregistering): Released all slaves [ 207.386415][ T9809] bpf setsockopt: ignoring program buffer with optlen=131072 (max_optlen=4096) [ 207.824923][ T9783] chnl_net:caif_netlink_parms(): no params data found [ 207.904233][ T5854] Bluetooth: hci1: command tx timeout [ 208.177730][ T3495] hsr_slave_0: left promiscuous mode [ 208.195250][ T3495] hsr_slave_1: left promiscuous mode [ 208.207537][ T3495] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 208.226596][ T3495] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 208.244851][ T3495] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 208.252655][ T3495] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 208.292086][ T3495] veth1_macvtap: left promiscuous mode [ 208.297851][ T3495] veth0_macvtap: left promiscuous mode [ 208.306039][ T3495] veth1_vlan: left promiscuous mode [ 208.312137][ T3495] veth0_vlan: left promiscuous mode [ 209.108373][ T3495] team0 (unregistering): Port device team_slave_1 removed [ 209.150391][ T3495] team0 (unregistering): Port device team_slave_0 removed [ 209.657770][ T9783] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.678419][ T9783] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.701075][ T9783] bridge_slave_0: entered allmulticast mode [ 209.709697][ T9783] bridge_slave_0: entered promiscuous mode [ 209.748216][ T9783] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.764494][ T9783] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.778339][ T9783] bridge_slave_1: entered allmulticast mode [ 209.788124][ T9783] bridge_slave_1: entered promiscuous mode [ 209.825085][ T9868] geneve0: mtu greater than device maximum [ 209.836314][ T9783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 209.868991][ T9783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 209.953979][ T9783] team0: Port device team_slave_0 added [ 209.976078][ T9783] team0: Port device team_slave_1 added [ 209.983290][ T5854] Bluetooth: hci1: command tx timeout [ 210.077026][ T9783] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 210.096634][ T9783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.158138][ T9783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 210.172859][ T9783] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 210.181099][ T9783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.209213][ T9783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 210.291395][ T9783] hsr_slave_0: entered promiscuous mode [ 210.299108][ T9783] hsr_slave_1: entered promiscuous mode [ 210.312433][ T9783] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 210.320103][ T9783] Cannot create hsr debugfs directory [ 210.546099][ T9881] bridge0: port 2(ipvlan2) entered blocking state [ 210.552743][ T9881] bridge0: port 2(ipvlan2) entered disabled state [ 210.559303][ T9881] ipvlan2: entered allmulticast mode [ 210.564975][ T9881] bridge0: entered allmulticast mode [ 210.572672][ T9881] ipvlan2: left allmulticast mode [ 210.577731][ T9881] bridge0: left allmulticast mode [ 210.767726][ T9888] netlink: 'syz.2.1045': attribute type 1 has an invalid length. [ 210.800748][ T9889] xt_hashlimit: size too large, truncated to 1048576 [ 210.805105][ T9888] 8021q: adding VLAN 0 to HW filter on device bond4 [ 210.853734][ T9893] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1044'. [ 210.940101][ T9898] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1044'. [ 211.175698][ T9898] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 211.185234][ T9898] bond0 (unregistering): Released all slaves [ 211.229017][ T9783] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 211.273133][ T9783] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 211.284873][ T9783] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 211.299749][ T9783] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 211.388083][ T9909] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1047'. [ 211.423898][ T9913] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1048'. [ 211.445579][ T9783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.508607][ T9783] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.538693][ T1162] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.545822][ T1162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.565818][ T1162] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.572962][ T1162] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.616672][ T9917] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1050'. [ 211.911055][ T9938] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1054'. [ 212.006844][ T9783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 212.060278][ T5854] Bluetooth: hci1: command tx timeout [ 212.069256][ T9942] netlink: 'syz.0.1058': attribute type 1 has an invalid length. [ 212.075943][ T9783] veth0_vlan: entered promiscuous mode [ 212.090056][ T9783] veth1_vlan: entered promiscuous mode [ 212.097998][ T9943] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1057'. [ 212.133181][ T9942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.179360][ T9942] bond0: (slave gretap2): making interface the new active one [ 212.203144][ T9942] bond0: (slave gretap2): Enslaving as an active interface with an up link [ 212.221625][ T9783] veth0_macvtap: entered promiscuous mode [ 212.274335][ T9783] veth1_macvtap: entered promiscuous mode [ 212.317447][ T9783] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 212.367954][ T9783] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 212.414657][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.426764][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.438133][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.459471][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.589416][ T3554] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 212.605308][ T3554] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 212.647045][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 212.662330][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 212.824423][ T9958] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1062'. [ 212.847485][ T9958] macsec1: entered allmulticast mode [ 212.853217][ T9958] hsr0: entered allmulticast mode [ 212.858839][ T9958] hsr_slave_0: entered allmulticast mode [ 212.865497][ T9958] hsr_slave_1: entered allmulticast mode [ 213.563709][ T9984] sctp: [Deprecated]: syz.4.1071 (pid 9984) Use of struct sctp_assoc_value in delayed_ack socket option. [ 213.563709][ T9984] Use struct sctp_sack_info instead [ 213.719053][ T1162] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.840453][ T9990] nbd2: detected capacity change from 0 to 127 [ 214.542821][T10007] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1079'. [ 214.562793][ T5854] block nbd2: Receive control failed (result -32) [ 214.599855][ T1162] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.673159][ T5857] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 214.683118][ T5857] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 214.691704][ T5857] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 214.700806][ T5857] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 214.715095][ T5857] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 214.793611][T10021] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1083'. [ 214.808681][T10011] lo speed is unknown, defaulting to 1000 [ 214.838404][T10026] sctp: [Deprecated]: syz.2.1084 (pid 10026) Use of struct sctp_assoc_value in delayed_ack socket option. [ 214.838404][T10026] Use struct sctp_sack_info instead [ 214.880064][T10028] hsr0: entered promiscuous mode [ 214.887016][T10028] macsec1: entered allmulticast mode [ 214.892960][T10028] hsr0: entered allmulticast mode [ 214.898008][T10028] hsr_slave_0: entered allmulticast mode [ 214.920565][T10028] hsr_slave_1: entered allmulticast mode [ 215.124123][T10034] IPVS: lc: UDP 224.0.0.2:0 - no destination available [ 215.216212][T10036] lo speed is unknown, defaulting to 1000 [ 215.296321][ T1162] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.427272][ T1162] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.886460][ T1162] bridge_slave_1: left allmulticast mode [ 215.898219][ T1162] bridge_slave_1: left promiscuous mode [ 215.914180][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.956042][ T1162] bridge_slave_0: left allmulticast mode [ 215.973180][ T1162] bridge_slave_0: left promiscuous mode [ 216.000593][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.544621][T10063] sctp: [Deprecated]: syz.4.1096 (pid 10063) Use of struct sctp_assoc_value in delayed_ack socket option. [ 216.544621][T10063] Use struct sctp_sack_info instead [ 216.728858][ T1162] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 216.745163][ T1162] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 216.757275][ T1162] bond0 (unregistering): Released all slaves [ 216.781384][ T5854] Bluetooth: hci1: command tx timeout [ 216.830416][T10011] chnl_net:caif_netlink_parms(): no params data found [ 217.433830][T10011] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.441472][T10011] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.448811][T10011] bridge_slave_0: entered allmulticast mode [ 217.463608][T10011] bridge_slave_0: entered promiscuous mode [ 217.481376][T10011] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.488535][T10075] lo speed is unknown, defaulting to 1000 [ 217.494604][T10011] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.504316][T10011] bridge_slave_1: entered allmulticast mode [ 217.526034][T10011] bridge_slave_1: entered promiscuous mode [ 217.630047][T10011] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 217.648952][ T1162] hsr_slave_0: left promiscuous mode [ 217.655280][ T1162] hsr_slave_1: left promiscuous mode [ 217.661991][ T1162] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 217.669683][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 217.678371][ T1162] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 217.687033][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 217.713658][ T1162] veth1_macvtap: left promiscuous mode [ 217.719488][ T1162] veth0_macvtap: left promiscuous mode [ 217.725700][ T1162] veth1_vlan: left promiscuous mode [ 217.731417][ T1162] veth0_vlan: left promiscuous mode [ 218.124324][T10092] __nla_validate_parse: 2 callbacks suppressed [ 218.124343][T10092] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1102'. [ 218.350014][ T1162] team0 (unregistering): Port device team_slave_1 removed [ 218.393528][ T1162] team0 (unregistering): Port device team_slave_0 removed [ 218.860532][ T5854] Bluetooth: hci1: command tx timeout [ 218.867568][T10011] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.007696][T10094] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1103'. [ 219.042387][T10011] team0: Port device team_slave_0 added [ 219.074387][T10011] team0: Port device team_slave_1 added [ 219.127003][T10096] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1104'. [ 219.175820][T10011] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 219.200235][T10011] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.293010][T10011] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 219.344204][T10011] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 219.364447][T10011] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.409017][T10011] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 219.490397][T10110] sctp: [Deprecated]: syz.2.1107 (pid 10110) Use of struct sctp_assoc_value in delayed_ack socket option. [ 219.490397][T10110] Use struct sctp_sack_info instead [ 219.540452][T10011] hsr_slave_0: entered promiscuous mode [ 219.547753][T10011] hsr_slave_1: entered promiscuous mode [ 219.556445][T10011] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 219.565549][T10011] Cannot create hsr debugfs directory [ 219.598656][T10106] netlink: 'syz.0.1106': attribute type 13 has an invalid length. [ 219.623864][T10106] netlink: 'syz.0.1106': attribute type 17 has an invalid length. [ 219.709796][T10106] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 219.734611][T10108] lo speed is unknown, defaulting to 1000 [ 220.281633][T10129] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1114'. [ 220.525301][T10011] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 220.531446][T10135] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1115'. [ 220.573409][T10011] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 220.618067][T10011] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 220.678137][T10011] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 220.721527][T10143] sctp: [Deprecated]: syz.2.1118 (pid 10143) Use of struct sctp_assoc_value in delayed_ack socket option. [ 220.721527][T10143] Use struct sctp_sack_info instead [ 220.942563][ T5854] Bluetooth: hci1: command tx timeout [ 220.978318][T10011] 8021q: adding VLAN 0 to HW filter on device bond0 [ 221.013976][T10011] 8021q: adding VLAN 0 to HW filter on device team0 [ 221.029366][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.036699][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.101258][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.108493][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.132021][T10166] smc: ib device syz0 ibport 1 applied user defined pnetid SYZ2 [ 221.150080][T10165] batadv_slave_1: entered promiscuous mode [ 221.269596][T10164] batadv_slave_1: left promiscuous mode [ 221.323508][T10174] tls_set_device_offload_rx: netdev not found [ 221.333412][T10174] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1125'. [ 221.399276][T10177] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1126'. [ 221.508628][T10180] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1127'. [ 221.545241][T10180] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1127'. [ 221.564419][T10180] netlink: 10 bytes leftover after parsing attributes in process `syz.4.1127'. [ 221.570070][T10011] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 221.608467][T10180] nbd: socks must be embedded in a SOCK_ITEM attr [ 221.668327][T10011] veth0_vlan: entered promiscuous mode [ 221.685134][T10011] veth1_vlan: entered promiscuous mode [ 221.748903][T10011] veth0_macvtap: entered promiscuous mode [ 221.765249][T10011] veth1_macvtap: entered promiscuous mode [ 221.790397][T10011] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 221.825933][T10011] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.852496][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.872898][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.892644][T10187] sctp: [Deprecated]: syz.2.1130 (pid 10187) Use of struct sctp_assoc_value in delayed_ack socket option. [ 221.892644][T10187] Use struct sctp_sack_info instead [ 221.916003][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.933656][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.040831][T10193] lo speed is unknown, defaulting to 1000 [ 222.046786][ T1162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 222.059758][ T1162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.279151][T10196] block nbd0: not configured, cannot reconfigure [ 222.311604][ T1162] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 222.319469][ T1162] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.431827][T10198] lo speed is unknown, defaulting to 1000 [ 222.624832][ T36] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.637335][ T36] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.687208][ T36] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.714668][ T36] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.010858][T10205] netlink: 'syz.4.1135': attribute type 2 has an invalid length. [ 223.018640][T10205] netlink: 'syz.4.1135': attribute type 1 has an invalid length. [ 223.444313][ T36] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.101741][T10212] __nla_validate_parse: 3 callbacks suppressed [ 224.101759][T10212] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1137'. [ 224.292331][ T36] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.307152][T10222] sctp: [Deprecated]: syz.0.1142 (pid 10222) Use of struct sctp_assoc_value in delayed_ack socket option. [ 224.307152][T10222] Use struct sctp_sack_info instead [ 224.442381][T10226] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input7 [ 224.463023][ T5928] ------------[ cut here ]------------ [ 224.468779][ T5928] workqueue: cannot queue hci_conn_timeout on wq hci2 [ 224.475624][ T5928] WARNING: CPU: 0 PID: 5928 at kernel/workqueue.c:2258 __queue_work+0xd62/0xfe0 [ 224.484676][ T5928] Modules linked in: [ 224.488780][ T5928] CPU: 0 UID: 0 PID: 5928 Comm: kworker/0:5 Not tainted 6.16.0-rc5-syzkaller-01231-g96698d1898bc #0 PREEMPT(full) [ 224.500863][ T5928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 224.510910][ T5928] Workqueue: events l2cap_chan_timeout [ 224.516366][ T5928] RIP: 0010:__queue_work+0xd62/0xfe0 [ 224.521642][ T5928] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 19 d6 98 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 00 e9 89 8b 4c 89 fa e8 1f 34 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 a0 55 35 00 90 0f 0b 90 e9 dd fc ff [ 224.541233][ T5928] RSP: 0018:ffffc90004e5f7a8 EFLAGS: 00010046 [ 224.547290][ T5928] RAX: 98aecf1e133e3200 RBX: 0000000000000020 RCX: ffff88802f425a00 [ 224.555251][ T5928] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 224.563589][ T5928] RBP: 1ffff1100af7ef38 R08: ffff8880b8624293 R09: 1ffff110170c4852 [ 224.571557][ T5928] R10: dffffc0000000000 R11: ffffed10170c4853 R12: dffffc0000000000 [ 224.579514][ T5928] R13: ffff88805b26c960 R14: ffff88801a494008 R15: ffff888057bf7978 [ 224.587470][ T5928] FS: 0000000000000000(0000) GS:ffff888125c0f000(0000) knlGS:0000000000000000 [ 224.596406][ T5928] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 224.602977][ T5928] CR2: 0000001b3111fffc CR3: 000000006a7d6000 CR4: 00000000003526f0 [ 224.610937][ T5928] Call Trace: [ 224.614203][ T5928] [ 224.617128][ T5928] ? __queue_delayed_work+0xe1/0x2d0 [ 224.622407][ T5928] queue_delayed_work_on+0x18b/0x280 [ 224.627695][ T5928] ? __pfx___cancel_work+0x10/0x10 [ 224.632885][ T5928] ? __pfx_queue_delayed_work_on+0x10/0x10 [ 224.638709][ T5928] ? hci_conn_drop+0x14d/0x280 [ 224.643501][ T5928] l2cap_chan_del+0x285/0x5e0 [ 224.648390][ T5928] l2cap_chan_close+0x597/0x980 [ 224.653235][ T5928] ? __pfx_l2cap_chan_close+0x10/0x10 [ 224.658615][ T5928] ? process_scheduled_works+0x9ef/0x17b0 [ 224.664364][ T5928] l2cap_chan_timeout+0x158/0x390 [ 224.669386][ T5928] ? process_scheduled_works+0x9ef/0x17b0 [ 224.675101][ T5928] process_scheduled_works+0xae1/0x17b0 [ 224.680664][ T5928] ? __pfx_process_scheduled_works+0x10/0x10 [ 224.686648][ T5928] worker_thread+0x8a0/0xda0 [ 224.691229][ T5928] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 224.697553][ T5928] ? __kthread_parkme+0x7b/0x200 [ 224.702490][ T5928] kthread+0x70e/0x8a0 [ 224.706552][ T5928] ? __pfx_worker_thread+0x10/0x10 [ 224.711654][ T5928] ? __pfx_kthread+0x10/0x10 [ 224.716236][ T5928] ? _raw_spin_unlock_irq+0x23/0x50 [ 224.721420][ T5928] ? lockdep_hardirqs_on+0x9c/0x150 [ 224.726613][ T5928] ? __pfx_kthread+0x10/0x10 [ 224.731200][ T5928] ret_from_fork+0x3fc/0x770 [ 224.735777][ T5928] ? __pfx_ret_from_fork+0x10/0x10 [ 224.740880][ T5928] ? __switch_to_asm+0x39/0x70 [ 224.745631][ T5928] ? __switch_to_asm+0x33/0x70 [ 224.750379][ T5928] ? __pfx_kthread+0x10/0x10 [ 224.754960][ T5928] ret_from_fork_asm+0x1a/0x30 [ 224.759728][ T5928] [ 224.762745][ T5928] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 224.770081][ T5928] CPU: 0 UID: 0 PID: 5928 Comm: kworker/0:5 Not tainted 6.16.0-rc5-syzkaller-01231-g96698d1898bc #0 PREEMPT(full) [ 224.782133][ T5928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 224.792181][ T5928] Workqueue: events l2cap_chan_timeout [ 224.797633][ T5928] Call Trace: [ 224.800898][ T5928] [ 224.803816][ T5928] dump_stack_lvl+0x99/0x250 [ 224.808398][ T5928] ? __asan_memcpy+0x40/0x70 [ 224.812975][ T5928] ? __pfx_dump_stack_lvl+0x10/0x10 [ 224.818162][ T5928] ? __pfx__printk+0x10/0x10 [ 224.822754][ T5928] panic+0x2db/0x790 [ 224.826641][ T5928] ? __pfx_panic+0x10/0x10 [ 224.831039][ T5928] ? show_trace_log_lvl+0x4fb/0x550 [ 224.836233][ T5928] ? ret_from_fork_asm+0x1a/0x30 [ 224.841164][ T5928] __warn+0x31b/0x4b0 [ 224.845130][ T5928] ? __queue_work+0xd62/0xfe0 [ 224.849796][ T5928] ? __queue_work+0xd62/0xfe0 [ 224.854458][ T5928] report_bug+0x2be/0x4f0 [ 224.858774][ T5928] ? __queue_work+0xd62/0xfe0 [ 224.863439][ T5928] ? __queue_work+0xd62/0xfe0 [ 224.868104][ T5928] ? __queue_work+0xd64/0xfe0 [ 224.872767][ T5928] handle_bug+0x84/0x160 [ 224.877010][ T5928] exc_invalid_op+0x1a/0x50 [ 224.881519][ T5928] asm_exc_invalid_op+0x1a/0x20 [ 224.886355][ T5928] RIP: 0010:__queue_work+0xd62/0xfe0 [ 224.891624][ T5928] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 19 d6 98 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 00 e9 89 8b 4c 89 fa e8 1f 34 f9 ff 90 <0f> 0b 90 90 e9 f1 f4 ff ff e8 a0 55 35 00 90 0f 0b 90 e9 dd fc ff [ 224.911219][ T5928] RSP: 0018:ffffc90004e5f7a8 EFLAGS: 00010046 [ 224.917272][ T5928] RAX: 98aecf1e133e3200 RBX: 0000000000000020 RCX: ffff88802f425a00 [ 224.925239][ T5928] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 224.933193][ T5928] RBP: 1ffff1100af7ef38 R08: ffff8880b8624293 R09: 1ffff110170c4852 [ 224.941149][ T5928] R10: dffffc0000000000 R11: ffffed10170c4853 R12: dffffc0000000000 [ 224.949103][ T5928] R13: ffff88805b26c960 R14: ffff88801a494008 R15: ffff888057bf7978 [ 224.957073][ T5928] ? __queue_work+0xd61/0xfe0 [ 224.961752][ T5928] ? __queue_delayed_work+0xe1/0x2d0 [ 224.967028][ T5928] queue_delayed_work_on+0x18b/0x280 [ 224.972307][ T5928] ? __pfx___cancel_work+0x10/0x10 [ 224.977414][ T5928] ? __pfx_queue_delayed_work_on+0x10/0x10 [ 224.983213][ T5928] ? hci_conn_drop+0x14d/0x280 [ 224.987966][ T5928] l2cap_chan_del+0x285/0x5e0 [ 224.992633][ T5928] l2cap_chan_close+0x597/0x980 [ 224.997468][ T5928] ? __pfx_l2cap_chan_close+0x10/0x10 [ 225.002823][ T5928] ? process_scheduled_works+0x9ef/0x17b0 [ 225.008540][ T5928] l2cap_chan_timeout+0x158/0x390 [ 225.013556][ T5928] ? process_scheduled_works+0x9ef/0x17b0 [ 225.019262][ T5928] process_scheduled_works+0xae1/0x17b0 [ 225.024821][ T5928] ? __pfx_process_scheduled_works+0x10/0x10 [ 225.030817][ T5928] worker_thread+0x8a0/0xda0 [ 225.035424][ T5928] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 225.041751][ T5928] ? __kthread_parkme+0x7b/0x200 [ 225.046691][ T5928] kthread+0x70e/0x8a0 [ 225.050751][ T5928] ? __pfx_worker_thread+0x10/0x10 [ 225.055847][ T5928] ? __pfx_kthread+0x10/0x10 [ 225.060524][ T5928] ? _raw_spin_unlock_irq+0x23/0x50 [ 225.065719][ T5928] ? lockdep_hardirqs_on+0x9c/0x150 [ 225.070906][ T5928] ? __pfx_kthread+0x10/0x10 [ 225.075499][ T5928] ret_from_fork+0x3fc/0x770 [ 225.080168][ T5928] ? __pfx_ret_from_fork+0x10/0x10 [ 225.085276][ T5928] ? __switch_to_asm+0x39/0x70 [ 225.090117][ T5928] ? __switch_to_asm+0x33/0x70 [ 225.094959][ T5928] ? __pfx_kthread+0x10/0x10 [ 225.099537][ T5928] ret_from_fork_asm+0x1a/0x30 [ 225.104308][ T5928] [ 225.107619][ T5928] Kernel Offset: disabled [ 225.111925][ T5928] Rebooting in 86400 seconds..