last executing test programs: 11.587029729s ago: executing program 2 (id=9576): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c4400000000000e0feff0085000000b200000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="80000000", @ANYRES16=r1, @ANYBLOB="050000000000000200000200000008000300", @ANYRES32=r2], 0x80}}, 0x0) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x1c, 0x0, 0x2, 0x70bd2c, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2000800}, 0x4004084) 11.422233576s ago: executing program 2 (id=9577): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) getsockopt$ax25_int(r0, 0x101, 0x6, &(0x7f0000000080), &(0x7f0000000000)=0x4) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000501c0007800c0001"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4) (async, rerun: 64) r1 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c00068018"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x4, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000005200ff0000000000000040000a00000008000100feffffff"], 0x1c}}, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket(0x2000000000000021, 0x2, 0x10000000000002) syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r4) (async) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r4, 0x8982, &(0x7f0000000140)={0x0, 'pimreg0\x00', {0x3}, 0x2}) (async) setsockopt$inet_tcp_TLS_TX(r3, 0x6, 0x1, &(0x7f0000000040)=@gcm_256={{0x304}, "81ef8ddec42be7f8", "0f35c755de5ccfce8aaa955f3d0a44a25aaf35b7d3c3f539276dff7fe42e0569", "b18a8ea1", "93947e263bcf7ed5"}, 0x38) (async) setsockopt$IP_VS_SO_SET_DELDEST(r3, 0x0, 0x488, &(0x7f00000000c0)={{0x3b, @remote, 0x4e21, 0x3, 'dh\x00', 0x0, 0x1, 0x2c}, {@empty, 0x4e22, 0x10002, 0x6, 0x8, 0x8}}, 0x44) 11.133899546s ago: executing program 2 (id=9578): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10) sendmmsg$inet(r0, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x36}}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)="fa05", 0xfffffe54}], 0x1}, 0xfeff}], 0x1, 0x24040890) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000140)=0xffff0000, 0x4) 10.138864956s ago: executing program 2 (id=9586): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB="020300030c00000000070000000000000200090008000000e90000000000000003000600000000000200000000000000000000000500000002000100000000000000000d00000000030005000000000002"], 0x60}, 0x1, 0x7}, 0x0) 9.38186073s ago: executing program 2 (id=9595): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) r1 = socket$kcm(0x11, 0x200000000000002, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'geneve0\x00', 0x0}) bind$packet(r0, &(0x7f00000001c0)={0x11, 0xc, r2, 0x1, 0xc, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x14) sendto$packet(r0, &(0x7f0000000180)="0b0312002e0064000200475400f6a13bb1000000086086dd4803", 0x100a6, 0x0, &(0x7f0000000140)={0x11, 0x8100, r2}, 0x14) (fail_nth: 4) 9.132213614s ago: executing program 2 (id=9598): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00') r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180000002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000004c0)={r0, 0x3, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x44) (async) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000004c0)={r0, 0x3, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x44) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket$tipc(0x1e, 0x5, 0x0) (async) r2 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x41}, 0x10) (async) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x41}, 0x10) bind$tipc(r2, 0x0, 0x0) sendmsg$tipc(r2, &(0x7f0000000340)={&(0x7f0000000000)=@name={0x1e, 0x2, 0x3, {{0x41, 0x1}}}, 0x10, 0x0}, 0x1) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r1, &(0x7f00000003c0)=ANY=[], 0xfce) 2.691878006s ago: executing program 4 (id=9637): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xe, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="720ac4ff000000007110ac000000000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x94) socket$rds(0x15, 0x5, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r2, 0x0) r3 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000000000000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0) recvmmsg(r3, &(0x7f0000004f00)=[{{0x0, 0x0, 0x0}, 0xfffffffa}], 0x1, 0x10022, 0x0) r4 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r4, @ANYBLOB="01002abd7000fcdbdf250100000008000100", @ANYRES32=r5, @ANYBLOB="b400028038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000101000038000100240001006e6f746966795f70656572735f696e74657276616c0000000000000000000000050003000300000008000400"], 0xd0}, 0x1, 0x0, 0x0, 0x24004000}, 0x24044880) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x13, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="660a0000000000006111b8000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x90) sendmsg$NL80211_CMD_REQ_SET_REG(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x0, 0x600, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'bb\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004000}, 0x24008881) r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0) recvfrom$rose(r6, &(0x7f0000000080)=""/18, 0x12, 0x10001, &(0x7f00000000c0)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x0, [@bcast, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0x40) 2.378917889s ago: executing program 4 (id=9640): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func={0x0, 0x0, 0x0, 0x90}]}}, 0x0, 0x26, 0x0, 0x1}, 0x20) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r2, 0x0, 0xcc, 0x0, 0x0) connect$unix(r1, 0x0, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) r5 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x1b, &(0x7f0000000000)=0x3f, 0x4) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000000000000000000100000e000058"}}}]}, 0x48}}, 0x0) 2.244155675s ago: executing program 4 (id=9641): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="040100001a00010000000000000000000a010101000000000000000000000000ac1414aa000000000000000000000000fffc00"/64, @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="fe8000000000000000000000000000aa000000013c000000e0000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bfae00000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000014000e"], 0x104}}, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6) write$bt_hci(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000320100f1"], 0x138) getsockopt$bt_BT_RCVMTU(r2, 0x112, 0xd, &(0x7f0000000000)=0x73a4, &(0x7f0000000040)=0x2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x6, [@const={0x0, 0x0, 0x0, 0x2, 0x3}, @fwd={0x2, 0x0, 0x0, 0x12}, @typedef={0x4, 0x0, 0x0, 0x12, 0x2}]}, {0x0, [0x0, 0x5f, 0x0, 0x61]}}, 0x0, 0x42, 0x0, 0x1}, 0x20) 2.243925043s ago: executing program 0 (id=9642): syz_emit_ethernet(0x46, &(0x7f0000000280)={@local, @local, @void, {@ipv6={0x86dd, @udp={0xc, 0x6, "6565c4", 0x10, 0x11, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast1, {[], {0x4e24, 0x4e22, 0x10, 0x0, @gue={{0x2, 0x0, 0x3, 0x4b, 0x100}}}}}}}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newlink={0x2c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1}, [@IFLA_GROUP={0x8}, @IFLA_AF_SPEC={0x4}]}, 0x2c}}, 0x0) 1.952009098s ago: executing program 0 (id=9644): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10) sendmmsg$inet(r0, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x36}}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)="fa05", 0xfffffe54}], 0x1}, 0x3000000}], 0x1, 0x24040890) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000140)=0xffff0000, 0x4) 1.776167027s ago: executing program 1 (id=9645): r0 = accept4$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, &(0x7f0000000200)=0x6e, 0x1800) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r1, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x2c, r2, 0x100, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40008}, 0x40080) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000000)) r3 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000011e00)=[@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x41}}], 0x10) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000012480)={0x0, 0x20, &(0x7f0000012440)=[@in={0x2, 0x4e22, @local}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, &(0x7f00000124c0)=0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$netlink(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000300), r5) sendmsg$SEG6_CMD_GET_TUNSRC(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x28, r6, 0x223, 0x0, 0x0, {0x3}, [@SEG6_ATTR_DST={0x14, 0x1, @loopback={0xe0ffff00000000}}]}, 0x28}}, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r4, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x70, r6, 0x2, 0x70bd29, 0x25dfdbfb, {}, [@SEG6_ATTR_SECRET={0x18, 0x4, [0xa, 0x8, 0x5, 0x4, 0xffffffff]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}, @SEG6_ATTR_DST={0x14, 0x1, @local}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x4}, @SEG6_ATTR_SECRET={0x10, 0x4, [0xf2, 0x101, 0x156]}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x1}]}, 0x70}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000780)=ANY=[@ANYBLOB="3c0000001000030100"/20, @ANYRES32=0x0, @ANYRESHEX], 0x3c}}, 0x0) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) 1.665727267s ago: executing program 1 (id=9647): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x6, 0x4, 0x4, 0x3, 0x0, 0x1}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="18200800", @ANYRES32=r0, @ANYBLOB="000000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90) r1 = socket$inet6(0xa, 0x2, 0x3a) sendto$inet6(r1, &(0x7f00000000c0), 0x0, 0x2004c080, &(0x7f0000000040)={0xa, 0xfffd, 0xc9, @mcast2}, 0x1c) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000200)={r3, 0x2, 0x30}, &(0x7f0000000240)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000000c0)={r3, 0x68, &(0x7f00000001c0)=[@in={0x2, 0x4e22, @private=0xa010100}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e24, @private=0xa010101}, @in6={0xa, 0x4e22, 0x1ff, @mcast2, 0x4}, @in6={0xa, 0x4e22, 0xd, @loopback, 0x6}]}, &(0x7f0000000240)=0x10) 1.619993043s ago: executing program 4 (id=9648): r0 = socket(0x2a, 0x2, 0x0) r1 = socket(0x25, 0x1, 0x0) r2 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r2, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x0, @loopback}, @in6={0xa, 0x0, 0x0, @private0}], 0x2c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r2, 0x84, 0x65, &(0x7f0000000580)=[@in6={0xa, 0x0, 0x0, @private0}], 0x1c) setsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, 0x0, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) r4 = socket$rds(0x15, 0x5, 0x0) bind$rds(r4, &(0x7f0000000000)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3e}}, 0x10) setsockopt$RDS_CANCEL_SENT_TO(r4, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}}, 0x1c) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001000)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0) r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r5, &(0x7f0000000300)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) sendto$netrom(r5, 0x0, 0xfffffffffffffead, 0x0, &(0x7f0000000240)={{0x6, @rose}, [@bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001500)=@newtfilter={0x7c, 0x2c, 0x605, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xffe0}, {}, {0x5, 0x2}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x4c, 0x2, [@TCA_CGROUP_ACT={0x48, 0x1, [@m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x10, 0x7ff, 0x6, 0x1, 0xff}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}}]}, 0x7c}}, 0x20004084) r6 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) recvmsg$unix(r7, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) ioctl$sock_proto_private(r7, 0x89ec, &(0x7f0000000040)="d692d73ad7232325fa99725c34949053f2531d7fc637071c437122955855d0be32a6ad17391d22aaa2046fe332b54a41") r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1c}, @NFTA_SET_ID={0x8}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x40}, @NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0x6}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd0}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x23, &(0x7f0000000500)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffc}, 0x78) sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.494323401s ago: executing program 1 (id=9650): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) openat$ppp(0xffffffffffffff9c, 0x0, 0x121c02, 0x0) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r3, &(0x7f00000006c0)=ANY=[@ANYBLOB="00000019000303005a3c02000300bbbbbbbbbbbbbbbbbbbbbbbb000d0200000007020000c81fcd17ec803cbb43e3d31bb41a0e836d35f2cd00ddd73e7f5f83a48ad36e1b07d51d201687b1bbafb4d181091d1aeedd73a5d1de87ffc70000000000000000c27accfe78714a6839bed77c32fb5283934232c45fead9de2ef31559bffa6ba33b87c908f09a268d4a453082f254cb2d53393396277915855680f37b6398531096950f101355e40588a96b8ceae88e78cb95f98cde2e14c188bc4c40a6135f4a545c55f8cae079be1f68279663f0321ac5d19932fd21804a8d"], 0x64) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56441, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r6) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r7 = socket$unix(0x1, 0x1, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@gettaction={0x6c, 0x32, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_gd=@TCA_ACT_TAB={0x2c, 0x1, [{0xc, 0x10, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0xc, 0xb, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}, {0x10, 0x11, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x5}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x0, 0x368ca9594a58155d}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20008041}, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) bind$ax25(r10, 0x0, 0x0) sendmsg$TIPC_CMD_ENABLE_BEARER(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) 1.403653907s ago: executing program 3 (id=9651): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x78, r3, 0x300, 0x70bd2d, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x8}, @MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xd}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x1}, @MPTCP_PM_ATTR_ADDR={0x40, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x7}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x12}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x18}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x880}, 0x8804) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)={0x20, r1, 0x1, 0x470bd28, 0x4, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000094}, 0x80) 1.244026978s ago: executing program 0 (id=9652): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000005000000000000000200000d0000000001000000000000000000000000000000005f10"], 0x0, 0x39}, 0x20) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket(0x2, 0x80805, 0x0) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000000)={{0x84, @multicast1, 0x4e21, 0x3, 'sh\x00', 0x4, 0x7, 0x77}, {@rand_addr=0x64010102, 0x4e23, 0x2, 0xcd, 0x12d5f, 0x3}}, 0x44) r5 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, &(0x7f0000000580)={{0x84, @multicast2, 0x4e23, 0x3, 'lc\x00', 0x0, 0x20000, 0x7e}, {@private=0xa010102, 0x4e20, 0x2, 0xcc, 0x80012d58, 0x12d5c}}, 0x44) setsockopt$IP_VS_SO_SET_FLUSH(r4, 0x0, 0x485, 0x0, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r6, 0x6, 0x1e, &(0x7f00000001c0)=0x1, 0x4) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000300)={r1, 0xffffffffffffffff, 0x5, 0x1}) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r7, 0x84, 0x10, &(0x7f0000000400)=@assoc_value={0x0, 0x9}, &(0x7f0000000480)=0x8) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$inet(r6, &(0x7f00000009c0)=[{{&(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10, 0x0}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x140}}], 0x2, 0x2400804c) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000800000000000000000000a60000000060a0b04661f794a000000000200000034000480300001800b0001006c6f6f6b75700000200002800900010073797a30000000000800054000000000080003400000001d0900010073797a30000000000900020073797a32"], 0x88}}, 0x0) setsockopt$IP_VS_SO_SET_TIMEOUT(r1, 0x0, 0x8, 0x0, 0x0) r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$802154_dgram(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x7}, 0x4040815) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)={'batadv0\x00', 0x0}) r10 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r12 = socket$netlink(0x10, 0x3, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000540)={{{@in6=@ipv4={""/10, ""/2, @local}, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@private}, 0x0, @in6=@mcast2}}, &(0x7f0000000240)=0xe8) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r10, 0x89f3, &(0x7f0000000280)={'sit0\x00', &(0x7f0000000700)={'erspan0\x00', r9, 0x1, 0x10, 0x40, 0x1ff, {{0x2a, 0x4, 0x0, 0x9, 0xa8, 0x67, 0x0, 0x0, 0x4, 0x0, @loopback, @broadcast, {[@timestamp_addr={0x44, 0x2c, 0x1, 0x1, 0x2, [{@local, 0xffffacdc}, {@local, 0x2}, {@remote}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1}, {@empty, 0x7fffffff}]}, @ssrr={0x89, 0x2b, 0x2a, [@rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @multicast1, @empty, @rand_addr=0x64010101, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, @multicast2]}, @cipso={0x86, 0x3d, 0xaf4e3b8121c7387c, [{0x0, 0xa, "0bb758ffcc1ed453"}, {0x6, 0x12, "04c343e6e26dc09c3742cdd37f2212a6"}, {0x1, 0x12, "116b89a276fa9f6bff4a305551532b2f"}, {0x7, 0x9, "1e70f8be69015a"}]}]}}}}}) sendmsg$nl_route(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="880000001900000128bd7000fbdbdf250a001004ff04fd07002d000008000600010000000c00090003002003", @ANYRES32=r9, @ANYBLOB="08000600030000000800060009000000250008805de0397f7376c06f83fd60f0ef24d13e946d801a3546f55e2d40a72be5d86b37fb0000000c00090007001481", @ANYRES32=r11, @ANYBLOB="08001900", @ANYRES32=r13, @ANYBLOB="0c00090008002006", @ANYRES32=r14, @ANYBLOB="ef5140092180147625402c63a91f7d5562cb6a7162fbdd06d9da5927d5795cad5753c67d2b4d22443e97f4e7142577da40b76d89c231ad62bad27bf34facddf48877414c9ceae6690cceb49c6c3eb74fea30d4c8cc7d80f37b950417811b07f57baf60b4cb34e808aeed191d64ec748f8f871ab1408290"], 0x88}}, 0x8004) syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0) 1.243854515s ago: executing program 3 (id=9653): socket$nl_netfilter(0x10, 0x3, 0xc) (async) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @byteorder={{0xe}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_BYTEORDER_SREG={0x8}, @NFTA_BYTEORDER_DREG={0x8, 0x2, 0x1, 0x0, 0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) 1.171028522s ago: executing program 0 (id=9654): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0x7, 0xa, 0x801, 0x0, 0x0, {0x9}, [@NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x3}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_COMPAT={0x14, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x4}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x67}]}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x7c, 0xd6, 0x2, [@var, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{}, {}, {}, {}, {}, {}]}, @func, @volatile, @volatile, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x96}, 0x20) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a}}, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2, 0x0, 0x0, 0x1d6225b, 0x0, 0x0, 0x14}, 0x90) r2 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_FILTER(r2, 0x65, 0x1, &(0x7f0000000100), &(0x7f0000000180)=0x23) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_GATEWAYS(r3, &(0x7f00000005c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x20, r4, 0x8, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="d8e3d3780a3c"}]}, 0x20}}, 0x200c0802) setsockopt$sock_linger(r2, 0x1, 0xd, &(0x7f0000000240)={0x1, 0xad}, 0x8) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x28, 0x1, 0x1, 0x3, 0x0, 0x0, {0xa}, [@CTA_HELP={0x14, 0x5, 0x0, 0x1, {0xe, 0x1, 'irc-20000\x00'}}]}, 0x28}}, 0x810) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000600)={0x0, 'batadv_slave_0\x00', {0x1}, 0x7620}) 1.11834651s ago: executing program 3 (id=9655): r0 = socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newlink={0x58, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_VFINFO_LIST={0x30, 0x16, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@IFLA_VF_MAC={0x28, 0x1, {0x0, @local}}]}]}, @IFLA_GROUP={0x8}]}, 0x58}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x2, 0x4, 0x1, 0xbf22, 0x110}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xd, 0x1, 0x4, 0x6, 0x0, r1}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0x6}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f00000001c0), &(0x7f0000000600)=@udp6=r3}, 0x20) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x58, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) r5 = bpf$ITER_CREATE(0x21, &(0x7f0000000100), 0x8) bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@bloom_filter={0x1e, 0x10001, 0xc, 0x2, 0x800, r3, 0x7, '\x00', r4, r5, 0x3, 0x0, 0xd01, 0xe}, 0x50) 942.598794ms ago: executing program 3 (id=9656): r0 = socket(0x2a, 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) recvfrom$x25(r1, 0x0, 0x0, 0x40, 0x0, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000600)=0x6) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01060000000000000000090000003c0004801300010062726f6164636173742d6c696e6b000024000780080005000000000008000300ff"], 0x50}}, 0x0) sendmsg$TIPC_NL_MON_SET(r0, &(0x7f00000005c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000240)={&(0x7f00000003c0)={0xe8, r3, 0x400, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_BEARER={0x20, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x800}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3ff}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1000}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1466}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}]}, @TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_LINK={0x64, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xdf2f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9b4}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x10}, 0x4040000) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0xfffffffffffffdff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x40000) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000000)={0x0, 0x1f, "4c83e6dd9f3057093eaa47192f7e4093d9a7187e5c0593916b58d3e7037b53"}, &(0x7f0000000040)=0x27) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000080)={r5, @in6={{0xa, 0x4e21, 0x8000, @rand_addr=' \x01\x00', 0x2}}, 0x67ae, 0x1, 0x8c, 0xbc5, 0x11, 0xd, 0x40}, &(0x7f0000000140)=0x9c) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newqdisc={0x24, 0x29, 0xa19702d202eff97b, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0x0, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=@newtfilter={0x70, 0x2c, 0xd27, 0x0, 0x25dfdbfa, {0x0, 0x0, 0x0, r4, {0xfffa, 0xfff2}, {0x0, 0xffe0}, {0x10, 0xfff9}}, [@filter_kind_options=@f_fw={{0x7}, {0x44, 0x2, [@TCA_FW_POLICE={0x40, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x4, 0x20000006, 0xfffffc00, 0x7, 0x1, {0x8, 0x2, 0xfffb, 0x800, 0x6, 0x8}, {0xfc, 0x0, 0x0, 0xd, 0x4b, 0x800}, 0x4, 0x4, 0x9}}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0) 940.165624ms ago: executing program 0 (id=9657): r0 = socket(0x2a, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0xcc}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x2}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x9}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}, @TCA_RATE={0x6, 0x5, {0xed, 0x8}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xfffa, 0x2}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x800}, @TCA_FLOWER_KEY_IP_PROTO={0x5, 0x9, 0x84}]}}]}, 0x44}}, 0x24004000) r2 = socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1, 0xc, 0x103ba, 0x1}, 0x48) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) r3 = socket(0x2c, 0x5, 0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x88}, [@ldst={0x6}]}, &(0x7f0000000080)='GPL\x00', 0xa, 0x3e0, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x76}, 0x48) bind$vsock_stream(r3, &(0x7f0000000040), 0x10) sendto$inet(0xffffffffffffffff, &(0x7f0000000540)="8530c0d6a4d1788a5c0d886641af27e1602889e986d5b87d96a44e734d187a33d55b760715b84585", 0x28, 0x4000, &(0x7f0000000580)={0x2, 0x4e24, @loopback}, 0x10) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r4, &(0x7f0000001c80)=[{{&(0x7f0000000240)={0xa, 0x4e21, 0x1, @private0, 0x3}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000440)='\x00', 0x1}], 0x1}}], 0x1, 0x0) shutdown(r4, 0x1) getsockopt$inet_sctp6_SCTP_MAX_BURST(r4, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000200)=0x8) listen(r3, 0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) shutdown(r5, 0x1) recvmmsg(r5, &(0x7f0000001d00)=[{{0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000001d40)=""/4078, 0xfee}, {&(0x7f0000000340)=""/141, 0x8d}, {&(0x7f0000002d40)=""/4116, 0x1005}, {&(0x7f0000000400)=""/6, 0x6}, {&(0x7f0000000440)=""/231, 0xe7}], 0x5}}], 0x3ffffbd, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000005, 0x8031, 0xffffffffffffffff, 0x0) write(r5, 0x0, 0x0) r6 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r6, &(0x7f0000000080), 0x10) setsockopt$sock_linger(r6, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x5}, 0x8) sendmmsg(r6, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094) r7 = accept4$unix(r3, 0x0, 0x0, 0x0) recvfrom$unix(r7, &(0x7f0000000140)=""/263, 0x107, 0x0, 0x0, 0x0) close(0x4) ppoll(&(0x7f00000000c0)=[{r6, 0x84}], 0x1, &(0x7f0000000280), &(0x7f00000002c0)={[0x27d4]}, 0x8) 772.574682ms ago: executing program 1 (id=9658): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="850000003c000000791000000000000063000000001000009500740000000000"], &(0x7f0000003ff6)='GPL\x00', 0x8, 0xc3, &(0x7f0000000400)=""/198, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffff52}, 0x37) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$netlink(r1, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000006480)={0x14, 0x27, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="cd007dd865a1c33d45a48cbd053622ca3c2130f27741553ecfba174c73dcfa3c61a7728441235fdd6a14465f7eaebd3efd17788f75ee6013b19b83b3163ce2e473bb897deb8e0a8897a77efbc76bc5616b2d6cba3d153f81a1026132f4829d96ce565f7e6608b4e458d7d6321a", @ANYRES16=r1, @ANYRES8=0x0], 0x18}}, 0x0) 747.690762ms ago: executing program 1 (id=9659): r0 = socket(0x10, 0x3, 0x0) recvmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@isdn, 0x80, &(0x7f00000005c0)=[{&(0x7f00000000c0)=""/137, 0x89}, {&(0x7f0000000180)=""/239, 0xef}, {&(0x7f00000002c0)=""/152, 0x98}, {&(0x7f00000006c0)=""/105, 0x69}, {&(0x7f0000000400)=""/44, 0x2c}, {&(0x7f0000000440)=""/194, 0xc2}, {&(0x7f0000000080)=""/8, 0x8}], 0x7, &(0x7f0000000640)=""/81, 0x51}, 0x2121) r1 = socket$nl_route(0x10, 0x3, 0x0) getpeername$packet(r0, &(0x7f0000000380)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000003c0)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000740)={'team0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0xfe98, &(0x7f0000000000)={&(0x7f0000000680)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x18, 0x10, 0x3}, @TCA_FQ_FLOW_MAX_RATE={0x2, 0x2, 0x10270000}, @TCA_FQ_FLOW_MAX_RATE={0xfffffffffffffd87, 0x7, 0x3}]}}]}, 0x48}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000780)=@setlink={0xc0, 0x13, 0x200, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, 0x50000, 0x40f2}, [@IFLA_PORT_SELF={0x20, 0x19, 0x0, 0x1, [@IFLA_PORT_HOST_UUID={0x14, 0x5, "e1db6ef1d3c4bee985737c3804a7f108"}, @IFLA_PORT_VF={0x8, 0x1, 0xc9f5}]}, @IFLA_LINKINFO={0x78, 0x12, 0x0, 0x1, @vti={{0x8}, {0x6c, 0x2, 0x0, 0x1, [@IFLA_VTI_REMOTE={0x8, 0x5, @loopback}, @IFLA_VTI_REMOTE={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}, @vti_common_policy=[@IFLA_VTI_IKEY={0x8, 0x2, 0x1}], @IFLA_VTI_LOCAL={0x8, 0x4, @broadcast}, @vti_common_policy=[@IFLA_VTI_OKEY={0x8, 0x3, 0x2}, @IFLA_VTI_LINK={0x8, 0x1, r3}, @IFLA_VTI_OKEY={0x8, 0x3, 0x5}, @IFLA_VTI_FWMARK={0x8, 0x6, 0x3}, @IFLA_VTI_LINK={0x8, 0x1, r6}, @IFLA_VTI_FWMARK={0x8, 0x6, 0x2}, @IFLA_VTI_FWMARK={0x8, 0x6, 0x7fff}, @IFLA_VTI_FWMARK={0x8, 0x6, 0x7}], @IFLA_VTI_REMOTE={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}]}}}, @IFLA_EXT_MASK={0x8, 0x1d, 0x4}]}, 0xc0}, 0x1, 0xba01, 0x0, 0x400c002}, 0x0) 706.796528ms ago: executing program 4 (id=9660): r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000017f03e3f7000000006ee2ffca1b1f00ff0f00000000050050375ed08a56331dbf9ed78105001ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00120c00010005080c00bdad01409bbc7a46e39a54cbbda812176679df069163ce955fed0009d78f0a947ee2b49e33538afaeb2713f450ebd010a20ff27fff", 0x89}], 0x1, 0x0, 0x0, 0x7}, 0x0) 645.348233ms ago: executing program 3 (id=9661): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10) sendmmsg$inet(r0, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x36}}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)="fa05", 0xfffffe54}], 0x1}, 0x20000000}], 0x1, 0x24040890) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000140)=0xffff0000, 0x4) 464.284157ms ago: executing program 4 (id=9662): pipe(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) r2 = socket$netlink(0x10, 0x3, 0x0) epoll_create1(0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x0) splice(r0, 0x0, r2, 0x0, 0x10d00, 0xf) 336.832399ms ago: executing program 1 (id=9663): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0xa, 0x4, 0xfff, 0x7}, 0x50) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x34, 0x2, {{}, [@TCA_NETEM_LOSS={0x18, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0x3, 0x7ff, 0x8, 0x5}}]}]}}}]}, 0x64}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r5) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r6) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={0xffffffffffffffff, r3, 0x25, 0x14, @val=@uprobe_multi={&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)=[0x3], &(0x7f00000003c0)=[0x0, 0x3, 0x1, 0x4], 0x3, 0x1, 0x7a61412b6ef89d76}}, 0x40) sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r8) r9 = socket$unix(0x1, 0x1, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x5}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r11, {}, {0x2, 0x8}, {0xd, 0x7}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_CE_THRESHOLD={0x8, 0x5, 0x4}]}}]}, 0x3c}}, 0x10008844) ioctl$SIOCSIFHWADDR(r8, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000004340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01040000000000000000010000000900010073797a300000000034000000030a010100000000000000000100000209000b0073797a31000000000900010073797a300000000008000a4000000004"], 0x250}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$ITER_CREATE(0x21, &(0x7f0000000380), 0x8) socket$nl_generic(0x10, 0x3, 0x10) r12 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0xa, 0x7fffffff, 0x2, 0x7, 0x102, 0x1}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r12, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 134.84276ms ago: executing program 3 (id=9664): socket$nl_xfrm(0x10, 0x3, 0x6) (async) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000070000000000000000000000000000000000000000000000000000000095260000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000004400050020010000000000000000000000000000000000022b0000000a000000fc010000000000000000000000000000000000000f3d677b736763f9777e3b1c81f30400"], 0xfc}}, 0x0) (async) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000070000000000000000000000000000000000000000000000000000000095260000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000004400050020010000000000000000000000000000000000022b0000000a000000fc010000000000000000000000000000000000000f3d677b736763f9777e3b1c81f30400"], 0xfc}}, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, 0x0}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000280)=""/81, 0x51}], 0x1}, 0x0) sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r2, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="94000000020705000000000000000000070000060c00064000000000000000000900010073e2797a31000000000c00064000000000526cae2514000780080001400000000708000240000000080c00024000000000000000020800054000000000140007800800014000000000080002400000000808000540000000010c00034000000000000000060c00034000000000000001"], 0x94}, 0x1, 0x0, 0x0, 0x4040800}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x8, 0x2, 0x0, 0x1}, 0x48) (async) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x8, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000001c0)={r3, &(0x7f0000000140), &(0x7f0000000140)=""/6, 0x2}, 0x20) (async) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000001c0)={r3, &(0x7f0000000140), &(0x7f0000000140)=""/6, 0x2}, 0x20) socket(0x6, 0x3, 0x6) (async) r4 = socket(0x6, 0x3, 0x6) bind$inet(r4, &(0x7f0000000080)={0x2, 0xfffa, @local}, 0x10) setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f00000000c0)=0x6, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700) (async) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700) ioctl$EXT4_IOC_GROUP_ADD(r5, 0x40086602, &(0x7f0000000000)={0xfff}) (async) ioctl$EXT4_IOC_GROUP_ADD(r5, 0x40086602, &(0x7f0000000000)={0xfff}) sendto$inet(r4, 0x0, 0x0, 0x4c810, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10) r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='memory.stat\x00', 0x0, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$WPAN_WANTACK(r5, 0x0, 0x0, &(0x7f0000000200)=0x1, 0x4) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x48, 0x10, 0x405, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_FWMARK={0x8}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x1c}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x48}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r8 = socket$nl_generic(0x10, 0x3, 0x10) socket$kcm(0x29, 0x3, 0x0) r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r8, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)=ANY=[@ANYRESHEX=r6, @ANYRES16=r9, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e00000000000000000018000280080002001100000004000100080004"], 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x20008894) 0s ago: executing program 0 (id=9665): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0xe, 0x4, &(0x7f00000000c0)=@framed={{0x18, 0x2}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x61}]}, &(0x7f0000000400)='syzkaller\x00'}, 0x80) sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x0, 0xb, 0x201, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_COMPAT_REV={0x8}, @NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x20008000}, 0x8088) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x10) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000002c0)={0xfffffffffffffffc, 0x10000, 0x1000, 0x3, 0x7}, 0x20) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000040)) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) shutdown(r3, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_DELSET={0x14, 0xb, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x5}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x3c}, 0x1, 0x0, 0x0, 0x200008c0}, 0x4014) recvmsg$unix(r3, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=[@cred={{0x1c}}], 0x20}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x38}}, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000240)={&(0x7f00000007c0)={0x5bc, r6, 0xe42a5c0cde36e316, 0x70bd29, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME={0x59d, 0x33, @reassoc_resp={{{0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1}, {0xe}, @device_a, @device_b, @from_mac=@broadcast, {0x9, 0xff}, @value=@ver_80211n={0x0, 0x81, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1}}, 0x102, 0x4042, @random=0x6, @void, @val={0x2d, 0x1a, {0x8, 0x3, 0x0, 0x0, {0xfff, 0x9, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x1}, 0x1, 0x8, 0x81}}, [{0xdd, 0xe1, "ec2c03d965ed2fa09fdf275ed4d9232fa8bf741c90cee2519632b821fbb517113e08d90f6117647a9cffc5aa2338c7e484faf2a319e5fd5b0ffb747f00871e2a48196d5aa6d4aa68562a9e7ee3f7480cffd7645479ab645a6f13e6c3141900f09f7da620186a8fa03f8b83895f0e278f13ae05554ed4be0c1a29a579a046a5b2d80d3345f1a9b22e9d2c9996bd34691ab8e1e3d15cecc19cf06198cea6a36618e2b534e7332ef9f77c9b5f5fb4b5320bd4e453b3dda2ba6218eb0bd239d308ad7817ae6e1fbe6faf85fd334e6a3c4bea53857972993669f4f9a4ca7315c94399a3"}, {0xdd, 0xa2, "01a6ea14bb8e53e3856c898861550a10068389e14822ad8e3e6539dbc74d1430503025d71b493a7e1f82c527e022be098a7156b3aef5b6e7dd91a5cd7d2f0fb811cc99c7ef2d8d9a3992b247d5f45ee75370f63e69b8e6dfa378451a8c8018ac7c416f11f2de42fc92059b05d4dc83b3583cd2d80298c1b031be3e63269008ddb365a77673b3da49c8d1630d0b16ee1767c32886adb0e804dd9aa230230de1754cd4"}, {0xdd, 0xc7, "e235ca25a5720a606bccee1aefc36679e13ef1651c6d3b0bf44fec83b182dc7af546b6cd94e6309916c24b14154370c757660d1d88bc048f67d238f1dc80d191efe1470cd5c25551755669a22e3cba8a51421493f9c3a3d567ac3651bd64aed3ade661b510cc8a306315430b349a45d373d9fad4f08d0cc67d3d1d18a8cc7f34ef27fb9189048008e53c03dd280e685e38705842e568f5c63db2e17632870ff0ed9e6586844788cbc2434805c688cc9849dde97196cbb005e6aba11d5614413f326a9eb3d04c59"}, {0xdd, 0x58, "352d03c93448b921ce2007a98731d7b6e9af88dd72b82af7968a55eee7229bad98ac95b63da82bd4d6ffe0e2a115e525502ecb3dc486735b0b3ca47f272b16b0fa5b493031d73f62355244cfba23cdc673c2c4571a911860"}, {0xdd, 0x69, "296c126f49c898e80cf1f060b85ad0ce8585ae3f36dbb5a3b683fc4ae1c51c4518d0b394bc200dafe99bfb3768818eb2889a6385bb4712545dd9e624e8ff49fd147b84b83809221359540f6c7c8d051b28ae40654b4971042c16e132d38db007fb61f119301ac0d30a"}, {0xdd, 0x64, "c261cf9a377c98b7535bc24cd894659286db958dd0bc7a40af4c18df2780b3bb61b42fc91deb49259244efefda435aeb2c6256fb1e2d0510f6b124a7385d63edc1a903ecab13a610d1756553dbe57e82384151e52f8aaaf0e0415a063c8b686e12d42730"}, {0xdd, 0xe0, "3254be65455da56a36c60e69b127b89673cd79c02409a77d6d52fe8382bf0ba843c22d3cca5b2310193cf43bee49a397a7811faf949c5ab353c992e0281050fd1b4cfc2d3f5f7fa4cbaa812b33db919c9c579e9ede2a6333e44fbe60bf753cdd940a08f52f8bb47d31018e2600bce8063073d536d6bbd6bb25154e1cb6381f6fd3a5bcbba5efd44a56224921ec4bc1c503b15f5fb575f36e4740f0156d0c8bc8c35222f740a59cd34c88ce3791f089f2ee20f68afe0662e6a8a61ad45831a623277601097d8dfa2e991d16c4fc544e4e5f699d798a35adb733e50153e307e5ab"}, {0xdd, 0xdf, "5af0266d4c8be85332076db4f8e214ae9e74bb391deedb7a26b9daf5c75cd15673e2152d7907d498586fb8ee2d597b5984ed12f5ef481f37a434612d9e4114ead0d46649dae70b06cecfdbbbaccd78f03005fea4dd31e85cfbe5757b7a4d9031a78c075485aae954e7ce0f33ecaab4f892e47d07ab79a1a9610ed5f076c2ec8569dca2b1d78fef8c63e0e6a1528e8f6552266063f4df6754d2f6bbe0b6cca3359a8ef14def1b47fffb46234b8eb99c3da4c796e03403b0f217a671f901fcde66031538713e500d5d352e3dbf1f84e45fd1e0dba0d33cce1781bf2c530ead36"}, {0xdd, 0x11, "d7ed86cea7f018e8d3b65e5c31991462d2"}, {0xdd, 0x8, "262232edab94b39a"}]}}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x13}]]}, 0x5bc}, 0x1, 0x0, 0x0, 0x40004}, 0x1) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000400)={r7, &(0x7f0000000340), &(0x7f0000000380)=""/67, 0x4}, 0x20) sendmsg$nl_route(r1, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="280000001e000100000000000000000007000000", @ANYRES8=r3, @ANYBLOB="00020000fed800"], 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040000) kernel console output (not intermixed with test programs): .031381][T31443] bond_slave_0: entered promiscuous mode [ 747.039858][T31443] bond_slave_1: entered promiscuous mode [ 747.056195][T31443] bridge_slave_1: entered promiscuous mode [ 747.062355][T31443] bond0: entered allmulticast mode [ 747.086291][T31443] bond_slave_0: entered allmulticast mode [ 747.104594][T31443] bond_slave_1: entered allmulticast mode [ 747.127671][T31443] bridge_slave_1: entered allmulticast mode [ 747.151843][T31443] 8021q: adding VLAN 0 to HW filter on device bond0 [ 747.276328][ T1303] clip:clip_start_xmit: skb_dst(skb) == NULL [ 747.352319][T31455] netlink: 'syz.3.8131': attribute type 2 has an invalid length. [ 747.589563][T31470] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8136'. [ 747.979516][T31490] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8145'. [ 748.063204][T31492] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input10 [ 748.142857][T31495] netlink: 24 bytes leftover after parsing attributes in process `syz.2.8146'. [ 748.156396][T31495] tipc: New replicast peer: 255.255.255.255 [ 748.166153][T31495] tipc: Enabled bearer , priority 10 [ 749.286158][ T5945] tipc: Node number set to 3682169151 [ 749.348002][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 749.860575][T31603] netlink: 'syz.0.8178': attribute type 11 has an invalid length. [ 750.341133][T31626] netlink: 'syz.0.8187': attribute type 10 has an invalid length. [ 750.359563][T31626] team0: Port device geneve0 added [ 750.432785][T31630] tipc: Enabling of bearer rejected, failed to enable media [ 750.580220][T31641] __nla_validate_parse: 6 callbacks suppressed [ 750.580237][T31641] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8193'. [ 750.814192][T31653] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8197'. [ 750.932657][T31659] netlink: 48 bytes leftover after parsing attributes in process `syz.1.8198'. [ 751.045274][T31664] netlink: 4388 bytes leftover after parsing attributes in process `syz.2.8201'. [ 751.436176][T31690] netlink: 60 bytes leftover after parsing attributes in process `syz.3.8211'. [ 751.483407][T31689] netlink: 60 bytes leftover after parsing attributes in process `syz.3.8211'. [ 751.539519][T31700] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode balance-alb(6) [ 751.925050][T31735] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8222'. [ 752.023647][T31745] netlink: 'syz.3.8225': attribute type 1 has an invalid length. [ 752.079771][T31749] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8227'. [ 752.512038][T31775] netlink: 28 bytes leftover after parsing attributes in process `syz.0.8236'. [ 752.608296][T31779] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 752.677260][T31785] veth0: entered promiscuous mode [ 752.709109][T31782] veth0: left promiscuous mode [ 753.091222][T31811] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8250'. [ 753.888392][T31850] 8021q: adding VLAN 0 to HW filter on device bond6 [ 753.929684][T31850] team0: Port device bond6 added [ 754.226631][T31877] syzkaller0: entered promiscuous mode [ 754.232148][T31877] syzkaller0: entered allmulticast mode [ 754.369371][T31881] dvmrp0: entered allmulticast mode [ 754.698189][T31900] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 755.046960][T31924] lo speed is unknown, defaulting to 1000 [ 755.069499][T31924] lo speed is unknown, defaulting to 1000 [ 755.095498][T31924] lo speed is unknown, defaulting to 1000 [ 755.162569][T31924] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 755.278747][T31924] lo speed is unknown, defaulting to 1000 [ 755.307143][T31924] lo speed is unknown, defaulting to 1000 [ 755.334709][T31924] lo speed is unknown, defaulting to 1000 [ 755.364574][T31924] lo speed is unknown, defaulting to 1000 [ 755.432283][T31924] lo speed is unknown, defaulting to 1000 [ 755.445344][T31924] lo speed is unknown, defaulting to 1000 [ 755.454497][T31924] lo speed is unknown, defaulting to 1000 [ 755.463996][T31924] lo speed is unknown, defaulting to 1000 [ 755.525439][T31948] netlink: 'syz.4.8299': attribute type 1 has an invalid length. [ 755.544805][T31948] netlink: 'syz.4.8299': attribute type 3 has an invalid length. [ 755.566825][T31948] NCSI netlink: No device for ifindex 813332851 [ 755.722370][T31964] __nla_validate_parse: 4 callbacks suppressed [ 755.722395][T31964] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8304'. [ 755.723044][T31961] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8304'. [ 755.920010][T31972] FAULT_INJECTION: forcing a failure. [ 755.920010][T31972] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 755.946955][T31972] CPU: 1 UID: 0 PID: 31972 Comm: syz.0.8310 Not tainted 6.17.0-rc1-syzkaller-00125-g79116acb75e1 #0 PREEMPT(full) [ 755.946987][T31972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 755.946999][T31972] Call Trace: [ 755.947007][T31972] [ 755.947016][T31972] dump_stack_lvl+0x189/0x250 [ 755.947041][T31972] ? __pfx____ratelimit+0x10/0x10 [ 755.947063][T31972] ? __pfx_dump_stack_lvl+0x10/0x10 [ 755.947084][T31972] ? __pfx__printk+0x10/0x10 [ 755.947108][T31972] ? __might_fault+0xb0/0x130 [ 755.947143][T31972] should_fail_ex+0x414/0x560 [ 755.947172][T31972] _copy_from_user+0x2d/0xb0 [ 755.947194][T31972] __sys_sendto+0x25c/0x520 [ 755.947224][T31972] ? __pfx___sys_sendto+0x10/0x10 [ 755.947246][T31972] ? __mutex_unlock_slowpath+0x1a1/0x760 [ 755.947285][T31972] ? __fget_files+0x3a0/0x420 [ 755.947314][T31972] ? ksys_write+0x22a/0x250 [ 755.947340][T31972] ? __pfx_ksys_write+0x10/0x10 [ 755.947360][T31972] ? rcu_is_watching+0x15/0xb0 [ 755.947384][T31972] __x64_sys_sendto+0xde/0x100 [ 755.947413][T31972] do_syscall_64+0xfa/0x3b0 [ 755.947436][T31972] ? lockdep_hardirqs_on+0x9c/0x150 [ 755.947459][T31972] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 755.947478][T31972] ? clear_bhb_loop+0x60/0xb0 [ 755.947500][T31972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 755.947518][T31972] RIP: 0033:0x7f415fd8ebe9 [ 755.947536][T31972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 755.947552][T31972] RSP: 002b:00007f4160b21038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 755.947574][T31972] RAX: ffffffffffffffda RBX: 00007f415ffb5fa0 RCX: 00007f415fd8ebe9 [ 755.947589][T31972] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 755.947601][T31972] RBP: 00007f4160b21090 R08: 00002000000000c0 R09: 000000000000001c [ 755.947614][T31972] R10: 0000000020000004 R11: 0000000000000246 R12: 0000000000000001 [ 755.947627][T31972] R13: 00007f415ffb6038 R14: 00007f415ffb5fa0 R15: 00007ffd84ee6238 [ 755.947659][T31972] [ 755.993981][T31975] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8311'. [ 756.660908][T32019] FAULT_INJECTION: forcing a failure. [ 756.660908][T32019] name failslab, interval 1, probability 0, space 0, times 0 [ 756.707507][T32019] CPU: 1 UID: 0 PID: 32019 Comm: syz.1.8324 Not tainted 6.17.0-rc1-syzkaller-00125-g79116acb75e1 #0 PREEMPT(full) [ 756.707531][T32019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 756.707541][T32019] Call Trace: [ 756.707549][T32019] [ 756.707556][T32019] dump_stack_lvl+0x189/0x250 [ 756.707578][T32019] ? __pfx____ratelimit+0x10/0x10 [ 756.707598][T32019] ? __pfx_dump_stack_lvl+0x10/0x10 [ 756.707617][T32019] ? __pfx__printk+0x10/0x10 [ 756.707642][T32019] ? __pfx___might_resched+0x10/0x10 [ 756.707656][T32019] ? fs_reclaim_acquire+0x7d/0x100 [ 756.707693][T32019] should_fail_ex+0x414/0x560 [ 756.707720][T32019] should_failslab+0xa8/0x100 [ 756.707742][T32019] __kmalloc_cache_noprof+0x70/0x3d0 [ 756.707761][T32019] ? tcp_sendmsg_fastopen+0x1de/0x5e0 [ 756.707784][T32019] tcp_sendmsg_fastopen+0x1de/0x5e0 [ 756.707813][T32019] tcp_sendmsg_locked+0x4d9b/0x5620 [ 756.707836][T32019] ? tcp_sendmsg_locked+0x4e1/0x5620 [ 756.707858][T32019] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 756.707908][T32019] ? __lock_acquire+0xab9/0xd20 [ 756.707942][T32019] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 756.707961][T32019] ? __local_bh_enable_ip+0x12d/0x1c0 [ 756.707983][T32019] ? __local_bh_enable_ip+0x12d/0x1c0 [ 756.708011][T32019] tcp_sendmsg+0x2f/0x50 [ 756.708031][T32019] __sock_sendmsg+0xe5/0x270 [ 756.708055][T32019] __sys_sendto+0x3bd/0x520 [ 756.708080][T32019] ? __pfx___sys_sendto+0x10/0x10 [ 756.708100][T32019] ? __mutex_unlock_slowpath+0x1a1/0x760 [ 756.708137][T32019] ? __fget_files+0x3a0/0x420 [ 756.708164][T32019] ? ksys_write+0x22a/0x250 [ 756.708188][T32019] ? __pfx_ksys_write+0x10/0x10 [ 756.708206][T32019] ? rcu_is_watching+0x15/0xb0 [ 756.708229][T32019] __x64_sys_sendto+0xde/0x100 [ 756.708254][T32019] do_syscall_64+0xfa/0x3b0 [ 756.708276][T32019] ? lockdep_hardirqs_on+0x9c/0x150 [ 756.708296][T32019] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.708313][T32019] ? clear_bhb_loop+0x60/0xb0 [ 756.708334][T32019] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.708350][T32019] RIP: 0033:0x7f3e8238ebe9 [ 756.708366][T32019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 756.708379][T32019] RSP: 002b:00007f3e83162038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 756.708397][T32019] RAX: ffffffffffffffda RBX: 00007f3e825b5fa0 RCX: 00007f3e8238ebe9 [ 756.708410][T32019] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 756.708419][T32019] RBP: 00007f3e83162090 R08: 00002000000000c0 R09: 000000000000001c [ 756.708430][T32019] R10: 0000000020000004 R11: 0000000000000246 R12: 0000000000000001 [ 756.708442][T32019] R13: 00007f3e825b6038 R14: 00007f3e825b5fa0 R15: 00007ffc6420e3c8 [ 756.708472][T32019] [ 757.126444][T32037] netlink: 72 bytes leftover after parsing attributes in process `syz.0.8329'. [ 757.158249][T32037] netlink: 72 bytes leftover after parsing attributes in process `syz.0.8329'. [ 757.168890][T32040] netlink: 36 bytes leftover after parsing attributes in process `syz.4.8327'. [ 757.189687][T32039] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8332'. [ 757.286096][T32046] netlink: 36 bytes leftover after parsing attributes in process `syz.4.8327'. [ 757.445085][T32060] netlink: 'syz.2.8338': attribute type 39 has an invalid length. [ 757.573085][T32065] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8340'. [ 757.590300][ T5952] IPVS: starting estimator thread 0... [ 757.597565][T32067] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold [ 757.685218][T32070] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8339'. [ 757.705789][T32068] IPVS: using max 32 ests per chain, 76800 per kthread [ 757.773851][T32072] FAULT_INJECTION: forcing a failure. [ 757.773851][T32072] name failslab, interval 1, probability 0, space 0, times 0 [ 757.796703][T32072] CPU: 1 UID: 0 PID: 32072 Comm: syz.3.8341 Not tainted 6.17.0-rc1-syzkaller-00125-g79116acb75e1 #0 PREEMPT(full) [ 757.796727][T32072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 757.796738][T32072] Call Trace: [ 757.796745][T32072] [ 757.796753][T32072] dump_stack_lvl+0x189/0x250 [ 757.796779][T32072] ? __pfx____ratelimit+0x10/0x10 [ 757.796800][T32072] ? __pfx_dump_stack_lvl+0x10/0x10 [ 757.796820][T32072] ? __pfx__printk+0x10/0x10 [ 757.796856][T32072] should_fail_ex+0x414/0x560 [ 757.796883][T32072] should_failslab+0xa8/0x100 [ 757.796910][T32072] kmem_cache_alloc_noprof+0x73/0x3c0 [ 757.796933][T32072] ? __inet_bhash2_update_saddr+0x1bb/0x1ac0 [ 757.796964][T32072] __inet_bhash2_update_saddr+0x1bb/0x1ac0 [ 757.797007][T32072] ? xfrm_lookup_route+0x103/0x1c0 [ 757.797031][T32072] tcp_v6_connect+0xe24/0x1870 [ 757.797068][T32072] ? __pfx_tcp_v6_connect+0x10/0x10 [ 757.797085][T32072] ? tcp_sendmsg_fastopen+0x1de/0x5e0 [ 757.797105][T32072] ? __sock_sendmsg+0xe5/0x270 [ 757.797124][T32072] ? __sys_sendto+0x3bd/0x520 [ 757.797176][T32072] __inet_stream_connect+0x2ae/0xe80 [ 757.797211][T32072] ? __pfx___inet_stream_connect+0x10/0x10 [ 757.797236][T32072] ? __kasan_kmalloc+0x93/0xb0 [ 757.797262][T32072] ? tcp_sendmsg_fastopen+0x1de/0x5e0 [ 757.797288][T32072] tcp_sendmsg_fastopen+0x3a7/0x5e0 [ 757.797317][T32072] tcp_sendmsg_locked+0x4d9b/0x5620 [ 757.797338][T32072] ? bpf_trace_run4+0x19c/0x4a0 [ 757.797361][T32072] ? tcp_sendmsg_locked+0x4e1/0x5620 [ 757.797386][T32072] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 757.797422][T32072] ? bpf_trace_run4+0x19c/0x4a0 [ 757.797457][T32072] ? __lock_acquire+0xab9/0xd20 [ 757.797495][T32072] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 757.797534][T32072] ? __local_bh_enable_ip+0x12d/0x1c0 [ 757.797564][T32072] ? __local_bh_enable_ip+0x12d/0x1c0 [ 757.797595][T32072] tcp_sendmsg+0x2f/0x50 [ 757.797617][T32072] __sock_sendmsg+0xe5/0x270 [ 757.797642][T32072] __sys_sendto+0x3bd/0x520 [ 757.797667][T32072] ? __pfx___sys_sendto+0x10/0x10 [ 757.797732][T32072] __x64_sys_sendto+0xde/0x100 [ 757.797758][T32072] do_syscall_64+0xfa/0x3b0 [ 757.797783][T32072] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 757.797801][T32072] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 757.797818][T32072] ? clear_bhb_loop+0x60/0xb0 [ 757.797839][T32072] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 757.797857][T32072] RIP: 0033:0x7f0c7298ebe9 [ 757.797874][T32072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 757.797889][T32072] RSP: 002b:00007f0c7378e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 757.797909][T32072] RAX: ffffffffffffffda RBX: 00007f0c72bb5fa0 RCX: 00007f0c7298ebe9 [ 757.797923][T32072] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 757.797934][T32072] RBP: 00007f0c7378e090 R08: 00002000000000c0 R09: 000000000000001c [ 757.797947][T32072] R10: 0000000020000004 R11: 0000000000000246 R12: 0000000000000001 [ 757.797958][T32072] R13: 00007f0c72bb6038 R14: 00007f0c72bb5fa0 R15: 00007fffdf1d99a8 [ 757.797989][T32072] [ 758.787980][T32109] netlink: 'syz.4.8352': attribute type 29 has an invalid length. [ 758.798191][T32109] netlink: 'syz.4.8352': attribute type 29 has an invalid length. [ 758.971559][T32115] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 759.195553][T32135] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 759.260224][T32140] netlink: 'syz.2.8361': attribute type 1 has an invalid length. [ 759.434631][T32145] netlink: 'syz.2.8362': attribute type 33 has an invalid length. [ 759.575330][T32157] tipc: Enabled bearer , priority 0 [ 759.612665][T32156] tipc: Disabling bearer [ 759.658128][T32163] dvmrp0: entered allmulticast mode [ 759.731729][T32167] dvmrp0: left allmulticast mode [ 759.772478][T32167] syz_tun: left allmulticast mode [ 759.864983][T32172] 8021q: adding VLAN 0 to HW filter on device bond7 [ 759.882226][T32170] tipc: Enabled bearer , priority 0 [ 759.898047][T32170] tipc: Resetting bearer [ 759.924490][T32174] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 759.966695][T32181] sctp: [Deprecated]: syz.2.8375 (pid 32181) Use of int in max_burst socket option. [ 759.966695][T32181] Use struct sctp_assoc_value instead [ 760.075570][T32178] bond4: (slave veth0_to_bond): Releasing backup interface [ 760.088391][T32178] bond7: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 760.159224][T32169] tipc: Disabling bearer [ 760.201427][T32184] tipc: Enabling of bearer rejected, failed to enable media [ 760.323252][T32184] 8021q: adding VLAN 0 to HW filter on device bond8 [ 760.335081][T32184] bond0: (slave bond8): Enslaving as an active interface with an up link [ 760.692766][T32212] sctp: [Deprecated]: syz.0.8386 (pid 32212) Use of int in max_burst socket option deprecated. [ 760.692766][T32212] Use struct sctp_assoc_value instead [ 760.704880][T32213] syzkaller0: entered promiscuous mode [ 760.746430][T32213] syzkaller0: entered allmulticast mode [ 761.105421][T32244] __nla_validate_parse: 9 callbacks suppressed [ 761.105449][T32244] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8397'. [ 761.142751][T32245] tipc: Enabled bearer , priority 0 [ 761.188492][T32242] tipc: Disabling bearer [ 761.314425][T32256] netlink: 'syz.1.8402': attribute type 1 has an invalid length. [ 761.338696][T32256] netlink: 'syz.1.8402': attribute type 2 has an invalid length. [ 761.368326][T32261] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8403'. [ 761.396815][T32261] netlink: 56 bytes leftover after parsing attributes in process `syz.4.8403'. [ 767.768323][T31990] tipc: Resetting bearer [ 767.928970][T31990] tipc: Disabling bearer [ 767.989421][T31990] bond12 (unregistering): (slave gretap1): Releasing backup interface [ 768.041013][T31990] bond10 (unregistering): (slave geneve3): Releasing active interface [ 768.350003][T31990] bond0 (unregistering): Released all slaves [ 768.456821][T31990] bond1 (unregistering): Released all slaves [ 768.563371][T31990] bond2 (unregistering): Released all slaves [ 768.673344][T31990] bond3 (unregistering): Released all slaves [ 768.778084][T31990] bond4 (unregistering): Released all slaves [ 768.881165][T31990] bond5 (unregistering): Released all slaves [ 768.990553][T31990] bond6 (unregistering): Released all slaves [ 769.097875][T31990] bond7 (unregistering): Released all slaves [ 769.209269][T31990] bond8 (unregistering): Released all slaves [ 769.315743][T31990] bond9 (unregistering): Released all slaves [ 769.328620][T31990] bond10 (unregistering): Released all slaves [ 769.440062][T31990] bond11 (unregistering): Released all slaves [ 769.455121][T31990] bond12 (unregistering): Released all slaves [ 769.571957][T31990] bond13 (unregistering): Released all slaves [ 769.680010][T31990] bond14 (unregistering): Released all slaves [ 769.787238][T31990] bond15 (unregistering): Released all slaves [ 769.896528][T31990] bond16 (unregistering): Released all slaves [ 770.001149][T31990] bond17 (unregistering): Released all slaves [ 770.104398][T31990] bond18 (unregistering): Released all slaves [ 770.212382][T31990] bond19 (unregistering): (slave veth0_to_bond): Releasing backup interface [ 770.225165][T31990] bond19 (unregistering): Released all slaves [ 770.401295][T31990] tipc: Left network mode [ 770.815295][T31990] hsr_slave_0: left promiscuous mode [ 770.821628][T31990] hsr_slave_1: left promiscuous mode [ 770.841266][T31990] veth1_macvtap: left promiscuous mode [ 770.847680][T31990] veth0_macvtap: left promiscuous mode [ 770.853506][T31990] veth1_vlan: left promiscuous mode [ 770.859250][T31990] veth0_vlan: left promiscuous mode [ 772.017759][T31990] IPVS: stop unused estimator thread 0... [ 803.801960][T32285] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8411'. [ 803.826219][T32284] netlink: 32 bytes leftover after parsing attributes in process `syz.0.8408'. [ 803.855858][T32286] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8410'. [ 803.955020][T32294] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8415'. [ 804.253481][T32319] netlink: 32 bytes leftover after parsing attributes in process `syz.1.8424'. [ 804.402301][T32329] netlink: 48 bytes leftover after parsing attributes in process `syz.1.8426'. [ 804.515179][T32338] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8429'. [ 804.530748][T32338] netlink: 52 bytes leftover after parsing attributes in process `syz.4.8429'. [ 804.673119][T32347] netlink: 36 bytes leftover after parsing attributes in process `syz.1.8432'. [ 804.741938][T32351] IPVS: set_ctl: invalid protocol: 8 255.255.255.255:20001 [ 804.876575][T32355] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8436'. [ 805.583708][T32393] netlink: 'syz.0.8445': attribute type 21 has an invalid length. [ 805.609878][T32393] netlink: 'syz.0.8445': attribute type 21 has an invalid length. [ 805.631794][T31992] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 805.645286][T31992] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 805.662445][T31992] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 805.672001][T31992] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 805.739902][T32396] netlink: 'syz.3.8448': attribute type 1 has an invalid length. [ 805.757729][T32396] netlink: 'syz.3.8448': attribute type 2 has an invalid length. [ 805.786468][T32396] scsi_nl_rcv_msg: discarding partial skb [ 805.960789][T32408] netlink: 'syz.3.8452': attribute type 6 has an invalid length. [ 806.313950][T32427] netlink: 'syz.4.8460': attribute type 1 has an invalid length. [ 806.322540][T32427] netlink: 'syz.4.8460': attribute type 1 has an invalid length. [ 806.607496][T32449] netlink: 'syz.0.8466': attribute type 10 has an invalid length. [ 806.653121][T32449] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 806.914374][T32468] netlink: 'syz.3.8472': attribute type 2 has an invalid length. [ 807.538836][T32512] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 807.554359][T32510] netlink: 'syz.2.8485': attribute type 3 has an invalid length. [ 807.619668][T32515] 8021q: adding VLAN 0 to HW filter on device bond3 [ 807.632448][T32520] bond3: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 807.652671][T32510] tipc: Enabled bearer , priority 0 [ 807.678219][T32510] syzkaller0: entered promiscuous mode [ 807.686444][T32510] syzkaller0: entered allmulticast mode [ 807.703382][T32510] tipc: Resetting bearer [ 807.911013][T32507] tipc: Resetting bearer [ 807.945462][T32507] tipc: Disabling bearer [ 808.520865][T32571] 8021q: adding VLAN 0 to HW filter on device bond5 [ 808.569197][T32573] bond5: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 808.713997][ T1303] clip:clip_start_xmit: skb_dst(skb) == NULL [ 809.277950][T32614] __nla_validate_parse: 153 callbacks suppressed [ 809.277970][T32614] netlink: 48 bytes leftover after parsing attributes in process `syz.2.8512'. [ 809.531108][T32633] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8518'. [ 809.547649][T32633] macsec0: entered promiscuous mode [ 809.561341][T32633] macsec0: entered allmulticast mode [ 809.578527][T32633] veth1_macvtap: entered allmulticast mode [ 809.602536][T32633] macsec0: left promiscuous mode [ 809.611175][T32633] macsec0: left allmulticast mode [ 809.617499][T32633] veth1_macvtap: left allmulticast mode [ 809.637570][T32633] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8518'. [ 809.670231][T32633] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8518'. [ 809.719032][T32641] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8520'. [ 809.919139][T32651] bond7: (slave veth0_to_bond): Releasing backup interface [ 809.997813][T32657] tipc: Enabled bearer , priority 0 [ 810.008960][T32657] syzkaller0: entered promiscuous mode [ 810.014460][T32657] syzkaller0: entered allmulticast mode [ 810.054654][T32657] tipc: Resetting bearer [ 810.078538][T32656] tipc: Resetting bearer [ 810.137626][T32656] tipc: Disabling bearer [ 810.274029][T32674] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8529'. [ 810.293959][T32672] netlink: 100 bytes leftover after parsing attributes in process `syz.1.8529'. [ 810.305272][T32674] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8529'. [ 810.361031][T32682] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8532'. [ 810.371463][T32679] netlink: 64 bytes leftover after parsing attributes in process `syz.0.8531'. [ 810.461642][T32682] 8021q: adding VLAN 0 to HW filter on device bond6 [ 810.504640][T32687] bond5: (slave veth0_to_bond): Releasing backup interface [ 810.543319][T32687] bond6: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 810.735199][T32705] bridge0: port 1(bridge_slave_0) entered disabled state [ 810.757411][T32702] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input11 [ 810.944979][T32715] validate_nla: 4 callbacks suppressed [ 810.944998][T32715] netlink: 'syz.0.8541': attribute type 10 has an invalid length. [ 811.073222][T32715] bond0: (slave geneve1): Enslaving as an active interface with an up link [ 811.328211][T32732] 8021q: adding VLAN 0 to HW filter on device bond9 [ 811.372737][T32737] bond8: (slave veth0_to_bond): Releasing backup interface [ 811.402619][T32737] bond9: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 811.448667][T32743] unknown channel width for channel at 909000KHz? [ 811.788060][T32754] syzkaller0: entered promiscuous mode [ 811.804044][T32754] syzkaller0: entered allmulticast mode [ 811.834821][T32762] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 811.928608][ T300] netlink: 'syz.3.8556': attribute type 2 has an invalid length. [ 812.306755][ T308] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 813.695307][ T312] 8021q: adding VLAN 0 to HW filter on device bond9 [ 813.748459][ T313] bond9: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 814.031608][ T342] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 814.112989][ T348] netlink: 'syz.0.8574': attribute type 1 has an invalid length. [ 814.274349][ T348] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 814.281101][ T353] bond10: (slave gretap1): making interface the new active one [ 814.317056][ T353] bond10: (slave gretap1): Enslaving as an active interface with an up link [ 814.631227][ T381] __nla_validate_parse: 19 callbacks suppressed [ 814.631246][ T381] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8583'. [ 814.635586][ T383] tipc: Resetting bearer [ 814.698899][ T381] netlink: 'syz.2.8583': attribute type 1 has an invalid length. [ 814.728010][ T381] netlink: 224 bytes leftover after parsing attributes in process `syz.2.8583'. [ 814.960039][ T400] netlink: 24 bytes leftover after parsing attributes in process `syz.4.8590'. [ 815.125342][ T407] siw: device registration error -23 [ 815.213481][ T411] netlink: 'syz.3.8593': attribute type 3 has an invalid length. [ 815.532594][ T434] macvlan0: entered promiscuous mode [ 815.555991][ T434] macvlan0: entered allmulticast mode [ 815.565442][ T434] veth1_to_bond: entered promiscuous mode [ 815.586719][ T434] veth1_to_bond: entered allmulticast mode [ 815.599121][ T434] team0: Port device macvlan0 added [ 815.636712][ T437] tipc: Enabled bearer , priority 0 [ 815.710726][ T435] tipc: Disabling bearer [ 815.874444][ T462] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8608'. [ 815.922267][ T464] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8608'. [ 815.923446][ T462] netlink: 'syz.3.8608': attribute type 21 has an invalid length. [ 815.964766][ T464] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8608'. [ 815.995098][ T469] netlink: 'syz.4.8611': attribute type 1 has an invalid length. [ 816.005039][ T469] netlink: 'syz.4.8611': attribute type 3 has an invalid length. [ 816.032170][ T469] netlink: 224 bytes leftover after parsing attributes in process `syz.4.8611'. [ 816.041730][ T462] netlink: 128 bytes leftover after parsing attributes in process `syz.3.8608'. [ 816.051973][ T469] NCSI netlink: No device for ifindex 131080 [ 816.057172][ T462] netlink: 'syz.3.8608': attribute type 5 has an invalid length. [ 816.072629][ T462] netlink: 3 bytes leftover after parsing attributes in process `syz.3.8608'. [ 816.383468][ T492] netlink: 'syz.3.8619': attribute type 21 has an invalid length. [ 816.383833][ T486] netlink: 'syz.2.8615': attribute type 1 has an invalid length. [ 816.395796][ T492] netlink: 128 bytes leftover after parsing attributes in process `syz.3.8619'. [ 816.409166][ T492] netlink: 'syz.3.8619': attribute type 4 has an invalid length. [ 816.422651][ T492] netlink: 'syz.3.8619': attribute type 5 has an invalid length. [ 816.439599][ T492] netlink: 'syz.3.8619': attribute type 21 has an invalid length. [ 816.452106][ T492] netlink: 'syz.3.8619': attribute type 4 has an invalid length. [ 816.469738][ T492] netlink: 'syz.3.8619': attribute type 5 has an invalid length. [ 816.558430][ T44] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 816.583569][ T501] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 816.627251][ T499] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 816.931842][ T520] 8021q: VLANs not supported on wg1 [ 817.131593][ T535] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge_slave_0, syncid = 0, id = 0 [ 817.290355][ T545] syz_tun: tun_net_xmit 86 [ 817.798989][ T572] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 818.305961][ C1] syz_tun: tun_net_xmit 86 [ 818.691059][ T611] 8021q: adding VLAN 0 to HW filter on device bond8 [ 818.754873][ T615] bond7: (slave veth0_to_bond): Releasing backup interface [ 818.797342][ T30] audit: type=1800 audit(1755289377.058:7): pid=623 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.8662" name="memory.events" dev="tmpfs" ino=2069 res=0 errno=0 [ 818.806055][ T623] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 818.856223][ T615] bond8: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 818.866214][ T30] audit: type=1804 audit(1755289377.068:8): pid=623 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.8662" name="/newroot/406/memory.events" dev="tmpfs" ino=2069 res=1 errno=0 [ 818.977723][ T627] tipc: Enabled bearer , priority 0 [ 819.188287][ T627] syzkaller0: entered promiscuous mode [ 819.221027][ T627] syzkaller0: entered allmulticast mode [ 819.249523][ T627] tipc: Resetting bearer [ 819.306143][ T641] IPv6: NLM_F_CREATE should be specified when creating new route [ 819.338471][ T641] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 819.338530][ T626] tipc: Resetting bearer [ 819.346020][ C1] syz_tun: tun_net_xmit 86 [ 819.351820][ T641] IPv6: NLM_F_CREATE should be set when creating new route [ 819.363615][ T641] IPv6: NLM_F_CREATE should be set when creating new route [ 819.370870][ T641] IPv6: NLM_F_CREATE should be set when creating new route [ 821.173737][ T626] tipc: Disabling bearer [ 821.208440][ T659] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 821.254310][ T643] lo speed is unknown, defaulting to 1000 [ 821.404895][ T674] __nla_validate_parse: 15 callbacks suppressed [ 821.404914][ T674] netlink: 24 bytes leftover after parsing attributes in process `syz.0.8678'. [ 821.485847][ T674] netlink: 7816 bytes leftover after parsing attributes in process `syz.0.8678'. [ 821.504109][ T674] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8678'. [ 821.529794][ T674] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 821.679784][ T692] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8683'. [ 821.693599][ T691] tipc: Enabled bearer , priority 0 [ 821.774497][ T688] tipc: Disabling bearer [ 821.790233][ T696] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input12 [ 821.861390][ T701] validate_nla: 2 callbacks suppressed [ 821.861410][ T701] netlink: 'syz.4.8688': attribute type 28 has an invalid length. [ 821.880406][ T701] netlink: 'syz.4.8688': attribute type 3 has an invalid length. [ 821.900586][ T696] netlink: 'syz.1.8687': attribute type 6 has an invalid length. [ 821.924877][ T701] netlink: 132 bytes leftover after parsing attributes in process `syz.4.8688'. [ 822.100273][ T713] netlink: 48 bytes leftover after parsing attributes in process `syz.0.8692'. [ 822.113175][ T715] netlink: 48 bytes leftover after parsing attributes in process `syz.0.8692'. [ 822.318830][ T725] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8697'. [ 822.420688][ T734] tipc: Enabled bearer , priority 0 [ 822.446745][ T733] tipc: Disabling bearer [ 822.639303][ T749] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 822.683516][ T750] netlink: 32 bytes leftover after parsing attributes in process `syz.1.8703'. [ 822.714047][ T750] netlink: 32 bytes leftover after parsing attributes in process `syz.1.8703'. [ 822.770935][ T755] openvswitch: netlink: IPv4 tun info is not correct [ 822.975280][ T770] tipc: Enabled bearer , priority 0 [ 822.993133][ T770] syzkaller0: entered promiscuous mode [ 823.004608][ T770] syzkaller0: entered allmulticast mode [ 823.125063][ T770] tipc: Resetting bearer [ 823.232226][ T787] FAULT_INJECTION: forcing a failure. [ 823.232226][ T787] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 823.252541][ T769] tipc: Resetting bearer [ 823.253037][ T787] CPU: 0 UID: 0 PID: 787 Comm: syz.4.8718 Not tainted 6.17.0-rc1-syzkaller-00125-g79116acb75e1 #0 PREEMPT(full) [ 823.253060][ T787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 823.253071][ T787] Call Trace: [ 823.253079][ T787] [ 823.253088][ T787] dump_stack_lvl+0x189/0x250 [ 823.253114][ T787] ? __pfx____ratelimit+0x10/0x10 [ 823.253138][ T787] ? __pfx_dump_stack_lvl+0x10/0x10 [ 823.253167][ T787] ? __pfx__printk+0x10/0x10 [ 823.253191][ T787] ? __might_fault+0xb0/0x130 [ 823.253224][ T787] should_fail_ex+0x414/0x560 [ 823.253253][ T787] _copy_from_iter+0x1db/0x16f0 [ 823.253275][ T787] ? rcu_is_watching+0x15/0xb0 [ 823.253295][ T787] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 823.253319][ T787] ? __pfx__copy_from_iter+0x10/0x10 [ 823.253338][ T787] ? __build_skb_around+0x257/0x3e0 [ 823.253366][ T787] ? netlink_sendmsg+0x642/0xb30 [ 823.253388][ T787] ? skb_put+0x11b/0x210 [ 823.253407][ T787] netlink_sendmsg+0x6b2/0xb30 [ 823.253439][ T787] ? __pfx_netlink_sendmsg+0x10/0x10 [ 823.253465][ T787] ? aa_sock_msg_perm+0xf1/0x1d0 [ 823.253492][ T787] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 823.253510][ T787] ? __pfx_netlink_sendmsg+0x10/0x10 [ 823.253533][ T787] __sock_sendmsg+0x219/0x270 [ 823.253558][ T787] sock_write_iter+0x258/0x330 [ 823.253581][ T787] ? __pfx_sock_write_iter+0x10/0x10 [ 823.253623][ T787] do_iter_readv_writev+0x61c/0x8b0 [ 823.253653][ T787] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 823.253674][ T787] ? common_file_perm+0x1b5/0x230 [ 823.253702][ T787] ? bpf_lsm_file_permission+0x9/0x20 [ 823.253720][ T787] ? security_file_permission+0x75/0x290 [ 823.253744][ T787] ? rw_verify_area+0x255/0x4d0 [ 823.253768][ T787] vfs_writev+0x31a/0x960 [ 823.253789][ T787] ? __lock_acquire+0xab9/0xd20 [ 823.253814][ T787] ? __pfx_vfs_writev+0x10/0x10 [ 823.253846][ T787] ? __fget_files+0x2a/0x420 [ 823.253866][ T787] ? __fget_files+0x3a0/0x420 [ 823.253880][ T787] ? __fget_files+0x2a/0x420 [ 823.253904][ T787] do_writev+0x14d/0x2d0 [ 823.253924][ T787] ? __pfx_do_writev+0x10/0x10 [ 823.253938][ T787] ? rcu_is_watching+0x15/0xb0 [ 823.253959][ T787] ? do_syscall_64+0xbe/0x3b0 [ 823.253985][ T787] do_syscall_64+0xfa/0x3b0 [ 823.254006][ T787] ? lockdep_hardirqs_on+0x9c/0x150 [ 823.254026][ T787] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 823.254043][ T787] ? clear_bhb_loop+0x60/0xb0 [ 823.254063][ T787] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 823.254080][ T787] RIP: 0033:0x7f083bd8ebe9 [ 823.254096][ T787] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 823.254111][ T787] RSP: 002b:00007f083cc78038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 823.254130][ T787] RAX: ffffffffffffffda RBX: 00007f083bfb5fa0 RCX: 00007f083bd8ebe9 [ 823.254142][ T787] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000003 [ 823.254159][ T787] RBP: 00007f083cc78090 R08: 0000000000000000 R09: 0000000000000000 [ 823.254170][ T787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 823.254181][ T787] R13: 00007f083bfb6038 R14: 00007f083bfb5fa0 R15: 00007fff7f69a478 [ 823.254209][ T787] [ 823.664380][ T769] tipc: Disabling bearer [ 823.720791][ T791] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 823.881857][ T791] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 823.971418][ T814] openvswitch: netlink: IPv4 tun info is not correct [ 823.979551][ T816] FAULT_INJECTION: forcing a failure. [ 823.979551][ T816] name failslab, interval 1, probability 0, space 0, times 0 [ 823.995337][ T816] CPU: 0 UID: 0 PID: 816 Comm: syz.0.8730 Not tainted 6.17.0-rc1-syzkaller-00125-g79116acb75e1 #0 PREEMPT(full) [ 823.995362][ T816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 823.995373][ T816] Call Trace: [ 823.995381][ T816] [ 823.995389][ T816] dump_stack_lvl+0x189/0x250 [ 823.995415][ T816] ? __pfx____ratelimit+0x10/0x10 [ 823.995437][ T816] ? __pfx_dump_stack_lvl+0x10/0x10 [ 823.995457][ T816] ? __pfx__printk+0x10/0x10 [ 823.995487][ T816] ? __pfx___might_resched+0x10/0x10 [ 823.995508][ T816] should_fail_ex+0x414/0x560 [ 823.995534][ T816] should_failslab+0xa8/0x100 [ 823.995557][ T816] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 823.995580][ T816] ? __alloc_skb+0x112/0x2d0 [ 823.995609][ T816] __alloc_skb+0x112/0x2d0 [ 823.995635][ T816] netlink_sendmsg+0x5c6/0xb30 [ 823.995667][ T816] ? __pfx_netlink_sendmsg+0x10/0x10 [ 823.995692][ T816] ? aa_sock_msg_perm+0xf1/0x1d0 [ 823.995718][ T816] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 823.995738][ T816] ? __pfx_netlink_sendmsg+0x10/0x10 [ 823.995762][ T816] __sock_sendmsg+0x219/0x270 [ 823.995787][ T816] ____sys_sendmsg+0x505/0x830 [ 823.995812][ T816] ? __pfx_____sys_sendmsg+0x10/0x10 [ 823.995840][ T816] ? import_iovec+0x74/0xa0 [ 823.995865][ T816] ___sys_sendmsg+0x21f/0x2a0 [ 823.995886][ T816] ? __pfx____sys_sendmsg+0x10/0x10 [ 823.995942][ T816] ? __fget_files+0x2a/0x420 [ 823.995957][ T816] ? __fget_files+0x3a0/0x420 [ 823.995984][ T816] __x64_sys_sendmsg+0x19b/0x260 [ 823.996005][ T816] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 823.996033][ T816] ? __pfx_ksys_write+0x10/0x10 [ 823.996053][ T816] ? rcu_is_watching+0x15/0xb0 [ 823.996078][ T816] ? do_syscall_64+0xbe/0x3b0 [ 823.996105][ T816] do_syscall_64+0xfa/0x3b0 [ 823.996126][ T816] ? lockdep_hardirqs_on+0x9c/0x150 [ 823.996148][ T816] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 823.996165][ T816] ? clear_bhb_loop+0x60/0xb0 [ 823.996186][ T816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 823.996203][ T816] RIP: 0033:0x7f415fd8ebe9 [ 823.996221][ T816] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 823.996237][ T816] RSP: 002b:00007f4160b21038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 823.996256][ T816] RAX: ffffffffffffffda RBX: 00007f415ffb5fa0 RCX: 00007f415fd8ebe9 [ 823.996269][ T816] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 823.996281][ T816] RBP: 00007f4160b21090 R08: 0000000000000000 R09: 0000000000000000 [ 823.996291][ T816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 823.996302][ T816] R13: 00007f415ffb6038 R14: 00007f415ffb5fa0 R15: 00007ffd84ee6238 [ 823.996339][ T816] [ 824.406878][ T825] syzkaller1: entered promiscuous mode [ 824.412392][ T825] syzkaller1: entered allmulticast mode [ 824.600747][ T832] tipc: Enabled bearer , priority 0 [ 824.610920][ T832] syzkaller0: entered promiscuous mode [ 824.616813][ T832] syzkaller0: entered allmulticast mode [ 824.665359][ T832] tipc: Resetting bearer [ 824.692466][ T831] tipc: Resetting bearer [ 824.769033][ T831] tipc: Disabling bearer [ 825.076535][ T861] FAULT_INJECTION: forcing a failure. [ 825.076535][ T861] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 825.099979][ T861] CPU: 0 UID: 0 PID: 861 Comm: syz.3.8745 Not tainted 6.17.0-rc1-syzkaller-00125-g79116acb75e1 #0 PREEMPT(full) [ 825.100013][ T861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 825.100024][ T861] Call Trace: [ 825.100032][ T861] [ 825.100040][ T861] dump_stack_lvl+0x189/0x250 [ 825.100067][ T861] ? __pfx____ratelimit+0x10/0x10 [ 825.100090][ T861] ? __pfx_dump_stack_lvl+0x10/0x10 [ 825.100110][ T861] ? __pfx__printk+0x10/0x10 [ 825.100133][ T861] ? __might_fault+0xb0/0x130 [ 825.100168][ T861] should_fail_ex+0x414/0x560 [ 825.100196][ T861] _copy_from_user+0x2d/0xb0 [ 825.100217][ T861] ___sys_sendmsg+0x158/0x2a0 [ 825.100239][ T861] ? __pfx____sys_sendmsg+0x10/0x10 [ 825.100294][ T861] ? __fget_files+0x2a/0x420 [ 825.100310][ T861] ? __fget_files+0x3a0/0x420 [ 825.100337][ T861] __x64_sys_sendmsg+0x19b/0x260 [ 825.100358][ T861] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 825.100387][ T861] ? __pfx_ksys_write+0x10/0x10 [ 825.100415][ T861] ? do_syscall_64+0xbe/0x3b0 [ 825.100442][ T861] do_syscall_64+0xfa/0x3b0 [ 825.100464][ T861] ? lockdep_hardirqs_on+0x9c/0x150 [ 825.100486][ T861] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.100504][ T861] ? clear_bhb_loop+0x60/0xb0 [ 825.100525][ T861] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.100543][ T861] RIP: 0033:0x7f0c7298ebe9 [ 825.100560][ T861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 825.100575][ T861] RSP: 002b:00007f0c7376d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 825.100595][ T861] RAX: ffffffffffffffda RBX: 00007f0c72bb6090 RCX: 00007f0c7298ebe9 [ 825.100608][ T861] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004 [ 825.100620][ T861] RBP: 00007f0c7376d090 R08: 0000000000000000 R09: 0000000000000000 [ 825.100631][ T861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 825.100642][ T861] R13: 00007f0c72bb6128 R14: 00007f0c72bb6090 R15: 00007fffdf1d99a8 [ 825.100672][ T861] [ 825.325267][ T864] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 826.136261][ T901] FAULT_INJECTION: forcing a failure. [ 826.136261][ T901] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 826.193092][T31985] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 826.231055][ T901] CPU: 1 UID: 0 PID: 901 Comm: syz.4.8758 Not tainted 6.17.0-rc1-syzkaller-00125-g79116acb75e1 #0 PREEMPT(full) [ 826.231083][ T901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 826.231095][ T901] Call Trace: [ 826.231109][ T901] [ 826.231117][ T901] dump_stack_lvl+0x189/0x250 [ 826.231144][ T901] ? __pfx____ratelimit+0x10/0x10 [ 826.231168][ T901] ? __pfx_dump_stack_lvl+0x10/0x10 [ 826.231189][ T901] ? __pfx__printk+0x10/0x10 [ 826.231213][ T901] ? __might_fault+0xb0/0x130 [ 826.231248][ T901] should_fail_ex+0x414/0x560 [ 826.231276][ T901] _copy_from_iter+0x1db/0x16f0 [ 826.231299][ T901] ? rcu_is_watching+0x15/0xb0 [ 826.231319][ T901] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 826.231344][ T901] ? __pfx__copy_from_iter+0x10/0x10 [ 826.231363][ T901] ? __build_skb_around+0x257/0x3e0 [ 826.231391][ T901] ? netlink_sendmsg+0x642/0xb30 [ 826.231413][ T901] ? skb_put+0x11b/0x210 [ 826.231434][ T901] netlink_sendmsg+0x6b2/0xb30 [ 826.231467][ T901] ? __pfx_netlink_sendmsg+0x10/0x10 [ 826.231503][ T901] ? aa_sock_msg_perm+0xf1/0x1d0 [ 826.231530][ T901] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 826.231549][ T901] ? __pfx_netlink_sendmsg+0x10/0x10 [ 826.231574][ T901] __sock_sendmsg+0x219/0x270 [ 826.231599][ T901] ____sys_sendmsg+0x505/0x830 [ 826.231624][ T901] ? __pfx_____sys_sendmsg+0x10/0x10 [ 826.231652][ T901] ? import_iovec+0x74/0xa0 [ 826.231675][ T901] ___sys_sendmsg+0x21f/0x2a0 [ 826.231697][ T901] ? __pfx____sys_sendmsg+0x10/0x10 [ 826.231752][ T901] ? __fget_files+0x2a/0x420 [ 826.231768][ T901] ? __fget_files+0x3a0/0x420 [ 826.231795][ T901] __x64_sys_sendmsg+0x19b/0x260 [ 826.231816][ T901] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 826.231844][ T901] ? __pfx_ksys_write+0x10/0x10 [ 826.231862][ T901] ? rcu_is_watching+0x15/0xb0 [ 826.231883][ T901] ? do_syscall_64+0xbe/0x3b0 [ 826.231910][ T901] do_syscall_64+0xfa/0x3b0 [ 826.231932][ T901] ? lockdep_hardirqs_on+0x9c/0x150 [ 826.231953][ T901] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 826.231971][ T901] ? clear_bhb_loop+0x60/0xb0 [ 826.231992][ T901] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 826.232010][ T901] RIP: 0033:0x7f083bd8ebe9 [ 826.232026][ T901] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 826.232041][ T901] RSP: 002b:00007f083cc78038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 826.232060][ T901] RAX: ffffffffffffffda RBX: 00007f083bfb5fa0 RCX: 00007f083bd8ebe9 [ 826.232073][ T901] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 826.232085][ T901] RBP: 00007f083cc78090 R08: 0000000000000000 R09: 0000000000000000 [ 826.232096][ T901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 826.232115][ T901] R13: 00007f083bfb6038 R14: 00007f083bfb5fa0 R15: 00007fff7f69a478 [ 826.232146][ T901] [ 826.556067][T31985] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 826.629028][ T925] tipc: Enabled bearer , priority 0 [ 826.709933][ T924] tipc: Disabling bearer [ 826.883303][ T937] __nla_validate_parse: 13 callbacks suppressed [ 826.883321][ T937] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8763'. [ 826.960359][ T948] netlink: 164 bytes leftover after parsing attributes in process `syz.4.8765'. [ 827.027992][ T955] netlink: 'syz.1.8766': attribute type 4 has an invalid length. [ 827.086984][ T959] netlink: 'syz.1.8766': attribute type 4 has an invalid length. [ 827.473545][ T979] FAULT_INJECTION: forcing a failure. [ 827.473545][ T979] name failslab, interval 1, probability 0, space 0, times 0 [ 827.560417][ T979] CPU: 0 UID: 0 PID: 979 Comm: syz.3.8771 Not tainted 6.17.0-rc1-syzkaller-00125-g79116acb75e1 #0 PREEMPT(full) [ 827.560444][ T979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 827.560456][ T979] Call Trace: [ 827.560463][ T979] [ 827.560472][ T979] dump_stack_lvl+0x189/0x250 [ 827.560498][ T979] ? __pfx____ratelimit+0x10/0x10 [ 827.560522][ T979] ? __pfx_dump_stack_lvl+0x10/0x10 [ 827.560542][ T979] ? __pfx__printk+0x10/0x10 [ 827.560568][ T979] ? __lock_acquire+0xab9/0xd20 [ 827.560603][ T979] should_fail_ex+0x414/0x560 [ 827.560631][ T979] should_failslab+0xa8/0x100 [ 827.560657][ T979] kmem_cache_alloc_noprof+0x73/0x3c0 [ 827.560679][ T979] ? skb_clone+0x212/0x3a0 [ 827.560703][ T979] skb_clone+0x212/0x3a0 [ 827.560734][ T979] __netlink_deliver_tap+0x404/0x850 [ 827.560772][ T979] ? netlink_deliver_tap+0x2e/0x1b0 [ 827.560798][ T979] netlink_deliver_tap+0x19c/0x1b0 [ 827.560823][ T979] netlink_unicast+0x7fa/0x9e0 [ 827.560855][ T979] ? __pfx_netlink_unicast+0x10/0x10 [ 827.560879][ T979] ? netlink_sendmsg+0x642/0xb30 [ 827.560900][ T979] ? skb_put+0x11b/0x210 [ 827.560920][ T979] netlink_sendmsg+0x805/0xb30 [ 827.560953][ T979] ? __pfx_netlink_sendmsg+0x10/0x10 [ 827.560980][ T979] ? aa_sock_msg_perm+0xf1/0x1d0 [ 827.561007][ T979] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 827.561027][ T979] ? __pfx_netlink_sendmsg+0x10/0x10 [ 827.561052][ T979] __sock_sendmsg+0x219/0x270 [ 827.561078][ T979] ____sys_sendmsg+0x505/0x830 [ 827.561103][ T979] ? __pfx_____sys_sendmsg+0x10/0x10 [ 827.561131][ T979] ? import_iovec+0x74/0xa0 [ 827.561159][ T979] ___sys_sendmsg+0x21f/0x2a0 [ 827.561180][ T979] ? __pfx____sys_sendmsg+0x10/0x10 [ 827.561238][ T979] ? __fget_files+0x2a/0x420 [ 827.561253][ T979] ? __fget_files+0x3a0/0x420 [ 827.561281][ T979] __x64_sys_sendmsg+0x19b/0x260 [ 827.561302][ T979] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 827.561331][ T979] ? __pfx_ksys_write+0x10/0x10 [ 827.561351][ T979] ? rcu_is_watching+0x15/0xb0 [ 827.561375][ T979] ? do_syscall_64+0xbe/0x3b0 [ 827.561402][ T979] do_syscall_64+0xfa/0x3b0 [ 827.561424][ T979] ? lockdep_hardirqs_on+0x9c/0x150 [ 827.561445][ T979] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 827.561463][ T979] ? clear_bhb_loop+0x60/0xb0 [ 827.561485][ T979] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 827.561502][ T979] RIP: 0033:0x7f0c7298ebe9 [ 827.561519][ T979] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 827.561534][ T979] RSP: 002b:00007f0c7378e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 827.561553][ T979] RAX: ffffffffffffffda RBX: 00007f0c72bb5fa0 RCX: 00007f0c7298ebe9 [ 827.561566][ T979] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 827.561578][ T979] RBP: 00007f0c7378e090 R08: 0000000000000000 R09: 0000000000000000 [ 827.561589][ T979] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 827.561599][ T979] R13: 00007f0c72bb6038 R14: 00007f0c72bb5fa0 R15: 00007fffdf1d99a8 [ 827.561630][ T979] [ 828.017440][ T987] tipc: Enabled bearer , priority 0 [ 828.057538][ T986] tipc: Disabling bearer [ 828.211286][ T1013] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8777'. [ 828.430416][ T1022] netlink: 24 bytes leftover after parsing attributes in process `syz.4.8780'. [ 828.826490][ T1038] tipc: Enabled bearer , priority 0 [ 828.864403][ T1038] syzkaller0: entered promiscuous mode [ 828.883830][ T1038] syzkaller0: entered allmulticast mode [ 828.927123][ T1038] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 829.124321][ T1063] netlink: 'syz.4.8784': attribute type 10 has an invalid length. [ 831.582829][ T1053] tipc: Resetting bearer [ 831.616494][ T1063] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 831.632550][ T1063] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 831.664906][ T1035] tipc: Resetting bearer [ 831.727545][ T1035] tipc: Disabling bearer [ 831.778347][ T1085] netlink: 'syz.0.8790': attribute type 1 has an invalid length. [ 832.011890][ T1099] tipc: Enabled bearer , priority 0 [ 832.034379][ T1099] syzkaller0: entered promiscuous mode [ 832.049021][ T1099] syzkaller0: entered allmulticast mode [ 832.156662][ T1103] tipc: Resetting bearer [ 832.163522][ T1102] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8796'. [ 832.181400][ T1095] tipc: Resetting bearer [ 832.230537][ T1095] tipc: Disabling bearer [ 832.498623][ T1125] tipc: Enabled bearer , priority 0 [ 832.513690][ T1125] syzkaller0: entered promiscuous mode [ 832.531401][ T1125] syzkaller0: entered allmulticast mode [ 832.555813][ T1125] tipc: Resetting bearer [ 832.606940][ T1120] tipc: Resetting bearer [ 832.690077][ T1135] netlink: 40 bytes leftover after parsing attributes in process `syz.4.8802'. [ 832.876771][ T1120] tipc: Disabling bearer [ 833.307125][ T1146] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8811'. [ 833.673930][ T1162] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8817'. [ 833.846531][ T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 833.850683][ T1162] 8021q: adding VLAN 0 to HW filter on device bond4 [ 833.859468][ T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 833.868648][ T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 833.883012][ T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 833.891558][ T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 834.037728][ T1169] bond3: (slave veth0_to_bond): Releasing backup interface [ 834.130943][ T1169] bond4: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 834.176638][ T1177] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8818'. [ 834.697962][T31985] bond0: (slave bond_slave_0): link status definitely down, disabling slave [ 834.736583][ T1197] netlink: 'syz.4.8824': attribute type 1 has an invalid length. [ 834.753842][ T1197] netlink: 'syz.4.8824': attribute type 2 has an invalid length. [ 834.766289][T31985] bond0: (slave bond_slave_1): link status definitely down, disabling slave [ 834.782942][T31985] bond0: (slave bridge_slave_1): link status definitely down, disabling slave [ 834.811796][T31985] bond0: now running without any active interface! [ 834.866010][ T1202] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8825'. [ 835.009609][ T1170] lo speed is unknown, defaulting to 1000 [ 835.203801][ T1217] netlink: 12 bytes leftover after parsing attributes in process `syz.4.8831'. [ 835.252155][ T1217] 8021q: adding VLAN 0 to HW filter on device bond10 [ 835.287403][ T1217] bond9: (slave veth0_to_bond): Releasing backup interface [ 835.303487][ T1217] bond10: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 835.596941][ T1236] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8839'. [ 835.649416][ T1170] chnl_net:caif_netlink_parms(): no params data found [ 835.811671][ T1247] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.8844'. [ 835.820708][ T1249] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8843'. [ 835.988980][ T1249] 8021q: adding VLAN 0 to HW filter on device bond5 [ 835.996537][ T51] Bluetooth: hci5: command tx timeout [ 836.090210][ T1256] bond4: (slave veth0_to_bond): Releasing backup interface [ 836.116472][ T1256] bond5: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 836.171085][ T1170] bridge0: port 1(bridge_slave_0) entered blocking state [ 836.214508][ T1170] bridge0: port 1(bridge_slave_0) entered disabled state [ 836.269339][ T1170] bridge_slave_0: entered allmulticast mode [ 836.300553][ T1170] bridge_slave_0: entered promiscuous mode [ 836.318371][ T1170] bridge0: port 2(bridge_slave_1) entered blocking state [ 836.325536][ T1170] bridge0: port 2(bridge_slave_1) entered disabled state [ 836.364836][ T1170] bridge_slave_1: entered allmulticast mode [ 836.375110][ T1170] bridge_slave_1: entered promiscuous mode [ 836.477021][ T1287] netlink: 'syz.1.8851': attribute type 10 has an invalid length. [ 836.513681][ T1287] veth0_vlan: entered allmulticast mode [ 836.551482][ T1287] veth0_vlan: left promiscuous mode [ 836.565021][ T1287] veth0_vlan: entered promiscuous mode [ 836.584433][ T1287] team0: Device veth0_vlan failed to register rx_handler [ 836.639846][ T1170] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 836.680237][ T1170] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 836.702292][ T1292] tap0: tun_chr_ioctl cmd 1074025678 [ 836.728210][ T1292] tap0: group set to 0 [ 836.855519][ T1170] team0: Port device team_slave_0 added [ 836.876398][ T1170] team0: Port device team_slave_1 added [ 837.064188][ T1170] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 837.075208][ T1170] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 837.104261][ T1170] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 837.154464][ T1170] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 837.164159][ T1170] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 837.193775][ T1170] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 837.323123][ T1170] hsr_slave_0: entered promiscuous mode [ 837.332330][ T1170] hsr_slave_1: entered promiscuous mode [ 837.341248][ T1170] debugfs: 'hsr0' already exists in 'hsr' [ 837.348578][ T1170] Cannot create hsr debugfs directory [ 837.699151][ T1170] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 837.717289][ T1170] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 837.732487][ T1170] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 837.853764][ T1170] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 837.868017][ T1170] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 837.878550][ T1170] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 838.013893][ T1170] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 838.042800][ T1170] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 838.066036][ T51] Bluetooth: hci5: command tx timeout [ 838.066322][ T1170] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 838.139529][ T1362] 8021q: VLANs not supported on gre0 [ 838.160193][ T1367] __nla_validate_parse: 4 callbacks suppressed [ 838.160212][ T1367] netlink: 56 bytes leftover after parsing attributes in process `syz.1.8875'. [ 838.227907][ T1170] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 838.262170][ T1170] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 838.303684][ T1170] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 838.658559][ T1391] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8883'. [ 838.759351][ T1170] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 838.827198][ T1170] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 838.891917][ T1391] netlink: 80 bytes leftover after parsing attributes in process `syz.1.8883'. [ 838.900990][ T1170] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 838.944649][ T1170] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 838.966405][ T1404] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8887'. [ 839.028832][ T1404] veth1_to_bond: left allmulticast mode [ 839.034673][ T1404] veth1_to_bond: left promiscuous mode [ 839.101676][ T1404] macvlan0: left promiscuous mode [ 839.116559][ T1404] macvlan0: left allmulticast mode [ 839.133203][ T1404] netlink: 'syz.3.8887': attribute type 1 has an invalid length. [ 839.141668][ T1404] netlink: 'syz.3.8887': attribute type 2 has an invalid length. [ 839.174706][ T1417] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8890'. [ 839.218132][ T1412] Unsupported ieee802154 address type: 0 [ 839.309447][ T1416] tipc: Enabling of bearer rejected, failed to enable media [ 839.482853][ T1170] 8021q: adding VLAN 0 to HW filter on device bond0 [ 839.509927][ T1432] netlink: 8 bytes leftover after parsing attributes in process `syz.3.8897'. [ 839.563393][ T1170] 8021q: adding VLAN 0 to HW filter on device team0 [ 839.618964][T31988] bridge0: port 1(bridge_slave_0) entered blocking state [ 839.626172][T31988] bridge0: port 1(bridge_slave_0) entered forwarding state [ 839.750626][ T1160] bridge0: port 2(bridge_slave_1) entered blocking state [ 839.757839][ T1160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 839.835001][ T1445] tipc: Enabled bearer , priority 0 [ 839.867094][ T1445] syzkaller0: entered promiscuous mode [ 839.872617][ T1445] syzkaller0: entered allmulticast mode [ 839.990788][ T1457] syzkaller0: mtu greater than device maximum [ 840.055282][ T1442] tipc: Resetting bearer [ 840.131433][ T1442] tipc: Disabling bearer [ 840.147747][ T51] Bluetooth: hci5: command tx timeout [ 840.156369][ T1467] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8906'. [ 840.172685][ T1459] bond0: Error: Cannot enslave bond to itself. [ 840.352208][ T1475] netlink: 36 bytes leftover after parsing attributes in process `syz.3.8907'. [ 840.395552][ T1478] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8909'. [ 840.430276][ T1478] netlink: 24 bytes leftover after parsing attributes in process `syz.1.8909'. [ 841.012955][ T1170] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 841.148048][ T1512] 8021q: VLANs not supported on ip6_vti0 [ 841.207542][ T1514] tipc: Enabled bearer , priority 0 [ 841.219704][ T1170] veth0_vlan: entered promiscuous mode [ 841.238123][ T1514] syzkaller0: entered promiscuous mode [ 841.251618][ T1514] syzkaller0: entered allmulticast mode [ 841.295497][ T1170] veth1_vlan: entered promiscuous mode [ 841.304230][ T1514] syzkaller0: mtu greater than device maximum [ 841.326122][ T1513] tipc: Resetting bearer [ 841.369925][ T1513] tipc: Disabling bearer [ 841.423545][ T1170] veth0_macvtap: entered promiscuous mode [ 841.424449][ T1528] netlink: 'syz.1.8922': attribute type 11 has an invalid length. [ 841.436910][ T1170] veth1_macvtap: entered promiscuous mode [ 841.514940][ T1170] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 841.555242][ T1170] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 841.608591][T31989] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 841.621461][T31989] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 841.662834][T31989] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 841.686375][T31989] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 841.837690][ T1539] lo speed is unknown, defaulting to 1000 [ 841.976065][T31988] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 841.995944][T31988] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 842.059772][ T1160] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 842.071701][ T1160] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 842.225973][ T51] Bluetooth: hci5: command tx timeout [ 842.289725][ T1564] netlink: 'syz.3.8932': attribute type 21 has an invalid length. [ 842.358868][ T1568] netlink: 'syz.0.8810': attribute type 1 has an invalid length. [ 842.392509][ T1564] netlink: 'syz.3.8932': attribute type 4 has an invalid length. [ 842.393911][ T1570] netlink: 'syz.3.8932': attribute type 21 has an invalid length. [ 842.470122][ T1564] netlink: 'syz.3.8932': attribute type 5 has an invalid length. [ 842.564771][ T1570] netlink: 'syz.3.8932': attribute type 4 has an invalid length. [ 842.583182][ T1570] netlink: 'syz.3.8932': attribute type 5 has an invalid length. [ 843.553528][ T1622] lo speed is unknown, defaulting to 1000 [ 843.609742][ T1632] __nla_validate_parse: 12 callbacks suppressed [ 843.609761][ T1632] netlink: 20 bytes leftover after parsing attributes in process `syz.1.8949'. [ 843.822029][ T1640] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8953'. [ 843.947447][ T1646] netlink: 56 bytes leftover after parsing attributes in process `syz.4.8955'. [ 844.170406][ T1652] netlink: 72 bytes leftover after parsing attributes in process `syz.0.8956'. [ 844.689159][ T1667] syz_tun: entered allmulticast mode [ 844.753590][ T1666] syz_tun: left allmulticast mode [ 844.969952][ T1686] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8967'. [ 845.631694][ T1729] FAULT_INJECTION: forcing a failure. [ 845.631694][ T1729] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 845.686989][ T1732] netlink: 'syz.1.8978': attribute type 6 has an invalid length. [ 845.705987][ T1729] CPU: 0 UID: 0 PID: 1729 Comm: syz.0.8979 Not tainted 6.17.0-rc1-syzkaller-00125-g79116acb75e1 #0 PREEMPT(full) [ 845.706015][ T1729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 845.706026][ T1729] Call Trace: [ 845.706034][ T1729] [ 845.706042][ T1729] dump_stack_lvl+0x189/0x250 [ 845.706068][ T1729] ? __pfx____ratelimit+0x10/0x10 [ 845.706091][ T1729] ? __pfx_dump_stack_lvl+0x10/0x10 [ 845.706109][ T1729] ? __pfx__printk+0x10/0x10 [ 845.706145][ T1729] should_fail_ex+0x414/0x560 [ 845.706171][ T1729] _copy_to_user+0x31/0xb0 [ 845.706192][ T1729] simple_read_from_buffer+0xe1/0x170 [ 845.706218][ T1729] proc_fail_nth_read+0x1b3/0x220 [ 845.706240][ T1729] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 845.706261][ T1729] ? rw_verify_area+0x2a6/0x4d0 [ 845.706280][ T1729] ? __lock_acquire+0xab9/0xd20 [ 845.706300][ T1729] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 845.706321][ T1729] vfs_read+0x1fd/0xa30 [ 845.706340][ T1729] ? fdget_pos+0x247/0x320 [ 845.706360][ T1729] ? __pfx___mutex_lock+0x10/0x10 [ 845.706386][ T1729] ? __pfx_vfs_read+0x10/0x10 [ 845.706407][ T1729] ? __fget_files+0x2a/0x420 [ 845.706427][ T1729] ? __fget_files+0x3a0/0x420 [ 845.706438][ T1729] ? __fget_files+0x2a/0x420 [ 845.706461][ T1729] ksys_read+0x145/0x250 [ 845.706484][ T1729] ? __pfx_ksys_read+0x10/0x10 [ 845.706502][ T1729] ? rcu_is_watching+0x15/0xb0 [ 845.706522][ T1729] ? do_syscall_64+0xbe/0x3b0 [ 845.706544][ T1729] do_syscall_64+0xfa/0x3b0 [ 845.706561][ T1729] ? lockdep_hardirqs_on+0x9c/0x150 [ 845.706577][ T1729] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 845.706591][ T1729] ? clear_bhb_loop+0x60/0xb0 [ 845.706607][ T1729] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 845.706620][ T1729] RIP: 0033:0x7f862ab8d5fc [ 845.706633][ T1729] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 845.706644][ T1729] RSP: 002b:00007f862bae1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 845.706659][ T1729] RAX: ffffffffffffffda RBX: 00007f862adb5fa0 RCX: 00007f862ab8d5fc [ 845.706669][ T1729] RDX: 000000000000000f RSI: 00007f862bae10a0 RDI: 0000000000000004 [ 845.706678][ T1729] RBP: 00007f862bae1090 R08: 0000000000000000 R09: 0000000000000000 [ 845.706687][ T1729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 845.706695][ T1729] R13: 00007f862adb6038 R14: 00007f862adb5fa0 R15: 00007ffe63b2dfc8 [ 845.706719][ T1729] [ 846.031345][ T1740] netlink: 'syz.1.8978': attribute type 6 has an invalid length. [ 846.245240][ T1751] netlink: 212264 bytes leftover after parsing attributes in process `syz.4.8984'. [ 846.470574][ T1764] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input13 [ 846.697048][ T1775] : renamed from bridge_slave_0 [ 846.821880][ T1779] openvswitch: netlink: Actions may not be safe on all matching packets [ 847.489428][ T1816] syzkaller1: entered promiscuous mode [ 847.494944][ T1816] syzkaller1: entered allmulticast mode [ 847.836431][ T1836] netlink: 24 bytes leftover after parsing attributes in process `syz.0.9004'. [ 847.895756][ T1840] netlink: 24 bytes leftover after parsing attributes in process `syz.0.9004'. [ 847.964255][ T1836] netlink: 24 bytes leftover after parsing attributes in process `syz.0.9004'. [ 848.433478][ T1878] netlink: 'syz.4.9015': attribute type 1 has an invalid length. [ 848.460760][ T1878] netlink: 20 bytes leftover after parsing attributes in process `syz.4.9015'. [ 848.709938][ T1890] netlink: 8 bytes leftover after parsing attributes in process `syz.3.9018'. [ 848.721153][ T1891] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 848.780607][ T1895] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9020'. [ 848.815338][ T1895] netlink: 'syz.0.9020': attribute type 11 has an invalid length. [ 848.928551][T31989] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 848.961448][T31989] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 848.992695][T31989] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 849.020287][T31989] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 849.217353][ T1917] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9025'. [ 849.222604][ T1918] netlink: 132 bytes leftover after parsing attributes in process `syz.4.9026'. [ 849.411073][ T1925] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9029'. [ 849.422799][ T1925] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9029'. [ 849.439294][ T1925] geneve2: entered promiscuous mode [ 849.444711][ T1925] geneve2: entered allmulticast mode [ 849.832505][ T1942] netlink: 'syz.0.9034': attribute type 6 has an invalid length. [ 849.857837][ T1942] netlink: 320 bytes leftover after parsing attributes in process `syz.0.9034'. [ 849.888566][ T1949] netlink: 'syz.3.9037': attribute type 21 has an invalid length. [ 850.008193][ T1955] FAULT_INJECTION: forcing a failure. [ 850.008193][ T1955] name failslab, interval 1, probability 0, space 0, times 0 [ 850.086295][ T1955] CPU: 0 UID: 0 PID: 1955 Comm: syz.2.9040 Not tainted 6.17.0-rc1-syzkaller-00125-g79116acb75e1 #0 PREEMPT(full) [ 850.086321][ T1955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 850.086333][ T1955] Call Trace: [ 850.086341][ T1955] [ 850.086350][ T1955] dump_stack_lvl+0x189/0x250 [ 850.086376][ T1955] ? __pfx____ratelimit+0x10/0x10 [ 850.086400][ T1955] ? __pfx_dump_stack_lvl+0x10/0x10 [ 850.086420][ T1955] ? __pfx__printk+0x10/0x10 [ 850.086450][ T1955] ? __pfx___might_resched+0x10/0x10 [ 850.086472][ T1955] should_fail_ex+0x414/0x560 [ 850.086501][ T1955] should_failslab+0xa8/0x100 [ 850.086528][ T1955] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 850.086552][ T1955] ? __alloc_skb+0x112/0x2d0 [ 850.086581][ T1955] __alloc_skb+0x112/0x2d0 [ 850.086609][ T1955] netlink_dump+0x1b7/0xe90 [ 850.086646][ T1955] ? __pfx_netlink_dump+0x10/0x10 [ 850.086668][ T1955] ? apparmor_capable+0x137/0x1b0 [ 850.086703][ T1955] ? __inet_diag_dump_start+0x89a/0xa10 [ 850.086732][ T1955] __netlink_dump_start+0x5cb/0x7e0 [ 850.086764][ T1955] inet_diag_rcv_msg_compat+0x1ea/0x3b0 [ 850.086787][ T1955] ? __pfx_inet_diag_rcv_msg_compat+0x10/0x10 [ 850.086820][ T1955] ? __pfx_inet_diag_dump_start_compat+0x10/0x10 [ 850.086836][ T1955] ? __pfx_inet_diag_dump_compat+0x10/0x10 [ 850.086852][ T1955] ? __pfx_inet_diag_dump_done+0x10/0x10 [ 850.086884][ T1955] ? sock_diag_rcv_msg+0x188/0x600 [ 850.086911][ T1955] sock_diag_rcv_msg+0x4cc/0x600 [ 850.086939][ T1955] netlink_rcv_skb+0x208/0x470 [ 850.086960][ T1955] ? __lock_acquire+0xab9/0xd20 [ 850.086985][ T1955] ? __pfx_sock_diag_rcv_msg+0x10/0x10 [ 850.087010][ T1955] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 850.087047][ T1955] ? netlink_deliver_tap+0x2e/0x1b0 [ 850.087079][ T1955] netlink_unicast+0x82c/0x9e0 [ 850.087111][ T1955] ? __pfx_netlink_unicast+0x10/0x10 [ 850.087135][ T1955] ? netlink_sendmsg+0x642/0xb30 [ 850.087157][ T1955] ? skb_put+0x11b/0x210 [ 850.087176][ T1955] netlink_sendmsg+0x805/0xb30 [ 850.087208][ T1955] ? __pfx_netlink_sendmsg+0x10/0x10 [ 850.087232][ T1955] ? aa_sock_msg_perm+0xf1/0x1d0 [ 850.087256][ T1955] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 850.087275][ T1955] ? __pfx_netlink_sendmsg+0x10/0x10 [ 850.087297][ T1955] __sock_sendmsg+0x219/0x270 [ 850.087321][ T1955] ____sys_sendmsg+0x505/0x830 [ 850.087345][ T1955] ? __pfx_____sys_sendmsg+0x10/0x10 [ 850.087373][ T1955] ? import_iovec+0x74/0xa0 [ 850.087397][ T1955] ___sys_sendmsg+0x21f/0x2a0 [ 850.087417][ T1955] ? __pfx____sys_sendmsg+0x10/0x10 [ 850.087471][ T1955] ? __fget_files+0x2a/0x420 [ 850.087487][ T1955] ? __fget_files+0x3a0/0x420 [ 850.087514][ T1955] __x64_sys_sendmsg+0x19b/0x260 [ 850.087535][ T1955] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 850.087563][ T1955] ? __pfx_ksys_write+0x10/0x10 [ 850.087584][ T1955] ? rcu_is_watching+0x15/0xb0 [ 850.087607][ T1955] ? do_syscall_64+0xbe/0x3b0 [ 850.087635][ T1955] do_syscall_64+0xfa/0x3b0 [ 850.087656][ T1955] ? lockdep_hardirqs_on+0x9c/0x150 [ 850.087678][ T1955] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 850.087696][ T1955] ? clear_bhb_loop+0x60/0xb0 [ 850.087719][ T1955] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 850.087735][ T1955] RIP: 0033:0x7f1e9d98ebe9 [ 850.087751][ T1955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 850.087766][ T1955] RSP: 002b:00007f1e9e7e1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 850.087786][ T1955] RAX: ffffffffffffffda RBX: 00007f1e9dbb5fa0 RCX: 00007f1e9d98ebe9 [ 850.087799][ T1955] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 850.087817][ T1955] RBP: 00007f1e9e7e1090 R08: 0000000000000000 R09: 0000000000000000 [ 850.087828][ T1955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 850.087839][ T1955] R13: 00007f1e9dbb6038 R14: 00007f1e9dbb5fa0 R15: 00007fff35a65108 [ 850.087871][ T1955] [ 850.675238][ T1961] openvswitch: netlink: VXLAN extension 173 out of range max 1 [ 850.714037][ T1966] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9045'. [ 850.757766][ T5871] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 850.777550][ T5871] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 850.789293][ T5871] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 850.810047][ T5871] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 850.818586][ T5871] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 850.869128][ T1966] 8021q: adding VLAN 0 to HW filter on device bond8 [ 850.999031][ T1966] bond6: (slave veth0_to_bond): Releasing backup interface [ 851.027373][ T1966] bond8: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 851.156911][T24168] syz_tun (unregistering): left allmulticast mode [ 851.219670][ T1969] lo speed is unknown, defaulting to 1000 [ 851.392763][ T1995] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (32767) [ 851.413108][ T1995] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255 [ 851.598077][ T2003] netlink: 36 bytes leftover after parsing attributes in process `syz.2.9053'. [ 851.673439][ T2005] netlink: 232 bytes leftover after parsing attributes in process `syz.2.9053'. [ 851.931373][ T1969] chnl_net:caif_netlink_parms(): no params data found [ 852.064476][ T2023] 8021q: adding VLAN 0 to HW filter on device bond6 [ 852.158252][ T2026] bond5: (slave veth0_to_bond): Releasing backup interface [ 852.187177][ T2026] bond6: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 852.505311][ T1969] bridge0: port 1(bridge_slave_0) entered blocking state [ 852.533479][ T1969] bridge0: port 1(bridge_slave_0) entered disabled state [ 852.555917][ T1969] bridge_slave_0: entered allmulticast mode [ 852.574509][ T1969] bridge_slave_0: entered promiscuous mode [ 852.611093][ T1969] bridge0: port 2(bridge_slave_1) entered blocking state [ 852.648892][ T1969] bridge0: port 2(bridge_slave_1) entered disabled state [ 852.679374][ T1969] bridge_slave_1: entered allmulticast mode [ 852.727481][ T1969] bridge_slave_1: entered promiscuous mode [ 852.869178][ T5871] Bluetooth: hci4: command tx timeout [ 853.011286][ T1969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 853.181463][ T1969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 853.381972][ T1969] team0: Port device team_slave_0 added [ 853.404378][ T1969] team0: Port device team_slave_1 added [ 853.456577][ T2084] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input14 [ 853.500733][ T2088] netlink: 'syz.0.9077': attribute type 1 has an invalid length. [ 853.563253][ T1969] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 853.572737][ T1969] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 853.615549][ T1969] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 853.638848][ T1969] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 853.652614][ T1969] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 853.696710][ T1969] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 853.893527][ T1969] hsr_slave_0: entered promiscuous mode [ 853.930177][ T1969] hsr_slave_1: entered promiscuous mode [ 853.943975][ T2105] __nla_validate_parse: 2 callbacks suppressed [ 853.943993][ T2105] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9086'. [ 853.960731][ T1969] debugfs: 'hsr0' already exists in 'hsr' [ 853.966626][ T1969] Cannot create hsr debugfs directory [ 854.001066][ T2108] netlink: 4 bytes leftover after parsing attributes in process `syz.2.9087'. [ 854.049353][ T2110] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9088'. [ 854.059360][ T2111] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9087'. [ 854.155525][ T2120] netlink: 'syz.0.9091': attribute type 16 has an invalid length. [ 854.165059][ T2120] netlink: 'syz.0.9091': attribute type 17 has an invalid length. [ 854.165102][ T2110] 8021q: adding VLAN 0 to HW filter on device bond7 [ 854.181845][ T2120] netlink: 'syz.0.9091': attribute type 15 has an invalid length. [ 854.235164][ T2111] netlink: 'syz.2.9087': attribute type 6 has an invalid length. [ 854.270220][ T2111] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.9087'. [ 854.294779][ T2117] bond6: (slave veth0_to_bond): Releasing backup interface [ 854.312224][ T2117] bond7: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 854.710928][ T2147] netlink: 348 bytes leftover after parsing attributes in process `syz.1.9099'. [ 854.899079][ T1969] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 854.948076][ T5871] Bluetooth: hci4: command tx timeout [ 854.980640][ T2154] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9102'. [ 855.024188][ T2159] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9104'. [ 855.069349][ T2159] 8021q: adding VLAN 0 to HW filter on device bond9 [ 855.088473][ T2159] bond8: (slave veth0_to_bond): Releasing backup interface [ 855.101590][ T2165] netlink: 'syz.0.9105': attribute type 10 has an invalid length. [ 855.115331][ T2159] bond9: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 855.131416][ T2165] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 855.241294][ T1969] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 855.309924][ T2170] tipc: Started in network mode [ 855.314825][ T2170] tipc: Node identity 425ebd7e8f29, cluster identity 4711 [ 855.323595][ T2170] tipc: Enabled bearer , priority 0 [ 855.368183][ T1969] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 855.382958][ T2173] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9109'. [ 855.401772][ T2170] syzkaller0: entered promiscuous mode [ 855.411373][ T2170] syzkaller0: entered allmulticast mode [ 855.474879][ T1969] bond0: (slave netdevsim0): Releasing backup interface [ 855.496718][ T1969] netdevsim netdevsim4 netdevsim0 (unregistering): left allmulticast mode [ 855.535111][ T2174] tipc: Resetting bearer [ 855.562818][ T2169] tipc: Resetting bearer [ 855.614357][ T2169] tipc: Disabling bearer [ 855.764322][ T2186] netlink: 'syz.2.9114': attribute type 1 has an invalid length. [ 855.804141][ T1969] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 856.599507][ T1969] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 856.634284][ T1969] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 856.672419][ T1969] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 856.697067][ T2198] netlink: 164 bytes leftover after parsing attributes in process `syz.0.9118'. [ 856.720800][ T2202] netlink: 'syz.2.9119': attribute type 4 has an invalid length. [ 857.011089][ T1969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 857.026452][ T5871] Bluetooth: hci4: command tx timeout [ 857.056628][ T1969] 8021q: adding VLAN 0 to HW filter on device team0 [ 857.074713][ T1160] bridge0: port 1(bridge_slave_0) entered blocking state [ 857.081935][ T1160] bridge0: port 1(bridge_slave_0) entered forwarding state [ 857.128022][ T1160] bridge0: port 2(bridge_slave_1) entered blocking state [ 857.135192][ T1160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 857.153067][ T2224] IPVS: Error joining to the multicast group [ 857.313023][ T2234] (unnamed net_device) (uninitialized): option fail_over_mac: invalid value (3) [ 857.778667][ T2258] tipc: Enabled bearer , priority 0 [ 857.799378][ T2258] syzkaller0: entered promiscuous mode [ 857.804881][ T2258] syzkaller0: entered allmulticast mode [ 857.900204][ T2258] tipc: Resetting bearer [ 857.971927][ T1969] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 858.179454][ T2279] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 858.240761][T31985] tipc: Subscription rejected, illegal request [ 858.311037][ T2279] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input15 [ 858.501599][ T1598] udevd[1598]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 858.533423][ T2291] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate. [ 858.569901][ T2257] tipc: Resetting bearer [ 858.650811][ T2257] tipc: Disabling bearer [ 858.829977][ T2301] pim6reg: entered allmulticast mode [ 858.857805][ T1969] veth0_vlan: entered promiscuous mode [ 858.888125][ T2301] pim6reg: left allmulticast mode [ 858.933429][ T1969] veth1_vlan: entered promiscuous mode [ 858.998287][ T1969] veth0_macvtap: entered promiscuous mode [ 859.019316][ T1969] veth1_macvtap: entered promiscuous mode [ 859.047665][ T1969] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 859.059977][ T1969] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 859.063658][ T2310] netlink: 'syz.3.9147': attribute type 11 has an invalid length. [ 859.073953][ T59] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 859.091156][ T59] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 859.107434][ T5871] Bluetooth: hci4: command tx timeout [ 859.127594][ T59] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 859.160033][ T59] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 859.409487][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 859.446838][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 859.524509][T31987] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 859.550049][T31987] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 859.840800][ T2348] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 859.856595][ T2348] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 859.902352][ T2353] __nla_validate_parse: 3 callbacks suppressed [ 859.902368][ T2353] netlink: 20 bytes leftover after parsing attributes in process `syz.2.9157'. [ 859.963024][ T2354] netlink: 312 bytes leftover after parsing attributes in process `syz.2.9157'. [ 860.211481][ T2370] netlink: 16 bytes leftover after parsing attributes in process `syz.1.9164'. [ 860.232860][ T2374] netlink: 16 bytes leftover after parsing attributes in process `syz.1.9164'. [ 860.242726][ T2367] tipc: Enabled bearer , priority 0 [ 860.343363][ T2380] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9167'. [ 860.364305][ T2380] netlink: 224 bytes leftover after parsing attributes in process `syz.4.9167'. [ 860.682159][ T2366] tipc: Disabling bearer [ 860.725436][ T2407] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9174'. [ 860.785407][ T2404] syzkaller0: entered promiscuous mode [ 860.791531][ T2404] syzkaller0: entered allmulticast mode [ 861.078616][ T2450] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 861.085947][ T2450] IPv6: NLM_F_CREATE should be set when creating new route [ 862.941883][ T2438] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 862.947771][ T2457] tipc: Enabled bearer , priority 0 [ 863.017265][ T2468] tipc: Disabling bearer [ 863.107970][ T2484] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input16 [ 863.557777][ T2515] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9198'. [ 863.576202][ T2518] netlink: 'syz.2.9199': attribute type 7 has an invalid length. [ 863.808410][ T2531] netlink: 112 bytes leftover after parsing attributes in process `syz.0.9202'. [ 863.838863][ T2531] vcan0: tx drop: invalid sa for name 0x0000004000000000 [ 863.939222][ T2540] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9202'. [ 864.963330][ T2618] __nla_validate_parse: 8 callbacks suppressed [ 864.963349][ T2618] netlink: 40 bytes leftover after parsing attributes in process `syz.2.9227'. [ 865.004363][ T2611] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9223'. [ 865.137305][ T2627] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.9230'. [ 865.344872][ T2643] netlink: 'syz.0.9235': attribute type 10 has an invalid length. [ 865.404372][ T2643] veth0_macvtap: left promiscuous mode [ 865.554868][ T2652] netlink: 'syz.4.9238': attribute type 3 has an invalid length. [ 865.720581][ T2674] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 865.732915][ T2665] syzkaller0: entered promiscuous mode [ 865.745932][ T2665] syzkaller0: entered allmulticast mode [ 865.911024][ T5871] Bluetooth: hci4: command tx timeout [ 867.747896][ T2709] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 867.876730][ T2713] tipc: Started in network mode [ 867.885725][ T2713] tipc: Node identity 0665862b98cf, cluster identity 4711 [ 867.893089][ T2713] tipc: Enabled bearer , priority 0 [ 867.932741][ T2724] syzkaller0: entered promiscuous mode [ 867.949569][ T2724] syzkaller0: entered allmulticast mode [ 867.963101][ T2725] netlink: 172 bytes leftover after parsing attributes in process `syz.0.9258'. [ 868.186732][ T2740] tipc: Resetting bearer [ 868.204284][ T2711] tipc: Resetting bearer [ 868.253465][ T2742] openvswitch: netlink: Actions may not be safe on all matching packets [ 868.265058][ T2742] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 868.334411][ T2711] tipc: Disabling bearer [ 868.608339][T31987] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 869.470419][ T2804] netlink: 20 bytes leftover after parsing attributes in process `syz.1.9275'. [ 869.500022][ T2811] netlink: 'syz.3.9276': attribute type 27 has an invalid length. [ 869.592971][ T2820] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9279'. [ 869.685964][ T2829] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9280'. [ 869.690334][ T2820] 8021q: adding VLAN 0 to HW filter on device bond1 [ 869.712898][ T2829] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9280'. [ 869.738844][ T2829] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9280'. [ 869.750125][ T2826] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 869.949868][ T2849] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9284'. [ 870.081904][ T2863] delete_channel: no stack [ 870.155995][ T1303] clip:clip_start_xmit: skb_dst(skb) == NULL [ 870.291691][ T2878] tipc: Enabled bearer , priority 0 [ 870.317315][ T2877] tipc: Disabling bearer [ 870.518809][ T2889] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9295'. [ 870.600148][ T2887] netlink: 60 bytes leftover after parsing attributes in process `syz.1.9294'. [ 870.702628][ T2900] netlink: 8 bytes leftover after parsing attributes in process `syz.0.9300'. [ 870.707548][ T2898] netlink: 'syz.4.9299': attribute type 3 has an invalid length. [ 870.746636][ T2898] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.9299'. [ 870.781381][ T2898] netlink: 196 bytes leftover after parsing attributes in process `syz.4.9299'. [ 870.869319][ T2904] tipc: Enabled bearer , priority 0 [ 870.973271][ T2909] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9301'. [ 870.997422][ T2909] netlink: 12 bytes leftover after parsing attributes in process `syz.1.9301'. [ 871.029977][ T2909] netlink: 'syz.1.9301': attribute type 18 has an invalid length. [ 871.052330][ T2904] syzkaller0: entered promiscuous mode [ 871.058464][ T2904] syzkaller0: entered allmulticast mode [ 871.064789][ T2904] tipc: Resetting bearer [ 871.078440][ T2908] mac80211_hwsim hwsim124 wlan1: entered allmulticast mode [ 871.104890][ T2908] netlink: 'syz.0.9303': attribute type 10 has an invalid length. [ 871.113957][ T2912] tipc: Enabled bearer , priority 0 [ 871.124414][ T2908] mac80211_hwsim hwsim124 wlan1: left allmulticast mode [ 871.135535][ T2908] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 871.146000][ T2903] tipc: Resetting bearer [ 872.225950][ T5981] tipc: Node number set to 2661975595 [ 872.617689][ T2933] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9309'. [ 872.968506][ T2903] tipc: Disabling bearer [ 872.980113][ T2911] tipc: Disabling bearer [ 872.994946][ T2908] bridge_slave_0: left allmulticast mode [ 873.001261][ T2908] bridge_slave_0: left promiscuous mode [ 873.009210][ T2908] bridge0: port 1(bridge_slave_0) entered disabled state [ 873.025273][ T2908] bridge_slave_1: left allmulticast mode [ 873.040653][ T2908] bridge_slave_1: left promiscuous mode [ 873.054955][ T2908] bridge0: port 2(bridge_slave_1) entered disabled state [ 873.084009][ T2908] bond0: (slave bond_slave_0): Releasing backup interface [ 873.113486][ T2908] bond0: (slave bond_slave_1): Releasing backup interface [ 873.194618][ T2908] team0: Port device team_slave_0 removed [ 873.252035][ T2908] team0: Port device team_slave_1 removed [ 873.260341][ T2945] netlink: 14 bytes leftover after parsing attributes in process `syz.1.9312'. [ 873.260997][ T2908] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 873.282242][ T2908] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 873.292540][ T2908] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 873.300963][ T2908] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 873.321547][ T2908] bond0: (slave wlan1): Releasing backup interface [ 873.344916][ T2913] mac80211_hwsim hwsim124 wlan1: entered allmulticast mode [ 873.470764][ T2952] openvswitch: netlink: Key type 10512 is out of range max 32 [ 873.484769][ T2952] openvswitch: netlink: Key type 10512 is out of range max 32 [ 873.494881][ T2933] 8021q: adding VLAN 0 to HW filter on device bond9 [ 873.558657][ T2934] bond8: (slave veth0_to_bond): Releasing backup interface [ 873.590914][ T2934] bond9: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 873.824020][ T2945] bond0 (unregistering): Released all slaves [ 873.859116][ T2959] tipc: Enabling of bearer rejected, failed to enable media [ 873.872689][ T2969] netlink: 132 bytes leftover after parsing attributes in process `syz.0.9318'. [ 874.409670][ T3006] IPVS: length: 245 != 8 [ 874.558914][ T3011] 8021q: adding VLAN 0 to HW filter on device bond10 [ 874.577936][ T3023] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 874.585112][ T5945] IPVS: starting estimator thread 0... [ 874.619574][ T3015] bond9: (slave veth0_to_bond): Releasing backup interface [ 874.661654][ T3015] bond10: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 874.711825][ T3026] IPVS: using max 29 ests per chain, 69600 per kthread [ 875.033602][ T3048] tipc: Enabled bearer , priority 0 [ 875.051421][ T3045] syzkaller0: entered promiscuous mode [ 875.059707][ T3045] syzkaller0: entered allmulticast mode [ 875.081889][ T3051] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input17 [ 875.165259][ T3048] tipc: Resetting bearer [ 875.192876][ T3044] tipc: Resetting bearer [ 875.221481][ T3044] tipc: Disabling bearer [ 875.239750][ T5991] hid-generic 0005:0B57:0008.0002: collection stack underflow [ 875.249420][ T5991] hid-generic 0005:0B57:0008.0002: item 0 0 0 12 parsing failed [ 875.257941][ T5991] hid-generic 0005:0B57:0008.0002: probe with driver hid-generic failed with error -22 [ 875.268057][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 875.327635][T31990] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 875.366598][T31990] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 875.471510][ T3071] netdevsim netdevsim4 ÿÿÿÿÿÿ: renamed from netdevsim0 (while UP) [ 876.266913][ T3095] sctp: [Deprecated]: syz.2.9355 (pid 3095) Use of int in max_burst socket option deprecated. [ 876.266913][ T3095] Use struct sctp_assoc_value instead [ 876.351492][ T3097] __nla_validate_parse: 5 callbacks suppressed [ 876.351512][ T3097] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9356'. [ 877.787028][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 877.797499][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 877.806560][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 877.817815][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 877.826699][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 877.889968][ T3118] lo speed is unknown, defaulting to 1000 [ 878.077761][ T3127] netlink: 20 bytes leftover after parsing attributes in process `syz.3.9365'. [ 878.097578][ T3130] netlink: 16 bytes leftover after parsing attributes in process `syz.2.9366'. [ 878.185085][ T3118] chnl_net:caif_netlink_parms(): no params data found [ 878.381651][ T3118] bridge0: port 1(bridge_slave_0) entered blocking state [ 878.404237][ T3118] bridge0: port 1(bridge_slave_0) entered disabled state [ 878.453673][ T3118] bridge_slave_0: entered allmulticast mode [ 878.483923][ T3118] bridge_slave_0: entered promiscuous mode [ 878.518317][ T3147] netlink: 596 bytes leftover after parsing attributes in process `syz.2.9371'. [ 878.528410][ C1] vcan0: j1939_tp_rxtimer: 0xffff888029cccc00: rx timeout, send abort [ 878.543031][ T3118] bridge0: port 2(bridge_slave_1) entered blocking state [ 878.550363][ T3118] bridge0: port 2(bridge_slave_1) entered disabled state [ 878.558527][ T3118] bridge_slave_1: entered allmulticast mode [ 878.566350][ T3118] bridge_slave_1: entered promiscuous mode [ 878.573374][ T3150] tipc: Enabled bearer , priority 10 [ 878.644754][ T3148] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9371'. [ 878.689264][ T3118] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 878.744412][ T3118] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 878.855280][ T3118] team0: Port device team_slave_0 added [ 878.868855][ T3118] team0: Port device team_slave_1 added [ 878.974938][ T3174] netlink: 112 bytes leftover after parsing attributes in process `syz.2.9378'. [ 879.028465][ C1] vcan0: j1939_tp_rxtimer: 0xffff888029cccc00: abort rx timeout. Force session deactivation [ 879.032680][ T5871] block nbd0: Receive control failed (result -32) [ 879.112607][ T3118] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 879.172284][ T3118] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 879.305868][ T3118] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 879.348836][ T3118] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 879.381500][ T3118] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 879.473621][ T3118] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 879.696085][ T5991] tipc: Node number set to 3447176574 [ 879.715284][ T3219] netlink: 24 bytes leftover after parsing attributes in process `syz.4.9387'. [ 879.874640][ T3118] hsr_slave_0: entered promiscuous mode [ 879.900443][ T3118] hsr_slave_1: entered promiscuous mode [ 879.918187][ T3118] debugfs: 'hsr0' already exists in 'hsr' [ 879.919721][ T5871] Bluetooth: hci1: command tx timeout [ 879.923944][ T3118] Cannot create hsr debugfs directory [ 880.062441][ T3228] tipc: Enabled bearer , priority 0 [ 880.074622][ T3227] tipc: Disabling bearer [ 880.228773][ T3236] netlink: 36 bytes leftover after parsing attributes in process `syz.0.9391'. [ 880.379188][ T3243] netlink: 'syz.0.9394': attribute type 21 has an invalid length. [ 880.429855][ T3118] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 880.499590][ T3243] netlink: 'syz.0.9394': attribute type 6 has an invalid length. [ 880.510404][ T3243] netlink: 132 bytes leftover after parsing attributes in process `syz.0.9394'. [ 880.603134][ T3118] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 880.747021][ T3255] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9398'. [ 880.763658][ T3260] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 880.806719][ T3118] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 880.908162][ T3255] 8021q: adding VLAN 0 to HW filter on device bond2 [ 880.952885][ T3261] bond1: (slave veth0_to_bond): Releasing backup interface [ 880.972821][ T3261] bond2: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 881.040368][ T3118] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 881.116290][ T3270] tipc: Enabled bearer , priority 0 [ 881.141243][ T3270] syzkaller0: entered promiscuous mode [ 881.173594][ T3270] syzkaller0: entered allmulticast mode [ 881.444824][ T3274] tipc: Resetting bearer [ 881.470142][ T3282] __nla_validate_parse: 1 callbacks suppressed [ 881.470160][ T3282] netlink: 60 bytes leftover after parsing attributes in process `syz.4.9404'. [ 881.612500][ T3118] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 881.689638][ T3118] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 881.723722][ T3118] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 881.766561][ T3118] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 881.793170][ T3268] tipc: Resetting bearer [ 881.837561][ T3268] tipc: Disabling bearer [ 881.933833][ T3306] sit0: entered promiscuous mode [ 881.973852][ T3306] netlink: 'syz.4.9408': attribute type 1 has an invalid length. [ 881.988856][ T5871] Bluetooth: hci1: command tx timeout [ 882.001882][ T3306] netlink: 1 bytes leftover after parsing attributes in process `syz.4.9408'. [ 882.093736][ T3310] tipc: Enabled bearer , priority 0 [ 882.107108][ T3310] syzkaller0: entered promiscuous mode [ 882.112687][ T3310] syzkaller0: entered allmulticast mode [ 882.152152][ T3309] tipc: Resetting bearer [ 882.217617][ T3309] tipc: Disabling bearer [ 882.337958][ T3118] 8021q: adding VLAN 0 to HW filter on device bond0 [ 882.382463][ T3327] netlink: 108 bytes leftover after parsing attributes in process `syz.3.9417'. [ 882.402659][ T3118] 8021q: adding VLAN 0 to HW filter on device team0 [ 882.425104][ T3329] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9418'. [ 882.437948][ T3329] netlink: 'syz.0.9418': attribute type 1 has an invalid length. [ 882.493248][T31985] bridge0: port 1(bridge_slave_0) entered blocking state [ 882.500482][T31985] bridge0: port 1(bridge_slave_0) entered forwarding state [ 882.524473][T31985] bridge0: port 2(bridge_slave_1) entered blocking state [ 882.531678][T31985] bridge0: port 2(bridge_slave_1) entered forwarding state [ 882.990631][ T3358] netlink: 12 bytes leftover after parsing attributes in process `syz.2.9423'. [ 883.079578][ T3358] 8021q: adding VLAN 0 to HW filter on device bond10 [ 883.095188][ T3118] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 883.142306][ T3360] bond9: (slave veth0_to_bond): Releasing backup interface [ 883.171931][ T3360] bond10: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 883.186794][ T3366] netlink: 20 bytes leftover after parsing attributes in process `syz.0.9426'. [ 883.331015][ T3118] veth0_vlan: entered promiscuous mode [ 883.385220][ T3118] veth1_vlan: entered promiscuous mode [ 883.482966][ T3375] tipc: Enabled bearer , priority 0 [ 883.503609][ T3375] syzkaller0: entered promiscuous mode [ 883.522768][ T3375] syzkaller0: entered allmulticast mode [ 883.543604][ T3377] netlink: 72 bytes leftover after parsing attributes in process `syz.3.9432'. [ 883.568006][ T3375] tipc: Resetting bearer [ 883.613707][ T3373] tipc: Resetting bearer [ 883.626199][ T3379] netlink: 'syz.4.9433': attribute type 1 has an invalid length. [ 883.656396][ T3379] netlink: 224 bytes leftover after parsing attributes in process `syz.4.9433'. [ 883.665476][ T3379] netlink: 8 bytes leftover after parsing attributes in process `syz.4.9433'. [ 883.677769][ T3373] tipc: Disabling bearer [ 883.706040][ T3379] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9433'. [ 883.724835][ T3118] veth0_macvtap: entered promiscuous mode [ 883.743875][ T3118] veth1_macvtap: entered promiscuous mode [ 883.861199][ T3118] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 883.913168][ T3118] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 883.974459][ T3398] openvswitch: netlink: nsh attr 8196 is out of range max 3 [ 883.981905][ T3398] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 884.010602][ T44] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 884.033023][ T44] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 884.044576][ T44] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 884.059209][ T44] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 884.073653][ T5871] Bluetooth: hci1: command tx timeout [ 884.224951][ T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 884.263290][ T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 884.425505][T31992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 884.439706][T31992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 884.513477][ T3428] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 884.525053][ T3428] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 884.534774][ T3428] gretap1: entered promiscuous mode [ 884.542507][ T3428] gretap1: entered allmulticast mode [ 884.594543][ T3431] IPv4: Oversized IP packet from 172.20.20.24 [ 884.602905][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 884.609306][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 884.671968][ T3433] netlink: 'syz.1.9446': attribute type 1 has an invalid length. [ 885.241337][ T3423] nbd: must specify an index to disconnect [ 885.271228][ T3452] netlink: 'syz.0.9451': attribute type 1 has an invalid length. [ 885.280358][ T3452] netlink: 'syz.0.9451': attribute type 1 has an invalid length. [ 885.640397][ T3470] netlink: 'syz.3.9458': attribute type 1 has an invalid length. [ 885.707094][ T3470] tipc: Enabled bearer , priority 0 [ 885.727762][ T3470] syzkaller0: entered promiscuous mode [ 885.733408][ T3470] syzkaller0: entered allmulticast mode [ 885.999710][ T3483] tipc: Resetting bearer [ 886.055927][ T3469] tipc: Resetting bearer [ 886.125338][ T3469] tipc: Disabling bearer [ 886.150748][ T5871] Bluetooth: hci1: command tx timeout [ 886.561120][ T3524] netlink: 'syz.2.9471': attribute type 1 has an invalid length. [ 886.594387][ T3524] netlink: 'syz.2.9471': attribute type 11 has an invalid length. [ 886.603188][ T3524] __nla_validate_parse: 8 callbacks suppressed [ 886.603204][ T3524] netlink: 220 bytes leftover after parsing attributes in process `syz.2.9471'. [ 886.626925][ T3524] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 886.638648][ T3526] netlink: 80 bytes leftover after parsing attributes in process `syz.3.9472'. [ 886.649855][ T3526] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9472'. [ 886.676274][ T3526] IPVS: set_ctl: invalid protocol: 50 127.0.0.1:20000 [ 886.694373][ T3526] netlink: 24 bytes leftover after parsing attributes in process `syz.3.9472'. [ 886.799388][ T3526] netlink: 4 bytes leftover after parsing attributes in process `syz.3.9472'. [ 886.802113][ T3536] netlink: 36 bytes leftover after parsing attributes in process `syz.4.9476'. [ 887.053980][ T3545] netlink: 112 bytes leftover after parsing attributes in process `syz.0.9479'. [ 887.333214][ T3551] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present [ 887.349606][ T3551] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1) [ 887.376265][ T3553] netlink: 28 bytes leftover after parsing attributes in process `syz.1.9483'. [ 887.994378][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 888.007583][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 888.020112][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 888.029425][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 888.042328][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 888.150745][ T3577] lo speed is unknown, defaulting to 1000 [ 888.443785][ T3577] chnl_net:caif_netlink_parms(): no params data found [ 888.696495][ T3607] bridge0: port 1(bridge_slave_0) entered disabled state [ 888.719883][ T3607] bridge0: port 2(bridge_slave_1) entered disabled state [ 888.883643][ T3577] bridge0: port 1(bridge_slave_0) entered blocking state [ 888.893305][ T3577] bridge0: port 1(bridge_slave_0) entered disabled state [ 888.901511][ T3577] bridge_slave_0: entered allmulticast mode [ 888.910095][ T3577] bridge_slave_0: entered promiscuous mode [ 888.919766][ T3577] bridge0: port 2(bridge_slave_1) entered blocking state [ 888.927673][ T3577] bridge0: port 2(bridge_slave_1) entered disabled state [ 888.935149][ T3577] bridge_slave_1: entered allmulticast mode [ 889.052838][ T3577] bridge_slave_1: entered promiscuous mode [ 889.179491][ T3577] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 889.203678][ T3640] netlink: 512 bytes leftover after parsing attributes in process `syz.1.9509'. [ 889.228142][ T3577] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 889.287651][ T3642] netlink: 'syz.0.9511': attribute type 7 has an invalid length. [ 889.372126][ T3577] team0: Port device team_slave_0 added [ 889.402010][ T3577] team0: Port device team_slave_1 added [ 889.451083][ T3653] netlink: 'syz.1.9514': attribute type 9 has an invalid length. [ 889.562129][ T3657] netlink: 8 bytes leftover after parsing attributes in process `syz.1.9514'. [ 889.582773][ T3657] netlink: 'syz.1.9514': attribute type 9 has an invalid length. [ 889.585032][ T3577] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 889.606125][ T3577] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 889.632272][ T3577] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 889.663176][ T3577] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 889.672288][ T3577] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 889.699895][ T3577] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 889.815280][ T3577] hsr_slave_0: entered promiscuous mode [ 889.826865][ T3577] hsr_slave_1: entered promiscuous mode [ 889.836210][ T3577] debugfs: 'hsr0' already exists in 'hsr' [ 889.841981][ T3577] Cannot create hsr debugfs directory [ 890.151564][ T5871] Bluetooth: hci0: command tx timeout [ 890.358010][ T3577] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 890.379667][ T3577] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 890.559167][ T3577] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 890.593103][ T3577] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 890.648295][ T3688] (unnamed net_device) (uninitialized): up delay (5) is not a multiple of miimon (4), value rounded to 4 ms [ 890.670711][ T3696] Bluetooth: MGMT ver 1.23 [ 890.851090][ T3577] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 890.867578][ T3577] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 891.143416][ T3577] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 891.163715][ T3577] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 891.319334][ T3735] netlink: 'syz.1.9540': attribute type 1 has an invalid length. [ 891.820186][ T3748] __nla_validate_parse: 5 callbacks suppressed [ 891.820203][ T3748] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9545'. [ 891.825200][ T3577] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 891.888449][ T3748] bond0: entered promiscuous mode [ 891.925197][ T3748] bond0: left promiscuous mode [ 891.953063][ T3577] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 891.977187][ T3577] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 892.026168][ T3577] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 892.156576][ T3770] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input18 [ 892.232351][ T5871] Bluetooth: hci0: command tx timeout [ 892.357173][ T3779] netlink: 76 bytes leftover after parsing attributes in process `syz.1.9554'. [ 892.371705][ T3779] tc_dump_action: action bad kind [ 892.390478][ T3779] lo speed is unknown, defaulting to 1000 [ 892.409251][ T3779] lo speed is unknown, defaulting to 1000 [ 892.444937][ T3779] lo speed is unknown, defaulting to 1000 [ 892.451476][ T3577] 8021q: adding VLAN 0 to HW filter on device bond0 [ 892.481500][ T3785] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 892.505270][ T3577] 8021q: adding VLAN 0 to HW filter on device team0 [ 892.571908][ T1160] bridge0: port 1(bridge_slave_0) entered blocking state [ 892.579123][ T1160] bridge0: port 1(bridge_slave_0) entered forwarding state [ 892.654445][ T3790] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9558'. [ 892.671707][ T1160] bridge0: port 2(bridge_slave_1) entered blocking state [ 892.678889][ T1160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 892.713135][ T3791] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9558'. [ 892.748653][ T3785] netlink: 28 bytes leftover after parsing attributes in process `syz.4.9556'. [ 892.827987][ T3779] infiniband syz0: set active [ 892.844752][ T3779] infiniband syz0: added lo [ 892.850521][ T3790] syzkaller0: entered promiscuous mode [ 892.857172][ T3790] syzkaller0: entered allmulticast mode [ 892.876950][ T5981] lo speed is unknown, defaulting to 1000 [ 892.933852][ T3779] RDS/IB: syz0: added [ 892.943192][ T3779] smc: adding ib device syz0 with port count 1 [ 892.950569][ T3779] smc: ib device syz0 port 1 has pnetid [ 893.623730][ T3802] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 894.136129][ T3810] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.9563'. [ 894.320968][ T5871] Bluetooth: hci0: command tx timeout [ 894.942990][ T5981] lo speed is unknown, defaulting to 1000 [ 894.950926][ T3779] lo speed is unknown, defaulting to 1000 [ 895.206919][ T3820] syzkaller1: entered promiscuous mode [ 895.218369][ T3820] syzkaller1: entered allmulticast mode [ 895.364358][ T3825] netlink: 13 bytes leftover after parsing attributes in process `syz.4.9567'. [ 895.500237][ T3577] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 895.608877][ T3831] netlink: 'syz.2.9569': attribute type 30 has an invalid length. [ 895.678260][T31990] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 895.695704][T31990] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 895.715547][ T3577] veth0_vlan: entered promiscuous mode [ 895.822145][T31987] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 895.832649][T31987] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 895.857506][ T3779] lo speed is unknown, defaulting to 1000 [ 895.871856][ T3577] veth1_vlan: entered promiscuous mode [ 895.948770][ T3577] veth0_macvtap: entered promiscuous mode [ 895.969400][ T3577] veth1_macvtap: entered promiscuous mode [ 896.064362][ T3577] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 896.115265][ T3577] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 896.173743][ T3851] netlink: 256 bytes leftover after parsing attributes in process `syz.4.9575'. [ 896.176553][ T1160] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 896.213713][ T3853] netlink: 100 bytes leftover after parsing attributes in process `syz.2.9576'. [ 896.214249][ T1160] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 896.233806][ T59] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 896.251408][ T3851] veth0: entered promiscuous mode [ 896.268270][ T3851] netlink: 4 bytes leftover after parsing attributes in process `syz.4.9575'. [ 896.283263][ T59] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 896.398292][ T5871] Bluetooth: hci0: command tx timeout [ 896.429702][ T3856] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 896.451077][ T3856] IPVS: set_ctl: invalid protocol: 59 172.20.20.187:20001 [ 896.545418][ T3779] lo speed is unknown, defaulting to 1000 [ 896.662872][ T44] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 896.691901][ T44] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 896.758149][ T1160] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 896.768304][ T1160] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 897.271486][ T3878] netlink: 'syz.4.9582': attribute type 1 has an invalid length. [ 897.294833][ T3779] lo speed is unknown, defaulting to 1000 [ 897.309499][ T3878] netlink: 'syz.4.9582': attribute type 2 has an invalid length. [ 897.333060][ T3879] netlink: 'syz.4.9582': attribute type 1 has an invalid length. [ 897.333065][ T3884] netlink: 'syz.4.9582': attribute type 1 has an invalid length. [ 897.333083][ T3879] netlink: 'syz.4.9582': attribute type 2 has an invalid length. [ 897.360797][ T3884] netlink: 'syz.4.9582': attribute type 2 has an invalid length. [ 897.521054][ T3888] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 897.649774][ T3893] netlink: 28 bytes leftover after parsing attributes in process `syz.3.9585'. [ 897.960616][ T3779] lo speed is unknown, defaulting to 1000 [ 897.962062][ T3905] netlink: 27 bytes leftover after parsing attributes in process `syz.4.9589'. [ 898.029074][ T3917] netlink: 'syz.3.9591': attribute type 39 has an invalid length. [ 898.632793][ T3779] lo speed is unknown, defaulting to 1000 [ 898.761147][ T3948] netem: unknown loss type 0 [ 898.780731][ T3948] netem: change failed [ 899.443741][ T3779] lo speed is unknown, defaulting to 1000 [ 899.679128][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 899.692557][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 899.701385][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 899.711026][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 899.723111][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 899.823458][ T3969] lo speed is unknown, defaulting to 1000 [ 899.890249][T31987] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 899.938683][T31987] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 900.089657][T31987] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 900.118849][T31987] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 900.252023][T31987] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 900.294273][T31987] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 900.348859][ T3969] lo speed is unknown, defaulting to 1000 [ 900.392213][T31987] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 900.419968][T31987] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 901.027308][ T4016] netlink: 20 bytes leftover after parsing attributes in process `syz.3.9621'. [ 901.255439][ T4026] netlink: 'syz.3.9622': attribute type 1 has an invalid length. [ 901.494471][T31987] team0: Port device geneve0 removed [ 901.731115][T31987] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 901.742566][T31987] bond_slave_0: left promiscuous mode [ 901.752891][T31987] bond_slave_0: left allmulticast mode [ 901.760565][T31987] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 901.769781][T31987] bond_slave_1: left promiscuous mode [ 901.775404][T31987] bond_slave_1: left allmulticast mode [ 901.782366][T31987] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface [ 901.792137][T31987] bridge_slave_1: left promiscuous mode [ 901.798000][T31987] bridge_slave_1: left allmulticast mode [ 901.804896][T31987] bond0 (unregistering): Released all slaves [ 901.830113][ T5871] Bluetooth: hci2: command tx timeout [ 901.942694][T31987] bond1 (unregistering): Released all slaves [ 902.073624][T31987] bond2 (unregistering): Released all slaves [ 902.205510][T31987] bond3 (unregistering): Released all slaves [ 902.325344][T31987] bond4 (unregistering): Released all slaves [ 902.438141][T31987] bond5 (unregistering): Released all slaves [ 902.561422][T31987] bond6 (unregistering): Released all slaves [ 902.575302][T31987] bond7 (unregistering): Released all slaves [ 902.691637][T31987] bond8 (unregistering): Released all slaves [ 902.815890][T31987] bond9 (unregistering): Released all slaves [ 902.932539][T31987] bond10 (unregistering): (slave veth0_to_bond): Releasing backup interface [ 902.943831][T31987] bond10 (unregistering): Released all slaves [ 902.973247][ T3779] lo speed is unknown, defaulting to 1000 [ 903.435412][ T4045] netlink: 'syz.4.9625': attribute type 4 has an invalid length. [ 903.562213][ T4048] netlink: 'syz.3.9628': attribute type 8 has an invalid length. [ 903.810634][ T3779] lo speed is unknown, defaulting to 1000 [ 903.908602][ T5871] Bluetooth: hci2: command tx timeout [ 903.967334][ T3969] chnl_net:caif_netlink_parms(): no params data found [ 904.063915][ T4062] netlink: 'syz.4.9630': attribute type 24 has an invalid length. [ 904.335241][ T4079] netlink: 116 bytes leftover after parsing attributes in process `syz.4.9633'. [ 904.442410][ T3969] bridge0: port 1(bridge_slave_0) entered blocking state [ 904.462664][ T3969] bridge0: port 1(bridge_slave_0) entered disabled state [ 904.480477][ T3969] bridge_slave_0: entered allmulticast mode [ 904.501787][ T3969] bridge_slave_0: entered promiscuous mode [ 904.541645][ T3969] bridge0: port 2(bridge_slave_1) entered blocking state [ 904.558865][ T3969] bridge0: port 2(bridge_slave_1) entered disabled state [ 904.590425][ T3969] bridge_slave_1: entered allmulticast mode [ 904.604833][ T3969] bridge_slave_1: entered promiscuous mode [ 904.686778][ T3779] lo speed is unknown, defaulting to 1000 [ 904.764623][T31987] tipc: Disabling bearer [ 904.792270][T31987] tipc: Left network mode [ 904.795350][ T3969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 904.870400][ T3969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 904.991283][ T4098] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9636'. [ 905.193662][ T4102] netlink: 64 bytes leftover after parsing attributes in process `syz.4.9637'. [ 905.219105][ T4098] 8021q: adding VLAN 0 to HW filter on device bond1 [ 905.247612][ T4099] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 905.333824][ T3779] lo speed is unknown, defaulting to 1000 [ 905.384187][ T3969] team0: Port device team_slave_0 added [ 905.432330][ T3969] team0: Port device team_slave_1 added [ 905.670323][ T4118] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 905.700107][ T3969] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 905.714649][ T3969] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 905.764335][ T4123] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.9643'. [ 905.794201][ T4124] netlink: 16186 bytes leftover after parsing attributes in process `syz.3.9643'. [ 905.795653][ T3969] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 905.864068][ T3969] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 905.874233][ T3969] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 905.922229][ T3969] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 905.992409][ T5871] Bluetooth: hci2: command tx timeout [ 906.238896][ T3969] hsr_slave_0: entered promiscuous mode [ 906.259155][ T3969] hsr_slave_1: entered promiscuous mode [ 906.273197][ T3969] debugfs: 'hsr0' already exists in 'hsr' [ 906.290172][ T3969] Cannot create hsr debugfs directory [ 906.531129][ T4144] syzkaller0: entered promiscuous mode [ 906.537222][ T4144] syzkaller0: entered allmulticast mode [ 906.700423][ T4156] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 906.894959][ T4158] netlink: 16 bytes leftover after parsing attributes in process `syz.3.9656'. [ 907.323739][ T4172] netlink: 36 bytes leftover after parsing attributes in process `syz.4.9662'. [ 907.366508][T31987] hsr_slave_0: left promiscuous mode [ 907.384220][T31987] hsr_slave_1: left promiscuous mode [ 907.645285][ T4180] netlink: 68 bytes leftover after parsing attributes in process `syz.3.9664'. [ 907.674983][ T4181] netlink: 68 bytes leftover after parsing attributes in process `syz.3.9664'. [ 907.972555][ T4194] netlink: 'syz.1.9663': attribute type 11 has an invalid length. [ 908.070357][ T5871] Bluetooth: hci2: command tx timeout [ 908.186152][T31987] Oops: general protection fault, probably for non-canonical address 0xdffffc001ffb4000: 0000 [#1] SMP KASAN PTI [ 908.198073][T31987] KASAN: probably user-memory-access in range [0x00000000ffda0000-0x00000000ffda0007] [ 908.207608][T31987] CPU: 0 UID: 0 PID: 31987 Comm: kworker/u8:15 Not tainted 6.17.0-rc1-syzkaller-00125-g79116acb75e1 #0 PREEMPT(full) [ 908.219961][T31987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 908.230000][T31987] Workqueue: netns cleanup_net [ 908.234759][T31987] RIP: 0010:ip6_mc_clear_src+0x18f/0x580 [ 908.240373][T31987] Code: ff ff ff e8 63 e0 41 01 89 c5 31 ff 89 c6 e8 38 35 88 f7 85 ed 74 45 e8 ef 30 88 f7 eb 05 e8 e8 30 88 f7 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 22 9a eb f7 49 8b 2c 24 49 8d 7c [ 908.259966][T31987] RSP: 0018:ffffc9000482f340 EFLAGS: 00010206 [ 908.266057][T31987] RAX: 000000001ffb4000 RBX: 1ffff1100e60b602 RCX: ffff88802ab9da00 [ 908.274014][T31987] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 908.281969][T31987] RBP: 0000000000000001 R08: ffffffff8fa37e37 R09: 1ffffffff1f46fc6 [ 908.289925][T31987] R10: dffffc0000000000 R11: fffffbfff1f46fc7 R12: 00000000ffda0000 [ 908.297884][T31987] R13: dffffc0000000000 R14: 0000000000000538 R15: ffff88807305b010 [ 908.305850][T31987] FS: 0000000000000000(0000) GS:ffff888125c1c000(0000) knlGS:0000000000000000 [ 908.314774][T31987] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 908.321345][T31987] CR2: 000000110c2a68b2 CR3: 0000000072468000 CR4: 00000000003526f0 [ 908.329302][T31987] Call Trace: [ 908.332568][T31987] [ 908.335490][T31987] mld_clear_delrec+0x160/0x660 [ 908.340329][T31987] ipv6_mc_destroy_dev+0x45/0x5a0 [ 908.345341][T31987] ? addrconf_ifdown+0x1396/0x1880 [ 908.350439][T31987] addrconf_ifdown+0x139e/0x1880 [ 908.355362][T31987] ? tls_dev_event+0x717/0xec0 [ 908.360114][T31987] ? __pfx_addrconf_ifdown+0x10/0x10 [ 908.365382][T31987] addrconf_notify+0x1bc/0x1010 [ 908.370217][T31987] notifier_call_chain+0x1b6/0x3e0 [ 908.375315][T31987] unregister_netdevice_many_notify+0x14d7/0x1ff0 [ 908.381716][T31987] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 908.388466][T31987] ? unregister_netdevice_queue+0x1b3/0x380 [ 908.394344][T31987] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 908.400573][T31987] ? __pfx_vxcan_dellink+0x10/0x10 [ 908.405684][T31987] default_device_exit_batch+0x819/0x890 [ 908.411328][T31987] ? __pfx___might_resched+0x10/0x10 [ 908.416594][T31987] ? __pfx_default_device_exit_batch+0x10/0x10 [ 908.422734][T31987] ? __pfx_rdma_dev_exit_net+0x10/0x10 [ 908.428177][T31987] ? net_generic+0x1e/0x240 [ 908.432671][T31987] ? __pfx_default_device_exit_batch+0x10/0x10 [ 908.438815][T31987] ops_undo_list+0x525/0x990 [ 908.443398][T31987] ? __pfx_ops_undo_list+0x10/0x10 [ 908.448494][T31987] ? do_raw_spin_unlock+0x122/0x240 [ 908.453678][T31987] cleanup_net+0x4c5/0x800 [ 908.458082][T31987] ? __pfx_cleanup_net+0x10/0x10 [ 908.463007][T31987] ? _raw_spin_unlock_irq+0x23/0x50 [ 908.468191][T31987] ? process_scheduled_works+0x9ef/0x17b0 [ 908.473894][T31987] ? process_scheduled_works+0x9ef/0x17b0 [ 908.479592][T31987] process_scheduled_works+0xade/0x17b0 [ 908.485127][T31987] ? __pfx_process_scheduled_works+0x10/0x10 [ 908.491095][T31987] worker_thread+0x8a0/0xda0 [ 908.495678][T31987] kthread+0x70e/0x8a0 [ 908.499734][T31987] ? __pfx_worker_thread+0x10/0x10 [ 908.504828][T31987] ? __pfx_kthread+0x10/0x10 [ 908.509404][T31987] ? _raw_spin_unlock_irq+0x23/0x50 [ 908.514589][T31987] ? lockdep_hardirqs_on+0x9c/0x150 [ 908.519774][T31987] ? __pfx_kthread+0x10/0x10 [ 908.524352][T31987] ret_from_fork+0x3f9/0x770 [ 908.528926][T31987] ? __pfx_ret_from_fork+0x10/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 908.534023][T31987] ? __switch_to_asm+0x39/0x70 [ 908.538769][T31987] ? __switch_to_asm+0x33/0x70 [ 908.543521][T31987] ? __pfx_kthread+0x10/0x10 [ 908.548097][T31987] ret_from_fork_asm+0x1a/0x30 [ 908.552858][T31987] [ 908.555874][T31987] Modules linked in: [ 908.561910][T31987] ---[ end trace 0000000000000000 ]--- [ 908.570278][T31987] RIP: 0010:ip6_mc_clear_src+0x18f/0x580 [ 908.576847][T31987] Code: ff ff ff e8 63 e0 41 01 89 c5 31 ff 89 c6 e8 38 35 88 f7 85 ed 74 45 e8 ef 30 88 f7 eb 05 e8 e8 30 88 f7 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 22 9a eb f7 49 8b 2c 24 49 8d 7c [ 908.599496][T31987] RSP: 0018:ffffc9000482f340 EFLAGS: 00010206 [ 908.607479][T31987] RAX: 000000001ffb4000 RBX: 1ffff1100e60b602 RCX: ffff88802ab9da00 [ 908.615472][T31987] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 908.626477][T31987] RBP: 0000000000000001 R08: ffffffff8fa37e37 R09: 1ffffffff1f46fc6 [ 908.634477][T31987] R10: dffffc0000000000 R11: fffffbfff1f46fc7 R12: 00000000ffda0000 [ 908.644251][T31987] R13: dffffc0000000000 R14: 0000000000000538 R15: ffff88807305b010 [ 908.675941][T31987] FS: 0000000000000000(0000) GS:ffff888125d1c000(0000) knlGS:0000000000000000 [ 908.684907][T31987] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 908.719961][T31987] CR2: 0000000000000000 CR3: 000000000df36000 CR4: 00000000003526f0 [ 908.732101][T31987] Kernel panic - not syncing: Fatal exception [ 908.738441][T31987] Kernel Offset: disabled [ 908.742753][T31987] Rebooting in 86400 seconds..